Update the various SSL group getting and setting functions
[openssl.git] / ssl / s3_lib.c
1 /*
2  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  * Copyright 2005 Nokia. All rights reserved.
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include "internal/cryptlib.h"
22
23 DEFINE_STACK_OF(X509_NAME)
24 DEFINE_STACK_OF(X509)
25 DEFINE_STACK_OF_CONST(SSL_CIPHER)
26
27 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
28 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
29 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
30
31 /* TLSv1.3 downgrade protection sentinel values */
32 const unsigned char tls11downgrade[] = {
33     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
34 };
35 const unsigned char tls12downgrade[] = {
36     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
37 };
38
39 /* The list of available TLSv1.3 ciphers */
40 static SSL_CIPHER tls13_ciphers[] = {
41     {
42         1,
43         TLS1_3_RFC_AES_128_GCM_SHA256,
44         TLS1_3_RFC_AES_128_GCM_SHA256,
45         TLS1_3_CK_AES_128_GCM_SHA256,
46         SSL_kANY,
47         SSL_aANY,
48         SSL_AES128GCM,
49         SSL_AEAD,
50         TLS1_3_VERSION, TLS1_3_VERSION,
51         0, 0,
52         SSL_HIGH,
53         SSL_HANDSHAKE_MAC_SHA256,
54         128,
55         128,
56     }, {
57         1,
58         TLS1_3_RFC_AES_256_GCM_SHA384,
59         TLS1_3_RFC_AES_256_GCM_SHA384,
60         TLS1_3_CK_AES_256_GCM_SHA384,
61         SSL_kANY,
62         SSL_aANY,
63         SSL_AES256GCM,
64         SSL_AEAD,
65         TLS1_3_VERSION, TLS1_3_VERSION,
66         0, 0,
67         SSL_HIGH,
68         SSL_HANDSHAKE_MAC_SHA384,
69         256,
70         256,
71     },
72 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
73     {
74         1,
75         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
76         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
77         TLS1_3_CK_CHACHA20_POLY1305_SHA256,
78         SSL_kANY,
79         SSL_aANY,
80         SSL_CHACHA20POLY1305,
81         SSL_AEAD,
82         TLS1_3_VERSION, TLS1_3_VERSION,
83         0, 0,
84         SSL_HIGH,
85         SSL_HANDSHAKE_MAC_SHA256,
86         256,
87         256,
88     },
89 #endif
90     {
91         1,
92         TLS1_3_RFC_AES_128_CCM_SHA256,
93         TLS1_3_RFC_AES_128_CCM_SHA256,
94         TLS1_3_CK_AES_128_CCM_SHA256,
95         SSL_kANY,
96         SSL_aANY,
97         SSL_AES128CCM,
98         SSL_AEAD,
99         TLS1_3_VERSION, TLS1_3_VERSION,
100         0, 0,
101         SSL_NOT_DEFAULT | SSL_HIGH,
102         SSL_HANDSHAKE_MAC_SHA256,
103         128,
104         128,
105     }, {
106         1,
107         TLS1_3_RFC_AES_128_CCM_8_SHA256,
108         TLS1_3_RFC_AES_128_CCM_8_SHA256,
109         TLS1_3_CK_AES_128_CCM_8_SHA256,
110         SSL_kANY,
111         SSL_aANY,
112         SSL_AES128CCM8,
113         SSL_AEAD,
114         TLS1_3_VERSION, TLS1_3_VERSION,
115         0, 0,
116         SSL_NOT_DEFAULT | SSL_HIGH,
117         SSL_HANDSHAKE_MAC_SHA256,
118         128,
119         128,
120     }
121 };
122
123 /*
124  * The list of available ciphers, mostly organized into the following
125  * groups:
126  *      Always there
127  *      EC
128  *      PSK
129  *      SRP (within that: RSA EC PSK)
130  *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
131  *      Weak ciphers
132  */
133 static SSL_CIPHER ssl3_ciphers[] = {
134     {
135      1,
136      SSL3_TXT_RSA_NULL_MD5,
137      SSL3_RFC_RSA_NULL_MD5,
138      SSL3_CK_RSA_NULL_MD5,
139      SSL_kRSA,
140      SSL_aRSA,
141      SSL_eNULL,
142      SSL_MD5,
143      SSL3_VERSION, TLS1_2_VERSION,
144      DTLS1_BAD_VER, DTLS1_2_VERSION,
145      SSL_STRONG_NONE,
146      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
147      0,
148      0,
149      },
150     {
151      1,
152      SSL3_TXT_RSA_NULL_SHA,
153      SSL3_RFC_RSA_NULL_SHA,
154      SSL3_CK_RSA_NULL_SHA,
155      SSL_kRSA,
156      SSL_aRSA,
157      SSL_eNULL,
158      SSL_SHA1,
159      SSL3_VERSION, TLS1_2_VERSION,
160      DTLS1_BAD_VER, DTLS1_2_VERSION,
161      SSL_STRONG_NONE | SSL_FIPS,
162      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
163      0,
164      0,
165      },
166 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
167     {
168      1,
169      SSL3_TXT_RSA_DES_192_CBC3_SHA,
170      SSL3_RFC_RSA_DES_192_CBC3_SHA,
171      SSL3_CK_RSA_DES_192_CBC3_SHA,
172      SSL_kRSA,
173      SSL_aRSA,
174      SSL_3DES,
175      SSL_SHA1,
176      SSL3_VERSION, TLS1_2_VERSION,
177      DTLS1_BAD_VER, DTLS1_2_VERSION,
178      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
179      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180      112,
181      168,
182      },
183     {
184      1,
185      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
186      SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
187      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
188      SSL_kDHE,
189      SSL_aDSS,
190      SSL_3DES,
191      SSL_SHA1,
192      SSL3_VERSION, TLS1_2_VERSION,
193      DTLS1_BAD_VER, DTLS1_2_VERSION,
194      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
195      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196      112,
197      168,
198      },
199     {
200      1,
201      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
202      SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
203      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
204      SSL_kDHE,
205      SSL_aRSA,
206      SSL_3DES,
207      SSL_SHA1,
208      SSL3_VERSION, TLS1_2_VERSION,
209      DTLS1_BAD_VER, DTLS1_2_VERSION,
210      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
211      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212      112,
213      168,
214      },
215     {
216      1,
217      SSL3_TXT_ADH_DES_192_CBC_SHA,
218      SSL3_RFC_ADH_DES_192_CBC_SHA,
219      SSL3_CK_ADH_DES_192_CBC_SHA,
220      SSL_kDHE,
221      SSL_aNULL,
222      SSL_3DES,
223      SSL_SHA1,
224      SSL3_VERSION, TLS1_2_VERSION,
225      DTLS1_BAD_VER, DTLS1_2_VERSION,
226      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
227      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228      112,
229      168,
230      },
231 #endif
232     {
233      1,
234      TLS1_TXT_RSA_WITH_AES_128_SHA,
235      TLS1_RFC_RSA_WITH_AES_128_SHA,
236      TLS1_CK_RSA_WITH_AES_128_SHA,
237      SSL_kRSA,
238      SSL_aRSA,
239      SSL_AES128,
240      SSL_SHA1,
241      SSL3_VERSION, TLS1_2_VERSION,
242      DTLS1_BAD_VER, DTLS1_2_VERSION,
243      SSL_HIGH | SSL_FIPS,
244      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
245      128,
246      128,
247      },
248     {
249      1,
250      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
251      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
252      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
253      SSL_kDHE,
254      SSL_aDSS,
255      SSL_AES128,
256      SSL_SHA1,
257      SSL3_VERSION, TLS1_2_VERSION,
258      DTLS1_BAD_VER, DTLS1_2_VERSION,
259      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
260      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
261      128,
262      128,
263      },
264     {
265      1,
266      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
267      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
268      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
269      SSL_kDHE,
270      SSL_aRSA,
271      SSL_AES128,
272      SSL_SHA1,
273      SSL3_VERSION, TLS1_2_VERSION,
274      DTLS1_BAD_VER, DTLS1_2_VERSION,
275      SSL_HIGH | SSL_FIPS,
276      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277      128,
278      128,
279      },
280     {
281      1,
282      TLS1_TXT_ADH_WITH_AES_128_SHA,
283      TLS1_RFC_ADH_WITH_AES_128_SHA,
284      TLS1_CK_ADH_WITH_AES_128_SHA,
285      SSL_kDHE,
286      SSL_aNULL,
287      SSL_AES128,
288      SSL_SHA1,
289      SSL3_VERSION, TLS1_2_VERSION,
290      DTLS1_BAD_VER, DTLS1_2_VERSION,
291      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
292      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293      128,
294      128,
295      },
296     {
297      1,
298      TLS1_TXT_RSA_WITH_AES_256_SHA,
299      TLS1_RFC_RSA_WITH_AES_256_SHA,
300      TLS1_CK_RSA_WITH_AES_256_SHA,
301      SSL_kRSA,
302      SSL_aRSA,
303      SSL_AES256,
304      SSL_SHA1,
305      SSL3_VERSION, TLS1_2_VERSION,
306      DTLS1_BAD_VER, DTLS1_2_VERSION,
307      SSL_HIGH | SSL_FIPS,
308      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309      256,
310      256,
311      },
312     {
313      1,
314      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
315      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
316      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
317      SSL_kDHE,
318      SSL_aDSS,
319      SSL_AES256,
320      SSL_SHA1,
321      SSL3_VERSION, TLS1_2_VERSION,
322      DTLS1_BAD_VER, DTLS1_2_VERSION,
323      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
324      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325      256,
326      256,
327      },
328     {
329      1,
330      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
331      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
332      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
333      SSL_kDHE,
334      SSL_aRSA,
335      SSL_AES256,
336      SSL_SHA1,
337      SSL3_VERSION, TLS1_2_VERSION,
338      DTLS1_BAD_VER, DTLS1_2_VERSION,
339      SSL_HIGH | SSL_FIPS,
340      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341      256,
342      256,
343      },
344     {
345      1,
346      TLS1_TXT_ADH_WITH_AES_256_SHA,
347      TLS1_RFC_ADH_WITH_AES_256_SHA,
348      TLS1_CK_ADH_WITH_AES_256_SHA,
349      SSL_kDHE,
350      SSL_aNULL,
351      SSL_AES256,
352      SSL_SHA1,
353      SSL3_VERSION, TLS1_2_VERSION,
354      DTLS1_BAD_VER, DTLS1_2_VERSION,
355      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
356      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357      256,
358      256,
359      },
360     {
361      1,
362      TLS1_TXT_RSA_WITH_NULL_SHA256,
363      TLS1_RFC_RSA_WITH_NULL_SHA256,
364      TLS1_CK_RSA_WITH_NULL_SHA256,
365      SSL_kRSA,
366      SSL_aRSA,
367      SSL_eNULL,
368      SSL_SHA256,
369      TLS1_2_VERSION, TLS1_2_VERSION,
370      DTLS1_2_VERSION, DTLS1_2_VERSION,
371      SSL_STRONG_NONE | SSL_FIPS,
372      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373      0,
374      0,
375      },
376     {
377      1,
378      TLS1_TXT_RSA_WITH_AES_128_SHA256,
379      TLS1_RFC_RSA_WITH_AES_128_SHA256,
380      TLS1_CK_RSA_WITH_AES_128_SHA256,
381      SSL_kRSA,
382      SSL_aRSA,
383      SSL_AES128,
384      SSL_SHA256,
385      TLS1_2_VERSION, TLS1_2_VERSION,
386      DTLS1_2_VERSION, DTLS1_2_VERSION,
387      SSL_HIGH | SSL_FIPS,
388      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389      128,
390      128,
391      },
392     {
393      1,
394      TLS1_TXT_RSA_WITH_AES_256_SHA256,
395      TLS1_RFC_RSA_WITH_AES_256_SHA256,
396      TLS1_CK_RSA_WITH_AES_256_SHA256,
397      SSL_kRSA,
398      SSL_aRSA,
399      SSL_AES256,
400      SSL_SHA256,
401      TLS1_2_VERSION, TLS1_2_VERSION,
402      DTLS1_2_VERSION, DTLS1_2_VERSION,
403      SSL_HIGH | SSL_FIPS,
404      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
405      256,
406      256,
407      },
408     {
409      1,
410      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
411      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
412      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
413      SSL_kDHE,
414      SSL_aDSS,
415      SSL_AES128,
416      SSL_SHA256,
417      TLS1_2_VERSION, TLS1_2_VERSION,
418      DTLS1_2_VERSION, DTLS1_2_VERSION,
419      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
420      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
421      128,
422      128,
423      },
424     {
425      1,
426      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
427      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
428      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
429      SSL_kDHE,
430      SSL_aRSA,
431      SSL_AES128,
432      SSL_SHA256,
433      TLS1_2_VERSION, TLS1_2_VERSION,
434      DTLS1_2_VERSION, DTLS1_2_VERSION,
435      SSL_HIGH | SSL_FIPS,
436      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
437      128,
438      128,
439      },
440     {
441      1,
442      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
443      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
444      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
445      SSL_kDHE,
446      SSL_aDSS,
447      SSL_AES256,
448      SSL_SHA256,
449      TLS1_2_VERSION, TLS1_2_VERSION,
450      DTLS1_2_VERSION, DTLS1_2_VERSION,
451      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
452      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453      256,
454      256,
455      },
456     {
457      1,
458      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
459      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
460      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
461      SSL_kDHE,
462      SSL_aRSA,
463      SSL_AES256,
464      SSL_SHA256,
465      TLS1_2_VERSION, TLS1_2_VERSION,
466      DTLS1_2_VERSION, DTLS1_2_VERSION,
467      SSL_HIGH | SSL_FIPS,
468      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
469      256,
470      256,
471      },
472     {
473      1,
474      TLS1_TXT_ADH_WITH_AES_128_SHA256,
475      TLS1_RFC_ADH_WITH_AES_128_SHA256,
476      TLS1_CK_ADH_WITH_AES_128_SHA256,
477      SSL_kDHE,
478      SSL_aNULL,
479      SSL_AES128,
480      SSL_SHA256,
481      TLS1_2_VERSION, TLS1_2_VERSION,
482      DTLS1_2_VERSION, DTLS1_2_VERSION,
483      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
484      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
485      128,
486      128,
487      },
488     {
489      1,
490      TLS1_TXT_ADH_WITH_AES_256_SHA256,
491      TLS1_RFC_ADH_WITH_AES_256_SHA256,
492      TLS1_CK_ADH_WITH_AES_256_SHA256,
493      SSL_kDHE,
494      SSL_aNULL,
495      SSL_AES256,
496      SSL_SHA256,
497      TLS1_2_VERSION, TLS1_2_VERSION,
498      DTLS1_2_VERSION, DTLS1_2_VERSION,
499      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
500      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
501      256,
502      256,
503      },
504     {
505      1,
506      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
507      TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
508      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
509      SSL_kRSA,
510      SSL_aRSA,
511      SSL_AES128GCM,
512      SSL_AEAD,
513      TLS1_2_VERSION, TLS1_2_VERSION,
514      DTLS1_2_VERSION, DTLS1_2_VERSION,
515      SSL_HIGH | SSL_FIPS,
516      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
517      128,
518      128,
519      },
520     {
521      1,
522      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
523      TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
524      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
525      SSL_kRSA,
526      SSL_aRSA,
527      SSL_AES256GCM,
528      SSL_AEAD,
529      TLS1_2_VERSION, TLS1_2_VERSION,
530      DTLS1_2_VERSION, DTLS1_2_VERSION,
531      SSL_HIGH | SSL_FIPS,
532      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
533      256,
534      256,
535      },
536     {
537      1,
538      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
539      TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
540      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
541      SSL_kDHE,
542      SSL_aRSA,
543      SSL_AES128GCM,
544      SSL_AEAD,
545      TLS1_2_VERSION, TLS1_2_VERSION,
546      DTLS1_2_VERSION, DTLS1_2_VERSION,
547      SSL_HIGH | SSL_FIPS,
548      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
549      128,
550      128,
551      },
552     {
553      1,
554      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
555      TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
556      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
557      SSL_kDHE,
558      SSL_aRSA,
559      SSL_AES256GCM,
560      SSL_AEAD,
561      TLS1_2_VERSION, TLS1_2_VERSION,
562      DTLS1_2_VERSION, DTLS1_2_VERSION,
563      SSL_HIGH | SSL_FIPS,
564      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
565      256,
566      256,
567      },
568     {
569      1,
570      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
571      TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
572      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
573      SSL_kDHE,
574      SSL_aDSS,
575      SSL_AES128GCM,
576      SSL_AEAD,
577      TLS1_2_VERSION, TLS1_2_VERSION,
578      DTLS1_2_VERSION, DTLS1_2_VERSION,
579      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
580      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
581      128,
582      128,
583      },
584     {
585      1,
586      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
587      TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
588      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
589      SSL_kDHE,
590      SSL_aDSS,
591      SSL_AES256GCM,
592      SSL_AEAD,
593      TLS1_2_VERSION, TLS1_2_VERSION,
594      DTLS1_2_VERSION, DTLS1_2_VERSION,
595      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
596      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
597      256,
598      256,
599      },
600     {
601      1,
602      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
603      TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
604      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
605      SSL_kDHE,
606      SSL_aNULL,
607      SSL_AES128GCM,
608      SSL_AEAD,
609      TLS1_2_VERSION, TLS1_2_VERSION,
610      DTLS1_2_VERSION, DTLS1_2_VERSION,
611      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
612      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
613      128,
614      128,
615      },
616     {
617      1,
618      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
619      TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
620      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
621      SSL_kDHE,
622      SSL_aNULL,
623      SSL_AES256GCM,
624      SSL_AEAD,
625      TLS1_2_VERSION, TLS1_2_VERSION,
626      DTLS1_2_VERSION, DTLS1_2_VERSION,
627      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
628      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
629      256,
630      256,
631      },
632     {
633      1,
634      TLS1_TXT_RSA_WITH_AES_128_CCM,
635      TLS1_RFC_RSA_WITH_AES_128_CCM,
636      TLS1_CK_RSA_WITH_AES_128_CCM,
637      SSL_kRSA,
638      SSL_aRSA,
639      SSL_AES128CCM,
640      SSL_AEAD,
641      TLS1_2_VERSION, TLS1_2_VERSION,
642      DTLS1_2_VERSION, DTLS1_2_VERSION,
643      SSL_NOT_DEFAULT | SSL_HIGH,
644      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
645      128,
646      128,
647      },
648     {
649      1,
650      TLS1_TXT_RSA_WITH_AES_256_CCM,
651      TLS1_RFC_RSA_WITH_AES_256_CCM,
652      TLS1_CK_RSA_WITH_AES_256_CCM,
653      SSL_kRSA,
654      SSL_aRSA,
655      SSL_AES256CCM,
656      SSL_AEAD,
657      TLS1_2_VERSION, TLS1_2_VERSION,
658      DTLS1_2_VERSION, DTLS1_2_VERSION,
659      SSL_NOT_DEFAULT | SSL_HIGH,
660      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
661      256,
662      256,
663      },
664     {
665      1,
666      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
667      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
668      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
669      SSL_kDHE,
670      SSL_aRSA,
671      SSL_AES128CCM,
672      SSL_AEAD,
673      TLS1_2_VERSION, TLS1_2_VERSION,
674      DTLS1_2_VERSION, DTLS1_2_VERSION,
675      SSL_NOT_DEFAULT | SSL_HIGH,
676      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
677      128,
678      128,
679      },
680     {
681      1,
682      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
683      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
684      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
685      SSL_kDHE,
686      SSL_aRSA,
687      SSL_AES256CCM,
688      SSL_AEAD,
689      TLS1_2_VERSION, TLS1_2_VERSION,
690      DTLS1_2_VERSION, DTLS1_2_VERSION,
691      SSL_NOT_DEFAULT | SSL_HIGH,
692      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
693      256,
694      256,
695      },
696     {
697      1,
698      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
699      TLS1_RFC_RSA_WITH_AES_128_CCM_8,
700      TLS1_CK_RSA_WITH_AES_128_CCM_8,
701      SSL_kRSA,
702      SSL_aRSA,
703      SSL_AES128CCM8,
704      SSL_AEAD,
705      TLS1_2_VERSION, TLS1_2_VERSION,
706      DTLS1_2_VERSION, DTLS1_2_VERSION,
707      SSL_NOT_DEFAULT | SSL_HIGH,
708      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
709      128,
710      128,
711      },
712     {
713      1,
714      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
715      TLS1_RFC_RSA_WITH_AES_256_CCM_8,
716      TLS1_CK_RSA_WITH_AES_256_CCM_8,
717      SSL_kRSA,
718      SSL_aRSA,
719      SSL_AES256CCM8,
720      SSL_AEAD,
721      TLS1_2_VERSION, TLS1_2_VERSION,
722      DTLS1_2_VERSION, DTLS1_2_VERSION,
723      SSL_NOT_DEFAULT | SSL_HIGH,
724      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
725      256,
726      256,
727      },
728     {
729      1,
730      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
731      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
732      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
733      SSL_kDHE,
734      SSL_aRSA,
735      SSL_AES128CCM8,
736      SSL_AEAD,
737      TLS1_2_VERSION, TLS1_2_VERSION,
738      DTLS1_2_VERSION, DTLS1_2_VERSION,
739      SSL_NOT_DEFAULT | SSL_HIGH,
740      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
741      128,
742      128,
743      },
744     {
745      1,
746      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
747      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
748      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
749      SSL_kDHE,
750      SSL_aRSA,
751      SSL_AES256CCM8,
752      SSL_AEAD,
753      TLS1_2_VERSION, TLS1_2_VERSION,
754      DTLS1_2_VERSION, DTLS1_2_VERSION,
755      SSL_NOT_DEFAULT | SSL_HIGH,
756      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
757      256,
758      256,
759      },
760     {
761      1,
762      TLS1_TXT_PSK_WITH_AES_128_CCM,
763      TLS1_RFC_PSK_WITH_AES_128_CCM,
764      TLS1_CK_PSK_WITH_AES_128_CCM,
765      SSL_kPSK,
766      SSL_aPSK,
767      SSL_AES128CCM,
768      SSL_AEAD,
769      TLS1_2_VERSION, TLS1_2_VERSION,
770      DTLS1_2_VERSION, DTLS1_2_VERSION,
771      SSL_NOT_DEFAULT | SSL_HIGH,
772      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773      128,
774      128,
775      },
776     {
777      1,
778      TLS1_TXT_PSK_WITH_AES_256_CCM,
779      TLS1_RFC_PSK_WITH_AES_256_CCM,
780      TLS1_CK_PSK_WITH_AES_256_CCM,
781      SSL_kPSK,
782      SSL_aPSK,
783      SSL_AES256CCM,
784      SSL_AEAD,
785      TLS1_2_VERSION, TLS1_2_VERSION,
786      DTLS1_2_VERSION, DTLS1_2_VERSION,
787      SSL_NOT_DEFAULT | SSL_HIGH,
788      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
789      256,
790      256,
791      },
792     {
793      1,
794      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
795      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
796      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
797      SSL_kDHEPSK,
798      SSL_aPSK,
799      SSL_AES128CCM,
800      SSL_AEAD,
801      TLS1_2_VERSION, TLS1_2_VERSION,
802      DTLS1_2_VERSION, DTLS1_2_VERSION,
803      SSL_NOT_DEFAULT | SSL_HIGH,
804      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
805      128,
806      128,
807      },
808     {
809      1,
810      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
811      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
812      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
813      SSL_kDHEPSK,
814      SSL_aPSK,
815      SSL_AES256CCM,
816      SSL_AEAD,
817      TLS1_2_VERSION, TLS1_2_VERSION,
818      DTLS1_2_VERSION, DTLS1_2_VERSION,
819      SSL_NOT_DEFAULT | SSL_HIGH,
820      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
821      256,
822      256,
823      },
824     {
825      1,
826      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
827      TLS1_RFC_PSK_WITH_AES_128_CCM_8,
828      TLS1_CK_PSK_WITH_AES_128_CCM_8,
829      SSL_kPSK,
830      SSL_aPSK,
831      SSL_AES128CCM8,
832      SSL_AEAD,
833      TLS1_2_VERSION, TLS1_2_VERSION,
834      DTLS1_2_VERSION, DTLS1_2_VERSION,
835      SSL_NOT_DEFAULT | SSL_HIGH,
836      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
837      128,
838      128,
839      },
840     {
841      1,
842      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
843      TLS1_RFC_PSK_WITH_AES_256_CCM_8,
844      TLS1_CK_PSK_WITH_AES_256_CCM_8,
845      SSL_kPSK,
846      SSL_aPSK,
847      SSL_AES256CCM8,
848      SSL_AEAD,
849      TLS1_2_VERSION, TLS1_2_VERSION,
850      DTLS1_2_VERSION, DTLS1_2_VERSION,
851      SSL_NOT_DEFAULT | SSL_HIGH,
852      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
853      256,
854      256,
855      },
856     {
857      1,
858      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
859      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
860      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
861      SSL_kDHEPSK,
862      SSL_aPSK,
863      SSL_AES128CCM8,
864      SSL_AEAD,
865      TLS1_2_VERSION, TLS1_2_VERSION,
866      DTLS1_2_VERSION, DTLS1_2_VERSION,
867      SSL_NOT_DEFAULT | SSL_HIGH,
868      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
869      128,
870      128,
871      },
872     {
873      1,
874      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
875      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
876      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
877      SSL_kDHEPSK,
878      SSL_aPSK,
879      SSL_AES256CCM8,
880      SSL_AEAD,
881      TLS1_2_VERSION, TLS1_2_VERSION,
882      DTLS1_2_VERSION, DTLS1_2_VERSION,
883      SSL_NOT_DEFAULT | SSL_HIGH,
884      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
885      256,
886      256,
887      },
888     {
889      1,
890      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
891      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
892      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
893      SSL_kECDHE,
894      SSL_aECDSA,
895      SSL_AES128CCM,
896      SSL_AEAD,
897      TLS1_2_VERSION, TLS1_2_VERSION,
898      DTLS1_2_VERSION, DTLS1_2_VERSION,
899      SSL_NOT_DEFAULT | SSL_HIGH,
900      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
901      128,
902      128,
903      },
904     {
905      1,
906      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
907      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
908      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
909      SSL_kECDHE,
910      SSL_aECDSA,
911      SSL_AES256CCM,
912      SSL_AEAD,
913      TLS1_2_VERSION, TLS1_2_VERSION,
914      DTLS1_2_VERSION, DTLS1_2_VERSION,
915      SSL_NOT_DEFAULT | SSL_HIGH,
916      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
917      256,
918      256,
919      },
920     {
921      1,
922      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
923      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
924      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
925      SSL_kECDHE,
926      SSL_aECDSA,
927      SSL_AES128CCM8,
928      SSL_AEAD,
929      TLS1_2_VERSION, TLS1_2_VERSION,
930      DTLS1_2_VERSION, DTLS1_2_VERSION,
931      SSL_NOT_DEFAULT | SSL_HIGH,
932      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
933      128,
934      128,
935      },
936     {
937      1,
938      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
939      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
940      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
941      SSL_kECDHE,
942      SSL_aECDSA,
943      SSL_AES256CCM8,
944      SSL_AEAD,
945      TLS1_2_VERSION, TLS1_2_VERSION,
946      DTLS1_2_VERSION, DTLS1_2_VERSION,
947      SSL_NOT_DEFAULT | SSL_HIGH,
948      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
949      256,
950      256,
951      },
952     {
953      1,
954      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
955      TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
956      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
957      SSL_kECDHE,
958      SSL_aECDSA,
959      SSL_eNULL,
960      SSL_SHA1,
961      TLS1_VERSION, TLS1_2_VERSION,
962      DTLS1_BAD_VER, DTLS1_2_VERSION,
963      SSL_STRONG_NONE | SSL_FIPS,
964      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
965      0,
966      0,
967      },
968 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
969     {
970      1,
971      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
972      TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
973      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
974      SSL_kECDHE,
975      SSL_aECDSA,
976      SSL_3DES,
977      SSL_SHA1,
978      TLS1_VERSION, TLS1_2_VERSION,
979      DTLS1_BAD_VER, DTLS1_2_VERSION,
980      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
981      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
982      112,
983      168,
984      },
985 # endif
986     {
987      1,
988      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
989      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
990      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
991      SSL_kECDHE,
992      SSL_aECDSA,
993      SSL_AES128,
994      SSL_SHA1,
995      TLS1_VERSION, TLS1_2_VERSION,
996      DTLS1_BAD_VER, DTLS1_2_VERSION,
997      SSL_HIGH | SSL_FIPS,
998      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
999      128,
1000      128,
1001      },
1002     {
1003      1,
1004      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1005      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1006      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1007      SSL_kECDHE,
1008      SSL_aECDSA,
1009      SSL_AES256,
1010      SSL_SHA1,
1011      TLS1_VERSION, TLS1_2_VERSION,
1012      DTLS1_BAD_VER, DTLS1_2_VERSION,
1013      SSL_HIGH | SSL_FIPS,
1014      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1015      256,
1016      256,
1017      },
1018     {
1019      1,
1020      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1021      TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1022      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1023      SSL_kECDHE,
1024      SSL_aRSA,
1025      SSL_eNULL,
1026      SSL_SHA1,
1027      TLS1_VERSION, TLS1_2_VERSION,
1028      DTLS1_BAD_VER, DTLS1_2_VERSION,
1029      SSL_STRONG_NONE | SSL_FIPS,
1030      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1031      0,
1032      0,
1033      },
1034 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1035     {
1036      1,
1037      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1038      TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1039      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1040      SSL_kECDHE,
1041      SSL_aRSA,
1042      SSL_3DES,
1043      SSL_SHA1,
1044      TLS1_VERSION, TLS1_2_VERSION,
1045      DTLS1_BAD_VER, DTLS1_2_VERSION,
1046      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1047      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1048      112,
1049      168,
1050      },
1051 # endif
1052     {
1053      1,
1054      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1055      TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1056      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1057      SSL_kECDHE,
1058      SSL_aRSA,
1059      SSL_AES128,
1060      SSL_SHA1,
1061      TLS1_VERSION, TLS1_2_VERSION,
1062      DTLS1_BAD_VER, DTLS1_2_VERSION,
1063      SSL_HIGH | SSL_FIPS,
1064      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1065      128,
1066      128,
1067      },
1068     {
1069      1,
1070      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1071      TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1072      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1073      SSL_kECDHE,
1074      SSL_aRSA,
1075      SSL_AES256,
1076      SSL_SHA1,
1077      TLS1_VERSION, TLS1_2_VERSION,
1078      DTLS1_BAD_VER, DTLS1_2_VERSION,
1079      SSL_HIGH | SSL_FIPS,
1080      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1081      256,
1082      256,
1083      },
1084     {
1085      1,
1086      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1087      TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1088      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1089      SSL_kECDHE,
1090      SSL_aNULL,
1091      SSL_eNULL,
1092      SSL_SHA1,
1093      TLS1_VERSION, TLS1_2_VERSION,
1094      DTLS1_BAD_VER, DTLS1_2_VERSION,
1095      SSL_STRONG_NONE | SSL_FIPS,
1096      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1097      0,
1098      0,
1099      },
1100 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1101     {
1102      1,
1103      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1104      TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1105      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1106      SSL_kECDHE,
1107      SSL_aNULL,
1108      SSL_3DES,
1109      SSL_SHA1,
1110      TLS1_VERSION, TLS1_2_VERSION,
1111      DTLS1_BAD_VER, DTLS1_2_VERSION,
1112      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1113      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114      112,
1115      168,
1116      },
1117 # endif
1118     {
1119      1,
1120      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1121      TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1122      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1123      SSL_kECDHE,
1124      SSL_aNULL,
1125      SSL_AES128,
1126      SSL_SHA1,
1127      TLS1_VERSION, TLS1_2_VERSION,
1128      DTLS1_BAD_VER, DTLS1_2_VERSION,
1129      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1130      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1131      128,
1132      128,
1133      },
1134     {
1135      1,
1136      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1137      TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1138      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1139      SSL_kECDHE,
1140      SSL_aNULL,
1141      SSL_AES256,
1142      SSL_SHA1,
1143      TLS1_VERSION, TLS1_2_VERSION,
1144      DTLS1_BAD_VER, DTLS1_2_VERSION,
1145      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1146      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1147      256,
1148      256,
1149      },
1150     {
1151      1,
1152      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1153      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1154      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1155      SSL_kECDHE,
1156      SSL_aECDSA,
1157      SSL_AES128,
1158      SSL_SHA256,
1159      TLS1_2_VERSION, TLS1_2_VERSION,
1160      DTLS1_2_VERSION, DTLS1_2_VERSION,
1161      SSL_HIGH | SSL_FIPS,
1162      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1163      128,
1164      128,
1165      },
1166     {
1167      1,
1168      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1169      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1170      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1171      SSL_kECDHE,
1172      SSL_aECDSA,
1173      SSL_AES256,
1174      SSL_SHA384,
1175      TLS1_2_VERSION, TLS1_2_VERSION,
1176      DTLS1_2_VERSION, DTLS1_2_VERSION,
1177      SSL_HIGH | SSL_FIPS,
1178      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1179      256,
1180      256,
1181      },
1182     {
1183      1,
1184      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1185      TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1186      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1187      SSL_kECDHE,
1188      SSL_aRSA,
1189      SSL_AES128,
1190      SSL_SHA256,
1191      TLS1_2_VERSION, TLS1_2_VERSION,
1192      DTLS1_2_VERSION, DTLS1_2_VERSION,
1193      SSL_HIGH | SSL_FIPS,
1194      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1195      128,
1196      128,
1197      },
1198     {
1199      1,
1200      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1201      TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1202      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1203      SSL_kECDHE,
1204      SSL_aRSA,
1205      SSL_AES256,
1206      SSL_SHA384,
1207      TLS1_2_VERSION, TLS1_2_VERSION,
1208      DTLS1_2_VERSION, DTLS1_2_VERSION,
1209      SSL_HIGH | SSL_FIPS,
1210      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1211      256,
1212      256,
1213      },
1214     {
1215      1,
1216      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1217      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1218      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1219      SSL_kECDHE,
1220      SSL_aECDSA,
1221      SSL_AES128GCM,
1222      SSL_AEAD,
1223      TLS1_2_VERSION, TLS1_2_VERSION,
1224      DTLS1_2_VERSION, DTLS1_2_VERSION,
1225      SSL_HIGH | SSL_FIPS,
1226      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1227      128,
1228      128,
1229      },
1230     {
1231      1,
1232      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1233      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1234      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1235      SSL_kECDHE,
1236      SSL_aECDSA,
1237      SSL_AES256GCM,
1238      SSL_AEAD,
1239      TLS1_2_VERSION, TLS1_2_VERSION,
1240      DTLS1_2_VERSION, DTLS1_2_VERSION,
1241      SSL_HIGH | SSL_FIPS,
1242      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1243      256,
1244      256,
1245      },
1246     {
1247      1,
1248      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1249      TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1250      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1251      SSL_kECDHE,
1252      SSL_aRSA,
1253      SSL_AES128GCM,
1254      SSL_AEAD,
1255      TLS1_2_VERSION, TLS1_2_VERSION,
1256      DTLS1_2_VERSION, DTLS1_2_VERSION,
1257      SSL_HIGH | SSL_FIPS,
1258      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1259      128,
1260      128,
1261      },
1262     {
1263      1,
1264      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1265      TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1266      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1267      SSL_kECDHE,
1268      SSL_aRSA,
1269      SSL_AES256GCM,
1270      SSL_AEAD,
1271      TLS1_2_VERSION, TLS1_2_VERSION,
1272      DTLS1_2_VERSION, DTLS1_2_VERSION,
1273      SSL_HIGH | SSL_FIPS,
1274      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1275      256,
1276      256,
1277      },
1278     {
1279      1,
1280      TLS1_TXT_PSK_WITH_NULL_SHA,
1281      TLS1_RFC_PSK_WITH_NULL_SHA,
1282      TLS1_CK_PSK_WITH_NULL_SHA,
1283      SSL_kPSK,
1284      SSL_aPSK,
1285      SSL_eNULL,
1286      SSL_SHA1,
1287      SSL3_VERSION, TLS1_2_VERSION,
1288      DTLS1_BAD_VER, DTLS1_2_VERSION,
1289      SSL_STRONG_NONE | SSL_FIPS,
1290      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1291      0,
1292      0,
1293      },
1294     {
1295      1,
1296      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1297      TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1298      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1299      SSL_kDHEPSK,
1300      SSL_aPSK,
1301      SSL_eNULL,
1302      SSL_SHA1,
1303      SSL3_VERSION, TLS1_2_VERSION,
1304      DTLS1_BAD_VER, DTLS1_2_VERSION,
1305      SSL_STRONG_NONE | SSL_FIPS,
1306      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1307      0,
1308      0,
1309      },
1310     {
1311      1,
1312      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1313      TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1314      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1315      SSL_kRSAPSK,
1316      SSL_aRSA,
1317      SSL_eNULL,
1318      SSL_SHA1,
1319      SSL3_VERSION, TLS1_2_VERSION,
1320      DTLS1_BAD_VER, DTLS1_2_VERSION,
1321      SSL_STRONG_NONE | SSL_FIPS,
1322      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1323      0,
1324      0,
1325      },
1326 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1327     {
1328      1,
1329      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1330      TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1331      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1332      SSL_kPSK,
1333      SSL_aPSK,
1334      SSL_3DES,
1335      SSL_SHA1,
1336      SSL3_VERSION, TLS1_2_VERSION,
1337      DTLS1_BAD_VER, DTLS1_2_VERSION,
1338      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1339      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1340      112,
1341      168,
1342      },
1343 # endif
1344     {
1345      1,
1346      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1347      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1348      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1349      SSL_kPSK,
1350      SSL_aPSK,
1351      SSL_AES128,
1352      SSL_SHA1,
1353      SSL3_VERSION, TLS1_2_VERSION,
1354      DTLS1_BAD_VER, DTLS1_2_VERSION,
1355      SSL_HIGH | SSL_FIPS,
1356      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1357      128,
1358      128,
1359      },
1360     {
1361      1,
1362      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1363      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1364      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1365      SSL_kPSK,
1366      SSL_aPSK,
1367      SSL_AES256,
1368      SSL_SHA1,
1369      SSL3_VERSION, TLS1_2_VERSION,
1370      DTLS1_BAD_VER, DTLS1_2_VERSION,
1371      SSL_HIGH | SSL_FIPS,
1372      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1373      256,
1374      256,
1375      },
1376 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1377     {
1378      1,
1379      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1380      TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1381      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1382      SSL_kDHEPSK,
1383      SSL_aPSK,
1384      SSL_3DES,
1385      SSL_SHA1,
1386      SSL3_VERSION, TLS1_2_VERSION,
1387      DTLS1_BAD_VER, DTLS1_2_VERSION,
1388      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1389      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1390      112,
1391      168,
1392      },
1393 # endif
1394     {
1395      1,
1396      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1397      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1398      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1399      SSL_kDHEPSK,
1400      SSL_aPSK,
1401      SSL_AES128,
1402      SSL_SHA1,
1403      SSL3_VERSION, TLS1_2_VERSION,
1404      DTLS1_BAD_VER, DTLS1_2_VERSION,
1405      SSL_HIGH | SSL_FIPS,
1406      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1407      128,
1408      128,
1409      },
1410     {
1411      1,
1412      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1413      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1414      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1415      SSL_kDHEPSK,
1416      SSL_aPSK,
1417      SSL_AES256,
1418      SSL_SHA1,
1419      SSL3_VERSION, TLS1_2_VERSION,
1420      DTLS1_BAD_VER, DTLS1_2_VERSION,
1421      SSL_HIGH | SSL_FIPS,
1422      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423      256,
1424      256,
1425      },
1426 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1427     {
1428      1,
1429      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1430      TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1431      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1432      SSL_kRSAPSK,
1433      SSL_aRSA,
1434      SSL_3DES,
1435      SSL_SHA1,
1436      SSL3_VERSION, TLS1_2_VERSION,
1437      DTLS1_BAD_VER, DTLS1_2_VERSION,
1438      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1439      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1440      112,
1441      168,
1442      },
1443 # endif
1444     {
1445      1,
1446      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1447      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1448      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1449      SSL_kRSAPSK,
1450      SSL_aRSA,
1451      SSL_AES128,
1452      SSL_SHA1,
1453      SSL3_VERSION, TLS1_2_VERSION,
1454      DTLS1_BAD_VER, DTLS1_2_VERSION,
1455      SSL_HIGH | SSL_FIPS,
1456      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1457      128,
1458      128,
1459      },
1460     {
1461      1,
1462      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1463      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1464      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1465      SSL_kRSAPSK,
1466      SSL_aRSA,
1467      SSL_AES256,
1468      SSL_SHA1,
1469      SSL3_VERSION, TLS1_2_VERSION,
1470      DTLS1_BAD_VER, DTLS1_2_VERSION,
1471      SSL_HIGH | SSL_FIPS,
1472      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1473      256,
1474      256,
1475      },
1476     {
1477      1,
1478      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1479      TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1480      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1481      SSL_kPSK,
1482      SSL_aPSK,
1483      SSL_AES128GCM,
1484      SSL_AEAD,
1485      TLS1_2_VERSION, TLS1_2_VERSION,
1486      DTLS1_2_VERSION, DTLS1_2_VERSION,
1487      SSL_HIGH | SSL_FIPS,
1488      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1489      128,
1490      128,
1491      },
1492     {
1493      1,
1494      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1495      TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1496      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1497      SSL_kPSK,
1498      SSL_aPSK,
1499      SSL_AES256GCM,
1500      SSL_AEAD,
1501      TLS1_2_VERSION, TLS1_2_VERSION,
1502      DTLS1_2_VERSION, DTLS1_2_VERSION,
1503      SSL_HIGH | SSL_FIPS,
1504      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1505      256,
1506      256,
1507      },
1508     {
1509      1,
1510      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1511      TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1512      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1513      SSL_kDHEPSK,
1514      SSL_aPSK,
1515      SSL_AES128GCM,
1516      SSL_AEAD,
1517      TLS1_2_VERSION, TLS1_2_VERSION,
1518      DTLS1_2_VERSION, DTLS1_2_VERSION,
1519      SSL_HIGH | SSL_FIPS,
1520      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1521      128,
1522      128,
1523      },
1524     {
1525      1,
1526      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1527      TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1528      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1529      SSL_kDHEPSK,
1530      SSL_aPSK,
1531      SSL_AES256GCM,
1532      SSL_AEAD,
1533      TLS1_2_VERSION, TLS1_2_VERSION,
1534      DTLS1_2_VERSION, DTLS1_2_VERSION,
1535      SSL_HIGH | SSL_FIPS,
1536      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1537      256,
1538      256,
1539      },
1540     {
1541      1,
1542      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1543      TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1544      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1545      SSL_kRSAPSK,
1546      SSL_aRSA,
1547      SSL_AES128GCM,
1548      SSL_AEAD,
1549      TLS1_2_VERSION, TLS1_2_VERSION,
1550      DTLS1_2_VERSION, DTLS1_2_VERSION,
1551      SSL_HIGH | SSL_FIPS,
1552      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1553      128,
1554      128,
1555      },
1556     {
1557      1,
1558      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1559      TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1560      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1561      SSL_kRSAPSK,
1562      SSL_aRSA,
1563      SSL_AES256GCM,
1564      SSL_AEAD,
1565      TLS1_2_VERSION, TLS1_2_VERSION,
1566      DTLS1_2_VERSION, DTLS1_2_VERSION,
1567      SSL_HIGH | SSL_FIPS,
1568      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1569      256,
1570      256,
1571      },
1572     {
1573      1,
1574      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1575      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1576      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1577      SSL_kPSK,
1578      SSL_aPSK,
1579      SSL_AES128,
1580      SSL_SHA256,
1581      TLS1_VERSION, TLS1_2_VERSION,
1582      DTLS1_BAD_VER, DTLS1_2_VERSION,
1583      SSL_HIGH | SSL_FIPS,
1584      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1585      128,
1586      128,
1587      },
1588     {
1589      1,
1590      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1591      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1592      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1593      SSL_kPSK,
1594      SSL_aPSK,
1595      SSL_AES256,
1596      SSL_SHA384,
1597      TLS1_VERSION, TLS1_2_VERSION,
1598      DTLS1_BAD_VER, DTLS1_2_VERSION,
1599      SSL_HIGH | SSL_FIPS,
1600      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1601      256,
1602      256,
1603      },
1604     {
1605      1,
1606      TLS1_TXT_PSK_WITH_NULL_SHA256,
1607      TLS1_RFC_PSK_WITH_NULL_SHA256,
1608      TLS1_CK_PSK_WITH_NULL_SHA256,
1609      SSL_kPSK,
1610      SSL_aPSK,
1611      SSL_eNULL,
1612      SSL_SHA256,
1613      TLS1_VERSION, TLS1_2_VERSION,
1614      DTLS1_BAD_VER, DTLS1_2_VERSION,
1615      SSL_STRONG_NONE | SSL_FIPS,
1616      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1617      0,
1618      0,
1619      },
1620     {
1621      1,
1622      TLS1_TXT_PSK_WITH_NULL_SHA384,
1623      TLS1_RFC_PSK_WITH_NULL_SHA384,
1624      TLS1_CK_PSK_WITH_NULL_SHA384,
1625      SSL_kPSK,
1626      SSL_aPSK,
1627      SSL_eNULL,
1628      SSL_SHA384,
1629      TLS1_VERSION, TLS1_2_VERSION,
1630      DTLS1_BAD_VER, DTLS1_2_VERSION,
1631      SSL_STRONG_NONE | SSL_FIPS,
1632      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1633      0,
1634      0,
1635      },
1636     {
1637      1,
1638      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1639      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1640      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1641      SSL_kDHEPSK,
1642      SSL_aPSK,
1643      SSL_AES128,
1644      SSL_SHA256,
1645      TLS1_VERSION, TLS1_2_VERSION,
1646      DTLS1_BAD_VER, DTLS1_2_VERSION,
1647      SSL_HIGH | SSL_FIPS,
1648      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1649      128,
1650      128,
1651      },
1652     {
1653      1,
1654      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1655      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1656      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1657      SSL_kDHEPSK,
1658      SSL_aPSK,
1659      SSL_AES256,
1660      SSL_SHA384,
1661      TLS1_VERSION, TLS1_2_VERSION,
1662      DTLS1_BAD_VER, DTLS1_2_VERSION,
1663      SSL_HIGH | SSL_FIPS,
1664      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1665      256,
1666      256,
1667      },
1668     {
1669      1,
1670      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1671      TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1672      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1673      SSL_kDHEPSK,
1674      SSL_aPSK,
1675      SSL_eNULL,
1676      SSL_SHA256,
1677      TLS1_VERSION, TLS1_2_VERSION,
1678      DTLS1_BAD_VER, DTLS1_2_VERSION,
1679      SSL_STRONG_NONE | SSL_FIPS,
1680      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1681      0,
1682      0,
1683      },
1684     {
1685      1,
1686      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1687      TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1688      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1689      SSL_kDHEPSK,
1690      SSL_aPSK,
1691      SSL_eNULL,
1692      SSL_SHA384,
1693      TLS1_VERSION, TLS1_2_VERSION,
1694      DTLS1_BAD_VER, DTLS1_2_VERSION,
1695      SSL_STRONG_NONE | SSL_FIPS,
1696      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1697      0,
1698      0,
1699      },
1700     {
1701      1,
1702      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1703      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1704      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1705      SSL_kRSAPSK,
1706      SSL_aRSA,
1707      SSL_AES128,
1708      SSL_SHA256,
1709      TLS1_VERSION, TLS1_2_VERSION,
1710      DTLS1_BAD_VER, DTLS1_2_VERSION,
1711      SSL_HIGH | SSL_FIPS,
1712      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1713      128,
1714      128,
1715      },
1716     {
1717      1,
1718      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1719      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1720      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1721      SSL_kRSAPSK,
1722      SSL_aRSA,
1723      SSL_AES256,
1724      SSL_SHA384,
1725      TLS1_VERSION, TLS1_2_VERSION,
1726      DTLS1_BAD_VER, DTLS1_2_VERSION,
1727      SSL_HIGH | SSL_FIPS,
1728      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1729      256,
1730      256,
1731      },
1732     {
1733      1,
1734      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1735      TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1736      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1737      SSL_kRSAPSK,
1738      SSL_aRSA,
1739      SSL_eNULL,
1740      SSL_SHA256,
1741      TLS1_VERSION, TLS1_2_VERSION,
1742      DTLS1_BAD_VER, DTLS1_2_VERSION,
1743      SSL_STRONG_NONE | SSL_FIPS,
1744      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1745      0,
1746      0,
1747      },
1748     {
1749      1,
1750      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1751      TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1752      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1753      SSL_kRSAPSK,
1754      SSL_aRSA,
1755      SSL_eNULL,
1756      SSL_SHA384,
1757      TLS1_VERSION, TLS1_2_VERSION,
1758      DTLS1_BAD_VER, DTLS1_2_VERSION,
1759      SSL_STRONG_NONE | SSL_FIPS,
1760      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1761      0,
1762      0,
1763      },
1764 #  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1765     {
1766      1,
1767      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1768      TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1769      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1770      SSL_kECDHEPSK,
1771      SSL_aPSK,
1772      SSL_3DES,
1773      SSL_SHA1,
1774      TLS1_VERSION, TLS1_2_VERSION,
1775      DTLS1_BAD_VER, DTLS1_2_VERSION,
1776      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1777      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1778      112,
1779      168,
1780      },
1781 #  endif
1782     {
1783      1,
1784      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1785      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1786      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1787      SSL_kECDHEPSK,
1788      SSL_aPSK,
1789      SSL_AES128,
1790      SSL_SHA1,
1791      TLS1_VERSION, TLS1_2_VERSION,
1792      DTLS1_BAD_VER, DTLS1_2_VERSION,
1793      SSL_HIGH | SSL_FIPS,
1794      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795      128,
1796      128,
1797      },
1798     {
1799      1,
1800      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1801      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1802      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1803      SSL_kECDHEPSK,
1804      SSL_aPSK,
1805      SSL_AES256,
1806      SSL_SHA1,
1807      TLS1_VERSION, TLS1_2_VERSION,
1808      DTLS1_BAD_VER, DTLS1_2_VERSION,
1809      SSL_HIGH | SSL_FIPS,
1810      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1811      256,
1812      256,
1813      },
1814     {
1815      1,
1816      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1817      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1818      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1819      SSL_kECDHEPSK,
1820      SSL_aPSK,
1821      SSL_AES128,
1822      SSL_SHA256,
1823      TLS1_VERSION, TLS1_2_VERSION,
1824      DTLS1_BAD_VER, DTLS1_2_VERSION,
1825      SSL_HIGH | SSL_FIPS,
1826      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1827      128,
1828      128,
1829      },
1830     {
1831      1,
1832      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1833      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1834      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1835      SSL_kECDHEPSK,
1836      SSL_aPSK,
1837      SSL_AES256,
1838      SSL_SHA384,
1839      TLS1_VERSION, TLS1_2_VERSION,
1840      DTLS1_BAD_VER, DTLS1_2_VERSION,
1841      SSL_HIGH | SSL_FIPS,
1842      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1843      256,
1844      256,
1845      },
1846     {
1847      1,
1848      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1849      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1850      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1851      SSL_kECDHEPSK,
1852      SSL_aPSK,
1853      SSL_eNULL,
1854      SSL_SHA1,
1855      TLS1_VERSION, TLS1_2_VERSION,
1856      DTLS1_BAD_VER, DTLS1_2_VERSION,
1857      SSL_STRONG_NONE | SSL_FIPS,
1858      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859      0,
1860      0,
1861      },
1862     {
1863      1,
1864      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1865      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1866      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1867      SSL_kECDHEPSK,
1868      SSL_aPSK,
1869      SSL_eNULL,
1870      SSL_SHA256,
1871      TLS1_VERSION, TLS1_2_VERSION,
1872      DTLS1_BAD_VER, DTLS1_2_VERSION,
1873      SSL_STRONG_NONE | SSL_FIPS,
1874      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875      0,
1876      0,
1877      },
1878     {
1879      1,
1880      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1881      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1882      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1883      SSL_kECDHEPSK,
1884      SSL_aPSK,
1885      SSL_eNULL,
1886      SSL_SHA384,
1887      TLS1_VERSION, TLS1_2_VERSION,
1888      DTLS1_BAD_VER, DTLS1_2_VERSION,
1889      SSL_STRONG_NONE | SSL_FIPS,
1890      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891      0,
1892      0,
1893      },
1894
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1896     {
1897      1,
1898      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899      TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1901      SSL_kSRP,
1902      SSL_aSRP,
1903      SSL_3DES,
1904      SSL_SHA1,
1905      SSL3_VERSION, TLS1_2_VERSION,
1906      DTLS1_BAD_VER, DTLS1_2_VERSION,
1907      SSL_NOT_DEFAULT | SSL_MEDIUM,
1908      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909      112,
1910      168,
1911      },
1912     {
1913      1,
1914      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915      TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1917      SSL_kSRP,
1918      SSL_aRSA,
1919      SSL_3DES,
1920      SSL_SHA1,
1921      SSL3_VERSION, TLS1_2_VERSION,
1922      DTLS1_BAD_VER, DTLS1_2_VERSION,
1923      SSL_NOT_DEFAULT | SSL_MEDIUM,
1924      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925      112,
1926      168,
1927      },
1928     {
1929      1,
1930      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931      TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1933      SSL_kSRP,
1934      SSL_aDSS,
1935      SSL_3DES,
1936      SSL_SHA1,
1937      SSL3_VERSION, TLS1_2_VERSION,
1938      DTLS1_BAD_VER, DTLS1_2_VERSION,
1939      SSL_NOT_DEFAULT | SSL_MEDIUM,
1940      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941      112,
1942      168,
1943      },
1944 # endif
1945     {
1946      1,
1947      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948      TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1949      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1950      SSL_kSRP,
1951      SSL_aSRP,
1952      SSL_AES128,
1953      SSL_SHA1,
1954      SSL3_VERSION, TLS1_2_VERSION,
1955      DTLS1_BAD_VER, DTLS1_2_VERSION,
1956      SSL_HIGH,
1957      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958      128,
1959      128,
1960      },
1961     {
1962      1,
1963      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964      TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1966      SSL_kSRP,
1967      SSL_aRSA,
1968      SSL_AES128,
1969      SSL_SHA1,
1970      SSL3_VERSION, TLS1_2_VERSION,
1971      DTLS1_BAD_VER, DTLS1_2_VERSION,
1972      SSL_HIGH,
1973      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974      128,
1975      128,
1976      },
1977     {
1978      1,
1979      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980      TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1982      SSL_kSRP,
1983      SSL_aDSS,
1984      SSL_AES128,
1985      SSL_SHA1,
1986      SSL3_VERSION, TLS1_2_VERSION,
1987      DTLS1_BAD_VER, DTLS1_2_VERSION,
1988      SSL_NOT_DEFAULT | SSL_HIGH,
1989      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990      128,
1991      128,
1992      },
1993     {
1994      1,
1995      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996      TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1997      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1998      SSL_kSRP,
1999      SSL_aSRP,
2000      SSL_AES256,
2001      SSL_SHA1,
2002      SSL3_VERSION, TLS1_2_VERSION,
2003      DTLS1_BAD_VER, DTLS1_2_VERSION,
2004      SSL_HIGH,
2005      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2006      256,
2007      256,
2008      },
2009     {
2010      1,
2011      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012      TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2014      SSL_kSRP,
2015      SSL_aRSA,
2016      SSL_AES256,
2017      SSL_SHA1,
2018      SSL3_VERSION, TLS1_2_VERSION,
2019      DTLS1_BAD_VER, DTLS1_2_VERSION,
2020      SSL_HIGH,
2021      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2022      256,
2023      256,
2024      },
2025     {
2026      1,
2027      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028      TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2030      SSL_kSRP,
2031      SSL_aDSS,
2032      SSL_AES256,
2033      SSL_SHA1,
2034      SSL3_VERSION, TLS1_2_VERSION,
2035      DTLS1_BAD_VER, DTLS1_2_VERSION,
2036      SSL_NOT_DEFAULT | SSL_HIGH,
2037      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2038      256,
2039      256,
2040      },
2041
2042 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2043     {
2044      1,
2045      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2046      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2047      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2048      SSL_kDHE,
2049      SSL_aRSA,
2050      SSL_CHACHA20POLY1305,
2051      SSL_AEAD,
2052      TLS1_2_VERSION, TLS1_2_VERSION,
2053      DTLS1_2_VERSION, DTLS1_2_VERSION,
2054      SSL_HIGH,
2055      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2056      256,
2057      256,
2058      },
2059     {
2060      1,
2061      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2062      TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2063      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2064      SSL_kECDHE,
2065      SSL_aRSA,
2066      SSL_CHACHA20POLY1305,
2067      SSL_AEAD,
2068      TLS1_2_VERSION, TLS1_2_VERSION,
2069      DTLS1_2_VERSION, DTLS1_2_VERSION,
2070      SSL_HIGH,
2071      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2072      256,
2073      256,
2074      },
2075     {
2076      1,
2077      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2078      TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2079      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2080      SSL_kECDHE,
2081      SSL_aECDSA,
2082      SSL_CHACHA20POLY1305,
2083      SSL_AEAD,
2084      TLS1_2_VERSION, TLS1_2_VERSION,
2085      DTLS1_2_VERSION, DTLS1_2_VERSION,
2086      SSL_HIGH,
2087      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2088      256,
2089      256,
2090      },
2091     {
2092      1,
2093      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2094      TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2095      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2096      SSL_kPSK,
2097      SSL_aPSK,
2098      SSL_CHACHA20POLY1305,
2099      SSL_AEAD,
2100      TLS1_2_VERSION, TLS1_2_VERSION,
2101      DTLS1_2_VERSION, DTLS1_2_VERSION,
2102      SSL_HIGH,
2103      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104      256,
2105      256,
2106      },
2107     {
2108      1,
2109      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2110      TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2111      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2112      SSL_kECDHEPSK,
2113      SSL_aPSK,
2114      SSL_CHACHA20POLY1305,
2115      SSL_AEAD,
2116      TLS1_2_VERSION, TLS1_2_VERSION,
2117      DTLS1_2_VERSION, DTLS1_2_VERSION,
2118      SSL_HIGH,
2119      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120      256,
2121      256,
2122      },
2123     {
2124      1,
2125      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2126      TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2127      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2128      SSL_kDHEPSK,
2129      SSL_aPSK,
2130      SSL_CHACHA20POLY1305,
2131      SSL_AEAD,
2132      TLS1_2_VERSION, TLS1_2_VERSION,
2133      DTLS1_2_VERSION, DTLS1_2_VERSION,
2134      SSL_HIGH,
2135      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136      256,
2137      256,
2138      },
2139     {
2140      1,
2141      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2142      TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2143      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2144      SSL_kRSAPSK,
2145      SSL_aRSA,
2146      SSL_CHACHA20POLY1305,
2147      SSL_AEAD,
2148      TLS1_2_VERSION, TLS1_2_VERSION,
2149      DTLS1_2_VERSION, DTLS1_2_VERSION,
2150      SSL_HIGH,
2151      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152      256,
2153      256,
2154      },
2155 #endif                          /* !defined(OPENSSL_NO_CHACHA) &&
2156                                  * !defined(OPENSSL_NO_POLY1305) */
2157
2158 #ifndef OPENSSL_NO_CAMELLIA
2159     {
2160      1,
2161      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2162      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2163      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2164      SSL_kRSA,
2165      SSL_aRSA,
2166      SSL_CAMELLIA128,
2167      SSL_SHA256,
2168      TLS1_2_VERSION, TLS1_2_VERSION,
2169      DTLS1_2_VERSION, DTLS1_2_VERSION,
2170      SSL_NOT_DEFAULT | SSL_HIGH,
2171      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2172      128,
2173      128,
2174      },
2175     {
2176      1,
2177      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2178      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2179      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2180      SSL_kEDH,
2181      SSL_aDSS,
2182      SSL_CAMELLIA128,
2183      SSL_SHA256,
2184      TLS1_2_VERSION, TLS1_2_VERSION,
2185      DTLS1_2_VERSION, DTLS1_2_VERSION,
2186      SSL_NOT_DEFAULT | SSL_HIGH,
2187      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2188      128,
2189      128,
2190      },
2191     {
2192      1,
2193      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2194      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2195      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2196      SSL_kEDH,
2197      SSL_aRSA,
2198      SSL_CAMELLIA128,
2199      SSL_SHA256,
2200      TLS1_2_VERSION, TLS1_2_VERSION,
2201      DTLS1_2_VERSION, DTLS1_2_VERSION,
2202      SSL_NOT_DEFAULT | SSL_HIGH,
2203      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2204      128,
2205      128,
2206      },
2207     {
2208      1,
2209      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2210      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2211      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2212      SSL_kEDH,
2213      SSL_aNULL,
2214      SSL_CAMELLIA128,
2215      SSL_SHA256,
2216      TLS1_2_VERSION, TLS1_2_VERSION,
2217      DTLS1_2_VERSION, DTLS1_2_VERSION,
2218      SSL_NOT_DEFAULT | SSL_HIGH,
2219      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2220      128,
2221      128,
2222      },
2223     {
2224      1,
2225      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2226      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2227      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2228      SSL_kRSA,
2229      SSL_aRSA,
2230      SSL_CAMELLIA256,
2231      SSL_SHA256,
2232      TLS1_2_VERSION, TLS1_2_VERSION,
2233      DTLS1_2_VERSION, DTLS1_2_VERSION,
2234      SSL_NOT_DEFAULT | SSL_HIGH,
2235      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2236      256,
2237      256,
2238      },
2239     {
2240      1,
2241      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2242      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2243      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2244      SSL_kEDH,
2245      SSL_aDSS,
2246      SSL_CAMELLIA256,
2247      SSL_SHA256,
2248      TLS1_2_VERSION, TLS1_2_VERSION,
2249      DTLS1_2_VERSION, DTLS1_2_VERSION,
2250      SSL_NOT_DEFAULT | SSL_HIGH,
2251      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2252      256,
2253      256,
2254      },
2255     {
2256      1,
2257      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2258      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2259      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2260      SSL_kEDH,
2261      SSL_aRSA,
2262      SSL_CAMELLIA256,
2263      SSL_SHA256,
2264      TLS1_2_VERSION, TLS1_2_VERSION,
2265      DTLS1_2_VERSION, DTLS1_2_VERSION,
2266      SSL_NOT_DEFAULT | SSL_HIGH,
2267      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2268      256,
2269      256,
2270      },
2271     {
2272      1,
2273      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2274      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2275      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2276      SSL_kEDH,
2277      SSL_aNULL,
2278      SSL_CAMELLIA256,
2279      SSL_SHA256,
2280      TLS1_2_VERSION, TLS1_2_VERSION,
2281      DTLS1_2_VERSION, DTLS1_2_VERSION,
2282      SSL_NOT_DEFAULT | SSL_HIGH,
2283      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2284      256,
2285      256,
2286      },
2287     {
2288      1,
2289      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2290      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2291      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2292      SSL_kRSA,
2293      SSL_aRSA,
2294      SSL_CAMELLIA256,
2295      SSL_SHA1,
2296      SSL3_VERSION, TLS1_2_VERSION,
2297      DTLS1_BAD_VER, DTLS1_2_VERSION,
2298      SSL_NOT_DEFAULT | SSL_HIGH,
2299      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2300      256,
2301      256,
2302      },
2303     {
2304      1,
2305      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2306      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2307      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2308      SSL_kDHE,
2309      SSL_aDSS,
2310      SSL_CAMELLIA256,
2311      SSL_SHA1,
2312      SSL3_VERSION, TLS1_2_VERSION,
2313      DTLS1_BAD_VER, DTLS1_2_VERSION,
2314      SSL_NOT_DEFAULT | SSL_HIGH,
2315      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2316      256,
2317      256,
2318      },
2319     {
2320      1,
2321      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2322      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2323      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2324      SSL_kDHE,
2325      SSL_aRSA,
2326      SSL_CAMELLIA256,
2327      SSL_SHA1,
2328      SSL3_VERSION, TLS1_2_VERSION,
2329      DTLS1_BAD_VER, DTLS1_2_VERSION,
2330      SSL_NOT_DEFAULT | SSL_HIGH,
2331      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2332      256,
2333      256,
2334      },
2335     {
2336      1,
2337      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2338      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2339      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2340      SSL_kDHE,
2341      SSL_aNULL,
2342      SSL_CAMELLIA256,
2343      SSL_SHA1,
2344      SSL3_VERSION, TLS1_2_VERSION,
2345      DTLS1_BAD_VER, DTLS1_2_VERSION,
2346      SSL_NOT_DEFAULT | SSL_HIGH,
2347      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2348      256,
2349      256,
2350      },
2351     {
2352      1,
2353      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2354      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2355      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2356      SSL_kRSA,
2357      SSL_aRSA,
2358      SSL_CAMELLIA128,
2359      SSL_SHA1,
2360      SSL3_VERSION, TLS1_2_VERSION,
2361      DTLS1_BAD_VER, DTLS1_2_VERSION,
2362      SSL_NOT_DEFAULT | SSL_HIGH,
2363      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2364      128,
2365      128,
2366      },
2367     {
2368      1,
2369      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2370      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2371      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2372      SSL_kDHE,
2373      SSL_aDSS,
2374      SSL_CAMELLIA128,
2375      SSL_SHA1,
2376      SSL3_VERSION, TLS1_2_VERSION,
2377      DTLS1_BAD_VER, DTLS1_2_VERSION,
2378      SSL_NOT_DEFAULT | SSL_HIGH,
2379      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2380      128,
2381      128,
2382      },
2383     {
2384      1,
2385      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2386      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2387      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2388      SSL_kDHE,
2389      SSL_aRSA,
2390      SSL_CAMELLIA128,
2391      SSL_SHA1,
2392      SSL3_VERSION, TLS1_2_VERSION,
2393      DTLS1_BAD_VER, DTLS1_2_VERSION,
2394      SSL_NOT_DEFAULT | SSL_HIGH,
2395      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2396      128,
2397      128,
2398      },
2399     {
2400      1,
2401      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2402      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2403      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2404      SSL_kDHE,
2405      SSL_aNULL,
2406      SSL_CAMELLIA128,
2407      SSL_SHA1,
2408      SSL3_VERSION, TLS1_2_VERSION,
2409      DTLS1_BAD_VER, DTLS1_2_VERSION,
2410      SSL_NOT_DEFAULT | SSL_HIGH,
2411      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2412      128,
2413      128,
2414      },
2415     {
2416      1,
2417      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2418      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2419      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2420      SSL_kECDHE,
2421      SSL_aECDSA,
2422      SSL_CAMELLIA128,
2423      SSL_SHA256,
2424      TLS1_2_VERSION, TLS1_2_VERSION,
2425      DTLS1_2_VERSION, DTLS1_2_VERSION,
2426      SSL_NOT_DEFAULT | SSL_HIGH,
2427      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2428      128,
2429      128,
2430      },
2431     {
2432      1,
2433      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2434      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2435      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2436      SSL_kECDHE,
2437      SSL_aECDSA,
2438      SSL_CAMELLIA256,
2439      SSL_SHA384,
2440      TLS1_2_VERSION, TLS1_2_VERSION,
2441      DTLS1_2_VERSION, DTLS1_2_VERSION,
2442      SSL_NOT_DEFAULT | SSL_HIGH,
2443      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2444      256,
2445      256,
2446      },
2447     {
2448      1,
2449      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2450      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2451      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2452      SSL_kECDHE,
2453      SSL_aRSA,
2454      SSL_CAMELLIA128,
2455      SSL_SHA256,
2456      TLS1_2_VERSION, TLS1_2_VERSION,
2457      DTLS1_2_VERSION, DTLS1_2_VERSION,
2458      SSL_NOT_DEFAULT | SSL_HIGH,
2459      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2460      128,
2461      128,
2462      },
2463     {
2464      1,
2465      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2466      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2467      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2468      SSL_kECDHE,
2469      SSL_aRSA,
2470      SSL_CAMELLIA256,
2471      SSL_SHA384,
2472      TLS1_2_VERSION, TLS1_2_VERSION,
2473      DTLS1_2_VERSION, DTLS1_2_VERSION,
2474      SSL_NOT_DEFAULT | SSL_HIGH,
2475      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2476      256,
2477      256,
2478      },
2479     {
2480      1,
2481      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2482      TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2483      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2484      SSL_kPSK,
2485      SSL_aPSK,
2486      SSL_CAMELLIA128,
2487      SSL_SHA256,
2488      TLS1_VERSION, TLS1_2_VERSION,
2489      DTLS1_BAD_VER, DTLS1_2_VERSION,
2490      SSL_NOT_DEFAULT | SSL_HIGH,
2491      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2492      128,
2493      128,
2494      },
2495     {
2496      1,
2497      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2498      TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2499      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2500      SSL_kPSK,
2501      SSL_aPSK,
2502      SSL_CAMELLIA256,
2503      SSL_SHA384,
2504      TLS1_VERSION, TLS1_2_VERSION,
2505      DTLS1_BAD_VER, DTLS1_2_VERSION,
2506      SSL_NOT_DEFAULT | SSL_HIGH,
2507      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2508      256,
2509      256,
2510      },
2511     {
2512      1,
2513      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2514      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2515      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2516      SSL_kDHEPSK,
2517      SSL_aPSK,
2518      SSL_CAMELLIA128,
2519      SSL_SHA256,
2520      TLS1_VERSION, TLS1_2_VERSION,
2521      DTLS1_BAD_VER, DTLS1_2_VERSION,
2522      SSL_NOT_DEFAULT | SSL_HIGH,
2523      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2524      128,
2525      128,
2526      },
2527     {
2528      1,
2529      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2530      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2531      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2532      SSL_kDHEPSK,
2533      SSL_aPSK,
2534      SSL_CAMELLIA256,
2535      SSL_SHA384,
2536      TLS1_VERSION, TLS1_2_VERSION,
2537      DTLS1_BAD_VER, DTLS1_2_VERSION,
2538      SSL_NOT_DEFAULT | SSL_HIGH,
2539      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2540      256,
2541      256,
2542      },
2543     {
2544      1,
2545      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2546      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2547      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2548      SSL_kRSAPSK,
2549      SSL_aRSA,
2550      SSL_CAMELLIA128,
2551      SSL_SHA256,
2552      TLS1_VERSION, TLS1_2_VERSION,
2553      DTLS1_BAD_VER, DTLS1_2_VERSION,
2554      SSL_NOT_DEFAULT | SSL_HIGH,
2555      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2556      128,
2557      128,
2558      },
2559     {
2560      1,
2561      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2562      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2563      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2564      SSL_kRSAPSK,
2565      SSL_aRSA,
2566      SSL_CAMELLIA256,
2567      SSL_SHA384,
2568      TLS1_VERSION, TLS1_2_VERSION,
2569      DTLS1_BAD_VER, DTLS1_2_VERSION,
2570      SSL_NOT_DEFAULT | SSL_HIGH,
2571      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2572      256,
2573      256,
2574      },
2575     {
2576      1,
2577      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2578      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2579      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2580      SSL_kECDHEPSK,
2581      SSL_aPSK,
2582      SSL_CAMELLIA128,
2583      SSL_SHA256,
2584      TLS1_VERSION, TLS1_2_VERSION,
2585      DTLS1_BAD_VER, DTLS1_2_VERSION,
2586      SSL_NOT_DEFAULT | SSL_HIGH,
2587      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2588      128,
2589      128,
2590      },
2591     {
2592      1,
2593      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2594      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2595      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2596      SSL_kECDHEPSK,
2597      SSL_aPSK,
2598      SSL_CAMELLIA256,
2599      SSL_SHA384,
2600      TLS1_VERSION, TLS1_2_VERSION,
2601      DTLS1_BAD_VER, DTLS1_2_VERSION,
2602      SSL_NOT_DEFAULT | SSL_HIGH,
2603      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2604      256,
2605      256,
2606      },
2607 #endif                          /* OPENSSL_NO_CAMELLIA */
2608
2609 #ifndef OPENSSL_NO_GOST
2610     {
2611      1,
2612      "GOST2001-GOST89-GOST89",
2613      "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2614      0x3000081,
2615      SSL_kGOST,
2616      SSL_aGOST01,
2617      SSL_eGOST2814789CNT,
2618      SSL_GOST89MAC,
2619      TLS1_VERSION, TLS1_2_VERSION,
2620      0, 0,
2621      SSL_HIGH,
2622      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2623      256,
2624      256,
2625      },
2626     {
2627      1,
2628      "GOST2001-NULL-GOST94",
2629      "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2630      0x3000083,
2631      SSL_kGOST,
2632      SSL_aGOST01,
2633      SSL_eNULL,
2634      SSL_GOST94,
2635      TLS1_VERSION, TLS1_2_VERSION,
2636      0, 0,
2637      SSL_STRONG_NONE,
2638      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2639      0,
2640      0,
2641      },
2642     {
2643      1,
2644      "IANA-GOST2012-GOST8912-GOST8912",
2645      NULL,
2646      0x0300c102,
2647      SSL_kGOST,
2648      SSL_aGOST12 | SSL_aGOST01,
2649      SSL_eGOST2814789CNT12,
2650      SSL_GOST89MAC12,
2651      TLS1_VERSION, TLS1_2_VERSION,
2652      0, 0,
2653      SSL_HIGH,
2654      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2655      256,
2656      256,
2657      },
2658     {
2659      1,
2660      "LEGACY-GOST2012-GOST8912-GOST8912",
2661      NULL,
2662      0x0300ff85,
2663      SSL_kGOST,
2664      SSL_aGOST12 | SSL_aGOST01,
2665      SSL_eGOST2814789CNT12,
2666      SSL_GOST89MAC12,
2667      TLS1_VERSION, TLS1_2_VERSION,
2668      0, 0,
2669      SSL_HIGH,
2670      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2671      256,
2672      256,
2673      },
2674     {
2675      1,
2676      "GOST2012-NULL-GOST12",
2677      NULL,
2678      0x0300ff87,
2679      SSL_kGOST,
2680      SSL_aGOST12 | SSL_aGOST01,
2681      SSL_eNULL,
2682      SSL_GOST12_256,
2683      TLS1_VERSION, TLS1_2_VERSION,
2684      0, 0,
2685      SSL_STRONG_NONE,
2686      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2687      0,
2688      0,
2689      },
2690     {
2691      1,
2692      "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2693      NULL,
2694      0x0300C100,
2695      SSL_kGOST18,
2696      SSL_aGOST12,
2697      SSL_KUZNYECHIK,
2698      SSL_KUZNYECHIKOMAC,
2699      TLS1_2_VERSION, TLS1_2_VERSION,
2700      0, 0,
2701      SSL_HIGH,
2702      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2703      256,
2704      256,
2705      },
2706     {
2707      1,
2708      "GOST2012-MAGMA-MAGMAOMAC",
2709      NULL,
2710      0x0300C101,
2711      SSL_kGOST18,
2712      SSL_aGOST12,
2713      SSL_MAGMA,
2714      SSL_MAGMAOMAC,
2715      TLS1_2_VERSION, TLS1_2_VERSION,
2716      0, 0,
2717      SSL_HIGH,
2718      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2719      256,
2720      256,
2721      },
2722 #endif                          /* OPENSSL_NO_GOST */
2723
2724 #ifndef OPENSSL_NO_IDEA
2725     {
2726      1,
2727      SSL3_TXT_RSA_IDEA_128_SHA,
2728      SSL3_RFC_RSA_IDEA_128_SHA,
2729      SSL3_CK_RSA_IDEA_128_SHA,
2730      SSL_kRSA,
2731      SSL_aRSA,
2732      SSL_IDEA,
2733      SSL_SHA1,
2734      SSL3_VERSION, TLS1_1_VERSION,
2735      DTLS1_BAD_VER, DTLS1_VERSION,
2736      SSL_NOT_DEFAULT | SSL_MEDIUM,
2737      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2738      128,
2739      128,
2740      },
2741 #endif
2742
2743 #ifndef OPENSSL_NO_SEED
2744     {
2745      1,
2746      TLS1_TXT_RSA_WITH_SEED_SHA,
2747      TLS1_RFC_RSA_WITH_SEED_SHA,
2748      TLS1_CK_RSA_WITH_SEED_SHA,
2749      SSL_kRSA,
2750      SSL_aRSA,
2751      SSL_SEED,
2752      SSL_SHA1,
2753      SSL3_VERSION, TLS1_2_VERSION,
2754      DTLS1_BAD_VER, DTLS1_2_VERSION,
2755      SSL_NOT_DEFAULT | SSL_MEDIUM,
2756      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2757      128,
2758      128,
2759      },
2760     {
2761      1,
2762      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2763      TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2764      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2765      SSL_kDHE,
2766      SSL_aDSS,
2767      SSL_SEED,
2768      SSL_SHA1,
2769      SSL3_VERSION, TLS1_2_VERSION,
2770      DTLS1_BAD_VER, DTLS1_2_VERSION,
2771      SSL_NOT_DEFAULT | SSL_MEDIUM,
2772      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2773      128,
2774      128,
2775      },
2776     {
2777      1,
2778      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2779      TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2780      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2781      SSL_kDHE,
2782      SSL_aRSA,
2783      SSL_SEED,
2784      SSL_SHA1,
2785      SSL3_VERSION, TLS1_2_VERSION,
2786      DTLS1_BAD_VER, DTLS1_2_VERSION,
2787      SSL_NOT_DEFAULT | SSL_MEDIUM,
2788      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2789      128,
2790      128,
2791      },
2792     {
2793      1,
2794      TLS1_TXT_ADH_WITH_SEED_SHA,
2795      TLS1_RFC_ADH_WITH_SEED_SHA,
2796      TLS1_CK_ADH_WITH_SEED_SHA,
2797      SSL_kDHE,
2798      SSL_aNULL,
2799      SSL_SEED,
2800      SSL_SHA1,
2801      SSL3_VERSION, TLS1_2_VERSION,
2802      DTLS1_BAD_VER, DTLS1_2_VERSION,
2803      SSL_NOT_DEFAULT | SSL_MEDIUM,
2804      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2805      128,
2806      128,
2807      },
2808 #endif                          /* OPENSSL_NO_SEED */
2809
2810 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2811     {
2812      1,
2813      SSL3_TXT_RSA_RC4_128_MD5,
2814      SSL3_RFC_RSA_RC4_128_MD5,
2815      SSL3_CK_RSA_RC4_128_MD5,
2816      SSL_kRSA,
2817      SSL_aRSA,
2818      SSL_RC4,
2819      SSL_MD5,
2820      SSL3_VERSION, TLS1_2_VERSION,
2821      0, 0,
2822      SSL_NOT_DEFAULT | SSL_MEDIUM,
2823      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2824      128,
2825      128,
2826      },
2827     {
2828      1,
2829      SSL3_TXT_RSA_RC4_128_SHA,
2830      SSL3_RFC_RSA_RC4_128_SHA,
2831      SSL3_CK_RSA_RC4_128_SHA,
2832      SSL_kRSA,
2833      SSL_aRSA,
2834      SSL_RC4,
2835      SSL_SHA1,
2836      SSL3_VERSION, TLS1_2_VERSION,
2837      0, 0,
2838      SSL_NOT_DEFAULT | SSL_MEDIUM,
2839      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2840      128,
2841      128,
2842      },
2843     {
2844      1,
2845      SSL3_TXT_ADH_RC4_128_MD5,
2846      SSL3_RFC_ADH_RC4_128_MD5,
2847      SSL3_CK_ADH_RC4_128_MD5,
2848      SSL_kDHE,
2849      SSL_aNULL,
2850      SSL_RC4,
2851      SSL_MD5,
2852      SSL3_VERSION, TLS1_2_VERSION,
2853      0, 0,
2854      SSL_NOT_DEFAULT | SSL_MEDIUM,
2855      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2856      128,
2857      128,
2858      },
2859     {
2860      1,
2861      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2862      TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2863      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2864      SSL_kECDHEPSK,
2865      SSL_aPSK,
2866      SSL_RC4,
2867      SSL_SHA1,
2868      TLS1_VERSION, TLS1_2_VERSION,
2869      0, 0,
2870      SSL_NOT_DEFAULT | SSL_MEDIUM,
2871      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2872      128,
2873      128,
2874      },
2875     {
2876      1,
2877      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2878      TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2879      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2880      SSL_kECDHE,
2881      SSL_aNULL,
2882      SSL_RC4,
2883      SSL_SHA1,
2884      TLS1_VERSION, TLS1_2_VERSION,
2885      0, 0,
2886      SSL_NOT_DEFAULT | SSL_MEDIUM,
2887      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2888      128,
2889      128,
2890      },
2891     {
2892      1,
2893      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2894      TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2895      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2896      SSL_kECDHE,
2897      SSL_aECDSA,
2898      SSL_RC4,
2899      SSL_SHA1,
2900      TLS1_VERSION, TLS1_2_VERSION,
2901      0, 0,
2902      SSL_NOT_DEFAULT | SSL_MEDIUM,
2903      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2904      128,
2905      128,
2906      },
2907     {
2908      1,
2909      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2910      TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2911      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2912      SSL_kECDHE,
2913      SSL_aRSA,
2914      SSL_RC4,
2915      SSL_SHA1,
2916      TLS1_VERSION, TLS1_2_VERSION,
2917      0, 0,
2918      SSL_NOT_DEFAULT | SSL_MEDIUM,
2919      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2920      128,
2921      128,
2922      },
2923     {
2924      1,
2925      TLS1_TXT_PSK_WITH_RC4_128_SHA,
2926      TLS1_RFC_PSK_WITH_RC4_128_SHA,
2927      TLS1_CK_PSK_WITH_RC4_128_SHA,
2928      SSL_kPSK,
2929      SSL_aPSK,
2930      SSL_RC4,
2931      SSL_SHA1,
2932      SSL3_VERSION, TLS1_2_VERSION,
2933      0, 0,
2934      SSL_NOT_DEFAULT | SSL_MEDIUM,
2935      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2936      128,
2937      128,
2938      },
2939     {
2940      1,
2941      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2942      TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2943      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2944      SSL_kRSAPSK,
2945      SSL_aRSA,
2946      SSL_RC4,
2947      SSL_SHA1,
2948      SSL3_VERSION, TLS1_2_VERSION,
2949      0, 0,
2950      SSL_NOT_DEFAULT | SSL_MEDIUM,
2951      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2952      128,
2953      128,
2954      },
2955     {
2956      1,
2957      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2958      TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2959      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2960      SSL_kDHEPSK,
2961      SSL_aPSK,
2962      SSL_RC4,
2963      SSL_SHA1,
2964      SSL3_VERSION, TLS1_2_VERSION,
2965      0, 0,
2966      SSL_NOT_DEFAULT | SSL_MEDIUM,
2967      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2968      128,
2969      128,
2970      },
2971 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2972
2973 #ifndef OPENSSL_NO_ARIA
2974     {
2975      1,
2976      TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2977      TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2978      TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2979      SSL_kRSA,
2980      SSL_aRSA,
2981      SSL_ARIA128GCM,
2982      SSL_AEAD,
2983      TLS1_2_VERSION, TLS1_2_VERSION,
2984      DTLS1_2_VERSION, DTLS1_2_VERSION,
2985      SSL_NOT_DEFAULT | SSL_HIGH,
2986      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2987      128,
2988      128,
2989      },
2990     {
2991      1,
2992      TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2993      TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2994      TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2995      SSL_kRSA,
2996      SSL_aRSA,
2997      SSL_ARIA256GCM,
2998      SSL_AEAD,
2999      TLS1_2_VERSION, TLS1_2_VERSION,
3000      DTLS1_2_VERSION, DTLS1_2_VERSION,
3001      SSL_NOT_DEFAULT | SSL_HIGH,
3002      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3003      256,
3004      256,
3005      },
3006     {
3007      1,
3008      TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3009      TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3010      TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3011      SSL_kDHE,
3012      SSL_aRSA,
3013      SSL_ARIA128GCM,
3014      SSL_AEAD,
3015      TLS1_2_VERSION, TLS1_2_VERSION,
3016      DTLS1_2_VERSION, DTLS1_2_VERSION,
3017      SSL_NOT_DEFAULT | SSL_HIGH,
3018      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3019      128,
3020      128,
3021      },
3022     {
3023      1,
3024      TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3025      TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3026      TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3027      SSL_kDHE,
3028      SSL_aRSA,
3029      SSL_ARIA256GCM,
3030      SSL_AEAD,
3031      TLS1_2_VERSION, TLS1_2_VERSION,
3032      DTLS1_2_VERSION, DTLS1_2_VERSION,
3033      SSL_NOT_DEFAULT | SSL_HIGH,
3034      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3035      256,
3036      256,
3037      },
3038     {
3039      1,
3040      TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3041      TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3042      TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3043      SSL_kDHE,
3044      SSL_aDSS,
3045      SSL_ARIA128GCM,
3046      SSL_AEAD,
3047      TLS1_2_VERSION, TLS1_2_VERSION,
3048      DTLS1_2_VERSION, DTLS1_2_VERSION,
3049      SSL_NOT_DEFAULT | SSL_HIGH,
3050      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3051      128,
3052      128,
3053      },
3054     {
3055      1,
3056      TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3057      TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3058      TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3059      SSL_kDHE,
3060      SSL_aDSS,
3061      SSL_ARIA256GCM,
3062      SSL_AEAD,
3063      TLS1_2_VERSION, TLS1_2_VERSION,
3064      DTLS1_2_VERSION, DTLS1_2_VERSION,
3065      SSL_NOT_DEFAULT | SSL_HIGH,
3066      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3067      256,
3068      256,
3069      },
3070     {
3071      1,
3072      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3073      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3074      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3075      SSL_kECDHE,
3076      SSL_aECDSA,
3077      SSL_ARIA128GCM,
3078      SSL_AEAD,
3079      TLS1_2_VERSION, TLS1_2_VERSION,
3080      DTLS1_2_VERSION, DTLS1_2_VERSION,
3081      SSL_NOT_DEFAULT | SSL_HIGH,
3082      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3083      128,
3084      128,
3085      },
3086     {
3087      1,
3088      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3089      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3090      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3091      SSL_kECDHE,
3092      SSL_aECDSA,
3093      SSL_ARIA256GCM,
3094      SSL_AEAD,
3095      TLS1_2_VERSION, TLS1_2_VERSION,
3096      DTLS1_2_VERSION, DTLS1_2_VERSION,
3097      SSL_NOT_DEFAULT | SSL_HIGH,
3098      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3099      256,
3100      256,
3101      },
3102     {
3103      1,
3104      TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3105      TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3106      TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3107      SSL_kECDHE,
3108      SSL_aRSA,
3109      SSL_ARIA128GCM,
3110      SSL_AEAD,
3111      TLS1_2_VERSION, TLS1_2_VERSION,
3112      DTLS1_2_VERSION, DTLS1_2_VERSION,
3113      SSL_NOT_DEFAULT | SSL_HIGH,
3114      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3115      128,
3116      128,
3117      },
3118     {
3119      1,
3120      TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3121      TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3122      TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3123      SSL_kECDHE,
3124      SSL_aRSA,
3125      SSL_ARIA256GCM,
3126      SSL_AEAD,
3127      TLS1_2_VERSION, TLS1_2_VERSION,
3128      DTLS1_2_VERSION, DTLS1_2_VERSION,
3129      SSL_NOT_DEFAULT | SSL_HIGH,
3130      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3131      256,
3132      256,
3133      },
3134     {
3135      1,
3136      TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3137      TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3138      TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3139      SSL_kPSK,
3140      SSL_aPSK,
3141      SSL_ARIA128GCM,
3142      SSL_AEAD,
3143      TLS1_2_VERSION, TLS1_2_VERSION,
3144      DTLS1_2_VERSION, DTLS1_2_VERSION,
3145      SSL_NOT_DEFAULT | SSL_HIGH,
3146      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3147      128,
3148      128,
3149      },
3150     {
3151      1,
3152      TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3153      TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3154      TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3155      SSL_kPSK,
3156      SSL_aPSK,
3157      SSL_ARIA256GCM,
3158      SSL_AEAD,
3159      TLS1_2_VERSION, TLS1_2_VERSION,
3160      DTLS1_2_VERSION, DTLS1_2_VERSION,
3161      SSL_NOT_DEFAULT | SSL_HIGH,
3162      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3163      256,
3164      256,
3165      },
3166     {
3167      1,
3168      TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3169      TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3170      TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3171      SSL_kDHEPSK,
3172      SSL_aPSK,
3173      SSL_ARIA128GCM,
3174      SSL_AEAD,
3175      TLS1_2_VERSION, TLS1_2_VERSION,
3176      DTLS1_2_VERSION, DTLS1_2_VERSION,
3177      SSL_NOT_DEFAULT | SSL_HIGH,
3178      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3179      128,
3180      128,
3181      },
3182     {
3183      1,
3184      TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3185      TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3186      TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3187      SSL_kDHEPSK,
3188      SSL_aPSK,
3189      SSL_ARIA256GCM,
3190      SSL_AEAD,
3191      TLS1_2_VERSION, TLS1_2_VERSION,
3192      DTLS1_2_VERSION, DTLS1_2_VERSION,
3193      SSL_NOT_DEFAULT | SSL_HIGH,
3194      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3195      256,
3196      256,
3197      },
3198     {
3199      1,
3200      TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3201      TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3202      TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3203      SSL_kRSAPSK,
3204      SSL_aRSA,
3205      SSL_ARIA128GCM,
3206      SSL_AEAD,
3207      TLS1_2_VERSION, TLS1_2_VERSION,
3208      DTLS1_2_VERSION, DTLS1_2_VERSION,
3209      SSL_NOT_DEFAULT | SSL_HIGH,
3210      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3211      128,
3212      128,
3213      },
3214     {
3215      1,
3216      TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3217      TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3218      TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3219      SSL_kRSAPSK,
3220      SSL_aRSA,
3221      SSL_ARIA256GCM,
3222      SSL_AEAD,
3223      TLS1_2_VERSION, TLS1_2_VERSION,
3224      DTLS1_2_VERSION, DTLS1_2_VERSION,
3225      SSL_NOT_DEFAULT | SSL_HIGH,
3226      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3227      256,
3228      256,
3229      },
3230 #endif /* OPENSSL_NO_ARIA */
3231 };
3232
3233 /*
3234  * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3235  * values stuffed into the ciphers field of the wire protocol for signalling
3236  * purposes.
3237  */
3238 static SSL_CIPHER ssl3_scsvs[] = {
3239     {
3240      0,
3241      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3242      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3243      SSL3_CK_SCSV,
3244      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3245     },
3246     {
3247      0,
3248      "TLS_FALLBACK_SCSV",
3249      "TLS_FALLBACK_SCSV",
3250      SSL3_CK_FALLBACK_SCSV,
3251      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3252     },
3253 };
3254
3255 static int cipher_compare(const void *a, const void *b)
3256 {
3257     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3258     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3259
3260     if (ap->id == bp->id)
3261         return 0;
3262     return ap->id < bp->id ? -1 : 1;
3263 }
3264
3265 void ssl_sort_cipher_list(void)
3266 {
3267     qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3268           cipher_compare);
3269     qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3270           cipher_compare);
3271     qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3272 }
3273
3274 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3275                                     const char * t, size_t u,
3276                                     const unsigned char * v, size_t w, int x)
3277 {
3278     (void)r;
3279     (void)s;
3280     (void)t;
3281     (void)u;
3282     (void)v;
3283     (void)w;
3284     (void)x;
3285     return ssl_undefined_function(ssl);
3286 }
3287
3288 const SSL3_ENC_METHOD SSLv3_enc_data = {
3289     ssl3_enc,
3290     n_ssl3_mac,
3291     ssl3_setup_key_block,
3292     ssl3_generate_master_secret,
3293     ssl3_change_cipher_state,
3294     ssl3_final_finish_mac,
3295     SSL3_MD_CLIENT_FINISHED_CONST, 4,
3296     SSL3_MD_SERVER_FINISHED_CONST, 4,
3297     ssl3_alert_code,
3298     ssl_undefined_function_1,
3299     0,
3300     ssl3_set_handshake_header,
3301     tls_close_construct_packet,
3302     ssl3_handshake_write
3303 };
3304
3305 long ssl3_default_timeout(void)
3306 {
3307     /*
3308      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3309      * http, the cache would over fill
3310      */
3311     return (60 * 60 * 2);
3312 }
3313
3314 int ssl3_num_ciphers(void)
3315 {
3316     return SSL3_NUM_CIPHERS;
3317 }
3318
3319 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3320 {
3321     if (u < SSL3_NUM_CIPHERS)
3322         return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3323     else
3324         return NULL;
3325 }
3326
3327 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3328 {
3329     /* No header in the event of a CCS */
3330     if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3331         return 1;
3332
3333     /* Set the content type and 3 bytes for the message len */
3334     if (!WPACKET_put_bytes_u8(pkt, htype)
3335             || !WPACKET_start_sub_packet_u24(pkt))
3336         return 0;
3337
3338     return 1;
3339 }
3340
3341 int ssl3_handshake_write(SSL *s)
3342 {
3343     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3344 }
3345
3346 int ssl3_new(SSL *s)
3347 {
3348 #ifndef OPENSSL_NO_SRP
3349     if (!SSL_SRP_CTX_init(s))
3350         return 0;
3351 #endif
3352
3353     if (!s->method->ssl_clear(s))
3354         return 0;
3355
3356     return 1;
3357 }
3358
3359 void ssl3_free(SSL *s)
3360 {
3361     if (s == NULL)
3362         return;
3363
3364     ssl3_cleanup_key_block(s);
3365
3366 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3367     EVP_PKEY_free(s->s3.peer_tmp);
3368     s->s3.peer_tmp = NULL;
3369     EVP_PKEY_free(s->s3.tmp.pkey);
3370     s->s3.tmp.pkey = NULL;
3371 #endif
3372
3373     ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3374     ssl_evp_md_free(s->s3.tmp.new_hash);
3375
3376     OPENSSL_free(s->s3.tmp.ctype);
3377     sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3378     OPENSSL_free(s->s3.tmp.ciphers_raw);
3379     OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3380     OPENSSL_free(s->s3.tmp.peer_sigalgs);
3381     OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3382     ssl3_free_digest_list(s);
3383     OPENSSL_free(s->s3.alpn_selected);
3384     OPENSSL_free(s->s3.alpn_proposed);
3385
3386 #ifndef OPENSSL_NO_SRP
3387     SSL_SRP_CTX_free(s);
3388 #endif
3389     memset(&s->s3, 0, sizeof(s->s3));
3390 }
3391
3392 int ssl3_clear(SSL *s)
3393 {
3394     ssl3_cleanup_key_block(s);
3395     OPENSSL_free(s->s3.tmp.ctype);
3396     sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3397     OPENSSL_free(s->s3.tmp.ciphers_raw);
3398     OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3399     OPENSSL_free(s->s3.tmp.peer_sigalgs);
3400     OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3401
3402 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3403     EVP_PKEY_free(s->s3.tmp.pkey);
3404     EVP_PKEY_free(s->s3.peer_tmp);
3405 #endif                          /* !OPENSSL_NO_EC */
3406
3407     ssl3_free_digest_list(s);
3408
3409     OPENSSL_free(s->s3.alpn_selected);
3410     OPENSSL_free(s->s3.alpn_proposed);
3411
3412     /* NULL/zero-out everything in the s3 struct */
3413     memset(&s->s3, 0, sizeof(s->s3));
3414
3415     if (!ssl_free_wbio_buffer(s))
3416         return 0;
3417
3418     s->version = SSL3_VERSION;
3419
3420 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3421     OPENSSL_free(s->ext.npn);
3422     s->ext.npn = NULL;
3423     s->ext.npn_len = 0;
3424 #endif
3425
3426     return 1;
3427 }
3428
3429 #ifndef OPENSSL_NO_SRP
3430 static char *srp_password_from_info_cb(SSL *s, void *arg)
3431 {
3432     return OPENSSL_strdup(s->srp_ctx.info);
3433 }
3434 #endif
3435
3436 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3437
3438 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3439 {
3440     int ret = 0;
3441
3442     switch (cmd) {
3443     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3444         break;
3445     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3446         ret = s->s3.num_renegotiations;
3447         break;
3448     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3449         ret = s->s3.num_renegotiations;
3450         s->s3.num_renegotiations = 0;
3451         break;
3452     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3453         ret = s->s3.total_renegotiations;
3454         break;
3455     case SSL_CTRL_GET_FLAGS:
3456         ret = (int)(s->s3.flags);
3457         break;
3458 #ifndef OPENSSL_NO_DH
3459     case SSL_CTRL_SET_TMP_DH:
3460         {
3461             DH *dh = (DH *)parg;
3462             EVP_PKEY *pkdh = NULL;
3463             if (dh == NULL) {
3464                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3465                 return 0;
3466             }
3467             pkdh = ssl_dh_to_pkey(dh);
3468             if (pkdh == NULL) {
3469                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3470                 return 0;
3471             }
3472             if (!ssl_security(s, SSL_SECOP_TMP_DH,
3473                               EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3474                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3475                 EVP_PKEY_free(pkdh);
3476                 return 0;
3477             }
3478             EVP_PKEY_free(s->cert->dh_tmp);
3479             s->cert->dh_tmp = pkdh;
3480             return 1;
3481         }
3482         break;
3483     case SSL_CTRL_SET_TMP_DH_CB:
3484         {
3485             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3486             return ret;
3487         }
3488     case SSL_CTRL_SET_DH_AUTO:
3489         s->cert->dh_tmp_auto = larg;
3490         return 1;
3491 #endif
3492 #ifndef OPENSSL_NO_EC
3493     case SSL_CTRL_SET_TMP_ECDH:
3494         {
3495             const EC_GROUP *group = NULL;
3496             int nid;
3497
3498             if (parg == NULL) {
3499                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3500                 return 0;
3501             }
3502             group = EC_KEY_get0_group((const EC_KEY *)parg);
3503             if (group == NULL) {
3504                 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3505                 return 0;
3506             }
3507             nid = EC_GROUP_get_curve_name(group);
3508             if (nid == NID_undef)
3509                 return 0;
3510             return tls1_set_groups(&s->ext.supportedgroups,
3511                                    &s->ext.supportedgroups_len,
3512                                    &nid, 1);
3513         }
3514         break;
3515 #endif                          /* !OPENSSL_NO_EC */
3516     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3517         /*
3518          * TODO(OpenSSL1.2)
3519          * This API is only used for a client to set what SNI it will request
3520          * from the server, but we currently allow it to be used on servers
3521          * as well, which is a programming error.  Currently we just clear
3522          * the field in SSL_do_handshake() for server SSLs, but when we can
3523          * make ABI-breaking changes, we may want to make use of this API
3524          * an error on server SSLs.
3525          */
3526         if (larg == TLSEXT_NAMETYPE_host_name) {
3527             size_t len;
3528
3529             OPENSSL_free(s->ext.hostname);
3530             s->ext.hostname = NULL;
3531
3532             ret = 1;
3533             if (parg == NULL)
3534                 break;
3535             len = strlen((char *)parg);
3536             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3537                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3538                 return 0;
3539             }
3540             if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3541                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3542                 return 0;
3543             }
3544         } else {
3545             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3546             return 0;
3547         }
3548         break;
3549     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3550         s->ext.debug_arg = parg;
3551         ret = 1;
3552         break;
3553
3554     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3555         ret = s->ext.status_type;
3556         break;
3557
3558     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3559         s->ext.status_type = larg;
3560         ret = 1;
3561         break;
3562
3563     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3564         *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3565         ret = 1;
3566         break;
3567
3568     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3569         s->ext.ocsp.exts = parg;
3570         ret = 1;
3571         break;
3572
3573     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3574         *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3575         ret = 1;
3576         break;
3577
3578     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3579         s->ext.ocsp.ids = parg;
3580         ret = 1;
3581         break;
3582
3583     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3584         *(unsigned char **)parg = s->ext.ocsp.resp;
3585         if (s->ext.ocsp.resp_len == 0
3586                 || s->ext.ocsp.resp_len > LONG_MAX)
3587             return -1;
3588         return (long)s->ext.ocsp.resp_len;
3589
3590     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3591         OPENSSL_free(s->ext.ocsp.resp);
3592         s->ext.ocsp.resp = parg;
3593         s->ext.ocsp.resp_len = larg;
3594         ret = 1;
3595         break;
3596
3597     case SSL_CTRL_CHAIN:
3598         if (larg)
3599             return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3600         else
3601             return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3602
3603     case SSL_CTRL_CHAIN_CERT:
3604         if (larg)
3605             return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3606         else
3607             return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3608
3609     case SSL_CTRL_GET_CHAIN_CERTS:
3610         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3611         ret = 1;
3612         break;
3613
3614     case SSL_CTRL_SELECT_CURRENT_CERT:
3615         return ssl_cert_select_current(s->cert, (X509 *)parg);
3616
3617     case SSL_CTRL_SET_CURRENT_CERT:
3618         if (larg == SSL_CERT_SET_SERVER) {
3619             const SSL_CIPHER *cipher;
3620             if (!s->server)
3621                 return 0;
3622             cipher = s->s3.tmp.new_cipher;
3623             if (cipher == NULL)
3624                 return 0;
3625             /*
3626              * No certificate for unauthenticated ciphersuites or using SRP
3627              * authentication
3628              */
3629             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3630                 return 2;
3631             if (s->s3.tmp.cert == NULL)
3632                 return 0;
3633             s->cert->key = s->s3.tmp.cert;
3634             return 1;
3635         }
3636         return ssl_cert_set_current(s->cert, larg);
3637
3638 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3639     case SSL_CTRL_GET_GROUPS:
3640         {
3641             uint16_t *clist;
3642             size_t clistlen;
3643
3644             if (!s->session)
3645                 return 0;
3646             clist = s->ext.peer_supportedgroups;
3647             clistlen = s->ext.peer_supportedgroups_len;
3648             if (parg) {
3649                 size_t i;
3650                 int *cptr = parg;
3651
3652                 for (i = 0; i < clistlen; i++) {
3653                     const TLS_GROUP_INFO *cinf
3654                         = tls1_group_id_lookup(s->ctx, clist[i]);
3655
3656                     if (cinf != NULL)
3657                         cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3658                     else
3659                         cptr[i] = TLSEXT_nid_unknown | clist[i];
3660                 }
3661             }
3662             return (int)clistlen;
3663         }
3664
3665     case SSL_CTRL_SET_GROUPS:
3666         return tls1_set_groups(&s->ext.supportedgroups,
3667                                &s->ext.supportedgroups_len, parg, larg);
3668
3669     case SSL_CTRL_SET_GROUPS_LIST:
3670         return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
3671                                     &s->ext.supportedgroups_len, parg);
3672
3673     case SSL_CTRL_GET_SHARED_GROUP:
3674         {
3675             uint16_t id = tls1_shared_group(s, larg);
3676
3677             if (larg != -1)
3678                 return tls1_group_id2nid(id, 1);
3679             return id;
3680         }
3681     case SSL_CTRL_GET_NEGOTIATED_GROUP:
3682         ret = tls1_group_id2nid(s->s3.group_id, 1);
3683         break;
3684 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3685
3686     case SSL_CTRL_SET_SIGALGS:
3687         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3688
3689     case SSL_CTRL_SET_SIGALGS_LIST:
3690         return tls1_set_sigalgs_list(s->cert, parg, 0);
3691
3692     case SSL_CTRL_SET_CLIENT_SIGALGS:
3693         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3694
3695     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3696         return tls1_set_sigalgs_list(s->cert, parg, 1);
3697
3698     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3699         {
3700             const unsigned char **pctype = parg;
3701             if (s->server || !s->s3.tmp.cert_req)
3702                 return 0;
3703             if (pctype)
3704                 *pctype = s->s3.tmp.ctype;
3705             return s->s3.tmp.ctype_len;
3706         }
3707
3708     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3709         if (!s->server)
3710             return 0;
3711         return ssl3_set_req_cert_type(s->cert, parg, larg);
3712
3713     case SSL_CTRL_BUILD_CERT_CHAIN:
3714         return ssl_build_cert_chain(s, NULL, larg);
3715
3716     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3717         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3718
3719     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3720         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3721
3722     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3723         if (s->s3.tmp.peer_sigalg == NULL)
3724             return 0;
3725         *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3726         return 1;
3727
3728     case SSL_CTRL_GET_SIGNATURE_NID:
3729         if (s->s3.tmp.sigalg == NULL)
3730             return 0;
3731         *(int *)parg = s->s3.tmp.sigalg->hash;
3732         return 1;
3733
3734     case SSL_CTRL_GET_PEER_TMP_KEY:
3735 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3736         if (s->session == NULL || s->s3.peer_tmp == NULL) {
3737             return 0;
3738         } else {
3739             EVP_PKEY_up_ref(s->s3.peer_tmp);
3740             *(EVP_PKEY **)parg = s->s3.peer_tmp;
3741             return 1;
3742         }
3743 #else
3744         return 0;
3745 #endif
3746
3747     case SSL_CTRL_GET_TMP_KEY:
3748 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3749         if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3750             return 0;
3751         } else {
3752             EVP_PKEY_up_ref(s->s3.tmp.pkey);
3753             *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3754             return 1;
3755         }
3756 #else
3757         return 0;
3758 #endif
3759
3760 #ifndef OPENSSL_NO_EC
3761     case SSL_CTRL_GET_EC_POINT_FORMATS:
3762         {
3763             const unsigned char **pformat = parg;
3764
3765             if (s->ext.peer_ecpointformats == NULL)
3766                 return 0;
3767             *pformat = s->ext.peer_ecpointformats;
3768             return (int)s->ext.peer_ecpointformats_len;
3769         }
3770 #endif
3771
3772     default:
3773         break;
3774     }
3775     return ret;
3776 }
3777
3778 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3779 {
3780     int ret = 0;
3781
3782     switch (cmd) {
3783 #ifndef OPENSSL_NO_DH
3784     case SSL_CTRL_SET_TMP_DH_CB:
3785         {
3786             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3787         }
3788         break;
3789 #endif
3790     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3791         s->ext.debug_cb = (void (*)(SSL *, int, int,
3792                                     const unsigned char *, int, void *))fp;
3793         break;
3794
3795     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3796         {
3797             s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3798         }
3799         break;
3800     default:
3801         break;
3802     }
3803     return ret;
3804 }
3805
3806 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3807 {
3808     switch (cmd) {
3809 #ifndef OPENSSL_NO_DH
3810     case SSL_CTRL_SET_TMP_DH:
3811         {
3812             DH *dh = (DH *)parg;
3813             EVP_PKEY *pkdh = NULL;
3814             if (dh == NULL) {
3815                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3816                 return 0;
3817             }
3818             pkdh = ssl_dh_to_pkey(dh);
3819             if (pkdh == NULL) {
3820                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3821                 return 0;
3822             }
3823             if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3824                                   EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3825                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3826                 EVP_PKEY_free(pkdh);
3827                 return 0;
3828             }
3829             EVP_PKEY_free(ctx->cert->dh_tmp);
3830             ctx->cert->dh_tmp = pkdh;
3831             return 1;
3832         }
3833     case SSL_CTRL_SET_TMP_DH_CB:
3834         {
3835             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3836             return 0;
3837         }
3838     case SSL_CTRL_SET_DH_AUTO:
3839         ctx->cert->dh_tmp_auto = larg;
3840         return 1;
3841 #endif
3842 #ifndef OPENSSL_NO_EC
3843     case SSL_CTRL_SET_TMP_ECDH:
3844         {
3845             const EC_GROUP *group = NULL;
3846             int nid;
3847
3848             if (parg == NULL) {
3849                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3850                 return 0;
3851             }
3852             group = EC_KEY_get0_group((const EC_KEY *)parg);
3853             if (group == NULL) {
3854                 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3855                 return 0;
3856             }
3857             nid = EC_GROUP_get_curve_name(group);
3858             if (nid == NID_undef)
3859                 return 0;
3860             return tls1_set_groups(&ctx->ext.supportedgroups,
3861                                    &ctx->ext.supportedgroups_len,
3862                                    &nid, 1);
3863         }
3864 #endif                          /* !OPENSSL_NO_EC */
3865     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3866         ctx->ext.servername_arg = parg;
3867         break;
3868     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3869     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3870         {
3871             unsigned char *keys = parg;
3872             long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3873                                 sizeof(ctx->ext.secure->tick_hmac_key) +
3874                                 sizeof(ctx->ext.secure->tick_aes_key));
3875             if (keys == NULL)
3876                 return tick_keylen;
3877             if (larg != tick_keylen) {
3878                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3879                 return 0;
3880             }
3881             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3882                 memcpy(ctx->ext.tick_key_name, keys,
3883                        sizeof(ctx->ext.tick_key_name));
3884                 memcpy(ctx->ext.secure->tick_hmac_key,
3885                        keys + sizeof(ctx->ext.tick_key_name),
3886                        sizeof(ctx->ext.secure->tick_hmac_key));
3887                 memcpy(ctx->ext.secure->tick_aes_key,
3888                        keys + sizeof(ctx->ext.tick_key_name) +
3889                        sizeof(ctx->ext.secure->tick_hmac_key),
3890                        sizeof(ctx->ext.secure->tick_aes_key));
3891             } else {
3892                 memcpy(keys, ctx->ext.tick_key_name,
3893                        sizeof(ctx->ext.tick_key_name));
3894                 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3895                        ctx->ext.secure->tick_hmac_key,
3896                        sizeof(ctx->ext.secure->tick_hmac_key));
3897                 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3898                        sizeof(ctx->ext.secure->tick_hmac_key),
3899                        ctx->ext.secure->tick_aes_key,
3900                        sizeof(ctx->ext.secure->tick_aes_key));
3901             }
3902             return 1;
3903         }
3904
3905     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3906         return ctx->ext.status_type;
3907
3908     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3909         ctx->ext.status_type = larg;
3910         break;
3911
3912     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3913         ctx->ext.status_arg = parg;
3914         return 1;
3915
3916     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3917         *(void**)parg = ctx->ext.status_arg;
3918         break;
3919
3920     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3921         *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3922         break;
3923
3924 #ifndef OPENSSL_NO_SRP
3925     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3926         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3927         OPENSSL_free(ctx->srp_ctx.login);
3928         ctx->srp_ctx.login = NULL;
3929         if (parg == NULL)
3930             break;
3931         if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3932             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3933             return 0;
3934         }
3935         if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3936             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3937             return 0;
3938         }
3939         break;
3940     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3941         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3942             srp_password_from_info_cb;
3943         if (ctx->srp_ctx.info != NULL)
3944             OPENSSL_free(ctx->srp_ctx.info);
3945         if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3946             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3947             return 0;
3948         }
3949         break;
3950     case SSL_CTRL_SET_SRP_ARG:
3951         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3952         ctx->srp_ctx.SRP_cb_arg = parg;
3953         break;
3954
3955     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3956         ctx->srp_ctx.strength = larg;
3957         break;
3958 #endif
3959
3960 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3961     case SSL_CTRL_SET_GROUPS:
3962         return tls1_set_groups(&ctx->ext.supportedgroups,
3963                                &ctx->ext.supportedgroups_len,
3964                                parg, larg);
3965
3966     case SSL_CTRL_SET_GROUPS_LIST:
3967         return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
3968                                     &ctx->ext.supportedgroups_len,
3969                                     parg);
3970 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3971
3972     case SSL_CTRL_SET_SIGALGS:
3973         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3974
3975     case SSL_CTRL_SET_SIGALGS_LIST:
3976         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3977
3978     case SSL_CTRL_SET_CLIENT_SIGALGS:
3979         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3980
3981     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3982         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3983
3984     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3985         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3986
3987     case SSL_CTRL_BUILD_CERT_CHAIN:
3988         return ssl_build_cert_chain(NULL, ctx, larg);
3989
3990     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3991         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3992
3993     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3994         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3995
3996         /* A Thawte special :-) */
3997     case SSL_CTRL_EXTRA_CHAIN_CERT:
3998         if (ctx->extra_certs == NULL) {
3999             if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4000                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
4001                 return 0;
4002             }
4003         }
4004         if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) {
4005             SSLerr(0, ERR_LIB_X509);
4006             return 0;
4007         }
4008         if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4009             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
4010             return 0;
4011         }
4012         break;
4013
4014     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4015         if (ctx->extra_certs == NULL && larg == 0)
4016             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4017         else
4018             *(STACK_OF(X509) **)parg = ctx->extra_certs;
4019         break;
4020
4021     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4022         sk_X509_pop_free(ctx->extra_certs, X509_free);
4023         ctx->extra_certs = NULL;
4024         break;
4025
4026     case SSL_CTRL_CHAIN:
4027         if (larg)
4028             return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4029         else
4030             return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4031
4032     case SSL_CTRL_CHAIN_CERT:
4033         if (larg)
4034             return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4035         else
4036             return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4037
4038     case SSL_CTRL_GET_CHAIN_CERTS:
4039         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4040         break;
4041
4042     case SSL_CTRL_SELECT_CURRENT_CERT:
4043         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4044
4045     case SSL_CTRL_SET_CURRENT_CERT:
4046         return ssl_cert_set_current(ctx->cert, larg);
4047
4048     default:
4049         return 0;
4050     }
4051     return 1;
4052 }
4053
4054 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4055 {
4056     switch (cmd) {
4057 #ifndef OPENSSL_NO_DH
4058     case SSL_CTRL_SET_TMP_DH_CB:
4059         {
4060             ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4061         }
4062         break;
4063 #endif
4064     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4065         ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4066         break;
4067
4068     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4069         ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4070         break;
4071
4072 # ifndef OPENSSL_NO_DEPRECATED_3_0
4073     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4074         ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4075                                              unsigned char *,
4076                                              EVP_CIPHER_CTX *,
4077                                              HMAC_CTX *, int))fp;
4078         break;
4079 #endif
4080
4081 #ifndef OPENSSL_NO_SRP
4082     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4083         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4084         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4085         break;
4086     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4087         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4088         ctx->srp_ctx.TLS_ext_srp_username_callback =
4089             (int (*)(SSL *, int *, void *))fp;
4090         break;
4091     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4092         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4093         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4094             (char *(*)(SSL *, void *))fp;
4095         break;
4096 #endif
4097     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4098         {
4099             ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4100         }
4101         break;
4102     default: