2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include "internal/cryptlib.h"
22 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
23 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
24 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
26 /* TLSv1.3 downgrade protection sentinel values */
27 const unsigned char tls11downgrade[] = {
28 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
30 const unsigned char tls12downgrade[] = {
31 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
34 /* The list of available TLSv1.3 ciphers */
35 static SSL_CIPHER tls13_ciphers[] = {
38 TLS1_3_RFC_AES_128_GCM_SHA256,
39 TLS1_3_RFC_AES_128_GCM_SHA256,
40 TLS1_3_CK_AES_128_GCM_SHA256,
45 TLS1_3_VERSION, TLS1_3_VERSION,
48 SSL_HANDSHAKE_MAC_SHA256,
53 TLS1_3_RFC_AES_256_GCM_SHA384,
54 TLS1_3_RFC_AES_256_GCM_SHA384,
55 TLS1_3_CK_AES_256_GCM_SHA384,
60 TLS1_3_VERSION, TLS1_3_VERSION,
63 SSL_HANDSHAKE_MAC_SHA384,
67 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
70 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
77 TLS1_3_VERSION, TLS1_3_VERSION,
80 SSL_HANDSHAKE_MAC_SHA256,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_CK_AES_128_CCM_SHA256,
94 TLS1_3_VERSION, TLS1_3_VERSION,
96 SSL_NOT_DEFAULT | SSL_HIGH,
97 SSL_HANDSHAKE_MAC_SHA256,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_CK_AES_128_CCM_8_SHA256,
109 TLS1_3_VERSION, TLS1_3_VERSION,
111 SSL_NOT_DEFAULT | SSL_HIGH,
112 SSL_HANDSHAKE_MAC_SHA256,
119 * The list of available ciphers, mostly organized into the following
124 * SRP (within that: RSA EC PSK)
125 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
128 static SSL_CIPHER ssl3_ciphers[] = {
131 SSL3_TXT_RSA_NULL_MD5,
132 SSL3_RFC_RSA_NULL_MD5,
133 SSL3_CK_RSA_NULL_MD5,
138 SSL3_VERSION, TLS1_2_VERSION,
139 DTLS1_BAD_VER, DTLS1_2_VERSION,
141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
147 SSL3_TXT_RSA_NULL_SHA,
148 SSL3_RFC_RSA_NULL_SHA,
149 SSL3_CK_RSA_NULL_SHA,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_BAD_VER, DTLS1_2_VERSION,
156 SSL_STRONG_NONE | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
161 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
164 SSL3_TXT_RSA_DES_192_CBC3_SHA,
165 SSL3_RFC_RSA_DES_192_CBC3_SHA,
166 SSL3_CK_RSA_DES_192_CBC3_SHA,
171 SSL3_VERSION, TLS1_2_VERSION,
172 DTLS1_BAD_VER, DTLS1_2_VERSION,
173 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
174 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
181 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
182 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
187 SSL3_VERSION, TLS1_2_VERSION,
188 DTLS1_BAD_VER, DTLS1_2_VERSION,
189 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
190 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
197 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
198 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
203 SSL3_VERSION, TLS1_2_VERSION,
204 DTLS1_BAD_VER, DTLS1_2_VERSION,
205 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212 SSL3_TXT_ADH_DES_192_CBC_SHA,
213 SSL3_RFC_ADH_DES_192_CBC_SHA,
214 SSL3_CK_ADH_DES_192_CBC_SHA,
219 SSL3_VERSION, TLS1_2_VERSION,
220 DTLS1_BAD_VER, DTLS1_2_VERSION,
221 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
222 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
229 TLS1_TXT_RSA_WITH_AES_128_SHA,
230 TLS1_RFC_RSA_WITH_AES_128_SHA,
231 TLS1_CK_RSA_WITH_AES_128_SHA,
236 SSL3_VERSION, TLS1_2_VERSION,
237 DTLS1_BAD_VER, DTLS1_2_VERSION,
239 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
245 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
246 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
247 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
252 SSL3_VERSION, TLS1_2_VERSION,
253 DTLS1_BAD_VER, DTLS1_2_VERSION,
254 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
255 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
261 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
262 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
263 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
268 SSL3_VERSION, TLS1_2_VERSION,
269 DTLS1_BAD_VER, DTLS1_2_VERSION,
271 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277 TLS1_TXT_ADH_WITH_AES_128_SHA,
278 TLS1_RFC_ADH_WITH_AES_128_SHA,
279 TLS1_CK_ADH_WITH_AES_128_SHA,
284 SSL3_VERSION, TLS1_2_VERSION,
285 DTLS1_BAD_VER, DTLS1_2_VERSION,
286 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 TLS1_TXT_RSA_WITH_AES_256_SHA,
294 TLS1_RFC_RSA_WITH_AES_256_SHA,
295 TLS1_CK_RSA_WITH_AES_256_SHA,
300 SSL3_VERSION, TLS1_2_VERSION,
301 DTLS1_BAD_VER, DTLS1_2_VERSION,
303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
310 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
311 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
316 SSL3_VERSION, TLS1_2_VERSION,
317 DTLS1_BAD_VER, DTLS1_2_VERSION,
318 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
326 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
327 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
332 SSL3_VERSION, TLS1_2_VERSION,
333 DTLS1_BAD_VER, DTLS1_2_VERSION,
335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341 TLS1_TXT_ADH_WITH_AES_256_SHA,
342 TLS1_RFC_ADH_WITH_AES_256_SHA,
343 TLS1_CK_ADH_WITH_AES_256_SHA,
348 SSL3_VERSION, TLS1_2_VERSION,
349 DTLS1_BAD_VER, DTLS1_2_VERSION,
350 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357 TLS1_TXT_RSA_WITH_NULL_SHA256,
358 TLS1_RFC_RSA_WITH_NULL_SHA256,
359 TLS1_CK_RSA_WITH_NULL_SHA256,
364 TLS1_2_VERSION, TLS1_2_VERSION,
365 DTLS1_2_VERSION, DTLS1_2_VERSION,
366 SSL_STRONG_NONE | SSL_FIPS,
367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373 TLS1_TXT_RSA_WITH_AES_128_SHA256,
374 TLS1_RFC_RSA_WITH_AES_128_SHA256,
375 TLS1_CK_RSA_WITH_AES_128_SHA256,
380 TLS1_2_VERSION, TLS1_2_VERSION,
381 DTLS1_2_VERSION, DTLS1_2_VERSION,
383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389 TLS1_TXT_RSA_WITH_AES_256_SHA256,
390 TLS1_RFC_RSA_WITH_AES_256_SHA256,
391 TLS1_CK_RSA_WITH_AES_256_SHA256,
396 TLS1_2_VERSION, TLS1_2_VERSION,
397 DTLS1_2_VERSION, DTLS1_2_VERSION,
399 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
405 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
406 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
407 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
412 TLS1_2_VERSION, TLS1_2_VERSION,
413 DTLS1_2_VERSION, DTLS1_2_VERSION,
414 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
415 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
421 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
422 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
423 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
428 TLS1_2_VERSION, TLS1_2_VERSION,
429 DTLS1_2_VERSION, DTLS1_2_VERSION,
431 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
437 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
438 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
439 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
444 TLS1_2_VERSION, TLS1_2_VERSION,
445 DTLS1_2_VERSION, DTLS1_2_VERSION,
446 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
454 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
455 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
460 TLS1_2_VERSION, TLS1_2_VERSION,
461 DTLS1_2_VERSION, DTLS1_2_VERSION,
463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
469 TLS1_TXT_ADH_WITH_AES_128_SHA256,
470 TLS1_RFC_ADH_WITH_AES_128_SHA256,
471 TLS1_CK_ADH_WITH_AES_128_SHA256,
476 TLS1_2_VERSION, TLS1_2_VERSION,
477 DTLS1_2_VERSION, DTLS1_2_VERSION,
478 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
479 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
485 TLS1_TXT_ADH_WITH_AES_256_SHA256,
486 TLS1_RFC_ADH_WITH_AES_256_SHA256,
487 TLS1_CK_ADH_WITH_AES_256_SHA256,
492 TLS1_2_VERSION, TLS1_2_VERSION,
493 DTLS1_2_VERSION, DTLS1_2_VERSION,
494 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
495 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
501 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
502 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
503 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
508 TLS1_2_VERSION, TLS1_2_VERSION,
509 DTLS1_2_VERSION, DTLS1_2_VERSION,
511 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
517 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
518 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
519 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
524 TLS1_2_VERSION, TLS1_2_VERSION,
525 DTLS1_2_VERSION, DTLS1_2_VERSION,
527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
533 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
534 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
535 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
540 TLS1_2_VERSION, TLS1_2_VERSION,
541 DTLS1_2_VERSION, DTLS1_2_VERSION,
543 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
549 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
550 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
551 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
556 TLS1_2_VERSION, TLS1_2_VERSION,
557 DTLS1_2_VERSION, DTLS1_2_VERSION,
559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
565 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
566 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
567 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
572 TLS1_2_VERSION, TLS1_2_VERSION,
573 DTLS1_2_VERSION, DTLS1_2_VERSION,
574 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
575 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
581 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
582 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
583 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
588 TLS1_2_VERSION, TLS1_2_VERSION,
589 DTLS1_2_VERSION, DTLS1_2_VERSION,
590 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
591 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
597 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
598 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
599 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
604 TLS1_2_VERSION, TLS1_2_VERSION,
605 DTLS1_2_VERSION, DTLS1_2_VERSION,
606 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
607 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
613 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
614 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
615 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
620 TLS1_2_VERSION, TLS1_2_VERSION,
621 DTLS1_2_VERSION, DTLS1_2_VERSION,
622 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
623 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
629 TLS1_TXT_RSA_WITH_AES_128_CCM,
630 TLS1_RFC_RSA_WITH_AES_128_CCM,
631 TLS1_CK_RSA_WITH_AES_128_CCM,
636 TLS1_2_VERSION, TLS1_2_VERSION,
637 DTLS1_2_VERSION, DTLS1_2_VERSION,
638 SSL_NOT_DEFAULT | SSL_HIGH,
639 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
645 TLS1_TXT_RSA_WITH_AES_256_CCM,
646 TLS1_RFC_RSA_WITH_AES_256_CCM,
647 TLS1_CK_RSA_WITH_AES_256_CCM,
652 TLS1_2_VERSION, TLS1_2_VERSION,
653 DTLS1_2_VERSION, DTLS1_2_VERSION,
654 SSL_NOT_DEFAULT | SSL_HIGH,
655 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
661 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
662 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
663 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
668 TLS1_2_VERSION, TLS1_2_VERSION,
669 DTLS1_2_VERSION, DTLS1_2_VERSION,
670 SSL_NOT_DEFAULT | SSL_HIGH,
671 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
677 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
678 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
679 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
684 TLS1_2_VERSION, TLS1_2_VERSION,
685 DTLS1_2_VERSION, DTLS1_2_VERSION,
686 SSL_NOT_DEFAULT | SSL_HIGH,
687 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
693 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
694 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
695 TLS1_CK_RSA_WITH_AES_128_CCM_8,
700 TLS1_2_VERSION, TLS1_2_VERSION,
701 DTLS1_2_VERSION, DTLS1_2_VERSION,
702 SSL_NOT_DEFAULT | SSL_HIGH,
703 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
709 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
710 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
711 TLS1_CK_RSA_WITH_AES_256_CCM_8,
716 TLS1_2_VERSION, TLS1_2_VERSION,
717 DTLS1_2_VERSION, DTLS1_2_VERSION,
718 SSL_NOT_DEFAULT | SSL_HIGH,
719 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
725 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
726 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
727 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
732 TLS1_2_VERSION, TLS1_2_VERSION,
733 DTLS1_2_VERSION, DTLS1_2_VERSION,
734 SSL_NOT_DEFAULT | SSL_HIGH,
735 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
741 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
742 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
743 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
748 TLS1_2_VERSION, TLS1_2_VERSION,
749 DTLS1_2_VERSION, DTLS1_2_VERSION,
750 SSL_NOT_DEFAULT | SSL_HIGH,
751 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
757 TLS1_TXT_PSK_WITH_AES_128_CCM,
758 TLS1_RFC_PSK_WITH_AES_128_CCM,
759 TLS1_CK_PSK_WITH_AES_128_CCM,
764 TLS1_2_VERSION, TLS1_2_VERSION,
765 DTLS1_2_VERSION, DTLS1_2_VERSION,
766 SSL_NOT_DEFAULT | SSL_HIGH,
767 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 TLS1_TXT_PSK_WITH_AES_256_CCM,
774 TLS1_RFC_PSK_WITH_AES_256_CCM,
775 TLS1_CK_PSK_WITH_AES_256_CCM,
780 TLS1_2_VERSION, TLS1_2_VERSION,
781 DTLS1_2_VERSION, DTLS1_2_VERSION,
782 SSL_NOT_DEFAULT | SSL_HIGH,
783 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
789 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
790 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
791 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
796 TLS1_2_VERSION, TLS1_2_VERSION,
797 DTLS1_2_VERSION, DTLS1_2_VERSION,
798 SSL_NOT_DEFAULT | SSL_HIGH,
799 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
805 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
807 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
812 TLS1_2_VERSION, TLS1_2_VERSION,
813 DTLS1_2_VERSION, DTLS1_2_VERSION,
814 SSL_NOT_DEFAULT | SSL_HIGH,
815 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
821 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
822 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
823 TLS1_CK_PSK_WITH_AES_128_CCM_8,
828 TLS1_2_VERSION, TLS1_2_VERSION,
829 DTLS1_2_VERSION, DTLS1_2_VERSION,
830 SSL_NOT_DEFAULT | SSL_HIGH,
831 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
837 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
838 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
839 TLS1_CK_PSK_WITH_AES_256_CCM_8,
844 TLS1_2_VERSION, TLS1_2_VERSION,
845 DTLS1_2_VERSION, DTLS1_2_VERSION,
846 SSL_NOT_DEFAULT | SSL_HIGH,
847 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
853 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
855 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
860 TLS1_2_VERSION, TLS1_2_VERSION,
861 DTLS1_2_VERSION, DTLS1_2_VERSION,
862 SSL_NOT_DEFAULT | SSL_HIGH,
863 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
869 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
870 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
871 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
876 TLS1_2_VERSION, TLS1_2_VERSION,
877 DTLS1_2_VERSION, DTLS1_2_VERSION,
878 SSL_NOT_DEFAULT | SSL_HIGH,
879 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
887 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
892 TLS1_2_VERSION, TLS1_2_VERSION,
893 DTLS1_2_VERSION, DTLS1_2_VERSION,
894 SSL_NOT_DEFAULT | SSL_HIGH,
895 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
901 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
902 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
908 TLS1_2_VERSION, TLS1_2_VERSION,
909 DTLS1_2_VERSION, DTLS1_2_VERSION,
910 SSL_NOT_DEFAULT | SSL_HIGH,
911 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
917 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
924 TLS1_2_VERSION, TLS1_2_VERSION,
925 DTLS1_2_VERSION, DTLS1_2_VERSION,
926 SSL_NOT_DEFAULT | SSL_HIGH,
927 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
933 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
940 TLS1_2_VERSION, TLS1_2_VERSION,
941 DTLS1_2_VERSION, DTLS1_2_VERSION,
942 SSL_NOT_DEFAULT | SSL_HIGH,
943 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
949 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
951 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
956 TLS1_VERSION, TLS1_2_VERSION,
957 DTLS1_BAD_VER, DTLS1_2_VERSION,
958 SSL_STRONG_NONE | SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
963 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
966 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
973 TLS1_VERSION, TLS1_2_VERSION,
974 DTLS1_BAD_VER, DTLS1_2_VERSION,
975 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
976 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
983 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
990 TLS1_VERSION, TLS1_2_VERSION,
991 DTLS1_BAD_VER, DTLS1_2_VERSION,
993 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
999 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1006 TLS1_VERSION, TLS1_2_VERSION,
1007 DTLS1_BAD_VER, DTLS1_2_VERSION,
1008 SSL_HIGH | SSL_FIPS,
1009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1015 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1017 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1022 TLS1_VERSION, TLS1_2_VERSION,
1023 DTLS1_BAD_VER, DTLS1_2_VERSION,
1024 SSL_STRONG_NONE | SSL_FIPS,
1025 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1029 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1032 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1039 TLS1_VERSION, TLS1_2_VERSION,
1040 DTLS1_BAD_VER, DTLS1_2_VERSION,
1041 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1042 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1049 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1056 TLS1_VERSION, TLS1_2_VERSION,
1057 DTLS1_BAD_VER, DTLS1_2_VERSION,
1058 SSL_HIGH | SSL_FIPS,
1059 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1072 TLS1_VERSION, TLS1_2_VERSION,
1073 DTLS1_BAD_VER, DTLS1_2_VERSION,
1074 SSL_HIGH | SSL_FIPS,
1075 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1081 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1083 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1088 TLS1_VERSION, TLS1_2_VERSION,
1089 DTLS1_BAD_VER, DTLS1_2_VERSION,
1090 SSL_STRONG_NONE | SSL_FIPS,
1091 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1095 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1098 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1105 TLS1_VERSION, TLS1_2_VERSION,
1106 DTLS1_BAD_VER, DTLS1_2_VERSION,
1107 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1108 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1115 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1117 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1122 TLS1_VERSION, TLS1_2_VERSION,
1123 DTLS1_BAD_VER, DTLS1_2_VERSION,
1124 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1125 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1131 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1133 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1138 TLS1_VERSION, TLS1_2_VERSION,
1139 DTLS1_BAD_VER, DTLS1_2_VERSION,
1140 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1147 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1154 TLS1_2_VERSION, TLS1_2_VERSION,
1155 DTLS1_2_VERSION, DTLS1_2_VERSION,
1156 SSL_HIGH | SSL_FIPS,
1157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1163 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1170 TLS1_2_VERSION, TLS1_2_VERSION,
1171 DTLS1_2_VERSION, DTLS1_2_VERSION,
1172 SSL_HIGH | SSL_FIPS,
1173 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1179 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1181 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1186 TLS1_2_VERSION, TLS1_2_VERSION,
1187 DTLS1_2_VERSION, DTLS1_2_VERSION,
1188 SSL_HIGH | SSL_FIPS,
1189 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1195 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1197 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1202 TLS1_2_VERSION, TLS1_2_VERSION,
1203 DTLS1_2_VERSION, DTLS1_2_VERSION,
1204 SSL_HIGH | SSL_FIPS,
1205 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1211 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1218 TLS1_2_VERSION, TLS1_2_VERSION,
1219 DTLS1_2_VERSION, DTLS1_2_VERSION,
1220 SSL_HIGH | SSL_FIPS,
1221 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1227 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1234 TLS1_2_VERSION, TLS1_2_VERSION,
1235 DTLS1_2_VERSION, DTLS1_2_VERSION,
1236 SSL_HIGH | SSL_FIPS,
1237 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1243 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1250 TLS1_2_VERSION, TLS1_2_VERSION,
1251 DTLS1_2_VERSION, DTLS1_2_VERSION,
1252 SSL_HIGH | SSL_FIPS,
1253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1259 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1266 TLS1_2_VERSION, TLS1_2_VERSION,
1267 DTLS1_2_VERSION, DTLS1_2_VERSION,
1268 SSL_HIGH | SSL_FIPS,
1269 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1275 TLS1_TXT_PSK_WITH_NULL_SHA,
1276 TLS1_RFC_PSK_WITH_NULL_SHA,
1277 TLS1_CK_PSK_WITH_NULL_SHA,
1282 SSL3_VERSION, TLS1_2_VERSION,
1283 DTLS1_BAD_VER, DTLS1_2_VERSION,
1284 SSL_STRONG_NONE | SSL_FIPS,
1285 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1291 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1298 SSL3_VERSION, TLS1_2_VERSION,
1299 DTLS1_BAD_VER, DTLS1_2_VERSION,
1300 SSL_STRONG_NONE | SSL_FIPS,
1301 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1307 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1314 SSL3_VERSION, TLS1_2_VERSION,
1315 DTLS1_BAD_VER, DTLS1_2_VERSION,
1316 SSL_STRONG_NONE | SSL_FIPS,
1317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1321 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1324 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1331 SSL3_VERSION, TLS1_2_VERSION,
1332 DTLS1_BAD_VER, DTLS1_2_VERSION,
1333 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1341 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1348 SSL3_VERSION, TLS1_2_VERSION,
1349 DTLS1_BAD_VER, DTLS1_2_VERSION,
1350 SSL_HIGH | SSL_FIPS,
1351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1357 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1364 SSL3_VERSION, TLS1_2_VERSION,
1365 DTLS1_BAD_VER, DTLS1_2_VERSION,
1366 SSL_HIGH | SSL_FIPS,
1367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1371 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1374 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1381 SSL3_VERSION, TLS1_2_VERSION,
1382 DTLS1_BAD_VER, DTLS1_2_VERSION,
1383 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1384 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1391 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1398 SSL3_VERSION, TLS1_2_VERSION,
1399 DTLS1_BAD_VER, DTLS1_2_VERSION,
1400 SSL_HIGH | SSL_FIPS,
1401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1407 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1414 SSL3_VERSION, TLS1_2_VERSION,
1415 DTLS1_BAD_VER, DTLS1_2_VERSION,
1416 SSL_HIGH | SSL_FIPS,
1417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1421 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1424 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1431 SSL3_VERSION, TLS1_2_VERSION,
1432 DTLS1_BAD_VER, DTLS1_2_VERSION,
1433 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1434 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1441 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1448 SSL3_VERSION, TLS1_2_VERSION,
1449 DTLS1_BAD_VER, DTLS1_2_VERSION,
1450 SSL_HIGH | SSL_FIPS,
1451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1457 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1464 SSL3_VERSION, TLS1_2_VERSION,
1465 DTLS1_BAD_VER, DTLS1_2_VERSION,
1466 SSL_HIGH | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1473 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1480 TLS1_2_VERSION, TLS1_2_VERSION,
1481 DTLS1_2_VERSION, DTLS1_2_VERSION,
1482 SSL_HIGH | SSL_FIPS,
1483 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1489 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1496 TLS1_2_VERSION, TLS1_2_VERSION,
1497 DTLS1_2_VERSION, DTLS1_2_VERSION,
1498 SSL_HIGH | SSL_FIPS,
1499 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1505 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1512 TLS1_2_VERSION, TLS1_2_VERSION,
1513 DTLS1_2_VERSION, DTLS1_2_VERSION,
1514 SSL_HIGH | SSL_FIPS,
1515 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1521 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1528 TLS1_2_VERSION, TLS1_2_VERSION,
1529 DTLS1_2_VERSION, DTLS1_2_VERSION,
1530 SSL_HIGH | SSL_FIPS,
1531 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1537 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1544 TLS1_2_VERSION, TLS1_2_VERSION,
1545 DTLS1_2_VERSION, DTLS1_2_VERSION,
1546 SSL_HIGH | SSL_FIPS,
1547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1553 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1560 TLS1_2_VERSION, TLS1_2_VERSION,
1561 DTLS1_2_VERSION, DTLS1_2_VERSION,
1562 SSL_HIGH | SSL_FIPS,
1563 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1569 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1576 TLS1_VERSION, TLS1_2_VERSION,
1577 DTLS1_BAD_VER, DTLS1_2_VERSION,
1578 SSL_HIGH | SSL_FIPS,
1579 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1585 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1592 TLS1_VERSION, TLS1_2_VERSION,
1593 DTLS1_BAD_VER, DTLS1_2_VERSION,
1594 SSL_HIGH | SSL_FIPS,
1595 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1601 TLS1_TXT_PSK_WITH_NULL_SHA256,
1602 TLS1_RFC_PSK_WITH_NULL_SHA256,
1603 TLS1_CK_PSK_WITH_NULL_SHA256,
1608 TLS1_VERSION, TLS1_2_VERSION,
1609 DTLS1_BAD_VER, DTLS1_2_VERSION,
1610 SSL_STRONG_NONE | SSL_FIPS,
1611 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1617 TLS1_TXT_PSK_WITH_NULL_SHA384,
1618 TLS1_RFC_PSK_WITH_NULL_SHA384,
1619 TLS1_CK_PSK_WITH_NULL_SHA384,
1624 TLS1_VERSION, TLS1_2_VERSION,
1625 DTLS1_BAD_VER, DTLS1_2_VERSION,
1626 SSL_STRONG_NONE | SSL_FIPS,
1627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1633 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1640 TLS1_VERSION, TLS1_2_VERSION,
1641 DTLS1_BAD_VER, DTLS1_2_VERSION,
1642 SSL_HIGH | SSL_FIPS,
1643 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1649 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1656 TLS1_VERSION, TLS1_2_VERSION,
1657 DTLS1_BAD_VER, DTLS1_2_VERSION,
1658 SSL_HIGH | SSL_FIPS,
1659 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1665 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1672 TLS1_VERSION, TLS1_2_VERSION,
1673 DTLS1_BAD_VER, DTLS1_2_VERSION,
1674 SSL_STRONG_NONE | SSL_FIPS,
1675 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1681 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1688 TLS1_VERSION, TLS1_2_VERSION,
1689 DTLS1_BAD_VER, DTLS1_2_VERSION,
1690 SSL_STRONG_NONE | SSL_FIPS,
1691 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1697 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1704 TLS1_VERSION, TLS1_2_VERSION,
1705 DTLS1_BAD_VER, DTLS1_2_VERSION,
1706 SSL_HIGH | SSL_FIPS,
1707 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1713 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1720 TLS1_VERSION, TLS1_2_VERSION,
1721 DTLS1_BAD_VER, DTLS1_2_VERSION,
1722 SSL_HIGH | SSL_FIPS,
1723 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1729 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1736 TLS1_VERSION, TLS1_2_VERSION,
1737 DTLS1_BAD_VER, DTLS1_2_VERSION,
1738 SSL_STRONG_NONE | SSL_FIPS,
1739 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1745 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1752 TLS1_VERSION, TLS1_2_VERSION,
1753 DTLS1_BAD_VER, DTLS1_2_VERSION,
1754 SSL_STRONG_NONE | SSL_FIPS,
1755 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1759 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1762 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1769 TLS1_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1779 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1786 TLS1_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1788 SSL_HIGH | SSL_FIPS,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1802 TLS1_VERSION, TLS1_2_VERSION,
1803 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_HIGH | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1811 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1818 TLS1_VERSION, TLS1_2_VERSION,
1819 DTLS1_BAD_VER, DTLS1_2_VERSION,
1820 SSL_HIGH | SSL_FIPS,
1821 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1827 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1834 TLS1_VERSION, TLS1_2_VERSION,
1835 DTLS1_BAD_VER, DTLS1_2_VERSION,
1836 SSL_HIGH | SSL_FIPS,
1837 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1843 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1845 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1850 TLS1_VERSION, TLS1_2_VERSION,
1851 DTLS1_BAD_VER, DTLS1_2_VERSION,
1852 SSL_STRONG_NONE | SSL_FIPS,
1853 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1861 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1866 TLS1_VERSION, TLS1_2_VERSION,
1867 DTLS1_BAD_VER, DTLS1_2_VERSION,
1868 SSL_STRONG_NONE | SSL_FIPS,
1869 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1877 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1882 TLS1_VERSION, TLS1_2_VERSION,
1883 DTLS1_BAD_VER, DTLS1_2_VERSION,
1884 SSL_STRONG_NONE | SSL_FIPS,
1885 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1890 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1893 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900 SSL3_VERSION, TLS1_2_VERSION,
1901 DTLS1_BAD_VER, DTLS1_2_VERSION,
1902 SSL_NOT_DEFAULT | SSL_MEDIUM,
1903 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916 SSL3_VERSION, TLS1_2_VERSION,
1917 DTLS1_BAD_VER, DTLS1_2_VERSION,
1918 SSL_NOT_DEFAULT | SSL_MEDIUM,
1919 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 SSL3_VERSION, TLS1_2_VERSION,
1933 DTLS1_BAD_VER, DTLS1_2_VERSION,
1934 SSL_NOT_DEFAULT | SSL_MEDIUM,
1935 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1942 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1943 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1944 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 SSL3_VERSION, TLS1_2_VERSION,
1950 DTLS1_BAD_VER, DTLS1_2_VERSION,
1952 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 SSL3_VERSION, TLS1_2_VERSION,
1966 DTLS1_BAD_VER, DTLS1_2_VERSION,
1968 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981 SSL3_VERSION, TLS1_2_VERSION,
1982 DTLS1_BAD_VER, DTLS1_2_VERSION,
1983 SSL_NOT_DEFAULT | SSL_HIGH,
1984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1991 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1992 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 SSL3_VERSION, TLS1_2_VERSION,
1998 DTLS1_BAD_VER, DTLS1_2_VERSION,
2000 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2006 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 SSL3_VERSION, TLS1_2_VERSION,
2014 DTLS1_BAD_VER, DTLS1_2_VERSION,
2016 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2022 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029 SSL3_VERSION, TLS1_2_VERSION,
2030 DTLS1_BAD_VER, DTLS1_2_VERSION,
2031 SSL_NOT_DEFAULT | SSL_HIGH,
2032 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2037 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2040 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2042 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2045 SSL_CHACHA20POLY1305,
2047 TLS1_2_VERSION, TLS1_2_VERSION,
2048 DTLS1_2_VERSION, DTLS1_2_VERSION,
2050 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2056 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2061 SSL_CHACHA20POLY1305,
2063 TLS1_2_VERSION, TLS1_2_VERSION,
2064 DTLS1_2_VERSION, DTLS1_2_VERSION,
2066 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2072 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2077 SSL_CHACHA20POLY1305,
2079 TLS1_2_VERSION, TLS1_2_VERSION,
2080 DTLS1_2_VERSION, DTLS1_2_VERSION,
2082 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2088 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2089 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2090 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2093 SSL_CHACHA20POLY1305,
2095 TLS1_2_VERSION, TLS1_2_VERSION,
2096 DTLS1_2_VERSION, DTLS1_2_VERSION,
2098 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2109 SSL_CHACHA20POLY1305,
2111 TLS1_2_VERSION, TLS1_2_VERSION,
2112 DTLS1_2_VERSION, DTLS1_2_VERSION,
2114 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2122 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2125 SSL_CHACHA20POLY1305,
2127 TLS1_2_VERSION, TLS1_2_VERSION,
2128 DTLS1_2_VERSION, DTLS1_2_VERSION,
2130 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2138 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2141 SSL_CHACHA20POLY1305,
2143 TLS1_2_VERSION, TLS1_2_VERSION,
2144 DTLS1_2_VERSION, DTLS1_2_VERSION,
2146 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2150 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2151 * !defined(OPENSSL_NO_POLY1305) */
2153 #ifndef OPENSSL_NO_CAMELLIA
2156 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2157 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2158 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2163 TLS1_2_VERSION, TLS1_2_VERSION,
2164 DTLS1_2_VERSION, DTLS1_2_VERSION,
2165 SSL_NOT_DEFAULT | SSL_HIGH,
2166 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2172 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2173 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2174 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2179 TLS1_2_VERSION, TLS1_2_VERSION,
2180 DTLS1_2_VERSION, DTLS1_2_VERSION,
2181 SSL_NOT_DEFAULT | SSL_HIGH,
2182 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2188 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2189 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2190 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2195 TLS1_2_VERSION, TLS1_2_VERSION,
2196 DTLS1_2_VERSION, DTLS1_2_VERSION,
2197 SSL_NOT_DEFAULT | SSL_HIGH,
2198 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2204 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2206 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2211 TLS1_2_VERSION, TLS1_2_VERSION,
2212 DTLS1_2_VERSION, DTLS1_2_VERSION,
2213 SSL_NOT_DEFAULT | SSL_HIGH,
2214 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2220 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2221 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2222 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2227 TLS1_2_VERSION, TLS1_2_VERSION,
2228 DTLS1_2_VERSION, DTLS1_2_VERSION,
2229 SSL_NOT_DEFAULT | SSL_HIGH,
2230 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2236 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2237 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2238 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2243 TLS1_2_VERSION, TLS1_2_VERSION,
2244 DTLS1_2_VERSION, DTLS1_2_VERSION,
2245 SSL_NOT_DEFAULT | SSL_HIGH,
2246 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2252 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2253 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2254 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2259 TLS1_2_VERSION, TLS1_2_VERSION,
2260 DTLS1_2_VERSION, DTLS1_2_VERSION,
2261 SSL_NOT_DEFAULT | SSL_HIGH,
2262 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2268 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2270 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2275 TLS1_2_VERSION, TLS1_2_VERSION,
2276 DTLS1_2_VERSION, DTLS1_2_VERSION,
2277 SSL_NOT_DEFAULT | SSL_HIGH,
2278 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2284 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2285 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2286 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2291 SSL3_VERSION, TLS1_2_VERSION,
2292 DTLS1_BAD_VER, DTLS1_2_VERSION,
2293 SSL_NOT_DEFAULT | SSL_HIGH,
2294 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2300 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2301 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2302 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2307 SSL3_VERSION, TLS1_2_VERSION,
2308 DTLS1_BAD_VER, DTLS1_2_VERSION,
2309 SSL_NOT_DEFAULT | SSL_HIGH,
2310 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2316 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2317 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2318 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2323 SSL3_VERSION, TLS1_2_VERSION,
2324 DTLS1_BAD_VER, DTLS1_2_VERSION,
2325 SSL_NOT_DEFAULT | SSL_HIGH,
2326 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2332 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2334 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2339 SSL3_VERSION, TLS1_2_VERSION,
2340 DTLS1_BAD_VER, DTLS1_2_VERSION,
2341 SSL_NOT_DEFAULT | SSL_HIGH,
2342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2348 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2349 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2350 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2355 SSL3_VERSION, TLS1_2_VERSION,
2356 DTLS1_BAD_VER, DTLS1_2_VERSION,
2357 SSL_NOT_DEFAULT | SSL_HIGH,
2358 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2364 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2365 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2366 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2371 SSL3_VERSION, TLS1_2_VERSION,
2372 DTLS1_BAD_VER, DTLS1_2_VERSION,
2373 SSL_NOT_DEFAULT | SSL_HIGH,
2374 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2380 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2381 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2382 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2387 SSL3_VERSION, TLS1_2_VERSION,
2388 DTLS1_BAD_VER, DTLS1_2_VERSION,
2389 SSL_NOT_DEFAULT | SSL_HIGH,
2390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2396 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2398 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2403 SSL3_VERSION, TLS1_2_VERSION,
2404 DTLS1_BAD_VER, DTLS1_2_VERSION,
2405 SSL_NOT_DEFAULT | SSL_HIGH,
2406 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2412 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2414 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2419 TLS1_2_VERSION, TLS1_2_VERSION,
2420 DTLS1_2_VERSION, DTLS1_2_VERSION,
2421 SSL_NOT_DEFAULT | SSL_HIGH,
2422 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2428 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2429 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2430 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2435 TLS1_2_VERSION, TLS1_2_VERSION,
2436 DTLS1_2_VERSION, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2444 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2445 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2446 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2451 TLS1_2_VERSION, TLS1_2_VERSION,
2452 DTLS1_2_VERSION, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2460 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2461 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2462 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2476 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2478 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2483 TLS1_VERSION, TLS1_2_VERSION,
2484 DTLS1_BAD_VER, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2492 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2494 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2499 TLS1_VERSION, TLS1_2_VERSION,
2500 DTLS1_BAD_VER, DTLS1_2_VERSION,
2501 SSL_NOT_DEFAULT | SSL_HIGH,
2502 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2508 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2509 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2510 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2515 TLS1_VERSION, TLS1_2_VERSION,
2516 DTLS1_BAD_VER, DTLS1_2_VERSION,
2517 SSL_NOT_DEFAULT | SSL_HIGH,
2518 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2524 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2525 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2526 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2531 TLS1_VERSION, TLS1_2_VERSION,
2532 DTLS1_BAD_VER, DTLS1_2_VERSION,
2533 SSL_NOT_DEFAULT | SSL_HIGH,
2534 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2540 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2541 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2542 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2547 TLS1_VERSION, TLS1_2_VERSION,
2548 DTLS1_BAD_VER, DTLS1_2_VERSION,
2549 SSL_NOT_DEFAULT | SSL_HIGH,
2550 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2556 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2557 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2558 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2563 TLS1_VERSION, TLS1_2_VERSION,
2564 DTLS1_BAD_VER, DTLS1_2_VERSION,
2565 SSL_NOT_DEFAULT | SSL_HIGH,
2566 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2572 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2573 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2574 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2579 TLS1_VERSION, TLS1_2_VERSION,
2580 DTLS1_BAD_VER, DTLS1_2_VERSION,
2581 SSL_NOT_DEFAULT | SSL_HIGH,
2582 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2588 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2589 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2590 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2595 TLS1_VERSION, TLS1_2_VERSION,
2596 DTLS1_BAD_VER, DTLS1_2_VERSION,
2597 SSL_NOT_DEFAULT | SSL_HIGH,
2598 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2602 #endif /* OPENSSL_NO_CAMELLIA */
2604 #ifndef OPENSSL_NO_GOST
2607 "GOST2001-GOST89-GOST89",
2608 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2612 SSL_eGOST2814789CNT,
2614 TLS1_VERSION, TLS1_2_VERSION,
2617 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2623 "GOST2001-NULL-GOST94",
2624 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2630 TLS1_VERSION, TLS1_2_VERSION,
2633 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2639 "GOST2012-GOST8912-GOST8912",
2643 SSL_aGOST12 | SSL_aGOST01,
2644 SSL_eGOST2814789CNT12,
2646 TLS1_VERSION, TLS1_2_VERSION,
2649 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2655 "GOST2012-NULL-GOST12",
2659 SSL_aGOST12 | SSL_aGOST01,
2662 TLS1_VERSION, TLS1_2_VERSION,
2665 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2669 #endif /* OPENSSL_NO_GOST */
2671 #ifndef OPENSSL_NO_IDEA
2674 SSL3_TXT_RSA_IDEA_128_SHA,
2675 SSL3_RFC_RSA_IDEA_128_SHA,
2676 SSL3_CK_RSA_IDEA_128_SHA,
2681 SSL3_VERSION, TLS1_1_VERSION,
2682 DTLS1_BAD_VER, DTLS1_VERSION,
2683 SSL_NOT_DEFAULT | SSL_MEDIUM,
2684 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2690 #ifndef OPENSSL_NO_SEED
2693 TLS1_TXT_RSA_WITH_SEED_SHA,
2694 TLS1_RFC_RSA_WITH_SEED_SHA,
2695 TLS1_CK_RSA_WITH_SEED_SHA,
2700 SSL3_VERSION, TLS1_2_VERSION,
2701 DTLS1_BAD_VER, DTLS1_2_VERSION,
2702 SSL_NOT_DEFAULT | SSL_MEDIUM,
2703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2709 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2710 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2711 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2716 SSL3_VERSION, TLS1_2_VERSION,
2717 DTLS1_BAD_VER, DTLS1_2_VERSION,
2718 SSL_NOT_DEFAULT | SSL_MEDIUM,
2719 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2725 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2726 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2727 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2732 SSL3_VERSION, TLS1_2_VERSION,
2733 DTLS1_BAD_VER, DTLS1_2_VERSION,
2734 SSL_NOT_DEFAULT | SSL_MEDIUM,
2735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2741 TLS1_TXT_ADH_WITH_SEED_SHA,
2742 TLS1_RFC_ADH_WITH_SEED_SHA,
2743 TLS1_CK_ADH_WITH_SEED_SHA,
2748 SSL3_VERSION, TLS1_2_VERSION,
2749 DTLS1_BAD_VER, DTLS1_2_VERSION,
2750 SSL_NOT_DEFAULT | SSL_MEDIUM,
2751 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2755 #endif /* OPENSSL_NO_SEED */
2757 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2760 SSL3_TXT_RSA_RC4_128_MD5,
2761 SSL3_RFC_RSA_RC4_128_MD5,
2762 SSL3_CK_RSA_RC4_128_MD5,
2767 SSL3_VERSION, TLS1_2_VERSION,
2769 SSL_NOT_DEFAULT | SSL_MEDIUM,
2770 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776 SSL3_TXT_RSA_RC4_128_SHA,
2777 SSL3_RFC_RSA_RC4_128_SHA,
2778 SSL3_CK_RSA_RC4_128_SHA,
2783 SSL3_VERSION, TLS1_2_VERSION,
2785 SSL_NOT_DEFAULT | SSL_MEDIUM,
2786 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2792 SSL3_TXT_ADH_RC4_128_MD5,
2793 SSL3_RFC_ADH_RC4_128_MD5,
2794 SSL3_CK_ADH_RC4_128_MD5,
2799 SSL3_VERSION, TLS1_2_VERSION,
2801 SSL_NOT_DEFAULT | SSL_MEDIUM,
2802 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2808 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2809 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2810 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2815 TLS1_VERSION, TLS1_2_VERSION,
2817 SSL_NOT_DEFAULT | SSL_MEDIUM,
2818 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2824 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2825 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2826 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2831 TLS1_VERSION, TLS1_2_VERSION,
2833 SSL_NOT_DEFAULT | SSL_MEDIUM,
2834 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2840 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2841 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2842 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2847 TLS1_VERSION, TLS1_2_VERSION,
2849 SSL_NOT_DEFAULT | SSL_MEDIUM,
2850 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2856 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2857 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2858 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2863 TLS1_VERSION, TLS1_2_VERSION,
2865 SSL_NOT_DEFAULT | SSL_MEDIUM,
2866 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2872 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2873 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2874 TLS1_CK_PSK_WITH_RC4_128_SHA,
2879 SSL3_VERSION, TLS1_2_VERSION,
2881 SSL_NOT_DEFAULT | SSL_MEDIUM,
2882 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2888 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2889 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2890 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2895 SSL3_VERSION, TLS1_2_VERSION,
2897 SSL_NOT_DEFAULT | SSL_MEDIUM,
2898 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2904 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2906 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2911 SSL3_VERSION, TLS1_2_VERSION,
2913 SSL_NOT_DEFAULT | SSL_MEDIUM,
2914 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2918 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2920 #ifndef OPENSSL_NO_ARIA
2923 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2924 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2925 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2930 TLS1_2_VERSION, TLS1_2_VERSION,
2931 DTLS1_2_VERSION, DTLS1_2_VERSION,
2932 SSL_NOT_DEFAULT | SSL_HIGH,
2933 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2939 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2940 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2941 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2946 TLS1_2_VERSION, TLS1_2_VERSION,
2947 DTLS1_2_VERSION, DTLS1_2_VERSION,
2948 SSL_NOT_DEFAULT | SSL_HIGH,
2949 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2955 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2956 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2957 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2962 TLS1_2_VERSION, TLS1_2_VERSION,
2963 DTLS1_2_VERSION, DTLS1_2_VERSION,
2964 SSL_NOT_DEFAULT | SSL_HIGH,
2965 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2971 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2972 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2973 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2978 TLS1_2_VERSION, TLS1_2_VERSION,
2979 DTLS1_2_VERSION, DTLS1_2_VERSION,
2980 SSL_NOT_DEFAULT | SSL_HIGH,
2981 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2987 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2988 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2989 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2994 TLS1_2_VERSION, TLS1_2_VERSION,
2995 DTLS1_2_VERSION, DTLS1_2_VERSION,
2996 SSL_NOT_DEFAULT | SSL_HIGH,
2997 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3003 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3004 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3005 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3010 TLS1_2_VERSION, TLS1_2_VERSION,
3011 DTLS1_2_VERSION, DTLS1_2_VERSION,
3012 SSL_NOT_DEFAULT | SSL_HIGH,
3013 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3019 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3021 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3026 TLS1_2_VERSION, TLS1_2_VERSION,
3027 DTLS1_2_VERSION, DTLS1_2_VERSION,
3028 SSL_NOT_DEFAULT | SSL_HIGH,
3029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3035 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3037 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3042 TLS1_2_VERSION, TLS1_2_VERSION,
3043 DTLS1_2_VERSION, DTLS1_2_VERSION,
3044 SSL_NOT_DEFAULT | SSL_HIGH,
3045 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3051 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3058 TLS1_2_VERSION, TLS1_2_VERSION,
3059 DTLS1_2_VERSION, DTLS1_2_VERSION,
3060 SSL_NOT_DEFAULT | SSL_HIGH,
3061 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3067 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3074 TLS1_2_VERSION, TLS1_2_VERSION,
3075 DTLS1_2_VERSION, DTLS1_2_VERSION,
3076 SSL_NOT_DEFAULT | SSL_HIGH,
3077 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3083 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3085 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3090 TLS1_2_VERSION, TLS1_2_VERSION,
3091 DTLS1_2_VERSION, DTLS1_2_VERSION,
3092 SSL_NOT_DEFAULT | SSL_HIGH,
3093 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3099 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3101 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3106 TLS1_2_VERSION, TLS1_2_VERSION,
3107 DTLS1_2_VERSION, DTLS1_2_VERSION,
3108 SSL_NOT_DEFAULT | SSL_HIGH,
3109 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3115 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3117 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3122 TLS1_2_VERSION, TLS1_2_VERSION,
3123 DTLS1_2_VERSION, DTLS1_2_VERSION,
3124 SSL_NOT_DEFAULT | SSL_HIGH,
3125 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3131 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3133 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3138 TLS1_2_VERSION, TLS1_2_VERSION,
3139 DTLS1_2_VERSION, DTLS1_2_VERSION,
3140 SSL_NOT_DEFAULT | SSL_HIGH,
3141 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3147 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3149 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3154 TLS1_2_VERSION, TLS1_2_VERSION,
3155 DTLS1_2_VERSION, DTLS1_2_VERSION,
3156 SSL_NOT_DEFAULT | SSL_HIGH,
3157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3163 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3165 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3170 TLS1_2_VERSION, TLS1_2_VERSION,
3171 DTLS1_2_VERSION, DTLS1_2_VERSION,
3172 SSL_NOT_DEFAULT | SSL_HIGH,
3173 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3177 #endif /* OPENSSL_NO_ARIA */
3181 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3182 * values stuffed into the ciphers field of the wire protocol for signalling
3185 static SSL_CIPHER ssl3_scsvs[] = {
3188 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3189 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3191 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3195 "TLS_FALLBACK_SCSV",
3196 "TLS_FALLBACK_SCSV",
3197 SSL3_CK_FALLBACK_SCSV,
3198 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3202 static int cipher_compare(const void *a, const void *b)
3204 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3205 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3207 if (ap->id == bp->id)
3209 return ap->id < bp->id ? -1 : 1;
3212 void ssl_sort_cipher_list(void)
3214 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3216 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3218 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3221 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3222 const char * t, size_t u,
3223 const unsigned char * v, size_t w, int x)
3232 return ssl_undefined_function(ssl);
3235 const SSL3_ENC_METHOD SSLv3_enc_data = {
3238 ssl3_setup_key_block,
3239 ssl3_generate_master_secret,
3240 ssl3_change_cipher_state,
3241 ssl3_final_finish_mac,
3242 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3243 SSL3_MD_SERVER_FINISHED_CONST, 4,
3245 ssl_undefined_function_1,
3247 ssl3_set_handshake_header,
3248 tls_close_construct_packet,
3249 ssl3_handshake_write
3252 long ssl3_default_timeout(void)
3255 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3256 * http, the cache would over fill
3258 return (60 * 60 * 2);
3261 int ssl3_num_ciphers(void)
3263 return SSL3_NUM_CIPHERS;
3266 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3268 if (u < SSL3_NUM_CIPHERS)
3269 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3274 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3276 /* No header in the event of a CCS */
3277 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3280 /* Set the content type and 3 bytes for the message len */
3281 if (!WPACKET_put_bytes_u8(pkt, htype)
3282 || !WPACKET_start_sub_packet_u24(pkt))
3288 int ssl3_handshake_write(SSL *s)
3290 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3293 int ssl3_new(SSL *s)
3295 #ifndef OPENSSL_NO_SRP
3296 if (!SSL_SRP_CTX_init(s))
3300 if (!s->method->ssl_clear(s))
3306 void ssl3_free(SSL *s)
3311 ssl3_cleanup_key_block(s);
3313 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3314 EVP_PKEY_free(s->s3.peer_tmp);
3315 s->s3.peer_tmp = NULL;
3316 EVP_PKEY_free(s->s3.tmp.pkey);
3317 s->s3.tmp.pkey = NULL;
3320 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3321 ssl_evp_md_free(s->s3.tmp.new_hash);
3323 OPENSSL_free(s->s3.tmp.ctype);
3324 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3325 OPENSSL_free(s->s3.tmp.ciphers_raw);
3326 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3327 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3328 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3329 ssl3_free_digest_list(s);
3330 OPENSSL_free(s->s3.alpn_selected);
3331 OPENSSL_free(s->s3.alpn_proposed);
3333 #ifndef OPENSSL_NO_SRP
3334 SSL_SRP_CTX_free(s);
3336 memset(&s->s3, 0, sizeof(s->s3));
3339 int ssl3_clear(SSL *s)
3341 ssl3_cleanup_key_block(s);
3342 OPENSSL_free(s->s3.tmp.ctype);
3343 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3344 OPENSSL_free(s->s3.tmp.ciphers_raw);
3345 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3346 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3347 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3349 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3350 EVP_PKEY_free(s->s3.tmp.pkey);
3351 EVP_PKEY_free(s->s3.peer_tmp);
3352 #endif /* !OPENSSL_NO_EC */
3354 ssl3_free_digest_list(s);
3356 OPENSSL_free(s->s3.alpn_selected);
3357 OPENSSL_free(s->s3.alpn_proposed);
3359 /* NULL/zero-out everything in the s3 struct */
3360 memset(&s->s3, 0, sizeof(s->s3));
3362 if (!ssl_free_wbio_buffer(s))
3365 s->version = SSL3_VERSION;
3367 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3368 OPENSSL_free(s->ext.npn);
3376 #ifndef OPENSSL_NO_SRP
3377 static char *srp_password_from_info_cb(SSL *s, void *arg)
3379 return OPENSSL_strdup(s->srp_ctx.info);
3383 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3385 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3390 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3392 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3393 ret = s->s3.num_renegotiations;
3395 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3396 ret = s->s3.num_renegotiations;
3397 s->s3.num_renegotiations = 0;
3399 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3400 ret = s->s3.total_renegotiations;
3402 case SSL_CTRL_GET_FLAGS:
3403 ret = (int)(s->s3.flags);
3405 #ifndef OPENSSL_NO_DH
3406 case SSL_CTRL_SET_TMP_DH:
3408 DH *dh = (DH *)parg;
3409 EVP_PKEY *pkdh = NULL;
3411 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3414 pkdh = ssl_dh_to_pkey(dh);
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3419 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3420 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3421 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3422 EVP_PKEY_free(pkdh);
3425 EVP_PKEY_free(s->cert->dh_tmp);
3426 s->cert->dh_tmp = pkdh;
3430 case SSL_CTRL_SET_TMP_DH_CB:
3432 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3435 case SSL_CTRL_SET_DH_AUTO:
3436 s->cert->dh_tmp_auto = larg;
3439 #ifndef OPENSSL_NO_EC
3440 case SSL_CTRL_SET_TMP_ECDH:
3442 const EC_GROUP *group = NULL;
3446 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3449 group = EC_KEY_get0_group((const EC_KEY *)parg);
3450 if (group == NULL) {
3451 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3454 nid = EC_GROUP_get_curve_name(group);
3455 if (nid == NID_undef)
3457 return tls1_set_groups(&s->ext.supportedgroups,
3458 &s->ext.supportedgroups_len,
3462 #endif /* !OPENSSL_NO_EC */
3463 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3466 * This API is only used for a client to set what SNI it will request
3467 * from the server, but we currently allow it to be used on servers
3468 * as well, which is a programming error. Currently we just clear
3469 * the field in SSL_do_handshake() for server SSLs, but when we can
3470 * make ABI-breaking changes, we may want to make use of this API
3471 * an error on server SSLs.
3473 if (larg == TLSEXT_NAMETYPE_host_name) {
3476 OPENSSL_free(s->ext.hostname);
3477 s->ext.hostname = NULL;
3482 len = strlen((char *)parg);
3483 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3484 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3487 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3488 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3492 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3496 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3497 s->ext.debug_arg = parg;
3501 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3502 ret = s->ext.status_type;
3505 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3506 s->ext.status_type = larg;
3510 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3511 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3515 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3516 s->ext.ocsp.exts = parg;
3520 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3521 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3525 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3526 s->ext.ocsp.ids = parg;
3530 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3531 *(unsigned char **)parg = s->ext.ocsp.resp;
3532 if (s->ext.ocsp.resp_len == 0
3533 || s->ext.ocsp.resp_len > LONG_MAX)
3535 return (long)s->ext.ocsp.resp_len;
3537 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3538 OPENSSL_free(s->ext.ocsp.resp);
3539 s->ext.ocsp.resp = parg;
3540 s->ext.ocsp.resp_len = larg;
3544 case SSL_CTRL_CHAIN:
3546 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3548 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3550 case SSL_CTRL_CHAIN_CERT:
3552 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3554 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3556 case SSL_CTRL_GET_CHAIN_CERTS:
3557 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3561 case SSL_CTRL_SELECT_CURRENT_CERT:
3562 return ssl_cert_select_current(s->cert, (X509 *)parg);
3564 case SSL_CTRL_SET_CURRENT_CERT:
3565 if (larg == SSL_CERT_SET_SERVER) {
3566 const SSL_CIPHER *cipher;
3569 cipher = s->s3.tmp.new_cipher;
3573 * No certificate for unauthenticated ciphersuites or using SRP
3576 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3578 if (s->s3.tmp.cert == NULL)
3580 s->cert->key = s->s3.tmp.cert;
3583 return ssl_cert_set_current(s->cert, larg);
3585 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3586 case SSL_CTRL_GET_GROUPS:
3593 clist = s->ext.peer_supportedgroups;
3594 clistlen = s->ext.peer_supportedgroups_len;
3599 for (i = 0; i < clistlen; i++) {
3600 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3603 cptr[i] = cinf->nid;
3605 cptr[i] = TLSEXT_nid_unknown | clist[i];
3608 return (int)clistlen;
3611 case SSL_CTRL_SET_GROUPS:
3612 return tls1_set_groups(&s->ext.supportedgroups,
3613 &s->ext.supportedgroups_len, parg, larg);
3615 case SSL_CTRL_SET_GROUPS_LIST:
3616 return tls1_set_groups_list(&s->ext.supportedgroups,
3617 &s->ext.supportedgroups_len, parg);
3619 case SSL_CTRL_GET_SHARED_GROUP:
3621 uint16_t id = tls1_shared_group(s, larg);
3624 return tls1_group_id2nid(id);
3627 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3628 ret = tls1_group_id2nid(s->s3.group_id);
3630 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3632 case SSL_CTRL_SET_SIGALGS:
3633 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3635 case SSL_CTRL_SET_SIGALGS_LIST:
3636 return tls1_set_sigalgs_list(s->cert, parg, 0);
3638 case SSL_CTRL_SET_CLIENT_SIGALGS:
3639 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3641 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3642 return tls1_set_sigalgs_list(s->cert, parg, 1);
3644 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3646 const unsigned char **pctype = parg;
3647 if (s->server || !s->s3.tmp.cert_req)
3650 *pctype = s->s3.tmp.ctype;
3651 return s->s3.tmp.ctype_len;
3654 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3657 return ssl3_set_req_cert_type(s->cert, parg, larg);
3659 case SSL_CTRL_BUILD_CERT_CHAIN:
3660 return ssl_build_cert_chain(s, NULL, larg);
3662 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3663 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3665 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3666 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3668 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3669 if (s->s3.tmp.peer_sigalg == NULL)
3671 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3674 case SSL_CTRL_GET_SIGNATURE_NID:
3675 if (s->s3.tmp.sigalg == NULL)
3677 *(int *)parg = s->s3.tmp.sigalg->hash;
3680 case SSL_CTRL_GET_PEER_TMP_KEY:
3681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3682 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3685 EVP_PKEY_up_ref(s->s3.peer_tmp);
3686 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3693 case SSL_CTRL_GET_TMP_KEY:
3694 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3695 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3698 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3699 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3706 #ifndef OPENSSL_NO_EC
3707 case SSL_CTRL_GET_EC_POINT_FORMATS:
3709 const unsigned char **pformat = parg;
3711 if (s->ext.peer_ecpointformats == NULL)
3713 *pformat = s->ext.peer_ecpointformats;
3714 return (int)s->ext.peer_ecpointformats_len;
3724 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3729 #ifndef OPENSSL_NO_DH
3730 case SSL_CTRL_SET_TMP_DH_CB:
3732 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3736 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3737 s->ext.debug_cb = (void (*)(SSL *, int, int,
3738 const unsigned char *, int, void *))fp;
3741 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3743 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3752 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3755 #ifndef OPENSSL_NO_DH
3756 case SSL_CTRL_SET_TMP_DH:
3758 DH *dh = (DH *)parg;
3759 EVP_PKEY *pkdh = NULL;
3761 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3764 pkdh = ssl_dh_to_pkey(dh);
3766 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3769 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3770 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3771 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3772 EVP_PKEY_free(pkdh);
3775 EVP_PKEY_free(ctx->cert->dh_tmp);
3776 ctx->cert->dh_tmp = pkdh;
3779 case SSL_CTRL_SET_TMP_DH_CB:
3781 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3784 case SSL_CTRL_SET_DH_AUTO:
3785 ctx->cert->dh_tmp_auto = larg;
3788 #ifndef OPENSSL_NO_EC
3789 case SSL_CTRL_SET_TMP_ECDH:
3791 const EC_GROUP *group = NULL;
3795 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3798 group = EC_KEY_get0_group((const EC_KEY *)parg);
3799 if (group == NULL) {
3800 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3803 nid = EC_GROUP_get_curve_name(group);
3804 if (nid == NID_undef)
3806 return tls1_set_groups(&ctx->ext.supportedgroups,
3807 &ctx->ext.supportedgroups_len,
3810 #endif /* !OPENSSL_NO_EC */
3811 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3812 ctx->ext.servername_arg = parg;
3814 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3815 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3817 unsigned char *keys = parg;
3818 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3819 sizeof(ctx->ext.secure->tick_hmac_key) +
3820 sizeof(ctx->ext.secure->tick_aes_key));
3823 if (larg != tick_keylen) {
3824 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3827 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3828 memcpy(ctx->ext.tick_key_name, keys,
3829 sizeof(ctx->ext.tick_key_name));
3830 memcpy(ctx->ext.secure->tick_hmac_key,
3831 keys + sizeof(ctx->ext.tick_key_name),
3832 sizeof(ctx->ext.secure->tick_hmac_key));
3833 memcpy(ctx->ext.secure->tick_aes_key,
3834 keys + sizeof(ctx->ext.tick_key_name) +
3835 sizeof(ctx->ext.secure->tick_hmac_key),
3836 sizeof(ctx->ext.secure->tick_aes_key));
3838 memcpy(keys, ctx->ext.tick_key_name,
3839 sizeof(ctx->ext.tick_key_name));
3840 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3841 ctx->ext.secure->tick_hmac_key,
3842 sizeof(ctx->ext.secure->tick_hmac_key));
3843 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3844 sizeof(ctx->ext.secure->tick_hmac_key),
3845 ctx->ext.secure->tick_aes_key,
3846 sizeof(ctx->ext.secure->tick_aes_key));
3851 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3852 return ctx->ext.status_type;
3854 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3855 ctx->ext.status_type = larg;
3858 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3859 ctx->ext.status_arg = parg;
3862 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3863 *(void**)parg = ctx->ext.status_arg;
3866 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3867 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3870 #ifndef OPENSSL_NO_SRP
3871 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3872 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3873 OPENSSL_free(ctx->srp_ctx.login);
3874 ctx->srp_ctx.login = NULL;
3877 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3878 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3881 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3882 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3886 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3887 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3888 srp_password_from_info_cb;
3889 if (ctx->srp_ctx.info != NULL)
3890 OPENSSL_free(ctx->srp_ctx.info);
3891 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3892 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3896 case SSL_CTRL_SET_SRP_ARG:
3897 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3898 ctx->srp_ctx.SRP_cb_arg = parg;
3901 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3902 ctx->srp_ctx.strength = larg;
3906 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3907 case SSL_CTRL_SET_GROUPS:
3908 return tls1_set_groups(&ctx->ext.supportedgroups,
3909 &ctx->ext.supportedgroups_len,
3912 case SSL_CTRL_SET_GROUPS_LIST:
3913 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3914 &ctx->ext.supportedgroups_len,
3916 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3918 case SSL_CTRL_SET_SIGALGS:
3919 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3921 case SSL_CTRL_SET_SIGALGS_LIST:
3922 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3924 case SSL_CTRL_SET_CLIENT_SIGALGS:
3925 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3927 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3928 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3930 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3931 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3933 case SSL_CTRL_BUILD_CERT_CHAIN:
3934 return ssl_build_cert_chain(NULL, ctx, larg);
3936 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3937 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3939 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3940 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3942 /* A Thawte special :-) */
3943 case SSL_CTRL_EXTRA_CHAIN_CERT:
3944 if (ctx->extra_certs == NULL) {
3945 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3946 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3950 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3951 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3956 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3957 if (ctx->extra_certs == NULL && larg == 0)
3958 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3960 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3963 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3964 sk_X509_pop_free(ctx->extra_certs, X509_free);
3965 ctx->extra_certs = NULL;
3968 case SSL_CTRL_CHAIN:
3970 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3972 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3974 case SSL_CTRL_CHAIN_CERT:
3976 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3978 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3980 case SSL_CTRL_GET_CHAIN_CERTS:
3981 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3984 case SSL_CTRL_SELECT_CURRENT_CERT:
3985 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3987 case SSL_CTRL_SET_CURRENT_CERT:
3988 return ssl_cert_set_current(ctx->cert, larg);
3996 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3999 #ifndef OPENSSL_NO_DH
4000 case SSL_CTRL_SET_TMP_DH_CB:
4002 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4006 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4007 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4010 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4011 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4014 # ifndef OPENSSL_NO_DEPRECATED_3_0
4015 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4016 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4019 HMAC_CTX *, int))fp;
4023 #ifndef OPENSSL_NO_SRP
4024 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4025 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4026 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4028 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4029 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4030 ctx->srp_ctx.TLS_ext_srp_username_callback =
4031 (int (*)(SSL *, int *, void *))fp;
4033 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4034 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4035 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4036 (char *(*)(SSL *, void *))fp;
4039 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4041 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4050 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4051 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4052 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4054 ctx->ext.ticket_key_evp_cb = fp;
4058 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4061 const SSL_CIPHER *cp;
4064 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4067 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4070 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4073 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4075 SSL_CIPHER *c = NULL, *tbl;
4076 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
4077 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
4079 /* this is not efficient, necessary to optimize this? */
4080 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4081 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4082 if (tbl->stdname == NULL)
4084 if (strcmp(stdname, tbl->stdname) == 0) {
4092 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4093 if (strcmp(stdname, tbl->stdname) == 0) {
4103 * This function needs to check if the ciphers required are actually
4106 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4108 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4109 | ((uint32_t)p[0] << 8L)
4113 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4115 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4120 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4128 * ssl3_choose_cipher - choose a cipher from those offered by the client
4129 * @s: SSL connection
4130 * @clnt: ciphers offered by the client
4131 * @srvr: ciphers enabled on the server?
4133 * Returns the selected cipher or NULL when no common ciphers.
4135 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4136 STACK_OF(SSL_CIPHER) *srvr)
4138 const SSL_CIPHER *c, *ret = NULL;
4139 STACK_OF(SSL_CIPHER) *prio, *allow;
4140 int i, ii, ok, prefer_sha256 = 0;
4141 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4142 #ifndef OPENSSL_NO_CHACHA
4143 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4146 /* Let's see which ciphers we can support */
4149 * Do not set the compare functions, because this may lead to a
4150 * reordering by "id". We want to keep the original ordering. We may pay
4151 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4152 * pay with the price of sk_SSL_CIPHER_dup().
4155 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4156 BIO_printf(trc_out, "Server has %d from %p:\n",
4157 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4158 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4159 c = sk_SSL_CIPHER_value(srvr, i);
4160 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4162 BIO_printf(trc_out, "Client sent %d from %p:\n",
4163 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4164 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4165 c = sk_SSL_CIPHER_value(clnt, i);
4166 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4168 } OSSL_TRACE_END(TLS_CIPHER);
4170 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4171 if (tls1_suiteb(s)) {
4174 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4177 #ifndef OPENSSL_NO_CHACHA
4178 /* If ChaCha20 is at the top of the client preference list,
4179 and there are ChaCha20 ciphers in the server list, then
4180 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4181 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4182 c = sk_SSL_CIPHER_value(clnt, 0);
4183 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4184 /* ChaCha20 is client preferred, check server... */
4185 int num = sk_SSL_CIPHER_num(srvr);
4187 for (i = 0; i < num; i++) {
4188 c = sk_SSL_CIPHER_value(srvr, i);
4189 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4195 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4196 /* if reserve fails, then there's likely a memory issue */
4197 if (prio_chacha != NULL) {
4198 /* Put all ChaCha20 at the top, starting with the one we just found */
4199 sk_SSL_CIPHER_push(prio_chacha, c);
4200 for (i++; i < num; i++) {
4201 c = sk_SSL_CIPHER_value(srvr, i);
4202 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4203 sk_SSL_CIPHER_push(prio_chacha, c);
4205 /* Pull in the rest */
4206 for (i = 0; i < num; i++) {
4207 c = sk_SSL_CIPHER_value(srvr, i);
4208 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4209 sk_SSL_CIPHER_push(prio_chacha, c);
4222 if (SSL_IS_TLS13(s)) {
4223 #ifndef OPENSSL_NO_PSK
4227 * If we allow "old" style PSK callbacks, and we have no certificate (so
4228 * we're not going to succeed without a PSK anyway), and we're in
4229 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4230 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4233 if (s->psk_server_callback != NULL) {
4234 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4235 if (j == SSL_PKEY_NUM) {
4236 /* There are no certificates */
4242 tls1_set_cert_validity(s);
4246 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4247 c = sk_SSL_CIPHER_value(prio, i);
4249 /* Skip ciphers not supported by the protocol version */
4250 if (!SSL_IS_DTLS(s) &&
4251 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4253 if (SSL_IS_DTLS(s) &&
4254 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4255 DTLS_VERSION_GT(s->version, c->max_dtls)))
4259 * Since TLS 1.3 ciphersuites can be used with any auth or
4260 * key exchange scheme skip tests.
4262 if (!SSL_IS_TLS13(s)) {
4263 mask_k = s->s3.tmp.mask_k;
4264 mask_a = s->s3.tmp.mask_a;
4265 #ifndef OPENSSL_NO_SRP
4266 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4272 alg_k = c->algorithm_mkey;
4273 alg_a = c->algorithm_auth;
4275 #ifndef OPENSSL_NO_PSK
4276 /* with PSK there must be server callback set */
4277 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4279 #endif /* OPENSSL_NO_PSK */
4281 ok = (alg_k & mask_k) && (alg_a & mask_a);
4282 OSSL_TRACE7(TLS_CIPHER,
4283 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4284 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4286 #ifndef OPENSSL_NO_EC
4288 * if we are considering an ECC cipher suite that uses an ephemeral
4291 if (alg_k & SSL_kECDHE)
4292 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4293 #endif /* OPENSSL_NO_EC */
4298 ii = sk_SSL_CIPHER_find(allow, c);
4300 /* Check security callback permits this cipher */
4301 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4302 c->strength_bits, 0, (void *)c))
4304 #if !defined(OPENSSL_NO_EC)
4305 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4306 && s->s3.is_probably_safari) {
4308 ret = sk_SSL_CIPHER_value(allow, ii);
4312 if (prefer_sha256) {
4313 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4316 * TODO: When there are no more legacy digests we can just use
4317 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4319 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
4320 OBJ_nid2sn(NID_sha256))) {
4328 ret = sk_SSL_CIPHER_value(allow, ii);
4332 #ifndef OPENSSL_NO_CHACHA
4333 sk_SSL_CIPHER_free(prio_chacha);
4338 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4340 uint32_t alg_k, alg_a = 0;
4342 /* If we have custom certificate types set, use them */
4344 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4345 /* Get mask of algorithms disabled by signature list */
4346 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4348 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4350 #ifndef OPENSSL_NO_GOST
4351 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4352 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4353 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4354 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4357 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4358 #ifndef OPENSSL_NO_DH
4359 # ifndef OPENSSL_NO_RSA
4360 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4363 # ifndef OPENSSL_NO_DSA
4364 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4367 #endif /* !OPENSSL_NO_DH */
4369 #ifndef OPENSSL_NO_RSA
4370 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4373 #ifndef OPENSSL_NO_DSA
4374 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4377 #ifndef OPENSSL_NO_EC
4379 * ECDSA certs can be used with RSA cipher suites too so we don't
4380 * need to check for SSL_kECDH or SSL_kECDHE
4382 if (s->version >= TLS1_VERSION
4383 && !(alg_a & SSL_aECDSA)
4384 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4390 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4392 OPENSSL_free(c->ctype);
4395 if (p == NULL || len == 0)
4399 c->ctype = OPENSSL_memdup(p, len);
4400 if (c->ctype == NULL)
4406 int ssl3_shutdown(SSL *s)
4411 * Don't do anything much if we have not done the handshake or we don't
4412 * want to send messages :-)
4414 if (s->quiet_shutdown || SSL_in_before(s)) {
4415 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4419 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4420 s->shutdown |= SSL_SENT_SHUTDOWN;
4421 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4423 * our shutdown alert has been sent now, and if it still needs to be
4424 * written, s->s3.alert_dispatch will be true
4426 if (s->s3.alert_dispatch)
4427 return -1; /* return WANT_WRITE */
4428 } else if (s->s3.alert_dispatch) {
4429 /* resend it if not sent */
4430 ret = s->method->ssl_dispatch_alert(s);
4433 * we only get to return -1 here the 2nd/Nth invocation, we must
4434 * have already signalled return 0 upon a previous invocation,
4439 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4442 * If we are waiting for a close from our peer, we are closed
4444 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4445 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4446 return -1; /* return WANT_READ */
4450 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4451 !s->s3.alert_dispatch)
4457 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4460 if (s->s3.renegotiate)
4461 ssl3_renegotiate_check(s, 0);
4463 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4467 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4473 if (s->s3.renegotiate)
4474 ssl3_renegotiate_check(s, 0);
4475 s->s3.in_read_app_data = 1;
4477 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4479 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4481 * ssl3_read_bytes decided to call s->handshake_func, which called
4482 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4483 * actually found application data and thinks that application data
4484 * makes sense here; so disable handshake processing and try to read
4485 * application data again.
4487 ossl_statem_set_in_handshake(s, 1);
4489 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4490 len, peek, readbytes);
4491 ossl_statem_set_in_handshake(s, 0);
4493 s->s3.in_read_app_data = 0;
4498 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4500 return ssl3_read_internal(s, buf, len, 0, readbytes);
4503 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4505 return ssl3_read_internal(s, buf, len, 1, readbytes);
4508 int ssl3_renegotiate(SSL *s)
4510 if (s->handshake_func == NULL)
4513 s->s3.renegotiate = 1;
4518 * Check if we are waiting to do a renegotiation and if so whether now is a
4519 * good time to do it. If |initok| is true then we are being called from inside
4520 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4521 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4522 * should do a renegotiation now and sets up the state machine for it. Otherwise
4525 int ssl3_renegotiate_check(SSL *s, int initok)
4529 if (s->s3.renegotiate) {
4530 if (!RECORD_LAYER_read_pending(&s->rlayer)
4531 && !RECORD_LAYER_write_pending(&s->rlayer)
4532 && (initok || !SSL_in_init(s))) {
4534 * if we are the server, and we have sent a 'RENEGOTIATE'
4535 * message, we need to set the state machine into the renegotiate
4538 ossl_statem_set_renegotiate(s);
4539 s->s3.renegotiate = 0;
4540 s->s3.num_renegotiations++;
4541 s->s3.total_renegotiations++;
4549 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4550 * handshake macs if required.
4552 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4554 long ssl_get_algorithm2(SSL *s)
4557 if (s->s3.tmp.new_cipher == NULL)
4559 alg2 = s->s3.tmp.new_cipher->algorithm2;
4560 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4561 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4562 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4563 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4564 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4565 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4571 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4572 * failure, 1 on success.
4574 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4577 int send_time = 0, ret;
4582 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4584 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4586 unsigned long Time = (unsigned long)time(NULL);
4587 unsigned char *p = result;
4590 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
4592 ret = RAND_bytes_ex(s->ctx->libctx, result, len);
4596 if (!ossl_assert(sizeof(tls11downgrade) < len)
4597 || !ossl_assert(sizeof(tls12downgrade) < len))
4599 if (dgrd == DOWNGRADE_TO_1_2)
4600 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4601 sizeof(tls12downgrade));
4602 else if (dgrd == DOWNGRADE_TO_1_1)
4603 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4604 sizeof(tls11downgrade));
4610 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4613 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4616 if (alg_k & SSL_PSK) {
4617 #ifndef OPENSSL_NO_PSK
4618 unsigned char *pskpms, *t;
4619 size_t psklen = s->s3.tmp.psklen;
4622 /* create PSK premaster_secret */
4624 /* For plain PSK "other_secret" is psklen zeroes */
4625 if (alg_k & SSL_kPSK)
4628 pskpmslen = 4 + pmslen + psklen;
4629 pskpms = OPENSSL_malloc(pskpmslen);
4634 if (alg_k & SSL_kPSK)
4635 memset(t, 0, pmslen);
4637 memcpy(t, pms, pmslen);
4640 memcpy(t, s->s3.tmp.psk, psklen);
4642 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4643 s->s3.tmp.psk = NULL;
4644 if (!s->method->ssl3_enc->generate_master_secret(s,
4645 s->session->master_key, pskpms, pskpmslen,
4646 &s->session->master_key_length)) {
4647 OPENSSL_clear_free(pskpms, pskpmslen);
4648 /* SSLfatal() already called */
4651 OPENSSL_clear_free(pskpms, pskpmslen);
4653 /* Should never happen */
4657 if (!s->method->ssl3_enc->generate_master_secret(s,
4658 s->session->master_key, pms, pmslen,
4659 &s->session->master_key_length)) {
4660 /* SSLfatal() already called */
4669 OPENSSL_clear_free(pms, pmslen);
4671 OPENSSL_cleanse(pms, pmslen);
4674 s->s3.tmp.pms = NULL;
4678 /* Generate a private key from parameters */
4679 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4681 EVP_PKEY_CTX *pctx = NULL;
4682 EVP_PKEY *pkey = NULL;
4686 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4689 if (EVP_PKEY_keygen_init(pctx) <= 0)
4691 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4692 EVP_PKEY_free(pkey);
4697 EVP_PKEY_CTX_free(pctx);
4701 /* Generate a private key from a group ID */
4702 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
4703 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4705 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4706 EVP_PKEY_CTX *pctx = NULL;
4707 EVP_PKEY *pkey = NULL;
4709 # ifndef OPENSSL_NO_DH
4714 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4715 ERR_R_INTERNAL_ERROR);
4718 gtype = ginf->flags & TLS_GROUP_TYPE;
4720 * TODO(3.0): Convert these EVP_PKEY_CTX_new_id calls to ones that take
4721 * s->ctx->libctx and s->ctx->propq when keygen has been updated to be
4724 # ifndef OPENSSL_NO_DH
4725 if (gtype == TLS_GROUP_FFDHE)
4726 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
4727 # ifndef OPENSSL_NO_EC
4731 # ifndef OPENSSL_NO_EC
4733 if (gtype == TLS_GROUP_CURVE_CUSTOM)
4734 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4736 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4740 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4741 ERR_R_MALLOC_FAILURE);
4744 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4745 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4749 # ifndef OPENSSL_NO_DH
4750 if (gtype == TLS_GROUP_FFDHE) {
4751 if ((pkey = EVP_PKEY_new()) == NULL
4752 || (dh = DH_new_by_nid(ginf->nid)) == NULL
4753 || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
4754 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4757 EVP_PKEY_free(pkey);
4761 if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
4762 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4764 EVP_PKEY_free(pkey);
4769 # ifndef OPENSSL_NO_EC
4773 # ifndef OPENSSL_NO_EC
4775 if (gtype != TLS_GROUP_CURVE_CUSTOM
4776 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4777 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4783 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4784 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4786 EVP_PKEY_free(pkey);
4791 EVP_PKEY_CTX_free(pctx);
4797 * Generate parameters from a group ID
4799 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4801 EVP_PKEY_CTX *pctx = NULL;
4802 EVP_PKEY *pkey = NULL;
4803 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4809 if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) {
4810 pkey = EVP_PKEY_new();
4811 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4813 EVP_PKEY_free(pkey);
4818 * TODO(3.0): Convert this EVP_PKEY_CTX_new_id call to one that takes
4819 * s->ctx->libctx and s->ctx->propq when paramgen has been updated to be
4822 pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE)
4823 ? EVP_PKEY_DH : EVP_PKEY_EC;
4824 pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL);
4827 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4829 # ifndef OPENSSL_NO_DH
4830 if (ginf->flags & TLS_GROUP_FFDHE) {
4831 if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
4834 # ifndef OPENSSL_NO_EC
4838 # ifndef OPENSSL_NO_EC
4840 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4844 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4845 EVP_PKEY_free(pkey);
4850 EVP_PKEY_CTX_free(pctx);
4854 /* Derive secrets for ECDH/DH */
4855 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4858 unsigned char *pms = NULL;
4862 if (privkey == NULL || pubkey == NULL) {
4863 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4864 ERR_R_INTERNAL_ERROR);
4868 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4870 if (EVP_PKEY_derive_init(pctx) <= 0
4871 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4872 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4873 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4874 ERR_R_INTERNAL_ERROR);
4878 #ifndef OPENSSL_NO_DH
4879 if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
4880 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4883 pms = OPENSSL_malloc(pmslen);
4885 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4886 ERR_R_MALLOC_FAILURE);
4890 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4891 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4892 ERR_R_INTERNAL_ERROR);
4897 /* SSLfatal() called as appropriate in the below functions */
4898 if (SSL_IS_TLS13(s)) {
4900 * If we are resuming then we already generated the early secret
4901 * when we created the ClientHello, so don't recreate it.
4904 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4906 (unsigned char *)&s->early_secret);
4910 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4912 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4915 /* Save premaster secret */
4916 s->s3.tmp.pms = pms;
4917 s->s3.tmp.pmslen = pmslen;
4923 OPENSSL_clear_free(pms, pmslen);
4924 EVP_PKEY_CTX_free(pctx);
4928 #ifndef OPENSSL_NO_DH
4929 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4934 ret = EVP_PKEY_new();
4935 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
projects / openssl.git / blob