Implement Aria GCM/CCM Modes and TLS cipher suites
[openssl.git] / ssl / s3_lib.c
index d8cce5e..8895388 100644 (file)
@@ -1,5 +1,7 @@
 /*
  * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,53 +9,14 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
 #include <stdio.h>
-#include <assert.h>
 #include <openssl/objects.h>
+#include "internal/nelem.h"
 #include "ssl_locl.h"
 #include <openssl/md5.h>
 #include <openssl/dh.h>
 #include <openssl/rand.h>
+#include "internal/cryptlib.h"
 
 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
@@ -80,6 +43,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_NULL_MD5,
+     SSL3_RFC_RSA_NULL_MD5,
      SSL3_CK_RSA_NULL_MD5,
      SSL_kRSA,
      SSL_aRSA,
@@ -95,6 +59,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_NULL_SHA,
+     SSL3_RFC_RSA_NULL_SHA,
      SSL3_CK_RSA_NULL_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -111,6 +76,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_RSA_DES_192_CBC3_SHA,
      SSL3_CK_RSA_DES_192_CBC3_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -126,6 +92,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -141,6 +108,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -156,6 +124,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_RFC_ADH_DES_192_CBC_SHA,
      SSL3_CK_ADH_DES_192_CBC_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -172,6 +141,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_RSA_WITH_AES_128_SHA,
      TLS1_CK_RSA_WITH_AES_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -187,6 +157,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -202,6 +173,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -217,6 +189,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_RFC_ADH_WITH_AES_128_SHA,
      TLS1_CK_ADH_WITH_AES_128_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -232,6 +205,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_RSA_WITH_AES_256_SHA,
      TLS1_CK_RSA_WITH_AES_256_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -247,6 +221,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -262,6 +237,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -277,6 +253,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_RFC_ADH_WITH_AES_256_SHA,
      TLS1_CK_ADH_WITH_AES_256_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -292,6 +269,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_WITH_NULL_SHA256,
      TLS1_CK_RSA_WITH_NULL_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -307,6 +285,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_SHA256,
      TLS1_CK_RSA_WITH_AES_128_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -322,6 +301,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_RSA_WITH_AES_256_SHA256,
      TLS1_CK_RSA_WITH_AES_256_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -337,6 +317,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
      SSL_kDHE,
      SSL_aDSS,
@@ -352,6 +333,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
      SSL_kDHE,
      SSL_aRSA,
@@ -367,6 +349,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
      SSL_kDHE,
      SSL_aDSS,
@@ -382,6 +365,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
      SSL_kDHE,
      SSL_aRSA,
@@ -397,6 +381,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_SHA256,
      TLS1_CK_ADH_WITH_AES_128_SHA256,
      SSL_kDHE,
      SSL_aNULL,
@@ -412,6 +397,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_RFC_ADH_WITH_AES_256_SHA256,
      TLS1_CK_ADH_WITH_AES_256_SHA256,
      SSL_kDHE,
      SSL_aNULL,
@@ -427,6 +413,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -442,6 +429,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
      SSL_kRSA,
      SSL_aRSA,
@@ -457,6 +445,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
      SSL_kDHE,
      SSL_aRSA,
@@ -472,6 +461,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
      SSL_kDHE,
      SSL_aRSA,
@@ -487,6 +477,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
      SSL_kDHE,
      SSL_aDSS,
@@ -502,6 +493,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
      SSL_kDHE,
      SSL_aDSS,
@@ -517,6 +509,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
      SSL_kDHE,
      SSL_aNULL,
@@ -532,6 +525,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
      SSL_kDHE,
      SSL_aNULL,
@@ -547,6 +541,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_RSA_WITH_AES_128_CCM,
      TLS1_CK_RSA_WITH_AES_128_CCM,
      SSL_kRSA,
      SSL_aRSA,
@@ -562,6 +557,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_RSA_WITH_AES_256_CCM,
      TLS1_CK_RSA_WITH_AES_256_CCM,
      SSL_kRSA,
      SSL_aRSA,
@@ -577,6 +573,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
      SSL_kDHE,
      SSL_aRSA,
@@ -592,6 +589,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
      SSL_kDHE,
      SSL_aRSA,
@@ -607,6 +605,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
      TLS1_CK_RSA_WITH_AES_128_CCM_8,
      SSL_kRSA,
      SSL_aRSA,
@@ -622,6 +621,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
      TLS1_CK_RSA_WITH_AES_256_CCM_8,
      SSL_kRSA,
      SSL_aRSA,
@@ -637,6 +637,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
      SSL_kDHE,
      SSL_aRSA,
@@ -652,6 +653,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
      SSL_kDHE,
      SSL_aRSA,
@@ -667,6 +669,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_PSK_WITH_AES_128_CCM,
      TLS1_CK_PSK_WITH_AES_128_CCM,
      SSL_kPSK,
      SSL_aPSK,
@@ -682,6 +685,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_PSK_WITH_AES_256_CCM,
      TLS1_CK_PSK_WITH_AES_256_CCM,
      SSL_kPSK,
      SSL_aPSK,
@@ -697,6 +701,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -712,6 +717,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -727,6 +733,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
      TLS1_CK_PSK_WITH_AES_128_CCM_8,
      SSL_kPSK,
      SSL_aPSK,
@@ -742,6 +749,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
      TLS1_CK_PSK_WITH_AES_256_CCM_8,
      SSL_kPSK,
      SSL_aPSK,
@@ -757,6 +765,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -772,6 +781,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -787,6 +797,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -802,6 +813,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -817,6 +829,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -832,6 +845,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -847,6 +861,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_128_GCM_SHA256,
+     TLS1_3_RFC_AES_128_GCM_SHA256,
      TLS1_3_CK_AES_128_GCM_SHA256,
      0, 0,
      SSL_AES128GCM,
@@ -862,6 +877,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_256_GCM_SHA384,
+     TLS1_3_RFC_AES_256_GCM_SHA384,
      TLS1_3_CK_AES_256_GCM_SHA384,
      SSL_kANY,
      SSL_aANY,
@@ -878,6 +894,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+     TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
      TLS1_3_CK_CHACHA20_POLY1305_SHA256,
      SSL_kANY,
      SSL_aANY,
@@ -894,6 +911,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_128_CCM_SHA256,
+     TLS1_3_RFC_AES_128_CCM_SHA256,
      TLS1_3_CK_AES_128_CCM_SHA256,
      SSL_kANY,
      SSL_aANY,
@@ -909,6 +927,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_128_CCM_8_SHA256,
+     TLS1_3_RFC_AES_128_CCM_8_SHA256,
      TLS1_3_CK_AES_128_CCM_8_SHA256,
      SSL_kANY,
      SSL_aANY,
@@ -926,12 +945,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
      SSL_eNULL,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -942,12 +962,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
      SSL_3DES,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -958,12 +979,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
      SSL_AES128,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -973,12 +995,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
      SSL_AES256,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -988,12 +1011,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
      SSL_kECDHE,
      SSL_aRSA,
      SSL_eNULL,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1004,12 +1028,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
      SSL_kECDHE,
      SSL_aRSA,
      SSL_3DES,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1020,12 +1045,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
      SSL_kECDHE,
      SSL_aRSA,
      SSL_AES128,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1035,12 +1061,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
      SSL_kECDHE,
      SSL_aRSA,
      SSL_AES256,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1050,12 +1077,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
      SSL_kECDHE,
      SSL_aNULL,
      SSL_eNULL,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1066,12 +1094,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
      SSL_kECDHE,
      SSL_aNULL,
      SSL_3DES,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1082,12 +1111,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
      SSL_kECDHE,
      SSL_aNULL,
      SSL_AES128,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1097,12 +1127,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
      SSL_kECDHE,
      SSL_aNULL,
      SSL_AES256,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1112,6 +1143,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1127,6 +1159,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1142,6 +1175,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1157,6 +1191,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1172,6 +1207,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1187,6 +1223,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1202,6 +1239,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1217,6 +1255,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1235,6 +1274,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_RFC_PSK_WITH_NULL_SHA,
      TLS1_CK_PSK_WITH_NULL_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1250,6 +1290,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1265,6 +1306,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1281,6 +1323,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1297,6 +1340,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1312,6 +1356,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1328,6 +1373,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1344,6 +1390,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1359,6 +1406,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1375,6 +1423,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1391,6 +1440,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1406,6 +1456,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1421,6 +1472,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -1436,6 +1488,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -1451,6 +1504,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1466,6 +1520,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1481,6 +1536,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1496,6 +1552,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1511,6 +1568,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -1526,6 +1584,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -1541,6 +1600,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_PSK_WITH_NULL_SHA256,
      TLS1_CK_PSK_WITH_NULL_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -1556,6 +1616,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_PSK_WITH_NULL_SHA384,
      TLS1_CK_PSK_WITH_NULL_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -1571,6 +1632,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1586,6 +1648,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1601,6 +1664,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1616,6 +1680,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1631,6 +1696,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1646,6 +1712,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1661,6 +1728,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1676,6 +1744,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1693,12 +1762,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
      SSL_3DES,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1709,12 +1779,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
      SSL_AES128,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1724,12 +1795,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
      SSL_AES256,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_HIGH | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1739,6 +1811,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1754,6 +1827,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1769,12 +1843,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
      SSL_eNULL,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
      SSL_STRONG_NONE | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1784,6 +1859,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1799,6 +1875,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1819,6 +1896,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
      SSL_kSRP,
      SSL_aSRP,
@@ -1834,6 +1912,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
      SSL_kSRP,
      SSL_aRSA,
@@ -1849,6 +1928,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
      SSL_kSRP,
      SSL_aDSS,
@@ -1865,6 +1945,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
      SSL_kSRP,
      SSL_aSRP,
@@ -1880,6 +1961,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
      SSL_kSRP,
      SSL_aRSA,
@@ -1895,6 +1977,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
      SSL_kSRP,
      SSL_aDSS,
@@ -1910,6 +1993,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
      SSL_kSRP,
      SSL_aSRP,
@@ -1925,6 +2009,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
      SSL_kSRP,
      SSL_aRSA,
@@ -1940,6 +2025,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
      SSL_kSRP,
      SSL_aDSS,
@@ -1959,6 +2045,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
      SSL_kDHE,
      SSL_aRSA,
@@ -1977,6 +2064,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1992,6 +2080,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -2010,6 +2099,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
      SSL_kPSK,
      SSL_aPSK,
@@ -2025,6 +2115,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2040,6 +2131,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2055,6 +2147,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2075,6 +2168,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -2090,6 +2184,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aDSS,
@@ -2105,6 +2200,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aRSA,
@@ -2120,6 +2216,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aNULL,
@@ -2135,6 +2232,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -2150,6 +2248,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
      SSL_aDSS,
@@ -2165,6 +2264,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
      SSL_aRSA,
@@ -2180,6 +2280,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
      SSL_aNULL,
@@ -2195,6 +2296,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2210,6 +2312,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -2225,6 +2328,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -2240,6 +2344,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -2255,6 +2360,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2270,6 +2376,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -2285,6 +2392,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -2300,6 +2408,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -2317,6 +2426,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -2332,6 +2442,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -2347,6 +2458,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kECDHE,
      SSL_aRSA,
@@ -2362,6 +2474,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kECDHE,
      SSL_aRSA,
@@ -2380,6 +2493,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -2395,6 +2509,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -2410,6 +2525,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2425,6 +2541,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2440,6 +2557,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2455,6 +2573,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2470,6 +2589,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2485,6 +2605,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2505,6 +2626,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2001-GOST89-GOST89",
+     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
      0x3000081,
      SSL_kGOST,
      SSL_aGOST01,
@@ -2520,6 +2642,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2001-NULL-GOST94",
+     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
      0x3000083,
      SSL_kGOST,
      SSL_aGOST01,
@@ -2535,6 +2658,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2012-GOST8912-GOST8912",
+     NULL,
      0x0300ff85,
      SSL_kGOST,
      SSL_aGOST12 | SSL_aGOST01,
@@ -2550,6 +2674,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2012-NULL-GOST12",
+     NULL,
      0x0300ff87,
      SSL_kGOST,
      SSL_aGOST12 | SSL_aGOST01,
@@ -2568,6 +2693,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_RFC_RSA_IDEA_128_SHA,
      SSL3_CK_RSA_IDEA_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2586,6 +2712,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_RFC_RSA_WITH_SEED_SHA,
      TLS1_CK_RSA_WITH_SEED_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2601,6 +2728,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -2616,6 +2744,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -2631,6 +2760,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_RFC_ADH_WITH_SEED_SHA,
      TLS1_CK_ADH_WITH_SEED_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -2649,6 +2779,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_RFC_RSA_RC4_128_MD5,
      SSL3_CK_RSA_RC4_128_MD5,
      SSL_kRSA,
      SSL_aRSA,
@@ -2664,6 +2795,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_RFC_RSA_RC4_128_SHA,
      SSL3_CK_RSA_RC4_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2679,6 +2811,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_RFC_ADH_RC4_128_MD5,
      SSL3_CK_ADH_RC4_128_MD5,
      SSL_kDHE,
      SSL_aNULL,
@@ -2696,12 +2829,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
      SSL_RC4,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      0, 0,
      SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2711,12 +2845,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
      SSL_kECDHE,
      SSL_aNULL,
      SSL_RC4,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      0, 0,
      SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2726,12 +2861,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
      SSL_RC4,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      0, 0,
      SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2741,12 +2877,13 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
      SSL_kECDHE,
      SSL_aRSA,
      SSL_RC4,
      SSL_SHA1,
-     SSL3_VERSION, TLS1_2_VERSION,
+     TLS1_VERSION, TLS1_2_VERSION,
      0, 0,
      SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2759,6 +2896,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_PSK_WITH_RC4_128_SHA,
      TLS1_CK_PSK_WITH_RC4_128_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -2774,6 +2912,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2789,6 +2928,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2805,6 +2945,266 @@ static SSL_CIPHER ssl3_ciphers[] = {
 
 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
 
+#ifndef OPENSSL_NO_ARIA
+    {
+     1,
+     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+#endif /* OPENSSL_NO_ARIA */
 };
 
 /*
@@ -2816,12 +3216,14 @@ static SSL_CIPHER ssl3_scsvs[] = {
     {
      0,
      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
      SSL3_CK_SCSV,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     },
     {
      0,
      "TLS_FALLBACK_SCSV",
+     "TLS_FALLBACK_SCSV",
      SSL3_CK_FALLBACK_SCSV,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     },
@@ -2832,7 +3234,9 @@ static int cipher_compare(const void *a, const void *b)
     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
 
-    return ap->id - bp->id;
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;
 }
 
 void ssl_sort_cipher_list(void)
@@ -2914,10 +3318,13 @@ int ssl3_new(SSL *s)
     if (!SSL_SRP_CTX_init(s))
         goto err;
 #endif
-    s->method->ssl_clear(s);
-    return (1);
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
  err:
-    return (0);
+    return 0;
 }
 
 void ssl3_free(SSL *s)
@@ -2935,7 +3342,7 @@ void ssl3_free(SSL *s)
 #endif
 
     OPENSSL_free(s->s3->tmp.ctype);
-    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
     OPENSSL_free(s->s3->tmp.ciphers_raw);
     OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
     OPENSSL_free(s->s3->tmp.peer_sigalgs);
@@ -2950,11 +3357,11 @@ void ssl3_free(SSL *s)
     s->s3 = NULL;
 }
 
-void ssl3_clear(SSL *s)
+int ssl3_clear(SSL *s)
 {
     ssl3_cleanup_key_block(s);
     OPENSSL_free(s->s3->tmp.ctype);
-    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
     OPENSSL_free(s->s3->tmp.ciphers_raw);
     OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
     OPENSSL_free(s->s3->tmp.peer_sigalgs);
@@ -2972,7 +3379,8 @@ void ssl3_clear(SSL *s)
     /* NULL/zero-out everything in the s3 struct */
     memset(s->s3, 0, sizeof(*s->s3));
 
-    ssl_free_wbio_buffer(s);
+    if (!ssl_free_wbio_buffer(s))
+        return 0;
 
     s->version = SSL3_VERSION;
 
@@ -2981,6 +3389,8 @@ void ssl3_clear(SSL *s)
     s->ext.npn = NULL;
     s->ext.npn_len = 0;
 #endif
+
+    return 1;
 }
 
 #ifndef OPENSSL_NO_SRP
@@ -3466,7 +3876,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
             srp_password_from_info_cb;
-        ctx->srp_ctx.info = parg;
+        if (ctx->srp_ctx.info != NULL)
+            OPENSSL_free(ctx->srp_ctx.info);
+        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
         break;
     case SSL_CTRL_SET_SRP_ARG:
         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
@@ -3631,6 +4046,33 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
     return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
 }
 
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+    SSL_CIPHER *c = NULL;
+    SSL_CIPHER *tbl = ssl3_ciphers;
+    size_t i;
+
+    /* this is not efficient, necessary to optimize this? */
+    for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
+        if (tbl->stdname == NULL)
+            continue;
+        if (strcmp(stdname, tbl->stdname) == 0) {
+            c = tbl;
+            break;
+        }
+    }
+    if (c == NULL) {
+        tbl = ssl3_scsvs;
+        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                c = tbl;
+                break;
+            }
+        }
+    }
+    return c;
+}
+
 /*
  * This function needs to check if the ciphers required are actually
  * available
@@ -3670,7 +4112,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     const SSL_CIPHER *c, *ret = NULL;
     STACK_OF(SSL_CIPHER) *prio, *allow;
     int i, ii, ok;
-    unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
+    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
 
     /* Let's see which ciphers we can support */
 
@@ -3704,8 +4146,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
         allow = srvr;
     }
 
-    tls1_set_cert_validity(s);
-    ssl_set_masks(s);
+    if (!SSL_IS_TLS13(s)) {
+        tls1_set_cert_validity(s);
+        ssl_set_masks(s);
+    }
 
     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
         c = sk_SSL_CIPHER_value(prio, i);
@@ -3718,6 +4162,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
             (DTLS_VERSION_LT(s->version, c->min_dtls) ||
              DTLS_VERSION_GT(s->version, c->max_dtls)))
             continue;
+
         /*
          * Since TLS 1.3 ciphersuites can be used with any auth or
          * key exchange scheme skip tests.
@@ -4030,15 +4475,17 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
     if (send_time) {
         unsigned long Time = (unsigned long)time(NULL);
         unsigned char *p = result;
+
         l2n(Time, p);
-        /* TODO(size_t): Convert this */
-        ret = RAND_bytes(p, (int)(len - 4));
+        ret = ssl_randbytes(s, p, len - 4);
     } else {
-        ret = RAND_bytes(result, (int)len);
+        ret = ssl_randbytes(s, result, len);
     }
 #ifndef OPENSSL_NO_TLS13DOWNGRADE
     if (ret) {
-        assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
+        if (!ossl_assert(sizeof(tls11downgrade) < len)
+                || !ossl_assert(sizeof(tls12downgrade) < len))
+             return 0;
         if (dgrd == DOWNGRADE_TO_1_2)
             memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
                    sizeof(tls12downgrade));