2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
58 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
60 /* TLSv1.3 downgrade protection sentinel values */
61 const unsigned char tls11downgrade[] = {
62 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
64 const unsigned char tls12downgrade[] = {
65 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
69 * The list of available ciphers, mostly organized into the following
74 * SRP (within that: RSA EC PSK)
75 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
78 static SSL_CIPHER ssl3_ciphers[] = {
81 SSL3_TXT_RSA_NULL_MD5,
87 SSL3_VERSION, TLS1_2_VERSION,
88 DTLS1_BAD_VER, DTLS1_2_VERSION,
90 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
96 SSL3_TXT_RSA_NULL_SHA,
102 SSL3_VERSION, TLS1_2_VERSION,
103 DTLS1_BAD_VER, DTLS1_2_VERSION,
104 SSL_STRONG_NONE | SSL_FIPS,
105 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
109 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
112 SSL3_TXT_RSA_DES_192_CBC3_SHA,
113 SSL3_CK_RSA_DES_192_CBC3_SHA,
118 SSL3_VERSION, TLS1_2_VERSION,
119 DTLS1_BAD_VER, DTLS1_2_VERSION,
120 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
121 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
127 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
128 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
142 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
143 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
148 SSL3_VERSION, TLS1_2_VERSION,
149 DTLS1_BAD_VER, DTLS1_2_VERSION,
150 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
151 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
157 SSL3_TXT_ADH_DES_192_CBC_SHA,
158 SSL3_CK_ADH_DES_192_CBC_SHA,
163 SSL3_VERSION, TLS1_2_VERSION,
164 DTLS1_BAD_VER, DTLS1_2_VERSION,
165 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
166 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
173 TLS1_TXT_RSA_WITH_AES_128_SHA,
174 TLS1_CK_RSA_WITH_AES_128_SHA,
179 SSL3_VERSION, TLS1_2_VERSION,
180 DTLS1_BAD_VER, DTLS1_2_VERSION,
182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
188 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
189 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
194 SSL3_VERSION, TLS1_2_VERSION,
195 DTLS1_BAD_VER, DTLS1_2_VERSION,
196 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
203 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
204 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
209 SSL3_VERSION, TLS1_2_VERSION,
210 DTLS1_BAD_VER, DTLS1_2_VERSION,
212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218 TLS1_TXT_ADH_WITH_AES_128_SHA,
219 TLS1_CK_ADH_WITH_AES_128_SHA,
224 SSL3_VERSION, TLS1_2_VERSION,
225 DTLS1_BAD_VER, DTLS1_2_VERSION,
226 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233 TLS1_TXT_RSA_WITH_AES_256_SHA,
234 TLS1_CK_RSA_WITH_AES_256_SHA,
239 SSL3_VERSION, TLS1_2_VERSION,
240 DTLS1_BAD_VER, DTLS1_2_VERSION,
242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
248 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
249 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
254 SSL3_VERSION, TLS1_2_VERSION,
255 DTLS1_BAD_VER, DTLS1_2_VERSION,
256 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
263 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
264 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
269 SSL3_VERSION, TLS1_2_VERSION,
270 DTLS1_BAD_VER, DTLS1_2_VERSION,
272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
278 TLS1_TXT_ADH_WITH_AES_256_SHA,
279 TLS1_CK_ADH_WITH_AES_256_SHA,
284 SSL3_VERSION, TLS1_2_VERSION,
285 DTLS1_BAD_VER, DTLS1_2_VERSION,
286 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 TLS1_TXT_RSA_WITH_NULL_SHA256,
294 TLS1_CK_RSA_WITH_NULL_SHA256,
299 TLS1_2_VERSION, TLS1_2_VERSION,
300 DTLS1_2_VERSION, DTLS1_2_VERSION,
301 SSL_STRONG_NONE | SSL_FIPS,
302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 TLS1_TXT_RSA_WITH_AES_128_SHA256,
309 TLS1_CK_RSA_WITH_AES_128_SHA256,
314 TLS1_2_VERSION, TLS1_2_VERSION,
315 DTLS1_2_VERSION, DTLS1_2_VERSION,
317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
323 TLS1_TXT_RSA_WITH_AES_256_SHA256,
324 TLS1_CK_RSA_WITH_AES_256_SHA256,
329 TLS1_2_VERSION, TLS1_2_VERSION,
330 DTLS1_2_VERSION, DTLS1_2_VERSION,
332 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
338 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
339 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
344 TLS1_2_VERSION, TLS1_2_VERSION,
345 DTLS1_2_VERSION, DTLS1_2_VERSION,
346 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
353 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
354 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
359 TLS1_2_VERSION, TLS1_2_VERSION,
360 DTLS1_2_VERSION, DTLS1_2_VERSION,
362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
376 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
384 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
389 TLS1_2_VERSION, TLS1_2_VERSION,
390 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
398 TLS1_TXT_ADH_WITH_AES_128_SHA256,
399 TLS1_CK_ADH_WITH_AES_128_SHA256,
404 TLS1_2_VERSION, TLS1_2_VERSION,
405 DTLS1_2_VERSION, DTLS1_2_VERSION,
406 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
413 TLS1_TXT_ADH_WITH_AES_256_SHA256,
414 TLS1_CK_ADH_WITH_AES_256_SHA256,
419 TLS1_2_VERSION, TLS1_2_VERSION,
420 DTLS1_2_VERSION, DTLS1_2_VERSION,
421 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
428 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
429 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
434 TLS1_2_VERSION, TLS1_2_VERSION,
435 DTLS1_2_VERSION, DTLS1_2_VERSION,
437 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
443 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
444 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
449 TLS1_2_VERSION, TLS1_2_VERSION,
450 DTLS1_2_VERSION, DTLS1_2_VERSION,
452 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
458 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
459 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
464 TLS1_2_VERSION, TLS1_2_VERSION,
465 DTLS1_2_VERSION, DTLS1_2_VERSION,
467 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
473 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
474 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
479 TLS1_2_VERSION, TLS1_2_VERSION,
480 DTLS1_2_VERSION, DTLS1_2_VERSION,
482 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
488 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
489 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
494 TLS1_2_VERSION, TLS1_2_VERSION,
495 DTLS1_2_VERSION, DTLS1_2_VERSION,
496 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
497 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
503 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
504 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
509 TLS1_2_VERSION, TLS1_2_VERSION,
510 DTLS1_2_VERSION, DTLS1_2_VERSION,
511 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
512 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
518 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
519 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
524 TLS1_2_VERSION, TLS1_2_VERSION,
525 DTLS1_2_VERSION, DTLS1_2_VERSION,
526 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
527 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
533 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
534 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
539 TLS1_2_VERSION, TLS1_2_VERSION,
540 DTLS1_2_VERSION, DTLS1_2_VERSION,
541 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
542 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
548 TLS1_TXT_RSA_WITH_AES_128_CCM,
549 TLS1_CK_RSA_WITH_AES_128_CCM,
554 TLS1_2_VERSION, TLS1_2_VERSION,
555 DTLS1_2_VERSION, DTLS1_2_VERSION,
556 SSL_NOT_DEFAULT | SSL_HIGH,
557 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
563 TLS1_TXT_RSA_WITH_AES_256_CCM,
564 TLS1_CK_RSA_WITH_AES_256_CCM,
569 TLS1_2_VERSION, TLS1_2_VERSION,
570 DTLS1_2_VERSION, DTLS1_2_VERSION,
571 SSL_NOT_DEFAULT | SSL_HIGH,
572 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
578 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
579 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
584 TLS1_2_VERSION, TLS1_2_VERSION,
585 DTLS1_2_VERSION, DTLS1_2_VERSION,
586 SSL_NOT_DEFAULT | SSL_HIGH,
587 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
593 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
594 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
599 TLS1_2_VERSION, TLS1_2_VERSION,
600 DTLS1_2_VERSION, DTLS1_2_VERSION,
601 SSL_NOT_DEFAULT | SSL_HIGH,
602 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_CK_RSA_WITH_AES_256_CCM_8,
629 TLS1_2_VERSION, TLS1_2_VERSION,
630 DTLS1_2_VERSION, DTLS1_2_VERSION,
631 SSL_NOT_DEFAULT | SSL_HIGH,
632 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
638 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
639 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
644 TLS1_2_VERSION, TLS1_2_VERSION,
645 DTLS1_2_VERSION, DTLS1_2_VERSION,
646 SSL_NOT_DEFAULT | SSL_HIGH,
647 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
653 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
654 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
659 TLS1_2_VERSION, TLS1_2_VERSION,
660 DTLS1_2_VERSION, DTLS1_2_VERSION,
661 SSL_NOT_DEFAULT | SSL_HIGH,
662 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
668 TLS1_TXT_PSK_WITH_AES_128_CCM,
669 TLS1_CK_PSK_WITH_AES_128_CCM,
674 TLS1_2_VERSION, TLS1_2_VERSION,
675 DTLS1_2_VERSION, DTLS1_2_VERSION,
676 SSL_NOT_DEFAULT | SSL_HIGH,
677 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
683 TLS1_TXT_PSK_WITH_AES_256_CCM,
684 TLS1_CK_PSK_WITH_AES_256_CCM,
689 TLS1_2_VERSION, TLS1_2_VERSION,
690 DTLS1_2_VERSION, DTLS1_2_VERSION,
691 SSL_NOT_DEFAULT | SSL_HIGH,
692 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
699 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_2_VERSION, TLS1_2_VERSION,
705 DTLS1_2_VERSION, DTLS1_2_VERSION,
706 SSL_NOT_DEFAULT | SSL_HIGH,
707 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
713 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
714 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
719 TLS1_2_VERSION, TLS1_2_VERSION,
720 DTLS1_2_VERSION, DTLS1_2_VERSION,
721 SSL_NOT_DEFAULT | SSL_HIGH,
722 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
728 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
729 TLS1_CK_PSK_WITH_AES_128_CCM_8,
734 TLS1_2_VERSION, TLS1_2_VERSION,
735 DTLS1_2_VERSION, DTLS1_2_VERSION,
736 SSL_NOT_DEFAULT | SSL_HIGH,
737 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
744 TLS1_CK_PSK_WITH_AES_256_CCM_8,
749 TLS1_2_VERSION, TLS1_2_VERSION,
750 DTLS1_2_VERSION, DTLS1_2_VERSION,
751 SSL_NOT_DEFAULT | SSL_HIGH,
752 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
758 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
759 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
764 TLS1_2_VERSION, TLS1_2_VERSION,
765 DTLS1_2_VERSION, DTLS1_2_VERSION,
766 SSL_NOT_DEFAULT | SSL_HIGH,
767 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
774 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
779 TLS1_2_VERSION, TLS1_2_VERSION,
780 DTLS1_2_VERSION, DTLS1_2_VERSION,
781 SSL_NOT_DEFAULT | SSL_HIGH,
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
788 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
789 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
794 TLS1_2_VERSION, TLS1_2_VERSION,
795 DTLS1_2_VERSION, DTLS1_2_VERSION,
796 SSL_NOT_DEFAULT | SSL_HIGH,
797 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
803 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
804 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
809 TLS1_2_VERSION, TLS1_2_VERSION,
810 DTLS1_2_VERSION, DTLS1_2_VERSION,
811 SSL_NOT_DEFAULT | SSL_HIGH,
812 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
818 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
819 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
824 TLS1_2_VERSION, TLS1_2_VERSION,
825 DTLS1_2_VERSION, DTLS1_2_VERSION,
826 SSL_NOT_DEFAULT | SSL_HIGH,
827 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
833 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
834 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
839 TLS1_2_VERSION, TLS1_2_VERSION,
840 DTLS1_2_VERSION, DTLS1_2_VERSION,
841 SSL_NOT_DEFAULT | SSL_HIGH,
842 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
848 TLS1_3_TXT_AES_128_GCM_SHA256,
849 TLS1_3_CK_AES_128_GCM_SHA256,
853 TLS1_3_VERSION, TLS1_3_VERSION,
857 SSL_HANDSHAKE_MAC_SHA256,
863 TLS1_3_TXT_AES_256_GCM_SHA384,
864 TLS1_3_CK_AES_256_GCM_SHA384,
869 TLS1_3_VERSION, TLS1_3_VERSION,
872 SSL_HANDSHAKE_MAC_SHA384,
876 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
879 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
880 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
883 SSL_CHACHA20POLY1305,
885 TLS1_3_VERSION, TLS1_3_VERSION,
888 SSL_HANDSHAKE_MAC_SHA256,
895 TLS1_3_TXT_AES_128_CCM_SHA256,
896 TLS1_3_CK_AES_128_CCM_SHA256,
901 TLS1_3_VERSION, TLS1_3_VERSION,
903 SSL_NOT_DEFAULT | SSL_HIGH,
904 SSL_HANDSHAKE_MAC_SHA256,
910 TLS1_3_TXT_AES_128_CCM_8_SHA256,
911 TLS1_3_CK_AES_128_CCM_8_SHA256,
916 TLS1_3_VERSION, TLS1_3_VERSION,
918 SSL_NOT_DEFAULT | SSL_HIGH,
919 SSL_HANDSHAKE_MAC_SHA256,
924 #ifndef OPENSSL_NO_EC
927 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
928 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
933 TLS1_VERSION, TLS1_2_VERSION,
934 DTLS1_BAD_VER, DTLS1_2_VERSION,
935 SSL_STRONG_NONE | SSL_FIPS,
936 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
940 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
943 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
944 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
949 TLS1_VERSION, TLS1_2_VERSION,
950 DTLS1_BAD_VER, DTLS1_2_VERSION,
951 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
952 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
960 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
965 TLS1_VERSION, TLS1_2_VERSION,
966 DTLS1_BAD_VER, DTLS1_2_VERSION,
968 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
974 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
975 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
980 TLS1_VERSION, TLS1_2_VERSION,
981 DTLS1_BAD_VER, DTLS1_2_VERSION,
983 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
989 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
990 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
995 TLS1_VERSION, TLS1_2_VERSION,
996 DTLS1_BAD_VER, DTLS1_2_VERSION,
997 SSL_STRONG_NONE | SSL_FIPS,
998 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1002 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1006 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1011 TLS1_VERSION, TLS1_2_VERSION,
1012 DTLS1_BAD_VER, DTLS1_2_VERSION,
1013 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1014 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1021 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1022 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1027 TLS1_VERSION, TLS1_2_VERSION,
1028 DTLS1_BAD_VER, DTLS1_2_VERSION,
1029 SSL_HIGH | SSL_FIPS,
1030 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1036 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1037 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1042 TLS1_VERSION, TLS1_2_VERSION,
1043 DTLS1_BAD_VER, DTLS1_2_VERSION,
1044 SSL_HIGH | SSL_FIPS,
1045 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1051 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1052 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1057 TLS1_VERSION, TLS1_2_VERSION,
1058 DTLS1_BAD_VER, DTLS1_2_VERSION,
1059 SSL_STRONG_NONE | SSL_FIPS,
1060 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1064 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1067 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1068 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1073 TLS1_VERSION, TLS1_2_VERSION,
1074 DTLS1_BAD_VER, DTLS1_2_VERSION,
1075 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1076 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1083 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1084 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1089 TLS1_VERSION, TLS1_2_VERSION,
1090 DTLS1_BAD_VER, DTLS1_2_VERSION,
1091 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1092 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1098 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1099 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1104 TLS1_VERSION, TLS1_2_VERSION,
1105 DTLS1_BAD_VER, DTLS1_2_VERSION,
1106 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1107 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1113 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1114 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1119 TLS1_2_VERSION, TLS1_2_VERSION,
1120 DTLS1_2_VERSION, DTLS1_2_VERSION,
1121 SSL_HIGH | SSL_FIPS,
1122 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1128 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1129 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1134 TLS1_2_VERSION, TLS1_2_VERSION,
1135 DTLS1_2_VERSION, DTLS1_2_VERSION,
1136 SSL_HIGH | SSL_FIPS,
1137 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1143 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1144 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1149 TLS1_2_VERSION, TLS1_2_VERSION,
1150 DTLS1_2_VERSION, DTLS1_2_VERSION,
1151 SSL_HIGH | SSL_FIPS,
1152 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1158 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1159 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1164 TLS1_2_VERSION, TLS1_2_VERSION,
1165 DTLS1_2_VERSION, DTLS1_2_VERSION,
1166 SSL_HIGH | SSL_FIPS,
1167 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1173 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1174 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1179 TLS1_2_VERSION, TLS1_2_VERSION,
1180 DTLS1_2_VERSION, DTLS1_2_VERSION,
1181 SSL_HIGH | SSL_FIPS,
1182 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1188 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1189 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1194 TLS1_2_VERSION, TLS1_2_VERSION,
1195 DTLS1_2_VERSION, DTLS1_2_VERSION,
1196 SSL_HIGH | SSL_FIPS,
1197 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1203 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1204 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1209 TLS1_2_VERSION, TLS1_2_VERSION,
1210 DTLS1_2_VERSION, DTLS1_2_VERSION,
1211 SSL_HIGH | SSL_FIPS,
1212 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1218 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1219 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1224 TLS1_2_VERSION, TLS1_2_VERSION,
1225 DTLS1_2_VERSION, DTLS1_2_VERSION,
1226 SSL_HIGH | SSL_FIPS,
1227 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1231 #endif /* OPENSSL_NO_EC */
1233 #ifndef OPENSSL_NO_PSK
1236 TLS1_TXT_PSK_WITH_NULL_SHA,
1237 TLS1_CK_PSK_WITH_NULL_SHA,
1242 SSL3_VERSION, TLS1_2_VERSION,
1243 DTLS1_BAD_VER, DTLS1_2_VERSION,
1244 SSL_STRONG_NONE | SSL_FIPS,
1245 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1251 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1252 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1257 SSL3_VERSION, TLS1_2_VERSION,
1258 DTLS1_BAD_VER, DTLS1_2_VERSION,
1259 SSL_STRONG_NONE | SSL_FIPS,
1260 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1266 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1267 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1272 SSL3_VERSION, TLS1_2_VERSION,
1273 DTLS1_BAD_VER, DTLS1_2_VERSION,
1274 SSL_STRONG_NONE | SSL_FIPS,
1275 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1279 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1282 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1283 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1288 SSL3_VERSION, TLS1_2_VERSION,
1289 DTLS1_BAD_VER, DTLS1_2_VERSION,
1290 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1291 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1298 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1299 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1304 SSL3_VERSION, TLS1_2_VERSION,
1305 DTLS1_BAD_VER, DTLS1_2_VERSION,
1306 SSL_HIGH | SSL_FIPS,
1307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1313 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1314 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1319 SSL3_VERSION, TLS1_2_VERSION,
1320 DTLS1_BAD_VER, DTLS1_2_VERSION,
1321 SSL_HIGH | SSL_FIPS,
1322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1326 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1329 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1330 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1335 SSL3_VERSION, TLS1_2_VERSION,
1336 DTLS1_BAD_VER, DTLS1_2_VERSION,
1337 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1345 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1346 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1351 SSL3_VERSION, TLS1_2_VERSION,
1352 DTLS1_BAD_VER, DTLS1_2_VERSION,
1353 SSL_HIGH | SSL_FIPS,
1354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1360 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1361 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1366 SSL3_VERSION, TLS1_2_VERSION,
1367 DTLS1_BAD_VER, DTLS1_2_VERSION,
1368 SSL_HIGH | SSL_FIPS,
1369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1373 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1376 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1382 SSL3_VERSION, TLS1_2_VERSION,
1383 DTLS1_BAD_VER, DTLS1_2_VERSION,
1384 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1392 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1398 SSL3_VERSION, TLS1_2_VERSION,
1399 DTLS1_BAD_VER, DTLS1_2_VERSION,
1400 SSL_HIGH | SSL_FIPS,
1401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1407 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1413 SSL3_VERSION, TLS1_2_VERSION,
1414 DTLS1_BAD_VER, DTLS1_2_VERSION,
1415 SSL_HIGH | SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1422 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1423 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1428 TLS1_2_VERSION, TLS1_2_VERSION,
1429 DTLS1_2_VERSION, DTLS1_2_VERSION,
1430 SSL_HIGH | SSL_FIPS,
1431 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1437 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1438 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1443 TLS1_2_VERSION, TLS1_2_VERSION,
1444 DTLS1_2_VERSION, DTLS1_2_VERSION,
1445 SSL_HIGH | SSL_FIPS,
1446 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1452 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1453 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1458 TLS1_2_VERSION, TLS1_2_VERSION,
1459 DTLS1_2_VERSION, DTLS1_2_VERSION,
1460 SSL_HIGH | SSL_FIPS,
1461 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1467 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1468 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1473 TLS1_2_VERSION, TLS1_2_VERSION,
1474 DTLS1_2_VERSION, DTLS1_2_VERSION,
1475 SSL_HIGH | SSL_FIPS,
1476 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1482 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1483 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1488 TLS1_2_VERSION, TLS1_2_VERSION,
1489 DTLS1_2_VERSION, DTLS1_2_VERSION,
1490 SSL_HIGH | SSL_FIPS,
1491 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1497 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1498 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1503 TLS1_2_VERSION, TLS1_2_VERSION,
1504 DTLS1_2_VERSION, DTLS1_2_VERSION,
1505 SSL_HIGH | SSL_FIPS,
1506 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1512 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1513 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1518 TLS1_VERSION, TLS1_2_VERSION,
1519 DTLS1_BAD_VER, DTLS1_2_VERSION,
1520 SSL_HIGH | SSL_FIPS,
1521 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1527 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1528 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1533 TLS1_VERSION, TLS1_2_VERSION,
1534 DTLS1_BAD_VER, DTLS1_2_VERSION,
1535 SSL_HIGH | SSL_FIPS,
1536 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1542 TLS1_TXT_PSK_WITH_NULL_SHA256,
1543 TLS1_CK_PSK_WITH_NULL_SHA256,
1548 TLS1_VERSION, TLS1_2_VERSION,
1549 DTLS1_BAD_VER, DTLS1_2_VERSION,
1550 SSL_STRONG_NONE | SSL_FIPS,
1551 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1557 TLS1_TXT_PSK_WITH_NULL_SHA384,
1558 TLS1_CK_PSK_WITH_NULL_SHA384,
1563 TLS1_VERSION, TLS1_2_VERSION,
1564 DTLS1_BAD_VER, DTLS1_2_VERSION,
1565 SSL_STRONG_NONE | SSL_FIPS,
1566 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1572 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1573 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1578 TLS1_VERSION, TLS1_2_VERSION,
1579 DTLS1_BAD_VER, DTLS1_2_VERSION,
1580 SSL_HIGH | SSL_FIPS,
1581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1587 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1593 TLS1_VERSION, TLS1_2_VERSION,
1594 DTLS1_BAD_VER, DTLS1_2_VERSION,
1595 SSL_HIGH | SSL_FIPS,
1596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1602 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1603 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1608 TLS1_VERSION, TLS1_2_VERSION,
1609 DTLS1_BAD_VER, DTLS1_2_VERSION,
1610 SSL_STRONG_NONE | SSL_FIPS,
1611 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1617 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1618 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1623 TLS1_VERSION, TLS1_2_VERSION,
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,
1625 SSL_STRONG_NONE | SSL_FIPS,
1626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1632 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1633 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1638 TLS1_VERSION, TLS1_2_VERSION,
1639 DTLS1_BAD_VER, DTLS1_2_VERSION,
1640 SSL_HIGH | SSL_FIPS,
1641 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1647 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1648 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1653 TLS1_VERSION, TLS1_2_VERSION,
1654 DTLS1_BAD_VER, DTLS1_2_VERSION,
1655 SSL_HIGH | SSL_FIPS,
1656 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1662 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1663 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1668 TLS1_VERSION, TLS1_2_VERSION,
1669 DTLS1_BAD_VER, DTLS1_2_VERSION,
1670 SSL_STRONG_NONE | SSL_FIPS,
1671 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1677 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1678 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1683 TLS1_VERSION, TLS1_2_VERSION,
1684 DTLS1_BAD_VER, DTLS1_2_VERSION,
1685 SSL_STRONG_NONE | SSL_FIPS,
1686 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1690 # ifndef OPENSSL_NO_EC
1691 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1694 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1695 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1700 TLS1_VERSION, TLS1_2_VERSION,
1701 DTLS1_BAD_VER, DTLS1_2_VERSION,
1702 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1710 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1711 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1716 TLS1_VERSION, TLS1_2_VERSION,
1717 DTLS1_BAD_VER, DTLS1_2_VERSION,
1718 SSL_HIGH | SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1725 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1726 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1731 TLS1_VERSION, TLS1_2_VERSION,
1732 DTLS1_BAD_VER, DTLS1_2_VERSION,
1733 SSL_HIGH | SSL_FIPS,
1734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1740 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1741 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1746 TLS1_VERSION, TLS1_2_VERSION,
1747 DTLS1_BAD_VER, DTLS1_2_VERSION,
1748 SSL_HIGH | SSL_FIPS,
1749 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1755 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1756 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1761 TLS1_VERSION, TLS1_2_VERSION,
1762 DTLS1_BAD_VER, DTLS1_2_VERSION,
1763 SSL_HIGH | SSL_FIPS,
1764 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1770 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1771 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1776 TLS1_VERSION, TLS1_2_VERSION,
1777 DTLS1_BAD_VER, DTLS1_2_VERSION,
1778 SSL_STRONG_NONE | SSL_FIPS,
1779 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1785 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1786 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1791 TLS1_VERSION, TLS1_2_VERSION,
1792 DTLS1_BAD_VER, DTLS1_2_VERSION,
1793 SSL_STRONG_NONE | SSL_FIPS,
1794 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1800 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1801 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1806 TLS1_VERSION, TLS1_2_VERSION,
1807 DTLS1_BAD_VER, DTLS1_2_VERSION,
1808 SSL_STRONG_NONE | SSL_FIPS,
1809 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1813 # endif /* OPENSSL_NO_EC */
1814 #endif /* OPENSSL_NO_PSK */
1816 #ifndef OPENSSL_NO_SRP
1817 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1820 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1821 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1826 SSL3_VERSION, TLS1_2_VERSION,
1827 DTLS1_BAD_VER, DTLS1_2_VERSION,
1828 SSL_NOT_DEFAULT | SSL_MEDIUM,
1829 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1835 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1836 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1841 SSL3_VERSION, TLS1_2_VERSION,
1842 DTLS1_BAD_VER, DTLS1_2_VERSION,
1843 SSL_NOT_DEFAULT | SSL_MEDIUM,
1844 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1850 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1851 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1856 SSL3_VERSION, TLS1_2_VERSION,
1857 DTLS1_BAD_VER, DTLS1_2_VERSION,
1858 SSL_NOT_DEFAULT | SSL_MEDIUM,
1859 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1866 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1867 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1872 SSL3_VERSION, TLS1_2_VERSION,
1873 DTLS1_BAD_VER, DTLS1_2_VERSION,
1875 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1881 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1882 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1887 SSL3_VERSION, TLS1_2_VERSION,
1888 DTLS1_BAD_VER, DTLS1_2_VERSION,
1890 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1896 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1897 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1902 SSL3_VERSION, TLS1_2_VERSION,
1903 DTLS1_BAD_VER, DTLS1_2_VERSION,
1904 SSL_NOT_DEFAULT | SSL_HIGH,
1905 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1911 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1912 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1917 SSL3_VERSION, TLS1_2_VERSION,
1918 DTLS1_BAD_VER, DTLS1_2_VERSION,
1920 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1926 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1927 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1932 SSL3_VERSION, TLS1_2_VERSION,
1933 DTLS1_BAD_VER, DTLS1_2_VERSION,
1935 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1942 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1947 SSL3_VERSION, TLS1_2_VERSION,
1948 DTLS1_BAD_VER, DTLS1_2_VERSION,
1949 SSL_NOT_DEFAULT | SSL_HIGH,
1950 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1954 #endif /* OPENSSL_NO_SRP */
1956 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1957 # ifndef OPENSSL_NO_RSA
1960 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1961 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1964 SSL_CHACHA20POLY1305,
1966 TLS1_2_VERSION, TLS1_2_VERSION,
1967 DTLS1_2_VERSION, DTLS1_2_VERSION,
1969 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1973 # endif /* OPENSSL_NO_RSA */
1975 # ifndef OPENSSL_NO_EC
1978 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1979 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1982 SSL_CHACHA20POLY1305,
1984 TLS1_2_VERSION, TLS1_2_VERSION,
1985 DTLS1_2_VERSION, DTLS1_2_VERSION,
1987 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1993 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1994 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1997 SSL_CHACHA20POLY1305,
1999 TLS1_2_VERSION, TLS1_2_VERSION,
2000 DTLS1_2_VERSION, DTLS1_2_VERSION,
2002 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2006 # endif /* OPENSSL_NO_EC */
2008 # ifndef OPENSSL_NO_PSK
2011 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2012 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2015 SSL_CHACHA20POLY1305,
2017 TLS1_2_VERSION, TLS1_2_VERSION,
2018 DTLS1_2_VERSION, DTLS1_2_VERSION,
2020 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2026 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2027 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2030 SSL_CHACHA20POLY1305,
2032 TLS1_2_VERSION, TLS1_2_VERSION,
2033 DTLS1_2_VERSION, DTLS1_2_VERSION,
2035 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2041 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2042 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2045 SSL_CHACHA20POLY1305,
2047 TLS1_2_VERSION, TLS1_2_VERSION,
2048 DTLS1_2_VERSION, DTLS1_2_VERSION,
2050 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2056 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2057 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2060 SSL_CHACHA20POLY1305,
2062 TLS1_2_VERSION, TLS1_2_VERSION,
2063 DTLS1_2_VERSION, DTLS1_2_VERSION,
2065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2069 # endif /* OPENSSL_NO_PSK */
2070 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2071 * !defined(OPENSSL_NO_POLY1305) */
2073 #ifndef OPENSSL_NO_CAMELLIA
2076 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2077 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2082 TLS1_2_VERSION, TLS1_2_VERSION,
2083 DTLS1_2_VERSION, DTLS1_2_VERSION,
2084 SSL_NOT_DEFAULT | SSL_HIGH,
2085 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2091 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2092 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2097 TLS1_2_VERSION, TLS1_2_VERSION,
2098 DTLS1_2_VERSION, DTLS1_2_VERSION,
2099 SSL_NOT_DEFAULT | SSL_HIGH,
2100 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2106 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2107 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2112 TLS1_2_VERSION, TLS1_2_VERSION,
2113 DTLS1_2_VERSION, DTLS1_2_VERSION,
2114 SSL_NOT_DEFAULT | SSL_HIGH,
2115 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2121 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2122 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2127 TLS1_2_VERSION, TLS1_2_VERSION,
2128 DTLS1_2_VERSION, DTLS1_2_VERSION,
2129 SSL_NOT_DEFAULT | SSL_HIGH,
2130 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2137 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2142 TLS1_2_VERSION, TLS1_2_VERSION,
2143 DTLS1_2_VERSION, DTLS1_2_VERSION,
2144 SSL_NOT_DEFAULT | SSL_HIGH,
2145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2151 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2152 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2157 TLS1_2_VERSION, TLS1_2_VERSION,
2158 DTLS1_2_VERSION, DTLS1_2_VERSION,
2159 SSL_NOT_DEFAULT | SSL_HIGH,
2160 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2166 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2167 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2172 TLS1_2_VERSION, TLS1_2_VERSION,
2173 DTLS1_2_VERSION, DTLS1_2_VERSION,
2174 SSL_NOT_DEFAULT | SSL_HIGH,
2175 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2181 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2182 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2187 TLS1_2_VERSION, TLS1_2_VERSION,
2188 DTLS1_2_VERSION, DTLS1_2_VERSION,
2189 SSL_NOT_DEFAULT | SSL_HIGH,
2190 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2196 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2197 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2202 SSL3_VERSION, TLS1_2_VERSION,
2203 DTLS1_BAD_VER, DTLS1_2_VERSION,
2204 SSL_NOT_DEFAULT | SSL_HIGH,
2205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2211 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2212 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2217 SSL3_VERSION, TLS1_2_VERSION,
2218 DTLS1_BAD_VER, DTLS1_2_VERSION,
2219 SSL_NOT_DEFAULT | SSL_HIGH,
2220 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2226 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2227 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2232 SSL3_VERSION, TLS1_2_VERSION,
2233 DTLS1_BAD_VER, DTLS1_2_VERSION,
2234 SSL_NOT_DEFAULT | SSL_HIGH,
2235 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2241 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2242 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2247 SSL3_VERSION, TLS1_2_VERSION,
2248 DTLS1_BAD_VER, DTLS1_2_VERSION,
2249 SSL_NOT_DEFAULT | SSL_HIGH,
2250 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2256 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2257 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2262 SSL3_VERSION, TLS1_2_VERSION,
2263 DTLS1_BAD_VER, DTLS1_2_VERSION,
2264 SSL_NOT_DEFAULT | SSL_HIGH,
2265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2271 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2272 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2277 SSL3_VERSION, TLS1_2_VERSION,
2278 DTLS1_BAD_VER, DTLS1_2_VERSION,
2279 SSL_NOT_DEFAULT | SSL_HIGH,
2280 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2286 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2287 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2292 SSL3_VERSION, TLS1_2_VERSION,
2293 DTLS1_BAD_VER, DTLS1_2_VERSION,
2294 SSL_NOT_DEFAULT | SSL_HIGH,
2295 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2301 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2302 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2307 SSL3_VERSION, TLS1_2_VERSION,
2308 DTLS1_BAD_VER, DTLS1_2_VERSION,
2309 SSL_NOT_DEFAULT | SSL_HIGH,
2310 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2315 # ifndef OPENSSL_NO_EC
2318 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2319 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2324 TLS1_2_VERSION, TLS1_2_VERSION,
2325 DTLS1_2_VERSION, DTLS1_2_VERSION,
2326 SSL_NOT_DEFAULT | SSL_HIGH,
2327 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2333 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2334 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2339 TLS1_2_VERSION, TLS1_2_VERSION,
2340 DTLS1_2_VERSION, DTLS1_2_VERSION,
2341 SSL_NOT_DEFAULT | SSL_HIGH,
2342 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2348 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2349 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2354 TLS1_2_VERSION, TLS1_2_VERSION,
2355 DTLS1_2_VERSION, DTLS1_2_VERSION,
2356 SSL_NOT_DEFAULT | SSL_HIGH,
2357 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2363 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2364 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2369 TLS1_2_VERSION, TLS1_2_VERSION,
2370 DTLS1_2_VERSION, DTLS1_2_VERSION,
2371 SSL_NOT_DEFAULT | SSL_HIGH,
2372 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2376 # endif /* OPENSSL_NO_EC */
2378 # ifndef OPENSSL_NO_PSK
2381 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2382 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2387 TLS1_VERSION, TLS1_2_VERSION,
2388 DTLS1_BAD_VER, DTLS1_2_VERSION,
2389 SSL_NOT_DEFAULT | SSL_HIGH,
2390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2396 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2397 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2402 TLS1_VERSION, TLS1_2_VERSION,
2403 DTLS1_BAD_VER, DTLS1_2_VERSION,
2404 SSL_NOT_DEFAULT | SSL_HIGH,
2405 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2411 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2412 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2417 TLS1_VERSION, TLS1_2_VERSION,
2418 DTLS1_BAD_VER, DTLS1_2_VERSION,
2419 SSL_NOT_DEFAULT | SSL_HIGH,
2420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2426 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2427 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2432 TLS1_VERSION, TLS1_2_VERSION,
2433 DTLS1_BAD_VER, DTLS1_2_VERSION,
2434 SSL_NOT_DEFAULT | SSL_HIGH,
2435 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2441 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2442 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2447 TLS1_VERSION, TLS1_2_VERSION,
2448 DTLS1_BAD_VER, DTLS1_2_VERSION,
2449 SSL_NOT_DEFAULT | SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2456 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2457 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2462 TLS1_VERSION, TLS1_2_VERSION,
2463 DTLS1_BAD_VER, DTLS1_2_VERSION,
2464 SSL_NOT_DEFAULT | SSL_HIGH,
2465 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2471 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2472 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477 TLS1_VERSION, TLS1_2_VERSION,
2478 DTLS1_BAD_VER, DTLS1_2_VERSION,
2479 SSL_NOT_DEFAULT | SSL_HIGH,
2480 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2486 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2487 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2492 TLS1_VERSION, TLS1_2_VERSION,
2493 DTLS1_BAD_VER, DTLS1_2_VERSION,
2494 SSL_NOT_DEFAULT | SSL_HIGH,
2495 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2499 # endif /* OPENSSL_NO_PSK */
2501 #endif /* OPENSSL_NO_CAMELLIA */
2503 #ifndef OPENSSL_NO_GOST
2506 "GOST2001-GOST89-GOST89",
2510 SSL_eGOST2814789CNT,
2512 TLS1_VERSION, TLS1_2_VERSION,
2515 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2521 "GOST2001-NULL-GOST94",
2527 TLS1_VERSION, TLS1_2_VERSION,
2530 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2536 "GOST2012-GOST8912-GOST8912",
2539 SSL_aGOST12 | SSL_aGOST01,
2540 SSL_eGOST2814789CNT12,
2542 TLS1_VERSION, TLS1_2_VERSION,
2545 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2551 "GOST2012-NULL-GOST12",
2554 SSL_aGOST12 | SSL_aGOST01,
2557 TLS1_VERSION, TLS1_2_VERSION,
2560 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2564 #endif /* OPENSSL_NO_GOST */
2566 #ifndef OPENSSL_NO_IDEA
2569 SSL3_TXT_RSA_IDEA_128_SHA,
2570 SSL3_CK_RSA_IDEA_128_SHA,
2575 SSL3_VERSION, TLS1_1_VERSION,
2576 DTLS1_BAD_VER, DTLS1_VERSION,
2577 SSL_NOT_DEFAULT | SSL_MEDIUM,
2578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2584 #ifndef OPENSSL_NO_SEED
2587 TLS1_TXT_RSA_WITH_SEED_SHA,
2588 TLS1_CK_RSA_WITH_SEED_SHA,
2593 SSL3_VERSION, TLS1_2_VERSION,
2594 DTLS1_BAD_VER, DTLS1_2_VERSION,
2595 SSL_NOT_DEFAULT | SSL_MEDIUM,
2596 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2603 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2608 SSL3_VERSION, TLS1_2_VERSION,
2609 DTLS1_BAD_VER, DTLS1_2_VERSION,
2610 SSL_NOT_DEFAULT | SSL_MEDIUM,
2611 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2617 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2618 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2623 SSL3_VERSION, TLS1_2_VERSION,
2624 DTLS1_BAD_VER, DTLS1_2_VERSION,
2625 SSL_NOT_DEFAULT | SSL_MEDIUM,
2626 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2632 TLS1_TXT_ADH_WITH_SEED_SHA,
2633 TLS1_CK_ADH_WITH_SEED_SHA,
2638 SSL3_VERSION, TLS1_2_VERSION,
2639 DTLS1_BAD_VER, DTLS1_2_VERSION,
2640 SSL_NOT_DEFAULT | SSL_MEDIUM,
2641 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2645 #endif /* OPENSSL_NO_SEED */
2647 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2650 SSL3_TXT_RSA_RC4_128_MD5,
2651 SSL3_CK_RSA_RC4_128_MD5,
2656 SSL3_VERSION, TLS1_2_VERSION,
2658 SSL_NOT_DEFAULT | SSL_MEDIUM,
2659 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2665 SSL3_TXT_RSA_RC4_128_SHA,
2666 SSL3_CK_RSA_RC4_128_SHA,
2671 SSL3_VERSION, TLS1_2_VERSION,
2673 SSL_NOT_DEFAULT | SSL_MEDIUM,
2674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2680 SSL3_TXT_ADH_RC4_128_MD5,
2681 SSL3_CK_ADH_RC4_128_MD5,
2686 SSL3_VERSION, TLS1_2_VERSION,
2688 SSL_NOT_DEFAULT | SSL_MEDIUM,
2689 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2694 # ifndef OPENSSL_NO_EC
2697 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2698 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2703 TLS1_VERSION, TLS1_2_VERSION,
2705 SSL_NOT_DEFAULT | SSL_MEDIUM,
2706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2712 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2713 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2718 TLS1_VERSION, TLS1_2_VERSION,
2720 SSL_NOT_DEFAULT | SSL_MEDIUM,
2721 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2727 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2728 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2733 TLS1_VERSION, TLS1_2_VERSION,
2735 SSL_NOT_DEFAULT | SSL_MEDIUM,
2736 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2742 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2743 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2748 TLS1_VERSION, TLS1_2_VERSION,
2750 SSL_NOT_DEFAULT | SSL_MEDIUM,
2751 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2755 # endif /* OPENSSL_NO_EC */
2757 # ifndef OPENSSL_NO_PSK
2760 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2761 TLS1_CK_PSK_WITH_RC4_128_SHA,
2766 SSL3_VERSION, TLS1_2_VERSION,
2768 SSL_NOT_DEFAULT | SSL_MEDIUM,
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2775 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2776 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2781 SSL3_VERSION, TLS1_2_VERSION,
2783 SSL_NOT_DEFAULT | SSL_MEDIUM,
2784 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2790 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2791 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2796 SSL3_VERSION, TLS1_2_VERSION,
2798 SSL_NOT_DEFAULT | SSL_MEDIUM,
2799 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2803 # endif /* OPENSSL_NO_PSK */
2805 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2810 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2811 * values stuffed into the ciphers field of the wire protocol for signalling
2814 static SSL_CIPHER ssl3_scsvs[] = {
2817 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2819 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2823 "TLS_FALLBACK_SCSV",
2824 SSL3_CK_FALLBACK_SCSV,
2825 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2829 static int cipher_compare(const void *a, const void *b)
2831 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2832 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2834 return ap->id - bp->id;
2837 void ssl_sort_cipher_list(void)
2839 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2841 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2844 const SSL3_ENC_METHOD SSLv3_enc_data = {
2847 ssl3_setup_key_block,
2848 ssl3_generate_master_secret,
2849 ssl3_change_cipher_state,
2850 ssl3_final_finish_mac,
2851 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2852 SSL3_MD_SERVER_FINISHED_CONST, 4,
2854 (int (*)(SSL *, unsigned char *, size_t, const char *,
2855 size_t, const unsigned char *, size_t,
2856 int use_context))ssl_undefined_function,
2858 ssl3_set_handshake_header,
2859 tls_close_construct_packet,
2860 ssl3_handshake_write
2863 long ssl3_default_timeout(void)
2866 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2867 * http, the cache would over fill
2869 return (60 * 60 * 2);
2872 int ssl3_num_ciphers(void)
2874 return (SSL3_NUM_CIPHERS);
2877 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2879 if (u < SSL3_NUM_CIPHERS)
2880 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2885 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2887 /* No header in the event of a CCS */
2888 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
2891 /* Set the content type and 3 bytes for the message len */
2892 if (!WPACKET_put_bytes_u8(pkt, htype)
2893 || !WPACKET_start_sub_packet_u24(pkt))
2899 int ssl3_handshake_write(SSL *s)
2901 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2904 int ssl3_new(SSL *s)
2908 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2912 #ifndef OPENSSL_NO_SRP
2913 if (!SSL_SRP_CTX_init(s))
2917 if (!s->method->ssl_clear(s))
2925 void ssl3_free(SSL *s)
2927 if (s == NULL || s->s3 == NULL)
2930 ssl3_cleanup_key_block(s);
2932 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2933 EVP_PKEY_free(s->s3->peer_tmp);
2934 s->s3->peer_tmp = NULL;
2935 EVP_PKEY_free(s->s3->tmp.pkey);
2936 s->s3->tmp.pkey = NULL;
2939 OPENSSL_free(s->s3->tmp.ctype);
2940 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2941 OPENSSL_free(s->s3->tmp.ciphers_raw);
2942 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2943 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2944 ssl3_free_digest_list(s);
2945 OPENSSL_free(s->s3->alpn_selected);
2946 OPENSSL_free(s->s3->alpn_proposed);
2948 #ifndef OPENSSL_NO_SRP
2949 SSL_SRP_CTX_free(s);
2951 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2955 int ssl3_clear(SSL *s)
2957 ssl3_cleanup_key_block(s);
2958 OPENSSL_free(s->s3->tmp.ctype);
2959 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2960 OPENSSL_free(s->s3->tmp.ciphers_raw);
2961 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2962 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2964 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2965 EVP_PKEY_free(s->s3->tmp.pkey);
2966 EVP_PKEY_free(s->s3->peer_tmp);
2967 #endif /* !OPENSSL_NO_EC */
2969 ssl3_free_digest_list(s);
2971 OPENSSL_free(s->s3->alpn_selected);
2972 OPENSSL_free(s->s3->alpn_proposed);
2974 /* NULL/zero-out everything in the s3 struct */
2975 memset(s->s3, 0, sizeof(*s->s3));
2977 if (!ssl_free_wbio_buffer(s))
2980 s->version = SSL3_VERSION;
2982 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2983 OPENSSL_free(s->ext.npn);
2991 #ifndef OPENSSL_NO_SRP
2992 static char *srp_password_from_info_cb(SSL *s, void *arg)
2994 return OPENSSL_strdup(s->srp_ctx.info);
2998 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3000 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3005 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3007 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3008 ret = s->s3->num_renegotiations;
3010 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3011 ret = s->s3->num_renegotiations;
3012 s->s3->num_renegotiations = 0;
3014 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3015 ret = s->s3->total_renegotiations;
3017 case SSL_CTRL_GET_FLAGS:
3018 ret = (int)(s->s3->flags);
3020 #ifndef OPENSSL_NO_DH
3021 case SSL_CTRL_SET_TMP_DH:
3023 DH *dh = (DH *)parg;
3024 EVP_PKEY *pkdh = NULL;
3026 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3029 pkdh = ssl_dh_to_pkey(dh);
3031 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3034 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3035 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3036 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3037 EVP_PKEY_free(pkdh);
3040 EVP_PKEY_free(s->cert->dh_tmp);
3041 s->cert->dh_tmp = pkdh;
3045 case SSL_CTRL_SET_TMP_DH_CB:
3047 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3050 case SSL_CTRL_SET_DH_AUTO:
3051 s->cert->dh_tmp_auto = larg;
3054 #ifndef OPENSSL_NO_EC
3055 case SSL_CTRL_SET_TMP_ECDH:
3057 const EC_GROUP *group = NULL;
3061 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3064 group = EC_KEY_get0_group((const EC_KEY *)parg);
3065 if (group == NULL) {
3066 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3069 nid = EC_GROUP_get_curve_name(group);
3070 if (nid == NID_undef)
3072 return tls1_set_groups(&s->ext.supportedgroups,
3073 &s->ext.supportedgroups_len,
3077 #endif /* !OPENSSL_NO_EC */
3078 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3079 if (larg == TLSEXT_NAMETYPE_host_name) {
3082 OPENSSL_free(s->ext.hostname);
3083 s->ext.hostname = NULL;
3088 len = strlen((char *)parg);
3089 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3090 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3093 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3094 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3098 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3102 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3103 s->ext.debug_arg = parg;
3107 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3108 ret = s->ext.status_type;
3111 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3112 s->ext.status_type = larg;
3116 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3117 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3121 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3122 s->ext.ocsp.exts = parg;
3126 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3127 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3131 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3132 s->ext.ocsp.ids = parg;
3136 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3137 *(unsigned char **)parg = s->ext.ocsp.resp;
3138 if (s->ext.ocsp.resp_len == 0
3139 || s->ext.ocsp.resp_len > LONG_MAX)
3141 return (long)s->ext.ocsp.resp_len;
3143 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3144 OPENSSL_free(s->ext.ocsp.resp);
3145 s->ext.ocsp.resp = parg;
3146 s->ext.ocsp.resp_len = larg;
3150 #ifndef OPENSSL_NO_HEARTBEATS
3151 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3152 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3153 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3157 case SSL_CTRL_CHAIN:
3159 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3161 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3163 case SSL_CTRL_CHAIN_CERT:
3165 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3167 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3169 case SSL_CTRL_GET_CHAIN_CERTS:
3170 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3173 case SSL_CTRL_SELECT_CURRENT_CERT:
3174 return ssl_cert_select_current(s->cert, (X509 *)parg);
3176 case SSL_CTRL_SET_CURRENT_CERT:
3177 if (larg == SSL_CERT_SET_SERVER) {
3178 const SSL_CIPHER *cipher;
3181 cipher = s->s3->tmp.new_cipher;
3185 * No certificate for unauthenticated ciphersuites or using SRP
3188 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3190 if (s->s3->tmp.cert == NULL)
3192 s->cert->key = s->s3->tmp.cert;
3195 return ssl_cert_set_current(s->cert, larg);
3197 #ifndef OPENSSL_NO_EC
3198 case SSL_CTRL_GET_GROUPS:
3200 unsigned char *clist;
3205 clist = s->session->ext.supportedgroups;
3206 clistlen = s->session->ext.supportedgroups_len / 2;
3210 unsigned int cid, nid;
3211 for (i = 0; i < clistlen; i++) {
3213 /* TODO(TLS1.3): Handle DH groups here */
3214 nid = tls1_ec_curve_id2nid(cid, NULL);
3218 cptr[i] = TLSEXT_nid_unknown | cid;
3221 return (int)clistlen;
3224 case SSL_CTRL_SET_GROUPS:
3225 return tls1_set_groups(&s->ext.supportedgroups,
3226 &s->ext.supportedgroups_len, parg, larg);
3228 case SSL_CTRL_SET_GROUPS_LIST:
3229 return tls1_set_groups_list(&s->ext.supportedgroups,
3230 &s->ext.supportedgroups_len, parg);
3232 case SSL_CTRL_GET_SHARED_GROUP:
3233 return tls1_shared_group(s, larg);
3236 case SSL_CTRL_SET_SIGALGS:
3237 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3239 case SSL_CTRL_SET_SIGALGS_LIST:
3240 return tls1_set_sigalgs_list(s->cert, parg, 0);
3242 case SSL_CTRL_SET_CLIENT_SIGALGS:
3243 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3245 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3246 return tls1_set_sigalgs_list(s->cert, parg, 1);
3248 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3250 const unsigned char **pctype = parg;
3251 if (s->server || !s->s3->tmp.cert_req)
3254 *pctype = s->s3->tmp.ctype;
3255 return s->s3->tmp.ctype_len;
3258 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3261 return ssl3_set_req_cert_type(s->cert, parg, larg);
3263 case SSL_CTRL_BUILD_CERT_CHAIN:
3264 return ssl_build_cert_chain(s, NULL, larg);
3266 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3267 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3269 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3270 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3272 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3273 if (s->s3->tmp.peer_sigalg == NULL)
3275 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3278 case SSL_CTRL_GET_SERVER_TMP_KEY:
3279 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3280 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3283 EVP_PKEY_up_ref(s->s3->peer_tmp);
3284 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3290 #ifndef OPENSSL_NO_EC
3291 case SSL_CTRL_GET_EC_POINT_FORMATS:
3293 SSL_SESSION *sess = s->session;
3294 const unsigned char **pformat = parg;
3296 if (sess == NULL || sess->ext.ecpointformats == NULL)
3298 *pformat = sess->ext.ecpointformats;
3299 return (int)sess->ext.ecpointformats_len;
3309 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3314 #ifndef OPENSSL_NO_DH
3315 case SSL_CTRL_SET_TMP_DH_CB:
3317 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3321 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3322 s->ext.debug_cb = (void (*)(SSL *, int, int,
3323 const unsigned char *, int, void *))fp;
3326 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3328 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3337 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3340 #ifndef OPENSSL_NO_DH
3341 case SSL_CTRL_SET_TMP_DH:
3343 DH *dh = (DH *)parg;
3344 EVP_PKEY *pkdh = NULL;
3346 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3349 pkdh = ssl_dh_to_pkey(dh);
3351 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3354 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3355 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3356 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3357 EVP_PKEY_free(pkdh);
3360 EVP_PKEY_free(ctx->cert->dh_tmp);
3361 ctx->cert->dh_tmp = pkdh;
3364 case SSL_CTRL_SET_TMP_DH_CB:
3366 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3369 case SSL_CTRL_SET_DH_AUTO:
3370 ctx->cert->dh_tmp_auto = larg;
3373 #ifndef OPENSSL_NO_EC
3374 case SSL_CTRL_SET_TMP_ECDH:
3376 const EC_GROUP *group = NULL;
3380 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3383 group = EC_KEY_get0_group((const EC_KEY *)parg);
3384 if (group == NULL) {
3385 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3388 nid = EC_GROUP_get_curve_name(group);
3389 if (nid == NID_undef)
3391 return tls1_set_groups(&ctx->ext.supportedgroups,
3392 &ctx->ext.supportedgroups_len,
3395 #endif /* !OPENSSL_NO_EC */
3396 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3397 ctx->ext.servername_arg = parg;
3399 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3400 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3402 unsigned char *keys = parg;
3403 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3404 sizeof(ctx->ext.tick_hmac_key) +
3405 sizeof(ctx->ext.tick_aes_key));
3408 if (larg != tick_keylen) {
3409 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3412 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3413 memcpy(ctx->ext.tick_key_name, keys,
3414 sizeof(ctx->ext.tick_key_name));
3415 memcpy(ctx->ext.tick_hmac_key,
3416 keys + sizeof(ctx->ext.tick_key_name),
3417 sizeof(ctx->ext.tick_hmac_key));
3418 memcpy(ctx->ext.tick_aes_key,
3419 keys + sizeof(ctx->ext.tick_key_name) +
3420 sizeof(ctx->ext.tick_hmac_key),
3421 sizeof(ctx->ext.tick_aes_key));
3423 memcpy(keys, ctx->ext.tick_key_name,
3424 sizeof(ctx->ext.tick_key_name));
3425 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3426 ctx->ext.tick_hmac_key,
3427 sizeof(ctx->ext.tick_hmac_key));
3428 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3429 sizeof(ctx->ext.tick_hmac_key),
3430 ctx->ext.tick_aes_key,
3431 sizeof(ctx->ext.tick_aes_key));
3436 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3437 return ctx->ext.status_type;
3439 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3440 ctx->ext.status_type = larg;
3443 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3444 ctx->ext.status_arg = parg;
3447 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3448 *(void**)parg = ctx->ext.status_arg;
3451 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3452 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3455 #ifndef OPENSSL_NO_SRP
3456 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3457 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3458 OPENSSL_free(ctx->srp_ctx.login);
3459 ctx->srp_ctx.login = NULL;
3462 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3463 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3466 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3467 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3471 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3472 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3473 srp_password_from_info_cb;
3474 if (ctx->srp_ctx.info != NULL)
3475 OPENSSL_free(ctx->srp_ctx.info);
3476 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3477 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3481 case SSL_CTRL_SET_SRP_ARG:
3482 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3483 ctx->srp_ctx.SRP_cb_arg = parg;
3486 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3487 ctx->srp_ctx.strength = larg;
3491 #ifndef OPENSSL_NO_EC
3492 case SSL_CTRL_SET_GROUPS:
3493 return tls1_set_groups(&ctx->ext.supportedgroups,
3494 &ctx->ext.supportedgroups_len,
3497 case SSL_CTRL_SET_GROUPS_LIST:
3498 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3499 &ctx->ext.supportedgroups_len,
3502 case SSL_CTRL_SET_SIGALGS:
3503 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3505 case SSL_CTRL_SET_SIGALGS_LIST:
3506 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3508 case SSL_CTRL_SET_CLIENT_SIGALGS:
3509 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3511 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3512 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3514 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3515 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3517 case SSL_CTRL_BUILD_CERT_CHAIN:
3518 return ssl_build_cert_chain(NULL, ctx, larg);
3520 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3521 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3523 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3524 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3526 /* A Thawte special :-) */
3527 case SSL_CTRL_EXTRA_CHAIN_CERT:
3528 if (ctx->extra_certs == NULL) {
3529 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3530 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3534 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3535 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3540 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3541 if (ctx->extra_certs == NULL && larg == 0)
3542 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3544 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3547 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3548 sk_X509_pop_free(ctx->extra_certs, X509_free);
3549 ctx->extra_certs = NULL;
3552 case SSL_CTRL_CHAIN:
3554 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3556 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3558 case SSL_CTRL_CHAIN_CERT:
3560 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3562 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3564 case SSL_CTRL_GET_CHAIN_CERTS:
3565 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3568 case SSL_CTRL_SELECT_CURRENT_CERT:
3569 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3571 case SSL_CTRL_SET_CURRENT_CERT:
3572 return ssl_cert_set_current(ctx->cert, larg);
3580 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3583 #ifndef OPENSSL_NO_DH
3584 case SSL_CTRL_SET_TMP_DH_CB:
3586 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3590 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3591 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3594 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3595 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3598 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3599 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3602 HMAC_CTX *, int))fp;
3605 #ifndef OPENSSL_NO_SRP
3606 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3607 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3608 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3610 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3611 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3612 ctx->srp_ctx.TLS_ext_srp_username_callback =
3613 (int (*)(SSL *, int *, void *))fp;
3615 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3616 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3617 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3618 (char *(*)(SSL *, void *))fp;
3621 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3623 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3632 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3635 const SSL_CIPHER *cp;
3638 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3641 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3645 * This function needs to check if the ciphers required are actually
3648 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3650 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3651 | ((uint32_t)p[0] << 8L)
3655 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3657 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3662 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3670 * ssl3_choose_cipher - choose a cipher from those offered by the client
3671 * @s: SSL connection
3672 * @clnt: ciphers offered by the client
3673 * @srvr: ciphers enabled on the server?
3675 * Returns the selected cipher or NULL when no common ciphers.
3677 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3678 STACK_OF(SSL_CIPHER) *srvr)
3680 const SSL_CIPHER *c, *ret = NULL;
3681 STACK_OF(SSL_CIPHER) *prio, *allow;
3683 unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
3685 /* Let's see which ciphers we can support */
3688 * Do not set the compare functions, because this may lead to a
3689 * reordering by "id". We want to keep the original ordering. We may pay
3690 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3691 * pay with the price of sk_SSL_CIPHER_dup().
3695 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3697 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3698 c = sk_SSL_CIPHER_value(srvr, i);
3699 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3701 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3703 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3704 c = sk_SSL_CIPHER_value(clnt, i);
3705 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3709 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3717 tls1_set_cert_validity(s);
3720 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3721 c = sk_SSL_CIPHER_value(prio, i);
3723 /* Skip ciphers not supported by the protocol version */
3724 if (!SSL_IS_DTLS(s) &&
3725 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3727 if (SSL_IS_DTLS(s) &&
3728 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3729 DTLS_VERSION_GT(s->version, c->max_dtls)))
3732 if (SSL_IS_TLS13(s)) {
3734 * We must choose a ciphersuite that has a digest compatible with
3735 * the session, unless we're going to do an HRR in which case we
3736 * will just choose our most preferred ciphersuite regardless of
3737 * whether it is compatible with the session or not.
3740 && !s->hello_retry_request
3741 && ssl_md(c->algorithm2)
3742 != ssl_md(s->session->cipher->algorithm2))
3746 * These tests do not apply to TLS 1.3 ciphersuites because they can
3747 * be used with any auth or key exchange scheme.
3749 mask_k = s->s3->tmp.mask_k;
3750 mask_a = s->s3->tmp.mask_a;
3751 #ifndef OPENSSL_NO_SRP
3752 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3758 alg_k = c->algorithm_mkey;
3759 alg_a = c->algorithm_auth;
3761 #ifndef OPENSSL_NO_PSK
3762 /* with PSK there must be server callback set */
3763 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3765 #endif /* OPENSSL_NO_PSK */
3767 ok = (alg_k & mask_k) && (alg_a & mask_a);
3769 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3770 alg_a, mask_k, mask_a, (void *)c, c->name);
3773 #ifndef OPENSSL_NO_EC
3775 * if we are considering an ECC cipher suite that uses an ephemeral
3778 if (alg_k & SSL_kECDHE)
3779 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3780 #endif /* OPENSSL_NO_EC */
3785 ii = sk_SSL_CIPHER_find(allow, c);
3787 /* Check security callback permits this cipher */
3788 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3789 c->strength_bits, 0, (void *)c))
3791 #if !defined(OPENSSL_NO_EC)
3792 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3793 && s->s3->is_probably_safari) {
3795 ret = sk_SSL_CIPHER_value(allow, ii);
3799 ret = sk_SSL_CIPHER_value(allow, ii);
3806 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3808 uint32_t alg_k, alg_a = 0;
3810 /* If we have custom certificate types set, use them */
3812 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3813 /* Get mask of algorithms disabled by signature list */
3814 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3816 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3818 #ifndef OPENSSL_NO_GOST
3819 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3820 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3821 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3822 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3825 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3826 #ifndef OPENSSL_NO_DH
3827 # ifndef OPENSSL_NO_RSA
3828 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3831 # ifndef OPENSSL_NO_DSA
3832 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3835 #endif /* !OPENSSL_NO_DH */
3837 #ifndef OPENSSL_NO_RSA
3838 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
3841 #ifndef OPENSSL_NO_DSA
3842 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
3845 #ifndef OPENSSL_NO_EC
3847 * ECDSA certs can be used with RSA cipher suites too so we don't
3848 * need to check for SSL_kECDH or SSL_kECDHE
3850 if (s->version >= TLS1_VERSION
3851 && !(alg_a & SSL_aECDSA)
3852 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
3858 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3860 OPENSSL_free(c->ctype);
3863 if (p == NULL || len == 0)
3867 c->ctype = OPENSSL_memdup(p, len);
3868 if (c->ctype == NULL)
3874 int ssl3_shutdown(SSL *s)
3879 * Don't do anything much if we have not done the handshake or we don't
3880 * want to send messages :-)
3882 if (s->quiet_shutdown || SSL_in_before(s)) {
3883 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3887 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3888 s->shutdown |= SSL_SENT_SHUTDOWN;
3889 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3891 * our shutdown alert has been sent now, and if it still needs to be
3892 * written, s->s3->alert_dispatch will be true
3894 if (s->s3->alert_dispatch)
3895 return (-1); /* return WANT_WRITE */
3896 } else if (s->s3->alert_dispatch) {
3897 /* resend it if not sent */
3898 ret = s->method->ssl_dispatch_alert(s);
3901 * we only get to return -1 here the 2nd/Nth invocation, we must
3902 * have already signalled return 0 upon a previous invocation,
3907 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3910 * If we are waiting for a close from our peer, we are closed
3912 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3913 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3914 return -1; /* return WANT_READ */
3918 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3919 !s->s3->alert_dispatch)
3925 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3928 if (s->s3->renegotiate)
3929 ssl3_renegotiate_check(s, 0);
3931 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
3935 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3941 if (s->s3->renegotiate)
3942 ssl3_renegotiate_check(s, 0);
3943 s->s3->in_read_app_data = 1;
3945 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3947 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3949 * ssl3_read_bytes decided to call s->handshake_func, which called
3950 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3951 * actually found application data and thinks that application data
3952 * makes sense here; so disable handshake processing and try to read
3953 * application data again.
3955 ossl_statem_set_in_handshake(s, 1);
3957 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3958 len, peek, readbytes);
3959 ossl_statem_set_in_handshake(s, 0);
3961 s->s3->in_read_app_data = 0;
3966 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3968 return ssl3_read_internal(s, buf, len, 0, readbytes);
3971 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3973 return ssl3_read_internal(s, buf, len, 1, readbytes);
3976 int ssl3_renegotiate(SSL *s)
3978 if (s->handshake_func == NULL)
3981 s->s3->renegotiate = 1;
3986 * Check if we are waiting to do a renegotiation and if so whether now is a
3987 * good time to do it. If |initok| is true then we are being called from inside
3988 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3989 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3990 * should do a renegotiation now and sets up the state machine for it. Otherwise
3993 int ssl3_renegotiate_check(SSL *s, int initok)
3997 if (s->s3->renegotiate) {
3998 if (!RECORD_LAYER_read_pending(&s->rlayer)
3999 && !RECORD_LAYER_write_pending(&s->rlayer)
4000 && (initok || !SSL_in_init(s))) {
4002 * if we are the server, and we have sent a 'RENEGOTIATE'
4003 * message, we need to set the state machine into the renegotiate
4006 ossl_statem_set_renegotiate(s);
4007 s->s3->renegotiate = 0;
4008 s->s3->num_renegotiations++;
4009 s->s3->total_renegotiations++;
4017 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4018 * handshake macs if required.
4020 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4022 long ssl_get_algorithm2(SSL *s)
4025 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4027 alg2 = s->s3->tmp.new_cipher->algorithm2;
4028 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4029 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4030 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4031 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4032 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4033 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4039 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4040 * failure, 1 on success.
4042 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4045 int send_time = 0, ret;
4050 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4052 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4054 unsigned long Time = (unsigned long)time(NULL);
4055 unsigned char *p = result;
4057 /* TODO(size_t): Convert this */
4058 ret = RAND_bytes(p, (int)(len - 4));
4060 ret = RAND_bytes(result, (int)len);
4062 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4064 if (!ossl_assert(sizeof(tls11downgrade) < len)
4065 || !ossl_assert(sizeof(tls12downgrade) < len))
4067 if (dgrd == DOWNGRADE_TO_1_2)
4068 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4069 sizeof(tls12downgrade));
4070 else if (dgrd == DOWNGRADE_TO_1_1)
4071 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4072 sizeof(tls11downgrade));
4078 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4081 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4084 if (alg_k & SSL_PSK) {
4085 #ifndef OPENSSL_NO_PSK
4086 unsigned char *pskpms, *t;
4087 size_t psklen = s->s3->tmp.psklen;
4090 /* create PSK premaster_secret */
4092 /* For plain PSK "other_secret" is psklen zeroes */
4093 if (alg_k & SSL_kPSK)
4096 pskpmslen = 4 + pmslen + psklen;
4097 pskpms = OPENSSL_malloc(pskpmslen);
4102 if (alg_k & SSL_kPSK)
4103 memset(t, 0, pmslen);
4105 memcpy(t, pms, pmslen);
4108 memcpy(t, s->s3->tmp.psk, psklen);
4110 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4111 s->s3->tmp.psk = NULL;
4112 if (!s->method->ssl3_enc->generate_master_secret(s,
4113 s->session->master_key,pskpms, pskpmslen,
4114 &s->session->master_key_length))
4116 OPENSSL_clear_free(pskpms, pskpmslen);
4118 /* Should never happen */
4122 if (!s->method->ssl3_enc->generate_master_secret(s,
4123 s->session->master_key, pms, pmslen,
4124 &s->session->master_key_length))
4132 OPENSSL_clear_free(pms, pmslen);
4134 OPENSSL_cleanse(pms, pmslen);
4137 s->s3->tmp.pms = NULL;
4141 /* Generate a private key from parameters */
4142 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4144 EVP_PKEY_CTX *pctx = NULL;
4145 EVP_PKEY *pkey = NULL;
4149 pctx = EVP_PKEY_CTX_new(pm, NULL);
4152 if (EVP_PKEY_keygen_init(pctx) <= 0)
4154 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4155 EVP_PKEY_free(pkey);
4160 EVP_PKEY_CTX_free(pctx);
4163 #ifndef OPENSSL_NO_EC
4164 /* Generate a private key a curve ID */
4165 EVP_PKEY *ssl_generate_pkey_curve(int id)
4167 EVP_PKEY_CTX *pctx = NULL;
4168 EVP_PKEY *pkey = NULL;
4169 unsigned int curve_flags;
4170 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4174 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4175 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4178 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4182 if (EVP_PKEY_keygen_init(pctx) <= 0)
4184 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4186 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4187 EVP_PKEY_free(pkey);
4192 EVP_PKEY_CTX_free(pctx);
4197 /* Derive secrets for ECDH/DH */
4198 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4201 unsigned char *pms = NULL;
4205 if (privkey == NULL || pubkey == NULL)
4208 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4210 if (EVP_PKEY_derive_init(pctx) <= 0
4211 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4212 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4216 pms = OPENSSL_malloc(pmslen);
4220 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4224 if (SSL_IS_TLS13(s)) {
4226 * If we are resuming then we already generated the early secret
4227 * when we created the ClientHello, so don't recreate it.
4230 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4232 (unsigned char *)&s->early_secret);
4236 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4238 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4241 /* Save premaster secret */
4242 s->s3->tmp.pms = pms;
4243 s->s3->tmp.pmslen = pmslen;
4249 OPENSSL_clear_free(pms, pmslen);
4250 EVP_PKEY_CTX_free(pctx);
4254 #ifndef OPENSSL_NO_DH
4255 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4260 ret = EVP_PKEY_new();
4261 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {