Rework the default cipherlist.
[openssl.git] / ssl / s3_lib.c
index c9b27eb..78aaf7b 100644 (file)
@@ -239,7 +239,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_IDEA,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_MEDIUM,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -272,7 +272,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_3DES,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -401,7 +401,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -463,7 +463,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
@@ -560,7 +560,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -579,7 +579,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -595,7 +595,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -611,7 +611,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -661,7 +661,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
@@ -759,7 +759,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
@@ -775,7 +775,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
@@ -791,7 +791,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
@@ -1028,7 +1028,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_SEED,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_MEDIUM,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -1044,7 +1044,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_SEED,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_MEDIUM,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -1060,7 +1060,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_SEED,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_MEDIUM,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -1160,7 +1160,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128GCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -1176,7 +1176,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256GCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256,
@@ -1518,7 +1518,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -1534,7 +1534,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -1550,7 +1550,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -1582,7 +1582,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -1598,7 +1598,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -1614,7 +1614,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -1929,7 +1929,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_3DES,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1977,7 +1977,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128,
@@ -2025,7 +2025,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256,
      SSL_SHA1,
      SSL_SSLV3,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      256,
      256,
@@ -2323,7 +2323,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128},
@@ -2337,7 +2337,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA384,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256},
@@ -2351,7 +2351,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128},
@@ -2365,7 +2365,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA384,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256},
@@ -2383,7 +2383,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128},
@@ -2397,7 +2397,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA384,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256},
@@ -2411,7 +2411,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128},
@@ -2425,7 +2425,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA384,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256},
@@ -2439,7 +2439,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128},
@@ -2453,7 +2453,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA384,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256},
@@ -2467,7 +2467,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA128,
      SSL_SHA256,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      128,
      128},
@@ -2481,7 +2481,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_CAMELLIA256,
      SSL_SHA384,
      SSL_TLSV1,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
      256,
      256},
@@ -2497,7 +2497,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2513,7 +2513,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2529,7 +2529,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2545,7 +2545,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2561,7 +2561,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2577,7 +2577,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2593,7 +2593,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2609,7 +2609,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2625,7 +2625,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2641,7 +2641,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2657,7 +2657,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2673,7 +2673,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2689,7 +2689,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2705,7 +2705,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2721,7 +2721,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2737,7 +2737,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2753,7 +2753,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2769,7 +2769,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,
@@ -2785,7 +2785,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES128CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      128,
      128,
@@ -2801,7 +2801,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
      SSL_AES256CCM8,
      SSL_AEAD,
      SSL_TLSV1_2,
-     SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_HIGH,
      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
      256,
      256,