Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
[openssl.git] / ssl / s3_lib.c
index 4527429b694d3c673e4cfa8195e787765b8fbfad..bd0056b9fe3d7178b05af2bcf0aae2262cfc7f1a 100644 (file)
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -168,217 +168,265 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
 
 /* list of available SSLv3 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
+
 /* The RSA ciphers */
 /* Cipher 01 */
        {
        1,
        SSL3_TXT_RSA_NULL_MD5,
        SSL3_CK_RSA_NULL_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eNULL,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
        0,
        0,
        0,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 02 */
        {
        1,
        SSL3_TXT_RSA_NULL_SHA,
        SSL3_CK_RSA_NULL_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
        0,
        0,
        0,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 03 */
        {
        1,
        SSL3_TXT_RSA_RC4_40_MD5,
        SSL3_CK_RSA_RC4_40_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 04 */
        {
        1,
        SSL3_TXT_RSA_RC4_128_MD5,
        SSL3_CK_RSA_RC4_128_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 05 */
        {
        1,
        SSL3_TXT_RSA_RC4_128_SHA,
        SSL3_CK_RSA_RC4_128_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 06 */
        {
        1,
        SSL3_TXT_RSA_RC2_40_MD5,
        SSL3_CK_RSA_RC2_40_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC2,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 07 */
 #ifndef OPENSSL_NO_IDEA
        {
        1,
        SSL3_TXT_RSA_IDEA_128_SHA,
        SSL3_CK_RSA_IDEA_128_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_IDEA,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 #endif
+
 /* Cipher 08 */
        {
        1,
        SSL3_TXT_RSA_DES_40_CBC_SHA,
        SSL3_CK_RSA_DES_40_CBC_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 09 */
        {
        1,
        SSL3_TXT_RSA_DES_64_CBC_SHA,
        SSL3_CK_RSA_DES_64_CBC_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 0A */
        {
        1,
        SSL3_TXT_RSA_DES_192_CBC3_SHA,
        SSL3_CK_RSA_DES_192_CBC3_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* The DH ciphers */
 /* Cipher 0B */
        {
        0,
        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-       SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 0C */
        {
        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-       SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 0D */
        {
        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-       SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 0E */
        {
        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-       SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 0F */
        {
        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-       SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 10 */
        {
        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-       SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* The Ephemeral DH ciphers */
@@ -387,143 +435,175 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 12 */
        {
        1,
        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 13 */
        {
        1,
        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 14 */
        {
        1,
        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 15 */
        {
        1,
        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 16 */
        {
        1,
        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 17 */
        {
        1,
        SSL3_TXT_ADH_RC4_40_MD5,
        SSL3_CK_ADH_RC4_40_MD5,
-       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 18 */
        {
        1,
        SSL3_TXT_ADH_RC4_128_MD5,
        SSL3_CK_ADH_RC4_128_MD5,
-       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 19 */
        {
        1,
        SSL3_TXT_ADH_DES_40_CBC_SHA,
        SSL3_CK_ADH_DES_40_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 1A */
        {
        1,
        SSL3_TXT_ADH_DES_64_CBC_SHA,
        SSL3_CK_ADH_DES_64_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 1B */
        {
        1,
        SSL3_TXT_ADH_DES_192_CBC_SHA,
        SSL3_CK_ADH_DES_192_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Fortezza ciphersuite from SSL 3.0 spec */
@@ -533,13 +613,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_NULL_SHA,
        SSL3_CK_FZA_DMS_NULL_SHA,
-       SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+       SSL_kFZA,
+       SSL_aFZA,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
        0,
        0,
        0,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 1D */
@@ -547,13 +629,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_FZA_SHA,
        SSL3_CK_FZA_DMS_FZA_SHA,
-       SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+       SSL_kFZA,
+       SSL_aFZA,
+       SSL_eFZA,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
        0,
        0,
        0,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 1E */
@@ -561,33 +645,34 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_RC4_SHA,
        SSL3_CK_FZA_DMS_RC4_SHA,
-       SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+       SSL_kFZA,
+       SSL_aFZA,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 #endif
 
 #ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers
-** 20000107 VRS: And the first shall be last,
-** in hopes of avoiding the lynx ssl renegotiation problem.
-*/
+/* The Kerberos ciphers*/
 /* Cipher 1E */
        {
        1,
        SSL3_TXT_KRB5_DES_64_CBC_SHA,
        SSL3_CK_KRB5_DES_64_CBC_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 1F */
@@ -595,13 +680,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
        SSL3_CK_KRB5_DES_192_CBC3_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
-       112,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
+       168,
        },
 
 /* Cipher 20 */
@@ -609,13 +696,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_128_SHA,
        SSL3_CK_KRB5_RC4_128_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 21 */
@@ -623,13 +712,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_IDEA,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 22 */
@@ -637,13 +728,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_64_CBC_MD5,
        SSL3_CK_KRB5_DES_64_CBC_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_DES,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 23 */
@@ -651,13 +744,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
        SSL3_CK_KRB5_DES_192_CBC3_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_3DES,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
-       112,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
+       168,
        },
 
 /* Cipher 24 */
@@ -665,13 +760,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_128_MD5,
        SSL3_CK_KRB5_RC4_128_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 25 */
@@ -679,13 +776,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_IDEA,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 26 */
@@ -693,13 +792,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_40_CBC_SHA,
        SSL3_CK_KRB5_DES_40_CBC_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 27 */
@@ -707,13 +808,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
        SSL3_CK_KRB5_RC2_40_CBC_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_RC2,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 28 */
@@ -721,13 +824,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_40_SHA,
        SSL3_CK_KRB5_RC4_40_SHA,
-       SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
+       40,
        128,
-       128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 29 */
@@ -735,13 +840,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_40_CBC_MD5,
        SSL3_CK_KRB5_DES_40_CBC_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_DES,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        56,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 2A */
@@ -749,13 +856,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
        SSL3_CK_KRB5_RC2_40_CBC_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_RC2,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
        40,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 2B */
@@ -763,13 +872,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_40_MD5,
        SSL3_CK_KRB5_RC4_40_MD5,
-       SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+       SSL_kKRB5,
+       SSL_aKRB5,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
+       40,
        128,
-       128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 #endif /* OPENSSL_NO_KRB5 */
 
@@ -779,78 +890,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_AES_128_SHA,
        TLS1_CK_RSA_WITH_AES_128_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 /* Cipher 30 */
        {
        0,
        TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
        TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-       SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 /* Cipher 31 */
        {
        0,
        TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
        TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-       SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 /* Cipher 32 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 /* Cipher 33 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 /* Cipher 34 */
        {
        1,
        TLS1_TXT_ADH_WITH_AES_128_SHA,
        TLS1_CK_ADH_WITH_AES_128_SHA,
-       SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 /* Cipher 35 */
@@ -858,78 +981,94 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_AES_256_SHA,
        TLS1_CK_RSA_WITH_AES_256_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 /* Cipher 36 */
        {
        0,
        TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
        TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-       SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 37 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
        TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-       SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 38 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
 /* Cipher 39 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
+
        /* Cipher 3A */
        {
        1,
        TLS1_TXT_ADH_WITH_AES_256_SHA,
        TLS1_CK_ADH_WITH_AES_256_SHA,
-       SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
 #ifndef OPENSSL_NO_CAMELLIA
@@ -940,78 +1079,95 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_CAMELLIA128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 42 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_CAMELLIA128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 43 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_CAMELLIA128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 44 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_CAMELLIA128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 45 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_CAMELLIA128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 46 */
        {
        1,
        TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_CAMELLIA128,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
 #endif /* OPENSSL_NO_CAMELLIA */
 
@@ -1019,97 +1175,117 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        /* New TLS Export CipherSuites from expired ID */
 #if 0
        /* Cipher 60 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+       TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_MD5,
+       SSL_TLSV1,
+       SSL_EXPORT|SSL_EXP56,
+       0,
+       56,
+       128,
+       },
+
        /* Cipher 61 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+       TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC2,
+       SSL_MD5,
+       SSL_TLSV1,
+       SSL_EXPORT|SSL_EXP56,
+       0,
+       56,
+       128,
+       },
 #endif
+
        /* Cipher 62 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+       TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_EXPORT|SSL_EXP56,
+       0,
+       56,
+       56,
+       },
+
        /* Cipher 63 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+       TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_EXPORT|SSL_EXP56,
+       0,
+       56,
+       56,
+       },
+
        /* Cipher 64 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+       TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_EXPORT|SSL_EXP56,
+       0,
+       56,
+       128,
+       },
+
        /* Cipher 65 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+       TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_EXPORT|SSL_EXP56,
+       0,
+       56,
+       128,
+       },
+
        /* Cipher 66 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS
-           },
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+       TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
 #endif
 
 #ifndef OPENSSL_NO_CAMELLIA
@@ -1120,78 +1296,94 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_CAMELLIA256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
        /* Cipher 85 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_CAMELLIA256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 86 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_CAMELLIA256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 87 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_CAMELLIA256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 88 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_CAMELLIA256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
+
        /* Cipher 89 */
        {
        1,
        TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_CAMELLIA256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS
        },
 #endif /* OPENSSL_NO_CAMELLIA */
 
@@ -1201,13 +1393,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_PSK_WITH_RC4_128_SHA,
        TLS1_CK_PSK_WITH_RC4_128_SHA,
-       SSL_kPSK|SSL_aPSK|SSL_RC4|SSL_SHA|SSL_TLSV1,
+       SSL_kPSK,
+       SSL_aPSK,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
        /* Cipher 8B */
@@ -1215,13 +1409,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
        TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
-       SSL_kPSK|SSL_aPSK|SSL_3DES|SSL_SHA|SSL_TLSV1,
+       SSL_kPSK,
+       SSL_aPSK,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
        /* Cipher 8C */
@@ -1229,13 +1425,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
        TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
-       SSL_kPSK|SSL_aPSK|SSL_AES|SSL_SHA|SSL_TLSV1,
-       SSL_NOT_EXP|SSL_MEDIUM,
+       SSL_kPSK,
+       SSL_aPSK,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
        0,
        128,
        128,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 
        /* Cipher 8D */
@@ -1243,368 +1441,580 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
        TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
-       SSL_kPSK|SSL_aPSK|SSL_AES|SSL_SHA|SSL_TLSV1,
+       SSL_kPSK,
+       SSL_aPSK,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        256,
        256,
-       SSL_ALL_CIPHERS,
-       SSL_ALL_STRENGTHS,
        },
 #endif  /* OPENSSL_NO_PSK */
 
+#ifndef OPENSSL_NO_SEED
+       /* SEED ciphersuites from RFC4162 */
+
+       /* Cipher 96 */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_SEED_SHA,
+       TLS1_CK_RSA_WITH_SEED_SHA,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_SEED,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
+
+       /* Cipher 97 */
+       {
+       0, /* not implemented (non-ephemeral DH) */
+       TLS1_TXT_DH_DSS_WITH_SEED_SHA,
+       TLS1_CK_DH_DSS_WITH_SEED_SHA,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_SEED,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
+
+       /* Cipher 98 */
+       {
+       0, /* not implemented (non-ephemeral DH) */
+       TLS1_TXT_DH_RSA_WITH_SEED_SHA,
+       TLS1_CK_DH_RSA_WITH_SEED_SHA,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_SEED,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
+
+       /* Cipher 99 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+       TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_SEED,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
+
+       /* Cipher 9A */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+       TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_SEED,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
+
+       /* Cipher 9B */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_SEED_SHA,
+       TLS1_CK_ADH_WITH_SEED_SHA,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_SEED,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
+
+#endif /* OPENSSL_NO_SEED */
+
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-            SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            0,
-            0,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+       TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
+       0,
+       0,
+       0,
+       },
 
        /* Cipher C002 */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-            SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+       TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C003 */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            168,
-            168,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       168,
+       168,
+       },
 
        /* Cipher C004 */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C005 */
-           {
-            1,
-            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       },
 
        /* Cipher C006 */
-           {
-            1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-            SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            0,
-            0,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+       TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
+       0,
+       0,
+       0,
+       },
 
        /* Cipher C007 */
-           {
-            1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-            SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+       TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C008 */
-           {
-            1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-            SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            168,
-            168,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       168,
+       168,
+       },
 
        /* Cipher C009 */
-           {
-            1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-            SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C00A */
-           {
-            1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-            SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       },
 
        /* Cipher C00B */
-           {
-            1,
-            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
-            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-            SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            0,
-            0,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+       TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
+       0,
+       0,
+       0,
+       },
 
        /* Cipher C00C */
-           {
-            1,
-            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-            SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+       TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C00D */
-           {
-            1,
-            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            168,
-            168,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       168,
+       168,
+       },
 
        /* Cipher C00E */
-           {
-            1,
-            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C00F */
-           {
-            1,
-            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       },
 
        /* Cipher C010 */
-           {
-            1,
-            TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-            SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            0,
-            0,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
+       0,
+       0,
+       0,
+       },
 
        /* Cipher C011 */
-           {
-            1,
-            TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-            SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C012 */
-           {
-            1,
-            TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-            SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            168,
-            168,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       168,
+       168,
+       },
 
        /* Cipher C013 */
-           {
-            1,
-            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-            SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C014 */
-           {
-            1,
-            TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       },
 
        /* Cipher C015 */
-            {
-            1,
-            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-            TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-            SSL_kEECDH|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            0,
-            0,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+       TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
+       0,
+       0,
+       0,
+       },
 
        /* Cipher C016 */
-            {
-            1,
-            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-            SSL_kEECDH|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-           },
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+       TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C017 */
-           {
-            1,
-            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-            SSL_kEECDH|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            168,
-            168,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       168,
+       168,
+       },
 
        /* Cipher C018 */
-           {
-            1,
-            TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-            SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       128,
+       128,
+       },
 
        /* Cipher C019 */
-           {
-            1,
-            TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-            SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       },
 #endif /* OPENSSL_NO_ECDH */
 
+#ifdef TEMP_GOST_TLS
+/* Cipher FF00 */
+       {
+       1,
+       "GOST-MD5",
+       0x0300ff00,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eGOST2814789CNT,
+       SSL_MD5,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256,
+       },
+       {
+       1,
+       "GOST-GOST94",
+       0x0300ff01,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eGOST2814789CNT,
+       SSL_GOST94,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256
+       },
+       {
+       1,
+       "GOST-GOST89MAC",
+       0x0300ff02,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eGOST2814789CNT,
+       SSL_GOST89MAC,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       0,
+       256,
+       256
+       },
+       {
+       1,
+       "GOST-GOST89STREAM",
+       0x0300ff03,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eGOST2814789CNT,
+       SSL_GOST89MAC,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       TLS1_STREAM_MAC,
+       256,
+       256
+       },
+#endif
 
 /* end of list */
        };
@@ -2221,7 +2631,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */
        CERT *cert;
-       unsigned long alg,mask,emask;
+       unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
 
        /* Let's see which ciphers we can support */
        cert=s->cert;
@@ -2237,70 +2647,74 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif
 
 #ifdef CIPHER_DEBUG
-        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
-        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
-           {
-           c=sk_SSL_CIPHER_value(srvr,i);
-           printf("%p:%s\n",c,c->name);
-           }
-        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
-        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
+       printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
+       for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
+               {
+               c=sk_SSL_CIPHER_value(srvr,i);
+               printf("%p:%s\n",(void *)c,c->name);
+               }
+       printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
+       for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
            {
            c=sk_SSL_CIPHER_value(clnt,i);
-           printf("%p:%s\n",c,c->name);
+           printf("%p:%s\n",(void *)c,c->name);
            }
 #endif
 
        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-           {
-           prio = srvr;
-           allow = clnt;
-           }
+               {
+               prio = srvr;
+               allow = clnt;
+               }
        else
-           {
-           prio = clnt;
-           allow = srvr;
-           }
+               {
+               prio = clnt;
+               allow = srvr;
+               }
 
        for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
                {
                c=sk_SSL_CIPHER_value(prio,i);
 
                ssl_set_cert_masks(cert,c);
-               mask=cert->mask;
-               emask=cert->export_mask;
+               mask_k = cert->mask_k;
+               mask_a = cert->mask_a;
+               emask_k = cert->export_mask_k;
+               emask_a = cert->export_mask_a;
                        
 #ifdef KSSL_DEBUG
                printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
 #endif    /* KSSL_DEBUG */
 
-               alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+               alg_k=c->algorithm_mkey;
+               alg_a=c->algorithm_auth;
+
 #ifndef OPENSSL_NO_KRB5
-                if (alg & SSL_KRB5) 
-                        {
-                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
-                            continue;
-                        }
+               if (alg_k & SSL_kKRB5)
+                       {
+                       if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                           continue;
+                       }
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
                /* with PSK there must be server callback set */
-               if ((alg & SSL_PSK) && s->psk_server_callback == NULL)
+               if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
                        continue;
 #endif /* OPENSSL_NO_PSK */
 
                if (SSL_C_IS_EXPORT(c))
                        {
-                       ok=((alg & emask) == alg)?1:0;
+                       ok = (alg_k & emask_k) && (alg_a & emask_a);
 #ifdef CIPHER_DEBUG
-                       printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
-                              c,c->name);
+                       printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
+                              (void *)c,c->name);
 #endif
                        }
                else
                        {
-                       ok=((alg & mask) == alg)?1:0;
+                       ok = (alg_k & mask_k) && (alg_a & mask_a);
 #ifdef CIPHER_DEBUG
-                       printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+                       printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
                               c->name);
 #endif
                        }
@@ -2309,7 +2723,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #ifndef OPENSSL_NO_EC
                if (
                        /* if we are considering an ECC cipher suite that uses our certificate */
-                       (alg & SSL_aECDSA || alg & SSL_aECDH)
+                       (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
                        /* and we have an ECC certificate */
                        && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
                        /* and the client specified a Supported Point Formats extension */
@@ -2361,7 +2775,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                        }
                if (
                        /* if we are considering an ECC cipher suite that uses our certificate */
-                       (alg & SSL_aECDSA || alg & SSL_aECDH)
+                       (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
                        /* and we have an ECC certificate */
                        && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
                        /* and the client specified an EllipticCurves extension */
@@ -2411,7 +2825,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                        }
                if (
                        /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
-                       (alg & SSL_kEECDH)
+                       (alg_k & SSL_kEECDH)
                        /* and we have an ephemeral EC key */
                        && (s->cert->ecdh_tmp != NULL)
                        /* and the client specified an EllipticCurves extension */
@@ -2473,12 +2887,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
        {
        int ret=0;
-       unsigned long alg;
+       unsigned long alg_k;
 
-       alg=s->s3->tmp.new_cipher->algorithms;
+       alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
 #ifndef OPENSSL_NO_DH
-       if (alg & (SSL_kDHr|SSL_kEDH))
+       if (alg_k & (SSL_kDHr|SSL_kEDH))
                {
 #  ifndef OPENSSL_NO_RSA
                p[ret++]=SSL3_CT_RSA_FIXED_DH;
@@ -2488,7 +2902,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #  endif
                }
        if ((s->version == SSL3_VERSION) &&
-               (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+               (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
                {
 #  ifndef OPENSSL_NO_RSA
                p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
@@ -2505,10 +2919,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
        p[ret++]=SSL3_CT_DSS_SIGN;
 #endif
 #ifndef OPENSSL_NO_ECDH
-       /* We should ask for fixed ECDH certificates only
-        * for SSL_kECDH (and not SSL_kEECDH)
-        */
-       if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
+       if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
                {
                p[ret++]=TLS_CT_RSA_FIXED_ECDH;
                p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;