2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include "internal/cryptlib.h"
23 DEFINE_STACK_OF(X509_NAME)
26 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
27 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
28 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
30 /* TLSv1.3 downgrade protection sentinel values */
31 const unsigned char tls11downgrade[] = {
32 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
34 const unsigned char tls12downgrade[] = {
35 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
38 /* The list of available TLSv1.3 ciphers */
39 static SSL_CIPHER tls13_ciphers[] = {
42 TLS1_3_RFC_AES_128_GCM_SHA256,
43 TLS1_3_RFC_AES_128_GCM_SHA256,
44 TLS1_3_CK_AES_128_GCM_SHA256,
49 TLS1_3_VERSION, TLS1_3_VERSION,
52 SSL_HANDSHAKE_MAC_SHA256,
57 TLS1_3_RFC_AES_256_GCM_SHA384,
58 TLS1_3_RFC_AES_256_GCM_SHA384,
59 TLS1_3_CK_AES_256_GCM_SHA384,
64 TLS1_3_VERSION, TLS1_3_VERSION,
67 SSL_HANDSHAKE_MAC_SHA384,
71 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
74 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
75 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
76 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
81 TLS1_3_VERSION, TLS1_3_VERSION,
84 SSL_HANDSHAKE_MAC_SHA256,
91 TLS1_3_RFC_AES_128_CCM_SHA256,
92 TLS1_3_RFC_AES_128_CCM_SHA256,
93 TLS1_3_CK_AES_128_CCM_SHA256,
98 TLS1_3_VERSION, TLS1_3_VERSION,
100 SSL_NOT_DEFAULT | SSL_HIGH,
101 SSL_HANDSHAKE_MAC_SHA256,
106 TLS1_3_RFC_AES_128_CCM_8_SHA256,
107 TLS1_3_RFC_AES_128_CCM_8_SHA256,
108 TLS1_3_CK_AES_128_CCM_8_SHA256,
113 TLS1_3_VERSION, TLS1_3_VERSION,
115 SSL_NOT_DEFAULT | SSL_HIGH,
116 SSL_HANDSHAKE_MAC_SHA256,
123 * The list of available ciphers, mostly organized into the following
128 * SRP (within that: RSA EC PSK)
129 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
132 static SSL_CIPHER ssl3_ciphers[] = {
135 SSL3_TXT_RSA_NULL_MD5,
136 SSL3_RFC_RSA_NULL_MD5,
137 SSL3_CK_RSA_NULL_MD5,
142 SSL3_VERSION, TLS1_2_VERSION,
143 DTLS1_BAD_VER, DTLS1_2_VERSION,
145 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
151 SSL3_TXT_RSA_NULL_SHA,
152 SSL3_RFC_RSA_NULL_SHA,
153 SSL3_CK_RSA_NULL_SHA,
158 SSL3_VERSION, TLS1_2_VERSION,
159 DTLS1_BAD_VER, DTLS1_2_VERSION,
160 SSL_STRONG_NONE | SSL_FIPS,
161 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
165 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
168 SSL3_TXT_RSA_DES_192_CBC3_SHA,
169 SSL3_RFC_RSA_DES_192_CBC3_SHA,
170 SSL3_CK_RSA_DES_192_CBC3_SHA,
175 SSL3_VERSION, TLS1_2_VERSION,
176 DTLS1_BAD_VER, DTLS1_2_VERSION,
177 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
178 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
184 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
185 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
186 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
191 SSL3_VERSION, TLS1_2_VERSION,
192 DTLS1_BAD_VER, DTLS1_2_VERSION,
193 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
194 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
200 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
201 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
202 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
207 SSL3_VERSION, TLS1_2_VERSION,
208 DTLS1_BAD_VER, DTLS1_2_VERSION,
209 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
210 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
216 SSL3_TXT_ADH_DES_192_CBC_SHA,
217 SSL3_RFC_ADH_DES_192_CBC_SHA,
218 SSL3_CK_ADH_DES_192_CBC_SHA,
223 SSL3_VERSION, TLS1_2_VERSION,
224 DTLS1_BAD_VER, DTLS1_2_VERSION,
225 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
226 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233 TLS1_TXT_RSA_WITH_AES_128_SHA,
234 TLS1_RFC_RSA_WITH_AES_128_SHA,
235 TLS1_CK_RSA_WITH_AES_128_SHA,
240 SSL3_VERSION, TLS1_2_VERSION,
241 DTLS1_BAD_VER, DTLS1_2_VERSION,
243 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
249 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
250 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
251 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
256 SSL3_VERSION, TLS1_2_VERSION,
257 DTLS1_BAD_VER, DTLS1_2_VERSION,
258 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
259 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
265 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
266 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
267 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
272 SSL3_VERSION, TLS1_2_VERSION,
273 DTLS1_BAD_VER, DTLS1_2_VERSION,
275 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
281 TLS1_TXT_ADH_WITH_AES_128_SHA,
282 TLS1_RFC_ADH_WITH_AES_128_SHA,
283 TLS1_CK_ADH_WITH_AES_128_SHA,
288 SSL3_VERSION, TLS1_2_VERSION,
289 DTLS1_BAD_VER, DTLS1_2_VERSION,
290 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
291 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
297 TLS1_TXT_RSA_WITH_AES_256_SHA,
298 TLS1_RFC_RSA_WITH_AES_256_SHA,
299 TLS1_CK_RSA_WITH_AES_256_SHA,
304 SSL3_VERSION, TLS1_2_VERSION,
305 DTLS1_BAD_VER, DTLS1_2_VERSION,
307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
313 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
314 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
315 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
320 SSL3_VERSION, TLS1_2_VERSION,
321 DTLS1_BAD_VER, DTLS1_2_VERSION,
322 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
323 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
329 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
330 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
331 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
336 SSL3_VERSION, TLS1_2_VERSION,
337 DTLS1_BAD_VER, DTLS1_2_VERSION,
339 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
345 TLS1_TXT_ADH_WITH_AES_256_SHA,
346 TLS1_RFC_ADH_WITH_AES_256_SHA,
347 TLS1_CK_ADH_WITH_AES_256_SHA,
352 SSL3_VERSION, TLS1_2_VERSION,
353 DTLS1_BAD_VER, DTLS1_2_VERSION,
354 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
355 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
361 TLS1_TXT_RSA_WITH_NULL_SHA256,
362 TLS1_RFC_RSA_WITH_NULL_SHA256,
363 TLS1_CK_RSA_WITH_NULL_SHA256,
368 TLS1_2_VERSION, TLS1_2_VERSION,
369 DTLS1_2_VERSION, DTLS1_2_VERSION,
370 SSL_STRONG_NONE | SSL_FIPS,
371 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
377 TLS1_TXT_RSA_WITH_AES_128_SHA256,
378 TLS1_RFC_RSA_WITH_AES_128_SHA256,
379 TLS1_CK_RSA_WITH_AES_128_SHA256,
384 TLS1_2_VERSION, TLS1_2_VERSION,
385 DTLS1_2_VERSION, DTLS1_2_VERSION,
387 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
393 TLS1_TXT_RSA_WITH_AES_256_SHA256,
394 TLS1_RFC_RSA_WITH_AES_256_SHA256,
395 TLS1_CK_RSA_WITH_AES_256_SHA256,
400 TLS1_2_VERSION, TLS1_2_VERSION,
401 DTLS1_2_VERSION, DTLS1_2_VERSION,
403 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
409 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
410 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
411 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
416 TLS1_2_VERSION, TLS1_2_VERSION,
417 DTLS1_2_VERSION, DTLS1_2_VERSION,
418 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
419 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
425 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
426 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
427 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
432 TLS1_2_VERSION, TLS1_2_VERSION,
433 DTLS1_2_VERSION, DTLS1_2_VERSION,
435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
441 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
442 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
443 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
448 TLS1_2_VERSION, TLS1_2_VERSION,
449 DTLS1_2_VERSION, DTLS1_2_VERSION,
450 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
457 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
458 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
459 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
464 TLS1_2_VERSION, TLS1_2_VERSION,
465 DTLS1_2_VERSION, DTLS1_2_VERSION,
467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
473 TLS1_TXT_ADH_WITH_AES_128_SHA256,
474 TLS1_RFC_ADH_WITH_AES_128_SHA256,
475 TLS1_CK_ADH_WITH_AES_128_SHA256,
480 TLS1_2_VERSION, TLS1_2_VERSION,
481 DTLS1_2_VERSION, DTLS1_2_VERSION,
482 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
483 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
489 TLS1_TXT_ADH_WITH_AES_256_SHA256,
490 TLS1_RFC_ADH_WITH_AES_256_SHA256,
491 TLS1_CK_ADH_WITH_AES_256_SHA256,
496 TLS1_2_VERSION, TLS1_2_VERSION,
497 DTLS1_2_VERSION, DTLS1_2_VERSION,
498 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
499 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
505 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
506 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
507 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
512 TLS1_2_VERSION, TLS1_2_VERSION,
513 DTLS1_2_VERSION, DTLS1_2_VERSION,
515 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
521 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
522 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
523 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
528 TLS1_2_VERSION, TLS1_2_VERSION,
529 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
537 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
538 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
539 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
544 TLS1_2_VERSION, TLS1_2_VERSION,
545 DTLS1_2_VERSION, DTLS1_2_VERSION,
547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
553 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
554 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
555 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
560 TLS1_2_VERSION, TLS1_2_VERSION,
561 DTLS1_2_VERSION, DTLS1_2_VERSION,
563 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
569 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
570 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
571 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
576 TLS1_2_VERSION, TLS1_2_VERSION,
577 DTLS1_2_VERSION, DTLS1_2_VERSION,
578 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
579 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
585 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
586 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
587 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
592 TLS1_2_VERSION, TLS1_2_VERSION,
593 DTLS1_2_VERSION, DTLS1_2_VERSION,
594 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
595 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
601 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
602 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
603 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
608 TLS1_2_VERSION, TLS1_2_VERSION,
609 DTLS1_2_VERSION, DTLS1_2_VERSION,
610 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
611 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
617 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
618 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
619 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
624 TLS1_2_VERSION, TLS1_2_VERSION,
625 DTLS1_2_VERSION, DTLS1_2_VERSION,
626 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
633 TLS1_TXT_RSA_WITH_AES_128_CCM,
634 TLS1_RFC_RSA_WITH_AES_128_CCM,
635 TLS1_CK_RSA_WITH_AES_128_CCM,
640 TLS1_2_VERSION, TLS1_2_VERSION,
641 DTLS1_2_VERSION, DTLS1_2_VERSION,
642 SSL_NOT_DEFAULT | SSL_HIGH,
643 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
649 TLS1_TXT_RSA_WITH_AES_256_CCM,
650 TLS1_RFC_RSA_WITH_AES_256_CCM,
651 TLS1_CK_RSA_WITH_AES_256_CCM,
656 TLS1_2_VERSION, TLS1_2_VERSION,
657 DTLS1_2_VERSION, DTLS1_2_VERSION,
658 SSL_NOT_DEFAULT | SSL_HIGH,
659 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
665 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
666 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
667 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
672 TLS1_2_VERSION, TLS1_2_VERSION,
673 DTLS1_2_VERSION, DTLS1_2_VERSION,
674 SSL_NOT_DEFAULT | SSL_HIGH,
675 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
681 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
682 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
683 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
688 TLS1_2_VERSION, TLS1_2_VERSION,
689 DTLS1_2_VERSION, DTLS1_2_VERSION,
690 SSL_NOT_DEFAULT | SSL_HIGH,
691 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
697 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
698 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
699 TLS1_CK_RSA_WITH_AES_128_CCM_8,
704 TLS1_2_VERSION, TLS1_2_VERSION,
705 DTLS1_2_VERSION, DTLS1_2_VERSION,
706 SSL_NOT_DEFAULT | SSL_HIGH,
707 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
713 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
714 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
715 TLS1_CK_RSA_WITH_AES_256_CCM_8,
720 TLS1_2_VERSION, TLS1_2_VERSION,
721 DTLS1_2_VERSION, DTLS1_2_VERSION,
722 SSL_NOT_DEFAULT | SSL_HIGH,
723 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
729 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
730 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
731 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
736 TLS1_2_VERSION, TLS1_2_VERSION,
737 DTLS1_2_VERSION, DTLS1_2_VERSION,
738 SSL_NOT_DEFAULT | SSL_HIGH,
739 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
745 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
746 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
747 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
752 TLS1_2_VERSION, TLS1_2_VERSION,
753 DTLS1_2_VERSION, DTLS1_2_VERSION,
754 SSL_NOT_DEFAULT | SSL_HIGH,
755 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
761 TLS1_TXT_PSK_WITH_AES_128_CCM,
762 TLS1_RFC_PSK_WITH_AES_128_CCM,
763 TLS1_CK_PSK_WITH_AES_128_CCM,
768 TLS1_2_VERSION, TLS1_2_VERSION,
769 DTLS1_2_VERSION, DTLS1_2_VERSION,
770 SSL_NOT_DEFAULT | SSL_HIGH,
771 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
777 TLS1_TXT_PSK_WITH_AES_256_CCM,
778 TLS1_RFC_PSK_WITH_AES_256_CCM,
779 TLS1_CK_PSK_WITH_AES_256_CCM,
784 TLS1_2_VERSION, TLS1_2_VERSION,
785 DTLS1_2_VERSION, DTLS1_2_VERSION,
786 SSL_NOT_DEFAULT | SSL_HIGH,
787 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
793 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
794 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
795 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
800 TLS1_2_VERSION, TLS1_2_VERSION,
801 DTLS1_2_VERSION, DTLS1_2_VERSION,
802 SSL_NOT_DEFAULT | SSL_HIGH,
803 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
809 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
810 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
811 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
816 TLS1_2_VERSION, TLS1_2_VERSION,
817 DTLS1_2_VERSION, DTLS1_2_VERSION,
818 SSL_NOT_DEFAULT | SSL_HIGH,
819 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
825 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
826 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
827 TLS1_CK_PSK_WITH_AES_128_CCM_8,
832 TLS1_2_VERSION, TLS1_2_VERSION,
833 DTLS1_2_VERSION, DTLS1_2_VERSION,
834 SSL_NOT_DEFAULT | SSL_HIGH,
835 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
841 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
842 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
843 TLS1_CK_PSK_WITH_AES_256_CCM_8,
848 TLS1_2_VERSION, TLS1_2_VERSION,
849 DTLS1_2_VERSION, DTLS1_2_VERSION,
850 SSL_NOT_DEFAULT | SSL_HIGH,
851 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
857 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
858 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
859 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
864 TLS1_2_VERSION, TLS1_2_VERSION,
865 DTLS1_2_VERSION, DTLS1_2_VERSION,
866 SSL_NOT_DEFAULT | SSL_HIGH,
867 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
873 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
874 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
875 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
880 TLS1_2_VERSION, TLS1_2_VERSION,
881 DTLS1_2_VERSION, DTLS1_2_VERSION,
882 SSL_NOT_DEFAULT | SSL_HIGH,
883 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
889 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
890 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
891 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
896 TLS1_2_VERSION, TLS1_2_VERSION,
897 DTLS1_2_VERSION, DTLS1_2_VERSION,
898 SSL_NOT_DEFAULT | SSL_HIGH,
899 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
905 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
906 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
907 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
912 TLS1_2_VERSION, TLS1_2_VERSION,
913 DTLS1_2_VERSION, DTLS1_2_VERSION,
914 SSL_NOT_DEFAULT | SSL_HIGH,
915 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
921 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
922 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
923 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
928 TLS1_2_VERSION, TLS1_2_VERSION,
929 DTLS1_2_VERSION, DTLS1_2_VERSION,
930 SSL_NOT_DEFAULT | SSL_HIGH,
931 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
937 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
938 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
939 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
944 TLS1_2_VERSION, TLS1_2_VERSION,
945 DTLS1_2_VERSION, DTLS1_2_VERSION,
946 SSL_NOT_DEFAULT | SSL_HIGH,
947 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
953 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
954 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
955 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
960 TLS1_VERSION, TLS1_2_VERSION,
961 DTLS1_BAD_VER, DTLS1_2_VERSION,
962 SSL_STRONG_NONE | SSL_FIPS,
963 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
967 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
970 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
971 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
972 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
977 TLS1_VERSION, TLS1_2_VERSION,
978 DTLS1_BAD_VER, DTLS1_2_VERSION,
979 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
980 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
987 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
988 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
989 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
994 TLS1_VERSION, TLS1_2_VERSION,
995 DTLS1_BAD_VER, DTLS1_2_VERSION,
997 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1003 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1004 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1005 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1010 TLS1_VERSION, TLS1_2_VERSION,
1011 DTLS1_BAD_VER, DTLS1_2_VERSION,
1012 SSL_HIGH | SSL_FIPS,
1013 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1019 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1020 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1021 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1026 TLS1_VERSION, TLS1_2_VERSION,
1027 DTLS1_BAD_VER, DTLS1_2_VERSION,
1028 SSL_STRONG_NONE | SSL_FIPS,
1029 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1033 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1036 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1037 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1038 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1043 TLS1_VERSION, TLS1_2_VERSION,
1044 DTLS1_BAD_VER, DTLS1_2_VERSION,
1045 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1046 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1053 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1054 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1055 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1060 TLS1_VERSION, TLS1_2_VERSION,
1061 DTLS1_BAD_VER, DTLS1_2_VERSION,
1062 SSL_HIGH | SSL_FIPS,
1063 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1069 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1070 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1071 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1076 TLS1_VERSION, TLS1_2_VERSION,
1077 DTLS1_BAD_VER, DTLS1_2_VERSION,
1078 SSL_HIGH | SSL_FIPS,
1079 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1085 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1086 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1087 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1092 TLS1_VERSION, TLS1_2_VERSION,
1093 DTLS1_BAD_VER, DTLS1_2_VERSION,
1094 SSL_STRONG_NONE | SSL_FIPS,
1095 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1099 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1102 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1103 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1104 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1109 TLS1_VERSION, TLS1_2_VERSION,
1110 DTLS1_BAD_VER, DTLS1_2_VERSION,
1111 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1112 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1120 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1121 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1126 TLS1_VERSION, TLS1_2_VERSION,
1127 DTLS1_BAD_VER, DTLS1_2_VERSION,
1128 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1129 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1135 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1136 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1137 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1142 TLS1_VERSION, TLS1_2_VERSION,
1143 DTLS1_BAD_VER, DTLS1_2_VERSION,
1144 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1145 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1151 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1152 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1158 TLS1_2_VERSION, TLS1_2_VERSION,
1159 DTLS1_2_VERSION, DTLS1_2_VERSION,
1160 SSL_HIGH | SSL_FIPS,
1161 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1167 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1168 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1174 TLS1_2_VERSION, TLS1_2_VERSION,
1175 DTLS1_2_VERSION, DTLS1_2_VERSION,
1176 SSL_HIGH | SSL_FIPS,
1177 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1183 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1184 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1185 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1190 TLS1_2_VERSION, TLS1_2_VERSION,
1191 DTLS1_2_VERSION, DTLS1_2_VERSION,
1192 SSL_HIGH | SSL_FIPS,
1193 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1199 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1200 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1201 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1206 TLS1_2_VERSION, TLS1_2_VERSION,
1207 DTLS1_2_VERSION, DTLS1_2_VERSION,
1208 SSL_HIGH | SSL_FIPS,
1209 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1215 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1216 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1217 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1222 TLS1_2_VERSION, TLS1_2_VERSION,
1223 DTLS1_2_VERSION, DTLS1_2_VERSION,
1224 SSL_HIGH | SSL_FIPS,
1225 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1231 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1232 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1233 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1238 TLS1_2_VERSION, TLS1_2_VERSION,
1239 DTLS1_2_VERSION, DTLS1_2_VERSION,
1240 SSL_HIGH | SSL_FIPS,
1241 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1247 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1248 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1249 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1254 TLS1_2_VERSION, TLS1_2_VERSION,
1255 DTLS1_2_VERSION, DTLS1_2_VERSION,
1256 SSL_HIGH | SSL_FIPS,
1257 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1263 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1264 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1265 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1270 TLS1_2_VERSION, TLS1_2_VERSION,
1271 DTLS1_2_VERSION, DTLS1_2_VERSION,
1272 SSL_HIGH | SSL_FIPS,
1273 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1279 TLS1_TXT_PSK_WITH_NULL_SHA,
1280 TLS1_RFC_PSK_WITH_NULL_SHA,
1281 TLS1_CK_PSK_WITH_NULL_SHA,
1286 SSL3_VERSION, TLS1_2_VERSION,
1287 DTLS1_BAD_VER, DTLS1_2_VERSION,
1288 SSL_STRONG_NONE | SSL_FIPS,
1289 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1295 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1296 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1297 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1302 SSL3_VERSION, TLS1_2_VERSION,
1303 DTLS1_BAD_VER, DTLS1_2_VERSION,
1304 SSL_STRONG_NONE | SSL_FIPS,
1305 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1311 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1312 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1313 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1318 SSL3_VERSION, TLS1_2_VERSION,
1319 DTLS1_BAD_VER, DTLS1_2_VERSION,
1320 SSL_STRONG_NONE | SSL_FIPS,
1321 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1325 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1328 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1329 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1330 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1335 SSL3_VERSION, TLS1_2_VERSION,
1336 DTLS1_BAD_VER, DTLS1_2_VERSION,
1337 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1345 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1346 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1347 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1352 SSL3_VERSION, TLS1_2_VERSION,
1353 DTLS1_BAD_VER, DTLS1_2_VERSION,
1354 SSL_HIGH | SSL_FIPS,
1355 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1361 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1362 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1363 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1368 SSL3_VERSION, TLS1_2_VERSION,
1369 DTLS1_BAD_VER, DTLS1_2_VERSION,
1370 SSL_HIGH | SSL_FIPS,
1371 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1375 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1378 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1379 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1380 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1385 SSL3_VERSION, TLS1_2_VERSION,
1386 DTLS1_BAD_VER, DTLS1_2_VERSION,
1387 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1395 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1396 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1397 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1402 SSL3_VERSION, TLS1_2_VERSION,
1403 DTLS1_BAD_VER, DTLS1_2_VERSION,
1404 SSL_HIGH | SSL_FIPS,
1405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1411 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1412 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1413 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1418 SSL3_VERSION, TLS1_2_VERSION,
1419 DTLS1_BAD_VER, DTLS1_2_VERSION,
1420 SSL_HIGH | SSL_FIPS,
1421 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1425 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1428 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1429 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1430 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1435 SSL3_VERSION, TLS1_2_VERSION,
1436 DTLS1_BAD_VER, DTLS1_2_VERSION,
1437 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1438 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1445 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1446 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1447 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1452 SSL3_VERSION, TLS1_2_VERSION,
1453 DTLS1_BAD_VER, DTLS1_2_VERSION,
1454 SSL_HIGH | SSL_FIPS,
1455 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1461 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1462 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1463 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1468 SSL3_VERSION, TLS1_2_VERSION,
1469 DTLS1_BAD_VER, DTLS1_2_VERSION,
1470 SSL_HIGH | SSL_FIPS,
1471 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1477 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1478 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1479 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1484 TLS1_2_VERSION, TLS1_2_VERSION,
1485 DTLS1_2_VERSION, DTLS1_2_VERSION,
1486 SSL_HIGH | SSL_FIPS,
1487 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1493 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1494 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1495 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1500 TLS1_2_VERSION, TLS1_2_VERSION,
1501 DTLS1_2_VERSION, DTLS1_2_VERSION,
1502 SSL_HIGH | SSL_FIPS,
1503 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1509 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1510 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1511 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1516 TLS1_2_VERSION, TLS1_2_VERSION,
1517 DTLS1_2_VERSION, DTLS1_2_VERSION,
1518 SSL_HIGH | SSL_FIPS,
1519 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1525 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1526 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1527 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1532 TLS1_2_VERSION, TLS1_2_VERSION,
1533 DTLS1_2_VERSION, DTLS1_2_VERSION,
1534 SSL_HIGH | SSL_FIPS,
1535 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1541 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1542 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1543 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1548 TLS1_2_VERSION, TLS1_2_VERSION,
1549 DTLS1_2_VERSION, DTLS1_2_VERSION,
1550 SSL_HIGH | SSL_FIPS,
1551 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1557 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1558 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1559 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1564 TLS1_2_VERSION, TLS1_2_VERSION,
1565 DTLS1_2_VERSION, DTLS1_2_VERSION,
1566 SSL_HIGH | SSL_FIPS,
1567 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1573 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1574 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1575 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1580 TLS1_VERSION, TLS1_2_VERSION,
1581 DTLS1_BAD_VER, DTLS1_2_VERSION,
1582 SSL_HIGH | SSL_FIPS,
1583 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1589 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1590 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1591 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1596 TLS1_VERSION, TLS1_2_VERSION,
1597 DTLS1_BAD_VER, DTLS1_2_VERSION,
1598 SSL_HIGH | SSL_FIPS,
1599 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1605 TLS1_TXT_PSK_WITH_NULL_SHA256,
1606 TLS1_RFC_PSK_WITH_NULL_SHA256,
1607 TLS1_CK_PSK_WITH_NULL_SHA256,
1612 TLS1_VERSION, TLS1_2_VERSION,
1613 DTLS1_BAD_VER, DTLS1_2_VERSION,
1614 SSL_STRONG_NONE | SSL_FIPS,
1615 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1621 TLS1_TXT_PSK_WITH_NULL_SHA384,
1622 TLS1_RFC_PSK_WITH_NULL_SHA384,
1623 TLS1_CK_PSK_WITH_NULL_SHA384,
1628 TLS1_VERSION, TLS1_2_VERSION,
1629 DTLS1_BAD_VER, DTLS1_2_VERSION,
1630 SSL_STRONG_NONE | SSL_FIPS,
1631 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1637 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1638 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1644 TLS1_VERSION, TLS1_2_VERSION,
1645 DTLS1_BAD_VER, DTLS1_2_VERSION,
1646 SSL_HIGH | SSL_FIPS,
1647 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1653 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1654 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1660 TLS1_VERSION, TLS1_2_VERSION,
1661 DTLS1_BAD_VER, DTLS1_2_VERSION,
1662 SSL_HIGH | SSL_FIPS,
1663 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1669 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1670 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1671 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1676 TLS1_VERSION, TLS1_2_VERSION,
1677 DTLS1_BAD_VER, DTLS1_2_VERSION,
1678 SSL_STRONG_NONE | SSL_FIPS,
1679 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1685 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1686 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1687 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1692 TLS1_VERSION, TLS1_2_VERSION,
1693 DTLS1_BAD_VER, DTLS1_2_VERSION,
1694 SSL_STRONG_NONE | SSL_FIPS,
1695 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1701 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1702 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1703 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1708 TLS1_VERSION, TLS1_2_VERSION,
1709 DTLS1_BAD_VER, DTLS1_2_VERSION,
1710 SSL_HIGH | SSL_FIPS,
1711 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1717 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1718 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1719 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1724 TLS1_VERSION, TLS1_2_VERSION,
1725 DTLS1_BAD_VER, DTLS1_2_VERSION,
1726 SSL_HIGH | SSL_FIPS,
1727 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1733 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1734 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1735 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1740 TLS1_VERSION, TLS1_2_VERSION,
1741 DTLS1_BAD_VER, DTLS1_2_VERSION,
1742 SSL_STRONG_NONE | SSL_FIPS,
1743 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1749 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1750 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1751 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1756 TLS1_VERSION, TLS1_2_VERSION,
1757 DTLS1_BAD_VER, DTLS1_2_VERSION,
1758 SSL_STRONG_NONE | SSL_FIPS,
1759 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1763 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1766 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1767 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1768 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1773 TLS1_VERSION, TLS1_2_VERSION,
1774 DTLS1_BAD_VER, DTLS1_2_VERSION,
1775 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1776 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1783 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1784 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1785 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1790 TLS1_VERSION, TLS1_2_VERSION,
1791 DTLS1_BAD_VER, DTLS1_2_VERSION,
1792 SSL_HIGH | SSL_FIPS,
1793 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1799 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1800 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1801 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1806 TLS1_VERSION, TLS1_2_VERSION,
1807 DTLS1_BAD_VER, DTLS1_2_VERSION,
1808 SSL_HIGH | SSL_FIPS,
1809 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1815 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1816 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1817 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1822 TLS1_VERSION, TLS1_2_VERSION,
1823 DTLS1_BAD_VER, DTLS1_2_VERSION,
1824 SSL_HIGH | SSL_FIPS,
1825 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1831 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1832 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1833 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1838 TLS1_VERSION, TLS1_2_VERSION,
1839 DTLS1_BAD_VER, DTLS1_2_VERSION,
1840 SSL_HIGH | SSL_FIPS,
1841 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1847 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1848 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1849 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1854 TLS1_VERSION, TLS1_2_VERSION,
1855 DTLS1_BAD_VER, DTLS1_2_VERSION,
1856 SSL_STRONG_NONE | SSL_FIPS,
1857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1863 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1864 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1865 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1870 TLS1_VERSION, TLS1_2_VERSION,
1871 DTLS1_BAD_VER, DTLS1_2_VERSION,
1872 SSL_STRONG_NONE | SSL_FIPS,
1873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1879 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1880 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1881 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1886 TLS1_VERSION, TLS1_2_VERSION,
1887 DTLS1_BAD_VER, DTLS1_2_VERSION,
1888 SSL_STRONG_NONE | SSL_FIPS,
1889 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1894 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1897 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1898 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1904 SSL3_VERSION, TLS1_2_VERSION,
1905 DTLS1_BAD_VER, DTLS1_2_VERSION,
1906 SSL_NOT_DEFAULT | SSL_MEDIUM,
1907 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1913 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1914 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1920 SSL3_VERSION, TLS1_2_VERSION,
1921 DTLS1_BAD_VER, DTLS1_2_VERSION,
1922 SSL_NOT_DEFAULT | SSL_MEDIUM,
1923 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1929 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1930 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1936 SSL3_VERSION, TLS1_2_VERSION,
1937 DTLS1_BAD_VER, DTLS1_2_VERSION,
1938 SSL_NOT_DEFAULT | SSL_MEDIUM,
1939 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1946 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1947 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1953 SSL3_VERSION, TLS1_2_VERSION,
1954 DTLS1_BAD_VER, DTLS1_2_VERSION,
1956 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1962 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1963 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1969 SSL3_VERSION, TLS1_2_VERSION,
1970 DTLS1_BAD_VER, DTLS1_2_VERSION,
1972 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1978 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1979 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1985 SSL3_VERSION, TLS1_2_VERSION,
1986 DTLS1_BAD_VER, DTLS1_2_VERSION,
1987 SSL_NOT_DEFAULT | SSL_HIGH,
1988 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1994 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1995 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2001 SSL3_VERSION, TLS1_2_VERSION,
2002 DTLS1_BAD_VER, DTLS1_2_VERSION,
2004 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2010 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2011 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2017 SSL3_VERSION, TLS1_2_VERSION,
2018 DTLS1_BAD_VER, DTLS1_2_VERSION,
2020 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2026 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2027 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2033 SSL3_VERSION, TLS1_2_VERSION,
2034 DTLS1_BAD_VER, DTLS1_2_VERSION,
2035 SSL_NOT_DEFAULT | SSL_HIGH,
2036 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2041 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2044 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2045 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2046 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2049 SSL_CHACHA20POLY1305,
2051 TLS1_2_VERSION, TLS1_2_VERSION,
2052 DTLS1_2_VERSION, DTLS1_2_VERSION,
2054 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2060 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2061 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2062 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2065 SSL_CHACHA20POLY1305,
2067 TLS1_2_VERSION, TLS1_2_VERSION,
2068 DTLS1_2_VERSION, DTLS1_2_VERSION,
2070 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2076 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2077 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2078 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2081 SSL_CHACHA20POLY1305,
2083 TLS1_2_VERSION, TLS1_2_VERSION,
2084 DTLS1_2_VERSION, DTLS1_2_VERSION,
2086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2092 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2093 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2094 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2097 SSL_CHACHA20POLY1305,
2099 TLS1_2_VERSION, TLS1_2_VERSION,
2100 DTLS1_2_VERSION, DTLS1_2_VERSION,
2102 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2108 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2109 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2110 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2113 SSL_CHACHA20POLY1305,
2115 TLS1_2_VERSION, TLS1_2_VERSION,
2116 DTLS1_2_VERSION, DTLS1_2_VERSION,
2118 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2124 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2125 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2126 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2129 SSL_CHACHA20POLY1305,
2131 TLS1_2_VERSION, TLS1_2_VERSION,
2132 DTLS1_2_VERSION, DTLS1_2_VERSION,
2134 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2140 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2141 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2142 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2145 SSL_CHACHA20POLY1305,
2147 TLS1_2_VERSION, TLS1_2_VERSION,
2148 DTLS1_2_VERSION, DTLS1_2_VERSION,
2150 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2154 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2155 * !defined(OPENSSL_NO_POLY1305) */
2157 #ifndef OPENSSL_NO_CAMELLIA
2160 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2161 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2162 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2167 TLS1_2_VERSION, TLS1_2_VERSION,
2168 DTLS1_2_VERSION, DTLS1_2_VERSION,
2169 SSL_NOT_DEFAULT | SSL_HIGH,
2170 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2176 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2177 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2178 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2183 TLS1_2_VERSION, TLS1_2_VERSION,
2184 DTLS1_2_VERSION, DTLS1_2_VERSION,
2185 SSL_NOT_DEFAULT | SSL_HIGH,
2186 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2192 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2193 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2194 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2199 TLS1_2_VERSION, TLS1_2_VERSION,
2200 DTLS1_2_VERSION, DTLS1_2_VERSION,
2201 SSL_NOT_DEFAULT | SSL_HIGH,
2202 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2208 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2209 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2210 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2215 TLS1_2_VERSION, TLS1_2_VERSION,
2216 DTLS1_2_VERSION, DTLS1_2_VERSION,
2217 SSL_NOT_DEFAULT | SSL_HIGH,
2218 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2224 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2225 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2226 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2231 TLS1_2_VERSION, TLS1_2_VERSION,
2232 DTLS1_2_VERSION, DTLS1_2_VERSION,
2233 SSL_NOT_DEFAULT | SSL_HIGH,
2234 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2240 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2241 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2242 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2247 TLS1_2_VERSION, TLS1_2_VERSION,
2248 DTLS1_2_VERSION, DTLS1_2_VERSION,
2249 SSL_NOT_DEFAULT | SSL_HIGH,
2250 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2256 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2257 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2258 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2263 TLS1_2_VERSION, TLS1_2_VERSION,
2264 DTLS1_2_VERSION, DTLS1_2_VERSION,
2265 SSL_NOT_DEFAULT | SSL_HIGH,
2266 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2272 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2273 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2274 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2279 TLS1_2_VERSION, TLS1_2_VERSION,
2280 DTLS1_2_VERSION, DTLS1_2_VERSION,
2281 SSL_NOT_DEFAULT | SSL_HIGH,
2282 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2288 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2289 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2290 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2295 SSL3_VERSION, TLS1_2_VERSION,
2296 DTLS1_BAD_VER, DTLS1_2_VERSION,
2297 SSL_NOT_DEFAULT | SSL_HIGH,
2298 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2304 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2305 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2306 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2311 SSL3_VERSION, TLS1_2_VERSION,
2312 DTLS1_BAD_VER, DTLS1_2_VERSION,
2313 SSL_NOT_DEFAULT | SSL_HIGH,
2314 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2320 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2321 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2322 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2327 SSL3_VERSION, TLS1_2_VERSION,
2328 DTLS1_BAD_VER, DTLS1_2_VERSION,
2329 SSL_NOT_DEFAULT | SSL_HIGH,
2330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2336 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2337 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2338 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2343 SSL3_VERSION, TLS1_2_VERSION,
2344 DTLS1_BAD_VER, DTLS1_2_VERSION,
2345 SSL_NOT_DEFAULT | SSL_HIGH,
2346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2352 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2353 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2354 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2359 SSL3_VERSION, TLS1_2_VERSION,
2360 DTLS1_BAD_VER, DTLS1_2_VERSION,
2361 SSL_NOT_DEFAULT | SSL_HIGH,
2362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2368 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2369 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2370 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2375 SSL3_VERSION, TLS1_2_VERSION,
2376 DTLS1_BAD_VER, DTLS1_2_VERSION,
2377 SSL_NOT_DEFAULT | SSL_HIGH,
2378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2384 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2385 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2386 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2391 SSL3_VERSION, TLS1_2_VERSION,
2392 DTLS1_BAD_VER, DTLS1_2_VERSION,
2393 SSL_NOT_DEFAULT | SSL_HIGH,
2394 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2400 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2401 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2402 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2407 SSL3_VERSION, TLS1_2_VERSION,
2408 DTLS1_BAD_VER, DTLS1_2_VERSION,
2409 SSL_NOT_DEFAULT | SSL_HIGH,
2410 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2416 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2417 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2418 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2423 TLS1_2_VERSION, TLS1_2_VERSION,
2424 DTLS1_2_VERSION, DTLS1_2_VERSION,
2425 SSL_NOT_DEFAULT | SSL_HIGH,
2426 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2432 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2433 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2434 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2439 TLS1_2_VERSION, TLS1_2_VERSION,
2440 DTLS1_2_VERSION, DTLS1_2_VERSION,
2441 SSL_NOT_DEFAULT | SSL_HIGH,
2442 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2448 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2449 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2450 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2455 TLS1_2_VERSION, TLS1_2_VERSION,
2456 DTLS1_2_VERSION, DTLS1_2_VERSION,
2457 SSL_NOT_DEFAULT | SSL_HIGH,
2458 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2464 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2465 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2466 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2471 TLS1_2_VERSION, TLS1_2_VERSION,
2472 DTLS1_2_VERSION, DTLS1_2_VERSION,
2473 SSL_NOT_DEFAULT | SSL_HIGH,
2474 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2480 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2481 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2482 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2487 TLS1_VERSION, TLS1_2_VERSION,
2488 DTLS1_BAD_VER, DTLS1_2_VERSION,
2489 SSL_NOT_DEFAULT | SSL_HIGH,
2490 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2496 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2497 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2498 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2503 TLS1_VERSION, TLS1_2_VERSION,
2504 DTLS1_BAD_VER, DTLS1_2_VERSION,
2505 SSL_NOT_DEFAULT | SSL_HIGH,
2506 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2512 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2513 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2514 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2519 TLS1_VERSION, TLS1_2_VERSION,
2520 DTLS1_BAD_VER, DTLS1_2_VERSION,
2521 SSL_NOT_DEFAULT | SSL_HIGH,
2522 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2528 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2529 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2530 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2535 TLS1_VERSION, TLS1_2_VERSION,
2536 DTLS1_BAD_VER, DTLS1_2_VERSION,
2537 SSL_NOT_DEFAULT | SSL_HIGH,
2538 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2544 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2545 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2546 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2551 TLS1_VERSION, TLS1_2_VERSION,
2552 DTLS1_BAD_VER, DTLS1_2_VERSION,
2553 SSL_NOT_DEFAULT | SSL_HIGH,
2554 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2560 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2561 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2562 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2567 TLS1_VERSION, TLS1_2_VERSION,
2568 DTLS1_BAD_VER, DTLS1_2_VERSION,
2569 SSL_NOT_DEFAULT | SSL_HIGH,
2570 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2576 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2577 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2578 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2583 TLS1_VERSION, TLS1_2_VERSION,
2584 DTLS1_BAD_VER, DTLS1_2_VERSION,
2585 SSL_NOT_DEFAULT | SSL_HIGH,
2586 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2592 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2593 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2594 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2599 TLS1_VERSION, TLS1_2_VERSION,
2600 DTLS1_BAD_VER, DTLS1_2_VERSION,
2601 SSL_NOT_DEFAULT | SSL_HIGH,
2602 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2606 #endif /* OPENSSL_NO_CAMELLIA */
2608 #ifndef OPENSSL_NO_GOST
2611 "GOST2001-GOST89-GOST89",
2612 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2616 SSL_eGOST2814789CNT,
2618 TLS1_VERSION, TLS1_2_VERSION,
2621 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2627 "GOST2001-NULL-GOST94",
2628 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2634 TLS1_VERSION, TLS1_2_VERSION,
2637 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2643 "IANA-GOST2012-GOST8912-GOST8912",
2647 SSL_aGOST12 | SSL_aGOST01,
2648 SSL_eGOST2814789CNT12,
2650 TLS1_VERSION, TLS1_2_VERSION,
2653 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2659 "LEGACY-GOST2012-GOST8912-GOST8912",
2663 SSL_aGOST12 | SSL_aGOST01,
2664 SSL_eGOST2814789CNT12,
2666 TLS1_VERSION, TLS1_2_VERSION,
2669 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2675 "GOST2012-NULL-GOST12",
2679 SSL_aGOST12 | SSL_aGOST01,
2682 TLS1_VERSION, TLS1_2_VERSION,
2685 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2691 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2698 TLS1_2_VERSION, TLS1_2_VERSION,
2701 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2707 "GOST2012-MAGMA-MAGMAOMAC",
2714 TLS1_2_VERSION, TLS1_2_VERSION,
2717 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2721 #endif /* OPENSSL_NO_GOST */
2723 #ifndef OPENSSL_NO_IDEA
2726 SSL3_TXT_RSA_IDEA_128_SHA,
2727 SSL3_RFC_RSA_IDEA_128_SHA,
2728 SSL3_CK_RSA_IDEA_128_SHA,
2733 SSL3_VERSION, TLS1_1_VERSION,
2734 DTLS1_BAD_VER, DTLS1_VERSION,
2735 SSL_NOT_DEFAULT | SSL_MEDIUM,
2736 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2742 #ifndef OPENSSL_NO_SEED
2745 TLS1_TXT_RSA_WITH_SEED_SHA,
2746 TLS1_RFC_RSA_WITH_SEED_SHA,
2747 TLS1_CK_RSA_WITH_SEED_SHA,
2752 SSL3_VERSION, TLS1_2_VERSION,
2753 DTLS1_BAD_VER, DTLS1_2_VERSION,
2754 SSL_NOT_DEFAULT | SSL_MEDIUM,
2755 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2761 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2762 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2763 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2768 SSL3_VERSION, TLS1_2_VERSION,
2769 DTLS1_BAD_VER, DTLS1_2_VERSION,
2770 SSL_NOT_DEFAULT | SSL_MEDIUM,
2771 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2777 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2778 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2779 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2784 SSL3_VERSION, TLS1_2_VERSION,
2785 DTLS1_BAD_VER, DTLS1_2_VERSION,
2786 SSL_NOT_DEFAULT | SSL_MEDIUM,
2787 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2793 TLS1_TXT_ADH_WITH_SEED_SHA,
2794 TLS1_RFC_ADH_WITH_SEED_SHA,
2795 TLS1_CK_ADH_WITH_SEED_SHA,
2800 SSL3_VERSION, TLS1_2_VERSION,
2801 DTLS1_BAD_VER, DTLS1_2_VERSION,
2802 SSL_NOT_DEFAULT | SSL_MEDIUM,
2803 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2807 #endif /* OPENSSL_NO_SEED */
2809 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2812 SSL3_TXT_RSA_RC4_128_MD5,
2813 SSL3_RFC_RSA_RC4_128_MD5,
2814 SSL3_CK_RSA_RC4_128_MD5,
2819 SSL3_VERSION, TLS1_2_VERSION,
2821 SSL_NOT_DEFAULT | SSL_MEDIUM,
2822 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2828 SSL3_TXT_RSA_RC4_128_SHA,
2829 SSL3_RFC_RSA_RC4_128_SHA,
2830 SSL3_CK_RSA_RC4_128_SHA,
2835 SSL3_VERSION, TLS1_2_VERSION,
2837 SSL_NOT_DEFAULT | SSL_MEDIUM,
2838 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2844 SSL3_TXT_ADH_RC4_128_MD5,
2845 SSL3_RFC_ADH_RC4_128_MD5,
2846 SSL3_CK_ADH_RC4_128_MD5,
2851 SSL3_VERSION, TLS1_2_VERSION,
2853 SSL_NOT_DEFAULT | SSL_MEDIUM,
2854 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2860 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2861 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2862 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2867 TLS1_VERSION, TLS1_2_VERSION,
2869 SSL_NOT_DEFAULT | SSL_MEDIUM,
2870 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2876 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2877 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2878 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2883 TLS1_VERSION, TLS1_2_VERSION,
2885 SSL_NOT_DEFAULT | SSL_MEDIUM,
2886 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2892 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2893 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2894 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2899 TLS1_VERSION, TLS1_2_VERSION,
2901 SSL_NOT_DEFAULT | SSL_MEDIUM,
2902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2908 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2909 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2910 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2915 TLS1_VERSION, TLS1_2_VERSION,
2917 SSL_NOT_DEFAULT | SSL_MEDIUM,
2918 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2924 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2925 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2926 TLS1_CK_PSK_WITH_RC4_128_SHA,
2931 SSL3_VERSION, TLS1_2_VERSION,
2933 SSL_NOT_DEFAULT | SSL_MEDIUM,
2934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2940 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2941 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2942 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2947 SSL3_VERSION, TLS1_2_VERSION,
2949 SSL_NOT_DEFAULT | SSL_MEDIUM,
2950 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2956 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2957 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2958 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2963 SSL3_VERSION, TLS1_2_VERSION,
2965 SSL_NOT_DEFAULT | SSL_MEDIUM,
2966 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2970 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2972 #ifndef OPENSSL_NO_ARIA
2975 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2976 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2977 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2982 TLS1_2_VERSION, TLS1_2_VERSION,
2983 DTLS1_2_VERSION, DTLS1_2_VERSION,
2984 SSL_NOT_DEFAULT | SSL_HIGH,
2985 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2991 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2992 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2993 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2998 TLS1_2_VERSION, TLS1_2_VERSION,
2999 DTLS1_2_VERSION, DTLS1_2_VERSION,
3000 SSL_NOT_DEFAULT | SSL_HIGH,
3001 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3007 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3008 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3009 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3014 TLS1_2_VERSION, TLS1_2_VERSION,
3015 DTLS1_2_VERSION, DTLS1_2_VERSION,
3016 SSL_NOT_DEFAULT | SSL_HIGH,
3017 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3023 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3024 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3025 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3030 TLS1_2_VERSION, TLS1_2_VERSION,
3031 DTLS1_2_VERSION, DTLS1_2_VERSION,
3032 SSL_NOT_DEFAULT | SSL_HIGH,
3033 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3039 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3040 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3041 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3046 TLS1_2_VERSION, TLS1_2_VERSION,
3047 DTLS1_2_VERSION, DTLS1_2_VERSION,
3048 SSL_NOT_DEFAULT | SSL_HIGH,
3049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3055 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3056 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3057 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3062 TLS1_2_VERSION, TLS1_2_VERSION,
3063 DTLS1_2_VERSION, DTLS1_2_VERSION,
3064 SSL_NOT_DEFAULT | SSL_HIGH,
3065 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3071 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3072 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3073 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3078 TLS1_2_VERSION, TLS1_2_VERSION,
3079 DTLS1_2_VERSION, DTLS1_2_VERSION,
3080 SSL_NOT_DEFAULT | SSL_HIGH,
3081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3087 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3088 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3089 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3094 TLS1_2_VERSION, TLS1_2_VERSION,
3095 DTLS1_2_VERSION, DTLS1_2_VERSION,
3096 SSL_NOT_DEFAULT | SSL_HIGH,
3097 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3103 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3104 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3105 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3110 TLS1_2_VERSION, TLS1_2_VERSION,
3111 DTLS1_2_VERSION, DTLS1_2_VERSION,
3112 SSL_NOT_DEFAULT | SSL_HIGH,
3113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3119 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3120 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3121 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3126 TLS1_2_VERSION, TLS1_2_VERSION,
3127 DTLS1_2_VERSION, DTLS1_2_VERSION,
3128 SSL_NOT_DEFAULT | SSL_HIGH,
3129 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3135 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3136 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3137 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3142 TLS1_2_VERSION, TLS1_2_VERSION,
3143 DTLS1_2_VERSION, DTLS1_2_VERSION,
3144 SSL_NOT_DEFAULT | SSL_HIGH,
3145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3151 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3152 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3153 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3158 TLS1_2_VERSION, TLS1_2_VERSION,
3159 DTLS1_2_VERSION, DTLS1_2_VERSION,
3160 SSL_NOT_DEFAULT | SSL_HIGH,
3161 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3167 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3168 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3169 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3174 TLS1_2_VERSION, TLS1_2_VERSION,
3175 DTLS1_2_VERSION, DTLS1_2_VERSION,
3176 SSL_NOT_DEFAULT | SSL_HIGH,
3177 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3183 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3184 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3185 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3190 TLS1_2_VERSION, TLS1_2_VERSION,
3191 DTLS1_2_VERSION, DTLS1_2_VERSION,
3192 SSL_NOT_DEFAULT | SSL_HIGH,
3193 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3199 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3200 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3201 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3206 TLS1_2_VERSION, TLS1_2_VERSION,
3207 DTLS1_2_VERSION, DTLS1_2_VERSION,
3208 SSL_NOT_DEFAULT | SSL_HIGH,
3209 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3215 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3216 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3217 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3222 TLS1_2_VERSION, TLS1_2_VERSION,
3223 DTLS1_2_VERSION, DTLS1_2_VERSION,
3224 SSL_NOT_DEFAULT | SSL_HIGH,
3225 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3229 #endif /* OPENSSL_NO_ARIA */
3233 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3234 * values stuffed into the ciphers field of the wire protocol for signalling
3237 static SSL_CIPHER ssl3_scsvs[] = {
3240 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3241 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3243 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3247 "TLS_FALLBACK_SCSV",
3248 "TLS_FALLBACK_SCSV",
3249 SSL3_CK_FALLBACK_SCSV,
3250 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3254 static int cipher_compare(const void *a, const void *b)
3256 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3257 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3259 if (ap->id == bp->id)
3261 return ap->id < bp->id ? -1 : 1;
3264 void ssl_sort_cipher_list(void)
3266 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3268 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3270 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3273 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3274 const char * t, size_t u,
3275 const unsigned char * v, size_t w, int x)
3284 return ssl_undefined_function(ssl);
3287 const SSL3_ENC_METHOD SSLv3_enc_data = {
3290 ssl3_setup_key_block,
3291 ssl3_generate_master_secret,
3292 ssl3_change_cipher_state,
3293 ssl3_final_finish_mac,
3294 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3295 SSL3_MD_SERVER_FINISHED_CONST, 4,
3297 ssl_undefined_function_1,
3299 ssl3_set_handshake_header,
3300 tls_close_construct_packet,
3301 ssl3_handshake_write
3304 long ssl3_default_timeout(void)
3307 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3308 * http, the cache would over fill
3310 return (60 * 60 * 2);
3313 int ssl3_num_ciphers(void)
3315 return SSL3_NUM_CIPHERS;
3318 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3320 if (u < SSL3_NUM_CIPHERS)
3321 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3326 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3328 /* No header in the event of a CCS */
3329 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3332 /* Set the content type and 3 bytes for the message len */
3333 if (!WPACKET_put_bytes_u8(pkt, htype)
3334 || !WPACKET_start_sub_packet_u24(pkt))
3340 int ssl3_handshake_write(SSL *s)
3342 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3345 int ssl3_new(SSL *s)
3347 #ifndef OPENSSL_NO_SRP
3348 if (!SSL_SRP_CTX_init(s))
3352 if (!s->method->ssl_clear(s))
3358 void ssl3_free(SSL *s)
3363 ssl3_cleanup_key_block(s);
3365 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3366 EVP_PKEY_free(s->s3.peer_tmp);
3367 s->s3.peer_tmp = NULL;
3368 EVP_PKEY_free(s->s3.tmp.pkey);
3369 s->s3.tmp.pkey = NULL;
3372 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3373 ssl_evp_md_free(s->s3.tmp.new_hash);
3375 OPENSSL_free(s->s3.tmp.ctype);
3376 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3377 OPENSSL_free(s->s3.tmp.ciphers_raw);
3378 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3379 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3380 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3381 ssl3_free_digest_list(s);
3382 OPENSSL_free(s->s3.alpn_selected);
3383 OPENSSL_free(s->s3.alpn_proposed);
3385 #ifndef OPENSSL_NO_SRP
3386 SSL_SRP_CTX_free(s);
3388 memset(&s->s3, 0, sizeof(s->s3));
3391 int ssl3_clear(SSL *s)
3393 ssl3_cleanup_key_block(s);
3394 OPENSSL_free(s->s3.tmp.ctype);
3395 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3396 OPENSSL_free(s->s3.tmp.ciphers_raw);
3397 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3398 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3399 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3401 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3402 EVP_PKEY_free(s->s3.tmp.pkey);
3403 EVP_PKEY_free(s->s3.peer_tmp);
3404 #endif /* !OPENSSL_NO_EC */
3406 ssl3_free_digest_list(s);
3408 OPENSSL_free(s->s3.alpn_selected);
3409 OPENSSL_free(s->s3.alpn_proposed);
3411 /* NULL/zero-out everything in the s3 struct */
3412 memset(&s->s3, 0, sizeof(s->s3));
3414 if (!ssl_free_wbio_buffer(s))
3417 s->version = SSL3_VERSION;
3419 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3420 OPENSSL_free(s->ext.npn);
3428 #ifndef OPENSSL_NO_SRP
3429 static char *srp_password_from_info_cb(SSL *s, void *arg)
3431 return OPENSSL_strdup(s->srp_ctx.info);
3435 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3437 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3442 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3444 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3445 ret = s->s3.num_renegotiations;
3447 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3448 ret = s->s3.num_renegotiations;
3449 s->s3.num_renegotiations = 0;
3451 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3452 ret = s->s3.total_renegotiations;
3454 case SSL_CTRL_GET_FLAGS:
3455 ret = (int)(s->s3.flags);
3457 #ifndef OPENSSL_NO_DH
3458 case SSL_CTRL_SET_TMP_DH:
3460 DH *dh = (DH *)parg;
3461 EVP_PKEY *pkdh = NULL;
3463 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3466 pkdh = ssl_dh_to_pkey(dh);
3468 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3471 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3472 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3473 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3474 EVP_PKEY_free(pkdh);
3477 EVP_PKEY_free(s->cert->dh_tmp);
3478 s->cert->dh_tmp = pkdh;
3482 case SSL_CTRL_SET_TMP_DH_CB:
3484 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3487 case SSL_CTRL_SET_DH_AUTO:
3488 s->cert->dh_tmp_auto = larg;
3491 #ifndef OPENSSL_NO_EC
3492 case SSL_CTRL_SET_TMP_ECDH:
3494 const EC_GROUP *group = NULL;
3498 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3501 group = EC_KEY_get0_group((const EC_KEY *)parg);
3502 if (group == NULL) {
3503 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3506 nid = EC_GROUP_get_curve_name(group);
3507 if (nid == NID_undef)
3509 return tls1_set_groups(&s->ext.supportedgroups,
3510 &s->ext.supportedgroups_len,
3514 #endif /* !OPENSSL_NO_EC */
3515 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3518 * This API is only used for a client to set what SNI it will request
3519 * from the server, but we currently allow it to be used on servers
3520 * as well, which is a programming error. Currently we just clear
3521 * the field in SSL_do_handshake() for server SSLs, but when we can
3522 * make ABI-breaking changes, we may want to make use of this API
3523 * an error on server SSLs.
3525 if (larg == TLSEXT_NAMETYPE_host_name) {
3528 OPENSSL_free(s->ext.hostname);
3529 s->ext.hostname = NULL;
3534 len = strlen((char *)parg);
3535 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3536 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3539 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3540 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3544 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3548 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3549 s->ext.debug_arg = parg;
3553 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3554 ret = s->ext.status_type;
3557 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3558 s->ext.status_type = larg;
3562 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3563 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3567 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3568 s->ext.ocsp.exts = parg;
3572 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3573 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3577 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3578 s->ext.ocsp.ids = parg;
3582 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3583 *(unsigned char **)parg = s->ext.ocsp.resp;
3584 if (s->ext.ocsp.resp_len == 0
3585 || s->ext.ocsp.resp_len > LONG_MAX)
3587 return (long)s->ext.ocsp.resp_len;
3589 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3590 OPENSSL_free(s->ext.ocsp.resp);
3591 s->ext.ocsp.resp = parg;
3592 s->ext.ocsp.resp_len = larg;
3596 case SSL_CTRL_CHAIN:
3598 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3600 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3602 case SSL_CTRL_CHAIN_CERT:
3604 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3606 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3608 case SSL_CTRL_GET_CHAIN_CERTS:
3609 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3613 case SSL_CTRL_SELECT_CURRENT_CERT:
3614 return ssl_cert_select_current(s->cert, (X509 *)parg);
3616 case SSL_CTRL_SET_CURRENT_CERT:
3617 if (larg == SSL_CERT_SET_SERVER) {
3618 const SSL_CIPHER *cipher;
3621 cipher = s->s3.tmp.new_cipher;
3625 * No certificate for unauthenticated ciphersuites or using SRP
3628 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3630 if (s->s3.tmp.cert == NULL)
3632 s->cert->key = s->s3.tmp.cert;
3635 return ssl_cert_set_current(s->cert, larg);
3637 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3638 case SSL_CTRL_GET_GROUPS:
3645 clist = s->ext.peer_supportedgroups;
3646 clistlen = s->ext.peer_supportedgroups_len;
3651 for (i = 0; i < clistlen; i++) {
3652 const TLS_GROUP_INFO *cinf
3653 = tls1_group_id_lookup(s->ctx, clist[i]);
3656 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3658 cptr[i] = TLSEXT_nid_unknown | clist[i];
3661 return (int)clistlen;
3664 case SSL_CTRL_SET_GROUPS:
3665 return tls1_set_groups(&s->ext.supportedgroups,
3666 &s->ext.supportedgroups_len, parg, larg);
3668 case SSL_CTRL_SET_GROUPS_LIST:
3669 return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
3670 &s->ext.supportedgroups_len, parg);
3672 case SSL_CTRL_GET_SHARED_GROUP:
3674 uint16_t id = tls1_shared_group(s, larg);
3677 return tls1_group_id2nid(id, 1);
3680 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3681 ret = tls1_group_id2nid(s->s3.group_id, 1);
3683 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3685 case SSL_CTRL_SET_SIGALGS:
3686 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3688 case SSL_CTRL_SET_SIGALGS_LIST:
3689 return tls1_set_sigalgs_list(s->cert, parg, 0);
3691 case SSL_CTRL_SET_CLIENT_SIGALGS:
3692 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3694 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3695 return tls1_set_sigalgs_list(s->cert, parg, 1);
3697 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3699 const unsigned char **pctype = parg;
3700 if (s->server || !s->s3.tmp.cert_req)
3703 *pctype = s->s3.tmp.ctype;
3704 return s->s3.tmp.ctype_len;
3707 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3710 return ssl3_set_req_cert_type(s->cert, parg, larg);
3712 case SSL_CTRL_BUILD_CERT_CHAIN:
3713 return ssl_build_cert_chain(s, NULL, larg);
3715 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3716 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3718 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3719 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3721 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3722 if (s->s3.tmp.peer_sigalg == NULL)
3724 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3727 case SSL_CTRL_GET_SIGNATURE_NID:
3728 if (s->s3.tmp.sigalg == NULL)
3730 *(int *)parg = s->s3.tmp.sigalg->hash;
3733 case SSL_CTRL_GET_PEER_TMP_KEY:
3734 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3735 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3738 EVP_PKEY_up_ref(s->s3.peer_tmp);
3739 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3746 case SSL_CTRL_GET_TMP_KEY:
3747 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3748 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3751 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3752 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3759 #ifndef OPENSSL_NO_EC
3760 case SSL_CTRL_GET_EC_POINT_FORMATS:
3762 const unsigned char **pformat = parg;
3764 if (s->ext.peer_ecpointformats == NULL)
3766 *pformat = s->ext.peer_ecpointformats;
3767 return (int)s->ext.peer_ecpointformats_len;
3777 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3782 #ifndef OPENSSL_NO_DH
3783 case SSL_CTRL_SET_TMP_DH_CB:
3785 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3789 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3790 s->ext.debug_cb = (void (*)(SSL *, int, int,
3791 const unsigned char *, int, void *))fp;
3794 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3796 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3805 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3808 #ifndef OPENSSL_NO_DH
3809 case SSL_CTRL_SET_TMP_DH:
3811 DH *dh = (DH *)parg;
3812 EVP_PKEY *pkdh = NULL;
3814 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3817 pkdh = ssl_dh_to_pkey(dh);
3819 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3822 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3823 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3824 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3825 EVP_PKEY_free(pkdh);
3828 EVP_PKEY_free(ctx->cert->dh_tmp);
3829 ctx->cert->dh_tmp = pkdh;
3832 case SSL_CTRL_SET_TMP_DH_CB:
3834 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3837 case SSL_CTRL_SET_DH_AUTO:
3838 ctx->cert->dh_tmp_auto = larg;
3841 #ifndef OPENSSL_NO_EC
3842 case SSL_CTRL_SET_TMP_ECDH:
3844 const EC_GROUP *group = NULL;
3848 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3851 group = EC_KEY_get0_group((const EC_KEY *)parg);
3852 if (group == NULL) {
3853 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3856 nid = EC_GROUP_get_curve_name(group);
3857 if (nid == NID_undef)
3859 return tls1_set_groups(&ctx->ext.supportedgroups,
3860 &ctx->ext.supportedgroups_len,
3863 #endif /* !OPENSSL_NO_EC */
3864 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3865 ctx->ext.servername_arg = parg;
3867 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3868 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3870 unsigned char *keys = parg;
3871 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3872 sizeof(ctx->ext.secure->tick_hmac_key) +
3873 sizeof(ctx->ext.secure->tick_aes_key));
3876 if (larg != tick_keylen) {
3877 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3880 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3881 memcpy(ctx->ext.tick_key_name, keys,
3882 sizeof(ctx->ext.tick_key_name));
3883 memcpy(ctx->ext.secure->tick_hmac_key,
3884 keys + sizeof(ctx->ext.tick_key_name),
3885 sizeof(ctx->ext.secure->tick_hmac_key));
3886 memcpy(ctx->ext.secure->tick_aes_key,
3887 keys + sizeof(ctx->ext.tick_key_name) +
3888 sizeof(ctx->ext.secure->tick_hmac_key),
3889 sizeof(ctx->ext.secure->tick_aes_key));
3891 memcpy(keys, ctx->ext.tick_key_name,
3892 sizeof(ctx->ext.tick_key_name));
3893 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3894 ctx->ext.secure->tick_hmac_key,
3895 sizeof(ctx->ext.secure->tick_hmac_key));
3896 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3897 sizeof(ctx->ext.secure->tick_hmac_key),
3898 ctx->ext.secure->tick_aes_key,
3899 sizeof(ctx->ext.secure->tick_aes_key));
3904 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3905 return ctx->ext.status_type;
3907 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3908 ctx->ext.status_type = larg;
3911 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3912 ctx->ext.status_arg = parg;
3915 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3916 *(void**)parg = ctx->ext.status_arg;
3919 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3920 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3923 #ifndef OPENSSL_NO_SRP
3924 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3925 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3926 OPENSSL_free(ctx->srp_ctx.login);
3927 ctx->srp_ctx.login = NULL;
3930 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3931 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3934 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3935 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3939 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3940 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3941 srp_password_from_info_cb;
3942 if (ctx->srp_ctx.info != NULL)
3943 OPENSSL_free(ctx->srp_ctx.info);
3944 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3945 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3949 case SSL_CTRL_SET_SRP_ARG:
3950 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3951 ctx->srp_ctx.SRP_cb_arg = parg;
3954 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3955 ctx->srp_ctx.strength = larg;
3959 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3960 case SSL_CTRL_SET_GROUPS:
3961 return tls1_set_groups(&ctx->ext.supportedgroups,
3962 &ctx->ext.supportedgroups_len,
3965 case SSL_CTRL_SET_GROUPS_LIST:
3966 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
3967 &ctx->ext.supportedgroups_len,
3969 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3971 case SSL_CTRL_SET_SIGALGS:
3972 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3974 case SSL_CTRL_SET_SIGALGS_LIST:
3975 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3977 case SSL_CTRL_SET_CLIENT_SIGALGS:
3978 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3980 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3981 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3983 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3984 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3986 case SSL_CTRL_BUILD_CERT_CHAIN:
3987 return ssl_build_cert_chain(NULL, ctx, larg);
3989 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3990 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3992 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3993 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3995 /* A Thawte special :-) */
3996 case SSL_CTRL_EXTRA_CHAIN_CERT:
3997 if (ctx->extra_certs == NULL) {
3998 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3999 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
4003 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4004 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
4009 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4010 if (ctx->extra_certs == NULL && larg == 0)
4011 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4013 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4016 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4017 sk_X509_pop_free(ctx->extra_certs, X509_free);
4018 ctx->extra_certs = NULL;
4021 case SSL_CTRL_CHAIN:
4023 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4025 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4027 case SSL_CTRL_CHAIN_CERT:
4029 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4031 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4033 case SSL_CTRL_GET_CHAIN_CERTS:
4034 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4037 case SSL_CTRL_SELECT_CURRENT_CERT:
4038 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4040 case SSL_CTRL_SET_CURRENT_CERT:
4041 return ssl_cert_set_current(ctx->cert, larg);
4049 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4052 #ifndef OPENSSL_NO_DH
4053 case SSL_CTRL_SET_TMP_DH_CB:
4055 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4059 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4060 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4063 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4064 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4067 # ifndef OPENSSL_NO_DEPRECATED_3_0
4068 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4069 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4072 HMAC_CTX *, int))fp;
4076 #ifndef OPENSSL_NO_SRP
4077 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4078 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4079 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4081 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4082 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4083 ctx->srp_ctx.TLS_ext_srp_username_callback =
4084 (int (*)(SSL *, int *, void *))fp;
4086 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4087 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4088 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4089 (char *(*)(SSL *, void *))fp;
4092 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4094 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4103 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4104 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4105 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4107 ctx->ext.ticket_key_evp_cb = fp;
4111 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4114 const SSL_CIPHER *cp;
4117 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4120 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4123 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4126 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4128 SSL_CIPHER *c = NULL, *tbl;
4129 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
4130 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
4132 /* this is not efficient, necessary to optimize this? */
4133 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4134 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4135 if (tbl->stdname == NULL)
4137 if (strcmp(stdname, tbl->stdname) == 0) {
4145 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4146 if (strcmp(stdname, tbl->stdname) == 0) {
4156 * This function needs to check if the ciphers required are actually
4159 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4161 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4162 | ((uint32_t)p[0] << 8L)
4166 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4168 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4173 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4181 * ssl3_choose_cipher - choose a cipher from those offered by the client
4182 * @s: SSL connection
4183 * @clnt: ciphers offered by the client
4184 * @srvr: ciphers enabled on the server?
4186 * Returns the selected cipher or NULL when no common ciphers.
4188 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4189 STACK_OF(SSL_CIPHER) *srvr)
4191 const SSL_CIPHER *c, *ret = NULL;
4192 STACK_OF(SSL_CIPHER) *prio, *allow;
4193 int i, ii, ok, prefer_sha256 = 0;
4194 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4195 #ifndef OPENSSL_NO_CHACHA
4196 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4199 /* Let's see which ciphers we can support */
4202 * Do not set the compare functions, because this may lead to a
4203 * reordering by "id". We want to keep the original ordering. We may pay
4204 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4205 * pay with the price of sk_SSL_CIPHER_dup().
4208 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4209 BIO_printf(trc_out, "Server has %d from %p:\n",
4210 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4211 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4212 c = sk_SSL_CIPHER_value(srvr, i);
4213 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4215 BIO_printf(trc_out, "Client sent %d from %p:\n",
4216 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4217 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4218 c = sk_SSL_CIPHER_value(clnt, i);
4219 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4221 } OSSL_TRACE_END(TLS_CIPHER);
4223 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4224 if (tls1_suiteb(s)) {
4227 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4230 #ifndef OPENSSL_NO_CHACHA
4231 /* If ChaCha20 is at the top of the client preference list,
4232 and there are ChaCha20 ciphers in the server list, then
4233 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4234 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4235 c = sk_SSL_CIPHER_value(clnt, 0);
4236 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4237 /* ChaCha20 is client preferred, check server... */
4238 int num = sk_SSL_CIPHER_num(srvr);
4240 for (i = 0; i < num; i++) {
4241 c = sk_SSL_CIPHER_value(srvr, i);
4242 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4248 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4249 /* if reserve fails, then there's likely a memory issue */
4250 if (prio_chacha != NULL) {
4251 /* Put all ChaCha20 at the top, starting with the one we just found */
4252 sk_SSL_CIPHER_push(prio_chacha, c);
4253 for (i++; i < num; i++) {
4254 c = sk_SSL_CIPHER_value(srvr, i);
4255 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4256 sk_SSL_CIPHER_push(prio_chacha, c);
4258 /* Pull in the rest */
4259 for (i = 0; i < num; i++) {
4260 c = sk_SSL_CIPHER_value(srvr, i);
4261 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4262 sk_SSL_CIPHER_push(prio_chacha, c);
4275 if (SSL_IS_TLS13(s)) {
4276 #ifndef OPENSSL_NO_PSK
4280 * If we allow "old" style PSK callbacks, and we have no certificate (so
4281 * we're not going to succeed without a PSK anyway), and we're in
4282 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4283 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4286 if (s->psk_server_callback != NULL) {
4287 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4288 if (j == SSL_PKEY_NUM) {
4289 /* There are no certificates */
4295 tls1_set_cert_validity(s);
4299 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4300 c = sk_SSL_CIPHER_value(prio, i);
4302 /* Skip ciphers not supported by the protocol version */
4303 if (!SSL_IS_DTLS(s) &&
4304 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4306 if (SSL_IS_DTLS(s) &&
4307 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4308 DTLS_VERSION_GT(s->version, c->max_dtls)))
4312 * Since TLS 1.3 ciphersuites can be used with any auth or
4313 * key exchange scheme skip tests.
4315 if (!SSL_IS_TLS13(s)) {
4316 mask_k = s->s3.tmp.mask_k;
4317 mask_a = s->s3.tmp.mask_a;
4318 #ifndef OPENSSL_NO_SRP
4319 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4325 alg_k = c->algorithm_mkey;
4326 alg_a = c->algorithm_auth;
4328 #ifndef OPENSSL_NO_PSK
4329 /* with PSK there must be server callback set */
4330 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4332 #endif /* OPENSSL_NO_PSK */
4334 ok = (alg_k & mask_k) && (alg_a & mask_a);
4335 OSSL_TRACE7(TLS_CIPHER,
4336 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4337 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4339 #ifndef OPENSSL_NO_EC
4341 * if we are considering an ECC cipher suite that uses an ephemeral
4344 if (alg_k & SSL_kECDHE)
4345 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4346 #endif /* OPENSSL_NO_EC */
4351 ii = sk_SSL_CIPHER_find(allow, c);
4353 /* Check security callback permits this cipher */
4354 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4355 c->strength_bits, 0, (void *)c))
4357 #if !defined(OPENSSL_NO_EC)
4358 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4359 && s->s3.is_probably_safari) {
4361 ret = sk_SSL_CIPHER_value(allow, ii);
4365 if (prefer_sha256) {
4366 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4369 * TODO: When there are no more legacy digests we can just use
4370 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4372 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
4373 OBJ_nid2sn(NID_sha256))) {
4381 ret = sk_SSL_CIPHER_value(allow, ii);
4385 #ifndef OPENSSL_NO_CHACHA
4386 sk_SSL_CIPHER_free(prio_chacha);
4391 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4393 uint32_t alg_k, alg_a = 0;
4395 /* If we have custom certificate types set, use them */
4397 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4398 /* Get mask of algorithms disabled by signature list */
4399 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4401 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4403 #ifndef OPENSSL_NO_GOST
4404 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4405 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4406 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4407 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4408 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4409 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4412 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4413 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4414 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4418 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4419 #ifndef OPENSSL_NO_DH
4420 # ifndef OPENSSL_NO_RSA
4421 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4424 # ifndef OPENSSL_NO_DSA
4425 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4428 #endif /* !OPENSSL_NO_DH */
4430 #ifndef OPENSSL_NO_RSA
4431 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4434 #ifndef OPENSSL_NO_DSA
4435 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4438 #ifndef OPENSSL_NO_EC
4440 * ECDSA certs can be used with RSA cipher suites too so we don't
4441 * need to check for SSL_kECDH or SSL_kECDHE
4443 if (s->version >= TLS1_VERSION
4444 && !(alg_a & SSL_aECDSA)
4445 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4451 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4453 OPENSSL_free(c->ctype);
4456 if (p == NULL || len == 0)
4460 c->ctype = OPENSSL_memdup(p, len);
4461 if (c->ctype == NULL)
4467 int ssl3_shutdown(SSL *s)
4472 * Don't do anything much if we have not done the handshake or we don't
4473 * want to send messages :-)
4475 if (s->quiet_shutdown || SSL_in_before(s)) {
4476 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4480 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4481 s->shutdown |= SSL_SENT_SHUTDOWN;
4482 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4484 * our shutdown alert has been sent now, and if it still needs to be
4485 * written, s->s3.alert_dispatch will be true
4487 if (s->s3.alert_dispatch)
4488 return -1; /* return WANT_WRITE */
4489 } else if (s->s3.alert_dispatch) {
4490 /* resend it if not sent */
4491 ret = s->method->ssl_dispatch_alert(s);
4494 * we only get to return -1 here the 2nd/Nth invocation, we must
4495 * have already signalled return 0 upon a previous invocation,
4500 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4503 * If we are waiting for a close from our peer, we are closed
4505 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4506 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4507 return -1; /* return WANT_READ */
4511 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4512 !s->s3.alert_dispatch)
4518 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4521 if (s->s3.renegotiate)
4522 ssl3_renegotiate_check(s, 0);
4524 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4528 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4534 if (s->s3.renegotiate)
4535 ssl3_renegotiate_check(s, 0);
4536 s->s3.in_read_app_data = 1;
4538 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4540 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4542 * ssl3_read_bytes decided to call s->handshake_func, which called
4543 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4544 * actually found application data and thinks that application data
4545 * makes sense here; so disable handshake processing and try to read
4546 * application data again.
4548 ossl_statem_set_in_handshake(s, 1);
4550 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4551 len, peek, readbytes);
4552 ossl_statem_set_in_handshake(s, 0);
4554 s->s3.in_read_app_data = 0;
4559 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4561 return ssl3_read_internal(s, buf, len, 0, readbytes);
4564 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4566 return ssl3_read_internal(s, buf, len, 1, readbytes);
4569 int ssl3_renegotiate(SSL *s)
4571 if (s->handshake_func == NULL)
4574 s->s3.renegotiate = 1;
4579 * Check if we are waiting to do a renegotiation and if so whether now is a
4580 * good time to do it. If |initok| is true then we are being called from inside
4581 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4582 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4583 * should do a renegotiation now and sets up the state machine for it. Otherwise
4586 int ssl3_renegotiate_check(SSL *s, int initok)
4590 if (s->s3.renegotiate) {
4591 if (!RECORD_LAYER_read_pending(&s->rlayer)
4592 && !RECORD_LAYER_write_pending(&s->rlayer)
4593 && (initok || !SSL_in_init(s))) {
4595 * if we are the server, and we have sent a 'RENEGOTIATE'
4596 * message, we need to set the state machine into the renegotiate
4599 ossl_statem_set_renegotiate(s);
4600 s->s3.renegotiate = 0;
4601 s->s3.num_renegotiations++;
4602 s->s3.total_renegotiations++;
4610 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4611 * handshake macs if required.
4613 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4615 long ssl_get_algorithm2(SSL *s)
4618 if (s->s3.tmp.new_cipher == NULL)
4620 alg2 = s->s3.tmp.new_cipher->algorithm2;
4621 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4622 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4623 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4624 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4625 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4626 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4632 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4633 * failure, 1 on success.
4635 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4638 int send_time = 0, ret;
4643 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4645 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4647 unsigned long Time = (unsigned long)time(NULL);
4648 unsigned char *p = result;
4651 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
4653 ret = RAND_bytes_ex(s->ctx->libctx, result, len);
4657 if (!ossl_assert(sizeof(tls11downgrade) < len)
4658 || !ossl_assert(sizeof(tls12downgrade) < len))
4660 if (dgrd == DOWNGRADE_TO_1_2)
4661 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4662 sizeof(tls12downgrade));
4663 else if (dgrd == DOWNGRADE_TO_1_1)
4664 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4665 sizeof(tls11downgrade));
4671 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4674 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4677 if (alg_k & SSL_PSK) {
4678 #ifndef OPENSSL_NO_PSK
4679 unsigned char *pskpms, *t;
4680 size_t psklen = s->s3.tmp.psklen;
4683 /* create PSK premaster_secret */
4685 /* For plain PSK "other_secret" is psklen zeroes */
4686 if (alg_k & SSL_kPSK)
4689 pskpmslen = 4 + pmslen + psklen;
4690 pskpms = OPENSSL_malloc(pskpmslen);
4695 if (alg_k & SSL_kPSK)
4696 memset(t, 0, pmslen);
4698 memcpy(t, pms, pmslen);
4701 memcpy(t, s->s3.tmp.psk, psklen);
4703 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4704 s->s3.tmp.psk = NULL;
4705 if (!s->method->ssl3_enc->generate_master_secret(s,
4706 s->session->master_key, pskpms, pskpmslen,
4707 &s->session->master_key_length)) {
4708 OPENSSL_clear_free(pskpms, pskpmslen);
4709 /* SSLfatal() already called */
4712 OPENSSL_clear_free(pskpms, pskpmslen);
4714 /* Should never happen */
4718 if (!s->method->ssl3_enc->generate_master_secret(s,
4719 s->session->master_key, pms, pmslen,
4720 &s->session->master_key_length)) {
4721 /* SSLfatal() already called */
4730 OPENSSL_clear_free(pms, pmslen);
4732 OPENSSL_cleanse(pms, pmslen);
4735 s->s3.tmp.pms = NULL;
4739 /* Generate a private key from parameters */
4740 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4742 EVP_PKEY_CTX *pctx = NULL;
4743 EVP_PKEY *pkey = NULL;
4747 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4750 if (EVP_PKEY_keygen_init(pctx) <= 0)
4752 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4753 EVP_PKEY_free(pkey);
4758 EVP_PKEY_CTX_free(pctx);
4762 /* Generate a private key from a group ID */
4763 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4765 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4766 EVP_PKEY_CTX *pctx = NULL;
4767 EVP_PKEY *pkey = NULL;
4770 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4771 ERR_R_INTERNAL_ERROR);
4775 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4779 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4780 ERR_R_MALLOC_FAILURE);
4783 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4784 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4788 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
4789 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4793 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4794 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4796 EVP_PKEY_free(pkey);
4801 EVP_PKEY_CTX_free(pctx);
4806 * Generate parameters from a group ID
4808 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4810 EVP_PKEY_CTX *pctx = NULL;
4811 EVP_PKEY *pkey = NULL;
4812 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4817 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4822 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4824 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
4825 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4829 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4830 EVP_PKEY_free(pkey);
4835 EVP_PKEY_CTX_free(pctx);
4839 /* Derive secrets for ECDH/DH */
4840 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4843 unsigned char *pms = NULL;
4847 if (privkey == NULL || pubkey == NULL) {
4848 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4849 ERR_R_INTERNAL_ERROR);
4853 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4855 if (EVP_PKEY_derive_init(pctx) <= 0
4856 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4857 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4858 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4859 ERR_R_INTERNAL_ERROR);
4863 #ifndef OPENSSL_NO_DH
4864 if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
4865 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4868 pms = OPENSSL_malloc(pmslen);
4870 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4871 ERR_R_MALLOC_FAILURE);
4875 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4876 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4877 ERR_R_INTERNAL_ERROR);
4882 /* SSLfatal() called as appropriate in the below functions */
4883 if (SSL_IS_TLS13(s)) {
4885 * If we are resuming then we already generated the early secret
4886 * when we created the ClientHello, so don't recreate it.
4889 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4891 (unsigned char *)&s->early_secret);
4895 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4897 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4900 /* Save premaster secret */
4901 s->s3.tmp.pms = pms;
4902 s->s3.tmp.pmslen = pmslen;
4908 OPENSSL_clear_free(pms, pmslen);
4909 EVP_PKEY_CTX_free(pctx);
4913 #ifndef OPENSSL_NO_DH
4914 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4919 ret = EVP_PKEY_new();
4920 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {