X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=5ad9863121eaf4670d78c4efd1fd2ec6be67d8fc;hp=83b8f686bbe94008b7c00c01977c19aad2ccd4d0;hb=a60c151a7d478b74ae88186aca251d17b84a1e2f;hpb=fbfcb2243941bc84b7585711feb906610f9111c4 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 83b8f686bb..5ad9863121 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -173,7 +173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_MD5, SSL_SSLV3, - SSL_NOT_EXP | SSL_STRONG_NONE, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -189,7 +189,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -205,7 +205,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 128, @@ -221,7 +221,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -237,7 +237,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -253,7 +253,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC2, SSL_MD5, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 128, @@ -287,7 +287,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 56, @@ -303,7 +303,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -336,7 +336,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 56, @@ -352,7 +352,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -384,7 +384,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 56, @@ -400,7 +400,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -433,7 +433,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 56, @@ -449,7 +449,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -481,7 +481,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 56, @@ -497,7 +497,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -529,7 +529,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 128, @@ -545,7 +545,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -561,7 +561,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, + SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 40, 128, @@ -577,7 +577,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -593,7 +593,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -608,8 +608,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -623,8 +623,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -638,8 +638,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -656,7 +656,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -671,7 +671,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -686,7 +686,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -701,7 +701,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -716,7 +716,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -731,8 +731,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES128, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -747,7 +747,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -762,7 +762,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -778,7 +778,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -794,7 +794,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -810,7 +810,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -826,8 +826,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES256, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -844,7 +844,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -942,7 +942,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -958,7 +958,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -974,7 +974,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -990,7 +990,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1006,7 +1006,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1022,8 +1022,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1121,7 +1121,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1137,7 +1137,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1145,19 +1145,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { /* GOST Ciphersuites */ - { - 1, - "GOST94-GOST89-GOST89", - 0x3000080, - SSL_kGOST, - SSL_aGOST94, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256}, { 1, "GOST2001-GOST89-GOST89", @@ -1170,20 +1157,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, - 256}, - { - 1, - "GOST94-NULL-GOST94", - 0x3000082, - SSL_kGOST, - SSL_aGOST94, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, - 0, - 0}, + 256 + }, { 1, "GOST2001-NULL-GOST94", @@ -1193,10 +1168,11 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_GOST94, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, - 0}, + 0 + }, #ifndef OPENSSL_NO_CAMELLIA /* Camellia ciphersuites from RFC4132 (256-bit portion) */ @@ -1210,7 +1186,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1225,7 +1201,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1241,7 +1217,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1257,7 +1233,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1273,7 +1249,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1289,8 +1265,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1308,8 +1284,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1324,7 +1300,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -1340,7 +1316,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1356,7 +1332,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1372,8 +1348,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1388,7 +1364,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -1404,7 +1380,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1420,7 +1396,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1436,8 +1412,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1452,7 +1428,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -1468,7 +1444,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1484,7 +1460,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1504,7 +1480,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1520,7 +1496,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1536,7 +1512,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1552,7 +1528,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1568,7 +1544,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1584,8 +1560,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_SEED, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1765,7 +1741,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1781,7 +1757,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1927,7 +1903,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -1943,7 +1919,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -1991,7 +1967,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2007,7 +1983,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -2055,7 +2031,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2071,7 +2047,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -2171,7 +2147,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2267,7 +2243,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2301,8 +2277,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2317,8 +2293,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2333,7 +2309,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2349,7 +2325,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2365,7 +2341,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2381,8 +2357,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2397,8 +2373,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2413,7 +2389,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2429,7 +2405,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2445,7 +2421,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2461,8 +2437,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2477,8 +2453,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2493,7 +2469,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2509,7 +2485,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2525,7 +2501,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2541,8 +2517,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2557,8 +2533,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2573,7 +2549,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2589,7 +2565,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2605,7 +2581,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2621,8 +2597,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2637,8 +2613,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2653,8 +2629,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_3DES, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2669,8 +2645,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES128, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2685,8 +2661,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES256, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2703,7 +2679,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aSRP, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2719,7 +2695,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2735,7 +2711,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2751,7 +2727,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aSRP, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2767,7 +2743,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2783,7 +2759,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2799,7 +2775,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aSRP, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2815,7 +2791,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2831,7 +2807,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -3110,8 +3086,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_RC4, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -3126,7 +3102,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -3142,7 +3118,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -3158,7 +3134,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -3206,8 +3182,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_SSLV3, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -3223,7 +3199,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -3239,7 +3215,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -3474,62 +3450,353 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256}, #endif -#ifdef TEMP_GOST_TLS -/* Cipher FF00 */ + /* Cipher C09C */ { 1, - "GOST-MD5", - 0x0300ff00, + TLS1_TXT_RSA_WITH_AES_128_CCM, + TLS1_CK_RSA_WITH_AES_128_CCM, SSL_kRSA, SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_MD5, - SSL_TLSV1, + SSL_AES128CCM, + SSL_AEAD, + SSL_TLSV1_2, SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C09D */ + { + 1, + TLS1_TXT_RSA_WITH_AES_256_CCM, + TLS1_CK_RSA_WITH_AES_256_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, + + /* Cipher C09E */ { 1, - "GOST-GOST94", - 0x0300ff01, - SSL_kRSA, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM, + SSL_kDHE, SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST94, - SSL_TLSV1, + SSL_AES128CCM, + SSL_AEAD, + SSL_TLSV1_2, SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C09F */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, - 256}, + 256, + }, + + /* Cipher C0A0 */ { 1, - "GOST-GOST89MAC", - 0x0300ff02, + TLS1_TXT_RSA_WITH_AES_128_CCM_8, + TLS1_CK_RSA_WITH_AES_128_CCM_8, SSL_kRSA, SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, + SSL_AES128CCM8, + SSL_AEAD, + SSL_TLSV1_2, SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256}, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0A1 */ { 1, - "GOST-GOST89STREAM", - 0x0300ff03, + TLS1_TXT_RSA_WITH_AES_256_CCM_8, + TLS1_CK_RSA_WITH_AES_256_CCM_8, SSL_kRSA, SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, + SSL_AES256CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0A2 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0A3 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0A4 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CCM, + TLS1_CK_PSK_WITH_AES_128_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0A4 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CCM, + TLS1_CK_PSK_WITH_AES_256_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0A6 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0A7 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0A8 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CCM_8, + TLS1_CK_PSK_WITH_AES_128_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0A9 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CCM_8, + TLS1_CK_PSK_WITH_AES_256_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0AA */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0AB */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0AC */ + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0AD */ + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + /* Cipher C0AE */ + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher C0AF */ + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM8, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + { + 1, + "GOST2012-GOST8912-GOST8912", + 0x0300ff85, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, SSL_TLSV1, SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, 256}, -#endif + { + 1, + "GOST2012-NULL-GOST12", + 0x0300ff87, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eNULL, + SSL_GOST12_256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256, + 0, + 0}, + /* end of list */ }; @@ -3597,9 +3864,8 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) + if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof(*s3)); s->s3 = s3; #ifndef OPENSSL_NO_SRP @@ -3614,7 +3880,7 @@ int ssl3_new(SSL *s) void ssl3_free(SSL *s) { - if (s == NULL) + if (s == NULL || s->s3 == NULL) return; ssl3_cleanup_key_block(s); @@ -4073,7 +4339,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; #endif ptmp = EVP_PKEY_new(); - if (!ptmp) + if (ptmp == NULL) return 0; #ifndef OPENSSL_NO_RSA else if (s->s3->peer_rsa_tmp) @@ -4525,9 +4791,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; + uint32_t id; - id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; + id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]; c.id = id; cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES @@ -4603,6 +4869,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, /* Skip TLS v1.2 only ciphersuites if not supported */ if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) continue; + /* Skip TLS v1.0 ciphersuites if SSLv3 */ + if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION) + continue; ssl_set_masks(s, c); mask_k = s->s3->tmp.mask_k; @@ -4677,7 +4946,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { int ret = 0; int nostrict = 1; - unsigned long alg_k, alg_a = 0; + uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ if (s->cert->ctypes) { @@ -4694,8 +4963,9 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION) { if (alg_k & SSL_kGOST) { - p[ret++] = TLS_CT_GOST94_SIGN; p[ret++] = TLS_CT_GOST01_SIGN; + p[ret++] = TLS_CT_GOST12_SIGN; + p[ret++] = TLS_CT_GOST12_512_SIGN; return (ret); } } @@ -4762,7 +5032,7 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) if (len > 0xff) return 0; c->ctypes = OPENSSL_malloc(len); - if (!c->ctypes) + if (c->ctypes == NULL) return 0; memcpy(c->ctypes, p, len); c->ctype_num = len; @@ -4777,7 +5047,7 @@ int ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or we don't * want to send messages :-) */ - if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { + if (s->quiet_shutdown || SSL_in_before(s)) { s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); return (1); } @@ -4848,11 +5118,11 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) * makes sense here; so disable handshake processing and try to read * application data again. */ - s->in_handshake++; + ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, peek); - s->in_handshake--; + ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; @@ -4891,10 +5161,10 @@ int ssl3_renegotiate_check(SSL *s) && !SSL_in_init(s)) { /* * if we are the server, and we have sent a 'RENEGOTIATE' - * message, we need to go to SSL_ST_ACCEPT. + * message, we need to set the state machine into the renegotiate + * state. */ - /* SSL_ST_ACCEPT */ - s->state = SSL_ST_RENEGOTIATE; + ossl_statem_set_renegotiate(s); s->s3->renegotiate = 0; s->s3->num_renegotiations++; s->s3->total_renegotiations++; @@ -4991,8 +5261,9 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pms, pmslen); - +#ifndef OPENSSL_NO_PSK err: +#endif if (pms) { if (free_pms) OPENSSL_clear_free(pms, pmslen);