2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
24 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
25 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
26 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
28 /* TLSv1.3 downgrade protection sentinel values */
29 const unsigned char tls11downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
32 const unsigned char tls12downgrade[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36 /* The list of available TLSv1.3 ciphers */
37 static SSL_CIPHER tls13_ciphers[] = {
40 TLS1_3_RFC_AES_128_GCM_SHA256,
41 TLS1_3_RFC_AES_128_GCM_SHA256,
42 TLS1_3_CK_AES_128_GCM_SHA256,
47 TLS1_3_VERSION, TLS1_3_VERSION,
50 SSL_HANDSHAKE_MAC_SHA256,
55 TLS1_3_RFC_AES_256_GCM_SHA384,
56 TLS1_3_RFC_AES_256_GCM_SHA384,
57 TLS1_3_CK_AES_256_GCM_SHA384,
62 TLS1_3_VERSION, TLS1_3_VERSION,
65 SSL_HANDSHAKE_MAC_SHA384,
69 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
79 TLS1_3_VERSION, TLS1_3_VERSION,
82 SSL_HANDSHAKE_MAC_SHA256,
89 TLS1_3_RFC_AES_128_CCM_SHA256,
90 TLS1_3_RFC_AES_128_CCM_SHA256,
91 TLS1_3_CK_AES_128_CCM_SHA256,
96 TLS1_3_VERSION, TLS1_3_VERSION,
98 SSL_NOT_DEFAULT | SSL_HIGH,
99 SSL_HANDSHAKE_MAC_SHA256,
104 TLS1_3_RFC_AES_128_CCM_8_SHA256,
105 TLS1_3_RFC_AES_128_CCM_8_SHA256,
106 TLS1_3_CK_AES_128_CCM_8_SHA256,
111 TLS1_3_VERSION, TLS1_3_VERSION,
113 SSL_NOT_DEFAULT | SSL_HIGH,
114 SSL_HANDSHAKE_MAC_SHA256,
121 * The list of available ciphers, mostly organized into the following
126 * SRP (within that: RSA EC PSK)
127 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
130 static SSL_CIPHER ssl3_ciphers[] = {
133 SSL3_TXT_RSA_NULL_MD5,
134 SSL3_RFC_RSA_NULL_MD5,
135 SSL3_CK_RSA_NULL_MD5,
140 SSL3_VERSION, TLS1_2_VERSION,
141 DTLS1_BAD_VER, DTLS1_2_VERSION,
143 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
149 SSL3_TXT_RSA_NULL_SHA,
150 SSL3_RFC_RSA_NULL_SHA,
151 SSL3_CK_RSA_NULL_SHA,
156 SSL3_VERSION, TLS1_2_VERSION,
157 DTLS1_BAD_VER, DTLS1_2_VERSION,
158 SSL_STRONG_NONE | SSL_FIPS,
159 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
163 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
166 SSL3_TXT_RSA_DES_192_CBC3_SHA,
167 SSL3_RFC_RSA_DES_192_CBC3_SHA,
168 SSL3_CK_RSA_DES_192_CBC3_SHA,
173 SSL3_VERSION, TLS1_2_VERSION,
174 DTLS1_BAD_VER, DTLS1_2_VERSION,
175 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
182 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
183 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
184 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
189 SSL3_VERSION, TLS1_2_VERSION,
190 DTLS1_BAD_VER, DTLS1_2_VERSION,
191 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
192 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
198 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
199 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
200 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
205 SSL3_VERSION, TLS1_2_VERSION,
206 DTLS1_BAD_VER, DTLS1_2_VERSION,
207 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
208 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
214 SSL3_TXT_ADH_DES_192_CBC_SHA,
215 SSL3_RFC_ADH_DES_192_CBC_SHA,
216 SSL3_CK_ADH_DES_192_CBC_SHA,
221 SSL3_VERSION, TLS1_2_VERSION,
222 DTLS1_BAD_VER, DTLS1_2_VERSION,
223 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
224 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
231 TLS1_TXT_RSA_WITH_AES_128_SHA,
232 TLS1_RFC_RSA_WITH_AES_128_SHA,
233 TLS1_CK_RSA_WITH_AES_128_SHA,
238 SSL3_VERSION, TLS1_2_VERSION,
239 DTLS1_BAD_VER, DTLS1_2_VERSION,
241 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
247 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
248 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
249 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
254 SSL3_VERSION, TLS1_2_VERSION,
255 DTLS1_BAD_VER, DTLS1_2_VERSION,
256 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
263 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
264 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
265 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
270 SSL3_VERSION, TLS1_2_VERSION,
271 DTLS1_BAD_VER, DTLS1_2_VERSION,
273 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
279 TLS1_TXT_ADH_WITH_AES_128_SHA,
280 TLS1_RFC_ADH_WITH_AES_128_SHA,
281 TLS1_CK_ADH_WITH_AES_128_SHA,
286 SSL3_VERSION, TLS1_2_VERSION,
287 DTLS1_BAD_VER, DTLS1_2_VERSION,
288 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
289 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
295 TLS1_TXT_RSA_WITH_AES_256_SHA,
296 TLS1_RFC_RSA_WITH_AES_256_SHA,
297 TLS1_CK_RSA_WITH_AES_256_SHA,
302 SSL3_VERSION, TLS1_2_VERSION,
303 DTLS1_BAD_VER, DTLS1_2_VERSION,
305 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
311 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
312 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
313 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
318 SSL3_VERSION, TLS1_2_VERSION,
319 DTLS1_BAD_VER, DTLS1_2_VERSION,
320 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
321 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
327 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
328 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
329 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
334 SSL3_VERSION, TLS1_2_VERSION,
335 DTLS1_BAD_VER, DTLS1_2_VERSION,
337 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
343 TLS1_TXT_ADH_WITH_AES_256_SHA,
344 TLS1_RFC_ADH_WITH_AES_256_SHA,
345 TLS1_CK_ADH_WITH_AES_256_SHA,
350 SSL3_VERSION, TLS1_2_VERSION,
351 DTLS1_BAD_VER, DTLS1_2_VERSION,
352 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
359 TLS1_TXT_RSA_WITH_NULL_SHA256,
360 TLS1_RFC_RSA_WITH_NULL_SHA256,
361 TLS1_CK_RSA_WITH_NULL_SHA256,
366 TLS1_2_VERSION, TLS1_2_VERSION,
367 DTLS1_2_VERSION, DTLS1_2_VERSION,
368 SSL_STRONG_NONE | SSL_FIPS,
369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
375 TLS1_TXT_RSA_WITH_AES_128_SHA256,
376 TLS1_RFC_RSA_WITH_AES_128_SHA256,
377 TLS1_CK_RSA_WITH_AES_128_SHA256,
382 TLS1_2_VERSION, TLS1_2_VERSION,
383 DTLS1_2_VERSION, DTLS1_2_VERSION,
385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
391 TLS1_TXT_RSA_WITH_AES_256_SHA256,
392 TLS1_RFC_RSA_WITH_AES_256_SHA256,
393 TLS1_CK_RSA_WITH_AES_256_SHA256,
398 TLS1_2_VERSION, TLS1_2_VERSION,
399 DTLS1_2_VERSION, DTLS1_2_VERSION,
401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
407 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
408 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
409 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
414 TLS1_2_VERSION, TLS1_2_VERSION,
415 DTLS1_2_VERSION, DTLS1_2_VERSION,
416 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
424 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
425 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
430 TLS1_2_VERSION, TLS1_2_VERSION,
431 DTLS1_2_VERSION, DTLS1_2_VERSION,
433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
439 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
440 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
446 TLS1_2_VERSION, TLS1_2_VERSION,
447 DTLS1_2_VERSION, DTLS1_2_VERSION,
448 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
449 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
455 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
456 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
462 TLS1_2_VERSION, TLS1_2_VERSION,
463 DTLS1_2_VERSION, DTLS1_2_VERSION,
465 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
471 TLS1_TXT_ADH_WITH_AES_128_SHA256,
472 TLS1_RFC_ADH_WITH_AES_128_SHA256,
473 TLS1_CK_ADH_WITH_AES_128_SHA256,
478 TLS1_2_VERSION, TLS1_2_VERSION,
479 DTLS1_2_VERSION, DTLS1_2_VERSION,
480 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
481 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
487 TLS1_TXT_ADH_WITH_AES_256_SHA256,
488 TLS1_RFC_ADH_WITH_AES_256_SHA256,
489 TLS1_CK_ADH_WITH_AES_256_SHA256,
494 TLS1_2_VERSION, TLS1_2_VERSION,
495 DTLS1_2_VERSION, DTLS1_2_VERSION,
496 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
497 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
503 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
504 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
505 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
510 TLS1_2_VERSION, TLS1_2_VERSION,
511 DTLS1_2_VERSION, DTLS1_2_VERSION,
513 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
519 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
520 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
521 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
526 TLS1_2_VERSION, TLS1_2_VERSION,
527 DTLS1_2_VERSION, DTLS1_2_VERSION,
529 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
535 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
536 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
537 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
542 TLS1_2_VERSION, TLS1_2_VERSION,
543 DTLS1_2_VERSION, DTLS1_2_VERSION,
545 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
551 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
552 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
553 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
558 TLS1_2_VERSION, TLS1_2_VERSION,
559 DTLS1_2_VERSION, DTLS1_2_VERSION,
561 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
567 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
568 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
569 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
574 TLS1_2_VERSION, TLS1_2_VERSION,
575 DTLS1_2_VERSION, DTLS1_2_VERSION,
576 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
577 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
583 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
584 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
585 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
590 TLS1_2_VERSION, TLS1_2_VERSION,
591 DTLS1_2_VERSION, DTLS1_2_VERSION,
592 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
593 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
599 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
600 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
601 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
606 TLS1_2_VERSION, TLS1_2_VERSION,
607 DTLS1_2_VERSION, DTLS1_2_VERSION,
608 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
609 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
615 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
616 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
617 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
622 TLS1_2_VERSION, TLS1_2_VERSION,
623 DTLS1_2_VERSION, DTLS1_2_VERSION,
624 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
625 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
631 TLS1_TXT_RSA_WITH_AES_128_CCM,
632 TLS1_RFC_RSA_WITH_AES_128_CCM,
633 TLS1_CK_RSA_WITH_AES_128_CCM,
638 TLS1_2_VERSION, TLS1_2_VERSION,
639 DTLS1_2_VERSION, DTLS1_2_VERSION,
640 SSL_NOT_DEFAULT | SSL_HIGH,
641 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
647 TLS1_TXT_RSA_WITH_AES_256_CCM,
648 TLS1_RFC_RSA_WITH_AES_256_CCM,
649 TLS1_CK_RSA_WITH_AES_256_CCM,
654 TLS1_2_VERSION, TLS1_2_VERSION,
655 DTLS1_2_VERSION, DTLS1_2_VERSION,
656 SSL_NOT_DEFAULT | SSL_HIGH,
657 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
663 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
664 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
665 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
670 TLS1_2_VERSION, TLS1_2_VERSION,
671 DTLS1_2_VERSION, DTLS1_2_VERSION,
672 SSL_NOT_DEFAULT | SSL_HIGH,
673 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
679 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
680 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
681 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
686 TLS1_2_VERSION, TLS1_2_VERSION,
687 DTLS1_2_VERSION, DTLS1_2_VERSION,
688 SSL_NOT_DEFAULT | SSL_HIGH,
689 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
695 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
696 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
697 TLS1_CK_RSA_WITH_AES_128_CCM_8,
702 TLS1_2_VERSION, TLS1_2_VERSION,
703 DTLS1_2_VERSION, DTLS1_2_VERSION,
704 SSL_NOT_DEFAULT | SSL_HIGH,
705 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
711 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
712 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
713 TLS1_CK_RSA_WITH_AES_256_CCM_8,
718 TLS1_2_VERSION, TLS1_2_VERSION,
719 DTLS1_2_VERSION, DTLS1_2_VERSION,
720 SSL_NOT_DEFAULT | SSL_HIGH,
721 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
727 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
728 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
729 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
734 TLS1_2_VERSION, TLS1_2_VERSION,
735 DTLS1_2_VERSION, DTLS1_2_VERSION,
736 SSL_NOT_DEFAULT | SSL_HIGH,
737 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
744 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
745 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
750 TLS1_2_VERSION, TLS1_2_VERSION,
751 DTLS1_2_VERSION, DTLS1_2_VERSION,
752 SSL_NOT_DEFAULT | SSL_HIGH,
753 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
759 TLS1_TXT_PSK_WITH_AES_128_CCM,
760 TLS1_RFC_PSK_WITH_AES_128_CCM,
761 TLS1_CK_PSK_WITH_AES_128_CCM,
766 TLS1_2_VERSION, TLS1_2_VERSION,
767 DTLS1_2_VERSION, DTLS1_2_VERSION,
768 SSL_NOT_DEFAULT | SSL_HIGH,
769 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
775 TLS1_TXT_PSK_WITH_AES_256_CCM,
776 TLS1_RFC_PSK_WITH_AES_256_CCM,
777 TLS1_CK_PSK_WITH_AES_256_CCM,
782 TLS1_2_VERSION, TLS1_2_VERSION,
783 DTLS1_2_VERSION, DTLS1_2_VERSION,
784 SSL_NOT_DEFAULT | SSL_HIGH,
785 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
791 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
792 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
793 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
798 TLS1_2_VERSION, TLS1_2_VERSION,
799 DTLS1_2_VERSION, DTLS1_2_VERSION,
800 SSL_NOT_DEFAULT | SSL_HIGH,
801 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
807 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
808 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
809 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
814 TLS1_2_VERSION, TLS1_2_VERSION,
815 DTLS1_2_VERSION, DTLS1_2_VERSION,
816 SSL_NOT_DEFAULT | SSL_HIGH,
817 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
823 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
824 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
825 TLS1_CK_PSK_WITH_AES_128_CCM_8,
830 TLS1_2_VERSION, TLS1_2_VERSION,
831 DTLS1_2_VERSION, DTLS1_2_VERSION,
832 SSL_NOT_DEFAULT | SSL_HIGH,
833 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
839 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
840 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
841 TLS1_CK_PSK_WITH_AES_256_CCM_8,
846 TLS1_2_VERSION, TLS1_2_VERSION,
847 DTLS1_2_VERSION, DTLS1_2_VERSION,
848 SSL_NOT_DEFAULT | SSL_HIGH,
849 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
855 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
856 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
857 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
862 TLS1_2_VERSION, TLS1_2_VERSION,
863 DTLS1_2_VERSION, DTLS1_2_VERSION,
864 SSL_NOT_DEFAULT | SSL_HIGH,
865 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
871 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
872 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
873 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
878 TLS1_2_VERSION, TLS1_2_VERSION,
879 DTLS1_2_VERSION, DTLS1_2_VERSION,
880 SSL_NOT_DEFAULT | SSL_HIGH,
881 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
887 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
888 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
889 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
894 TLS1_2_VERSION, TLS1_2_VERSION,
895 DTLS1_2_VERSION, DTLS1_2_VERSION,
896 SSL_NOT_DEFAULT | SSL_HIGH,
897 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
903 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
904 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
905 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
910 TLS1_2_VERSION, TLS1_2_VERSION,
911 DTLS1_2_VERSION, DTLS1_2_VERSION,
912 SSL_NOT_DEFAULT | SSL_HIGH,
913 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
919 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
920 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
921 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
926 TLS1_2_VERSION, TLS1_2_VERSION,
927 DTLS1_2_VERSION, DTLS1_2_VERSION,
928 SSL_NOT_DEFAULT | SSL_HIGH,
929 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
935 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
936 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
937 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
942 TLS1_2_VERSION, TLS1_2_VERSION,
943 DTLS1_2_VERSION, DTLS1_2_VERSION,
944 SSL_NOT_DEFAULT | SSL_HIGH,
945 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
951 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
952 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
953 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
958 TLS1_VERSION, TLS1_2_VERSION,
959 DTLS1_BAD_VER, DTLS1_2_VERSION,
960 SSL_STRONG_NONE | SSL_FIPS,
961 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
965 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
968 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
970 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
975 TLS1_VERSION, TLS1_2_VERSION,
976 DTLS1_BAD_VER, DTLS1_2_VERSION,
977 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
978 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
985 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
987 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
992 TLS1_VERSION, TLS1_2_VERSION,
993 DTLS1_BAD_VER, DTLS1_2_VERSION,
995 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1001 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1003 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1008 TLS1_VERSION, TLS1_2_VERSION,
1009 DTLS1_BAD_VER, DTLS1_2_VERSION,
1010 SSL_HIGH | SSL_FIPS,
1011 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1017 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1018 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1019 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1024 TLS1_VERSION, TLS1_2_VERSION,
1025 DTLS1_BAD_VER, DTLS1_2_VERSION,
1026 SSL_STRONG_NONE | SSL_FIPS,
1027 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1031 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1034 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1036 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1041 TLS1_VERSION, TLS1_2_VERSION,
1042 DTLS1_BAD_VER, DTLS1_2_VERSION,
1043 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1044 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1051 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1053 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1058 TLS1_VERSION, TLS1_2_VERSION,
1059 DTLS1_BAD_VER, DTLS1_2_VERSION,
1060 SSL_HIGH | SSL_FIPS,
1061 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1067 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1069 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1074 TLS1_VERSION, TLS1_2_VERSION,
1075 DTLS1_BAD_VER, DTLS1_2_VERSION,
1076 SSL_HIGH | SSL_FIPS,
1077 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1083 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1084 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1085 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1090 TLS1_VERSION, TLS1_2_VERSION,
1091 DTLS1_BAD_VER, DTLS1_2_VERSION,
1092 SSL_STRONG_NONE | SSL_FIPS,
1093 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1097 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1100 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1102 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1107 TLS1_VERSION, TLS1_2_VERSION,
1108 DTLS1_BAD_VER, DTLS1_2_VERSION,
1109 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1110 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1117 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1119 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1124 TLS1_VERSION, TLS1_2_VERSION,
1125 DTLS1_BAD_VER, DTLS1_2_VERSION,
1126 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1133 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1135 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1140 TLS1_VERSION, TLS1_2_VERSION,
1141 DTLS1_BAD_VER, DTLS1_2_VERSION,
1142 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1143 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1149 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1151 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1156 TLS1_2_VERSION, TLS1_2_VERSION,
1157 DTLS1_2_VERSION, DTLS1_2_VERSION,
1158 SSL_HIGH | SSL_FIPS,
1159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1165 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1167 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1172 TLS1_2_VERSION, TLS1_2_VERSION,
1173 DTLS1_2_VERSION, DTLS1_2_VERSION,
1174 SSL_HIGH | SSL_FIPS,
1175 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1181 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1182 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1183 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1188 TLS1_2_VERSION, TLS1_2_VERSION,
1189 DTLS1_2_VERSION, DTLS1_2_VERSION,
1190 SSL_HIGH | SSL_FIPS,
1191 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1197 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1198 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1199 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1204 TLS1_2_VERSION, TLS1_2_VERSION,
1205 DTLS1_2_VERSION, DTLS1_2_VERSION,
1206 SSL_HIGH | SSL_FIPS,
1207 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1213 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1215 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1220 TLS1_2_VERSION, TLS1_2_VERSION,
1221 DTLS1_2_VERSION, DTLS1_2_VERSION,
1222 SSL_HIGH | SSL_FIPS,
1223 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1229 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1231 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1236 TLS1_2_VERSION, TLS1_2_VERSION,
1237 DTLS1_2_VERSION, DTLS1_2_VERSION,
1238 SSL_HIGH | SSL_FIPS,
1239 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1245 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1247 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1252 TLS1_2_VERSION, TLS1_2_VERSION,
1253 DTLS1_2_VERSION, DTLS1_2_VERSION,
1254 SSL_HIGH | SSL_FIPS,
1255 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1261 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1263 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1268 TLS1_2_VERSION, TLS1_2_VERSION,
1269 DTLS1_2_VERSION, DTLS1_2_VERSION,
1270 SSL_HIGH | SSL_FIPS,
1271 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1277 TLS1_TXT_PSK_WITH_NULL_SHA,
1278 TLS1_RFC_PSK_WITH_NULL_SHA,
1279 TLS1_CK_PSK_WITH_NULL_SHA,
1284 SSL3_VERSION, TLS1_2_VERSION,
1285 DTLS1_BAD_VER, DTLS1_2_VERSION,
1286 SSL_STRONG_NONE | SSL_FIPS,
1287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1293 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1294 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1295 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1300 SSL3_VERSION, TLS1_2_VERSION,
1301 DTLS1_BAD_VER, DTLS1_2_VERSION,
1302 SSL_STRONG_NONE | SSL_FIPS,
1303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1309 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1310 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1311 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1316 SSL3_VERSION, TLS1_2_VERSION,
1317 DTLS1_BAD_VER, DTLS1_2_VERSION,
1318 SSL_STRONG_NONE | SSL_FIPS,
1319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1323 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1326 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1327 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1328 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1333 SSL3_VERSION, TLS1_2_VERSION,
1334 DTLS1_BAD_VER, DTLS1_2_VERSION,
1335 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1343 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1344 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1345 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1350 SSL3_VERSION, TLS1_2_VERSION,
1351 DTLS1_BAD_VER, DTLS1_2_VERSION,
1352 SSL_HIGH | SSL_FIPS,
1353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1359 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1360 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1361 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1366 SSL3_VERSION, TLS1_2_VERSION,
1367 DTLS1_BAD_VER, DTLS1_2_VERSION,
1368 SSL_HIGH | SSL_FIPS,
1369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1373 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1376 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1378 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1383 SSL3_VERSION, TLS1_2_VERSION,
1384 DTLS1_BAD_VER, DTLS1_2_VERSION,
1385 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1393 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1395 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1400 SSL3_VERSION, TLS1_2_VERSION,
1401 DTLS1_BAD_VER, DTLS1_2_VERSION,
1402 SSL_HIGH | SSL_FIPS,
1403 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1409 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1411 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1416 SSL3_VERSION, TLS1_2_VERSION,
1417 DTLS1_BAD_VER, DTLS1_2_VERSION,
1418 SSL_HIGH | SSL_FIPS,
1419 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1426 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1428 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1433 SSL3_VERSION, TLS1_2_VERSION,
1434 DTLS1_BAD_VER, DTLS1_2_VERSION,
1435 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1443 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1445 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1450 SSL3_VERSION, TLS1_2_VERSION,
1451 DTLS1_BAD_VER, DTLS1_2_VERSION,
1452 SSL_HIGH | SSL_FIPS,
1453 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1459 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1461 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1466 SSL3_VERSION, TLS1_2_VERSION,
1467 DTLS1_BAD_VER, DTLS1_2_VERSION,
1468 SSL_HIGH | SSL_FIPS,
1469 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1475 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1477 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1482 TLS1_2_VERSION, TLS1_2_VERSION,
1483 DTLS1_2_VERSION, DTLS1_2_VERSION,
1484 SSL_HIGH | SSL_FIPS,
1485 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1491 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1493 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1498 TLS1_2_VERSION, TLS1_2_VERSION,
1499 DTLS1_2_VERSION, DTLS1_2_VERSION,
1500 SSL_HIGH | SSL_FIPS,
1501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1507 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1509 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1514 TLS1_2_VERSION, TLS1_2_VERSION,
1515 DTLS1_2_VERSION, DTLS1_2_VERSION,
1516 SSL_HIGH | SSL_FIPS,
1517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1523 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1525 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1530 TLS1_2_VERSION, TLS1_2_VERSION,
1531 DTLS1_2_VERSION, DTLS1_2_VERSION,
1532 SSL_HIGH | SSL_FIPS,
1533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1539 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1541 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1546 TLS1_2_VERSION, TLS1_2_VERSION,
1547 DTLS1_2_VERSION, DTLS1_2_VERSION,
1548 SSL_HIGH | SSL_FIPS,
1549 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1555 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1557 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1562 TLS1_2_VERSION, TLS1_2_VERSION,
1563 DTLS1_2_VERSION, DTLS1_2_VERSION,
1564 SSL_HIGH | SSL_FIPS,
1565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1571 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1573 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1578 TLS1_VERSION, TLS1_2_VERSION,
1579 DTLS1_BAD_VER, DTLS1_2_VERSION,
1580 SSL_HIGH | SSL_FIPS,
1581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1587 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1589 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1594 TLS1_VERSION, TLS1_2_VERSION,
1595 DTLS1_BAD_VER, DTLS1_2_VERSION,
1596 SSL_HIGH | SSL_FIPS,
1597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1603 TLS1_TXT_PSK_WITH_NULL_SHA256,
1604 TLS1_RFC_PSK_WITH_NULL_SHA256,
1605 TLS1_CK_PSK_WITH_NULL_SHA256,
1610 TLS1_VERSION, TLS1_2_VERSION,
1611 DTLS1_BAD_VER, DTLS1_2_VERSION,
1612 SSL_STRONG_NONE | SSL_FIPS,
1613 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1619 TLS1_TXT_PSK_WITH_NULL_SHA384,
1620 TLS1_RFC_PSK_WITH_NULL_SHA384,
1621 TLS1_CK_PSK_WITH_NULL_SHA384,
1626 TLS1_VERSION, TLS1_2_VERSION,
1627 DTLS1_BAD_VER, DTLS1_2_VERSION,
1628 SSL_STRONG_NONE | SSL_FIPS,
1629 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1635 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1637 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1642 TLS1_VERSION, TLS1_2_VERSION,
1643 DTLS1_BAD_VER, DTLS1_2_VERSION,
1644 SSL_HIGH | SSL_FIPS,
1645 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1651 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1653 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1658 TLS1_VERSION, TLS1_2_VERSION,
1659 DTLS1_BAD_VER, DTLS1_2_VERSION,
1660 SSL_HIGH | SSL_FIPS,
1661 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1667 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1669 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1674 TLS1_VERSION, TLS1_2_VERSION,
1675 DTLS1_BAD_VER, DTLS1_2_VERSION,
1676 SSL_STRONG_NONE | SSL_FIPS,
1677 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1683 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1685 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1690 TLS1_VERSION, TLS1_2_VERSION,
1691 DTLS1_BAD_VER, DTLS1_2_VERSION,
1692 SSL_STRONG_NONE | SSL_FIPS,
1693 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1699 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1701 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1706 TLS1_VERSION, TLS1_2_VERSION,
1707 DTLS1_BAD_VER, DTLS1_2_VERSION,
1708 SSL_HIGH | SSL_FIPS,
1709 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1715 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1717 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1722 TLS1_VERSION, TLS1_2_VERSION,
1723 DTLS1_BAD_VER, DTLS1_2_VERSION,
1724 SSL_HIGH | SSL_FIPS,
1725 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1731 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1733 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1738 TLS1_VERSION, TLS1_2_VERSION,
1739 DTLS1_BAD_VER, DTLS1_2_VERSION,
1740 SSL_STRONG_NONE | SSL_FIPS,
1741 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1747 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1749 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1754 TLS1_VERSION, TLS1_2_VERSION,
1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
1756 SSL_STRONG_NONE | SSL_FIPS,
1757 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1761 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1764 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1771 TLS1_VERSION, TLS1_2_VERSION,
1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
1773 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1781 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1788 TLS1_VERSION, TLS1_2_VERSION,
1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
1790 SSL_HIGH | SSL_FIPS,
1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1797 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1804 TLS1_VERSION, TLS1_2_VERSION,
1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
1806 SSL_HIGH | SSL_FIPS,
1807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1813 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1820 TLS1_VERSION, TLS1_2_VERSION,
1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
1822 SSL_HIGH | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1829 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1836 TLS1_VERSION, TLS1_2_VERSION,
1837 DTLS1_BAD_VER, DTLS1_2_VERSION,
1838 SSL_HIGH | SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1845 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1852 TLS1_VERSION, TLS1_2_VERSION,
1853 DTLS1_BAD_VER, DTLS1_2_VERSION,
1854 SSL_STRONG_NONE | SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1861 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1868 TLS1_VERSION, TLS1_2_VERSION,
1869 DTLS1_BAD_VER, DTLS1_2_VERSION,
1870 SSL_STRONG_NONE | SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1877 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1884 TLS1_VERSION, TLS1_2_VERSION,
1885 DTLS1_BAD_VER, DTLS1_2_VERSION,
1886 SSL_STRONG_NONE | SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1892 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1895 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1897 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1902 SSL3_VERSION, TLS1_2_VERSION,
1903 DTLS1_BAD_VER, DTLS1_2_VERSION,
1904 SSL_NOT_DEFAULT | SSL_MEDIUM,
1905 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1911 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1913 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1918 SSL3_VERSION, TLS1_2_VERSION,
1919 DTLS1_BAD_VER, DTLS1_2_VERSION,
1920 SSL_NOT_DEFAULT | SSL_MEDIUM,
1921 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1927 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1929 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1934 SSL3_VERSION, TLS1_2_VERSION,
1935 DTLS1_BAD_VER, DTLS1_2_VERSION,
1936 SSL_NOT_DEFAULT | SSL_MEDIUM,
1937 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1944 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1945 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1946 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1951 SSL3_VERSION, TLS1_2_VERSION,
1952 DTLS1_BAD_VER, DTLS1_2_VERSION,
1954 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1960 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1962 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1967 SSL3_VERSION, TLS1_2_VERSION,
1968 DTLS1_BAD_VER, DTLS1_2_VERSION,
1970 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1976 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1978 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1983 SSL3_VERSION, TLS1_2_VERSION,
1984 DTLS1_BAD_VER, DTLS1_2_VERSION,
1985 SSL_NOT_DEFAULT | SSL_HIGH,
1986 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1992 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1993 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1994 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1999 SSL3_VERSION, TLS1_2_VERSION,
2000 DTLS1_BAD_VER, DTLS1_2_VERSION,
2002 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2008 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2010 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2015 SSL3_VERSION, TLS1_2_VERSION,
2016 DTLS1_BAD_VER, DTLS1_2_VERSION,
2018 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2024 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2026 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2031 SSL3_VERSION, TLS1_2_VERSION,
2032 DTLS1_BAD_VER, DTLS1_2_VERSION,
2033 SSL_NOT_DEFAULT | SSL_HIGH,
2034 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2042 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2043 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2044 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2047 SSL_CHACHA20POLY1305,
2049 TLS1_2_VERSION, TLS1_2_VERSION,
2050 DTLS1_2_VERSION, DTLS1_2_VERSION,
2052 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2058 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2059 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2060 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2063 SSL_CHACHA20POLY1305,
2065 TLS1_2_VERSION, TLS1_2_VERSION,
2066 DTLS1_2_VERSION, DTLS1_2_VERSION,
2068 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2074 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2075 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2076 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2079 SSL_CHACHA20POLY1305,
2081 TLS1_2_VERSION, TLS1_2_VERSION,
2082 DTLS1_2_VERSION, DTLS1_2_VERSION,
2084 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2090 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2091 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2092 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2095 SSL_CHACHA20POLY1305,
2097 TLS1_2_VERSION, TLS1_2_VERSION,
2098 DTLS1_2_VERSION, DTLS1_2_VERSION,
2100 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2106 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2107 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2108 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2111 SSL_CHACHA20POLY1305,
2113 TLS1_2_VERSION, TLS1_2_VERSION,
2114 DTLS1_2_VERSION, DTLS1_2_VERSION,
2116 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2122 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2123 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2124 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2127 SSL_CHACHA20POLY1305,
2129 TLS1_2_VERSION, TLS1_2_VERSION,
2130 DTLS1_2_VERSION, DTLS1_2_VERSION,
2132 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2138 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2139 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2140 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2143 SSL_CHACHA20POLY1305,
2145 TLS1_2_VERSION, TLS1_2_VERSION,
2146 DTLS1_2_VERSION, DTLS1_2_VERSION,
2148 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2153 * !defined(OPENSSL_NO_POLY1305) */
2155 #ifndef OPENSSL_NO_CAMELLIA
2158 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2159 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2160 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2165 TLS1_2_VERSION, TLS1_2_VERSION,
2166 DTLS1_2_VERSION, DTLS1_2_VERSION,
2167 SSL_NOT_DEFAULT | SSL_HIGH,
2168 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2174 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2175 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2176 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2181 TLS1_2_VERSION, TLS1_2_VERSION,
2182 DTLS1_2_VERSION, DTLS1_2_VERSION,
2183 SSL_NOT_DEFAULT | SSL_HIGH,
2184 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2190 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2191 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2192 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2197 TLS1_2_VERSION, TLS1_2_VERSION,
2198 DTLS1_2_VERSION, DTLS1_2_VERSION,
2199 SSL_NOT_DEFAULT | SSL_HIGH,
2200 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2206 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2208 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2213 TLS1_2_VERSION, TLS1_2_VERSION,
2214 DTLS1_2_VERSION, DTLS1_2_VERSION,
2215 SSL_NOT_DEFAULT | SSL_HIGH,
2216 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2222 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2223 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2224 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2229 TLS1_2_VERSION, TLS1_2_VERSION,
2230 DTLS1_2_VERSION, DTLS1_2_VERSION,
2231 SSL_NOT_DEFAULT | SSL_HIGH,
2232 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2238 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2239 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2240 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2245 TLS1_2_VERSION, TLS1_2_VERSION,
2246 DTLS1_2_VERSION, DTLS1_2_VERSION,
2247 SSL_NOT_DEFAULT | SSL_HIGH,
2248 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2254 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2255 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2256 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2261 TLS1_2_VERSION, TLS1_2_VERSION,
2262 DTLS1_2_VERSION, DTLS1_2_VERSION,
2263 SSL_NOT_DEFAULT | SSL_HIGH,
2264 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2270 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2272 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2277 TLS1_2_VERSION, TLS1_2_VERSION,
2278 DTLS1_2_VERSION, DTLS1_2_VERSION,
2279 SSL_NOT_DEFAULT | SSL_HIGH,
2280 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2286 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2287 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2288 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2293 SSL3_VERSION, TLS1_2_VERSION,
2294 DTLS1_BAD_VER, DTLS1_2_VERSION,
2295 SSL_NOT_DEFAULT | SSL_HIGH,
2296 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2302 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2303 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2304 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2309 SSL3_VERSION, TLS1_2_VERSION,
2310 DTLS1_BAD_VER, DTLS1_2_VERSION,
2311 SSL_NOT_DEFAULT | SSL_HIGH,
2312 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2318 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2319 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2320 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2325 SSL3_VERSION, TLS1_2_VERSION,
2326 DTLS1_BAD_VER, DTLS1_2_VERSION,
2327 SSL_NOT_DEFAULT | SSL_HIGH,
2328 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2334 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2335 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2336 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2341 SSL3_VERSION, TLS1_2_VERSION,
2342 DTLS1_BAD_VER, DTLS1_2_VERSION,
2343 SSL_NOT_DEFAULT | SSL_HIGH,
2344 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2350 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2351 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2352 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2357 SSL3_VERSION, TLS1_2_VERSION,
2358 DTLS1_BAD_VER, DTLS1_2_VERSION,
2359 SSL_NOT_DEFAULT | SSL_HIGH,
2360 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2366 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2367 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2368 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2373 SSL3_VERSION, TLS1_2_VERSION,
2374 DTLS1_BAD_VER, DTLS1_2_VERSION,
2375 SSL_NOT_DEFAULT | SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2382 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2383 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2384 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2389 SSL3_VERSION, TLS1_2_VERSION,
2390 DTLS1_BAD_VER, DTLS1_2_VERSION,
2391 SSL_NOT_DEFAULT | SSL_HIGH,
2392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2398 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2399 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2400 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2405 SSL3_VERSION, TLS1_2_VERSION,
2406 DTLS1_BAD_VER, DTLS1_2_VERSION,
2407 SSL_NOT_DEFAULT | SSL_HIGH,
2408 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2414 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2415 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2416 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2421 TLS1_2_VERSION, TLS1_2_VERSION,
2422 DTLS1_2_VERSION, DTLS1_2_VERSION,
2423 SSL_NOT_DEFAULT | SSL_HIGH,
2424 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2430 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2431 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2432 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2437 TLS1_2_VERSION, TLS1_2_VERSION,
2438 DTLS1_2_VERSION, DTLS1_2_VERSION,
2439 SSL_NOT_DEFAULT | SSL_HIGH,
2440 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2446 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2447 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2448 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2453 TLS1_2_VERSION, TLS1_2_VERSION,
2454 DTLS1_2_VERSION, DTLS1_2_VERSION,
2455 SSL_NOT_DEFAULT | SSL_HIGH,
2456 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2462 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2463 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2464 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2469 TLS1_2_VERSION, TLS1_2_VERSION,
2470 DTLS1_2_VERSION, DTLS1_2_VERSION,
2471 SSL_NOT_DEFAULT | SSL_HIGH,
2472 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2478 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2479 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2480 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2485 TLS1_VERSION, TLS1_2_VERSION,
2486 DTLS1_BAD_VER, DTLS1_2_VERSION,
2487 SSL_NOT_DEFAULT | SSL_HIGH,
2488 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2494 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2495 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2496 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2501 TLS1_VERSION, TLS1_2_VERSION,
2502 DTLS1_BAD_VER, DTLS1_2_VERSION,
2503 SSL_NOT_DEFAULT | SSL_HIGH,
2504 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2510 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2511 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2512 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2517 TLS1_VERSION, TLS1_2_VERSION,
2518 DTLS1_BAD_VER, DTLS1_2_VERSION,
2519 SSL_NOT_DEFAULT | SSL_HIGH,
2520 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2526 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2527 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2528 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2533 TLS1_VERSION, TLS1_2_VERSION,
2534 DTLS1_BAD_VER, DTLS1_2_VERSION,
2535 SSL_NOT_DEFAULT | SSL_HIGH,
2536 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2542 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2543 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2544 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2549 TLS1_VERSION, TLS1_2_VERSION,
2550 DTLS1_BAD_VER, DTLS1_2_VERSION,
2551 SSL_NOT_DEFAULT | SSL_HIGH,
2552 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2558 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2559 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2560 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2565 TLS1_VERSION, TLS1_2_VERSION,
2566 DTLS1_BAD_VER, DTLS1_2_VERSION,
2567 SSL_NOT_DEFAULT | SSL_HIGH,
2568 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2574 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2575 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2576 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2581 TLS1_VERSION, TLS1_2_VERSION,
2582 DTLS1_BAD_VER, DTLS1_2_VERSION,
2583 SSL_NOT_DEFAULT | SSL_HIGH,
2584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2590 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2591 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2592 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2597 TLS1_VERSION, TLS1_2_VERSION,
2598 DTLS1_BAD_VER, DTLS1_2_VERSION,
2599 SSL_NOT_DEFAULT | SSL_HIGH,
2600 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2604 #endif /* OPENSSL_NO_CAMELLIA */
2606 #ifndef OPENSSL_NO_GOST
2609 "GOST2001-GOST89-GOST89",
2610 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2614 SSL_eGOST2814789CNT,
2616 TLS1_VERSION, TLS1_2_VERSION,
2619 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2625 "GOST2001-NULL-GOST94",
2626 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2632 TLS1_VERSION, TLS1_2_VERSION,
2635 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2641 "IANA-GOST2012-GOST8912-GOST8912",
2645 SSL_aGOST12 | SSL_aGOST01,
2646 SSL_eGOST2814789CNT12,
2648 TLS1_VERSION, TLS1_2_VERSION,
2651 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2657 "LEGACY-GOST2012-GOST8912-GOST8912",
2661 SSL_aGOST12 | SSL_aGOST01,
2662 SSL_eGOST2814789CNT12,
2664 TLS1_VERSION, TLS1_2_VERSION,
2667 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2673 "GOST2012-NULL-GOST12",
2677 SSL_aGOST12 | SSL_aGOST01,
2680 TLS1_VERSION, TLS1_2_VERSION,
2683 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2689 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2696 TLS1_2_VERSION, TLS1_2_VERSION,
2699 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2705 "GOST2012-MAGMA-MAGMAOMAC",
2712 TLS1_2_VERSION, TLS1_2_VERSION,
2715 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2719 #endif /* OPENSSL_NO_GOST */
2721 #ifndef OPENSSL_NO_IDEA
2724 SSL3_TXT_RSA_IDEA_128_SHA,
2725 SSL3_RFC_RSA_IDEA_128_SHA,
2726 SSL3_CK_RSA_IDEA_128_SHA,
2731 SSL3_VERSION, TLS1_1_VERSION,
2732 DTLS1_BAD_VER, DTLS1_VERSION,
2733 SSL_NOT_DEFAULT | SSL_MEDIUM,
2734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2740 #ifndef OPENSSL_NO_SEED
2743 TLS1_TXT_RSA_WITH_SEED_SHA,
2744 TLS1_RFC_RSA_WITH_SEED_SHA,
2745 TLS1_CK_RSA_WITH_SEED_SHA,
2750 SSL3_VERSION, TLS1_2_VERSION,
2751 DTLS1_BAD_VER, DTLS1_2_VERSION,
2752 SSL_NOT_DEFAULT | SSL_MEDIUM,
2753 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2759 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2760 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2761 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2766 SSL3_VERSION, TLS1_2_VERSION,
2767 DTLS1_BAD_VER, DTLS1_2_VERSION,
2768 SSL_NOT_DEFAULT | SSL_MEDIUM,
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2775 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2776 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2777 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2782 SSL3_VERSION, TLS1_2_VERSION,
2783 DTLS1_BAD_VER, DTLS1_2_VERSION,
2784 SSL_NOT_DEFAULT | SSL_MEDIUM,
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2791 TLS1_TXT_ADH_WITH_SEED_SHA,
2792 TLS1_RFC_ADH_WITH_SEED_SHA,
2793 TLS1_CK_ADH_WITH_SEED_SHA,
2798 SSL3_VERSION, TLS1_2_VERSION,
2799 DTLS1_BAD_VER, DTLS1_2_VERSION,
2800 SSL_NOT_DEFAULT | SSL_MEDIUM,
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2805 #endif /* OPENSSL_NO_SEED */
2807 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2810 SSL3_TXT_RSA_RC4_128_MD5,
2811 SSL3_RFC_RSA_RC4_128_MD5,
2812 SSL3_CK_RSA_RC4_128_MD5,
2817 SSL3_VERSION, TLS1_2_VERSION,
2819 SSL_NOT_DEFAULT | SSL_MEDIUM,
2820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2826 SSL3_TXT_RSA_RC4_128_SHA,
2827 SSL3_RFC_RSA_RC4_128_SHA,
2828 SSL3_CK_RSA_RC4_128_SHA,
2833 SSL3_VERSION, TLS1_2_VERSION,
2835 SSL_NOT_DEFAULT | SSL_MEDIUM,
2836 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2842 SSL3_TXT_ADH_RC4_128_MD5,
2843 SSL3_RFC_ADH_RC4_128_MD5,
2844 SSL3_CK_ADH_RC4_128_MD5,
2849 SSL3_VERSION, TLS1_2_VERSION,
2851 SSL_NOT_DEFAULT | SSL_MEDIUM,
2852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2858 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2859 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2860 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2865 TLS1_VERSION, TLS1_2_VERSION,
2867 SSL_NOT_DEFAULT | SSL_MEDIUM,
2868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2874 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2875 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2876 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2881 TLS1_VERSION, TLS1_2_VERSION,
2883 SSL_NOT_DEFAULT | SSL_MEDIUM,
2884 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2890 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2891 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2892 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2897 TLS1_VERSION, TLS1_2_VERSION,
2899 SSL_NOT_DEFAULT | SSL_MEDIUM,
2900 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2906 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2907 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2908 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2913 TLS1_VERSION, TLS1_2_VERSION,
2915 SSL_NOT_DEFAULT | SSL_MEDIUM,
2916 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2922 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2923 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2924 TLS1_CK_PSK_WITH_RC4_128_SHA,
2929 SSL3_VERSION, TLS1_2_VERSION,
2931 SSL_NOT_DEFAULT | SSL_MEDIUM,
2932 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2938 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2939 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2940 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2945 SSL3_VERSION, TLS1_2_VERSION,
2947 SSL_NOT_DEFAULT | SSL_MEDIUM,
2948 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2954 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2955 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2956 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2961 SSL3_VERSION, TLS1_2_VERSION,
2963 SSL_NOT_DEFAULT | SSL_MEDIUM,
2964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2968 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2970 #ifndef OPENSSL_NO_ARIA
2973 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2974 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2975 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2980 TLS1_2_VERSION, TLS1_2_VERSION,
2981 DTLS1_2_VERSION, DTLS1_2_VERSION,
2982 SSL_NOT_DEFAULT | SSL_HIGH,
2983 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2989 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2990 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2991 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2996 TLS1_2_VERSION, TLS1_2_VERSION,
2997 DTLS1_2_VERSION, DTLS1_2_VERSION,
2998 SSL_NOT_DEFAULT | SSL_HIGH,
2999 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3005 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3006 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3007 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3012 TLS1_2_VERSION, TLS1_2_VERSION,
3013 DTLS1_2_VERSION, DTLS1_2_VERSION,
3014 SSL_NOT_DEFAULT | SSL_HIGH,
3015 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3021 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3022 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3023 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3028 TLS1_2_VERSION, TLS1_2_VERSION,
3029 DTLS1_2_VERSION, DTLS1_2_VERSION,
3030 SSL_NOT_DEFAULT | SSL_HIGH,
3031 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3037 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3038 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3039 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3044 TLS1_2_VERSION, TLS1_2_VERSION,
3045 DTLS1_2_VERSION, DTLS1_2_VERSION,
3046 SSL_NOT_DEFAULT | SSL_HIGH,
3047 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3053 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3054 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3055 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3060 TLS1_2_VERSION, TLS1_2_VERSION,
3061 DTLS1_2_VERSION, DTLS1_2_VERSION,
3062 SSL_NOT_DEFAULT | SSL_HIGH,
3063 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3069 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3070 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3071 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3076 TLS1_2_VERSION, TLS1_2_VERSION,
3077 DTLS1_2_VERSION, DTLS1_2_VERSION,
3078 SSL_NOT_DEFAULT | SSL_HIGH,
3079 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3085 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3086 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3087 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3092 TLS1_2_VERSION, TLS1_2_VERSION,
3093 DTLS1_2_VERSION, DTLS1_2_VERSION,
3094 SSL_NOT_DEFAULT | SSL_HIGH,
3095 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3101 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3102 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3103 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3108 TLS1_2_VERSION, TLS1_2_VERSION,
3109 DTLS1_2_VERSION, DTLS1_2_VERSION,
3110 SSL_NOT_DEFAULT | SSL_HIGH,
3111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3117 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3118 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3119 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3124 TLS1_2_VERSION, TLS1_2_VERSION,
3125 DTLS1_2_VERSION, DTLS1_2_VERSION,
3126 SSL_NOT_DEFAULT | SSL_HIGH,
3127 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3133 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3134 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3135 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3140 TLS1_2_VERSION, TLS1_2_VERSION,
3141 DTLS1_2_VERSION, DTLS1_2_VERSION,
3142 SSL_NOT_DEFAULT | SSL_HIGH,
3143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3149 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3150 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3151 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3156 TLS1_2_VERSION, TLS1_2_VERSION,
3157 DTLS1_2_VERSION, DTLS1_2_VERSION,
3158 SSL_NOT_DEFAULT | SSL_HIGH,
3159 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3165 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3166 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3167 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3172 TLS1_2_VERSION, TLS1_2_VERSION,
3173 DTLS1_2_VERSION, DTLS1_2_VERSION,
3174 SSL_NOT_DEFAULT | SSL_HIGH,
3175 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3181 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3182 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3183 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3188 TLS1_2_VERSION, TLS1_2_VERSION,
3189 DTLS1_2_VERSION, DTLS1_2_VERSION,
3190 SSL_NOT_DEFAULT | SSL_HIGH,
3191 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3197 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3198 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3199 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3204 TLS1_2_VERSION, TLS1_2_VERSION,
3205 DTLS1_2_VERSION, DTLS1_2_VERSION,
3206 SSL_NOT_DEFAULT | SSL_HIGH,
3207 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3213 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3214 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3215 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3220 TLS1_2_VERSION, TLS1_2_VERSION,
3221 DTLS1_2_VERSION, DTLS1_2_VERSION,
3222 SSL_NOT_DEFAULT | SSL_HIGH,
3223 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3227 #endif /* OPENSSL_NO_ARIA */
3231 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3232 * values stuffed into the ciphers field of the wire protocol for signalling
3235 static SSL_CIPHER ssl3_scsvs[] = {
3238 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3239 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3241 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3245 "TLS_FALLBACK_SCSV",
3246 "TLS_FALLBACK_SCSV",
3247 SSL3_CK_FALLBACK_SCSV,
3248 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3252 static int cipher_compare(const void *a, const void *b)
3254 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3255 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3257 if (ap->id == bp->id)
3259 return ap->id < bp->id ? -1 : 1;
3262 void ssl_sort_cipher_list(void)
3264 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3266 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3268 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3271 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3272 const char * t, size_t u,
3273 const unsigned char * v, size_t w, int x)
3282 return ssl_undefined_function(ssl);
3285 const SSL3_ENC_METHOD SSLv3_enc_data = {
3288 ssl3_setup_key_block,
3289 ssl3_generate_master_secret,
3290 ssl3_change_cipher_state,
3291 ssl3_final_finish_mac,
3292 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3293 SSL3_MD_SERVER_FINISHED_CONST, 4,
3295 ssl_undefined_function_1,
3297 ssl3_set_handshake_header,
3298 tls_close_construct_packet,
3299 ssl3_handshake_write
3302 long ssl3_default_timeout(void)
3305 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3306 * http, the cache would over fill
3308 return (60 * 60 * 2);
3311 int ssl3_num_ciphers(void)
3313 return SSL3_NUM_CIPHERS;
3316 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3318 if (u < SSL3_NUM_CIPHERS)
3319 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3324 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3326 /* No header in the event of a CCS */
3327 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3330 /* Set the content type and 3 bytes for the message len */
3331 if (!WPACKET_put_bytes_u8(pkt, htype)
3332 || !WPACKET_start_sub_packet_u24(pkt))
3338 int ssl3_handshake_write(SSL *s)
3340 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3343 int ssl3_new(SSL *s)
3345 #ifndef OPENSSL_NO_SRP
3346 if (!SSL_SRP_CTX_init(s))
3350 if (!s->method->ssl_clear(s))
3356 void ssl3_free(SSL *s)
3361 ssl3_cleanup_key_block(s);
3363 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3364 EVP_PKEY_free(s->s3.peer_tmp);
3365 s->s3.peer_tmp = NULL;
3366 EVP_PKEY_free(s->s3.tmp.pkey);
3367 s->s3.tmp.pkey = NULL;
3370 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3371 ssl_evp_md_free(s->s3.tmp.new_hash);
3373 OPENSSL_free(s->s3.tmp.ctype);
3374 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3375 OPENSSL_free(s->s3.tmp.ciphers_raw);
3376 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3377 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3378 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3379 ssl3_free_digest_list(s);
3380 OPENSSL_free(s->s3.alpn_selected);
3381 OPENSSL_free(s->s3.alpn_proposed);
3383 #ifndef OPENSSL_NO_SRP
3384 SSL_SRP_CTX_free(s);
3386 memset(&s->s3, 0, sizeof(s->s3));
3389 int ssl3_clear(SSL *s)
3391 ssl3_cleanup_key_block(s);
3392 OPENSSL_free(s->s3.tmp.ctype);
3393 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3394 OPENSSL_free(s->s3.tmp.ciphers_raw);
3395 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3396 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3397 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3399 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3400 EVP_PKEY_free(s->s3.tmp.pkey);
3401 EVP_PKEY_free(s->s3.peer_tmp);
3402 #endif /* !OPENSSL_NO_EC */
3404 ssl3_free_digest_list(s);
3406 OPENSSL_free(s->s3.alpn_selected);
3407 OPENSSL_free(s->s3.alpn_proposed);
3409 /* NULL/zero-out everything in the s3 struct */
3410 memset(&s->s3, 0, sizeof(s->s3));
3412 if (!ssl_free_wbio_buffer(s))
3415 s->version = SSL3_VERSION;
3417 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3418 OPENSSL_free(s->ext.npn);
3426 #ifndef OPENSSL_NO_SRP
3427 static char *srp_password_from_info_cb(SSL *s, void *arg)
3429 return OPENSSL_strdup(s->srp_ctx.info);
3433 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3435 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3440 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3442 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3443 ret = s->s3.num_renegotiations;
3445 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3446 ret = s->s3.num_renegotiations;
3447 s->s3.num_renegotiations = 0;
3449 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3450 ret = s->s3.total_renegotiations;
3452 case SSL_CTRL_GET_FLAGS:
3453 ret = (int)(s->s3.flags);
3455 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
3456 case SSL_CTRL_SET_TMP_DH:
3458 EVP_PKEY *pkdh = NULL;
3460 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3463 pkdh = ssl_dh_to_pkey(parg);
3465 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3468 return SSL_set0_tmp_dh_pkey(s, pkdh);
3471 case SSL_CTRL_SET_TMP_DH_CB:
3473 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3477 case SSL_CTRL_SET_DH_AUTO:
3478 s->cert->dh_tmp_auto = larg;
3480 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
3481 case SSL_CTRL_SET_TMP_ECDH:
3484 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3487 return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
3488 &s->ext.supportedgroups_len,
3492 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3494 * This API is only used for a client to set what SNI it will request
3495 * from the server, but we currently allow it to be used on servers
3496 * as well, which is a programming error. Currently we just clear
3497 * the field in SSL_do_handshake() for server SSLs, but when we can
3498 * make ABI-breaking changes, we may want to make use of this API
3499 * an error on server SSLs.
3501 if (larg == TLSEXT_NAMETYPE_host_name) {
3504 OPENSSL_free(s->ext.hostname);
3505 s->ext.hostname = NULL;
3510 len = strlen((char *)parg);
3511 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3512 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3515 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3516 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3520 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3524 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3525 s->ext.debug_arg = parg;
3529 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3530 ret = s->ext.status_type;
3533 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3534 s->ext.status_type = larg;
3538 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3539 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3543 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3544 s->ext.ocsp.exts = parg;
3548 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3549 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3553 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3554 s->ext.ocsp.ids = parg;
3558 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3559 *(unsigned char **)parg = s->ext.ocsp.resp;
3560 if (s->ext.ocsp.resp_len == 0
3561 || s->ext.ocsp.resp_len > LONG_MAX)
3563 return (long)s->ext.ocsp.resp_len;
3565 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3566 OPENSSL_free(s->ext.ocsp.resp);
3567 s->ext.ocsp.resp = parg;
3568 s->ext.ocsp.resp_len = larg;
3572 case SSL_CTRL_CHAIN:
3574 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3576 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3578 case SSL_CTRL_CHAIN_CERT:
3580 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3582 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3584 case SSL_CTRL_GET_CHAIN_CERTS:
3585 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3589 case SSL_CTRL_SELECT_CURRENT_CERT:
3590 return ssl_cert_select_current(s->cert, (X509 *)parg);
3592 case SSL_CTRL_SET_CURRENT_CERT:
3593 if (larg == SSL_CERT_SET_SERVER) {
3594 const SSL_CIPHER *cipher;
3597 cipher = s->s3.tmp.new_cipher;
3601 * No certificate for unauthenticated ciphersuites or using SRP
3604 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3606 if (s->s3.tmp.cert == NULL)
3608 s->cert->key = s->s3.tmp.cert;
3611 return ssl_cert_set_current(s->cert, larg);
3613 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3614 case SSL_CTRL_GET_GROUPS:
3621 clist = s->ext.peer_supportedgroups;
3622 clistlen = s->ext.peer_supportedgroups_len;
3627 for (i = 0; i < clistlen; i++) {
3628 const TLS_GROUP_INFO *cinf
3629 = tls1_group_id_lookup(s->ctx, clist[i]);
3632 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3634 cptr[i] = TLSEXT_nid_unknown | clist[i];
3637 return (int)clistlen;
3640 case SSL_CTRL_SET_GROUPS:
3641 return tls1_set_groups(&s->ext.supportedgroups,
3642 &s->ext.supportedgroups_len, parg, larg);
3644 case SSL_CTRL_SET_GROUPS_LIST:
3645 return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
3646 &s->ext.supportedgroups_len, parg);
3648 case SSL_CTRL_GET_SHARED_GROUP:
3650 uint16_t id = tls1_shared_group(s, larg);
3653 return tls1_group_id2nid(id, 1);
3656 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3657 ret = tls1_group_id2nid(s->s3.group_id, 1);
3659 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3661 case SSL_CTRL_SET_SIGALGS:
3662 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3664 case SSL_CTRL_SET_SIGALGS_LIST:
3665 return tls1_set_sigalgs_list(s->cert, parg, 0);
3667 case SSL_CTRL_SET_CLIENT_SIGALGS:
3668 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3670 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3671 return tls1_set_sigalgs_list(s->cert, parg, 1);
3673 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3675 const unsigned char **pctype = parg;
3676 if (s->server || !s->s3.tmp.cert_req)
3679 *pctype = s->s3.tmp.ctype;
3680 return s->s3.tmp.ctype_len;
3683 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3686 return ssl3_set_req_cert_type(s->cert, parg, larg);
3688 case SSL_CTRL_BUILD_CERT_CHAIN:
3689 return ssl_build_cert_chain(s, NULL, larg);
3691 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3692 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3694 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3695 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3697 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3698 if (s->s3.tmp.peer_sigalg == NULL)
3700 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3703 case SSL_CTRL_GET_SIGNATURE_NID:
3704 if (s->s3.tmp.sigalg == NULL)
3706 *(int *)parg = s->s3.tmp.sigalg->hash;
3709 case SSL_CTRL_GET_PEER_TMP_KEY:
3710 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3711 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3714 EVP_PKEY_up_ref(s->s3.peer_tmp);
3715 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3722 case SSL_CTRL_GET_TMP_KEY:
3723 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3724 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3727 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3728 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3735 #ifndef OPENSSL_NO_EC
3736 case SSL_CTRL_GET_EC_POINT_FORMATS:
3738 const unsigned char **pformat = parg;
3740 if (s->ext.peer_ecpointformats == NULL)
3742 *pformat = s->ext.peer_ecpointformats;
3743 return (int)s->ext.peer_ecpointformats_len;
3753 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3758 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
3759 case SSL_CTRL_SET_TMP_DH_CB:
3760 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3764 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3765 s->ext.debug_cb = (void (*)(SSL *, int, int,
3766 const unsigned char *, int, void *))fp;
3770 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3771 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3780 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3783 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
3784 case SSL_CTRL_SET_TMP_DH:
3786 EVP_PKEY *pkdh = NULL;
3788 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3791 pkdh = ssl_dh_to_pkey(parg);
3793 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3796 return SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh);
3798 case SSL_CTRL_SET_TMP_DH_CB:
3800 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3804 case SSL_CTRL_SET_DH_AUTO:
3805 ctx->cert->dh_tmp_auto = larg;
3807 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
3808 case SSL_CTRL_SET_TMP_ECDH:
3811 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3814 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3815 &ctx->ext.supportedgroups_len,
3819 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3820 ctx->ext.servername_arg = parg;
3822 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3823 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3825 unsigned char *keys = parg;
3826 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3827 sizeof(ctx->ext.secure->tick_hmac_key) +
3828 sizeof(ctx->ext.secure->tick_aes_key));
3831 if (larg != tick_keylen) {
3832 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3835 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3836 memcpy(ctx->ext.tick_key_name, keys,
3837 sizeof(ctx->ext.tick_key_name));
3838 memcpy(ctx->ext.secure->tick_hmac_key,
3839 keys + sizeof(ctx->ext.tick_key_name),
3840 sizeof(ctx->ext.secure->tick_hmac_key));
3841 memcpy(ctx->ext.secure->tick_aes_key,
3842 keys + sizeof(ctx->ext.tick_key_name) +
3843 sizeof(ctx->ext.secure->tick_hmac_key),
3844 sizeof(ctx->ext.secure->tick_aes_key));
3846 memcpy(keys, ctx->ext.tick_key_name,
3847 sizeof(ctx->ext.tick_key_name));
3848 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3849 ctx->ext.secure->tick_hmac_key,
3850 sizeof(ctx->ext.secure->tick_hmac_key));
3851 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3852 sizeof(ctx->ext.secure->tick_hmac_key),
3853 ctx->ext.secure->tick_aes_key,
3854 sizeof(ctx->ext.secure->tick_aes_key));
3859 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3860 return ctx->ext.status_type;
3862 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3863 ctx->ext.status_type = larg;
3866 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3867 ctx->ext.status_arg = parg;
3870 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3871 *(void**)parg = ctx->ext.status_arg;
3874 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3875 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3878 #ifndef OPENSSL_NO_SRP
3879 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3880 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3881 OPENSSL_free(ctx->srp_ctx.login);
3882 ctx->srp_ctx.login = NULL;
3885 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3886 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3889 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3890 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3894 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3895 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3896 srp_password_from_info_cb;
3897 if (ctx->srp_ctx.info != NULL)
3898 OPENSSL_free(ctx->srp_ctx.info);
3899 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3900 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3904 case SSL_CTRL_SET_SRP_ARG:
3905 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3906 ctx->srp_ctx.SRP_cb_arg = parg;
3909 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3910 ctx->srp_ctx.strength = larg;
3914 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3915 case SSL_CTRL_SET_GROUPS:
3916 return tls1_set_groups(&ctx->ext.supportedgroups,
3917 &ctx->ext.supportedgroups_len,
3920 case SSL_CTRL_SET_GROUPS_LIST:
3921 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
3922 &ctx->ext.supportedgroups_len,
3924 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3926 case SSL_CTRL_SET_SIGALGS:
3927 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3929 case SSL_CTRL_SET_SIGALGS_LIST:
3930 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3932 case SSL_CTRL_SET_CLIENT_SIGALGS:
3933 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3935 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3936 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3938 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3939 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3941 case SSL_CTRL_BUILD_CERT_CHAIN:
3942 return ssl_build_cert_chain(NULL, ctx, larg);
3944 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3945 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3947 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3948 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3950 /* A Thawte special :-) */
3951 case SSL_CTRL_EXTRA_CHAIN_CERT:
3952 if (ctx->extra_certs == NULL) {
3953 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3954 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3958 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3959 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3964 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3965 if (ctx->extra_certs == NULL && larg == 0)
3966 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3968 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3971 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3972 sk_X509_pop_free(ctx->extra_certs, X509_free);
3973 ctx->extra_certs = NULL;
3976 case SSL_CTRL_CHAIN:
3978 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3980 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3982 case SSL_CTRL_CHAIN_CERT:
3984 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3986 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3988 case SSL_CTRL_GET_CHAIN_CERTS:
3989 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3992 case SSL_CTRL_SELECT_CURRENT_CERT:
3993 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3995 case SSL_CTRL_SET_CURRENT_CERT:
3996 return ssl_cert_set_current(ctx->cert, larg);
4004 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4007 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
4008 case SSL_CTRL_SET_TMP_DH_CB:
4010 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4014 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4015 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4018 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4019 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4022 # ifndef OPENSSL_NO_DEPRECATED_3_0
4023 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4024 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4027 HMAC_CTX *, int))fp;
4031 #ifndef OPENSSL_NO_SRP
4032 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4033 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4034 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4036 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4037 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4038 ctx->srp_ctx.TLS_ext_srp_username_callback =
4039 (int (*)(SSL *, int *, void *))fp;
4041 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4042 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4043 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4044 (char *(*)(SSL *, void *))fp;
4047 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4049 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4058 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4059 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4060 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4062 ctx->ext.ticket_key_evp_cb = fp;
4066 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4069 const SSL_CIPHER *cp;
4072 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4075 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4078 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4081 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4084 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4085 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4088 /* this is not efficient, necessary to optimize this? */
4089 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4090 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4091 if (tbl->stdname == NULL)
4093 if (strcmp(stdname, tbl->stdname) == 0) {
4102 * This function needs to check if the ciphers required are actually
4105 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4107 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4108 | ((uint32_t)p[0] << 8L)
4112 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4114 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4119 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4127 * ssl3_choose_cipher - choose a cipher from those offered by the client
4128 * @s: SSL connection
4129 * @clnt: ciphers offered by the client
4130 * @srvr: ciphers enabled on the server?
4132 * Returns the selected cipher or NULL when no common ciphers.
4134 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4135 STACK_OF(SSL_CIPHER) *srvr)
4137 const SSL_CIPHER *c, *ret = NULL;
4138 STACK_OF(SSL_CIPHER) *prio, *allow;
4139 int i, ii, ok, prefer_sha256 = 0;
4140 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4141 #ifndef OPENSSL_NO_CHACHA
4142 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4145 /* Let's see which ciphers we can support */
4148 * Do not set the compare functions, because this may lead to a
4149 * reordering by "id". We want to keep the original ordering. We may pay
4150 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4151 * pay with the price of sk_SSL_CIPHER_dup().
4154 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4155 BIO_printf(trc_out, "Server has %d from %p:\n",
4156 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4157 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4158 c = sk_SSL_CIPHER_value(srvr, i);
4159 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4161 BIO_printf(trc_out, "Client sent %d from %p:\n",
4162 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4163 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4164 c = sk_SSL_CIPHER_value(clnt, i);
4165 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4167 } OSSL_TRACE_END(TLS_CIPHER);
4169 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4170 if (tls1_suiteb(s)) {
4173 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4176 #ifndef OPENSSL_NO_CHACHA
4177 /* If ChaCha20 is at the top of the client preference list,
4178 and there are ChaCha20 ciphers in the server list, then
4179 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4180 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4181 c = sk_SSL_CIPHER_value(clnt, 0);
4182 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4183 /* ChaCha20 is client preferred, check server... */
4184 int num = sk_SSL_CIPHER_num(srvr);
4186 for (i = 0; i < num; i++) {
4187 c = sk_SSL_CIPHER_value(srvr, i);
4188 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4194 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4195 /* if reserve fails, then there's likely a memory issue */
4196 if (prio_chacha != NULL) {
4197 /* Put all ChaCha20 at the top, starting with the one we just found */
4198 sk_SSL_CIPHER_push(prio_chacha, c);
4199 for (i++; i < num; i++) {
4200 c = sk_SSL_CIPHER_value(srvr, i);
4201 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4202 sk_SSL_CIPHER_push(prio_chacha, c);
4204 /* Pull in the rest */
4205 for (i = 0; i < num; i++) {
4206 c = sk_SSL_CIPHER_value(srvr, i);
4207 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4208 sk_SSL_CIPHER_push(prio_chacha, c);
4221 if (SSL_IS_TLS13(s)) {
4222 #ifndef OPENSSL_NO_PSK
4226 * If we allow "old" style PSK callbacks, and we have no certificate (so
4227 * we're not going to succeed without a PSK anyway), and we're in
4228 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4229 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4232 if (s->psk_server_callback != NULL) {
4233 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4234 if (j == SSL_PKEY_NUM) {
4235 /* There are no certificates */
4241 tls1_set_cert_validity(s);
4245 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4246 c = sk_SSL_CIPHER_value(prio, i);
4248 /* Skip ciphers not supported by the protocol version */
4249 if (!SSL_IS_DTLS(s) &&
4250 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4252 if (SSL_IS_DTLS(s) &&
4253 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4254 DTLS_VERSION_GT(s->version, c->max_dtls)))
4258 * Since TLS 1.3 ciphersuites can be used with any auth or
4259 * key exchange scheme skip tests.
4261 if (!SSL_IS_TLS13(s)) {
4262 mask_k = s->s3.tmp.mask_k;
4263 mask_a = s->s3.tmp.mask_a;
4264 #ifndef OPENSSL_NO_SRP
4265 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4271 alg_k = c->algorithm_mkey;
4272 alg_a = c->algorithm_auth;
4274 #ifndef OPENSSL_NO_PSK
4275 /* with PSK there must be server callback set */
4276 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4278 #endif /* OPENSSL_NO_PSK */
4280 ok = (alg_k & mask_k) && (alg_a & mask_a);
4281 OSSL_TRACE7(TLS_CIPHER,
4282 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4283 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4285 #ifndef OPENSSL_NO_EC
4287 * if we are considering an ECC cipher suite that uses an ephemeral
4290 if (alg_k & SSL_kECDHE)
4291 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4292 #endif /* OPENSSL_NO_EC */
4297 ii = sk_SSL_CIPHER_find(allow, c);
4299 /* Check security callback permits this cipher */
4300 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4301 c->strength_bits, 0, (void *)c))
4303 #if !defined(OPENSSL_NO_EC)
4304 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4305 && s->s3.is_probably_safari) {
4307 ret = sk_SSL_CIPHER_value(allow, ii);
4311 if (prefer_sha256) {
4312 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4315 * TODO: When there are no more legacy digests we can just use
4316 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4318 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
4319 OBJ_nid2sn(NID_sha256))) {
4327 ret = sk_SSL_CIPHER_value(allow, ii);
4331 #ifndef OPENSSL_NO_CHACHA
4332 sk_SSL_CIPHER_free(prio_chacha);
4337 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4339 uint32_t alg_k, alg_a = 0;
4341 /* If we have custom certificate types set, use them */
4343 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4344 /* Get mask of algorithms disabled by signature list */
4345 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4347 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4349 #ifndef OPENSSL_NO_GOST
4350 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4351 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4352 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4353 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4354 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4355 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4358 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4359 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4360 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4364 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4365 #ifndef OPENSSL_NO_DH
4366 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4368 # ifndef OPENSSL_NO_DSA
4369 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4372 #endif /* !OPENSSL_NO_DH */
4374 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4376 #ifndef OPENSSL_NO_DSA
4377 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4380 #ifndef OPENSSL_NO_EC
4382 * ECDSA certs can be used with RSA cipher suites too so we don't
4383 * need to check for SSL_kECDH or SSL_kECDHE
4385 if (s->version >= TLS1_VERSION
4386 && !(alg_a & SSL_aECDSA)
4387 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4393 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4395 OPENSSL_free(c->ctype);
4398 if (p == NULL || len == 0)
4402 c->ctype = OPENSSL_memdup(p, len);
4403 if (c->ctype == NULL)
4409 int ssl3_shutdown(SSL *s)
4414 * Don't do anything much if we have not done the handshake or we don't
4415 * want to send messages :-)
4417 if (s->quiet_shutdown || SSL_in_before(s)) {
4418 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4422 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4423 s->shutdown |= SSL_SENT_SHUTDOWN;
4424 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4426 * our shutdown alert has been sent now, and if it still needs to be
4427 * written, s->s3.alert_dispatch will be true
4429 if (s->s3.alert_dispatch)
4430 return -1; /* return WANT_WRITE */
4431 } else if (s->s3.alert_dispatch) {
4432 /* resend it if not sent */
4433 ret = s->method->ssl_dispatch_alert(s);
4436 * we only get to return -1 here the 2nd/Nth invocation, we must
4437 * have already signalled return 0 upon a previous invocation,
4442 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4445 * If we are waiting for a close from our peer, we are closed
4447 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4448 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4449 return -1; /* return WANT_READ */
4453 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4454 !s->s3.alert_dispatch)
4460 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4463 if (s->s3.renegotiate)
4464 ssl3_renegotiate_check(s, 0);
4466 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4470 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4476 if (s->s3.renegotiate)
4477 ssl3_renegotiate_check(s, 0);
4478 s->s3.in_read_app_data = 1;
4480 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4482 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4484 * ssl3_read_bytes decided to call s->handshake_func, which called
4485 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4486 * actually found application data and thinks that application data
4487 * makes sense here; so disable handshake processing and try to read
4488 * application data again.
4490 ossl_statem_set_in_handshake(s, 1);
4492 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4493 len, peek, readbytes);
4494 ossl_statem_set_in_handshake(s, 0);
4496 s->s3.in_read_app_data = 0;
4501 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4503 return ssl3_read_internal(s, buf, len, 0, readbytes);
4506 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4508 return ssl3_read_internal(s, buf, len, 1, readbytes);
4511 int ssl3_renegotiate(SSL *s)
4513 if (s->handshake_func == NULL)
4516 s->s3.renegotiate = 1;
4521 * Check if we are waiting to do a renegotiation and if so whether now is a
4522 * good time to do it. If |initok| is true then we are being called from inside
4523 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4524 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4525 * should do a renegotiation now and sets up the state machine for it. Otherwise
4528 int ssl3_renegotiate_check(SSL *s, int initok)
4532 if (s->s3.renegotiate) {
4533 if (!RECORD_LAYER_read_pending(&s->rlayer)
4534 && !RECORD_LAYER_write_pending(&s->rlayer)
4535 && (initok || !SSL_in_init(s))) {
4537 * if we are the server, and we have sent a 'RENEGOTIATE'
4538 * message, we need to set the state machine into the renegotiate
4541 ossl_statem_set_renegotiate(s);
4542 s->s3.renegotiate = 0;
4543 s->s3.num_renegotiations++;
4544 s->s3.total_renegotiations++;
4552 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4553 * handshake macs if required.
4555 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4557 long ssl_get_algorithm2(SSL *s)
4560 if (s->s3.tmp.new_cipher == NULL)
4562 alg2 = s->s3.tmp.new_cipher->algorithm2;
4563 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4564 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4565 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4566 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4567 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4568 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4574 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4575 * failure, 1 on success.
4577 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4580 int send_time = 0, ret;
4585 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4587 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4589 unsigned long Time = (unsigned long)time(NULL);
4590 unsigned char *p = result;
4593 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
4595 ret = RAND_bytes_ex(s->ctx->libctx, result, len);
4599 if (!ossl_assert(sizeof(tls11downgrade) < len)
4600 || !ossl_assert(sizeof(tls12downgrade) < len))
4602 if (dgrd == DOWNGRADE_TO_1_2)
4603 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4604 sizeof(tls12downgrade));
4605 else if (dgrd == DOWNGRADE_TO_1_1)
4606 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4607 sizeof(tls11downgrade));
4613 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4616 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4619 if (alg_k & SSL_PSK) {
4620 #ifndef OPENSSL_NO_PSK
4621 unsigned char *pskpms, *t;
4622 size_t psklen = s->s3.tmp.psklen;
4625 /* create PSK premaster_secret */
4627 /* For plain PSK "other_secret" is psklen zeroes */
4628 if (alg_k & SSL_kPSK)
4631 pskpmslen = 4 + pmslen + psklen;
4632 pskpms = OPENSSL_malloc(pskpmslen);
4637 if (alg_k & SSL_kPSK)
4638 memset(t, 0, pmslen);
4640 memcpy(t, pms, pmslen);
4643 memcpy(t, s->s3.tmp.psk, psklen);
4645 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4646 s->s3.tmp.psk = NULL;
4647 if (!s->method->ssl3_enc->generate_master_secret(s,
4648 s->session->master_key, pskpms, pskpmslen,
4649 &s->session->master_key_length)) {
4650 OPENSSL_clear_free(pskpms, pskpmslen);
4651 /* SSLfatal() already called */
4654 OPENSSL_clear_free(pskpms, pskpmslen);
4656 /* Should never happen */
4660 if (!s->method->ssl3_enc->generate_master_secret(s,
4661 s->session->master_key, pms, pmslen,
4662 &s->session->master_key_length)) {
4663 /* SSLfatal() already called */
4672 OPENSSL_clear_free(pms, pmslen);
4674 OPENSSL_cleanse(pms, pmslen);
4677 s->s3.tmp.pms = NULL;
4681 /* Generate a private key from parameters */
4682 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4684 EVP_PKEY_CTX *pctx = NULL;
4685 EVP_PKEY *pkey = NULL;
4689 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4692 if (EVP_PKEY_keygen_init(pctx) <= 0)
4694 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4695 EVP_PKEY_free(pkey);
4700 EVP_PKEY_CTX_free(pctx);
4704 /* Generate a private key from a group ID */
4705 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4707 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4708 EVP_PKEY_CTX *pctx = NULL;
4709 EVP_PKEY *pkey = NULL;
4712 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4716 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4720 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4723 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4724 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4727 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
4728 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4731 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4732 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4733 EVP_PKEY_free(pkey);
4738 EVP_PKEY_CTX_free(pctx);
4743 * Generate parameters from a group ID
4745 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4747 EVP_PKEY_CTX *pctx = NULL;
4748 EVP_PKEY *pkey = NULL;
4749 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4754 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4759 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4761 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
4762 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4765 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4766 EVP_PKEY_free(pkey);
4771 EVP_PKEY_CTX_free(pctx);
4775 /* Generate secrets from pms */
4776 int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
4780 /* SSLfatal() called as appropriate in the below functions */
4781 if (SSL_IS_TLS13(s)) {
4783 * If we are resuming then we already generated the early secret
4784 * when we created the ClientHello, so don't recreate it.
4787 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4789 (unsigned char *)&s->early_secret);
4793 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4795 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4801 /* Derive secrets for ECDH/DH */
4802 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4805 unsigned char *pms = NULL;
4809 if (privkey == NULL || pubkey == NULL) {
4810 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4814 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4816 if (EVP_PKEY_derive_init(pctx) <= 0
4817 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4818 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4819 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4823 #ifndef OPENSSL_NO_DH
4824 if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
4825 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4828 pms = OPENSSL_malloc(pmslen);
4830 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4834 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4835 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4840 /* SSLfatal() called as appropriate in the below functions */
4841 rv = ssl_gensecret(s, pms, pmslen);
4843 /* Save premaster secret */
4844 s->s3.tmp.pms = pms;
4845 s->s3.tmp.pmslen = pmslen;
4851 OPENSSL_clear_free(pms, pmslen);
4852 EVP_PKEY_CTX_free(pctx);
4856 /* Decapsulate secrets for KEM */
4857 int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
4858 const unsigned char *ct, size_t ctlen,
4862 unsigned char *pms = NULL;
4866 if (privkey == NULL) {
4867 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4871 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4873 if (EVP_PKEY_decapsulate_init(pctx) <= 0
4874 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4875 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4879 pms = OPENSSL_malloc(pmslen);
4881 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4885 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
4886 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4891 /* SSLfatal() called as appropriate in the below functions */
4892 rv = ssl_gensecret(s, pms, pmslen);
4894 /* Save premaster secret */
4895 s->s3.tmp.pms = pms;
4896 s->s3.tmp.pmslen = pmslen;
4902 OPENSSL_clear_free(pms, pmslen);
4903 EVP_PKEY_CTX_free(pctx);
4907 int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
4908 unsigned char **ctp, size_t *ctlenp,
4912 unsigned char *pms = NULL, *ct = NULL;
4913 size_t pmslen = 0, ctlen = 0;
4916 if (pubkey == NULL) {
4917 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4921 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
4923 if (EVP_PKEY_encapsulate_init(pctx) <= 0
4924 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
4925 || pmslen == 0 || ctlen == 0) {
4926 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4930 pms = OPENSSL_malloc(pmslen);
4931 ct = OPENSSL_malloc(ctlen);
4932 if (pms == NULL || ct == NULL) {
4933 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4937 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
4938 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4943 /* SSLfatal() called as appropriate in the below functions */
4944 rv = ssl_gensecret(s, pms, pmslen);
4946 /* Save premaster secret */
4947 s->s3.tmp.pms = pms;
4948 s->s3.tmp.pmslen = pmslen;
4954 /* Pass ownership of ct to caller */
4961 OPENSSL_clear_free(pms, pmslen);
4963 EVP_PKEY_CTX_free(pctx);
4967 const char *SSL_group_to_name(SSL *s, int nid) {
4969 const TLS_GROUP_INFO *cinf = NULL;
4971 /* first convert to real group id for internal and external IDs */
4972 if (nid & TLSEXT_nid_unknown)
4973 group_id = nid & 0xFFFF;
4975 group_id = tls1_nid2group_id(nid);
4978 cinf = tls1_group_id_lookup(s->ctx, group_id);
4981 return cinf->tlsname;