2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
15 #include <openssl/md5.h>
16 #include <openssl/dh.h>
17 #include <openssl/rand.h>
19 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
20 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
22 /* TLSv1.3 downgrade protection sentinel values */
23 const unsigned char tls11downgrade[] = {
24 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
26 const unsigned char tls12downgrade[] = {
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
31 * The list of available ciphers, mostly organized into the following
36 * SRP (within that: RSA EC PSK)
37 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
40 static SSL_CIPHER ssl3_ciphers[] = {
43 SSL3_TXT_RSA_NULL_MD5,
49 SSL3_VERSION, TLS1_2_VERSION,
50 DTLS1_BAD_VER, DTLS1_2_VERSION,
52 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
58 SSL3_TXT_RSA_NULL_SHA,
64 SSL3_VERSION, TLS1_2_VERSION,
65 DTLS1_BAD_VER, DTLS1_2_VERSION,
66 SSL_STRONG_NONE | SSL_FIPS,
67 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
71 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
74 SSL3_TXT_RSA_DES_192_CBC3_SHA,
75 SSL3_CK_RSA_DES_192_CBC3_SHA,
80 SSL3_VERSION, TLS1_2_VERSION,
81 DTLS1_BAD_VER, DTLS1_2_VERSION,
82 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
83 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
89 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
90 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_VERSION, TLS1_2_VERSION,
96 DTLS1_BAD_VER, DTLS1_2_VERSION,
97 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
98 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
104 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
105 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
110 SSL3_VERSION, TLS1_2_VERSION,
111 DTLS1_BAD_VER, DTLS1_2_VERSION,
112 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
113 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
119 SSL3_TXT_ADH_DES_192_CBC_SHA,
120 SSL3_CK_ADH_DES_192_CBC_SHA,
125 SSL3_VERSION, TLS1_2_VERSION,
126 DTLS1_BAD_VER, DTLS1_2_VERSION,
127 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
128 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
135 TLS1_TXT_RSA_WITH_AES_128_SHA,
136 TLS1_CK_RSA_WITH_AES_128_SHA,
141 SSL3_VERSION, TLS1_2_VERSION,
142 DTLS1_BAD_VER, DTLS1_2_VERSION,
144 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
150 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
151 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
156 SSL3_VERSION, TLS1_2_VERSION,
157 DTLS1_BAD_VER, DTLS1_2_VERSION,
158 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
159 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
165 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
166 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
171 SSL3_VERSION, TLS1_2_VERSION,
172 DTLS1_BAD_VER, DTLS1_2_VERSION,
174 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180 TLS1_TXT_ADH_WITH_AES_128_SHA,
181 TLS1_CK_ADH_WITH_AES_128_SHA,
186 SSL3_VERSION, TLS1_2_VERSION,
187 DTLS1_BAD_VER, DTLS1_2_VERSION,
188 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
189 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
195 TLS1_TXT_RSA_WITH_AES_256_SHA,
196 TLS1_CK_RSA_WITH_AES_256_SHA,
201 SSL3_VERSION, TLS1_2_VERSION,
202 DTLS1_BAD_VER, DTLS1_2_VERSION,
204 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
210 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
211 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
216 SSL3_VERSION, TLS1_2_VERSION,
217 DTLS1_BAD_VER, DTLS1_2_VERSION,
218 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
219 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
225 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
226 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
231 SSL3_VERSION, TLS1_2_VERSION,
232 DTLS1_BAD_VER, DTLS1_2_VERSION,
234 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
240 TLS1_TXT_ADH_WITH_AES_256_SHA,
241 TLS1_CK_ADH_WITH_AES_256_SHA,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
248 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 TLS1_TXT_RSA_WITH_NULL_SHA256,
256 TLS1_CK_RSA_WITH_NULL_SHA256,
261 TLS1_2_VERSION, TLS1_2_VERSION,
262 DTLS1_2_VERSION, DTLS1_2_VERSION,
263 SSL_STRONG_NONE | SSL_FIPS,
264 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
270 TLS1_TXT_RSA_WITH_AES_128_SHA256,
271 TLS1_CK_RSA_WITH_AES_128_SHA256,
276 TLS1_2_VERSION, TLS1_2_VERSION,
277 DTLS1_2_VERSION, DTLS1_2_VERSION,
279 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
285 TLS1_TXT_RSA_WITH_AES_256_SHA256,
286 TLS1_CK_RSA_WITH_AES_256_SHA256,
291 TLS1_2_VERSION, TLS1_2_VERSION,
292 DTLS1_2_VERSION, DTLS1_2_VERSION,
294 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
300 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
301 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
306 TLS1_2_VERSION, TLS1_2_VERSION,
307 DTLS1_2_VERSION, DTLS1_2_VERSION,
308 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
315 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
316 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
321 TLS1_2_VERSION, TLS1_2_VERSION,
322 DTLS1_2_VERSION, DTLS1_2_VERSION,
324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
330 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
331 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
336 TLS1_2_VERSION, TLS1_2_VERSION,
337 DTLS1_2_VERSION, DTLS1_2_VERSION,
338 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
339 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
345 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
346 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
351 TLS1_2_VERSION, TLS1_2_VERSION,
352 DTLS1_2_VERSION, DTLS1_2_VERSION,
354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
360 TLS1_TXT_ADH_WITH_AES_128_SHA256,
361 TLS1_CK_ADH_WITH_AES_128_SHA256,
366 TLS1_2_VERSION, TLS1_2_VERSION,
367 DTLS1_2_VERSION, DTLS1_2_VERSION,
368 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
375 TLS1_TXT_ADH_WITH_AES_256_SHA256,
376 TLS1_CK_ADH_WITH_AES_256_SHA256,
381 TLS1_2_VERSION, TLS1_2_VERSION,
382 DTLS1_2_VERSION, DTLS1_2_VERSION,
383 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
384 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
390 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
391 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
396 TLS1_2_VERSION, TLS1_2_VERSION,
397 DTLS1_2_VERSION, DTLS1_2_VERSION,
399 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
405 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
406 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
411 TLS1_2_VERSION, TLS1_2_VERSION,
412 DTLS1_2_VERSION, DTLS1_2_VERSION,
414 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
420 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
421 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
426 TLS1_2_VERSION, TLS1_2_VERSION,
427 DTLS1_2_VERSION, DTLS1_2_VERSION,
429 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
435 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
436 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
441 TLS1_2_VERSION, TLS1_2_VERSION,
442 DTLS1_2_VERSION, DTLS1_2_VERSION,
444 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
450 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
451 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
456 TLS1_2_VERSION, TLS1_2_VERSION,
457 DTLS1_2_VERSION, DTLS1_2_VERSION,
458 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
459 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
465 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
466 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
471 TLS1_2_VERSION, TLS1_2_VERSION,
472 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
474 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
480 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
495 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
496 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
501 TLS1_2_VERSION, TLS1_2_VERSION,
502 DTLS1_2_VERSION, DTLS1_2_VERSION,
503 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
504 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
510 TLS1_TXT_RSA_WITH_AES_128_CCM,
511 TLS1_CK_RSA_WITH_AES_128_CCM,
516 TLS1_2_VERSION, TLS1_2_VERSION,
517 DTLS1_2_VERSION, DTLS1_2_VERSION,
518 SSL_NOT_DEFAULT | SSL_HIGH,
519 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
525 TLS1_TXT_RSA_WITH_AES_256_CCM,
526 TLS1_CK_RSA_WITH_AES_256_CCM,
531 TLS1_2_VERSION, TLS1_2_VERSION,
532 DTLS1_2_VERSION, DTLS1_2_VERSION,
533 SSL_NOT_DEFAULT | SSL_HIGH,
534 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
540 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
541 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
546 TLS1_2_VERSION, TLS1_2_VERSION,
547 DTLS1_2_VERSION, DTLS1_2_VERSION,
548 SSL_NOT_DEFAULT | SSL_HIGH,
549 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
555 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
556 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
561 TLS1_2_VERSION, TLS1_2_VERSION,
562 DTLS1_2_VERSION, DTLS1_2_VERSION,
563 SSL_NOT_DEFAULT | SSL_HIGH,
564 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
570 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
571 TLS1_CK_RSA_WITH_AES_128_CCM_8,
576 TLS1_2_VERSION, TLS1_2_VERSION,
577 DTLS1_2_VERSION, DTLS1_2_VERSION,
578 SSL_NOT_DEFAULT | SSL_HIGH,
579 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
585 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
586 TLS1_CK_RSA_WITH_AES_256_CCM_8,
591 TLS1_2_VERSION, TLS1_2_VERSION,
592 DTLS1_2_VERSION, DTLS1_2_VERSION,
593 SSL_NOT_DEFAULT | SSL_HIGH,
594 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
600 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
601 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
606 TLS1_2_VERSION, TLS1_2_VERSION,
607 DTLS1_2_VERSION, DTLS1_2_VERSION,
608 SSL_NOT_DEFAULT | SSL_HIGH,
609 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
615 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
616 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
621 TLS1_2_VERSION, TLS1_2_VERSION,
622 DTLS1_2_VERSION, DTLS1_2_VERSION,
623 SSL_NOT_DEFAULT | SSL_HIGH,
624 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
630 TLS1_TXT_PSK_WITH_AES_128_CCM,
631 TLS1_CK_PSK_WITH_AES_128_CCM,
636 TLS1_2_VERSION, TLS1_2_VERSION,
637 DTLS1_2_VERSION, DTLS1_2_VERSION,
638 SSL_NOT_DEFAULT | SSL_HIGH,
639 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
645 TLS1_TXT_PSK_WITH_AES_256_CCM,
646 TLS1_CK_PSK_WITH_AES_256_CCM,
651 TLS1_2_VERSION, TLS1_2_VERSION,
652 DTLS1_2_VERSION, DTLS1_2_VERSION,
653 SSL_NOT_DEFAULT | SSL_HIGH,
654 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
660 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
661 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
666 TLS1_2_VERSION, TLS1_2_VERSION,
667 DTLS1_2_VERSION, DTLS1_2_VERSION,
668 SSL_NOT_DEFAULT | SSL_HIGH,
669 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
675 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
676 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
681 TLS1_2_VERSION, TLS1_2_VERSION,
682 DTLS1_2_VERSION, DTLS1_2_VERSION,
683 SSL_NOT_DEFAULT | SSL_HIGH,
684 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
690 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
691 TLS1_CK_PSK_WITH_AES_128_CCM_8,
696 TLS1_2_VERSION, TLS1_2_VERSION,
697 DTLS1_2_VERSION, DTLS1_2_VERSION,
698 SSL_NOT_DEFAULT | SSL_HIGH,
699 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
705 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
706 TLS1_CK_PSK_WITH_AES_256_CCM_8,
711 TLS1_2_VERSION, TLS1_2_VERSION,
712 DTLS1_2_VERSION, DTLS1_2_VERSION,
713 SSL_NOT_DEFAULT | SSL_HIGH,
714 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
720 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
721 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
736 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
741 TLS1_2_VERSION, TLS1_2_VERSION,
742 DTLS1_2_VERSION, DTLS1_2_VERSION,
743 SSL_NOT_DEFAULT | SSL_HIGH,
744 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
750 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
751 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
756 TLS1_2_VERSION, TLS1_2_VERSION,
757 DTLS1_2_VERSION, DTLS1_2_VERSION,
758 SSL_NOT_DEFAULT | SSL_HIGH,
759 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
765 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
766 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
771 TLS1_2_VERSION, TLS1_2_VERSION,
772 DTLS1_2_VERSION, DTLS1_2_VERSION,
773 SSL_NOT_DEFAULT | SSL_HIGH,
774 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
780 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
781 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
786 TLS1_2_VERSION, TLS1_2_VERSION,
787 DTLS1_2_VERSION, DTLS1_2_VERSION,
788 SSL_NOT_DEFAULT | SSL_HIGH,
789 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
795 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
796 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
801 TLS1_2_VERSION, TLS1_2_VERSION,
802 DTLS1_2_VERSION, DTLS1_2_VERSION,
803 SSL_NOT_DEFAULT | SSL_HIGH,
804 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
810 TLS1_3_TXT_AES_128_GCM_SHA256,
811 TLS1_3_CK_AES_128_GCM_SHA256,
815 TLS1_3_VERSION, TLS1_3_VERSION,
819 SSL_HANDSHAKE_MAC_SHA256,
825 TLS1_3_TXT_AES_256_GCM_SHA384,
826 TLS1_3_CK_AES_256_GCM_SHA384,
831 TLS1_3_VERSION, TLS1_3_VERSION,
834 SSL_HANDSHAKE_MAC_SHA384,
838 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
841 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
842 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
845 SSL_CHACHA20POLY1305,
847 TLS1_3_VERSION, TLS1_3_VERSION,
850 SSL_HANDSHAKE_MAC_SHA256,
857 TLS1_3_TXT_AES_128_CCM_SHA256,
858 TLS1_3_CK_AES_128_CCM_SHA256,
863 TLS1_3_VERSION, TLS1_3_VERSION,
865 SSL_NOT_DEFAULT | SSL_HIGH,
866 SSL_HANDSHAKE_MAC_SHA256,
872 TLS1_3_TXT_AES_128_CCM_8_SHA256,
873 TLS1_3_CK_AES_128_CCM_8_SHA256,
878 TLS1_3_VERSION, TLS1_3_VERSION,
880 SSL_NOT_DEFAULT | SSL_HIGH,
881 SSL_HANDSHAKE_MAC_SHA256,
886 #ifndef OPENSSL_NO_EC
889 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
890 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
895 TLS1_VERSION, TLS1_2_VERSION,
896 DTLS1_BAD_VER, DTLS1_2_VERSION,
897 SSL_STRONG_NONE | SSL_FIPS,
898 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
902 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
905 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
906 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
911 TLS1_VERSION, TLS1_2_VERSION,
912 DTLS1_BAD_VER, DTLS1_2_VERSION,
913 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
921 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
922 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
927 TLS1_VERSION, TLS1_2_VERSION,
928 DTLS1_BAD_VER, DTLS1_2_VERSION,
930 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
936 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
937 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
942 TLS1_VERSION, TLS1_2_VERSION,
943 DTLS1_BAD_VER, DTLS1_2_VERSION,
945 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
951 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
952 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
957 TLS1_VERSION, TLS1_2_VERSION,
958 DTLS1_BAD_VER, DTLS1_2_VERSION,
959 SSL_STRONG_NONE | SSL_FIPS,
960 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
964 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
967 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
968 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
973 TLS1_VERSION, TLS1_2_VERSION,
974 DTLS1_BAD_VER, DTLS1_2_VERSION,
975 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
976 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
983 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
984 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
989 TLS1_VERSION, TLS1_2_VERSION,
990 DTLS1_BAD_VER, DTLS1_2_VERSION,
992 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
998 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
999 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1004 TLS1_VERSION, TLS1_2_VERSION,
1005 DTLS1_BAD_VER, DTLS1_2_VERSION,
1006 SSL_HIGH | SSL_FIPS,
1007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1013 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1014 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1019 TLS1_VERSION, TLS1_2_VERSION,
1020 DTLS1_BAD_VER, DTLS1_2_VERSION,
1021 SSL_STRONG_NONE | SSL_FIPS,
1022 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1026 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1029 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1030 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1035 TLS1_VERSION, TLS1_2_VERSION,
1036 DTLS1_BAD_VER, DTLS1_2_VERSION,
1037 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1045 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1046 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1051 TLS1_VERSION, TLS1_2_VERSION,
1052 DTLS1_BAD_VER, DTLS1_2_VERSION,
1053 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1054 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1060 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1061 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1066 TLS1_VERSION, TLS1_2_VERSION,
1067 DTLS1_BAD_VER, DTLS1_2_VERSION,
1068 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1075 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1076 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1081 TLS1_2_VERSION, TLS1_2_VERSION,
1082 DTLS1_2_VERSION, DTLS1_2_VERSION,
1083 SSL_HIGH | SSL_FIPS,
1084 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1090 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1091 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1096 TLS1_2_VERSION, TLS1_2_VERSION,
1097 DTLS1_2_VERSION, DTLS1_2_VERSION,
1098 SSL_HIGH | SSL_FIPS,
1099 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1105 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1106 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1111 TLS1_2_VERSION, TLS1_2_VERSION,
1112 DTLS1_2_VERSION, DTLS1_2_VERSION,
1113 SSL_HIGH | SSL_FIPS,
1114 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1120 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1121 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1126 TLS1_2_VERSION, TLS1_2_VERSION,
1127 DTLS1_2_VERSION, DTLS1_2_VERSION,
1128 SSL_HIGH | SSL_FIPS,
1129 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1135 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1136 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1141 TLS1_2_VERSION, TLS1_2_VERSION,
1142 DTLS1_2_VERSION, DTLS1_2_VERSION,
1143 SSL_HIGH | SSL_FIPS,
1144 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1150 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1151 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1156 TLS1_2_VERSION, TLS1_2_VERSION,
1157 DTLS1_2_VERSION, DTLS1_2_VERSION,
1158 SSL_HIGH | SSL_FIPS,
1159 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1165 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1166 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1171 TLS1_2_VERSION, TLS1_2_VERSION,
1172 DTLS1_2_VERSION, DTLS1_2_VERSION,
1173 SSL_HIGH | SSL_FIPS,
1174 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1180 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1181 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1186 TLS1_2_VERSION, TLS1_2_VERSION,
1187 DTLS1_2_VERSION, DTLS1_2_VERSION,
1188 SSL_HIGH | SSL_FIPS,
1189 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1193 #endif /* OPENSSL_NO_EC */
1195 #ifndef OPENSSL_NO_PSK
1198 TLS1_TXT_PSK_WITH_NULL_SHA,
1199 TLS1_CK_PSK_WITH_NULL_SHA,
1204 SSL3_VERSION, TLS1_2_VERSION,
1205 DTLS1_BAD_VER, DTLS1_2_VERSION,
1206 SSL_STRONG_NONE | SSL_FIPS,
1207 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1213 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1214 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1219 SSL3_VERSION, TLS1_2_VERSION,
1220 DTLS1_BAD_VER, DTLS1_2_VERSION,
1221 SSL_STRONG_NONE | SSL_FIPS,
1222 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1228 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1229 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1234 SSL3_VERSION, TLS1_2_VERSION,
1235 DTLS1_BAD_VER, DTLS1_2_VERSION,
1236 SSL_STRONG_NONE | SSL_FIPS,
1237 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1241 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1244 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1245 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1250 SSL3_VERSION, TLS1_2_VERSION,
1251 DTLS1_BAD_VER, DTLS1_2_VERSION,
1252 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1253 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1260 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1261 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1266 SSL3_VERSION, TLS1_2_VERSION,
1267 DTLS1_BAD_VER, DTLS1_2_VERSION,
1268 SSL_HIGH | SSL_FIPS,
1269 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1275 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1276 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,
1283 SSL_HIGH | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1288 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1291 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1292 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1297 SSL3_VERSION, TLS1_2_VERSION,
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,
1299 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1307 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1308 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1313 SSL3_VERSION, TLS1_2_VERSION,
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,
1315 SSL_HIGH | SSL_FIPS,
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1322 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1323 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1328 SSL3_VERSION, TLS1_2_VERSION,
1329 DTLS1_BAD_VER, DTLS1_2_VERSION,
1330 SSL_HIGH | SSL_FIPS,
1331 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1338 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1339 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1344 SSL3_VERSION, TLS1_2_VERSION,
1345 DTLS1_BAD_VER, DTLS1_2_VERSION,
1346 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1354 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1355 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1360 SSL3_VERSION, TLS1_2_VERSION,
1361 DTLS1_BAD_VER, DTLS1_2_VERSION,
1362 SSL_HIGH | SSL_FIPS,
1363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1369 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1370 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1375 SSL3_VERSION, TLS1_2_VERSION,
1376 DTLS1_BAD_VER, DTLS1_2_VERSION,
1377 SSL_HIGH | SSL_FIPS,
1378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1384 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1385 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1390 TLS1_2_VERSION, TLS1_2_VERSION,
1391 DTLS1_2_VERSION, DTLS1_2_VERSION,
1392 SSL_HIGH | SSL_FIPS,
1393 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1399 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1400 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1405 TLS1_2_VERSION, TLS1_2_VERSION,
1406 DTLS1_2_VERSION, DTLS1_2_VERSION,
1407 SSL_HIGH | SSL_FIPS,
1408 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1414 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1415 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1420 TLS1_2_VERSION, TLS1_2_VERSION,
1421 DTLS1_2_VERSION, DTLS1_2_VERSION,
1422 SSL_HIGH | SSL_FIPS,
1423 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1429 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1430 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1435 TLS1_2_VERSION, TLS1_2_VERSION,
1436 DTLS1_2_VERSION, DTLS1_2_VERSION,
1437 SSL_HIGH | SSL_FIPS,
1438 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1444 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1445 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1450 TLS1_2_VERSION, TLS1_2_VERSION,
1451 DTLS1_2_VERSION, DTLS1_2_VERSION,
1452 SSL_HIGH | SSL_FIPS,
1453 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1459 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1460 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1465 TLS1_2_VERSION, TLS1_2_VERSION,
1466 DTLS1_2_VERSION, DTLS1_2_VERSION,
1467 SSL_HIGH | SSL_FIPS,
1468 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1474 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1475 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1480 TLS1_VERSION, TLS1_2_VERSION,
1481 DTLS1_BAD_VER, DTLS1_2_VERSION,
1482 SSL_HIGH | SSL_FIPS,
1483 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1489 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1490 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1495 TLS1_VERSION, TLS1_2_VERSION,
1496 DTLS1_BAD_VER, DTLS1_2_VERSION,
1497 SSL_HIGH | SSL_FIPS,
1498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1504 TLS1_TXT_PSK_WITH_NULL_SHA256,
1505 TLS1_CK_PSK_WITH_NULL_SHA256,
1510 TLS1_VERSION, TLS1_2_VERSION,
1511 DTLS1_BAD_VER, DTLS1_2_VERSION,
1512 SSL_STRONG_NONE | SSL_FIPS,
1513 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1519 TLS1_TXT_PSK_WITH_NULL_SHA384,
1520 TLS1_CK_PSK_WITH_NULL_SHA384,
1525 TLS1_VERSION, TLS1_2_VERSION,
1526 DTLS1_BAD_VER, DTLS1_2_VERSION,
1527 SSL_STRONG_NONE | SSL_FIPS,
1528 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1534 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1535 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1540 TLS1_VERSION, TLS1_2_VERSION,
1541 DTLS1_BAD_VER, DTLS1_2_VERSION,
1542 SSL_HIGH | SSL_FIPS,
1543 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1549 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1550 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1555 TLS1_VERSION, TLS1_2_VERSION,
1556 DTLS1_BAD_VER, DTLS1_2_VERSION,
1557 SSL_HIGH | SSL_FIPS,
1558 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1564 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1565 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1570 TLS1_VERSION, TLS1_2_VERSION,
1571 DTLS1_BAD_VER, DTLS1_2_VERSION,
1572 SSL_STRONG_NONE | SSL_FIPS,
1573 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1579 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1580 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1585 TLS1_VERSION, TLS1_2_VERSION,
1586 DTLS1_BAD_VER, DTLS1_2_VERSION,
1587 SSL_STRONG_NONE | SSL_FIPS,
1588 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1594 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1595 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1600 TLS1_VERSION, TLS1_2_VERSION,
1601 DTLS1_BAD_VER, DTLS1_2_VERSION,
1602 SSL_HIGH | SSL_FIPS,
1603 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1609 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1610 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1615 TLS1_VERSION, TLS1_2_VERSION,
1616 DTLS1_BAD_VER, DTLS1_2_VERSION,
1617 SSL_HIGH | SSL_FIPS,
1618 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1624 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1625 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1630 TLS1_VERSION, TLS1_2_VERSION,
1631 DTLS1_BAD_VER, DTLS1_2_VERSION,
1632 SSL_STRONG_NONE | SSL_FIPS,
1633 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1639 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1640 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1645 TLS1_VERSION, TLS1_2_VERSION,
1646 DTLS1_BAD_VER, DTLS1_2_VERSION,
1647 SSL_STRONG_NONE | SSL_FIPS,
1648 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1652 # ifndef OPENSSL_NO_EC
1653 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1656 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1657 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1662 TLS1_VERSION, TLS1_2_VERSION,
1663 DTLS1_BAD_VER, DTLS1_2_VERSION,
1664 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1665 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1672 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1673 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1678 TLS1_VERSION, TLS1_2_VERSION,
1679 DTLS1_BAD_VER, DTLS1_2_VERSION,
1680 SSL_HIGH | SSL_FIPS,
1681 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1687 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1688 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1693 TLS1_VERSION, TLS1_2_VERSION,
1694 DTLS1_BAD_VER, DTLS1_2_VERSION,
1695 SSL_HIGH | SSL_FIPS,
1696 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1702 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1703 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1708 TLS1_VERSION, TLS1_2_VERSION,
1709 DTLS1_BAD_VER, DTLS1_2_VERSION,
1710 SSL_HIGH | SSL_FIPS,
1711 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1717 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1718 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1723 TLS1_VERSION, TLS1_2_VERSION,
1724 DTLS1_BAD_VER, DTLS1_2_VERSION,
1725 SSL_HIGH | SSL_FIPS,
1726 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1732 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1733 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1738 TLS1_VERSION, TLS1_2_VERSION,
1739 DTLS1_BAD_VER, DTLS1_2_VERSION,
1740 SSL_STRONG_NONE | SSL_FIPS,
1741 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1747 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1748 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_STRONG_NONE | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1762 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1763 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1768 TLS1_VERSION, TLS1_2_VERSION,
1769 DTLS1_BAD_VER, DTLS1_2_VERSION,
1770 SSL_STRONG_NONE | SSL_FIPS,
1771 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1775 # endif /* OPENSSL_NO_EC */
1776 #endif /* OPENSSL_NO_PSK */
1778 #ifndef OPENSSL_NO_SRP
1779 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1782 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1783 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1788 SSL3_VERSION, TLS1_2_VERSION,
1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
1790 SSL_NOT_DEFAULT | SSL_MEDIUM,
1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1797 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1798 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1803 SSL3_VERSION, TLS1_2_VERSION,
1804 DTLS1_BAD_VER, DTLS1_2_VERSION,
1805 SSL_NOT_DEFAULT | SSL_MEDIUM,
1806 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1812 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1813 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1818 SSL3_VERSION, TLS1_2_VERSION,
1819 DTLS1_BAD_VER, DTLS1_2_VERSION,
1820 SSL_NOT_DEFAULT | SSL_MEDIUM,
1821 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1828 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1829 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1834 SSL3_VERSION, TLS1_2_VERSION,
1835 DTLS1_BAD_VER, DTLS1_2_VERSION,
1837 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1844 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1849 SSL3_VERSION, TLS1_2_VERSION,
1850 DTLS1_BAD_VER, DTLS1_2_VERSION,
1852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1858 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1859 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1864 SSL3_VERSION, TLS1_2_VERSION,
1865 DTLS1_BAD_VER, DTLS1_2_VERSION,
1866 SSL_NOT_DEFAULT | SSL_HIGH,
1867 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1873 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1874 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1879 SSL3_VERSION, TLS1_2_VERSION,
1880 DTLS1_BAD_VER, DTLS1_2_VERSION,
1882 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1888 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1889 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1894 SSL3_VERSION, TLS1_2_VERSION,
1895 DTLS1_BAD_VER, DTLS1_2_VERSION,
1897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1903 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1904 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1909 SSL3_VERSION, TLS1_2_VERSION,
1910 DTLS1_BAD_VER, DTLS1_2_VERSION,
1911 SSL_NOT_DEFAULT | SSL_HIGH,
1912 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1916 #endif /* OPENSSL_NO_SRP */
1918 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1919 # ifndef OPENSSL_NO_RSA
1922 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1923 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1926 SSL_CHACHA20POLY1305,
1928 TLS1_2_VERSION, TLS1_2_VERSION,
1929 DTLS1_2_VERSION, DTLS1_2_VERSION,
1931 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1935 # endif /* OPENSSL_NO_RSA */
1937 # ifndef OPENSSL_NO_EC
1940 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1941 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1944 SSL_CHACHA20POLY1305,
1946 TLS1_2_VERSION, TLS1_2_VERSION,
1947 DTLS1_2_VERSION, DTLS1_2_VERSION,
1949 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1955 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1956 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1959 SSL_CHACHA20POLY1305,
1961 TLS1_2_VERSION, TLS1_2_VERSION,
1962 DTLS1_2_VERSION, DTLS1_2_VERSION,
1964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1968 # endif /* OPENSSL_NO_EC */
1970 # ifndef OPENSSL_NO_PSK
1973 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
1974 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
1977 SSL_CHACHA20POLY1305,
1979 TLS1_2_VERSION, TLS1_2_VERSION,
1980 DTLS1_2_VERSION, DTLS1_2_VERSION,
1982 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1988 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1989 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1992 SSL_CHACHA20POLY1305,
1994 TLS1_2_VERSION, TLS1_2_VERSION,
1995 DTLS1_2_VERSION, DTLS1_2_VERSION,
1997 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2003 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2004 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2007 SSL_CHACHA20POLY1305,
2009 TLS1_2_VERSION, TLS1_2_VERSION,
2010 DTLS1_2_VERSION, DTLS1_2_VERSION,
2012 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2018 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2019 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2022 SSL_CHACHA20POLY1305,
2024 TLS1_2_VERSION, TLS1_2_VERSION,
2025 DTLS1_2_VERSION, DTLS1_2_VERSION,
2027 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2031 # endif /* OPENSSL_NO_PSK */
2032 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2033 * !defined(OPENSSL_NO_POLY1305) */
2035 #ifndef OPENSSL_NO_CAMELLIA
2038 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2039 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2044 TLS1_2_VERSION, TLS1_2_VERSION,
2045 DTLS1_2_VERSION, DTLS1_2_VERSION,
2046 SSL_NOT_DEFAULT | SSL_HIGH,
2047 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2053 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2054 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2059 TLS1_2_VERSION, TLS1_2_VERSION,
2060 DTLS1_2_VERSION, DTLS1_2_VERSION,
2061 SSL_NOT_DEFAULT | SSL_HIGH,
2062 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2068 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2069 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2074 TLS1_2_VERSION, TLS1_2_VERSION,
2075 DTLS1_2_VERSION, DTLS1_2_VERSION,
2076 SSL_NOT_DEFAULT | SSL_HIGH,
2077 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2083 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2084 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2089 TLS1_2_VERSION, TLS1_2_VERSION,
2090 DTLS1_2_VERSION, DTLS1_2_VERSION,
2091 SSL_NOT_DEFAULT | SSL_HIGH,
2092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2098 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2099 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2104 TLS1_2_VERSION, TLS1_2_VERSION,
2105 DTLS1_2_VERSION, DTLS1_2_VERSION,
2106 SSL_NOT_DEFAULT | SSL_HIGH,
2107 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2113 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2114 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2119 TLS1_2_VERSION, TLS1_2_VERSION,
2120 DTLS1_2_VERSION, DTLS1_2_VERSION,
2121 SSL_NOT_DEFAULT | SSL_HIGH,
2122 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2128 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2129 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2134 TLS1_2_VERSION, TLS1_2_VERSION,
2135 DTLS1_2_VERSION, DTLS1_2_VERSION,
2136 SSL_NOT_DEFAULT | SSL_HIGH,
2137 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2143 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2144 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2149 TLS1_2_VERSION, TLS1_2_VERSION,
2150 DTLS1_2_VERSION, DTLS1_2_VERSION,
2151 SSL_NOT_DEFAULT | SSL_HIGH,
2152 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2158 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2159 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2164 SSL3_VERSION, TLS1_2_VERSION,
2165 DTLS1_BAD_VER, DTLS1_2_VERSION,
2166 SSL_NOT_DEFAULT | SSL_HIGH,
2167 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2173 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2174 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2179 SSL3_VERSION, TLS1_2_VERSION,
2180 DTLS1_BAD_VER, DTLS1_2_VERSION,
2181 SSL_NOT_DEFAULT | SSL_HIGH,
2182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2188 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2189 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2194 SSL3_VERSION, TLS1_2_VERSION,
2195 DTLS1_BAD_VER, DTLS1_2_VERSION,
2196 SSL_NOT_DEFAULT | SSL_HIGH,
2197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2203 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2204 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2209 SSL3_VERSION, TLS1_2_VERSION,
2210 DTLS1_BAD_VER, DTLS1_2_VERSION,
2211 SSL_NOT_DEFAULT | SSL_HIGH,
2212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2218 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2219 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2224 SSL3_VERSION, TLS1_2_VERSION,
2225 DTLS1_BAD_VER, DTLS1_2_VERSION,
2226 SSL_NOT_DEFAULT | SSL_HIGH,
2227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2233 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2234 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2239 SSL3_VERSION, TLS1_2_VERSION,
2240 DTLS1_BAD_VER, DTLS1_2_VERSION,
2241 SSL_NOT_DEFAULT | SSL_HIGH,
2242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2248 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2249 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2254 SSL3_VERSION, TLS1_2_VERSION,
2255 DTLS1_BAD_VER, DTLS1_2_VERSION,
2256 SSL_NOT_DEFAULT | SSL_HIGH,
2257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2263 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2264 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2269 SSL3_VERSION, TLS1_2_VERSION,
2270 DTLS1_BAD_VER, DTLS1_2_VERSION,
2271 SSL_NOT_DEFAULT | SSL_HIGH,
2272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2277 # ifndef OPENSSL_NO_EC
2280 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2281 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2286 TLS1_2_VERSION, TLS1_2_VERSION,
2287 DTLS1_2_VERSION, DTLS1_2_VERSION,
2288 SSL_NOT_DEFAULT | SSL_HIGH,
2289 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2295 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2296 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2301 TLS1_2_VERSION, TLS1_2_VERSION,
2302 DTLS1_2_VERSION, DTLS1_2_VERSION,
2303 SSL_NOT_DEFAULT | SSL_HIGH,
2304 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2310 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2311 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2316 TLS1_2_VERSION, TLS1_2_VERSION,
2317 DTLS1_2_VERSION, DTLS1_2_VERSION,
2318 SSL_NOT_DEFAULT | SSL_HIGH,
2319 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2325 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2326 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2331 TLS1_2_VERSION, TLS1_2_VERSION,
2332 DTLS1_2_VERSION, DTLS1_2_VERSION,
2333 SSL_NOT_DEFAULT | SSL_HIGH,
2334 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2338 # endif /* OPENSSL_NO_EC */
2340 # ifndef OPENSSL_NO_PSK
2343 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2344 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2349 TLS1_VERSION, TLS1_2_VERSION,
2350 DTLS1_BAD_VER, DTLS1_2_VERSION,
2351 SSL_NOT_DEFAULT | SSL_HIGH,
2352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2358 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2359 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2364 TLS1_VERSION, TLS1_2_VERSION,
2365 DTLS1_BAD_VER, DTLS1_2_VERSION,
2366 SSL_NOT_DEFAULT | SSL_HIGH,
2367 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2373 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2374 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2379 TLS1_VERSION, TLS1_2_VERSION,
2380 DTLS1_BAD_VER, DTLS1_2_VERSION,
2381 SSL_NOT_DEFAULT | SSL_HIGH,
2382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2388 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2389 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2394 TLS1_VERSION, TLS1_2_VERSION,
2395 DTLS1_BAD_VER, DTLS1_2_VERSION,
2396 SSL_NOT_DEFAULT | SSL_HIGH,
2397 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2403 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2404 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2409 TLS1_VERSION, TLS1_2_VERSION,
2410 DTLS1_BAD_VER, DTLS1_2_VERSION,
2411 SSL_NOT_DEFAULT | SSL_HIGH,
2412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2418 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2419 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2424 TLS1_VERSION, TLS1_2_VERSION,
2425 DTLS1_BAD_VER, DTLS1_2_VERSION,
2426 SSL_NOT_DEFAULT | SSL_HIGH,
2427 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2433 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2434 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2439 TLS1_VERSION, TLS1_2_VERSION,
2440 DTLS1_BAD_VER, DTLS1_2_VERSION,
2441 SSL_NOT_DEFAULT | SSL_HIGH,
2442 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2448 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2449 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2454 TLS1_VERSION, TLS1_2_VERSION,
2455 DTLS1_BAD_VER, DTLS1_2_VERSION,
2456 SSL_NOT_DEFAULT | SSL_HIGH,
2457 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2461 # endif /* OPENSSL_NO_PSK */
2463 #endif /* OPENSSL_NO_CAMELLIA */
2465 #ifndef OPENSSL_NO_GOST
2468 "GOST2001-GOST89-GOST89",
2472 SSL_eGOST2814789CNT,
2474 TLS1_VERSION, TLS1_2_VERSION,
2477 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2483 "GOST2001-NULL-GOST94",
2489 TLS1_VERSION, TLS1_2_VERSION,
2492 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2498 "GOST2012-GOST8912-GOST8912",
2501 SSL_aGOST12 | SSL_aGOST01,
2502 SSL_eGOST2814789CNT12,
2504 TLS1_VERSION, TLS1_2_VERSION,
2507 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2513 "GOST2012-NULL-GOST12",
2516 SSL_aGOST12 | SSL_aGOST01,
2519 TLS1_VERSION, TLS1_2_VERSION,
2522 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2526 #endif /* OPENSSL_NO_GOST */
2528 #ifndef OPENSSL_NO_IDEA
2531 SSL3_TXT_RSA_IDEA_128_SHA,
2532 SSL3_CK_RSA_IDEA_128_SHA,
2537 SSL3_VERSION, TLS1_1_VERSION,
2538 DTLS1_BAD_VER, DTLS1_VERSION,
2539 SSL_NOT_DEFAULT | SSL_MEDIUM,
2540 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2546 #ifndef OPENSSL_NO_SEED
2549 TLS1_TXT_RSA_WITH_SEED_SHA,
2550 TLS1_CK_RSA_WITH_SEED_SHA,
2555 SSL3_VERSION, TLS1_2_VERSION,
2556 DTLS1_BAD_VER, DTLS1_2_VERSION,
2557 SSL_NOT_DEFAULT | SSL_MEDIUM,
2558 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2564 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2565 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2570 SSL3_VERSION, TLS1_2_VERSION,
2571 DTLS1_BAD_VER, DTLS1_2_VERSION,
2572 SSL_NOT_DEFAULT | SSL_MEDIUM,
2573 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2579 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2580 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2585 SSL3_VERSION, TLS1_2_VERSION,
2586 DTLS1_BAD_VER, DTLS1_2_VERSION,
2587 SSL_NOT_DEFAULT | SSL_MEDIUM,
2588 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2594 TLS1_TXT_ADH_WITH_SEED_SHA,
2595 TLS1_CK_ADH_WITH_SEED_SHA,
2600 SSL3_VERSION, TLS1_2_VERSION,
2601 DTLS1_BAD_VER, DTLS1_2_VERSION,
2602 SSL_NOT_DEFAULT | SSL_MEDIUM,
2603 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2607 #endif /* OPENSSL_NO_SEED */
2609 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2612 SSL3_TXT_RSA_RC4_128_MD5,
2613 SSL3_CK_RSA_RC4_128_MD5,
2618 SSL3_VERSION, TLS1_2_VERSION,
2620 SSL_NOT_DEFAULT | SSL_MEDIUM,
2621 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2627 SSL3_TXT_RSA_RC4_128_SHA,
2628 SSL3_CK_RSA_RC4_128_SHA,
2633 SSL3_VERSION, TLS1_2_VERSION,
2635 SSL_NOT_DEFAULT | SSL_MEDIUM,
2636 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2642 SSL3_TXT_ADH_RC4_128_MD5,
2643 SSL3_CK_ADH_RC4_128_MD5,
2648 SSL3_VERSION, TLS1_2_VERSION,
2650 SSL_NOT_DEFAULT | SSL_MEDIUM,
2651 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2656 # ifndef OPENSSL_NO_EC
2659 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2660 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2665 TLS1_VERSION, TLS1_2_VERSION,
2667 SSL_NOT_DEFAULT | SSL_MEDIUM,
2668 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2674 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2675 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2680 TLS1_VERSION, TLS1_2_VERSION,
2682 SSL_NOT_DEFAULT | SSL_MEDIUM,
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2689 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2690 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2695 TLS1_VERSION, TLS1_2_VERSION,
2697 SSL_NOT_DEFAULT | SSL_MEDIUM,
2698 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2704 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2705 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2710 TLS1_VERSION, TLS1_2_VERSION,
2712 SSL_NOT_DEFAULT | SSL_MEDIUM,
2713 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2717 # endif /* OPENSSL_NO_EC */
2719 # ifndef OPENSSL_NO_PSK
2722 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2723 TLS1_CK_PSK_WITH_RC4_128_SHA,
2728 SSL3_VERSION, TLS1_2_VERSION,
2730 SSL_NOT_DEFAULT | SSL_MEDIUM,
2731 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2737 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2738 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2743 SSL3_VERSION, TLS1_2_VERSION,
2745 SSL_NOT_DEFAULT | SSL_MEDIUM,
2746 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2752 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2753 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2758 SSL3_VERSION, TLS1_2_VERSION,
2760 SSL_NOT_DEFAULT | SSL_MEDIUM,
2761 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2765 # endif /* OPENSSL_NO_PSK */
2767 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2772 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2773 * values stuffed into the ciphers field of the wire protocol for signalling
2776 static SSL_CIPHER ssl3_scsvs[] = {
2779 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2781 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2785 "TLS_FALLBACK_SCSV",
2786 SSL3_CK_FALLBACK_SCSV,
2787 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2791 static int cipher_compare(const void *a, const void *b)
2793 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2794 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2796 if (ap->id == bp->id)
2798 return ap->id < bp->id ? -1 : 1;
2801 void ssl_sort_cipher_list(void)
2803 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2805 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2808 const SSL3_ENC_METHOD SSLv3_enc_data = {
2811 ssl3_setup_key_block,
2812 ssl3_generate_master_secret,
2813 ssl3_change_cipher_state,
2814 ssl3_final_finish_mac,
2815 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2816 SSL3_MD_SERVER_FINISHED_CONST, 4,
2818 (int (*)(SSL *, unsigned char *, size_t, const char *,
2819 size_t, const unsigned char *, size_t,
2820 int use_context))ssl_undefined_function,
2822 ssl3_set_handshake_header,
2823 tls_close_construct_packet,
2824 ssl3_handshake_write
2827 long ssl3_default_timeout(void)
2830 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2831 * http, the cache would over fill
2833 return (60 * 60 * 2);
2836 int ssl3_num_ciphers(void)
2838 return (SSL3_NUM_CIPHERS);
2841 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2843 if (u < SSL3_NUM_CIPHERS)
2844 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2849 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2851 /* No header in the event of a CCS */
2852 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
2855 /* Set the content type and 3 bytes for the message len */
2856 if (!WPACKET_put_bytes_u8(pkt, htype)
2857 || !WPACKET_start_sub_packet_u24(pkt))
2863 int ssl3_handshake_write(SSL *s)
2865 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2868 int ssl3_new(SSL *s)
2872 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2876 #ifndef OPENSSL_NO_SRP
2877 if (!SSL_SRP_CTX_init(s))
2881 if (!s->method->ssl_clear(s))
2889 void ssl3_free(SSL *s)
2891 if (s == NULL || s->s3 == NULL)
2894 ssl3_cleanup_key_block(s);
2896 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2897 EVP_PKEY_free(s->s3->peer_tmp);
2898 s->s3->peer_tmp = NULL;
2899 EVP_PKEY_free(s->s3->tmp.pkey);
2900 s->s3->tmp.pkey = NULL;
2903 OPENSSL_free(s->s3->tmp.ctype);
2904 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2905 OPENSSL_free(s->s3->tmp.ciphers_raw);
2906 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2907 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2908 ssl3_free_digest_list(s);
2909 OPENSSL_free(s->s3->alpn_selected);
2910 OPENSSL_free(s->s3->alpn_proposed);
2912 #ifndef OPENSSL_NO_SRP
2913 SSL_SRP_CTX_free(s);
2915 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2919 int ssl3_clear(SSL *s)
2921 ssl3_cleanup_key_block(s);
2922 OPENSSL_free(s->s3->tmp.ctype);
2923 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2924 OPENSSL_free(s->s3->tmp.ciphers_raw);
2925 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2926 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2928 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2929 EVP_PKEY_free(s->s3->tmp.pkey);
2930 EVP_PKEY_free(s->s3->peer_tmp);
2931 #endif /* !OPENSSL_NO_EC */
2933 ssl3_free_digest_list(s);
2935 OPENSSL_free(s->s3->alpn_selected);
2936 OPENSSL_free(s->s3->alpn_proposed);
2938 /* NULL/zero-out everything in the s3 struct */
2939 memset(s->s3, 0, sizeof(*s->s3));
2941 if (!ssl_free_wbio_buffer(s))
2944 s->version = SSL3_VERSION;
2946 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2947 OPENSSL_free(s->ext.npn);
2955 #ifndef OPENSSL_NO_SRP
2956 static char *srp_password_from_info_cb(SSL *s, void *arg)
2958 return OPENSSL_strdup(s->srp_ctx.info);
2962 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2964 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2969 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2971 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2972 ret = s->s3->num_renegotiations;
2974 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2975 ret = s->s3->num_renegotiations;
2976 s->s3->num_renegotiations = 0;
2978 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2979 ret = s->s3->total_renegotiations;
2981 case SSL_CTRL_GET_FLAGS:
2982 ret = (int)(s->s3->flags);
2984 #ifndef OPENSSL_NO_DH
2985 case SSL_CTRL_SET_TMP_DH:
2987 DH *dh = (DH *)parg;
2988 EVP_PKEY *pkdh = NULL;
2990 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2993 pkdh = ssl_dh_to_pkey(dh);
2995 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2998 if (!ssl_security(s, SSL_SECOP_TMP_DH,
2999 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3000 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3001 EVP_PKEY_free(pkdh);
3004 EVP_PKEY_free(s->cert->dh_tmp);
3005 s->cert->dh_tmp = pkdh;
3009 case SSL_CTRL_SET_TMP_DH_CB:
3011 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3014 case SSL_CTRL_SET_DH_AUTO:
3015 s->cert->dh_tmp_auto = larg;
3018 #ifndef OPENSSL_NO_EC
3019 case SSL_CTRL_SET_TMP_ECDH:
3021 const EC_GROUP *group = NULL;
3025 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3028 group = EC_KEY_get0_group((const EC_KEY *)parg);
3029 if (group == NULL) {
3030 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3033 nid = EC_GROUP_get_curve_name(group);
3034 if (nid == NID_undef)
3036 return tls1_set_groups(&s->ext.supportedgroups,
3037 &s->ext.supportedgroups_len,
3041 #endif /* !OPENSSL_NO_EC */
3042 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3043 if (larg == TLSEXT_NAMETYPE_host_name) {
3046 OPENSSL_free(s->ext.hostname);
3047 s->ext.hostname = NULL;
3052 len = strlen((char *)parg);
3053 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3054 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3057 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3058 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3062 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3066 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3067 s->ext.debug_arg = parg;
3071 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3072 ret = s->ext.status_type;
3075 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3076 s->ext.status_type = larg;
3080 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3081 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3085 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3086 s->ext.ocsp.exts = parg;
3090 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3091 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3095 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3096 s->ext.ocsp.ids = parg;
3100 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3101 *(unsigned char **)parg = s->ext.ocsp.resp;
3102 if (s->ext.ocsp.resp_len == 0
3103 || s->ext.ocsp.resp_len > LONG_MAX)
3105 return (long)s->ext.ocsp.resp_len;
3107 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3108 OPENSSL_free(s->ext.ocsp.resp);
3109 s->ext.ocsp.resp = parg;
3110 s->ext.ocsp.resp_len = larg;
3114 #ifndef OPENSSL_NO_HEARTBEATS
3115 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3116 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3117 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3121 case SSL_CTRL_CHAIN:
3123 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3125 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3127 case SSL_CTRL_CHAIN_CERT:
3129 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3131 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3133 case SSL_CTRL_GET_CHAIN_CERTS:
3134 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3137 case SSL_CTRL_SELECT_CURRENT_CERT:
3138 return ssl_cert_select_current(s->cert, (X509 *)parg);
3140 case SSL_CTRL_SET_CURRENT_CERT:
3141 if (larg == SSL_CERT_SET_SERVER) {
3142 const SSL_CIPHER *cipher;
3145 cipher = s->s3->tmp.new_cipher;
3149 * No certificate for unauthenticated ciphersuites or using SRP
3152 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3154 if (s->s3->tmp.cert == NULL)
3156 s->cert->key = s->s3->tmp.cert;
3159 return ssl_cert_set_current(s->cert, larg);
3161 #ifndef OPENSSL_NO_EC
3162 case SSL_CTRL_GET_GROUPS:
3164 unsigned char *clist;
3169 clist = s->session->ext.supportedgroups;
3170 clistlen = s->session->ext.supportedgroups_len / 2;
3174 unsigned int cid, nid;
3175 for (i = 0; i < clistlen; i++) {
3177 /* TODO(TLS1.3): Handle DH groups here */
3178 nid = tls1_ec_curve_id2nid(cid, NULL);
3182 cptr[i] = TLSEXT_nid_unknown | cid;
3185 return (int)clistlen;
3188 case SSL_CTRL_SET_GROUPS:
3189 return tls1_set_groups(&s->ext.supportedgroups,
3190 &s->ext.supportedgroups_len, parg, larg);
3192 case SSL_CTRL_SET_GROUPS_LIST:
3193 return tls1_set_groups_list(&s->ext.supportedgroups,
3194 &s->ext.supportedgroups_len, parg);
3196 case SSL_CTRL_GET_SHARED_GROUP:
3197 return tls1_shared_group(s, larg);
3200 case SSL_CTRL_SET_SIGALGS:
3201 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3203 case SSL_CTRL_SET_SIGALGS_LIST:
3204 return tls1_set_sigalgs_list(s->cert, parg, 0);
3206 case SSL_CTRL_SET_CLIENT_SIGALGS:
3207 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3209 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3210 return tls1_set_sigalgs_list(s->cert, parg, 1);
3212 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3214 const unsigned char **pctype = parg;
3215 if (s->server || !s->s3->tmp.cert_req)
3218 *pctype = s->s3->tmp.ctype;
3219 return s->s3->tmp.ctype_len;
3222 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3225 return ssl3_set_req_cert_type(s->cert, parg, larg);
3227 case SSL_CTRL_BUILD_CERT_CHAIN:
3228 return ssl_build_cert_chain(s, NULL, larg);
3230 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3231 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3233 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3234 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3236 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3237 if (s->s3->tmp.peer_sigalg == NULL)
3239 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3242 case SSL_CTRL_GET_SERVER_TMP_KEY:
3243 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3244 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3247 EVP_PKEY_up_ref(s->s3->peer_tmp);
3248 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3254 #ifndef OPENSSL_NO_EC
3255 case SSL_CTRL_GET_EC_POINT_FORMATS:
3257 SSL_SESSION *sess = s->session;
3258 const unsigned char **pformat = parg;
3260 if (sess == NULL || sess->ext.ecpointformats == NULL)
3262 *pformat = sess->ext.ecpointformats;
3263 return (int)sess->ext.ecpointformats_len;
3273 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3278 #ifndef OPENSSL_NO_DH
3279 case SSL_CTRL_SET_TMP_DH_CB:
3281 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3285 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3286 s->ext.debug_cb = (void (*)(SSL *, int, int,
3287 const unsigned char *, int, void *))fp;
3290 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3292 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3301 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3304 #ifndef OPENSSL_NO_DH
3305 case SSL_CTRL_SET_TMP_DH:
3307 DH *dh = (DH *)parg;
3308 EVP_PKEY *pkdh = NULL;
3310 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3313 pkdh = ssl_dh_to_pkey(dh);
3315 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3318 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3319 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3320 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3321 EVP_PKEY_free(pkdh);
3324 EVP_PKEY_free(ctx->cert->dh_tmp);
3325 ctx->cert->dh_tmp = pkdh;
3328 case SSL_CTRL_SET_TMP_DH_CB:
3330 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3333 case SSL_CTRL_SET_DH_AUTO:
3334 ctx->cert->dh_tmp_auto = larg;
3337 #ifndef OPENSSL_NO_EC
3338 case SSL_CTRL_SET_TMP_ECDH:
3340 const EC_GROUP *group = NULL;
3344 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3347 group = EC_KEY_get0_group((const EC_KEY *)parg);
3348 if (group == NULL) {
3349 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3352 nid = EC_GROUP_get_curve_name(group);
3353 if (nid == NID_undef)
3355 return tls1_set_groups(&ctx->ext.supportedgroups,
3356 &ctx->ext.supportedgroups_len,
3359 #endif /* !OPENSSL_NO_EC */
3360 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3361 ctx->ext.servername_arg = parg;
3363 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3364 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3366 unsigned char *keys = parg;
3367 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3368 sizeof(ctx->ext.tick_hmac_key) +
3369 sizeof(ctx->ext.tick_aes_key));
3372 if (larg != tick_keylen) {
3373 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3376 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3377 memcpy(ctx->ext.tick_key_name, keys,
3378 sizeof(ctx->ext.tick_key_name));
3379 memcpy(ctx->ext.tick_hmac_key,
3380 keys + sizeof(ctx->ext.tick_key_name),
3381 sizeof(ctx->ext.tick_hmac_key));
3382 memcpy(ctx->ext.tick_aes_key,
3383 keys + sizeof(ctx->ext.tick_key_name) +
3384 sizeof(ctx->ext.tick_hmac_key),
3385 sizeof(ctx->ext.tick_aes_key));
3387 memcpy(keys, ctx->ext.tick_key_name,
3388 sizeof(ctx->ext.tick_key_name));
3389 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3390 ctx->ext.tick_hmac_key,
3391 sizeof(ctx->ext.tick_hmac_key));
3392 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3393 sizeof(ctx->ext.tick_hmac_key),
3394 ctx->ext.tick_aes_key,
3395 sizeof(ctx->ext.tick_aes_key));
3400 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3401 return ctx->ext.status_type;
3403 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3404 ctx->ext.status_type = larg;
3407 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3408 ctx->ext.status_arg = parg;
3411 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3412 *(void**)parg = ctx->ext.status_arg;
3415 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3416 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3419 #ifndef OPENSSL_NO_SRP
3420 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3421 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3422 OPENSSL_free(ctx->srp_ctx.login);
3423 ctx->srp_ctx.login = NULL;
3426 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3427 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3430 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3431 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3435 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3436 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3437 srp_password_from_info_cb;
3438 if (ctx->srp_ctx.info != NULL)
3439 OPENSSL_free(ctx->srp_ctx.info);
3440 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3441 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3445 case SSL_CTRL_SET_SRP_ARG:
3446 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3447 ctx->srp_ctx.SRP_cb_arg = parg;
3450 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3451 ctx->srp_ctx.strength = larg;
3455 #ifndef OPENSSL_NO_EC
3456 case SSL_CTRL_SET_GROUPS:
3457 return tls1_set_groups(&ctx->ext.supportedgroups,
3458 &ctx->ext.supportedgroups_len,
3461 case SSL_CTRL_SET_GROUPS_LIST:
3462 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3463 &ctx->ext.supportedgroups_len,
3466 case SSL_CTRL_SET_SIGALGS:
3467 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3469 case SSL_CTRL_SET_SIGALGS_LIST:
3470 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3472 case SSL_CTRL_SET_CLIENT_SIGALGS:
3473 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3475 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3476 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3478 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3479 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3481 case SSL_CTRL_BUILD_CERT_CHAIN:
3482 return ssl_build_cert_chain(NULL, ctx, larg);
3484 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3485 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3487 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3488 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3490 /* A Thawte special :-) */
3491 case SSL_CTRL_EXTRA_CHAIN_CERT:
3492 if (ctx->extra_certs == NULL) {
3493 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3494 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3498 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3499 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3504 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3505 if (ctx->extra_certs == NULL && larg == 0)
3506 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3508 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3511 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3512 sk_X509_pop_free(ctx->extra_certs, X509_free);
3513 ctx->extra_certs = NULL;
3516 case SSL_CTRL_CHAIN:
3518 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3520 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3522 case SSL_CTRL_CHAIN_CERT:
3524 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3526 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3528 case SSL_CTRL_GET_CHAIN_CERTS:
3529 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3532 case SSL_CTRL_SELECT_CURRENT_CERT:
3533 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3535 case SSL_CTRL_SET_CURRENT_CERT:
3536 return ssl_cert_set_current(ctx->cert, larg);
3544 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3547 #ifndef OPENSSL_NO_DH
3548 case SSL_CTRL_SET_TMP_DH_CB:
3550 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3554 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3555 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3558 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3559 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3562 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3563 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3566 HMAC_CTX *, int))fp;
3569 #ifndef OPENSSL_NO_SRP
3570 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3571 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3572 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3574 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3575 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3576 ctx->srp_ctx.TLS_ext_srp_username_callback =
3577 (int (*)(SSL *, int *, void *))fp;
3579 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3580 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3581 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3582 (char *(*)(SSL *, void *))fp;
3585 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3587 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3596 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3599 const SSL_CIPHER *cp;
3602 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3605 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3609 * This function needs to check if the ciphers required are actually
3612 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3614 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3615 | ((uint32_t)p[0] << 8L)
3619 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3621 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3626 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3634 * ssl3_choose_cipher - choose a cipher from those offered by the client
3635 * @s: SSL connection
3636 * @clnt: ciphers offered by the client
3637 * @srvr: ciphers enabled on the server?
3639 * Returns the selected cipher or NULL when no common ciphers.
3641 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3642 STACK_OF(SSL_CIPHER) *srvr)
3644 const SSL_CIPHER *c, *ret = NULL;
3645 STACK_OF(SSL_CIPHER) *prio, *allow;
3647 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
3649 /* Let's see which ciphers we can support */
3652 * Do not set the compare functions, because this may lead to a
3653 * reordering by "id". We want to keep the original ordering. We may pay
3654 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3655 * pay with the price of sk_SSL_CIPHER_dup().
3659 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3661 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3662 c = sk_SSL_CIPHER_value(srvr, i);
3663 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3665 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3667 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3668 c = sk_SSL_CIPHER_value(clnt, i);
3669 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3673 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3681 if (!SSL_IS_TLS13(s)) {
3682 tls1_set_cert_validity(s);
3686 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3687 c = sk_SSL_CIPHER_value(prio, i);
3689 /* Skip ciphers not supported by the protocol version */
3690 if (!SSL_IS_DTLS(s) &&
3691 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3693 if (SSL_IS_DTLS(s) &&
3694 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3695 DTLS_VERSION_GT(s->version, c->max_dtls)))
3699 * Since TLS 1.3 ciphersuites can be used with any auth or
3700 * key exchange scheme skip tests.
3702 if (!SSL_IS_TLS13(s)) {
3703 mask_k = s->s3->tmp.mask_k;
3704 mask_a = s->s3->tmp.mask_a;
3705 #ifndef OPENSSL_NO_SRP
3706 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3712 alg_k = c->algorithm_mkey;
3713 alg_a = c->algorithm_auth;
3715 #ifndef OPENSSL_NO_PSK
3716 /* with PSK there must be server callback set */
3717 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3719 #endif /* OPENSSL_NO_PSK */
3721 ok = (alg_k & mask_k) && (alg_a & mask_a);
3723 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3724 alg_a, mask_k, mask_a, (void *)c, c->name);
3727 #ifndef OPENSSL_NO_EC
3729 * if we are considering an ECC cipher suite that uses an ephemeral
3732 if (alg_k & SSL_kECDHE)
3733 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3734 #endif /* OPENSSL_NO_EC */
3739 ii = sk_SSL_CIPHER_find(allow, c);
3741 /* Check security callback permits this cipher */
3742 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3743 c->strength_bits, 0, (void *)c))
3745 #if !defined(OPENSSL_NO_EC)
3746 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3747 && s->s3->is_probably_safari) {
3749 ret = sk_SSL_CIPHER_value(allow, ii);
3753 ret = sk_SSL_CIPHER_value(allow, ii);
3760 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3762 uint32_t alg_k, alg_a = 0;
3764 /* If we have custom certificate types set, use them */
3766 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3767 /* Get mask of algorithms disabled by signature list */
3768 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3770 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3772 #ifndef OPENSSL_NO_GOST
3773 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3774 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3775 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3776 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3779 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3780 #ifndef OPENSSL_NO_DH
3781 # ifndef OPENSSL_NO_RSA
3782 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3785 # ifndef OPENSSL_NO_DSA
3786 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3789 #endif /* !OPENSSL_NO_DH */
3791 #ifndef OPENSSL_NO_RSA
3792 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
3795 #ifndef OPENSSL_NO_DSA
3796 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
3799 #ifndef OPENSSL_NO_EC
3801 * ECDSA certs can be used with RSA cipher suites too so we don't
3802 * need to check for SSL_kECDH or SSL_kECDHE
3804 if (s->version >= TLS1_VERSION
3805 && !(alg_a & SSL_aECDSA)
3806 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
3812 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3814 OPENSSL_free(c->ctype);
3817 if (p == NULL || len == 0)
3821 c->ctype = OPENSSL_memdup(p, len);
3822 if (c->ctype == NULL)
3828 int ssl3_shutdown(SSL *s)
3833 * Don't do anything much if we have not done the handshake or we don't
3834 * want to send messages :-)
3836 if (s->quiet_shutdown || SSL_in_before(s)) {
3837 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3841 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3842 s->shutdown |= SSL_SENT_SHUTDOWN;
3843 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3845 * our shutdown alert has been sent now, and if it still needs to be
3846 * written, s->s3->alert_dispatch will be true
3848 if (s->s3->alert_dispatch)
3849 return (-1); /* return WANT_WRITE */
3850 } else if (s->s3->alert_dispatch) {
3851 /* resend it if not sent */
3852 ret = s->method->ssl_dispatch_alert(s);
3855 * we only get to return -1 here the 2nd/Nth invocation, we must
3856 * have already signalled return 0 upon a previous invocation,
3861 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3864 * If we are waiting for a close from our peer, we are closed
3866 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3867 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3868 return -1; /* return WANT_READ */
3872 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3873 !s->s3->alert_dispatch)
3879 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3882 if (s->s3->renegotiate)
3883 ssl3_renegotiate_check(s, 0);
3885 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
3889 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3895 if (s->s3->renegotiate)
3896 ssl3_renegotiate_check(s, 0);
3897 s->s3->in_read_app_data = 1;
3899 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3901 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3903 * ssl3_read_bytes decided to call s->handshake_func, which called
3904 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3905 * actually found application data and thinks that application data
3906 * makes sense here; so disable handshake processing and try to read
3907 * application data again.
3909 ossl_statem_set_in_handshake(s, 1);
3911 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3912 len, peek, readbytes);
3913 ossl_statem_set_in_handshake(s, 0);
3915 s->s3->in_read_app_data = 0;
3920 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3922 return ssl3_read_internal(s, buf, len, 0, readbytes);
3925 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3927 return ssl3_read_internal(s, buf, len, 1, readbytes);
3930 int ssl3_renegotiate(SSL *s)
3932 if (s->handshake_func == NULL)
3935 s->s3->renegotiate = 1;
3940 * Check if we are waiting to do a renegotiation and if so whether now is a
3941 * good time to do it. If |initok| is true then we are being called from inside
3942 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3943 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3944 * should do a renegotiation now and sets up the state machine for it. Otherwise
3947 int ssl3_renegotiate_check(SSL *s, int initok)
3951 if (s->s3->renegotiate) {
3952 if (!RECORD_LAYER_read_pending(&s->rlayer)
3953 && !RECORD_LAYER_write_pending(&s->rlayer)
3954 && (initok || !SSL_in_init(s))) {
3956 * if we are the server, and we have sent a 'RENEGOTIATE'
3957 * message, we need to set the state machine into the renegotiate
3960 ossl_statem_set_renegotiate(s);
3961 s->s3->renegotiate = 0;
3962 s->s3->num_renegotiations++;
3963 s->s3->total_renegotiations++;
3971 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3972 * handshake macs if required.
3974 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3976 long ssl_get_algorithm2(SSL *s)
3979 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3981 alg2 = s->s3->tmp.new_cipher->algorithm2;
3982 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3983 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3984 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3985 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3986 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3987 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3993 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3994 * failure, 1 on success.
3996 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
3999 int send_time = 0, ret;
4004 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4006 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4008 unsigned long Time = (unsigned long)time(NULL);
4009 unsigned char *p = result;
4011 /* TODO(size_t): Convert this */
4012 ret = RAND_bytes(p, (int)(len - 4));
4014 ret = RAND_bytes(result, (int)len);
4016 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4018 if (!ossl_assert(sizeof(tls11downgrade) < len)
4019 || !ossl_assert(sizeof(tls12downgrade) < len))
4021 if (dgrd == DOWNGRADE_TO_1_2)
4022 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4023 sizeof(tls12downgrade));
4024 else if (dgrd == DOWNGRADE_TO_1_1)
4025 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4026 sizeof(tls11downgrade));
4032 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4035 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4038 if (alg_k & SSL_PSK) {
4039 #ifndef OPENSSL_NO_PSK
4040 unsigned char *pskpms, *t;
4041 size_t psklen = s->s3->tmp.psklen;
4044 /* create PSK premaster_secret */
4046 /* For plain PSK "other_secret" is psklen zeroes */
4047 if (alg_k & SSL_kPSK)
4050 pskpmslen = 4 + pmslen + psklen;
4051 pskpms = OPENSSL_malloc(pskpmslen);
4056 if (alg_k & SSL_kPSK)
4057 memset(t, 0, pmslen);
4059 memcpy(t, pms, pmslen);
4062 memcpy(t, s->s3->tmp.psk, psklen);
4064 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4065 s->s3->tmp.psk = NULL;
4066 if (!s->method->ssl3_enc->generate_master_secret(s,
4067 s->session->master_key,pskpms, pskpmslen,
4068 &s->session->master_key_length))
4070 OPENSSL_clear_free(pskpms, pskpmslen);
4072 /* Should never happen */
4076 if (!s->method->ssl3_enc->generate_master_secret(s,
4077 s->session->master_key, pms, pmslen,
4078 &s->session->master_key_length))
4086 OPENSSL_clear_free(pms, pmslen);
4088 OPENSSL_cleanse(pms, pmslen);
4091 s->s3->tmp.pms = NULL;
4095 /* Generate a private key from parameters */
4096 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4098 EVP_PKEY_CTX *pctx = NULL;
4099 EVP_PKEY *pkey = NULL;
4103 pctx = EVP_PKEY_CTX_new(pm, NULL);
4106 if (EVP_PKEY_keygen_init(pctx) <= 0)
4108 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4109 EVP_PKEY_free(pkey);
4114 EVP_PKEY_CTX_free(pctx);
4117 #ifndef OPENSSL_NO_EC
4118 /* Generate a private key a curve ID */
4119 EVP_PKEY *ssl_generate_pkey_curve(int id)
4121 EVP_PKEY_CTX *pctx = NULL;
4122 EVP_PKEY *pkey = NULL;
4123 unsigned int curve_flags;
4124 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4128 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4129 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4132 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4136 if (EVP_PKEY_keygen_init(pctx) <= 0)
4138 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4140 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4141 EVP_PKEY_free(pkey);
4146 EVP_PKEY_CTX_free(pctx);
4151 /* Derive secrets for ECDH/DH */
4152 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4155 unsigned char *pms = NULL;
4159 if (privkey == NULL || pubkey == NULL)
4162 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4164 if (EVP_PKEY_derive_init(pctx) <= 0
4165 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4166 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4170 pms = OPENSSL_malloc(pmslen);
4174 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4178 if (SSL_IS_TLS13(s)) {
4180 * If we are resuming then we already generated the early secret
4181 * when we created the ClientHello, so don't recreate it.
4184 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4186 (unsigned char *)&s->early_secret);
4190 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4192 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4195 /* Save premaster secret */
4196 s->s3->tmp.pms = pms;
4197 s->s3->tmp.pmslen = pmslen;
4203 OPENSSL_clear_free(pms, pmslen);
4204 EVP_PKEY_CTX_free(pctx);
4208 #ifndef OPENSSL_NO_DH
4209 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4214 ret = EVP_PKEY_new();
4215 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {