2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
24 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
25 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
26 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
28 /* TLSv1.3 downgrade protection sentinel values */
29 const unsigned char tls11downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
32 const unsigned char tls12downgrade[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36 /* The list of available TLSv1.3 ciphers */
37 static SSL_CIPHER tls13_ciphers[] = {
40 TLS1_3_RFC_AES_128_GCM_SHA256,
41 TLS1_3_RFC_AES_128_GCM_SHA256,
42 TLS1_3_CK_AES_128_GCM_SHA256,
47 TLS1_3_VERSION, TLS1_3_VERSION,
50 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
55 TLS1_3_RFC_AES_256_GCM_SHA384,
56 TLS1_3_RFC_AES_256_GCM_SHA384,
57 TLS1_3_CK_AES_256_GCM_SHA384,
62 TLS1_3_VERSION, TLS1_3_VERSION,
65 SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
78 TLS1_3_VERSION, TLS1_3_VERSION,
81 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_CK_AES_128_CCM_SHA256,
94 TLS1_3_VERSION, TLS1_3_VERSION,
96 SSL_NOT_DEFAULT | SSL_HIGH,
97 SSL_HANDSHAKE_MAC_SHA256,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_CK_AES_128_CCM_8_SHA256,
109 TLS1_3_VERSION, TLS1_3_VERSION,
111 SSL_NOT_DEFAULT | SSL_MEDIUM,
112 SSL_HANDSHAKE_MAC_SHA256,
113 64, /* CCM8 uses a short tag, so we have a low security strength */
116 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
119 TLS1_3_RFC_SHA256_SHA256,
120 TLS1_3_RFC_SHA256_SHA256,
121 TLS1_3_CK_SHA256_SHA256,
126 TLS1_3_VERSION, TLS1_3_VERSION,
128 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
129 SSL_HANDSHAKE_MAC_SHA256,
134 TLS1_3_RFC_SHA384_SHA384,
135 TLS1_3_RFC_SHA384_SHA384,
136 TLS1_3_CK_SHA384_SHA384,
141 TLS1_3_VERSION, TLS1_3_VERSION,
143 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
144 SSL_HANDSHAKE_MAC_SHA384,
152 * The list of available ciphers, mostly organized into the following
157 * SRP (within that: RSA EC PSK)
158 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
161 static SSL_CIPHER ssl3_ciphers[] = {
162 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
165 SSL3_TXT_RSA_NULL_MD5,
166 SSL3_RFC_RSA_NULL_MD5,
167 SSL3_CK_RSA_NULL_MD5,
172 SSL3_VERSION, TLS1_2_VERSION,
173 DTLS1_BAD_VER, DTLS1_2_VERSION,
175 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
181 SSL3_TXT_RSA_NULL_SHA,
182 SSL3_RFC_RSA_NULL_SHA,
183 SSL3_CK_RSA_NULL_SHA,
188 SSL3_VERSION, TLS1_2_VERSION,
189 DTLS1_BAD_VER, DTLS1_2_VERSION,
190 SSL_STRONG_NONE | SSL_FIPS,
191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
199 SSL3_TXT_RSA_DES_192_CBC3_SHA,
200 SSL3_RFC_RSA_DES_192_CBC3_SHA,
201 SSL3_CK_RSA_DES_192_CBC3_SHA,
206 SSL3_VERSION, TLS1_2_VERSION,
207 DTLS1_BAD_VER, DTLS1_2_VERSION,
208 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
209 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
215 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
216 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
217 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
222 SSL3_VERSION, TLS1_2_VERSION,
223 DTLS1_BAD_VER, DTLS1_2_VERSION,
224 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
225 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
231 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
232 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
233 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
238 SSL3_VERSION, TLS1_2_VERSION,
239 DTLS1_BAD_VER, DTLS1_2_VERSION,
240 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
241 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
247 SSL3_TXT_ADH_DES_192_CBC_SHA,
248 SSL3_RFC_ADH_DES_192_CBC_SHA,
249 SSL3_CK_ADH_DES_192_CBC_SHA,
254 SSL3_VERSION, TLS1_2_VERSION,
255 DTLS1_BAD_VER, DTLS1_2_VERSION,
256 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
264 TLS1_TXT_RSA_WITH_AES_128_SHA,
265 TLS1_RFC_RSA_WITH_AES_128_SHA,
266 TLS1_CK_RSA_WITH_AES_128_SHA,
271 SSL3_VERSION, TLS1_2_VERSION,
272 DTLS1_BAD_VER, DTLS1_2_VERSION,
274 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
280 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
281 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
282 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
287 SSL3_VERSION, TLS1_2_VERSION,
288 DTLS1_BAD_VER, DTLS1_2_VERSION,
289 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
296 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
297 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
298 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
303 SSL3_VERSION, TLS1_2_VERSION,
304 DTLS1_BAD_VER, DTLS1_2_VERSION,
306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
312 TLS1_TXT_ADH_WITH_AES_128_SHA,
313 TLS1_RFC_ADH_WITH_AES_128_SHA,
314 TLS1_CK_ADH_WITH_AES_128_SHA,
319 SSL3_VERSION, TLS1_2_VERSION,
320 DTLS1_BAD_VER, DTLS1_2_VERSION,
321 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
328 TLS1_TXT_RSA_WITH_AES_256_SHA,
329 TLS1_RFC_RSA_WITH_AES_256_SHA,
330 TLS1_CK_RSA_WITH_AES_256_SHA,
335 SSL3_VERSION, TLS1_2_VERSION,
336 DTLS1_BAD_VER, DTLS1_2_VERSION,
338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
344 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
345 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
346 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
351 SSL3_VERSION, TLS1_2_VERSION,
352 DTLS1_BAD_VER, DTLS1_2_VERSION,
353 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
360 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
361 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
362 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
367 SSL3_VERSION, TLS1_2_VERSION,
368 DTLS1_BAD_VER, DTLS1_2_VERSION,
370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
376 TLS1_TXT_ADH_WITH_AES_256_SHA,
377 TLS1_RFC_ADH_WITH_AES_256_SHA,
378 TLS1_CK_ADH_WITH_AES_256_SHA,
383 SSL3_VERSION, TLS1_2_VERSION,
384 DTLS1_BAD_VER, DTLS1_2_VERSION,
385 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
390 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
393 TLS1_TXT_RSA_WITH_NULL_SHA256,
394 TLS1_RFC_RSA_WITH_NULL_SHA256,
395 TLS1_CK_RSA_WITH_NULL_SHA256,
400 TLS1_2_VERSION, TLS1_2_VERSION,
401 DTLS1_2_VERSION, DTLS1_2_VERSION,
402 SSL_STRONG_NONE | SSL_FIPS,
403 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
410 TLS1_TXT_RSA_WITH_AES_128_SHA256,
411 TLS1_RFC_RSA_WITH_AES_128_SHA256,
412 TLS1_CK_RSA_WITH_AES_128_SHA256,
417 TLS1_2_VERSION, TLS1_2_VERSION,
418 DTLS1_2_VERSION, DTLS1_2_VERSION,
420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
426 TLS1_TXT_RSA_WITH_AES_256_SHA256,
427 TLS1_RFC_RSA_WITH_AES_256_SHA256,
428 TLS1_CK_RSA_WITH_AES_256_SHA256,
433 TLS1_2_VERSION, TLS1_2_VERSION,
434 DTLS1_2_VERSION, DTLS1_2_VERSION,
436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
442 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
443 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
444 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
449 TLS1_2_VERSION, TLS1_2_VERSION,
450 DTLS1_2_VERSION, DTLS1_2_VERSION,
451 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
458 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
459 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
460 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
465 TLS1_2_VERSION, TLS1_2_VERSION,
466 DTLS1_2_VERSION, DTLS1_2_VERSION,
468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
474 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
475 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
476 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
481 TLS1_2_VERSION, TLS1_2_VERSION,
482 DTLS1_2_VERSION, DTLS1_2_VERSION,
483 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
484 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
490 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
491 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
492 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
497 TLS1_2_VERSION, TLS1_2_VERSION,
498 DTLS1_2_VERSION, DTLS1_2_VERSION,
500 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
506 TLS1_TXT_ADH_WITH_AES_128_SHA256,
507 TLS1_RFC_ADH_WITH_AES_128_SHA256,
508 TLS1_CK_ADH_WITH_AES_128_SHA256,
513 TLS1_2_VERSION, TLS1_2_VERSION,
514 DTLS1_2_VERSION, DTLS1_2_VERSION,
515 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
516 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
522 TLS1_TXT_ADH_WITH_AES_256_SHA256,
523 TLS1_RFC_ADH_WITH_AES_256_SHA256,
524 TLS1_CK_ADH_WITH_AES_256_SHA256,
529 TLS1_2_VERSION, TLS1_2_VERSION,
530 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
532 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
538 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
539 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
540 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
545 TLS1_2_VERSION, TLS1_2_VERSION,
546 DTLS1_2_VERSION, DTLS1_2_VERSION,
548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
555 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
556 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
561 TLS1_2_VERSION, TLS1_2_VERSION,
562 DTLS1_2_VERSION, DTLS1_2_VERSION,
564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
570 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
571 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
572 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
577 TLS1_2_VERSION, TLS1_2_VERSION,
578 DTLS1_2_VERSION, DTLS1_2_VERSION,
580 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
586 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
587 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
588 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
593 TLS1_2_VERSION, TLS1_2_VERSION,
594 DTLS1_2_VERSION, DTLS1_2_VERSION,
596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
602 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
603 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
604 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
609 TLS1_2_VERSION, TLS1_2_VERSION,
610 DTLS1_2_VERSION, DTLS1_2_VERSION,
611 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
612 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
618 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
619 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
620 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
625 TLS1_2_VERSION, TLS1_2_VERSION,
626 DTLS1_2_VERSION, DTLS1_2_VERSION,
627 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
634 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
635 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
636 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
641 TLS1_2_VERSION, TLS1_2_VERSION,
642 DTLS1_2_VERSION, DTLS1_2_VERSION,
643 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
644 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
650 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
651 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
652 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
657 TLS1_2_VERSION, TLS1_2_VERSION,
658 DTLS1_2_VERSION, DTLS1_2_VERSION,
659 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
666 TLS1_TXT_RSA_WITH_AES_128_CCM,
667 TLS1_RFC_RSA_WITH_AES_128_CCM,
668 TLS1_CK_RSA_WITH_AES_128_CCM,
673 TLS1_2_VERSION, TLS1_2_VERSION,
674 DTLS1_2_VERSION, DTLS1_2_VERSION,
675 SSL_NOT_DEFAULT | SSL_HIGH,
676 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
682 TLS1_TXT_RSA_WITH_AES_256_CCM,
683 TLS1_RFC_RSA_WITH_AES_256_CCM,
684 TLS1_CK_RSA_WITH_AES_256_CCM,
689 TLS1_2_VERSION, TLS1_2_VERSION,
690 DTLS1_2_VERSION, DTLS1_2_VERSION,
691 SSL_NOT_DEFAULT | SSL_HIGH,
692 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
699 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
700 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
705 TLS1_2_VERSION, TLS1_2_VERSION,
706 DTLS1_2_VERSION, DTLS1_2_VERSION,
707 SSL_NOT_DEFAULT | SSL_HIGH,
708 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
714 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
715 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
716 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
721 TLS1_2_VERSION, TLS1_2_VERSION,
722 DTLS1_2_VERSION, DTLS1_2_VERSION,
723 SSL_NOT_DEFAULT | SSL_HIGH,
724 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
730 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
731 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
732 TLS1_CK_RSA_WITH_AES_128_CCM_8,
737 TLS1_2_VERSION, TLS1_2_VERSION,
738 DTLS1_2_VERSION, DTLS1_2_VERSION,
739 SSL_NOT_DEFAULT | SSL_MEDIUM,
740 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
741 64, /* CCM8 uses a short tag, so we have a low security strength */
746 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
747 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
748 TLS1_CK_RSA_WITH_AES_256_CCM_8,
753 TLS1_2_VERSION, TLS1_2_VERSION,
754 DTLS1_2_VERSION, DTLS1_2_VERSION,
755 SSL_NOT_DEFAULT | SSL_MEDIUM,
756 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
757 64, /* CCM8 uses a short tag, so we have a low security strength */
762 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
763 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
764 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
769 TLS1_2_VERSION, TLS1_2_VERSION,
770 DTLS1_2_VERSION, DTLS1_2_VERSION,
771 SSL_NOT_DEFAULT | SSL_MEDIUM,
772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 64, /* CCM8 uses a short tag, so we have a low security strength */
778 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
779 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
780 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
785 TLS1_2_VERSION, TLS1_2_VERSION,
786 DTLS1_2_VERSION, DTLS1_2_VERSION,
787 SSL_NOT_DEFAULT | SSL_MEDIUM,
788 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
789 64, /* CCM8 uses a short tag, so we have a low security strength */
794 TLS1_TXT_PSK_WITH_AES_128_CCM,
795 TLS1_RFC_PSK_WITH_AES_128_CCM,
796 TLS1_CK_PSK_WITH_AES_128_CCM,
801 TLS1_2_VERSION, TLS1_2_VERSION,
802 DTLS1_2_VERSION, DTLS1_2_VERSION,
803 SSL_NOT_DEFAULT | SSL_HIGH,
804 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
810 TLS1_TXT_PSK_WITH_AES_256_CCM,
811 TLS1_RFC_PSK_WITH_AES_256_CCM,
812 TLS1_CK_PSK_WITH_AES_256_CCM,
817 TLS1_2_VERSION, TLS1_2_VERSION,
818 DTLS1_2_VERSION, DTLS1_2_VERSION,
819 SSL_NOT_DEFAULT | SSL_HIGH,
820 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
826 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
827 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
828 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
833 TLS1_2_VERSION, TLS1_2_VERSION,
834 DTLS1_2_VERSION, DTLS1_2_VERSION,
835 SSL_NOT_DEFAULT | SSL_HIGH,
836 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
842 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
843 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
844 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
849 TLS1_2_VERSION, TLS1_2_VERSION,
850 DTLS1_2_VERSION, DTLS1_2_VERSION,
851 SSL_NOT_DEFAULT | SSL_HIGH,
852 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
858 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
859 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
860 TLS1_CK_PSK_WITH_AES_128_CCM_8,
865 TLS1_2_VERSION, TLS1_2_VERSION,
866 DTLS1_2_VERSION, DTLS1_2_VERSION,
867 SSL_NOT_DEFAULT | SSL_MEDIUM,
868 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
869 64, /* CCM8 uses a short tag, so we have a low security strength */
874 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
875 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
876 TLS1_CK_PSK_WITH_AES_256_CCM_8,
881 TLS1_2_VERSION, TLS1_2_VERSION,
882 DTLS1_2_VERSION, DTLS1_2_VERSION,
883 SSL_NOT_DEFAULT | SSL_MEDIUM,
884 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
885 64, /* CCM8 uses a short tag, so we have a low security strength */
890 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
891 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
892 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
897 TLS1_2_VERSION, TLS1_2_VERSION,
898 DTLS1_2_VERSION, DTLS1_2_VERSION,
899 SSL_NOT_DEFAULT | SSL_MEDIUM,
900 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
901 64, /* CCM8 uses a short tag, so we have a low security strength */
906 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
907 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
908 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
913 TLS1_2_VERSION, TLS1_2_VERSION,
914 DTLS1_2_VERSION, DTLS1_2_VERSION,
915 SSL_NOT_DEFAULT | SSL_MEDIUM,
916 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
917 64, /* CCM8 uses a short tag, so we have a low security strength */
922 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
923 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
924 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
929 TLS1_2_VERSION, TLS1_2_VERSION,
930 DTLS1_2_VERSION, DTLS1_2_VERSION,
931 SSL_NOT_DEFAULT | SSL_HIGH,
932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
938 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
939 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
940 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
945 TLS1_2_VERSION, TLS1_2_VERSION,
946 DTLS1_2_VERSION, DTLS1_2_VERSION,
947 SSL_NOT_DEFAULT | SSL_HIGH,
948 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
954 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
955 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
956 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
961 TLS1_2_VERSION, TLS1_2_VERSION,
962 DTLS1_2_VERSION, DTLS1_2_VERSION,
963 SSL_NOT_DEFAULT | SSL_MEDIUM,
964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
965 64, /* CCM8 uses a short tag, so we have a low security strength */
970 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
971 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
972 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
977 TLS1_2_VERSION, TLS1_2_VERSION,
978 DTLS1_2_VERSION, DTLS1_2_VERSION,
979 SSL_NOT_DEFAULT | SSL_MEDIUM,
980 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
981 64, /* CCM8 uses a short tag, so we have a low security strength */
984 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
987 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
988 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
989 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
994 TLS1_VERSION, TLS1_2_VERSION,
995 DTLS1_BAD_VER, DTLS1_2_VERSION,
996 SSL_STRONG_NONE | SSL_FIPS,
997 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1002 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1006 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1007 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1012 TLS1_VERSION, TLS1_2_VERSION,
1013 DTLS1_BAD_VER, DTLS1_2_VERSION,
1014 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1022 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1023 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1024 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1029 TLS1_VERSION, TLS1_2_VERSION,
1030 DTLS1_BAD_VER, DTLS1_2_VERSION,
1031 SSL_HIGH | SSL_FIPS,
1032 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1038 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1039 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1040 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1045 TLS1_VERSION, TLS1_2_VERSION,
1046 DTLS1_BAD_VER, DTLS1_2_VERSION,
1047 SSL_HIGH | SSL_FIPS,
1048 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1052 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1055 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1056 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1057 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1062 TLS1_VERSION, TLS1_2_VERSION,
1063 DTLS1_BAD_VER, DTLS1_2_VERSION,
1064 SSL_STRONG_NONE | SSL_FIPS,
1065 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1070 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1073 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1074 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1075 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1080 TLS1_VERSION, TLS1_2_VERSION,
1081 DTLS1_BAD_VER, DTLS1_2_VERSION,
1082 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1083 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1090 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1091 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1092 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1097 TLS1_VERSION, TLS1_2_VERSION,
1098 DTLS1_BAD_VER, DTLS1_2_VERSION,
1099 SSL_HIGH | SSL_FIPS,
1100 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1106 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1107 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1108 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1113 TLS1_VERSION, TLS1_2_VERSION,
1114 DTLS1_BAD_VER, DTLS1_2_VERSION,
1115 SSL_HIGH | SSL_FIPS,
1116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1120 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1123 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1124 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1125 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1130 TLS1_VERSION, TLS1_2_VERSION,
1131 DTLS1_BAD_VER, DTLS1_2_VERSION,
1132 SSL_STRONG_NONE | SSL_FIPS,
1133 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1138 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1141 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1142 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1143 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1148 TLS1_VERSION, TLS1_2_VERSION,
1149 DTLS1_BAD_VER, DTLS1_2_VERSION,
1150 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1151 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1158 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1159 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1160 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1165 TLS1_VERSION, TLS1_2_VERSION,
1166 DTLS1_BAD_VER, DTLS1_2_VERSION,
1167 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1168 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1174 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1175 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1176 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1181 TLS1_VERSION, TLS1_2_VERSION,
1182 DTLS1_BAD_VER, DTLS1_2_VERSION,
1183 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1184 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1190 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1191 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1192 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1197 TLS1_2_VERSION, TLS1_2_VERSION,
1198 DTLS1_2_VERSION, DTLS1_2_VERSION,
1199 SSL_HIGH | SSL_FIPS,
1200 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1206 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1207 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1208 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1213 TLS1_2_VERSION, TLS1_2_VERSION,
1214 DTLS1_2_VERSION, DTLS1_2_VERSION,
1215 SSL_HIGH | SSL_FIPS,
1216 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1222 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1223 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1224 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1229 TLS1_2_VERSION, TLS1_2_VERSION,
1230 DTLS1_2_VERSION, DTLS1_2_VERSION,
1231 SSL_HIGH | SSL_FIPS,
1232 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1238 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1239 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1240 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1245 TLS1_2_VERSION, TLS1_2_VERSION,
1246 DTLS1_2_VERSION, DTLS1_2_VERSION,
1247 SSL_HIGH | SSL_FIPS,
1248 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1254 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1255 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1256 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1261 TLS1_2_VERSION, TLS1_2_VERSION,
1262 DTLS1_2_VERSION, DTLS1_2_VERSION,
1263 SSL_HIGH | SSL_FIPS,
1264 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1270 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1271 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1272 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1277 TLS1_2_VERSION, TLS1_2_VERSION,
1278 DTLS1_2_VERSION, DTLS1_2_VERSION,
1279 SSL_HIGH | SSL_FIPS,
1280 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1286 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1287 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1288 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1293 TLS1_2_VERSION, TLS1_2_VERSION,
1294 DTLS1_2_VERSION, DTLS1_2_VERSION,
1295 SSL_HIGH | SSL_FIPS,
1296 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1302 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1303 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1304 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1309 TLS1_2_VERSION, TLS1_2_VERSION,
1310 DTLS1_2_VERSION, DTLS1_2_VERSION,
1311 SSL_HIGH | SSL_FIPS,
1312 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1316 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1319 TLS1_TXT_PSK_WITH_NULL_SHA,
1320 TLS1_RFC_PSK_WITH_NULL_SHA,
1321 TLS1_CK_PSK_WITH_NULL_SHA,
1326 SSL3_VERSION, TLS1_2_VERSION,
1327 DTLS1_BAD_VER, DTLS1_2_VERSION,
1328 SSL_STRONG_NONE | SSL_FIPS,
1329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1336 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1337 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1342 SSL3_VERSION, TLS1_2_VERSION,
1343 DTLS1_BAD_VER, DTLS1_2_VERSION,
1344 SSL_STRONG_NONE | SSL_FIPS,
1345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1351 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1352 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1353 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1358 SSL3_VERSION, TLS1_2_VERSION,
1359 DTLS1_BAD_VER, DTLS1_2_VERSION,
1360 SSL_STRONG_NONE | SSL_FIPS,
1361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1366 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1369 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1370 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1371 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1376 SSL3_VERSION, TLS1_2_VERSION,
1377 DTLS1_BAD_VER, DTLS1_2_VERSION,
1378 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1379 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1386 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1387 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1388 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1393 SSL3_VERSION, TLS1_2_VERSION,
1394 DTLS1_BAD_VER, DTLS1_2_VERSION,
1395 SSL_HIGH | SSL_FIPS,
1396 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1402 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1403 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1404 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1409 SSL3_VERSION, TLS1_2_VERSION,
1410 DTLS1_BAD_VER, DTLS1_2_VERSION,
1411 SSL_HIGH | SSL_FIPS,
1412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1416 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1419 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1420 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1421 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1426 SSL3_VERSION, TLS1_2_VERSION,
1427 DTLS1_BAD_VER, DTLS1_2_VERSION,
1428 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1429 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1436 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1437 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1438 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1443 SSL3_VERSION, TLS1_2_VERSION,
1444 DTLS1_BAD_VER, DTLS1_2_VERSION,
1445 SSL_HIGH | SSL_FIPS,
1446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1452 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1453 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1454 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1459 SSL3_VERSION, TLS1_2_VERSION,
1460 DTLS1_BAD_VER, DTLS1_2_VERSION,
1461 SSL_HIGH | SSL_FIPS,
1462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1466 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1469 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1470 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1471 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1476 SSL3_VERSION, TLS1_2_VERSION,
1477 DTLS1_BAD_VER, DTLS1_2_VERSION,
1478 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1486 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1487 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1488 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1493 SSL3_VERSION, TLS1_2_VERSION,
1494 DTLS1_BAD_VER, DTLS1_2_VERSION,
1495 SSL_HIGH | SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1502 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1503 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1504 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1509 SSL3_VERSION, TLS1_2_VERSION,
1510 DTLS1_BAD_VER, DTLS1_2_VERSION,
1511 SSL_HIGH | SSL_FIPS,
1512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1518 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1519 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1520 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1525 TLS1_2_VERSION, TLS1_2_VERSION,
1526 DTLS1_2_VERSION, DTLS1_2_VERSION,
1527 SSL_HIGH | SSL_FIPS,
1528 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1534 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1535 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1536 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1541 TLS1_2_VERSION, TLS1_2_VERSION,
1542 DTLS1_2_VERSION, DTLS1_2_VERSION,
1543 SSL_HIGH | SSL_FIPS,
1544 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1550 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1551 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1552 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1557 TLS1_2_VERSION, TLS1_2_VERSION,
1558 DTLS1_2_VERSION, DTLS1_2_VERSION,
1559 SSL_HIGH | SSL_FIPS,
1560 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1566 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1567 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1568 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1573 TLS1_2_VERSION, TLS1_2_VERSION,
1574 DTLS1_2_VERSION, DTLS1_2_VERSION,
1575 SSL_HIGH | SSL_FIPS,
1576 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1582 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1583 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1584 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1589 TLS1_2_VERSION, TLS1_2_VERSION,
1590 DTLS1_2_VERSION, DTLS1_2_VERSION,
1591 SSL_HIGH | SSL_FIPS,
1592 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1598 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1599 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1600 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1605 TLS1_2_VERSION, TLS1_2_VERSION,
1606 DTLS1_2_VERSION, DTLS1_2_VERSION,
1607 SSL_HIGH | SSL_FIPS,
1608 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1614 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1615 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1616 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1621 TLS1_VERSION, TLS1_2_VERSION,
1622 DTLS1_BAD_VER, DTLS1_2_VERSION,
1623 SSL_HIGH | SSL_FIPS,
1624 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1630 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1631 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1632 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1637 TLS1_VERSION, TLS1_2_VERSION,
1638 DTLS1_BAD_VER, DTLS1_2_VERSION,
1639 SSL_HIGH | SSL_FIPS,
1640 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1644 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1647 TLS1_TXT_PSK_WITH_NULL_SHA256,
1648 TLS1_RFC_PSK_WITH_NULL_SHA256,
1649 TLS1_CK_PSK_WITH_NULL_SHA256,
1654 TLS1_VERSION, TLS1_2_VERSION,
1655 DTLS1_BAD_VER, DTLS1_2_VERSION,
1656 SSL_STRONG_NONE | SSL_FIPS,
1657 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1663 TLS1_TXT_PSK_WITH_NULL_SHA384,
1664 TLS1_RFC_PSK_WITH_NULL_SHA384,
1665 TLS1_CK_PSK_WITH_NULL_SHA384,
1670 TLS1_VERSION, TLS1_2_VERSION,
1671 DTLS1_BAD_VER, DTLS1_2_VERSION,
1672 SSL_STRONG_NONE | SSL_FIPS,
1673 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1680 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1681 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1682 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1687 TLS1_VERSION, TLS1_2_VERSION,
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,
1689 SSL_HIGH | SSL_FIPS,
1690 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1696 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1697 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1698 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1703 TLS1_VERSION, TLS1_2_VERSION,
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,
1705 SSL_HIGH | SSL_FIPS,
1706 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1710 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1713 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1714 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1715 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1720 TLS1_VERSION, TLS1_2_VERSION,
1721 DTLS1_BAD_VER, DTLS1_2_VERSION,
1722 SSL_STRONG_NONE | SSL_FIPS,
1723 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1729 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1730 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1731 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1736 TLS1_VERSION, TLS1_2_VERSION,
1737 DTLS1_BAD_VER, DTLS1_2_VERSION,
1738 SSL_STRONG_NONE | SSL_FIPS,
1739 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1746 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1747 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1748 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_HIGH | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1762 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1763 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1764 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1769 TLS1_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_HIGH | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1776 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1779 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1780 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1781 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1786 TLS1_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1788 SSL_STRONG_NONE | SSL_FIPS,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1796 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1797 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1802 TLS1_VERSION, TLS1_2_VERSION,
1803 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_STRONG_NONE | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1810 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1813 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1814 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1815 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1820 TLS1_VERSION, TLS1_2_VERSION,
1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
1822 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1830 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1831 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1832 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1837 TLS1_VERSION, TLS1_2_VERSION,
1838 DTLS1_BAD_VER, DTLS1_2_VERSION,
1839 SSL_HIGH | SSL_FIPS,
1840 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1846 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1847 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1848 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1853 TLS1_VERSION, TLS1_2_VERSION,
1854 DTLS1_BAD_VER, DTLS1_2_VERSION,
1855 SSL_HIGH | SSL_FIPS,
1856 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1862 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1863 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1864 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1869 TLS1_VERSION, TLS1_2_VERSION,
1870 DTLS1_BAD_VER, DTLS1_2_VERSION,
1871 SSL_HIGH | SSL_FIPS,
1872 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1878 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1879 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1880 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1885 TLS1_VERSION, TLS1_2_VERSION,
1886 DTLS1_BAD_VER, DTLS1_2_VERSION,
1887 SSL_HIGH | SSL_FIPS,
1888 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1892 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1895 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1896 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1897 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1902 TLS1_VERSION, TLS1_2_VERSION,
1903 DTLS1_BAD_VER, DTLS1_2_VERSION,
1904 SSL_STRONG_NONE | SSL_FIPS,
1905 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1911 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1912 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1913 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1918 TLS1_VERSION, TLS1_2_VERSION,
1919 DTLS1_BAD_VER, DTLS1_2_VERSION,
1920 SSL_STRONG_NONE | SSL_FIPS,
1921 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1927 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1928 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1929 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1934 TLS1_VERSION, TLS1_2_VERSION,
1935 DTLS1_BAD_VER, DTLS1_2_VERSION,
1936 SSL_STRONG_NONE | SSL_FIPS,
1937 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1942 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1945 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1946 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1947 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1952 SSL3_VERSION, TLS1_2_VERSION,
1953 DTLS1_BAD_VER, DTLS1_2_VERSION,
1954 SSL_NOT_DEFAULT | SSL_MEDIUM,
1955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1961 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1962 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1963 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1968 SSL3_VERSION, TLS1_2_VERSION,
1969 DTLS1_BAD_VER, DTLS1_2_VERSION,
1970 SSL_NOT_DEFAULT | SSL_MEDIUM,
1971 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1977 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1978 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1979 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1984 SSL3_VERSION, TLS1_2_VERSION,
1985 DTLS1_BAD_VER, DTLS1_2_VERSION,
1986 SSL_NOT_DEFAULT | SSL_MEDIUM,
1987 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1994 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1995 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1996 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2001 SSL3_VERSION, TLS1_2_VERSION,
2002 DTLS1_BAD_VER, DTLS1_2_VERSION,
2004 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2010 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2011 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2012 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2017 SSL3_VERSION, TLS1_2_VERSION,
2018 DTLS1_BAD_VER, DTLS1_2_VERSION,
2020 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2026 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2027 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2028 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2033 SSL3_VERSION, TLS1_2_VERSION,
2034 DTLS1_BAD_VER, DTLS1_2_VERSION,
2035 SSL_NOT_DEFAULT | SSL_HIGH,
2036 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2042 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2043 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2044 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2049 SSL3_VERSION, TLS1_2_VERSION,
2050 DTLS1_BAD_VER, DTLS1_2_VERSION,
2052 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2058 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2059 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2060 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2065 SSL3_VERSION, TLS1_2_VERSION,
2066 DTLS1_BAD_VER, DTLS1_2_VERSION,
2068 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2074 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2075 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2076 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2081 SSL3_VERSION, TLS1_2_VERSION,
2082 DTLS1_BAD_VER, DTLS1_2_VERSION,
2083 SSL_NOT_DEFAULT | SSL_HIGH,
2084 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2091 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2092 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2093 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2096 SSL_CHACHA20POLY1305,
2098 TLS1_2_VERSION, TLS1_2_VERSION,
2099 DTLS1_2_VERSION, DTLS1_2_VERSION,
2101 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2107 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2108 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2109 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2112 SSL_CHACHA20POLY1305,
2114 TLS1_2_VERSION, TLS1_2_VERSION,
2115 DTLS1_2_VERSION, DTLS1_2_VERSION,
2117 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2123 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2124 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2125 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2128 SSL_CHACHA20POLY1305,
2130 TLS1_2_VERSION, TLS1_2_VERSION,
2131 DTLS1_2_VERSION, DTLS1_2_VERSION,
2133 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2139 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2140 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2141 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2144 SSL_CHACHA20POLY1305,
2146 TLS1_2_VERSION, TLS1_2_VERSION,
2147 DTLS1_2_VERSION, DTLS1_2_VERSION,
2149 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2155 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2156 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2157 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2160 SSL_CHACHA20POLY1305,
2162 TLS1_2_VERSION, TLS1_2_VERSION,
2163 DTLS1_2_VERSION, DTLS1_2_VERSION,
2165 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2171 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2172 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2173 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2176 SSL_CHACHA20POLY1305,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2187 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2188 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2189 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2192 SSL_CHACHA20POLY1305,
2194 TLS1_2_VERSION, TLS1_2_VERSION,
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2204 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2206 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2211 TLS1_2_VERSION, TLS1_2_VERSION,
2212 DTLS1_2_VERSION, DTLS1_2_VERSION,
2213 SSL_NOT_DEFAULT | SSL_HIGH,
2214 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2220 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2221 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2222 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2227 TLS1_2_VERSION, TLS1_2_VERSION,
2228 DTLS1_2_VERSION, DTLS1_2_VERSION,
2229 SSL_NOT_DEFAULT | SSL_HIGH,
2230 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2236 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2237 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2238 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2243 TLS1_2_VERSION, TLS1_2_VERSION,
2244 DTLS1_2_VERSION, DTLS1_2_VERSION,
2245 SSL_NOT_DEFAULT | SSL_HIGH,
2246 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2252 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2253 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2254 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2259 TLS1_2_VERSION, TLS1_2_VERSION,
2260 DTLS1_2_VERSION, DTLS1_2_VERSION,
2261 SSL_NOT_DEFAULT | SSL_HIGH,
2262 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2268 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2270 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2275 TLS1_2_VERSION, TLS1_2_VERSION,
2276 DTLS1_2_VERSION, DTLS1_2_VERSION,
2277 SSL_NOT_DEFAULT | SSL_HIGH,
2278 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2284 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2285 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2286 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2291 TLS1_2_VERSION, TLS1_2_VERSION,
2292 DTLS1_2_VERSION, DTLS1_2_VERSION,
2293 SSL_NOT_DEFAULT | SSL_HIGH,
2294 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2300 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2301 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2302 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2307 TLS1_2_VERSION, TLS1_2_VERSION,
2308 DTLS1_2_VERSION, DTLS1_2_VERSION,
2309 SSL_NOT_DEFAULT | SSL_HIGH,
2310 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2316 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2317 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2318 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2323 TLS1_2_VERSION, TLS1_2_VERSION,
2324 DTLS1_2_VERSION, DTLS1_2_VERSION,
2325 SSL_NOT_DEFAULT | SSL_HIGH,
2326 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2332 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2334 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2339 SSL3_VERSION, TLS1_2_VERSION,
2340 DTLS1_BAD_VER, DTLS1_2_VERSION,
2341 SSL_NOT_DEFAULT | SSL_HIGH,
2342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2348 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2349 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2350 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2355 SSL3_VERSION, TLS1_2_VERSION,
2356 DTLS1_BAD_VER, DTLS1_2_VERSION,
2357 SSL_NOT_DEFAULT | SSL_HIGH,
2358 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2364 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2365 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2366 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2371 SSL3_VERSION, TLS1_2_VERSION,
2372 DTLS1_BAD_VER, DTLS1_2_VERSION,
2373 SSL_NOT_DEFAULT | SSL_HIGH,
2374 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2380 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2381 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2382 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2387 SSL3_VERSION, TLS1_2_VERSION,
2388 DTLS1_BAD_VER, DTLS1_2_VERSION,
2389 SSL_NOT_DEFAULT | SSL_HIGH,
2390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2396 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2398 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2403 SSL3_VERSION, TLS1_2_VERSION,
2404 DTLS1_BAD_VER, DTLS1_2_VERSION,
2405 SSL_NOT_DEFAULT | SSL_HIGH,
2406 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2412 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2413 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2414 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2419 SSL3_VERSION, TLS1_2_VERSION,
2420 DTLS1_BAD_VER, DTLS1_2_VERSION,
2421 SSL_NOT_DEFAULT | SSL_HIGH,
2422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2428 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2429 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2430 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2435 SSL3_VERSION, TLS1_2_VERSION,
2436 DTLS1_BAD_VER, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2444 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2445 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2446 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2451 SSL3_VERSION, TLS1_2_VERSION,
2452 DTLS1_BAD_VER, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2460 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2461 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2476 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2477 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_2_VERSION, TLS1_2_VERSION,
2484 DTLS1_2_VERSION, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2492 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2493 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2494 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2499 TLS1_2_VERSION, TLS1_2_VERSION,
2500 DTLS1_2_VERSION, DTLS1_2_VERSION,
2501 SSL_NOT_DEFAULT | SSL_HIGH,
2502 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2508 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2509 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2510 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2515 TLS1_2_VERSION, TLS1_2_VERSION,
2516 DTLS1_2_VERSION, DTLS1_2_VERSION,
2517 SSL_NOT_DEFAULT | SSL_HIGH,
2518 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2524 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2525 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2526 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2531 TLS1_VERSION, TLS1_2_VERSION,
2532 DTLS1_BAD_VER, DTLS1_2_VERSION,
2533 SSL_NOT_DEFAULT | SSL_HIGH,
2534 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2540 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2541 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2542 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2547 TLS1_VERSION, TLS1_2_VERSION,
2548 DTLS1_BAD_VER, DTLS1_2_VERSION,
2549 SSL_NOT_DEFAULT | SSL_HIGH,
2550 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2556 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2557 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2558 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2563 TLS1_VERSION, TLS1_2_VERSION,
2564 DTLS1_BAD_VER, DTLS1_2_VERSION,
2565 SSL_NOT_DEFAULT | SSL_HIGH,
2566 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2572 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2573 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2574 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2579 TLS1_VERSION, TLS1_2_VERSION,
2580 DTLS1_BAD_VER, DTLS1_2_VERSION,
2581 SSL_NOT_DEFAULT | SSL_HIGH,
2582 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2588 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2589 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2590 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2595 TLS1_VERSION, TLS1_2_VERSION,
2596 DTLS1_BAD_VER, DTLS1_2_VERSION,
2597 SSL_NOT_DEFAULT | SSL_HIGH,
2598 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2604 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2605 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2606 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2611 TLS1_VERSION, TLS1_2_VERSION,
2612 DTLS1_BAD_VER, DTLS1_2_VERSION,
2613 SSL_NOT_DEFAULT | SSL_HIGH,
2614 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2620 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2621 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2622 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2627 TLS1_VERSION, TLS1_2_VERSION,
2628 DTLS1_BAD_VER, DTLS1_2_VERSION,
2629 SSL_NOT_DEFAULT | SSL_HIGH,
2630 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2636 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2637 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2638 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2643 TLS1_VERSION, TLS1_2_VERSION,
2644 DTLS1_BAD_VER, DTLS1_2_VERSION,
2645 SSL_NOT_DEFAULT | SSL_HIGH,
2646 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2651 #ifndef OPENSSL_NO_GOST
2654 "GOST2001-GOST89-GOST89",
2655 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2659 SSL_eGOST2814789CNT,
2661 TLS1_VERSION, TLS1_2_VERSION,
2664 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2668 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2671 "GOST2001-NULL-GOST94",
2672 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2678 TLS1_VERSION, TLS1_2_VERSION,
2681 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2688 "IANA-GOST2012-GOST8912-GOST8912",
2692 SSL_aGOST12 | SSL_aGOST01,
2693 SSL_eGOST2814789CNT12,
2695 TLS1_VERSION, TLS1_2_VERSION,
2698 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2704 "LEGACY-GOST2012-GOST8912-GOST8912",
2708 SSL_aGOST12 | SSL_aGOST01,
2709 SSL_eGOST2814789CNT12,
2711 TLS1_VERSION, TLS1_2_VERSION,
2714 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2718 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2721 "GOST2012-NULL-GOST12",
2725 SSL_aGOST12 | SSL_aGOST01,
2728 TLS1_VERSION, TLS1_2_VERSION,
2731 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2738 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2745 TLS1_2_VERSION, TLS1_2_VERSION,
2748 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2754 "GOST2012-MAGMA-MAGMAOMAC",
2761 TLS1_2_VERSION, TLS1_2_VERSION,
2764 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2768 #endif /* OPENSSL_NO_GOST */
2772 SSL3_TXT_RSA_IDEA_128_SHA,
2773 SSL3_RFC_RSA_IDEA_128_SHA,
2774 SSL3_CK_RSA_IDEA_128_SHA,
2779 SSL3_VERSION, TLS1_1_VERSION,
2780 DTLS1_BAD_VER, DTLS1_VERSION,
2781 SSL_NOT_DEFAULT | SSL_MEDIUM,
2782 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2789 TLS1_TXT_RSA_WITH_SEED_SHA,
2790 TLS1_RFC_RSA_WITH_SEED_SHA,
2791 TLS1_CK_RSA_WITH_SEED_SHA,
2796 SSL3_VERSION, TLS1_2_VERSION,
2797 DTLS1_BAD_VER, DTLS1_2_VERSION,
2798 SSL_NOT_DEFAULT | SSL_MEDIUM,
2799 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2805 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2806 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2807 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2812 SSL3_VERSION, TLS1_2_VERSION,
2813 DTLS1_BAD_VER, DTLS1_2_VERSION,
2814 SSL_NOT_DEFAULT | SSL_MEDIUM,
2815 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2821 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2822 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2823 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2828 SSL3_VERSION, TLS1_2_VERSION,
2829 DTLS1_BAD_VER, DTLS1_2_VERSION,
2830 SSL_NOT_DEFAULT | SSL_MEDIUM,
2831 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2837 TLS1_TXT_ADH_WITH_SEED_SHA,
2838 TLS1_RFC_ADH_WITH_SEED_SHA,
2839 TLS1_CK_ADH_WITH_SEED_SHA,
2844 SSL3_VERSION, TLS1_2_VERSION,
2845 DTLS1_BAD_VER, DTLS1_2_VERSION,
2846 SSL_NOT_DEFAULT | SSL_MEDIUM,
2847 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2852 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2855 SSL3_TXT_RSA_RC4_128_MD5,
2856 SSL3_RFC_RSA_RC4_128_MD5,
2857 SSL3_CK_RSA_RC4_128_MD5,
2862 SSL3_VERSION, TLS1_2_VERSION,
2864 SSL_NOT_DEFAULT | SSL_MEDIUM,
2865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2871 SSL3_TXT_RSA_RC4_128_SHA,
2872 SSL3_RFC_RSA_RC4_128_SHA,
2873 SSL3_CK_RSA_RC4_128_SHA,
2878 SSL3_VERSION, TLS1_2_VERSION,
2880 SSL_NOT_DEFAULT | SSL_MEDIUM,
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2887 SSL3_TXT_ADH_RC4_128_MD5,
2888 SSL3_RFC_ADH_RC4_128_MD5,
2889 SSL3_CK_ADH_RC4_128_MD5,
2894 SSL3_VERSION, TLS1_2_VERSION,
2896 SSL_NOT_DEFAULT | SSL_MEDIUM,
2897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2903 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2904 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2910 TLS1_VERSION, TLS1_2_VERSION,
2912 SSL_NOT_DEFAULT | SSL_MEDIUM,
2913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2919 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2920 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2921 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2926 TLS1_VERSION, TLS1_2_VERSION,
2928 SSL_NOT_DEFAULT | SSL_MEDIUM,
2929 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2935 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2936 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2937 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2942 TLS1_VERSION, TLS1_2_VERSION,
2944 SSL_NOT_DEFAULT | SSL_MEDIUM,
2945 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2951 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2952 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2953 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2958 TLS1_VERSION, TLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_MEDIUM,
2961 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2967 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2968 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2969 TLS1_CK_PSK_WITH_RC4_128_SHA,
2974 SSL3_VERSION, TLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_MEDIUM,
2977 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2983 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2984 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2985 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2990 SSL3_VERSION, TLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_MEDIUM,
2993 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2999 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3000 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3001 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3006 SSL3_VERSION, TLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_MEDIUM,
3009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3013 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3017 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3018 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3019 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3024 TLS1_2_VERSION, TLS1_2_VERSION,
3025 DTLS1_2_VERSION, DTLS1_2_VERSION,
3026 SSL_NOT_DEFAULT | SSL_HIGH,
3027 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3033 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3034 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3035 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3040 TLS1_2_VERSION, TLS1_2_VERSION,
3041 DTLS1_2_VERSION, DTLS1_2_VERSION,
3042 SSL_NOT_DEFAULT | SSL_HIGH,
3043 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3049 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3050 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3056 TLS1_2_VERSION, TLS1_2_VERSION,
3057 DTLS1_2_VERSION, DTLS1_2_VERSION,
3058 SSL_NOT_DEFAULT | SSL_HIGH,
3059 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3065 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3066 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3072 TLS1_2_VERSION, TLS1_2_VERSION,
3073 DTLS1_2_VERSION, DTLS1_2_VERSION,
3074 SSL_NOT_DEFAULT | SSL_HIGH,
3075 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3081 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3082 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3083 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3088 TLS1_2_VERSION, TLS1_2_VERSION,
3089 DTLS1_2_VERSION, DTLS1_2_VERSION,
3090 SSL_NOT_DEFAULT | SSL_HIGH,
3091 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3097 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3098 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3099 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3104 TLS1_2_VERSION, TLS1_2_VERSION,
3105 DTLS1_2_VERSION, DTLS1_2_VERSION,
3106 SSL_NOT_DEFAULT | SSL_HIGH,
3107 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3113 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3114 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3115 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3120 TLS1_2_VERSION, TLS1_2_VERSION,
3121 DTLS1_2_VERSION, DTLS1_2_VERSION,
3122 SSL_NOT_DEFAULT | SSL_HIGH,
3123 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3129 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3130 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3131 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3136 TLS1_2_VERSION, TLS1_2_VERSION,
3137 DTLS1_2_VERSION, DTLS1_2_VERSION,
3138 SSL_NOT_DEFAULT | SSL_HIGH,
3139 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3145 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3146 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3147 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3152 TLS1_2_VERSION, TLS1_2_VERSION,
3153 DTLS1_2_VERSION, DTLS1_2_VERSION,
3154 SSL_NOT_DEFAULT | SSL_HIGH,
3155 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3161 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3162 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3163 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3168 TLS1_2_VERSION, TLS1_2_VERSION,
3169 DTLS1_2_VERSION, DTLS1_2_VERSION,
3170 SSL_NOT_DEFAULT | SSL_HIGH,
3171 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3177 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3178 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3179 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3184 TLS1_2_VERSION, TLS1_2_VERSION,
3185 DTLS1_2_VERSION, DTLS1_2_VERSION,
3186 SSL_NOT_DEFAULT | SSL_HIGH,
3187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3193 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3194 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3195 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3200 TLS1_2_VERSION, TLS1_2_VERSION,
3201 DTLS1_2_VERSION, DTLS1_2_VERSION,
3202 SSL_NOT_DEFAULT | SSL_HIGH,
3203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3209 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3210 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3211 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3216 TLS1_2_VERSION, TLS1_2_VERSION,
3217 DTLS1_2_VERSION, DTLS1_2_VERSION,
3218 SSL_NOT_DEFAULT | SSL_HIGH,
3219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3225 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3226 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3227 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3232 TLS1_2_VERSION, TLS1_2_VERSION,
3233 DTLS1_2_VERSION, DTLS1_2_VERSION,
3234 SSL_NOT_DEFAULT | SSL_HIGH,
3235 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3241 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3242 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3243 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3248 TLS1_2_VERSION, TLS1_2_VERSION,
3249 DTLS1_2_VERSION, DTLS1_2_VERSION,
3250 SSL_NOT_DEFAULT | SSL_HIGH,
3251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3257 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3258 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3259 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3264 TLS1_2_VERSION, TLS1_2_VERSION,
3265 DTLS1_2_VERSION, DTLS1_2_VERSION,
3266 SSL_NOT_DEFAULT | SSL_HIGH,
3267 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3274 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3275 * values stuffed into the ciphers field of the wire protocol for signalling
3278 static SSL_CIPHER ssl3_scsvs[] = {
3281 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3282 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3288 "TLS_FALLBACK_SCSV",
3289 "TLS_FALLBACK_SCSV",
3290 SSL3_CK_FALLBACK_SCSV,
3291 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3295 static int cipher_compare(const void *a, const void *b)
3297 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3298 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3300 if (ap->id == bp->id)
3302 return ap->id < bp->id ? -1 : 1;
3305 void ssl_sort_cipher_list(void)
3307 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3309 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3311 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3314 static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3315 size_t s, const char *t, size_t u,
3316 const unsigned char *v, size_t w, int x)
3325 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3328 const SSL3_ENC_METHOD SSLv3_enc_data = {
3329 ssl3_setup_key_block,
3330 ssl3_generate_master_secret,
3331 ssl3_change_cipher_state,
3332 ssl3_final_finish_mac,
3333 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3334 SSL3_MD_SERVER_FINISHED_CONST, 4,
3336 sslcon_undefined_function_1,
3338 ssl3_set_handshake_header,
3339 tls_close_construct_packet,
3340 ssl3_handshake_write
3343 OSSL_TIME ssl3_default_timeout(void)
3346 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3347 * http, the cache would over fill
3349 return ossl_seconds2time(60 * 60 * 2);
3352 int ssl3_num_ciphers(void)
3354 return SSL3_NUM_CIPHERS;
3357 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3359 if (u < SSL3_NUM_CIPHERS)
3360 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3365 int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3367 /* No header in the event of a CCS */
3368 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3371 /* Set the content type and 3 bytes for the message len */
3372 if (!WPACKET_put_bytes_u8(pkt, htype)
3373 || !WPACKET_start_sub_packet_u24(pkt))
3379 int ssl3_handshake_write(SSL_CONNECTION *s)
3381 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3384 int ssl3_new(SSL *s)
3386 #ifndef OPENSSL_NO_SRP
3387 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3392 if (!ssl_srp_ctx_init_intern(sc))
3396 if (!s->method->ssl_clear(s))
3402 void ssl3_free(SSL *s)
3404 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3409 ssl3_cleanup_key_block(sc);
3411 EVP_PKEY_free(sc->s3.peer_tmp);
3412 sc->s3.peer_tmp = NULL;
3413 EVP_PKEY_free(sc->s3.tmp.pkey);
3414 sc->s3.tmp.pkey = NULL;
3416 ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3417 ssl_evp_md_free(sc->s3.tmp.new_hash);
3419 OPENSSL_free(sc->s3.tmp.ctype);
3420 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3421 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3422 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3423 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3424 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3425 OPENSSL_free(sc->s3.tmp.valid_flags);
3426 ssl3_free_digest_list(sc);
3427 OPENSSL_free(sc->s3.alpn_selected);
3428 OPENSSL_free(sc->s3.alpn_proposed);
3430 #ifndef OPENSSL_NO_PSK
3431 OPENSSL_free(sc->s3.tmp.psk);
3434 #ifndef OPENSSL_NO_SRP
3435 ssl_srp_ctx_free_intern(sc);
3437 memset(&sc->s3, 0, sizeof(sc->s3));
3440 int ssl3_clear(SSL *s)
3442 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3448 ssl3_cleanup_key_block(sc);
3449 OPENSSL_free(sc->s3.tmp.ctype);
3450 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3451 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3452 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3453 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3454 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3455 OPENSSL_free(sc->s3.tmp.valid_flags);
3457 EVP_PKEY_free(sc->s3.tmp.pkey);
3458 EVP_PKEY_free(sc->s3.peer_tmp);
3460 ssl3_free_digest_list(sc);
3462 OPENSSL_free(sc->s3.alpn_selected);
3463 OPENSSL_free(sc->s3.alpn_proposed);
3466 * NULL/zero-out everything in the s3 struct, but remember if we are doing
3469 flags = sc->s3.flags & TLS1_FLAGS_QUIC;
3470 memset(&sc->s3, 0, sizeof(sc->s3));
3471 sc->s3.flags |= flags;
3473 if (!ssl_free_wbio_buffer(sc))
3476 sc->version = SSL3_VERSION;
3478 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3479 OPENSSL_free(sc->ext.npn);
3481 sc->ext.npn_len = 0;
3487 #ifndef OPENSSL_NO_SRP
3488 static char *srp_password_from_info_cb(SSL *s, void *arg)
3490 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3495 return OPENSSL_strdup(sc->srp_ctx.info);
3499 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3501 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3504 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3510 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3512 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3513 ret = sc->s3.num_renegotiations;
3515 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3516 ret = sc->s3.num_renegotiations;
3517 sc->s3.num_renegotiations = 0;
3519 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3520 ret = sc->s3.total_renegotiations;
3522 case SSL_CTRL_GET_FLAGS:
3523 ret = (int)(sc->s3.flags);
3525 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3526 case SSL_CTRL_SET_TMP_DH:
3528 EVP_PKEY *pkdh = NULL;
3530 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3533 pkdh = ssl_dh_to_pkey(parg);
3535 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3538 if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3539 EVP_PKEY_free(pkdh);
3545 case SSL_CTRL_SET_TMP_DH_CB:
3547 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3551 case SSL_CTRL_SET_DH_AUTO:
3552 sc->cert->dh_tmp_auto = larg;
3554 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3555 case SSL_CTRL_SET_TMP_ECDH:
3558 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3561 return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3562 &sc->ext.supportedgroups_len,
3565 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3566 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3568 * This API is only used for a client to set what SNI it will request
3569 * from the server, but we currently allow it to be used on servers
3570 * as well, which is a programming error. Currently we just clear
3571 * the field in SSL_do_handshake() for server SSLs, but when we can
3572 * make ABI-breaking changes, we may want to make use of this API
3573 * an error on server SSLs.
3575 if (larg == TLSEXT_NAMETYPE_host_name) {
3578 OPENSSL_free(sc->ext.hostname);
3579 sc->ext.hostname = NULL;
3584 len = strlen((char *)parg);
3585 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3586 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3589 if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3590 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3594 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3598 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3599 sc->ext.debug_arg = parg;
3603 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3604 ret = sc->ext.status_type;
3607 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3608 sc->ext.status_type = larg;
3612 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3613 *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3617 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3618 sc->ext.ocsp.exts = parg;
3622 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3623 *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3627 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3628 sc->ext.ocsp.ids = parg;
3632 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3633 *(unsigned char **)parg = sc->ext.ocsp.resp;
3634 if (sc->ext.ocsp.resp_len == 0
3635 || sc->ext.ocsp.resp_len > LONG_MAX)
3637 return (long)sc->ext.ocsp.resp_len;
3639 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3640 OPENSSL_free(sc->ext.ocsp.resp);
3641 sc->ext.ocsp.resp = parg;
3642 sc->ext.ocsp.resp_len = larg;
3646 case SSL_CTRL_CHAIN:
3648 return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3650 return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3652 case SSL_CTRL_CHAIN_CERT:
3654 return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3656 return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3658 case SSL_CTRL_GET_CHAIN_CERTS:
3659 *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3663 case SSL_CTRL_SELECT_CURRENT_CERT:
3664 return ssl_cert_select_current(sc->cert, (X509 *)parg);
3666 case SSL_CTRL_SET_CURRENT_CERT:
3667 if (larg == SSL_CERT_SET_SERVER) {
3668 const SSL_CIPHER *cipher;
3671 cipher = sc->s3.tmp.new_cipher;
3675 * No certificate for unauthenticated ciphersuites or using SRP
3678 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3680 if (sc->s3.tmp.cert == NULL)
3682 sc->cert->key = sc->s3.tmp.cert;
3685 return ssl_cert_set_current(sc->cert, larg);
3687 case SSL_CTRL_GET_GROUPS:
3694 clist = sc->ext.peer_supportedgroups;
3695 clistlen = sc->ext.peer_supportedgroups_len;
3700 for (i = 0; i < clistlen; i++) {
3701 const TLS_GROUP_INFO *cinf
3702 = tls1_group_id_lookup(s->ctx, clist[i]);
3705 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3707 cptr[i] = TLSEXT_nid_unknown | clist[i];
3710 return (int)clistlen;
3713 case SSL_CTRL_SET_GROUPS:
3714 return tls1_set_groups(&sc->ext.supportedgroups,
3715 &sc->ext.supportedgroups_len, parg, larg);
3717 case SSL_CTRL_SET_GROUPS_LIST:
3718 return tls1_set_groups_list(s->ctx, &sc->ext.supportedgroups,
3719 &sc->ext.supportedgroups_len, parg);
3721 case SSL_CTRL_GET_SHARED_GROUP:
3723 uint16_t id = tls1_shared_group(sc, larg);
3726 return tls1_group_id2nid(id, 1);
3729 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3733 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3734 id = sc->s3.group_id;
3736 id = sc->session->kex_group;
3737 ret = tls1_group_id2nid(id, 1);
3740 case SSL_CTRL_SET_SIGALGS:
3741 return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3743 case SSL_CTRL_SET_SIGALGS_LIST:
3744 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3746 case SSL_CTRL_SET_CLIENT_SIGALGS:
3747 return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3749 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3750 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3752 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3754 const unsigned char **pctype = parg;
3755 if (sc->server || !sc->s3.tmp.cert_req)
3758 *pctype = sc->s3.tmp.ctype;
3759 return sc->s3.tmp.ctype_len;
3762 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3765 return ssl3_set_req_cert_type(sc->cert, parg, larg);
3767 case SSL_CTRL_BUILD_CERT_CHAIN:
3768 return ssl_build_cert_chain(sc, NULL, larg);
3770 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3771 return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3773 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3774 return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3776 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3777 return ssl_cert_get_cert_store(sc->cert, parg, 0);
3779 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3780 return ssl_cert_get_cert_store(sc->cert, parg, 1);
3782 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3783 if (sc->s3.tmp.peer_sigalg == NULL)
3785 *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3788 case SSL_CTRL_GET_SIGNATURE_NID:
3789 if (sc->s3.tmp.sigalg == NULL)
3791 *(int *)parg = sc->s3.tmp.sigalg->hash;
3794 case SSL_CTRL_GET_PEER_TMP_KEY:
3795 if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3798 EVP_PKEY_up_ref(sc->s3.peer_tmp);
3799 *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3803 case SSL_CTRL_GET_TMP_KEY:
3804 if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3807 EVP_PKEY_up_ref(sc->s3.tmp.pkey);
3808 *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3812 case SSL_CTRL_GET_EC_POINT_FORMATS:
3814 const unsigned char **pformat = parg;
3816 if (sc->ext.peer_ecpointformats == NULL)
3818 *pformat = sc->ext.peer_ecpointformats;
3819 return (int)sc->ext.peer_ecpointformats_len;
3822 case SSL_CTRL_GET_IANA_GROUPS:
3825 *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3827 return (int)sc->ext.peer_supportedgroups_len;
3830 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3831 sc->msg_callback_arg = parg;
3840 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3843 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3849 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3850 case SSL_CTRL_SET_TMP_DH_CB:
3851 sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3855 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3856 sc->ext.debug_cb = (void (*)(SSL *, int, int,
3857 const unsigned char *, int, void *))fp;
3861 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3862 sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3866 case SSL_CTRL_SET_MSG_CALLBACK:
3867 sc->msg_callback = (ossl_msg_cb)fp;
3875 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3878 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3879 case SSL_CTRL_SET_TMP_DH:
3881 EVP_PKEY *pkdh = NULL;
3883 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3886 pkdh = ssl_dh_to_pkey(parg);
3888 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3891 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3892 EVP_PKEY_free(pkdh);
3897 case SSL_CTRL_SET_TMP_DH_CB:
3899 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3903 case SSL_CTRL_SET_DH_AUTO:
3904 ctx->cert->dh_tmp_auto = larg;
3906 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3907 case SSL_CTRL_SET_TMP_ECDH:
3910 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3913 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3914 &ctx->ext.supportedgroups_len,
3917 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3918 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3919 ctx->ext.servername_arg = parg;
3921 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3922 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3924 unsigned char *keys = parg;
3925 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3926 sizeof(ctx->ext.secure->tick_hmac_key) +
3927 sizeof(ctx->ext.secure->tick_aes_key));
3930 if (larg != tick_keylen) {
3931 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3934 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3935 memcpy(ctx->ext.tick_key_name, keys,
3936 sizeof(ctx->ext.tick_key_name));
3937 memcpy(ctx->ext.secure->tick_hmac_key,
3938 keys + sizeof(ctx->ext.tick_key_name),
3939 sizeof(ctx->ext.secure->tick_hmac_key));
3940 memcpy(ctx->ext.secure->tick_aes_key,
3941 keys + sizeof(ctx->ext.tick_key_name) +
3942 sizeof(ctx->ext.secure->tick_hmac_key),
3943 sizeof(ctx->ext.secure->tick_aes_key));
3945 memcpy(keys, ctx->ext.tick_key_name,
3946 sizeof(ctx->ext.tick_key_name));
3947 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3948 ctx->ext.secure->tick_hmac_key,
3949 sizeof(ctx->ext.secure->tick_hmac_key));
3950 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3951 sizeof(ctx->ext.secure->tick_hmac_key),
3952 ctx->ext.secure->tick_aes_key,
3953 sizeof(ctx->ext.secure->tick_aes_key));
3958 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3959 return ctx->ext.status_type;
3961 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3962 ctx->ext.status_type = larg;
3965 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3966 ctx->ext.status_arg = parg;
3969 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3970 *(void**)parg = ctx->ext.status_arg;
3973 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3974 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3977 #ifndef OPENSSL_NO_SRP
3978 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3979 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3980 OPENSSL_free(ctx->srp_ctx.login);
3981 ctx->srp_ctx.login = NULL;
3984 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3985 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3988 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3989 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3993 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3994 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3995 srp_password_from_info_cb;
3996 if (ctx->srp_ctx.info != NULL)
3997 OPENSSL_free(ctx->srp_ctx.info);
3998 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3999 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4003 case SSL_CTRL_SET_SRP_ARG:
4004 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4005 ctx->srp_ctx.SRP_cb_arg = parg;
4008 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4009 ctx->srp_ctx.strength = larg;
4013 case SSL_CTRL_SET_GROUPS:
4014 return tls1_set_groups(&ctx->ext.supportedgroups,
4015 &ctx->ext.supportedgroups_len,
4018 case SSL_CTRL_SET_GROUPS_LIST:
4019 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
4020 &ctx->ext.supportedgroups_len,
4023 case SSL_CTRL_SET_SIGALGS:
4024 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4026 case SSL_CTRL_SET_SIGALGS_LIST:
4027 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4029 case SSL_CTRL_SET_CLIENT_SIGALGS:
4030 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4032 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4033 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4035 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4036 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4038 case SSL_CTRL_BUILD_CERT_CHAIN:
4039 return ssl_build_cert_chain(NULL, ctx, larg);
4041 case SSL_CTRL_SET_VERIFY_CERT_STORE:
4042 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4044 case SSL_CTRL_SET_CHAIN_CERT_STORE:
4045 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4047 case SSL_CTRL_GET_VERIFY_CERT_STORE:
4048 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4050 case SSL_CTRL_GET_CHAIN_CERT_STORE:
4051 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4053 /* A Thawte special :-) */
4054 case SSL_CTRL_EXTRA_CHAIN_CERT:
4055 if (ctx->extra_certs == NULL) {
4056 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4057 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4061 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4062 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4067 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4068 if (ctx->extra_certs == NULL && larg == 0)
4069 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4071 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4074 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4075 OSSL_STACK_OF_X509_free(ctx->extra_certs);
4076 ctx->extra_certs = NULL;
4079 case SSL_CTRL_CHAIN:
4081 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4083 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4085 case SSL_CTRL_CHAIN_CERT:
4087 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4089 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4091 case SSL_CTRL_GET_CHAIN_CERTS:
4092 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4095 case SSL_CTRL_SELECT_CURRENT_CERT:
4096 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4098 case SSL_CTRL_SET_CURRENT_CERT:
4099 return ssl_cert_set_current(ctx->cert, larg);
4107 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4110 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4111 case SSL_CTRL_SET_TMP_DH_CB:
4113 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4117 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4118 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4121 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4122 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4125 # ifndef OPENSSL_NO_DEPRECATED_3_0
4126 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4127 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4130 HMAC_CTX *, int))fp;
4134 #ifndef OPENSSL_NO_SRP
4135 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4136 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4137 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4139 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4140 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4141 ctx->srp_ctx.TLS_ext_srp_username_callback =
4142 (int (*)(SSL *, int *, void *))fp;
4144 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4145 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4146 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4147 (char *(*)(SSL *, void *))fp;
4150 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4152 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4161 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4162 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4163 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4165 ctx->ext.ticket_key_evp_cb = fp;
4169 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4172 const SSL_CIPHER *cp;
4175 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4178 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4181 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4184 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4187 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4188 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4191 /* this is not efficient, necessary to optimize this? */
4192 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4193 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4194 if (tbl->stdname == NULL)
4196 if (strcmp(stdname, tbl->stdname) == 0) {
4205 * This function needs to check if the ciphers required are actually
4208 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4210 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4211 | ((uint32_t)p[0] << 8L)
4215 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4217 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4222 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4230 * ssl3_choose_cipher - choose a cipher from those offered by the client
4231 * @s: SSL connection
4232 * @clnt: ciphers offered by the client
4233 * @srvr: ciphers enabled on the server?
4235 * Returns the selected cipher or NULL when no common ciphers.
4237 const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4238 STACK_OF(SSL_CIPHER) *srvr)
4240 const SSL_CIPHER *c, *ret = NULL;
4241 STACK_OF(SSL_CIPHER) *prio, *allow;
4242 int i, ii, ok, prefer_sha256 = 0;
4243 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4244 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4246 /* Let's see which ciphers we can support */
4249 * Do not set the compare functions, because this may lead to a
4250 * reordering by "id". We want to keep the original ordering. We may pay
4251 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4252 * pay with the price of sk_SSL_CIPHER_dup().
4255 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4256 BIO_printf(trc_out, "Server has %d from %p:\n",
4257 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4258 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4259 c = sk_SSL_CIPHER_value(srvr, i);
4260 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4262 BIO_printf(trc_out, "Client sent %d from %p:\n",
4263 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4264 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4265 c = sk_SSL_CIPHER_value(clnt, i);
4266 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4268 } OSSL_TRACE_END(TLS_CIPHER);
4270 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4271 if (tls1_suiteb(s)) {
4274 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4278 /* If ChaCha20 is at the top of the client preference list,
4279 and there are ChaCha20 ciphers in the server list, then
4280 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4281 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4282 c = sk_SSL_CIPHER_value(clnt, 0);
4283 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4284 /* ChaCha20 is client preferred, check server... */
4285 int num = sk_SSL_CIPHER_num(srvr);
4287 for (i = 0; i < num; i++) {
4288 c = sk_SSL_CIPHER_value(srvr, i);
4289 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4295 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4296 /* if reserve fails, then there's likely a memory issue */
4297 if (prio_chacha != NULL) {
4298 /* Put all ChaCha20 at the top, starting with the one we just found */
4299 sk_SSL_CIPHER_push(prio_chacha, c);
4300 for (i++; i < num; i++) {
4301 c = sk_SSL_CIPHER_value(srvr, i);
4302 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4303 sk_SSL_CIPHER_push(prio_chacha, c);
4305 /* Pull in the rest */
4306 for (i = 0; i < num; i++) {
4307 c = sk_SSL_CIPHER_value(srvr, i);
4308 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4309 sk_SSL_CIPHER_push(prio_chacha, c);
4321 if (SSL_CONNECTION_IS_TLS13(s)) {
4322 #ifndef OPENSSL_NO_PSK
4326 * If we allow "old" style PSK callbacks, and we have no certificate (so
4327 * we're not going to succeed without a PSK anyway), and we're in
4328 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4329 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4332 if (s->psk_server_callback != NULL) {
4333 for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++);
4334 if (j == s->ssl_pkey_num) {
4335 /* There are no certificates */
4341 tls1_set_cert_validity(s);
4345 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4346 int minversion, maxversion;
4348 c = sk_SSL_CIPHER_value(prio, i);
4349 minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4350 maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4352 /* Skip ciphers not supported by the protocol version */
4353 if (ssl_version_cmp(s, s->version, minversion) < 0
4354 || ssl_version_cmp(s, s->version, maxversion) > 0)
4358 * Since TLS 1.3 ciphersuites can be used with any auth or
4359 * key exchange scheme skip tests.
4361 if (!SSL_CONNECTION_IS_TLS13(s)) {
4362 mask_k = s->s3.tmp.mask_k;
4363 mask_a = s->s3.tmp.mask_a;
4364 #ifndef OPENSSL_NO_SRP
4365 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4371 alg_k = c->algorithm_mkey;
4372 alg_a = c->algorithm_auth;
4374 #ifndef OPENSSL_NO_PSK
4375 /* with PSK there must be server callback set */
4376 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4378 #endif /* OPENSSL_NO_PSK */
4380 ok = (alg_k & mask_k) && (alg_a & mask_a);
4381 OSSL_TRACE7(TLS_CIPHER,
4382 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4383 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4386 * if we are considering an ECC cipher suite that uses an ephemeral
4389 if (alg_k & SSL_kECDHE)
4390 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4395 ii = sk_SSL_CIPHER_find(allow, c);
4397 /* Check security callback permits this cipher */
4398 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4399 c->strength_bits, 0, (void *)c))
4402 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4403 && s->s3.is_probably_safari) {
4405 ret = sk_SSL_CIPHER_value(allow, ii);
4409 if (prefer_sha256) {
4410 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4411 const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4415 && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4423 ret = sk_SSL_CIPHER_value(allow, ii);
4428 sk_SSL_CIPHER_free(prio_chacha);
4433 int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4435 uint32_t alg_k, alg_a = 0;
4437 /* If we have custom certificate types set, use them */
4439 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4440 /* Get mask of algorithms disabled by signature list */
4441 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4443 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4445 #ifndef OPENSSL_NO_GOST
4446 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4447 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4448 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4449 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4450 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4451 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4454 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4455 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4456 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4460 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4461 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4463 if (!(alg_a & SSL_aDSS)
4464 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4467 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4469 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4473 * ECDSA certs can be used with RSA cipher suites too so we don't
4474 * need to check for SSL_kECDH or SSL_kECDHE
4476 if (s->version >= TLS1_VERSION
4477 && !(alg_a & SSL_aECDSA)
4478 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4484 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4486 OPENSSL_free(c->ctype);
4489 if (p == NULL || len == 0)
4493 c->ctype = OPENSSL_memdup(p, len);
4494 if (c->ctype == NULL)
4500 int ssl3_shutdown(SSL *s)
4503 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4509 * Don't do anything much if we have not done the handshake or we don't
4510 * want to send messages :-)
4512 if (sc->quiet_shutdown || SSL_in_before(s)) {
4513 sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4517 if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4518 sc->shutdown |= SSL_SENT_SHUTDOWN;
4519 ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4521 * our shutdown alert has been sent now, and if it still needs to be
4522 * written, s->s3.alert_dispatch will be > 0
4524 if (sc->s3.alert_dispatch > 0)
4525 return -1; /* return WANT_WRITE */
4526 } else if (sc->s3.alert_dispatch > 0) {
4527 /* resend it if not sent */
4528 ret = s->method->ssl_dispatch_alert(s);
4531 * we only get to return -1 here the 2nd/Nth invocation, we must
4532 * have already signalled return 0 upon a previous invocation,
4537 } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4540 * If we are waiting for a close from our peer, we are closed
4542 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4543 if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4544 return -1; /* return WANT_READ */
4548 if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4549 && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4555 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4557 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4563 if (sc->s3.renegotiate)
4564 ssl3_renegotiate_check(s, 0);
4566 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4570 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4574 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4580 if (sc->s3.renegotiate)
4581 ssl3_renegotiate_check(s, 0);
4582 sc->s3.in_read_app_data = 1;
4584 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4586 if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4588 * ssl3_read_bytes decided to call s->handshake_func, which called
4589 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4590 * actually found application data and thinks that application data
4591 * makes sense here; so disable handshake processing and try to read
4592 * application data again.
4594 ossl_statem_set_in_handshake(sc, 1);
4596 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4597 len, peek, readbytes);
4598 ossl_statem_set_in_handshake(sc, 0);
4600 sc->s3.in_read_app_data = 0;
4605 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4607 return ssl3_read_internal(s, buf, len, 0, readbytes);
4610 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4612 return ssl3_read_internal(s, buf, len, 1, readbytes);
4615 int ssl3_renegotiate(SSL *s)
4617 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4622 if (sc->handshake_func == NULL)
4625 sc->s3.renegotiate = 1;
4630 * Check if we are waiting to do a renegotiation and if so whether now is a
4631 * good time to do it. If |initok| is true then we are being called from inside
4632 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4633 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4634 * should do a renegotiation now and sets up the state machine for it. Otherwise
4637 int ssl3_renegotiate_check(SSL *s, int initok)
4640 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4645 if (sc->s3.renegotiate) {
4646 if (!RECORD_LAYER_read_pending(&sc->rlayer)
4647 && !RECORD_LAYER_write_pending(&sc->rlayer)
4648 && (initok || !SSL_in_init(s))) {
4650 * if we are the server, and we have sent a 'RENEGOTIATE'
4651 * message, we need to set the state machine into the renegotiate
4654 ossl_statem_set_renegotiate(sc);
4655 sc->s3.renegotiate = 0;
4656 sc->s3.num_renegotiations++;
4657 sc->s3.total_renegotiations++;
4665 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4666 * handshake macs if required.
4668 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4670 long ssl_get_algorithm2(SSL_CONNECTION *s)
4673 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4675 if (s->s3.tmp.new_cipher == NULL)
4677 alg2 = s->s3.tmp.new_cipher->algorithm2;
4678 if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4679 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4680 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4681 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4682 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4683 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4689 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4690 * failure, 1 on success.
4692 int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4693 unsigned char *result, size_t len,
4696 int send_time = 0, ret;
4701 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4703 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4705 unsigned long Time = (unsigned long)time(NULL);
4706 unsigned char *p = result;
4709 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4711 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4715 if (!ossl_assert(sizeof(tls11downgrade) < len)
4716 || !ossl_assert(sizeof(tls12downgrade) < len))
4718 if (dgrd == DOWNGRADE_TO_1_2)
4719 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4720 sizeof(tls12downgrade));
4721 else if (dgrd == DOWNGRADE_TO_1_1)
4722 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4723 sizeof(tls11downgrade));
4729 int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4730 size_t pmslen, int free_pms)
4732 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4734 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4736 if (alg_k & SSL_PSK) {
4737 #ifndef OPENSSL_NO_PSK
4738 unsigned char *pskpms, *t;
4739 size_t psklen = s->s3.tmp.psklen;
4742 /* create PSK premaster_secret */
4744 /* For plain PSK "other_secret" is psklen zeroes */
4745 if (alg_k & SSL_kPSK)
4748 pskpmslen = 4 + pmslen + psklen;
4749 pskpms = OPENSSL_malloc(pskpmslen);
4754 if (alg_k & SSL_kPSK)
4755 memset(t, 0, pmslen);
4757 memcpy(t, pms, pmslen);
4760 memcpy(t, s->s3.tmp.psk, psklen);
4762 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4763 s->s3.tmp.psk = NULL;
4764 s->s3.tmp.psklen = 0;
4765 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4766 s->session->master_key, pskpms, pskpmslen,
4767 &s->session->master_key_length)) {
4768 OPENSSL_clear_free(pskpms, pskpmslen);
4769 /* SSLfatal() already called */
4772 OPENSSL_clear_free(pskpms, pskpmslen);
4774 /* Should never happen */
4778 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4779 s->session->master_key, pms, pmslen,
4780 &s->session->master_key_length)) {
4781 /* SSLfatal() already called */
4790 OPENSSL_clear_free(pms, pmslen);
4792 OPENSSL_cleanse(pms, pmslen);
4794 if (s->server == 0) {
4795 s->s3.tmp.pms = NULL;
4796 s->s3.tmp.pmslen = 0;
4801 /* Generate a private key from parameters */
4802 EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4804 EVP_PKEY_CTX *pctx = NULL;
4805 EVP_PKEY *pkey = NULL;
4806 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4810 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4813 if (EVP_PKEY_keygen_init(pctx) <= 0)
4815 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4816 EVP_PKEY_free(pkey);
4821 EVP_PKEY_CTX_free(pctx);
4825 /* Generate a private key from a group ID */
4826 EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4828 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4829 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4830 EVP_PKEY_CTX *pctx = NULL;
4831 EVP_PKEY *pkey = NULL;
4834 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4838 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4842 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4845 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4846 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4849 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4850 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4853 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4854 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4855 EVP_PKEY_free(pkey);
4860 EVP_PKEY_CTX_free(pctx);
4865 * Generate parameters from a group ID
4867 EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4869 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4870 EVP_PKEY_CTX *pctx = NULL;
4871 EVP_PKEY *pkey = NULL;
4872 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4877 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4882 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4884 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4885 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4888 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4889 EVP_PKEY_free(pkey);
4894 EVP_PKEY_CTX_free(pctx);
4898 /* Generate secrets from pms */
4899 int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4903 /* SSLfatal() called as appropriate in the below functions */
4904 if (SSL_CONNECTION_IS_TLS13(s)) {
4906 * If we are resuming then we already generated the early secret
4907 * when we created the ClientHello, so don't recreate it.
4910 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4912 (unsigned char *)&s->early_secret);
4916 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4918 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4924 /* Derive secrets for ECDH/DH */
4925 int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4928 unsigned char *pms = NULL;
4931 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4933 if (privkey == NULL || pubkey == NULL) {
4934 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4938 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
4940 if (EVP_PKEY_derive_init(pctx) <= 0
4941 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4942 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4943 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4947 if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
4948 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4950 pms = OPENSSL_malloc(pmslen);
4952 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
4956 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4957 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4962 /* SSLfatal() called as appropriate in the below functions */
4963 rv = ssl_gensecret(s, pms, pmslen);
4965 /* Save premaster secret */
4966 s->s3.tmp.pms = pms;
4967 s->s3.tmp.pmslen = pmslen;
4973 OPENSSL_clear_free(pms, pmslen);
4974 EVP_PKEY_CTX_free(pctx);
4978 /* Decapsulate secrets for KEM */
4979 int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
4980 const unsigned char *ct, size_t ctlen,
4984 unsigned char *pms = NULL;
4987 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4989 if (privkey == NULL) {
4990 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4994 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
4996 if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
4997 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4998 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5002 pms = OPENSSL_malloc(pmslen);
5004 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5008 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5009 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5014 /* SSLfatal() called as appropriate in the below functions */
5015 rv = ssl_gensecret(s, pms, pmslen);
5017 /* Save premaster secret */
5018 s->s3.tmp.pms = pms;
5019 s->s3.tmp.pmslen = pmslen;
5025 OPENSSL_clear_free(pms, pmslen);
5026 EVP_PKEY_CTX_free(pctx);
5030 int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5031 unsigned char **ctp, size_t *ctlenp,
5035 unsigned char *pms = NULL, *ct = NULL;
5036 size_t pmslen = 0, ctlen = 0;
5038 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5040 if (pubkey == NULL) {
5041 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5045 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5047 if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5048 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5049 || pmslen == 0 || ctlen == 0) {
5050 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5054 pms = OPENSSL_malloc(pmslen);
5055 ct = OPENSSL_malloc(ctlen);
5056 if (pms == NULL || ct == NULL) {
5057 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5061 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5062 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5067 /* SSLfatal() called as appropriate in the below functions */
5068 rv = ssl_gensecret(s, pms, pmslen);
5070 /* Save premaster secret */
5071 s->s3.tmp.pms = pms;
5072 s->s3.tmp.pmslen = pmslen;
5078 /* Pass ownership of ct to caller */
5085 OPENSSL_clear_free(pms, pmslen);
5087 EVP_PKEY_CTX_free(pctx);
5091 const char *SSL_get0_group_name(SSL *s)
5093 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5099 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5100 id = sc->s3.group_id;
5102 id = sc->session->kex_group;
5104 return tls1_group_id2name(s->ctx, id);
5107 const char *SSL_group_to_name(SSL *s, int nid) {
5109 const TLS_GROUP_INFO *cinf = NULL;
5111 /* first convert to real group id for internal and external IDs */
5112 if (nid & TLSEXT_nid_unknown)
5113 group_id = nid & 0xFFFF;
5115 group_id = tls1_nid2group_id(nid);
5118 cinf = tls1_group_id_lookup(s->ctx, group_id);
5121 return cinf->tlsname;