2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28 const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 * The list of available ciphers, mostly organized into the following
38 * SRP (within that: RSA EC PSK)
39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
42 static SSL_CIPHER ssl3_ciphers[] = {
45 SSL3_TXT_RSA_NULL_MD5,
46 SSL3_RFC_RSA_NULL_MD5,
52 SSL3_VERSION, TLS1_2_VERSION,
53 DTLS1_BAD_VER, DTLS1_2_VERSION,
55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
61 SSL3_TXT_RSA_NULL_SHA,
62 SSL3_RFC_RSA_NULL_SHA,
68 SSL3_VERSION, TLS1_2_VERSION,
69 DTLS1_BAD_VER, DTLS1_2_VERSION,
70 SSL_STRONG_NONE | SSL_FIPS,
71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 SSL3_CK_RSA_DES_192_CBC3_SHA,
85 SSL3_VERSION, TLS1_2_VERSION,
86 DTLS1_BAD_VER, DTLS1_2_VERSION,
87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
101 SSL3_VERSION, TLS1_2_VERSION,
102 DTLS1_BAD_VER, DTLS1_2_VERSION,
103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
117 SSL3_VERSION, TLS1_2_VERSION,
118 DTLS1_BAD_VER, DTLS1_2_VERSION,
119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
127 SSL3_RFC_ADH_DES_192_CBC_SHA,
128 SSL3_CK_ADH_DES_192_CBC_SHA,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
144 TLS1_RFC_RSA_WITH_AES_128_SHA,
145 TLS1_CK_RSA_WITH_AES_128_SHA,
150 SSL3_VERSION, TLS1_2_VERSION,
151 DTLS1_BAD_VER, DTLS1_2_VERSION,
153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
166 SSL3_VERSION, TLS1_2_VERSION,
167 DTLS1_BAD_VER, DTLS1_2_VERSION,
168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
192 TLS1_RFC_ADH_WITH_AES_128_SHA,
193 TLS1_CK_ADH_WITH_AES_128_SHA,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
208 TLS1_RFC_RSA_WITH_AES_256_SHA,
209 TLS1_CK_RSA_WITH_AES_256_SHA,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
256 TLS1_RFC_ADH_WITH_AES_256_SHA,
257 TLS1_CK_ADH_WITH_AES_256_SHA,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
272 TLS1_RFC_RSA_WITH_NULL_SHA256,
273 TLS1_CK_RSA_WITH_NULL_SHA256,
278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
280 SSL_STRONG_NONE | SSL_FIPS,
281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 TLS1_CK_RSA_WITH_AES_128_SHA256,
294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 TLS1_CK_RSA_WITH_AES_256_SHA256,
310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 TLS1_CK_ADH_WITH_AES_256_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
543 TLS1_TXT_RSA_WITH_AES_128_CCM,
544 TLS1_RFC_RSA_WITH_AES_128_CCM,
545 TLS1_CK_RSA_WITH_AES_128_CCM,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
559 TLS1_TXT_RSA_WITH_AES_256_CCM,
560 TLS1_RFC_RSA_WITH_AES_256_CCM,
561 TLS1_CK_RSA_WITH_AES_256_CCM,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 TLS1_TXT_PSK_WITH_AES_128_CCM,
672 TLS1_RFC_PSK_WITH_AES_128_CCM,
673 TLS1_CK_PSK_WITH_AES_128_CCM,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 TLS1_TXT_PSK_WITH_AES_256_CCM,
688 TLS1_RFC_PSK_WITH_AES_256_CCM,
689 TLS1_CK_PSK_WITH_AES_256_CCM,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
808 SSL_NOT_DEFAULT | SSL_HIGH,
809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
864 TLS1_3_RFC_AES_128_GCM_SHA256,
865 TLS1_3_CK_AES_128_GCM_SHA256,
869 TLS1_3_VERSION, TLS1_3_VERSION,
873 SSL_HANDSHAKE_MAC_SHA256,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
880 TLS1_3_RFC_AES_256_GCM_SHA384,
881 TLS1_3_CK_AES_256_GCM_SHA384,
886 TLS1_3_VERSION, TLS1_3_VERSION,
889 SSL_HANDSHAKE_MAC_SHA384,
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 SSL_CHACHA20POLY1305,
903 TLS1_3_VERSION, TLS1_3_VERSION,
906 SSL_HANDSHAKE_MAC_SHA256,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
914 TLS1_3_RFC_AES_128_CCM_SHA256,
915 TLS1_3_CK_AES_128_CCM_SHA256,
920 TLS1_3_VERSION, TLS1_3_VERSION,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 TLS1_3_CK_AES_128_CCM_8_SHA256,
936 TLS1_3_VERSION, TLS1_3_VERSION,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
944 #ifndef OPENSSL_NO_EC
947 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
948 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
954 TLS1_VERSION, TLS1_2_VERSION,
955 DTLS1_BAD_VER, DTLS1_2_VERSION,
956 SSL_STRONG_NONE | SSL_FIPS,
957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
961 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
964 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
971 TLS1_VERSION, TLS1_2_VERSION,
972 DTLS1_BAD_VER, DTLS1_2_VERSION,
973 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
981 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
988 TLS1_VERSION, TLS1_2_VERSION,
989 DTLS1_BAD_VER, DTLS1_2_VERSION,
991 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
997 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1004 TLS1_VERSION, TLS1_2_VERSION,
1005 DTLS1_BAD_VER, DTLS1_2_VERSION,
1006 SSL_HIGH | SSL_FIPS,
1007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1013 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1014 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1020 TLS1_VERSION, TLS1_2_VERSION,
1021 DTLS1_BAD_VER, DTLS1_2_VERSION,
1022 SSL_STRONG_NONE | SSL_FIPS,
1023 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1027 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1030 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1037 TLS1_VERSION, TLS1_2_VERSION,
1038 DTLS1_BAD_VER, DTLS1_2_VERSION,
1039 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1040 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1047 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1054 TLS1_VERSION, TLS1_2_VERSION,
1055 DTLS1_BAD_VER, DTLS1_2_VERSION,
1056 SSL_HIGH | SSL_FIPS,
1057 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1063 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1070 TLS1_VERSION, TLS1_2_VERSION,
1071 DTLS1_BAD_VER, DTLS1_2_VERSION,
1072 SSL_HIGH | SSL_FIPS,
1073 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1079 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1080 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1086 TLS1_VERSION, TLS1_2_VERSION,
1087 DTLS1_BAD_VER, DTLS1_2_VERSION,
1088 SSL_STRONG_NONE | SSL_FIPS,
1089 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1093 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1096 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1103 TLS1_VERSION, TLS1_2_VERSION,
1104 DTLS1_BAD_VER, DTLS1_2_VERSION,
1105 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1106 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1113 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1114 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1120 TLS1_VERSION, TLS1_2_VERSION,
1121 DTLS1_BAD_VER, DTLS1_2_VERSION,
1122 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1123 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1129 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1130 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1136 TLS1_VERSION, TLS1_2_VERSION,
1137 DTLS1_BAD_VER, DTLS1_2_VERSION,
1138 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1139 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1145 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1152 TLS1_2_VERSION, TLS1_2_VERSION,
1153 DTLS1_2_VERSION, DTLS1_2_VERSION,
1154 SSL_HIGH | SSL_FIPS,
1155 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1161 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1168 TLS1_2_VERSION, TLS1_2_VERSION,
1169 DTLS1_2_VERSION, DTLS1_2_VERSION,
1170 SSL_HIGH | SSL_FIPS,
1171 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1177 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1178 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1184 TLS1_2_VERSION, TLS1_2_VERSION,
1185 DTLS1_2_VERSION, DTLS1_2_VERSION,
1186 SSL_HIGH | SSL_FIPS,
1187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1193 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1194 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1200 TLS1_2_VERSION, TLS1_2_VERSION,
1201 DTLS1_2_VERSION, DTLS1_2_VERSION,
1202 SSL_HIGH | SSL_FIPS,
1203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1209 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1216 TLS1_2_VERSION, TLS1_2_VERSION,
1217 DTLS1_2_VERSION, DTLS1_2_VERSION,
1218 SSL_HIGH | SSL_FIPS,
1219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1225 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1232 TLS1_2_VERSION, TLS1_2_VERSION,
1233 DTLS1_2_VERSION, DTLS1_2_VERSION,
1234 SSL_HIGH | SSL_FIPS,
1235 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1241 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1248 TLS1_2_VERSION, TLS1_2_VERSION,
1249 DTLS1_2_VERSION, DTLS1_2_VERSION,
1250 SSL_HIGH | SSL_FIPS,
1251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1257 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1264 TLS1_2_VERSION, TLS1_2_VERSION,
1265 DTLS1_2_VERSION, DTLS1_2_VERSION,
1266 SSL_HIGH | SSL_FIPS,
1267 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1271 #endif /* OPENSSL_NO_EC */
1273 #ifndef OPENSSL_NO_PSK
1276 TLS1_TXT_PSK_WITH_NULL_SHA,
1277 TLS1_RFC_PSK_WITH_NULL_SHA,
1278 TLS1_CK_PSK_WITH_NULL_SHA,
1283 SSL3_VERSION, TLS1_2_VERSION,
1284 DTLS1_BAD_VER, DTLS1_2_VERSION,
1285 SSL_STRONG_NONE | SSL_FIPS,
1286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1292 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1294 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1299 SSL3_VERSION, TLS1_2_VERSION,
1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
1301 SSL_STRONG_NONE | SSL_FIPS,
1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1308 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1310 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1315 SSL3_VERSION, TLS1_2_VERSION,
1316 DTLS1_BAD_VER, DTLS1_2_VERSION,
1317 SSL_STRONG_NONE | SSL_FIPS,
1318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1322 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1325 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1327 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1332 SSL3_VERSION, TLS1_2_VERSION,
1333 DTLS1_BAD_VER, DTLS1_2_VERSION,
1334 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1342 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1344 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1349 SSL3_VERSION, TLS1_2_VERSION,
1350 DTLS1_BAD_VER, DTLS1_2_VERSION,
1351 SSL_HIGH | SSL_FIPS,
1352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1358 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1360 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1365 SSL3_VERSION, TLS1_2_VERSION,
1366 DTLS1_BAD_VER, DTLS1_2_VERSION,
1367 SSL_HIGH | SSL_FIPS,
1368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1372 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1375 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1382 SSL3_VERSION, TLS1_2_VERSION,
1383 DTLS1_BAD_VER, DTLS1_2_VERSION,
1384 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1392 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_BAD_VER, DTLS1_2_VERSION,
1401 SSL_HIGH | SSL_FIPS,
1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1408 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1415 SSL3_VERSION, TLS1_2_VERSION,
1416 DTLS1_BAD_VER, DTLS1_2_VERSION,
1417 SSL_HIGH | SSL_FIPS,
1418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1422 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1425 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1432 SSL3_VERSION, TLS1_2_VERSION,
1433 DTLS1_BAD_VER, DTLS1_2_VERSION,
1434 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1442 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1449 SSL3_VERSION, TLS1_2_VERSION,
1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
1451 SSL_HIGH | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1458 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1465 SSL3_VERSION, TLS1_2_VERSION,
1466 DTLS1_BAD_VER, DTLS1_2_VERSION,
1467 SSL_HIGH | SSL_FIPS,
1468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1474 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1481 TLS1_2_VERSION, TLS1_2_VERSION,
1482 DTLS1_2_VERSION, DTLS1_2_VERSION,
1483 SSL_HIGH | SSL_FIPS,
1484 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1490 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1497 TLS1_2_VERSION, TLS1_2_VERSION,
1498 DTLS1_2_VERSION, DTLS1_2_VERSION,
1499 SSL_HIGH | SSL_FIPS,
1500 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1506 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1513 TLS1_2_VERSION, TLS1_2_VERSION,
1514 DTLS1_2_VERSION, DTLS1_2_VERSION,
1515 SSL_HIGH | SSL_FIPS,
1516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1522 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1529 TLS1_2_VERSION, TLS1_2_VERSION,
1530 DTLS1_2_VERSION, DTLS1_2_VERSION,
1531 SSL_HIGH | SSL_FIPS,
1532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1538 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1545 TLS1_2_VERSION, TLS1_2_VERSION,
1546 DTLS1_2_VERSION, DTLS1_2_VERSION,
1547 SSL_HIGH | SSL_FIPS,
1548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1554 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1561 TLS1_2_VERSION, TLS1_2_VERSION,
1562 DTLS1_2_VERSION, DTLS1_2_VERSION,
1563 SSL_HIGH | SSL_FIPS,
1564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1570 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1577 TLS1_VERSION, TLS1_2_VERSION,
1578 DTLS1_BAD_VER, DTLS1_2_VERSION,
1579 SSL_HIGH | SSL_FIPS,
1580 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1593 TLS1_VERSION, TLS1_2_VERSION,
1594 DTLS1_BAD_VER, DTLS1_2_VERSION,
1595 SSL_HIGH | SSL_FIPS,
1596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1602 TLS1_TXT_PSK_WITH_NULL_SHA256,
1603 TLS1_RFC_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_PSK_WITH_NULL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_BAD_VER, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618 TLS1_TXT_PSK_WITH_NULL_SHA384,
1619 TLS1_RFC_PSK_WITH_NULL_SHA384,
1620 TLS1_CK_PSK_WITH_NULL_SHA384,
1625 TLS1_VERSION, TLS1_2_VERSION,
1626 DTLS1_BAD_VER, DTLS1_2_VERSION,
1627 SSL_STRONG_NONE | SSL_FIPS,
1628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1634 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1641 TLS1_VERSION, TLS1_2_VERSION,
1642 DTLS1_BAD_VER, DTLS1_2_VERSION,
1643 SSL_HIGH | SSL_FIPS,
1644 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1650 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1657 TLS1_VERSION, TLS1_2_VERSION,
1658 DTLS1_BAD_VER, DTLS1_2_VERSION,
1659 SSL_HIGH | SSL_FIPS,
1660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1666 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1673 TLS1_VERSION, TLS1_2_VERSION,
1674 DTLS1_BAD_VER, DTLS1_2_VERSION,
1675 SSL_STRONG_NONE | SSL_FIPS,
1676 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1682 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1689 TLS1_VERSION, TLS1_2_VERSION,
1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
1691 SSL_STRONG_NONE | SSL_FIPS,
1692 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1698 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_HIGH | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1714 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1721 TLS1_VERSION, TLS1_2_VERSION,
1722 DTLS1_BAD_VER, DTLS1_2_VERSION,
1723 SSL_HIGH | SSL_FIPS,
1724 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1730 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1737 TLS1_VERSION, TLS1_2_VERSION,
1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
1739 SSL_STRONG_NONE | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1746 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_STRONG_NONE | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1760 # ifndef OPENSSL_NO_EC
1761 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1764 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1771 TLS1_VERSION, TLS1_2_VERSION,
1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
1773 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1781 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1788 TLS1_VERSION, TLS1_2_VERSION,
1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
1790 SSL_HIGH | SSL_FIPS,
1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1797 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1804 TLS1_VERSION, TLS1_2_VERSION,
1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
1806 SSL_HIGH | SSL_FIPS,
1807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1813 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1820 TLS1_VERSION, TLS1_2_VERSION,
1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
1822 SSL_HIGH | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1829 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1836 TLS1_VERSION, TLS1_2_VERSION,
1837 DTLS1_BAD_VER, DTLS1_2_VERSION,
1838 SSL_HIGH | SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1845 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1852 TLS1_VERSION, TLS1_2_VERSION,
1853 DTLS1_BAD_VER, DTLS1_2_VERSION,
1854 SSL_STRONG_NONE | SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1861 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1868 TLS1_VERSION, TLS1_2_VERSION,
1869 DTLS1_BAD_VER, DTLS1_2_VERSION,
1870 SSL_STRONG_NONE | SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1877 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1884 TLS1_VERSION, TLS1_2_VERSION,
1885 DTLS1_BAD_VER, DTLS1_2_VERSION,
1886 SSL_STRONG_NONE | SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891 # endif /* OPENSSL_NO_EC */
1892 #endif /* OPENSSL_NO_PSK */
1894 #ifndef OPENSSL_NO_SRP
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1898 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1905 SSL3_VERSION, TLS1_2_VERSION,
1906 DTLS1_BAD_VER, DTLS1_2_VERSION,
1907 SSL_NOT_DEFAULT | SSL_MEDIUM,
1908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1921 SSL3_VERSION, TLS1_2_VERSION,
1922 DTLS1_BAD_VER, DTLS1_2_VERSION,
1923 SSL_NOT_DEFAULT | SSL_MEDIUM,
1924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1930 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1937 SSL3_VERSION, TLS1_2_VERSION,
1938 DTLS1_BAD_VER, DTLS1_2_VERSION,
1939 SSL_NOT_DEFAULT | SSL_MEDIUM,
1940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1947 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1954 SSL3_VERSION, TLS1_2_VERSION,
1955 DTLS1_BAD_VER, DTLS1_2_VERSION,
1957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1970 SSL3_VERSION, TLS1_2_VERSION,
1971 DTLS1_BAD_VER, DTLS1_2_VERSION,
1973 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1986 SSL3_VERSION, TLS1_2_VERSION,
1987 DTLS1_BAD_VER, DTLS1_2_VERSION,
1988 SSL_NOT_DEFAULT | SSL_HIGH,
1989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1995 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2002 SSL3_VERSION, TLS1_2_VERSION,
2003 DTLS1_BAD_VER, DTLS1_2_VERSION,
2005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2018 SSL3_VERSION, TLS1_2_VERSION,
2019 DTLS1_BAD_VER, DTLS1_2_VERSION,
2021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2034 SSL3_VERSION, TLS1_2_VERSION,
2035 DTLS1_BAD_VER, DTLS1_2_VERSION,
2036 SSL_NOT_DEFAULT | SSL_HIGH,
2037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2041 #endif /* OPENSSL_NO_SRP */
2043 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2044 # ifndef OPENSSL_NO_RSA
2047 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2048 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2049 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2052 SSL_CHACHA20POLY1305,
2054 TLS1_2_VERSION, TLS1_2_VERSION,
2055 DTLS1_2_VERSION, DTLS1_2_VERSION,
2057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2061 # endif /* OPENSSL_NO_RSA */
2063 # ifndef OPENSSL_NO_EC
2066 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2067 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2068 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2071 SSL_CHACHA20POLY1305,
2073 TLS1_2_VERSION, TLS1_2_VERSION,
2074 DTLS1_2_VERSION, DTLS1_2_VERSION,
2076 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2083 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2084 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2087 SSL_CHACHA20POLY1305,
2089 TLS1_2_VERSION, TLS1_2_VERSION,
2090 DTLS1_2_VERSION, DTLS1_2_VERSION,
2092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2096 # endif /* OPENSSL_NO_EC */
2098 # ifndef OPENSSL_NO_PSK
2101 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2102 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2103 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2106 SSL_CHACHA20POLY1305,
2108 TLS1_2_VERSION, TLS1_2_VERSION,
2109 DTLS1_2_VERSION, DTLS1_2_VERSION,
2111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2117 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2118 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2119 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2122 SSL_CHACHA20POLY1305,
2124 TLS1_2_VERSION, TLS1_2_VERSION,
2125 DTLS1_2_VERSION, DTLS1_2_VERSION,
2127 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2133 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2134 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2135 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2138 SSL_CHACHA20POLY1305,
2140 TLS1_2_VERSION, TLS1_2_VERSION,
2141 DTLS1_2_VERSION, DTLS1_2_VERSION,
2143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2150 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2151 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2154 SSL_CHACHA20POLY1305,
2156 TLS1_2_VERSION, TLS1_2_VERSION,
2157 DTLS1_2_VERSION, DTLS1_2_VERSION,
2159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2163 # endif /* OPENSSL_NO_PSK */
2164 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2165 * !defined(OPENSSL_NO_POLY1305) */
2167 #ifndef OPENSSL_NO_CAMELLIA
2170 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2171 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2177 TLS1_2_VERSION, TLS1_2_VERSION,
2178 DTLS1_2_VERSION, DTLS1_2_VERSION,
2179 SSL_NOT_DEFAULT | SSL_HIGH,
2180 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2186 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2187 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2193 TLS1_2_VERSION, TLS1_2_VERSION,
2194 DTLS1_2_VERSION, DTLS1_2_VERSION,
2195 SSL_NOT_DEFAULT | SSL_HIGH,
2196 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2202 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2203 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209 TLS1_2_VERSION, TLS1_2_VERSION,
2210 DTLS1_2_VERSION, DTLS1_2_VERSION,
2211 SSL_NOT_DEFAULT | SSL_HIGH,
2212 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2218 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2219 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2220 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2225 TLS1_2_VERSION, TLS1_2_VERSION,
2226 DTLS1_2_VERSION, DTLS1_2_VERSION,
2227 SSL_NOT_DEFAULT | SSL_HIGH,
2228 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2234 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2235 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2241 TLS1_2_VERSION, TLS1_2_VERSION,
2242 DTLS1_2_VERSION, DTLS1_2_VERSION,
2243 SSL_NOT_DEFAULT | SSL_HIGH,
2244 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2250 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2251 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2257 TLS1_2_VERSION, TLS1_2_VERSION,
2258 DTLS1_2_VERSION, DTLS1_2_VERSION,
2259 SSL_NOT_DEFAULT | SSL_HIGH,
2260 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2266 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2267 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273 TLS1_2_VERSION, TLS1_2_VERSION,
2274 DTLS1_2_VERSION, DTLS1_2_VERSION,
2275 SSL_NOT_DEFAULT | SSL_HIGH,
2276 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2282 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2283 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2284 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2289 TLS1_2_VERSION, TLS1_2_VERSION,
2290 DTLS1_2_VERSION, DTLS1_2_VERSION,
2291 SSL_NOT_DEFAULT | SSL_HIGH,
2292 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2298 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2299 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2305 SSL3_VERSION, TLS1_2_VERSION,
2306 DTLS1_BAD_VER, DTLS1_2_VERSION,
2307 SSL_NOT_DEFAULT | SSL_HIGH,
2308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2314 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2315 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2321 SSL3_VERSION, TLS1_2_VERSION,
2322 DTLS1_BAD_VER, DTLS1_2_VERSION,
2323 SSL_NOT_DEFAULT | SSL_HIGH,
2324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2330 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2331 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337 SSL3_VERSION, TLS1_2_VERSION,
2338 DTLS1_BAD_VER, DTLS1_2_VERSION,
2339 SSL_NOT_DEFAULT | SSL_HIGH,
2340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2346 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2347 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2348 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2353 SSL3_VERSION, TLS1_2_VERSION,
2354 DTLS1_BAD_VER, DTLS1_2_VERSION,
2355 SSL_NOT_DEFAULT | SSL_HIGH,
2356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2362 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2363 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2369 SSL3_VERSION, TLS1_2_VERSION,
2370 DTLS1_BAD_VER, DTLS1_2_VERSION,
2371 SSL_NOT_DEFAULT | SSL_HIGH,
2372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2378 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2379 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2385 SSL3_VERSION, TLS1_2_VERSION,
2386 DTLS1_BAD_VER, DTLS1_2_VERSION,
2387 SSL_NOT_DEFAULT | SSL_HIGH,
2388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2394 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2395 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401 SSL3_VERSION, TLS1_2_VERSION,
2402 DTLS1_BAD_VER, DTLS1_2_VERSION,
2403 SSL_NOT_DEFAULT | SSL_HIGH,
2404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2410 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2411 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2412 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2417 SSL3_VERSION, TLS1_2_VERSION,
2418 DTLS1_BAD_VER, DTLS1_2_VERSION,
2419 SSL_NOT_DEFAULT | SSL_HIGH,
2420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425 # ifndef OPENSSL_NO_EC
2428 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2429 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2435 TLS1_2_VERSION, TLS1_2_VERSION,
2436 DTLS1_2_VERSION, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2444 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2445 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2451 TLS1_2_VERSION, TLS1_2_VERSION,
2452 DTLS1_2_VERSION, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2460 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2461 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2476 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2477 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_2_VERSION, TLS1_2_VERSION,
2484 DTLS1_2_VERSION, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2490 # endif /* OPENSSL_NO_EC */
2492 # ifndef OPENSSL_NO_PSK
2495 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2496 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2502 TLS1_VERSION, TLS1_2_VERSION,
2503 DTLS1_BAD_VER, DTLS1_2_VERSION,
2504 SSL_NOT_DEFAULT | SSL_HIGH,
2505 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2511 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2512 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2518 TLS1_VERSION, TLS1_2_VERSION,
2519 DTLS1_BAD_VER, DTLS1_2_VERSION,
2520 SSL_NOT_DEFAULT | SSL_HIGH,
2521 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2527 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2534 TLS1_VERSION, TLS1_2_VERSION,
2535 DTLS1_BAD_VER, DTLS1_2_VERSION,
2536 SSL_NOT_DEFAULT | SSL_HIGH,
2537 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2543 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2550 TLS1_VERSION, TLS1_2_VERSION,
2551 DTLS1_BAD_VER, DTLS1_2_VERSION,
2552 SSL_NOT_DEFAULT | SSL_HIGH,
2553 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2559 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2566 TLS1_VERSION, TLS1_2_VERSION,
2567 DTLS1_BAD_VER, DTLS1_2_VERSION,
2568 SSL_NOT_DEFAULT | SSL_HIGH,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2575 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2582 TLS1_VERSION, TLS1_2_VERSION,
2583 DTLS1_BAD_VER, DTLS1_2_VERSION,
2584 SSL_NOT_DEFAULT | SSL_HIGH,
2585 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2591 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2598 TLS1_VERSION, TLS1_2_VERSION,
2599 DTLS1_BAD_VER, DTLS1_2_VERSION,
2600 SSL_NOT_DEFAULT | SSL_HIGH,
2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2607 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2614 TLS1_VERSION, TLS1_2_VERSION,
2615 DTLS1_BAD_VER, DTLS1_2_VERSION,
2616 SSL_NOT_DEFAULT | SSL_HIGH,
2617 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2621 # endif /* OPENSSL_NO_PSK */
2623 #endif /* OPENSSL_NO_CAMELLIA */
2625 #ifndef OPENSSL_NO_GOST
2628 "GOST2001-GOST89-GOST89",
2629 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2633 SSL_eGOST2814789CNT,
2635 TLS1_VERSION, TLS1_2_VERSION,
2638 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2644 "GOST2001-NULL-GOST94",
2645 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2651 TLS1_VERSION, TLS1_2_VERSION,
2654 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2660 "GOST2012-GOST8912-GOST8912",
2664 SSL_aGOST12 | SSL_aGOST01,
2665 SSL_eGOST2814789CNT12,
2667 TLS1_VERSION, TLS1_2_VERSION,
2670 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2676 "GOST2012-NULL-GOST12",
2680 SSL_aGOST12 | SSL_aGOST01,
2683 TLS1_VERSION, TLS1_2_VERSION,
2686 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2690 #endif /* OPENSSL_NO_GOST */
2692 #ifndef OPENSSL_NO_IDEA
2695 SSL3_TXT_RSA_IDEA_128_SHA,
2696 SSL3_RFC_RSA_IDEA_128_SHA,
2697 SSL3_CK_RSA_IDEA_128_SHA,
2702 SSL3_VERSION, TLS1_1_VERSION,
2703 DTLS1_BAD_VER, DTLS1_VERSION,
2704 SSL_NOT_DEFAULT | SSL_MEDIUM,
2705 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2711 #ifndef OPENSSL_NO_SEED
2714 TLS1_TXT_RSA_WITH_SEED_SHA,
2715 TLS1_RFC_RSA_WITH_SEED_SHA,
2716 TLS1_CK_RSA_WITH_SEED_SHA,
2721 SSL3_VERSION, TLS1_2_VERSION,
2722 DTLS1_BAD_VER, DTLS1_2_VERSION,
2723 SSL_NOT_DEFAULT | SSL_MEDIUM,
2724 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2730 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2731 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2732 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2737 SSL3_VERSION, TLS1_2_VERSION,
2738 DTLS1_BAD_VER, DTLS1_2_VERSION,
2739 SSL_NOT_DEFAULT | SSL_MEDIUM,
2740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2746 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2747 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2748 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2753 SSL3_VERSION, TLS1_2_VERSION,
2754 DTLS1_BAD_VER, DTLS1_2_VERSION,
2755 SSL_NOT_DEFAULT | SSL_MEDIUM,
2756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2762 TLS1_TXT_ADH_WITH_SEED_SHA,
2763 TLS1_RFC_ADH_WITH_SEED_SHA,
2764 TLS1_CK_ADH_WITH_SEED_SHA,
2769 SSL3_VERSION, TLS1_2_VERSION,
2770 DTLS1_BAD_VER, DTLS1_2_VERSION,
2771 SSL_NOT_DEFAULT | SSL_MEDIUM,
2772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776 #endif /* OPENSSL_NO_SEED */
2778 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2781 SSL3_TXT_RSA_RC4_128_MD5,
2782 SSL3_RFC_RSA_RC4_128_MD5,
2783 SSL3_CK_RSA_RC4_128_MD5,
2788 SSL3_VERSION, TLS1_2_VERSION,
2790 SSL_NOT_DEFAULT | SSL_MEDIUM,
2791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2797 SSL3_TXT_RSA_RC4_128_SHA,
2798 SSL3_RFC_RSA_RC4_128_SHA,
2799 SSL3_CK_RSA_RC4_128_SHA,
2804 SSL3_VERSION, TLS1_2_VERSION,
2806 SSL_NOT_DEFAULT | SSL_MEDIUM,
2807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2813 SSL3_TXT_ADH_RC4_128_MD5,
2814 SSL3_RFC_ADH_RC4_128_MD5,
2815 SSL3_CK_ADH_RC4_128_MD5,
2820 SSL3_VERSION, TLS1_2_VERSION,
2822 SSL_NOT_DEFAULT | SSL_MEDIUM,
2823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2828 # ifndef OPENSSL_NO_EC
2831 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2832 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2833 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2838 TLS1_VERSION, TLS1_2_VERSION,
2840 SSL_NOT_DEFAULT | SSL_MEDIUM,
2841 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2847 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2848 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2849 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2854 TLS1_VERSION, TLS1_2_VERSION,
2856 SSL_NOT_DEFAULT | SSL_MEDIUM,
2857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2863 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2864 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2865 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2870 TLS1_VERSION, TLS1_2_VERSION,
2872 SSL_NOT_DEFAULT | SSL_MEDIUM,
2873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2879 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2880 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2881 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2886 TLS1_VERSION, TLS1_2_VERSION,
2888 SSL_NOT_DEFAULT | SSL_MEDIUM,
2889 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2893 # endif /* OPENSSL_NO_EC */
2895 # ifndef OPENSSL_NO_PSK
2898 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2899 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2900 TLS1_CK_PSK_WITH_RC4_128_SHA,
2905 SSL3_VERSION, TLS1_2_VERSION,
2907 SSL_NOT_DEFAULT | SSL_MEDIUM,
2908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2915 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2916 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2921 SSL3_VERSION, TLS1_2_VERSION,
2923 SSL_NOT_DEFAULT | SSL_MEDIUM,
2924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2930 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2931 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2932 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2937 SSL3_VERSION, TLS1_2_VERSION,
2939 SSL_NOT_DEFAULT | SSL_MEDIUM,
2940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2944 # endif /* OPENSSL_NO_PSK */
2946 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2948 #ifndef OPENSSL_NO_ARIA
2951 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2952 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2953 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2958 TLS1_2_VERSION, TLS1_2_VERSION,
2959 DTLS1_2_VERSION, DTLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_HIGH,
2961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2967 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2968 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2969 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2974 TLS1_2_VERSION, TLS1_2_VERSION,
2975 DTLS1_2_VERSION, DTLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_HIGH,
2977 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2983 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2984 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2985 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2990 TLS1_2_VERSION, TLS1_2_VERSION,
2991 DTLS1_2_VERSION, DTLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_HIGH,
2993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2999 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3000 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3001 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3006 TLS1_2_VERSION, TLS1_2_VERSION,
3007 DTLS1_2_VERSION, DTLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_HIGH,
3009 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3015 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3016 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3017 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3022 TLS1_2_VERSION, TLS1_2_VERSION,
3023 DTLS1_2_VERSION, DTLS1_2_VERSION,
3024 SSL_NOT_DEFAULT | SSL_HIGH,
3025 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3031 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3032 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3033 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3038 TLS1_2_VERSION, TLS1_2_VERSION,
3039 DTLS1_2_VERSION, DTLS1_2_VERSION,
3040 SSL_NOT_DEFAULT | SSL_HIGH,
3041 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3047 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3048 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3049 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3054 TLS1_2_VERSION, TLS1_2_VERSION,
3055 DTLS1_2_VERSION, DTLS1_2_VERSION,
3056 SSL_NOT_DEFAULT | SSL_HIGH,
3057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3063 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3064 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3065 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3070 TLS1_2_VERSION, TLS1_2_VERSION,
3071 DTLS1_2_VERSION, DTLS1_2_VERSION,
3072 SSL_NOT_DEFAULT | SSL_HIGH,
3073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3080 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3081 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3082 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3087 TLS1_2_VERSION, TLS1_2_VERSION,
3088 DTLS1_2_VERSION, DTLS1_2_VERSION,
3089 SSL_NOT_DEFAULT | SSL_HIGH,
3090 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3096 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3097 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3098 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3103 TLS1_2_VERSION, TLS1_2_VERSION,
3104 DTLS1_2_VERSION, DTLS1_2_VERSION,
3105 SSL_NOT_DEFAULT | SSL_HIGH,
3106 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3112 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3113 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3114 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3119 TLS1_2_VERSION, TLS1_2_VERSION,
3120 DTLS1_2_VERSION, DTLS1_2_VERSION,
3121 SSL_NOT_DEFAULT | SSL_HIGH,
3122 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3128 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3129 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3130 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3135 TLS1_2_VERSION, TLS1_2_VERSION,
3136 DTLS1_2_VERSION, DTLS1_2_VERSION,
3137 SSL_NOT_DEFAULT | SSL_HIGH,
3138 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3144 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3145 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3146 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3151 TLS1_2_VERSION, TLS1_2_VERSION,
3152 DTLS1_2_VERSION, DTLS1_2_VERSION,
3153 SSL_NOT_DEFAULT | SSL_HIGH,
3154 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3160 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3161 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3162 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3167 TLS1_2_VERSION, TLS1_2_VERSION,
3168 DTLS1_2_VERSION, DTLS1_2_VERSION,
3169 SSL_NOT_DEFAULT | SSL_HIGH,
3170 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3177 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3178 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3179 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3184 TLS1_2_VERSION, TLS1_2_VERSION,
3185 DTLS1_2_VERSION, DTLS1_2_VERSION,
3186 SSL_NOT_DEFAULT | SSL_HIGH,
3187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3193 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3194 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3195 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3200 TLS1_2_VERSION, TLS1_2_VERSION,
3201 DTLS1_2_VERSION, DTLS1_2_VERSION,
3202 SSL_NOT_DEFAULT | SSL_HIGH,
3203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3207 #endif /* OPENSSL_NO_ARIA */
3211 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3212 * values stuffed into the ciphers field of the wire protocol for signalling
3215 static SSL_CIPHER ssl3_scsvs[] = {
3218 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3219 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3221 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3225 "TLS_FALLBACK_SCSV",
3226 "TLS_FALLBACK_SCSV",
3227 SSL3_CK_FALLBACK_SCSV,
3228 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3232 static int cipher_compare(const void *a, const void *b)
3234 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3235 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3237 if (ap->id == bp->id)
3239 return ap->id < bp->id ? -1 : 1;
3242 void ssl_sort_cipher_list(void)
3244 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3246 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3249 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3250 const char * t, size_t u,
3251 const unsigned char * v, size_t w, int x)
3260 return ssl_undefined_function(ssl);
3263 const SSL3_ENC_METHOD SSLv3_enc_data = {
3266 ssl3_setup_key_block,
3267 ssl3_generate_master_secret,
3268 ssl3_change_cipher_state,
3269 ssl3_final_finish_mac,
3270 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3271 SSL3_MD_SERVER_FINISHED_CONST, 4,
3273 ssl_undefined_function_1,
3275 ssl3_set_handshake_header,
3276 tls_close_construct_packet,
3277 ssl3_handshake_write
3280 long ssl3_default_timeout(void)
3283 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3284 * http, the cache would over fill
3286 return (60 * 60 * 2);
3289 int ssl3_num_ciphers(void)
3291 return SSL3_NUM_CIPHERS;
3294 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3296 if (u < SSL3_NUM_CIPHERS)
3297 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3302 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3304 /* No header in the event of a CCS */
3305 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3308 /* Set the content type and 3 bytes for the message len */
3309 if (!WPACKET_put_bytes_u8(pkt, htype)
3310 || !WPACKET_start_sub_packet_u24(pkt))
3316 int ssl3_handshake_write(SSL *s)
3318 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3321 int ssl3_new(SSL *s)
3325 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3329 #ifndef OPENSSL_NO_SRP
3330 if (!SSL_SRP_CTX_init(s))
3334 if (!s->method->ssl_clear(s))
3342 void ssl3_free(SSL *s)
3344 if (s == NULL || s->s3 == NULL)
3347 ssl3_cleanup_key_block(s);
3349 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3350 EVP_PKEY_free(s->s3->peer_tmp);
3351 s->s3->peer_tmp = NULL;
3352 EVP_PKEY_free(s->s3->tmp.pkey);
3353 s->s3->tmp.pkey = NULL;
3356 OPENSSL_free(s->s3->tmp.ctype);
3357 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3358 OPENSSL_free(s->s3->tmp.ciphers_raw);
3359 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3360 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3361 ssl3_free_digest_list(s);
3362 OPENSSL_free(s->s3->alpn_selected);
3363 OPENSSL_free(s->s3->alpn_proposed);
3365 #ifndef OPENSSL_NO_SRP
3366 SSL_SRP_CTX_free(s);
3368 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3372 int ssl3_clear(SSL *s)
3374 ssl3_cleanup_key_block(s);
3375 OPENSSL_free(s->s3->tmp.ctype);
3376 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3377 OPENSSL_free(s->s3->tmp.ciphers_raw);
3378 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3379 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3381 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3382 EVP_PKEY_free(s->s3->tmp.pkey);
3383 EVP_PKEY_free(s->s3->peer_tmp);
3384 #endif /* !OPENSSL_NO_EC */
3386 ssl3_free_digest_list(s);
3388 OPENSSL_free(s->s3->alpn_selected);
3389 OPENSSL_free(s->s3->alpn_proposed);
3391 /* NULL/zero-out everything in the s3 struct */
3392 memset(s->s3, 0, sizeof(*s->s3));
3394 if (!ssl_free_wbio_buffer(s))
3397 s->version = SSL3_VERSION;
3399 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3400 OPENSSL_free(s->ext.npn);
3408 #ifndef OPENSSL_NO_SRP
3409 static char *srp_password_from_info_cb(SSL *s, void *arg)
3411 return OPENSSL_strdup(s->srp_ctx.info);
3415 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3417 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3422 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3424 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3425 ret = s->s3->num_renegotiations;
3427 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3428 ret = s->s3->num_renegotiations;
3429 s->s3->num_renegotiations = 0;
3431 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3432 ret = s->s3->total_renegotiations;
3434 case SSL_CTRL_GET_FLAGS:
3435 ret = (int)(s->s3->flags);
3437 #ifndef OPENSSL_NO_DH
3438 case SSL_CTRL_SET_TMP_DH:
3440 DH *dh = (DH *)parg;
3441 EVP_PKEY *pkdh = NULL;
3443 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3446 pkdh = ssl_dh_to_pkey(dh);
3448 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3451 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3452 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3453 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3454 EVP_PKEY_free(pkdh);
3457 EVP_PKEY_free(s->cert->dh_tmp);
3458 s->cert->dh_tmp = pkdh;
3462 case SSL_CTRL_SET_TMP_DH_CB:
3464 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3467 case SSL_CTRL_SET_DH_AUTO:
3468 s->cert->dh_tmp_auto = larg;
3471 #ifndef OPENSSL_NO_EC
3472 case SSL_CTRL_SET_TMP_ECDH:
3474 const EC_GROUP *group = NULL;
3478 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3481 group = EC_KEY_get0_group((const EC_KEY *)parg);
3482 if (group == NULL) {
3483 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3486 nid = EC_GROUP_get_curve_name(group);
3487 if (nid == NID_undef)
3489 return tls1_set_groups(&s->ext.supportedgroups,
3490 &s->ext.supportedgroups_len,
3494 #endif /* !OPENSSL_NO_EC */
3495 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3496 if (larg == TLSEXT_NAMETYPE_host_name) {
3499 OPENSSL_free(s->ext.hostname);
3500 s->ext.hostname = NULL;
3505 len = strlen((char *)parg);
3506 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3507 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3510 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3511 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3515 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3519 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3520 s->ext.debug_arg = parg;
3524 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3525 ret = s->ext.status_type;
3528 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3529 s->ext.status_type = larg;
3533 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3534 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3538 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3539 s->ext.ocsp.exts = parg;
3543 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3544 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3548 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3549 s->ext.ocsp.ids = parg;
3553 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3554 *(unsigned char **)parg = s->ext.ocsp.resp;
3555 if (s->ext.ocsp.resp_len == 0
3556 || s->ext.ocsp.resp_len > LONG_MAX)
3558 return (long)s->ext.ocsp.resp_len;
3560 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3561 OPENSSL_free(s->ext.ocsp.resp);
3562 s->ext.ocsp.resp = parg;
3563 s->ext.ocsp.resp_len = larg;
3567 #ifndef OPENSSL_NO_HEARTBEATS
3568 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3569 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3570 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3574 case SSL_CTRL_CHAIN:
3576 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3578 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3580 case SSL_CTRL_CHAIN_CERT:
3582 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3584 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3586 case SSL_CTRL_GET_CHAIN_CERTS:
3587 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3590 case SSL_CTRL_SELECT_CURRENT_CERT:
3591 return ssl_cert_select_current(s->cert, (X509 *)parg);
3593 case SSL_CTRL_SET_CURRENT_CERT:
3594 if (larg == SSL_CERT_SET_SERVER) {
3595 const SSL_CIPHER *cipher;
3598 cipher = s->s3->tmp.new_cipher;
3602 * No certificate for unauthenticated ciphersuites or using SRP
3605 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3607 if (s->s3->tmp.cert == NULL)
3609 s->cert->key = s->s3->tmp.cert;
3612 return ssl_cert_set_current(s->cert, larg);
3614 #ifndef OPENSSL_NO_EC
3615 case SSL_CTRL_GET_GROUPS:
3622 clist = s->session->ext.supportedgroups;
3623 clistlen = s->session->ext.supportedgroups_len;
3628 for (i = 0; i < clistlen; i++) {
3629 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3632 cptr[i] = cinf->nid;
3634 cptr[i] = TLSEXT_nid_unknown | clist[i];
3637 return (int)clistlen;
3640 case SSL_CTRL_SET_GROUPS:
3641 return tls1_set_groups(&s->ext.supportedgroups,
3642 &s->ext.supportedgroups_len, parg, larg);
3644 case SSL_CTRL_SET_GROUPS_LIST:
3645 return tls1_set_groups_list(&s->ext.supportedgroups,
3646 &s->ext.supportedgroups_len, parg);
3648 case SSL_CTRL_GET_SHARED_GROUP:
3650 uint16_t id = tls1_shared_group(s, larg);
3653 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3655 return ginf == NULL ? 0 : ginf->nid;
3660 case SSL_CTRL_SET_SIGALGS:
3661 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3663 case SSL_CTRL_SET_SIGALGS_LIST:
3664 return tls1_set_sigalgs_list(s->cert, parg, 0);
3666 case SSL_CTRL_SET_CLIENT_SIGALGS:
3667 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3669 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3670 return tls1_set_sigalgs_list(s->cert, parg, 1);
3672 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3674 const unsigned char **pctype = parg;
3675 if (s->server || !s->s3->tmp.cert_req)
3678 *pctype = s->s3->tmp.ctype;
3679 return s->s3->tmp.ctype_len;
3682 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3685 return ssl3_set_req_cert_type(s->cert, parg, larg);
3687 case SSL_CTRL_BUILD_CERT_CHAIN:
3688 return ssl_build_cert_chain(s, NULL, larg);
3690 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3691 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3693 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3694 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3696 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3697 if (s->s3->tmp.peer_sigalg == NULL)
3699 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3702 case SSL_CTRL_GET_SERVER_TMP_KEY:
3703 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3704 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3707 EVP_PKEY_up_ref(s->s3->peer_tmp);
3708 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3714 #ifndef OPENSSL_NO_EC
3715 case SSL_CTRL_GET_EC_POINT_FORMATS:
3717 SSL_SESSION *sess = s->session;
3718 const unsigned char **pformat = parg;
3720 if (sess == NULL || sess->ext.ecpointformats == NULL)
3722 *pformat = sess->ext.ecpointformats;
3723 return (int)sess->ext.ecpointformats_len;
3733 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3738 #ifndef OPENSSL_NO_DH
3739 case SSL_CTRL_SET_TMP_DH_CB:
3741 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3745 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3746 s->ext.debug_cb = (void (*)(SSL *, int, int,
3747 const unsigned char *, int, void *))fp;
3750 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3752 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3761 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3764 #ifndef OPENSSL_NO_DH
3765 case SSL_CTRL_SET_TMP_DH:
3767 DH *dh = (DH *)parg;
3768 EVP_PKEY *pkdh = NULL;
3770 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3773 pkdh = ssl_dh_to_pkey(dh);
3775 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3778 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3779 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3780 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3781 EVP_PKEY_free(pkdh);
3784 EVP_PKEY_free(ctx->cert->dh_tmp);
3785 ctx->cert->dh_tmp = pkdh;
3788 case SSL_CTRL_SET_TMP_DH_CB:
3790 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3793 case SSL_CTRL_SET_DH_AUTO:
3794 ctx->cert->dh_tmp_auto = larg;
3797 #ifndef OPENSSL_NO_EC
3798 case SSL_CTRL_SET_TMP_ECDH:
3800 const EC_GROUP *group = NULL;
3804 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3807 group = EC_KEY_get0_group((const EC_KEY *)parg);
3808 if (group == NULL) {
3809 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3812 nid = EC_GROUP_get_curve_name(group);
3813 if (nid == NID_undef)
3815 return tls1_set_groups(&ctx->ext.supportedgroups,
3816 &ctx->ext.supportedgroups_len,
3819 #endif /* !OPENSSL_NO_EC */
3820 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3821 ctx->ext.servername_arg = parg;
3823 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3824 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3826 unsigned char *keys = parg;
3827 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3828 sizeof(ctx->ext.tick_hmac_key) +
3829 sizeof(ctx->ext.tick_aes_key));
3832 if (larg != tick_keylen) {
3833 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3836 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3837 memcpy(ctx->ext.tick_key_name, keys,
3838 sizeof(ctx->ext.tick_key_name));
3839 memcpy(ctx->ext.tick_hmac_key,
3840 keys + sizeof(ctx->ext.tick_key_name),
3841 sizeof(ctx->ext.tick_hmac_key));
3842 memcpy(ctx->ext.tick_aes_key,
3843 keys + sizeof(ctx->ext.tick_key_name) +
3844 sizeof(ctx->ext.tick_hmac_key),
3845 sizeof(ctx->ext.tick_aes_key));
3847 memcpy(keys, ctx->ext.tick_key_name,
3848 sizeof(ctx->ext.tick_key_name));
3849 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3850 ctx->ext.tick_hmac_key,
3851 sizeof(ctx->ext.tick_hmac_key));
3852 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3853 sizeof(ctx->ext.tick_hmac_key),
3854 ctx->ext.tick_aes_key,
3855 sizeof(ctx->ext.tick_aes_key));
3860 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3861 return ctx->ext.status_type;
3863 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3864 ctx->ext.status_type = larg;
3867 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3868 ctx->ext.status_arg = parg;
3871 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3872 *(void**)parg = ctx->ext.status_arg;
3875 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3876 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3879 #ifndef OPENSSL_NO_SRP
3880 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3881 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3882 OPENSSL_free(ctx->srp_ctx.login);
3883 ctx->srp_ctx.login = NULL;
3886 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3887 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3890 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3891 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3895 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3896 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3897 srp_password_from_info_cb;
3898 if (ctx->srp_ctx.info != NULL)
3899 OPENSSL_free(ctx->srp_ctx.info);
3900 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3901 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3905 case SSL_CTRL_SET_SRP_ARG:
3906 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3907 ctx->srp_ctx.SRP_cb_arg = parg;
3910 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3911 ctx->srp_ctx.strength = larg;
3915 #ifndef OPENSSL_NO_EC
3916 case SSL_CTRL_SET_GROUPS:
3917 return tls1_set_groups(&ctx->ext.supportedgroups,
3918 &ctx->ext.supportedgroups_len,
3921 case SSL_CTRL_SET_GROUPS_LIST:
3922 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3923 &ctx->ext.supportedgroups_len,
3926 case SSL_CTRL_SET_SIGALGS:
3927 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3929 case SSL_CTRL_SET_SIGALGS_LIST:
3930 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3932 case SSL_CTRL_SET_CLIENT_SIGALGS:
3933 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3935 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3936 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3938 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3939 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3941 case SSL_CTRL_BUILD_CERT_CHAIN:
3942 return ssl_build_cert_chain(NULL, ctx, larg);
3944 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3945 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3947 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3948 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3950 /* A Thawte special :-) */
3951 case SSL_CTRL_EXTRA_CHAIN_CERT:
3952 if (ctx->extra_certs == NULL) {
3953 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3954 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3958 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3959 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3964 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3965 if (ctx->extra_certs == NULL && larg == 0)
3966 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3968 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3971 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3972 sk_X509_pop_free(ctx->extra_certs, X509_free);
3973 ctx->extra_certs = NULL;
3976 case SSL_CTRL_CHAIN:
3978 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3980 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3982 case SSL_CTRL_CHAIN_CERT:
3984 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3986 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3988 case SSL_CTRL_GET_CHAIN_CERTS:
3989 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3992 case SSL_CTRL_SELECT_CURRENT_CERT:
3993 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3995 case SSL_CTRL_SET_CURRENT_CERT:
3996 return ssl_cert_set_current(ctx->cert, larg);
4004 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4007 #ifndef OPENSSL_NO_DH
4008 case SSL_CTRL_SET_TMP_DH_CB:
4010 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4014 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4015 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4018 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4019 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4022 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4023 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4026 HMAC_CTX *, int))fp;
4029 #ifndef OPENSSL_NO_SRP
4030 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4031 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4032 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4034 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4035 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4036 ctx->srp_ctx.TLS_ext_srp_username_callback =
4037 (int (*)(SSL *, int *, void *))fp;
4039 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4040 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4041 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4042 (char *(*)(SSL *, void *))fp;
4045 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4047 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4056 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4059 const SSL_CIPHER *cp;
4062 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4065 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4068 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4070 SSL_CIPHER *c = NULL;
4071 SSL_CIPHER *tbl = ssl3_ciphers;
4074 /* this is not efficient, necessary to optimize this? */
4075 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
4076 if (tbl->stdname == NULL)
4078 if (strcmp(stdname, tbl->stdname) == 0) {
4085 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4086 if (strcmp(stdname, tbl->stdname) == 0) {
4096 * This function needs to check if the ciphers required are actually
4099 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4101 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4102 | ((uint32_t)p[0] << 8L)
4106 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4108 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4113 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4121 * ssl3_choose_cipher - choose a cipher from those offered by the client
4122 * @s: SSL connection
4123 * @clnt: ciphers offered by the client
4124 * @srvr: ciphers enabled on the server?
4126 * Returns the selected cipher or NULL when no common ciphers.
4128 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4129 STACK_OF(SSL_CIPHER) *srvr)
4131 const SSL_CIPHER *c, *ret = NULL;
4132 STACK_OF(SSL_CIPHER) *prio, *allow;
4134 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4135 #ifndef OPENSSL_NO_CHACHA
4136 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4139 /* Let's see which ciphers we can support */
4142 * Do not set the compare functions, because this may lead to a
4143 * reordering by "id". We want to keep the original ordering. We may pay
4144 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4145 * pay with the price of sk_SSL_CIPHER_dup().
4149 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4151 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4152 c = sk_SSL_CIPHER_value(srvr, i);
4153 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4155 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4157 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4158 c = sk_SSL_CIPHER_value(clnt, i);
4159 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4163 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4164 if (tls1_suiteb(s)) {
4167 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4170 #ifndef OPENSSL_NO_CHACHA
4171 /* If ChaCha20 is at the top of the client preference list,
4172 and there are ChaCha20 ciphers in the server list, then
4173 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4174 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4175 c = sk_SSL_CIPHER_value(clnt, 0);
4176 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4177 /* ChaCha20 is client preferred, check server... */
4178 int num = sk_SSL_CIPHER_num(srvr);
4180 for (i = 0; i < num; i++) {
4181 c = sk_SSL_CIPHER_value(srvr, i);
4182 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4188 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4189 /* if reserve fails, then there's likely a memory issue */
4190 if (prio_chacha != NULL) {
4191 /* Put all ChaCha20 at the top, starting with the one we just found */
4192 sk_SSL_CIPHER_push(prio_chacha, c);
4193 for (i++; i < num; i++) {
4194 c = sk_SSL_CIPHER_value(srvr, i);
4195 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4196 sk_SSL_CIPHER_push(prio_chacha, c);
4198 /* Pull in the rest */
4199 for (i = 0; i < num; i++) {
4200 c = sk_SSL_CIPHER_value(srvr, i);
4201 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4202 sk_SSL_CIPHER_push(prio_chacha, c);
4215 if (!SSL_IS_TLS13(s)) {
4216 tls1_set_cert_validity(s);
4220 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4221 c = sk_SSL_CIPHER_value(prio, i);
4223 /* Skip ciphers not supported by the protocol version */
4224 if (!SSL_IS_DTLS(s) &&
4225 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4227 if (SSL_IS_DTLS(s) &&
4228 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4229 DTLS_VERSION_GT(s->version, c->max_dtls)))
4233 * Since TLS 1.3 ciphersuites can be used with any auth or
4234 * key exchange scheme skip tests.
4236 if (!SSL_IS_TLS13(s)) {
4237 mask_k = s->s3->tmp.mask_k;
4238 mask_a = s->s3->tmp.mask_a;
4239 #ifndef OPENSSL_NO_SRP
4240 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4246 alg_k = c->algorithm_mkey;
4247 alg_a = c->algorithm_auth;
4249 #ifndef OPENSSL_NO_PSK
4250 /* with PSK there must be server callback set */
4251 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4253 #endif /* OPENSSL_NO_PSK */
4255 ok = (alg_k & mask_k) && (alg_a & mask_a);
4257 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4258 alg_a, mask_k, mask_a, (void *)c, c->name);
4261 #ifndef OPENSSL_NO_EC
4263 * if we are considering an ECC cipher suite that uses an ephemeral
4266 if (alg_k & SSL_kECDHE)
4267 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4268 #endif /* OPENSSL_NO_EC */
4273 ii = sk_SSL_CIPHER_find(allow, c);
4275 /* Check security callback permits this cipher */
4276 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4277 c->strength_bits, 0, (void *)c))
4279 #if !defined(OPENSSL_NO_EC)
4280 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4281 && s->s3->is_probably_safari) {
4283 ret = sk_SSL_CIPHER_value(allow, ii);
4287 ret = sk_SSL_CIPHER_value(allow, ii);
4291 #ifndef OPENSSL_NO_CHACHA
4292 sk_SSL_CIPHER_free(prio_chacha);
4297 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4299 uint32_t alg_k, alg_a = 0;
4301 /* If we have custom certificate types set, use them */
4303 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4304 /* Get mask of algorithms disabled by signature list */
4305 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4307 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4309 #ifndef OPENSSL_NO_GOST
4310 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4311 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4312 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4313 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4316 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4317 #ifndef OPENSSL_NO_DH
4318 # ifndef OPENSSL_NO_RSA
4319 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4322 # ifndef OPENSSL_NO_DSA
4323 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4326 #endif /* !OPENSSL_NO_DH */
4328 #ifndef OPENSSL_NO_RSA
4329 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4332 #ifndef OPENSSL_NO_DSA
4333 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4336 #ifndef OPENSSL_NO_EC
4338 * ECDSA certs can be used with RSA cipher suites too so we don't
4339 * need to check for SSL_kECDH or SSL_kECDHE
4341 if (s->version >= TLS1_VERSION
4342 && !(alg_a & SSL_aECDSA)
4343 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4349 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4351 OPENSSL_free(c->ctype);
4354 if (p == NULL || len == 0)
4358 c->ctype = OPENSSL_memdup(p, len);
4359 if (c->ctype == NULL)
4365 int ssl3_shutdown(SSL *s)
4370 * Don't do anything much if we have not done the handshake or we don't
4371 * want to send messages :-)
4373 if (s->quiet_shutdown || SSL_in_before(s)) {
4374 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4378 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4379 s->shutdown |= SSL_SENT_SHUTDOWN;
4380 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4382 * our shutdown alert has been sent now, and if it still needs to be
4383 * written, s->s3->alert_dispatch will be true
4385 if (s->s3->alert_dispatch)
4386 return -1; /* return WANT_WRITE */
4387 } else if (s->s3->alert_dispatch) {
4388 /* resend it if not sent */
4389 ret = s->method->ssl_dispatch_alert(s);
4392 * we only get to return -1 here the 2nd/Nth invocation, we must
4393 * have already signalled return 0 upon a previous invocation,
4398 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4401 * If we are waiting for a close from our peer, we are closed
4403 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4404 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4405 return -1; /* return WANT_READ */
4409 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4410 !s->s3->alert_dispatch)
4416 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4419 if (s->s3->renegotiate)
4420 ssl3_renegotiate_check(s, 0);
4422 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4426 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4432 if (s->s3->renegotiate)
4433 ssl3_renegotiate_check(s, 0);
4434 s->s3->in_read_app_data = 1;
4436 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4438 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4440 * ssl3_read_bytes decided to call s->handshake_func, which called
4441 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4442 * actually found application data and thinks that application data
4443 * makes sense here; so disable handshake processing and try to read
4444 * application data again.
4446 ossl_statem_set_in_handshake(s, 1);
4448 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4449 len, peek, readbytes);
4450 ossl_statem_set_in_handshake(s, 0);
4452 s->s3->in_read_app_data = 0;
4457 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4459 return ssl3_read_internal(s, buf, len, 0, readbytes);
4462 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4464 return ssl3_read_internal(s, buf, len, 1, readbytes);
4467 int ssl3_renegotiate(SSL *s)
4469 if (s->handshake_func == NULL)
4472 s->s3->renegotiate = 1;
4477 * Check if we are waiting to do a renegotiation and if so whether now is a
4478 * good time to do it. If |initok| is true then we are being called from inside
4479 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4480 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4481 * should do a renegotiation now and sets up the state machine for it. Otherwise
4484 int ssl3_renegotiate_check(SSL *s, int initok)
4488 if (s->s3->renegotiate) {
4489 if (!RECORD_LAYER_read_pending(&s->rlayer)
4490 && !RECORD_LAYER_write_pending(&s->rlayer)
4491 && (initok || !SSL_in_init(s))) {
4493 * if we are the server, and we have sent a 'RENEGOTIATE'
4494 * message, we need to set the state machine into the renegotiate
4497 ossl_statem_set_renegotiate(s);
4498 s->s3->renegotiate = 0;
4499 s->s3->num_renegotiations++;
4500 s->s3->total_renegotiations++;
4508 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4509 * handshake macs if required.
4511 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4513 long ssl_get_algorithm2(SSL *s)
4516 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4518 alg2 = s->s3->tmp.new_cipher->algorithm2;
4519 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4520 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4521 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4522 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4523 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4524 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4530 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4531 * failure, 1 on success.
4533 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4536 int send_time = 0, ret;
4541 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4543 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4545 unsigned long Time = (unsigned long)time(NULL);
4546 unsigned char *p = result;
4549 ret = ssl_randbytes(s, p, len - 4);
4551 ret = ssl_randbytes(s, result, len);
4553 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4555 if (!ossl_assert(sizeof(tls11downgrade) < len)
4556 || !ossl_assert(sizeof(tls12downgrade) < len))
4558 if (dgrd == DOWNGRADE_TO_1_2)
4559 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4560 sizeof(tls12downgrade));
4561 else if (dgrd == DOWNGRADE_TO_1_1)
4562 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4563 sizeof(tls11downgrade));
4569 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4572 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4575 if (alg_k & SSL_PSK) {
4576 #ifndef OPENSSL_NO_PSK
4577 unsigned char *pskpms, *t;
4578 size_t psklen = s->s3->tmp.psklen;
4581 /* create PSK premaster_secret */
4583 /* For plain PSK "other_secret" is psklen zeroes */
4584 if (alg_k & SSL_kPSK)
4587 pskpmslen = 4 + pmslen + psklen;
4588 pskpms = OPENSSL_malloc(pskpmslen);
4593 if (alg_k & SSL_kPSK)
4594 memset(t, 0, pmslen);
4596 memcpy(t, pms, pmslen);
4599 memcpy(t, s->s3->tmp.psk, psklen);
4601 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4602 s->s3->tmp.psk = NULL;
4603 if (!s->method->ssl3_enc->generate_master_secret(s,
4604 s->session->master_key,pskpms, pskpmslen,
4605 &s->session->master_key_length)) {
4606 /* SSLfatal() already called */
4609 OPENSSL_clear_free(pskpms, pskpmslen);
4611 /* Should never happen */
4615 if (!s->method->ssl3_enc->generate_master_secret(s,
4616 s->session->master_key, pms, pmslen,
4617 &s->session->master_key_length)) {
4618 /* SSLfatal() already called */
4627 OPENSSL_clear_free(pms, pmslen);
4629 OPENSSL_cleanse(pms, pmslen);
4632 s->s3->tmp.pms = NULL;
4636 /* Generate a private key from parameters */
4637 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4639 EVP_PKEY_CTX *pctx = NULL;
4640 EVP_PKEY *pkey = NULL;
4644 pctx = EVP_PKEY_CTX_new(pm, NULL);
4647 if (EVP_PKEY_keygen_init(pctx) <= 0)
4649 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4650 EVP_PKEY_free(pkey);
4655 EVP_PKEY_CTX_free(pctx);
4658 #ifndef OPENSSL_NO_EC
4659 /* Generate a private key from a group ID */
4660 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4662 EVP_PKEY_CTX *pctx = NULL;
4663 EVP_PKEY *pkey = NULL;
4664 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4668 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4669 ERR_R_INTERNAL_ERROR);
4672 gtype = ginf->flags & TLS_CURVE_TYPE;
4673 if (gtype == TLS_CURVE_CUSTOM)
4674 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4676 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4678 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4679 ERR_R_MALLOC_FAILURE);
4682 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4683 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4687 if (gtype != TLS_CURVE_CUSTOM
4688 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4689 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4693 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4694 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4696 EVP_PKEY_free(pkey);
4701 EVP_PKEY_CTX_free(pctx);
4706 * Generate parameters from a group ID
4708 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4710 EVP_PKEY_CTX *pctx = NULL;
4711 EVP_PKEY *pkey = NULL;
4712 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4717 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4718 pkey = EVP_PKEY_new();
4719 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4721 EVP_PKEY_free(pkey);
4725 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4728 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4730 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4732 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4733 EVP_PKEY_free(pkey);
4738 EVP_PKEY_CTX_free(pctx);
4743 /* Derive secrets for ECDH/DH */
4744 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4747 unsigned char *pms = NULL;
4751 if (privkey == NULL || pubkey == NULL) {
4752 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4753 ERR_R_INTERNAL_ERROR);
4757 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4759 if (EVP_PKEY_derive_init(pctx) <= 0
4760 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4761 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4762 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4763 ERR_R_INTERNAL_ERROR);
4767 pms = OPENSSL_malloc(pmslen);
4769 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4770 ERR_R_MALLOC_FAILURE);
4774 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4775 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4776 ERR_R_INTERNAL_ERROR);
4781 /* SSLfatal() called as appropriate in the below functions */
4782 if (SSL_IS_TLS13(s)) {
4784 * If we are resuming then we already generated the early secret
4785 * when we created the ClientHello, so don't recreate it.
4788 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4790 (unsigned char *)&s->early_secret);
4794 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4796 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4799 /* Save premaster secret */
4800 s->s3->tmp.pms = pms;
4801 s->s3->tmp.pmslen = pmslen;
4807 OPENSSL_clear_free(pms, pmslen);
4808 EVP_PKEY_CTX_free(pctx);
4812 #ifndef OPENSSL_NO_DH
4813 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4818 ret = EVP_PKEY_new();
4819 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {