SSL_eNULL,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_STRONG_NONE,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_AES256,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* GOST Ciphersuites */
-
+#ifndef OPENSL_NO_GOST
{
1,
"GOST2001-GOST89-GOST89",
SSL_eNULL,
SSL_GOST94,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
0
},
-
+#endif
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_CAMELLIA128,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_CAMELLIA256,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aECDH,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aECDH,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aECDH,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aECDH,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aECDH,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aECDH,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aSRP,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aDSS,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aSRP,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aSRP,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
256,
256,
},
+#ifndef OPENSSL_NO_GOST
+ {
+ 1,
+ "GOST2012-GOST8912-GOST8912",
+ 0x0300ff85,
+ SSL_kGOST,
+ SSL_aGOST12 | SSL_aGOST01,
+ SSL_eGOST2814789CNT12,
+ SSL_GOST89MAC12,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+ 256,
+ 256},
+ {
+ 1,
+ "GOST2012-NULL-GOST12",
+ 0x0300ff87,
+ SSL_kGOST,
+ SSL_aGOST12 | SSL_aGOST01,
+ SSL_eNULL,
+ SSL_GOST12_256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
+ 0,
+ 0},
+#endif
/* end of list */
};
ssl3_change_cipher_state,
ssl3_final_finish_mac,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
- ssl3_cert_verify_mac,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
{
SSL3_STATE *s3;
- if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
+ if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
goto err;
- memset(s3, 0, sizeof(*s3));
s->s3 = s3;
#ifndef OPENSSL_NO_SRP
void ssl3_free(SSL *s)
{
- if (s == NULL)
+ if (s == NULL || s->s3 == NULL)
return;
ssl3_cleanup_key_block(s);
return 0;
#endif
ptmp = EVP_PKEY_new();
- if (!ptmp)
+ if (ptmp == NULL)
return 0;
#ifndef OPENSSL_NO_RSA
else if (s->s3->peer_rsa_tmp)
{
SSL_CIPHER c;
const SSL_CIPHER *cp;
- unsigned long id;
+ uint32_t id;
- id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+ id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
/* Skip TLS v1.2 only ciphersuites if not supported */
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
continue;
+ /* Skip TLS v1.0 ciphersuites if SSLv3 */
+ if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
+ continue;
ssl_set_masks(s, c);
mask_k = s->s3->tmp.mask_k;
{
int ret = 0;
int nostrict = 1;
- unsigned long alg_k, alg_a = 0;
+ uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */
if (s->cert->ctypes) {
if (s->version >= TLS1_VERSION) {
if (alg_k & SSL_kGOST) {
p[ret++] = TLS_CT_GOST01_SIGN;
+ p[ret++] = TLS_CT_GOST12_SIGN;
+ p[ret++] = TLS_CT_GOST12_512_SIGN;
return (ret);
}
}
if (len > 0xff)
return 0;
c->ctypes = OPENSSL_malloc(len);
- if (!c->ctypes)
+ if (c->ctypes == NULL)
return 0;
memcpy(c->ctypes, p, len);
c->ctype_num = len;
* Don't do anything much if we have not done the handshake or we don't
* want to send messages :-)
*/
- if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
+ if (s->quiet_shutdown || SSL_in_before(s)) {
s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
return (1);
}
* makes sense here; so disable handshake processing and try to read
* application data again.
*/
- s->in_handshake++;
+ ossl_statem_set_in_handshake(s, 1);
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
len, peek);
- s->in_handshake--;
+ ossl_statem_set_in_handshake(s, 0);
} else
s->s3->in_read_app_data = 0;
&& !SSL_in_init(s)) {
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
- * message, we need to go to SSL_ST_ACCEPT.
+ * message, we need to set the state machine into the renegotiate
+ * state.
*/
- /* SSL_ST_ACCEPT */
- s->state = SSL_ST_RENEGOTIATE;
+ ossl_statem_set_renegotiate(s);
s->s3->renegotiate = 0;
s->s3->num_renegotiations++;
s->s3->total_renegotiations++;
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
pms, pmslen);
-
+#ifndef OPENSSL_NO_PSK
err:
+#endif
if (pms) {
if (free_pms)
OPENSSL_clear_free(pms, pmslen);
projects / openssl.git / blobdiff