typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STDNAME,
+ OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
#endif
-#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
-#endif
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
+ {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{NULL}
};
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
-#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
-#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
int srp = 0;
#endif
const char *p;
- char *ciphers = NULL, *prog;
+ char *ciphers = NULL, *prog, *convert = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
use_supported = 1;
break;
case OPT_STDNAME:
-#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
-#endif
+ break;
+ case OPT_CONVERT:
+ convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
else if (argc != 0)
goto opthelp;
+ if (convert != NULL) {
+ BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
+ OPENSSL_cipher_name(convert));
+ goto end;
+ }
+
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
-#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
-#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
- return (ret);
+ return ret;
}
[B<-psk>]
[B<-srp>]
[B<-stdname>]
+[B<-convert name>]
[B<cipherlist>]
=head1 DESCRIPTION
=item B<-stdname>
-Precede each cipher suite by its standard name: only available is OpenSSL
-is built with tracing enabled (B<enable-ssl-trace> argument to Configure).
+Precede each cipher suite by its standard name.
+
+=item B<-convert name>
+
+Convert a standard cipher B<name> to its OpenSSL name.
=item B<cipherlist>
The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
+The B<-stdname> is only available if OpenSSL is built with tracing enabled
+(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
+
+The B<-convert> was added in OpenSSL 1.1.1.
+
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
=head1 NAME
SSL_CIPHER_get_name,
+SSL_CIPHER_standard_name,
+OPENSSL_cipher_name,
SSL_CIPHER_get_bits,
SSL_CIPHER_get_version,
SSL_CIPHER_description,
#include <openssl/ssl.h>
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+ const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+ const char *OPENSSL_cipher_name(const char *stdname);
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
B<cipher> is NULL, it returns "(NONE)".
+SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of
+B<cipher>. If the B<cipher> is NULL, it returns "(NONE)". If the B<cipher>
+has no standard name, it returns B<NULL>.
+
+OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B<stdname>.
+If the B<stdname> is NULL, or B<stdname> has no corresponding OpenSSL name,
+it returns "(NONE)".
+
SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>.
If B<cipher> is NULL, 0 is returned.
SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1.
+SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before
+OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was
+required to enable this function.
+
+OPENSSL_cipher_name() was added in OpenSSL 1.1.1.
+
=head1 SEE ALSO
L<ssl(7)>, L<SSL_get_current_cipher(3)>,
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
# ifndef OPENSSL_NO_SSL_TRACE
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
-__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
# endif
# ifndef OPENSSL_NO_SOCK
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define SSL3_RFC_RSA_NULL_MD5 "SSL_RSA_WITH_NULL_MD5"
+# define SSL3_RFC_RSA_NULL_SHA "SSL_RSA_WITH_NULL_SHA"
+# define SSL3_RFC_RSA_DES_192_CBC3_SHA "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_ADH_DES_192_CBC_SHA "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_RSA_IDEA_128_SHA "SSL_RSA_WITH_IDEA_CBC_SHA"
+# define SSL3_RFC_RSA_RC4_128_MD5 "SSL_RSA_WITH_RC4_128_MD5"
+# define SSL3_RFC_RSA_RC4_128_SHA "SSL_RSA_WITH_RC4_128_SHA"
+# define SSL3_RFC_ADH_RC4_128_MD5 "SSL_DH_anon_WITH_RC4_128_MD5"
+
# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
+# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
+# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
+# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA"
+
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
* ciphers names with "EDH" instead of "DHE". Going forward, we should be
{
1,
SSL3_TXT_RSA_NULL_MD5,
+ SSL3_RFC_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_RSA_NULL_SHA,
+ SSL3_RFC_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
+ SSL3_RFC_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+ SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+ SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
+ SSL3_RFC_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
+ TLS1_RFC_RSA_WITH_AES_128_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
+ TLS1_RFC_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA,
+ TLS1_RFC_RSA_WITH_AES_256_SHA,
TLS1_CK_RSA_WITH_AES_256_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA,
+ TLS1_RFC_ADH_WITH_AES_256_SHA,
TLS1_CK_ADH_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_NULL_SHA256,
+ TLS1_RFC_RSA_WITH_NULL_SHA256,
TLS1_CK_RSA_WITH_NULL_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_RSA_WITH_AES_128_SHA256,
TLS1_CK_RSA_WITH_AES_128_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA256,
+ TLS1_RFC_RSA_WITH_AES_256_SHA256,
TLS1_CK_RSA_WITH_AES_256_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA256,
+ TLS1_RFC_ADH_WITH_AES_128_SHA256,
TLS1_CK_ADH_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA256,
+ TLS1_RFC_ADH_WITH_AES_256_SHA256,
TLS1_CK_ADH_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_RFC_RSA_WITH_AES_128_CCM,
TLS1_CK_RSA_WITH_AES_128_CCM,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_RFC_RSA_WITH_AES_256_CCM,
TLS1_CK_RSA_WITH_AES_256_CCM,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_RSA_WITH_AES_128_CCM_8,
TLS1_CK_RSA_WITH_AES_128_CCM_8,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_RSA_WITH_AES_256_CCM_8,
TLS1_CK_RSA_WITH_AES_256_CCM_8,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_RFC_PSK_WITH_AES_128_CCM,
TLS1_CK_PSK_WITH_AES_128_CCM,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_RFC_PSK_WITH_AES_256_CCM,
TLS1_CK_PSK_WITH_AES_256_CCM,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_RFC_PSK_WITH_AES_128_CCM_8,
TLS1_CK_PSK_WITH_AES_128_CCM_8,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_RFC_PSK_WITH_AES_256_CCM_8,
TLS1_CK_PSK_WITH_AES_256_CCM_8,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_3_TXT_AES_128_GCM_SHA256,
+ TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
0, 0,
SSL_AES128GCM,
{
1,
TLS1_3_TXT_AES_256_GCM_SHA384,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
TLS1_3_CK_AES_256_GCM_SHA384,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_3_TXT_AES_128_CCM_SHA256,
+ TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_CK_AES_128_CCM_SHA256,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_3_TXT_AES_128_CCM_8_SHA256,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
TLS1_3_CK_AES_128_CCM_8_SHA256,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA,
+ TLS1_RFC_PSK_WITH_NULL_SHA,
TLS1_CK_PSK_WITH_NULL_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
TLS1_CK_DHE_PSK_WITH_NULL_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
TLS1_CK_RSA_PSK_WITH_NULL_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_PSK_WITH_NULL_SHA256,
TLS1_CK_PSK_WITH_NULL_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_PSK_WITH_NULL_SHA384,
TLS1_CK_PSK_WITH_NULL_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
"GOST2001-GOST89-GOST89",
+ "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
0x3000081,
SSL_kGOST,
SSL_aGOST01,
{
1,
"GOST2001-NULL-GOST94",
+ "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
0x3000083,
SSL_kGOST,
SSL_aGOST01,
{
1,
"GOST2012-GOST8912-GOST8912",
+ NULL,
0x0300ff85,
SSL_kGOST,
SSL_aGOST12 | SSL_aGOST01,
{
1,
"GOST2012-NULL-GOST12",
+ NULL,
0x0300ff87,
SSL_kGOST,
SSL_aGOST12 | SSL_aGOST01,
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
+ SSL3_RFC_RSA_IDEA_128_SHA,
SSL3_CK_RSA_IDEA_128_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_SEED_SHA,
+ TLS1_RFC_RSA_WITH_SEED_SHA,
TLS1_CK_RSA_WITH_SEED_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+ TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
TLS1_CK_DHE_DSS_WITH_SEED_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+ TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
TLS1_CK_DHE_RSA_WITH_SEED_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_SEED_SHA,
+ TLS1_RFC_ADH_WITH_SEED_SHA,
TLS1_CK_ADH_WITH_SEED_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
+ SSL3_RFC_RSA_RC4_128_MD5,
SSL3_CK_RSA_RC4_128_MD5,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_RSA_RC4_128_SHA,
+ SSL3_RFC_RSA_RC4_128_SHA,
SSL3_CK_RSA_RC4_128_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
+ SSL3_RFC_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_PSK_WITH_RC4_128_SHA,
TLS1_CK_PSK_WITH_RC4_128_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
0,
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
SSL3_CK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
{
0,
"TLS_FALLBACK_SCSV",
+ "TLS_FALLBACK_SCSV",
SSL3_CK_FALLBACK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
}
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+ SSL_CIPHER *c = NULL;
+ SSL_CIPHER *tbl = ssl3_ciphers;
+ size_t i;
+
+ /* this is not efficient, necessary to optimze this? */
+ for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
+ if (tbl->stdname == NULL)
+ continue;
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
+ }
+ if (c == NULL) {
+ tbl = ssl3_scsvs;
+ for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
+ }
+ }
+ return c;
+}
+
/*
* This function needs to check if the ciphers required are actually
* available
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
static const SSL_CIPHER cipher_aliases[] = {
/* "ALL" doesn't include eNULL (must be specifically enabled) */
- {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
+ {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
/* "COMPLEMENTOFALL" */
- {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
/*
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
+ {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
/*
* key exchange aliases (some of those using only a single bit here
* combine multiple key exchange algs according to the RFCs, e.g. kDHE
* combines DHE_DSS and DHE_RSA)
*/
- {0, SSL_TXT_kRSA, 0, SSL_kRSA},
+ {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
- {0, SSL_TXT_kEDH, 0, SSL_kDHE},
- {0, SSL_TXT_kDHE, 0, SSL_kDHE},
- {0, SSL_TXT_DH, 0, SSL_kDHE},
+ {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+ {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+ {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
- {0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
- {0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
- {0, SSL_TXT_ECDH, 0, SSL_kECDHE},
+ {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+ {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+ {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
- {0, SSL_TXT_kPSK, 0, SSL_kPSK},
- {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
- {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
- {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
- {0, SSL_TXT_kSRP, 0, SSL_kSRP},
- {0, SSL_TXT_kGOST, 0, SSL_kGOST},
+ {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+ {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+ {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+ {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+ {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+ {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
/* server authentication aliases */
- {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
- {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
- {0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
- {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
- {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
- {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
- {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
- {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
- {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
- {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
- {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
+ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+ {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+ {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+ {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+ {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+ {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+ {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+ {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+ {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+ {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+ {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
/* aliases combining key exchange and server authentication */
- {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
- {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
- {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
- {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
- {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
- {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
- {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
- {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
- {0, SSL_TXT_PSK, 0, SSL_PSK},
- {0, SSL_TXT_SRP, 0, SSL_kSRP},
+ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+ {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+ {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+ {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+ {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+ {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+ {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+ {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+ {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
/* symmetric encryption aliases */
- {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
- {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
- {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
- {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
- {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
- {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
- {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
- {0, SSL_TXT_AES128, 0, 0, 0,
+ {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+ {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+ {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+ {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+ {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+ {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+ {0, SSL_TXT_AES128, NULL, 0, 0, 0,
SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
- {0, SSL_TXT_AES256, 0, 0, 0,
+ {0, SSL_TXT_AES256, NULL, 0, 0, 0,
SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
- {0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
- {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
- {0, SSL_TXT_AES_CCM, 0, 0, 0,
+ {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+ {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+ {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
- {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
- {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
- {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
- {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
- {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
+ {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+ {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+ {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+ {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+ {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
/* MAC aliases */
- {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
- {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
- {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
- {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
- {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
- {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
- {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
- {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
+ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+ {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+ {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+ {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+ {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+ {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+ {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+ {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
/* protocol version aliases */
- {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
- {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
- {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
- {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+ {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+ {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+ {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
/* strength classes */
- {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
- {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
- {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
+ {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+ {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+ {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
/* FIPS 140-2 approved ciphersuite */
- {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+ {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
- {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
+ {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
- {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
+ {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
};
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
- ameth) > 0) {
+ ameth) > 0)
return pkey_id;
- }
return 0;
}
* present, disable appropriate auth and key exchange
*/
ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
- if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+ if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
- } else {
+ else
disabled_mac_mask |= SSL_GOST89MAC;
- }
ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
get_optional_pkey_id("gost-mac-12");
- if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
+ if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
- } else {
+ else
disabled_mac_mask |= SSL_GOST89MAC12;
- }
if (!get_optional_pkey_id("gost2001"))
disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
c = s->cipher;
if (c == NULL)
- return (0);
+ return 0;
if (comp != NULL) {
SSL_COMP ctmp;
#ifndef OPENSSL_NO_COMP
i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
- if (i == -1)
+ if (i == -1) {
*enc = NULL;
- else {
+ } else {
if (i == SSL_ENC_NULL_IDX)
*enc = EVP_enc_null();
else
c->algorithm_mac == SSL_SHA256 &&
(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
*enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
+ return 1;
+ } else {
+ return 0;
+ }
}
const EVP_MD *ssl_md(int idx)
number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
if (number_uses == NULL) {
SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
- return (0);
+ return 0;
}
/*
tail_p);
OPENSSL_free(number_uses);
- return (1);
+ return 1;
}
static int ssl_cipher_process_rulestr(const char *rule_str,
retval = 1;
l = rule_str;
- for (;;) {
+ for ( ; ; ) {
ch = *l;
if (ch == '\0')
if (ch == '+') {
multi = 1;
l++;
- } else
+ } else {
multi = 0;
+ }
/*
* Now search for the cipher alias in the ca_list. Be careful
found = 0;
break;
}
- } else
+ } else {
alg_mkey = ca_list[j]->algorithm_mkey;
+ }
}
if (ca_list[j]->algorithm_auth) {
found = 0;
break;
}
- } else
+ } else {
alg_auth = ca_list[j]->algorithm_auth;
+ }
}
if (ca_list[j]->algorithm_enc) {
found = 0;
break;
}
- } else
+ } else {
alg_enc = ca_list[j]->algorithm_enc;
+ }
}
if (ca_list[j]->algorithm_mac) {
found = 0;
break;
}
- } else
+ } else {
alg_mac = ca_list[j]->algorithm_mac;
+ }
}
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
found = 0;
break;
}
- } else
+ } else {
algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+ }
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
found = 0;
break;
}
- } else
+ } else {
algo_strength |=
ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+ }
}
if (ca_list[j]->valid) {
*/
if (rule == CIPHER_SPECIAL) { /* special command */
ok = 0;
- if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
+ if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
ok = ssl_cipher_strength_sort(head_p, tail_p);
- else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+ } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
int level = buf[9] - '0';
if (level < 0 || level > 5) {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
c->sec_level = level;
ok = 1;
}
- } else
+ } else {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+ }
if (ok == 0)
retval = 0;
/*
break; /* done */
}
- return (retval);
+ return retval;
}
#ifndef OPENSSL_NO_EC
if (suiteb_flags) {
c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
c->cert_flags |= suiteb_flags;
- } else
+ } else {
suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+ }
if (!suiteb_flags)
return 1;
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return (NULL); /* Failure */
+ return NULL; /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
if (ca_list == NULL) {
OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return (NULL); /* Failure */
+ return NULL; /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list);
- return (NULL);
+ return NULL;
}
/*
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
OPENSSL_free(co_list);
- return (NULL);
+ return NULL;
}
/*
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
- return (cipherstack);
+ return cipherstack;
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
buf = OPENSSL_malloc(len);
if (buf == NULL)
return NULL;
- } else if (len < 128)
+ } else if (len < 128) {
return NULL;
+ }
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
- return (buf);
+ return buf;
}
const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
{
if (c != NULL)
- return (c->name);
- return ("(NONE)");
+ return c->name;
+ return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+ if (c != NULL)
+ return c->stdname;
+ return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+ const SSL_CIPHER *c;
+
+ if (stdname == NULL)
+ return "(NONE)";
+ c = ssl3_get_cipher_by_std_name(stdname);
+ return SSL_CIPHER_get_name(c);
}
/* number of bits for symmetric cipher */
for (i = 0; i < nn; i++) {
ctmp = sk_SSL_COMP_value(sk, i);
if (ctmp->id == n)
- return (ctmp);
+ return ctmp;
}
- return (NULL);
+ return NULL;
}
#ifdef OPENSSL_NO_COMP
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
load_builtin_compressions();
- return (ssl_comp_methods);
+ return ssl_comp_methods;
}
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
if (comp == NULL) {
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
- return (1);
+ return 1;
}
comp->id = id;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_DUPLICATE_COMPRESSION_ID);
- return (1);
+ return 1;
}
if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
- return (1);
+ return 1;
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
- return (0);
+ return 0;
}
#endif
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
struct ssl_cipher_st {
uint32_t valid;
const char *name; /* text name */
+ const char *stdname; /* RFC name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 1.0.0: these four used to be portions of a single value
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);
if (totlen != 0) {
if (empty_reneg_info_scsv) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
/*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return 1;
}
-const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
-{
- return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
-}
-
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t msglen, SSL *ssl, void *arg)
{
pkey_meth_test uitest cipherbytes_test asn1_encode_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest \
- time_offset_test pemtest ssl_cert_table_internal_test
+ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]=../include
INCLUDE[ssl_cert_table_internal_test]=.. ../include
DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a
+ SOURCE[ciphername_test]=ciphername_test.c
+ INCLUDE[ciphername_test]=.. ../include
+ DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
+
IF[{- !$disabled{psk} -}]
PROGRAMS_NO_INST=dtls_mtu_test
SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
--- /dev/null
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/err.h>
+#include <openssl/e_os2.h>
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h>
+
+#include "e_os.h"
+#include "testutil.h"
+
+typedef struct cipher_id_name {
+ int id;
+ const char *name;
+} CIPHER_ID_NAME;
+
+/* Cipher suites, copied from t1_trce.c */
+static CIPHER_ID_NAME cipher_names[] = {
+ {0x0000, "SSL_NULL_WITH_NULL_NULL"},
+ {0x0001, "SSL_RSA_WITH_NULL_MD5"},
+ {0x0002, "SSL_RSA_WITH_NULL_SHA"},
+ {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
+ {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},
+ {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},
+ {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+ {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},
+ {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},
+ {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},
+ {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+ {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},
+ {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},
+ {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+ {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},
+ {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+ {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},
+ {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
+ {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+ {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+ {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+ {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
+ {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
+ {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
+ {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
+ {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
+ {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
+ {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
+ {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
+ {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
+ {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
+ {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
+ {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
+ {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+ {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+ {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+ {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
+ {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+ {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+ {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+ {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+ {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+ {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+ {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
+ {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+ {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+ {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+ {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+ {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+ {0x003B, "TLS_RSA_WITH_NULL_SHA256"},
+ {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+ {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+ {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+ {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+ {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+ {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+ {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+ {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+ {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+ {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+ {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+ {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+ {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
+ {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
+ {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
+ {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
+ {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
+ {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
+ {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
+ {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
+ {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
+ {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
+ {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
+ {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
+ {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
+ {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
+ {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
+ {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+ {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+ {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
+ {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
+ {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
+ {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
+ {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
+ {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
+ {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
+ {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
+ {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
+ {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
+ {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
+ {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
+ {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
+ {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
+ {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
+ {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
+ {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
+ {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
+ {0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
+ {0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
+ {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
+ {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
+ {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
+ {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
+ {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
+ {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
+ {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
+ {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
+ {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+ {0x5600, "TLS_FALLBACK_SCSV"},
+ {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
+ {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
+ {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
+ {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
+ {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
+ {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
+ {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
+ {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
+ {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
+ {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
+ {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
+ {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
+ {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
+ {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
+ {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+ {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+ {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
+ {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
+ {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
+ {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
+ {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
+ {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
+ {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
+ {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
+ {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
+ {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
+ {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
+ {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
+ {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
+ {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
+ {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
+ {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
+ {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+ {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
+ {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
+ {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
+ {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+ {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+ {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
+ {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
+ {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+ {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+ {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
+ {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+ {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+ {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+ {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+ {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+ {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+ {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+ {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+ {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+ {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+ {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+ {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+ {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+ {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+ {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+ {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+ {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+ {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+ {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+ {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+ {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+ {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+ {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+ {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+ {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+ {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+ {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+ {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+ {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+ {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+ {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+ {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+ {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+ {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+ {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+ {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+ {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+ {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+ {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+ {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+ {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+ {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+ {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+ {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+ {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+ {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+ {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+ {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0x1301, "TLS_AES_128_GCM_SHA256"},
+ {0x1302, "TLS_AES_256_GCM_SHA384"},
+ {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+ {0x1304, "TLS_AES_128_CCM_SHA256"},
+ {0x1305, "TLS_AES_128_CCM_8_SHA256"},
+ {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+ {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+};
+
+static const char *get_std_name_by_id(int id)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(cipher_names); i++)
+ if (cipher_names[i].id == id)
+ return cipher_names[i].name;
+
+ return NULL;
+}
+
+static int test_cipher_name()
+{
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ const SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *sk = NULL;
+ const char *ciphers = "ALL:eNULL", *p, *q, *r;
+ int i, id = 0, ret = 0;
+
+ /* tests for invalid input */
+ p = SSL_CIPHER_standard_name(NULL);
+ if (!TEST_str_eq(p, "(NONE)")) {
+ TEST_info("test_cipher_name(std) failed: NULL input doesn't return \"(NONE)\"\n");
+ goto err;
+ }
+
+ p = OPENSSL_cipher_name(NULL);
+ if (!TEST_str_eq(p, "(NONE)")) {
+ TEST_info("test_cipher_name(ossl) failed: NULL input doesn't return \"(NONE)\"\n");
+ goto err;
+ }
+
+ p = OPENSSL_cipher_name("This is not a valid cipher");
+ if (!TEST_str_eq(p, "(NONE)")) {
+ TEST_info("test_cipher_name(ossl) failed: invalid input doesn't return \"(NONE)\"\n");
+ goto err;
+ }
+
+ /* tests for valid input */
+ ctx = SSL_CTX_new(TLS_server_method());
+ if (ctx == NULL) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ ssl = SSL_new(ctx);
+ if (ssl == NULL) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ sk = SSL_get_ciphers(ssl);
+ if (sk == NULL) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ id = SSL_CIPHER_get_id(c) & 0xFFFF;
+ if ((id == 0xFF85) || (id == 0xFF87))
+ /* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */
+ continue;
+ p = SSL_CIPHER_standard_name(c);
+ q = get_std_name_by_id(id);
+ if (!TEST_ptr(p)) {
+ TEST_info("test_cipher_name failed: expected %s, got NULL, cipher %x\n",
+ q, id);
+ goto err;
+ }
+ /* check if p is a valid standard name */
+ if (!TEST_str_eq(p, q)) {
+ TEST_info("test_cipher_name(std) failed: expected %s, got %s, cipher %x\n",
+ q, p, id);
+ goto err;
+ }
+ /* test OPENSSL_cipher_name */
+ q = SSL_CIPHER_get_name(c);
+ r = OPENSSL_cipher_name(p);
+ if (!TEST_str_eq(r, q)) {
+ TEST_info("test_cipher_name(ossl) failed: expected %s, got %s, cipher %x\n",
+ q, r, id);
+ goto err;
+ }
+ }
+ ret = 1;
+err:
+ SSL_CTX_free(ctx);
+ SSL_free(ssl);
+ return ret;
+}
+
+void register_tests()
+{
+ ADD_TEST(test_cipher_name);
+}
--- /dev/null
+#! /usr/bin/perl
+#
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017 BaishanCloud. All rights reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(alldisabled available_protocols);
+
+setup("test_ciphername");
+
+my $no_anytls = alldisabled(available_protocols("tls"));
+
+# If we have no protocols, then we also have no supported ciphers.
+plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build."
+ if $no_anytls;
+
+simple_test("test_ciphername", "ciphername_test");
SSL_get_shared_sigalgs 87 1_1_0 EXIST::FUNCTION:
SSL_config 88 1_1_0 EXIST::FUNCTION:
TLSv1_1_client_method 89 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
-SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:SSL_TRACE
+SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:
SSL_CTX_get_verify_mode 91 1_1_0 EXIST::FUNCTION:
SSL_get_all_async_fds 92 1_1_0 EXIST::FUNCTION:
SSL_CTX_check_private_key 93 1_1_0 EXIST::FUNCTION:
SSL_SESSION_set1_master_key 460 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set_cipher 461 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set_protocol_version 462 1_1_1 EXIST::FUNCTION:
+OPENSSL_cipher_name 463 1_1_1 EXIST::FUNCTION:
projects / openssl.git / commitdiff