2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28 const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 * The list of available ciphers, mostly organized into the following
38 * SRP (within that: RSA EC PSK)
39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
42 static SSL_CIPHER ssl3_ciphers[] = {
45 SSL3_TXT_RSA_NULL_MD5,
46 SSL3_RFC_RSA_NULL_MD5,
52 SSL3_VERSION, TLS1_2_VERSION,
53 DTLS1_BAD_VER, DTLS1_2_VERSION,
55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
61 SSL3_TXT_RSA_NULL_SHA,
62 SSL3_RFC_RSA_NULL_SHA,
68 SSL3_VERSION, TLS1_2_VERSION,
69 DTLS1_BAD_VER, DTLS1_2_VERSION,
70 SSL_STRONG_NONE | SSL_FIPS,
71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 SSL3_CK_RSA_DES_192_CBC3_SHA,
85 SSL3_VERSION, TLS1_2_VERSION,
86 DTLS1_BAD_VER, DTLS1_2_VERSION,
87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
101 SSL3_VERSION, TLS1_2_VERSION,
102 DTLS1_BAD_VER, DTLS1_2_VERSION,
103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
117 SSL3_VERSION, TLS1_2_VERSION,
118 DTLS1_BAD_VER, DTLS1_2_VERSION,
119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
127 SSL3_RFC_ADH_DES_192_CBC_SHA,
128 SSL3_CK_ADH_DES_192_CBC_SHA,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
144 TLS1_RFC_RSA_WITH_AES_128_SHA,
145 TLS1_CK_RSA_WITH_AES_128_SHA,
150 SSL3_VERSION, TLS1_2_VERSION,
151 DTLS1_BAD_VER, DTLS1_2_VERSION,
153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
166 SSL3_VERSION, TLS1_2_VERSION,
167 DTLS1_BAD_VER, DTLS1_2_VERSION,
168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
192 TLS1_RFC_ADH_WITH_AES_128_SHA,
193 TLS1_CK_ADH_WITH_AES_128_SHA,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
208 TLS1_RFC_RSA_WITH_AES_256_SHA,
209 TLS1_CK_RSA_WITH_AES_256_SHA,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
256 TLS1_RFC_ADH_WITH_AES_256_SHA,
257 TLS1_CK_ADH_WITH_AES_256_SHA,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
272 TLS1_RFC_RSA_WITH_NULL_SHA256,
273 TLS1_CK_RSA_WITH_NULL_SHA256,
278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
280 SSL_STRONG_NONE | SSL_FIPS,
281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 TLS1_CK_RSA_WITH_AES_128_SHA256,
294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 TLS1_CK_RSA_WITH_AES_256_SHA256,
310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 TLS1_CK_ADH_WITH_AES_256_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
543 TLS1_TXT_RSA_WITH_AES_128_CCM,
544 TLS1_RFC_RSA_WITH_AES_128_CCM,
545 TLS1_CK_RSA_WITH_AES_128_CCM,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
559 TLS1_TXT_RSA_WITH_AES_256_CCM,
560 TLS1_RFC_RSA_WITH_AES_256_CCM,
561 TLS1_CK_RSA_WITH_AES_256_CCM,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 TLS1_TXT_PSK_WITH_AES_128_CCM,
672 TLS1_RFC_PSK_WITH_AES_128_CCM,
673 TLS1_CK_PSK_WITH_AES_128_CCM,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 TLS1_TXT_PSK_WITH_AES_256_CCM,
688 TLS1_RFC_PSK_WITH_AES_256_CCM,
689 TLS1_CK_PSK_WITH_AES_256_CCM,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
808 SSL_NOT_DEFAULT | SSL_HIGH,
809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
864 TLS1_3_RFC_AES_128_GCM_SHA256,
865 TLS1_3_CK_AES_128_GCM_SHA256,
869 TLS1_3_VERSION, TLS1_3_VERSION,
873 SSL_HANDSHAKE_MAC_SHA256,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
880 TLS1_3_RFC_AES_256_GCM_SHA384,
881 TLS1_3_CK_AES_256_GCM_SHA384,
886 TLS1_3_VERSION, TLS1_3_VERSION,
889 SSL_HANDSHAKE_MAC_SHA384,
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 SSL_CHACHA20POLY1305,
903 TLS1_3_VERSION, TLS1_3_VERSION,
906 SSL_HANDSHAKE_MAC_SHA256,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
914 TLS1_3_RFC_AES_128_CCM_SHA256,
915 TLS1_3_CK_AES_128_CCM_SHA256,
920 TLS1_3_VERSION, TLS1_3_VERSION,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 TLS1_3_CK_AES_128_CCM_8_SHA256,
936 TLS1_3_VERSION, TLS1_3_VERSION,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
945 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
946 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
947 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
952 TLS1_VERSION, TLS1_2_VERSION,
953 DTLS1_BAD_VER, DTLS1_2_VERSION,
954 SSL_STRONG_NONE | SSL_FIPS,
955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
962 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
963 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
964 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 TLS1_VERSION, TLS1_2_VERSION,
970 DTLS1_BAD_VER, DTLS1_2_VERSION,
971 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
972 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
979 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
980 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
981 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 TLS1_VERSION, TLS1_2_VERSION,
987 DTLS1_BAD_VER, DTLS1_2_VERSION,
989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
995 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
996 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 TLS1_VERSION, TLS1_2_VERSION,
1003 DTLS1_BAD_VER, DTLS1_2_VERSION,
1004 SSL_HIGH | SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1011 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1012 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1013 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1018 TLS1_VERSION, TLS1_2_VERSION,
1019 DTLS1_BAD_VER, DTLS1_2_VERSION,
1020 SSL_STRONG_NONE | SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1025 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1028 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1029 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1030 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 TLS1_VERSION, TLS1_2_VERSION,
1036 DTLS1_BAD_VER, DTLS1_2_VERSION,
1037 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1045 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1046 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1047 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 TLS1_VERSION, TLS1_2_VERSION,
1053 DTLS1_BAD_VER, DTLS1_2_VERSION,
1054 SSL_HIGH | SSL_FIPS,
1055 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1061 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1062 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1063 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 TLS1_VERSION, TLS1_2_VERSION,
1069 DTLS1_BAD_VER, DTLS1_2_VERSION,
1070 SSL_HIGH | SSL_FIPS,
1071 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1077 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1078 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1079 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1084 TLS1_VERSION, TLS1_2_VERSION,
1085 DTLS1_BAD_VER, DTLS1_2_VERSION,
1086 SSL_STRONG_NONE | SSL_FIPS,
1087 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1091 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1094 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1095 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1096 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 TLS1_VERSION, TLS1_2_VERSION,
1102 DTLS1_BAD_VER, DTLS1_2_VERSION,
1103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1111 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1112 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1113 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 TLS1_VERSION, TLS1_2_VERSION,
1119 DTLS1_BAD_VER, DTLS1_2_VERSION,
1120 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1121 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1127 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1128 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1129 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 TLS1_VERSION, TLS1_2_VERSION,
1135 DTLS1_BAD_VER, DTLS1_2_VERSION,
1136 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1137 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1143 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1144 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1145 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 TLS1_2_VERSION, TLS1_2_VERSION,
1151 DTLS1_2_VERSION, DTLS1_2_VERSION,
1152 SSL_HIGH | SSL_FIPS,
1153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1159 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1160 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1161 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 TLS1_2_VERSION, TLS1_2_VERSION,
1167 DTLS1_2_VERSION, DTLS1_2_VERSION,
1168 SSL_HIGH | SSL_FIPS,
1169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1175 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1176 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1177 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1182 TLS1_2_VERSION, TLS1_2_VERSION,
1183 DTLS1_2_VERSION, DTLS1_2_VERSION,
1184 SSL_HIGH | SSL_FIPS,
1185 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1191 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1192 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1193 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1198 TLS1_2_VERSION, TLS1_2_VERSION,
1199 DTLS1_2_VERSION, DTLS1_2_VERSION,
1200 SSL_HIGH | SSL_FIPS,
1201 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1207 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1208 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1209 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 TLS1_2_VERSION, TLS1_2_VERSION,
1215 DTLS1_2_VERSION, DTLS1_2_VERSION,
1216 SSL_HIGH | SSL_FIPS,
1217 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1223 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1224 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1225 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 TLS1_2_VERSION, TLS1_2_VERSION,
1231 DTLS1_2_VERSION, DTLS1_2_VERSION,
1232 SSL_HIGH | SSL_FIPS,
1233 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1239 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1240 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1241 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 TLS1_2_VERSION, TLS1_2_VERSION,
1247 DTLS1_2_VERSION, DTLS1_2_VERSION,
1248 SSL_HIGH | SSL_FIPS,
1249 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1255 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1256 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1257 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 TLS1_2_VERSION, TLS1_2_VERSION,
1263 DTLS1_2_VERSION, DTLS1_2_VERSION,
1264 SSL_HIGH | SSL_FIPS,
1265 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1271 TLS1_TXT_PSK_WITH_NULL_SHA,
1272 TLS1_RFC_PSK_WITH_NULL_SHA,
1273 TLS1_CK_PSK_WITH_NULL_SHA,
1278 SSL3_VERSION, TLS1_2_VERSION,
1279 DTLS1_BAD_VER, DTLS1_2_VERSION,
1280 SSL_STRONG_NONE | SSL_FIPS,
1281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1287 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1288 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1289 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1294 SSL3_VERSION, TLS1_2_VERSION,
1295 DTLS1_BAD_VER, DTLS1_2_VERSION,
1296 SSL_STRONG_NONE | SSL_FIPS,
1297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1304 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1305 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1310 SSL3_VERSION, TLS1_2_VERSION,
1311 DTLS1_BAD_VER, DTLS1_2_VERSION,
1312 SSL_STRONG_NONE | SSL_FIPS,
1313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1317 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1320 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1321 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1322 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1327 SSL3_VERSION, TLS1_2_VERSION,
1328 DTLS1_BAD_VER, DTLS1_2_VERSION,
1329 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1337 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1338 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1339 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1344 SSL3_VERSION, TLS1_2_VERSION,
1345 DTLS1_BAD_VER, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1353 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1354 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1355 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1360 SSL3_VERSION, TLS1_2_VERSION,
1361 DTLS1_BAD_VER, DTLS1_2_VERSION,
1362 SSL_HIGH | SSL_FIPS,
1363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1367 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1370 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1371 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1372 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 SSL3_VERSION, TLS1_2_VERSION,
1378 DTLS1_BAD_VER, DTLS1_2_VERSION,
1379 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1380 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1387 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1388 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1389 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 SSL3_VERSION, TLS1_2_VERSION,
1395 DTLS1_BAD_VER, DTLS1_2_VERSION,
1396 SSL_HIGH | SSL_FIPS,
1397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1403 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1404 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1405 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 SSL3_VERSION, TLS1_2_VERSION,
1411 DTLS1_BAD_VER, DTLS1_2_VERSION,
1412 SSL_HIGH | SSL_FIPS,
1413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1417 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1420 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1421 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1422 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 SSL3_VERSION, TLS1_2_VERSION,
1428 DTLS1_BAD_VER, DTLS1_2_VERSION,
1429 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1437 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1438 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1439 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 SSL3_VERSION, TLS1_2_VERSION,
1445 DTLS1_BAD_VER, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1453 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1454 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 SSL3_VERSION, TLS1_2_VERSION,
1461 DTLS1_BAD_VER, DTLS1_2_VERSION,
1462 SSL_HIGH | SSL_FIPS,
1463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1469 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1470 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1471 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_2_VERSION, TLS1_2_VERSION,
1477 DTLS1_2_VERSION, DTLS1_2_VERSION,
1478 SSL_HIGH | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1486 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1487 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_2_VERSION, TLS1_2_VERSION,
1493 DTLS1_2_VERSION, DTLS1_2_VERSION,
1494 SSL_HIGH | SSL_FIPS,
1495 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1501 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1502 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1503 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_2_VERSION, TLS1_2_VERSION,
1509 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510 SSL_HIGH | SSL_FIPS,
1511 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1517 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1518 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1519 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_2_VERSION, TLS1_2_VERSION,
1525 DTLS1_2_VERSION, DTLS1_2_VERSION,
1526 SSL_HIGH | SSL_FIPS,
1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1534 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1535 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_2_VERSION, TLS1_2_VERSION,
1541 DTLS1_2_VERSION, DTLS1_2_VERSION,
1542 SSL_HIGH | SSL_FIPS,
1543 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1549 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1550 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1551 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_2_VERSION, TLS1_2_VERSION,
1557 DTLS1_2_VERSION, DTLS1_2_VERSION,
1558 SSL_HIGH | SSL_FIPS,
1559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1565 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1566 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1567 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_VERSION, TLS1_2_VERSION,
1573 DTLS1_BAD_VER, DTLS1_2_VERSION,
1574 SSL_HIGH | SSL_FIPS,
1575 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1582 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1583 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_VERSION, TLS1_2_VERSION,
1589 DTLS1_BAD_VER, DTLS1_2_VERSION,
1590 SSL_HIGH | SSL_FIPS,
1591 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1597 TLS1_TXT_PSK_WITH_NULL_SHA256,
1598 TLS1_RFC_PSK_WITH_NULL_SHA256,
1599 TLS1_CK_PSK_WITH_NULL_SHA256,
1604 TLS1_VERSION, TLS1_2_VERSION,
1605 DTLS1_BAD_VER, DTLS1_2_VERSION,
1606 SSL_STRONG_NONE | SSL_FIPS,
1607 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613 TLS1_TXT_PSK_WITH_NULL_SHA384,
1614 TLS1_RFC_PSK_WITH_NULL_SHA384,
1615 TLS1_CK_PSK_WITH_NULL_SHA384,
1620 TLS1_VERSION, TLS1_2_VERSION,
1621 DTLS1_BAD_VER, DTLS1_2_VERSION,
1622 SSL_STRONG_NONE | SSL_FIPS,
1623 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1629 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1630 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1631 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_VERSION, TLS1_2_VERSION,
1637 DTLS1_BAD_VER, DTLS1_2_VERSION,
1638 SSL_HIGH | SSL_FIPS,
1639 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1645 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1646 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1647 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_VERSION, TLS1_2_VERSION,
1653 DTLS1_BAD_VER, DTLS1_2_VERSION,
1654 SSL_HIGH | SSL_FIPS,
1655 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1661 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1662 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1663 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_VERSION, TLS1_2_VERSION,
1669 DTLS1_BAD_VER, DTLS1_2_VERSION,
1670 SSL_STRONG_NONE | SSL_FIPS,
1671 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1677 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1678 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1679 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_VERSION, TLS1_2_VERSION,
1685 DTLS1_BAD_VER, DTLS1_2_VERSION,
1686 SSL_STRONG_NONE | SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1693 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1694 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1695 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_VERSION, TLS1_2_VERSION,
1701 DTLS1_BAD_VER, DTLS1_2_VERSION,
1702 SSL_HIGH | SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1710 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1711 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_VERSION, TLS1_2_VERSION,
1717 DTLS1_BAD_VER, DTLS1_2_VERSION,
1718 SSL_HIGH | SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1725 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1726 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1727 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_VERSION, TLS1_2_VERSION,
1733 DTLS1_BAD_VER, DTLS1_2_VERSION,
1734 SSL_STRONG_NONE | SSL_FIPS,
1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1742 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1743 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_VERSION, TLS1_2_VERSION,
1749 DTLS1_BAD_VER, DTLS1_2_VERSION,
1750 SSL_STRONG_NONE | SSL_FIPS,
1751 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1755 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1758 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1759 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1760 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_VERSION, TLS1_2_VERSION,
1766 DTLS1_BAD_VER, DTLS1_2_VERSION,
1767 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1768 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1775 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1776 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1777 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_VERSION, TLS1_2_VERSION,
1783 DTLS1_BAD_VER, DTLS1_2_VERSION,
1784 SSL_HIGH | SSL_FIPS,
1785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1791 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1792 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1793 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_VERSION, TLS1_2_VERSION,
1799 DTLS1_BAD_VER, DTLS1_2_VERSION,
1800 SSL_HIGH | SSL_FIPS,
1801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1807 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1808 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1809 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_VERSION, TLS1_2_VERSION,
1815 DTLS1_BAD_VER, DTLS1_2_VERSION,
1816 SSL_HIGH | SSL_FIPS,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1823 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1824 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1825 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_VERSION, TLS1_2_VERSION,
1831 DTLS1_BAD_VER, DTLS1_2_VERSION,
1832 SSL_HIGH | SSL_FIPS,
1833 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1839 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1840 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1841 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_VERSION, TLS1_2_VERSION,
1847 DTLS1_BAD_VER, DTLS1_2_VERSION,
1848 SSL_STRONG_NONE | SSL_FIPS,
1849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1855 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1856 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1857 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_VERSION, TLS1_2_VERSION,
1863 DTLS1_BAD_VER, DTLS1_2_VERSION,
1864 SSL_STRONG_NONE | SSL_FIPS,
1865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1871 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1872 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1873 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_VERSION, TLS1_2_VERSION,
1879 DTLS1_BAD_VER, DTLS1_2_VERSION,
1880 SSL_STRONG_NONE | SSL_FIPS,
1881 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1886 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1889 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1890 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1891 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896 SSL3_VERSION, TLS1_2_VERSION,
1897 DTLS1_BAD_VER, DTLS1_2_VERSION,
1898 SSL_NOT_DEFAULT | SSL_MEDIUM,
1899 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1905 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1906 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1907 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912 SSL3_VERSION, TLS1_2_VERSION,
1913 DTLS1_BAD_VER, DTLS1_2_VERSION,
1914 SSL_NOT_DEFAULT | SSL_MEDIUM,
1915 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1921 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1922 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1923 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928 SSL3_VERSION, TLS1_2_VERSION,
1929 DTLS1_BAD_VER, DTLS1_2_VERSION,
1930 SSL_NOT_DEFAULT | SSL_MEDIUM,
1931 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1938 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1939 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1940 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1945 SSL3_VERSION, TLS1_2_VERSION,
1946 DTLS1_BAD_VER, DTLS1_2_VERSION,
1948 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1954 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1955 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1956 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961 SSL3_VERSION, TLS1_2_VERSION,
1962 DTLS1_BAD_VER, DTLS1_2_VERSION,
1964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1970 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1971 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1972 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977 SSL3_VERSION, TLS1_2_VERSION,
1978 DTLS1_BAD_VER, DTLS1_2_VERSION,
1979 SSL_NOT_DEFAULT | SSL_HIGH,
1980 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1986 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1987 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1988 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1993 SSL3_VERSION, TLS1_2_VERSION,
1994 DTLS1_BAD_VER, DTLS1_2_VERSION,
1996 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2002 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2003 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2004 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009 SSL3_VERSION, TLS1_2_VERSION,
2010 DTLS1_BAD_VER, DTLS1_2_VERSION,
2012 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2018 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2019 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2020 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025 SSL3_VERSION, TLS1_2_VERSION,
2026 DTLS1_BAD_VER, DTLS1_2_VERSION,
2027 SSL_NOT_DEFAULT | SSL_HIGH,
2028 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2033 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2036 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2037 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2038 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 SSL_CHACHA20POLY1305,
2043 TLS1_2_VERSION, TLS1_2_VERSION,
2044 DTLS1_2_VERSION, DTLS1_2_VERSION,
2046 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2052 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2053 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2054 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 SSL_CHACHA20POLY1305,
2059 TLS1_2_VERSION, TLS1_2_VERSION,
2060 DTLS1_2_VERSION, DTLS1_2_VERSION,
2062 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2068 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2069 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2070 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 SSL_CHACHA20POLY1305,
2075 TLS1_2_VERSION, TLS1_2_VERSION,
2076 DTLS1_2_VERSION, DTLS1_2_VERSION,
2078 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2084 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2085 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2086 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2089 SSL_CHACHA20POLY1305,
2091 TLS1_2_VERSION, TLS1_2_VERSION,
2092 DTLS1_2_VERSION, DTLS1_2_VERSION,
2094 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2100 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2101 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2102 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 SSL_CHACHA20POLY1305,
2107 TLS1_2_VERSION, TLS1_2_VERSION,
2108 DTLS1_2_VERSION, DTLS1_2_VERSION,
2110 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2116 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2117 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2118 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 SSL_CHACHA20POLY1305,
2123 TLS1_2_VERSION, TLS1_2_VERSION,
2124 DTLS1_2_VERSION, DTLS1_2_VERSION,
2126 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2132 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2133 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2134 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 SSL_CHACHA20POLY1305,
2139 TLS1_2_VERSION, TLS1_2_VERSION,
2140 DTLS1_2_VERSION, DTLS1_2_VERSION,
2142 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2146 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2147 * !defined(OPENSSL_NO_POLY1305) */
2149 #ifndef OPENSSL_NO_CAMELLIA
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2153 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2154 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2159 TLS1_2_VERSION, TLS1_2_VERSION,
2160 DTLS1_2_VERSION, DTLS1_2_VERSION,
2161 SSL_NOT_DEFAULT | SSL_HIGH,
2162 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2169 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2170 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2175 TLS1_2_VERSION, TLS1_2_VERSION,
2176 DTLS1_2_VERSION, DTLS1_2_VERSION,
2177 SSL_NOT_DEFAULT | SSL_HIGH,
2178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2185 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2186 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2191 TLS1_2_VERSION, TLS1_2_VERSION,
2192 DTLS1_2_VERSION, DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_HIGH,
2194 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2201 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2202 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_2_VERSION, TLS1_2_VERSION,
2208 DTLS1_2_VERSION, DTLS1_2_VERSION,
2209 SSL_NOT_DEFAULT | SSL_HIGH,
2210 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2216 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2217 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2218 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2223 TLS1_2_VERSION, TLS1_2_VERSION,
2224 DTLS1_2_VERSION, DTLS1_2_VERSION,
2225 SSL_NOT_DEFAULT | SSL_HIGH,
2226 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2232 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2233 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2234 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2239 TLS1_2_VERSION, TLS1_2_VERSION,
2240 DTLS1_2_VERSION, DTLS1_2_VERSION,
2241 SSL_NOT_DEFAULT | SSL_HIGH,
2242 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2248 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2249 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2250 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2255 TLS1_2_VERSION, TLS1_2_VERSION,
2256 DTLS1_2_VERSION, DTLS1_2_VERSION,
2257 SSL_NOT_DEFAULT | SSL_HIGH,
2258 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2264 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2265 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2266 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_2_VERSION, TLS1_2_VERSION,
2272 DTLS1_2_VERSION, DTLS1_2_VERSION,
2273 SSL_NOT_DEFAULT | SSL_HIGH,
2274 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2280 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2281 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2282 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2287 SSL3_VERSION, TLS1_2_VERSION,
2288 DTLS1_BAD_VER, DTLS1_2_VERSION,
2289 SSL_NOT_DEFAULT | SSL_HIGH,
2290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2296 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2297 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2298 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_BAD_VER, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2312 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2313 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2314 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2319 SSL3_VERSION, TLS1_2_VERSION,
2320 DTLS1_BAD_VER, DTLS1_2_VERSION,
2321 SSL_NOT_DEFAULT | SSL_HIGH,
2322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2328 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2329 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2330 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2335 SSL3_VERSION, TLS1_2_VERSION,
2336 DTLS1_BAD_VER, DTLS1_2_VERSION,
2337 SSL_NOT_DEFAULT | SSL_HIGH,
2338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2344 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2345 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2346 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2351 SSL3_VERSION, TLS1_2_VERSION,
2352 DTLS1_BAD_VER, DTLS1_2_VERSION,
2353 SSL_NOT_DEFAULT | SSL_HIGH,
2354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2360 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2361 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2362 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2367 SSL3_VERSION, TLS1_2_VERSION,
2368 DTLS1_BAD_VER, DTLS1_2_VERSION,
2369 SSL_NOT_DEFAULT | SSL_HIGH,
2370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2376 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2377 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2378 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2383 SSL3_VERSION, TLS1_2_VERSION,
2384 DTLS1_BAD_VER, DTLS1_2_VERSION,
2385 SSL_NOT_DEFAULT | SSL_HIGH,
2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2392 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2393 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2394 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2399 SSL3_VERSION, TLS1_2_VERSION,
2400 DTLS1_BAD_VER, DTLS1_2_VERSION,
2401 SSL_NOT_DEFAULT | SSL_HIGH,
2402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2408 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2409 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2410 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2415 TLS1_2_VERSION, TLS1_2_VERSION,
2416 DTLS1_2_VERSION, DTLS1_2_VERSION,
2417 SSL_NOT_DEFAULT | SSL_HIGH,
2418 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2424 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2425 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2426 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2431 TLS1_2_VERSION, TLS1_2_VERSION,
2432 DTLS1_2_VERSION, DTLS1_2_VERSION,
2433 SSL_NOT_DEFAULT | SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2440 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2441 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2442 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2447 TLS1_2_VERSION, TLS1_2_VERSION,
2448 DTLS1_2_VERSION, DTLS1_2_VERSION,
2449 SSL_NOT_DEFAULT | SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2456 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2457 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2458 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2463 TLS1_2_VERSION, TLS1_2_VERSION,
2464 DTLS1_2_VERSION, DTLS1_2_VERSION,
2465 SSL_NOT_DEFAULT | SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2472 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2474 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2479 TLS1_VERSION, TLS1_2_VERSION,
2480 DTLS1_BAD_VER, DTLS1_2_VERSION,
2481 SSL_NOT_DEFAULT | SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2488 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2489 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2490 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2495 TLS1_VERSION, TLS1_2_VERSION,
2496 DTLS1_BAD_VER, DTLS1_2_VERSION,
2497 SSL_NOT_DEFAULT | SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2504 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2505 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2506 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2511 TLS1_VERSION, TLS1_2_VERSION,
2512 DTLS1_BAD_VER, DTLS1_2_VERSION,
2513 SSL_NOT_DEFAULT | SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2520 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2521 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2522 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2527 TLS1_VERSION, TLS1_2_VERSION,
2528 DTLS1_BAD_VER, DTLS1_2_VERSION,
2529 SSL_NOT_DEFAULT | SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2536 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2537 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2538 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2543 TLS1_VERSION, TLS1_2_VERSION,
2544 DTLS1_BAD_VER, DTLS1_2_VERSION,
2545 SSL_NOT_DEFAULT | SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2552 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2553 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2554 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2559 TLS1_VERSION, TLS1_2_VERSION,
2560 DTLS1_BAD_VER, DTLS1_2_VERSION,
2561 SSL_NOT_DEFAULT | SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2568 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2569 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2570 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2575 TLS1_VERSION, TLS1_2_VERSION,
2576 DTLS1_BAD_VER, DTLS1_2_VERSION,
2577 SSL_NOT_DEFAULT | SSL_HIGH,
2578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2584 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2585 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2586 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2591 TLS1_VERSION, TLS1_2_VERSION,
2592 DTLS1_BAD_VER, DTLS1_2_VERSION,
2593 SSL_NOT_DEFAULT | SSL_HIGH,
2594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2598 #endif /* OPENSSL_NO_CAMELLIA */
2600 #ifndef OPENSSL_NO_GOST
2603 "GOST2001-GOST89-GOST89",
2604 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2608 SSL_eGOST2814789CNT,
2610 TLS1_VERSION, TLS1_2_VERSION,
2613 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2619 "GOST2001-NULL-GOST94",
2620 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2626 TLS1_VERSION, TLS1_2_VERSION,
2629 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2635 "GOST2012-GOST8912-GOST8912",
2639 SSL_aGOST12 | SSL_aGOST01,
2640 SSL_eGOST2814789CNT12,
2642 TLS1_VERSION, TLS1_2_VERSION,
2645 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2651 "GOST2012-NULL-GOST12",
2655 SSL_aGOST12 | SSL_aGOST01,
2658 TLS1_VERSION, TLS1_2_VERSION,
2661 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2665 #endif /* OPENSSL_NO_GOST */
2667 #ifndef OPENSSL_NO_IDEA
2670 SSL3_TXT_RSA_IDEA_128_SHA,
2671 SSL3_RFC_RSA_IDEA_128_SHA,
2672 SSL3_CK_RSA_IDEA_128_SHA,
2677 SSL3_VERSION, TLS1_1_VERSION,
2678 DTLS1_BAD_VER, DTLS1_VERSION,
2679 SSL_NOT_DEFAULT | SSL_MEDIUM,
2680 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2686 #ifndef OPENSSL_NO_SEED
2689 TLS1_TXT_RSA_WITH_SEED_SHA,
2690 TLS1_RFC_RSA_WITH_SEED_SHA,
2691 TLS1_CK_RSA_WITH_SEED_SHA,
2696 SSL3_VERSION, TLS1_2_VERSION,
2697 DTLS1_BAD_VER, DTLS1_2_VERSION,
2698 SSL_NOT_DEFAULT | SSL_MEDIUM,
2699 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2705 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2706 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2707 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2712 SSL3_VERSION, TLS1_2_VERSION,
2713 DTLS1_BAD_VER, DTLS1_2_VERSION,
2714 SSL_NOT_DEFAULT | SSL_MEDIUM,
2715 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2721 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2722 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2723 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2728 SSL3_VERSION, TLS1_2_VERSION,
2729 DTLS1_BAD_VER, DTLS1_2_VERSION,
2730 SSL_NOT_DEFAULT | SSL_MEDIUM,
2731 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2737 TLS1_TXT_ADH_WITH_SEED_SHA,
2738 TLS1_RFC_ADH_WITH_SEED_SHA,
2739 TLS1_CK_ADH_WITH_SEED_SHA,
2744 SSL3_VERSION, TLS1_2_VERSION,
2745 DTLS1_BAD_VER, DTLS1_2_VERSION,
2746 SSL_NOT_DEFAULT | SSL_MEDIUM,
2747 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2751 #endif /* OPENSSL_NO_SEED */
2753 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2756 SSL3_TXT_RSA_RC4_128_MD5,
2757 SSL3_RFC_RSA_RC4_128_MD5,
2758 SSL3_CK_RSA_RC4_128_MD5,
2763 SSL3_VERSION, TLS1_2_VERSION,
2765 SSL_NOT_DEFAULT | SSL_MEDIUM,
2766 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2772 SSL3_TXT_RSA_RC4_128_SHA,
2773 SSL3_RFC_RSA_RC4_128_SHA,
2774 SSL3_CK_RSA_RC4_128_SHA,
2779 SSL3_VERSION, TLS1_2_VERSION,
2781 SSL_NOT_DEFAULT | SSL_MEDIUM,
2782 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2788 SSL3_TXT_ADH_RC4_128_MD5,
2789 SSL3_RFC_ADH_RC4_128_MD5,
2790 SSL3_CK_ADH_RC4_128_MD5,
2795 SSL3_VERSION, TLS1_2_VERSION,
2797 SSL_NOT_DEFAULT | SSL_MEDIUM,
2798 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2804 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2805 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2806 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2811 TLS1_VERSION, TLS1_2_VERSION,
2813 SSL_NOT_DEFAULT | SSL_MEDIUM,
2814 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2820 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2821 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2822 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2827 TLS1_VERSION, TLS1_2_VERSION,
2829 SSL_NOT_DEFAULT | SSL_MEDIUM,
2830 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2836 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2837 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2838 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2843 TLS1_VERSION, TLS1_2_VERSION,
2845 SSL_NOT_DEFAULT | SSL_MEDIUM,
2846 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2852 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2853 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2854 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2859 TLS1_VERSION, TLS1_2_VERSION,
2861 SSL_NOT_DEFAULT | SSL_MEDIUM,
2862 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2869 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2870 TLS1_CK_PSK_WITH_RC4_128_SHA,
2875 SSL3_VERSION, TLS1_2_VERSION,
2877 SSL_NOT_DEFAULT | SSL_MEDIUM,
2878 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2885 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2886 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2891 SSL3_VERSION, TLS1_2_VERSION,
2893 SSL_NOT_DEFAULT | SSL_MEDIUM,
2894 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2901 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2902 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2907 SSL3_VERSION, TLS1_2_VERSION,
2909 SSL_NOT_DEFAULT | SSL_MEDIUM,
2910 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2916 #ifndef OPENSSL_NO_ARIA
2919 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2920 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2921 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2926 TLS1_2_VERSION, TLS1_2_VERSION,
2927 DTLS1_2_VERSION, DTLS1_2_VERSION,
2928 SSL_NOT_DEFAULT | SSL_HIGH,
2929 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2935 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2936 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2937 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2942 TLS1_2_VERSION, TLS1_2_VERSION,
2943 DTLS1_2_VERSION, DTLS1_2_VERSION,
2944 SSL_NOT_DEFAULT | SSL_HIGH,
2945 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2951 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2952 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2953 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2958 TLS1_2_VERSION, TLS1_2_VERSION,
2959 DTLS1_2_VERSION, DTLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_HIGH,
2961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2967 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2968 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2969 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2974 TLS1_2_VERSION, TLS1_2_VERSION,
2975 DTLS1_2_VERSION, DTLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_HIGH,
2977 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2983 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2984 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2985 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2990 TLS1_2_VERSION, TLS1_2_VERSION,
2991 DTLS1_2_VERSION, DTLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_HIGH,
2993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2999 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3000 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3001 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3006 TLS1_2_VERSION, TLS1_2_VERSION,
3007 DTLS1_2_VERSION, DTLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_HIGH,
3009 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3015 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3016 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3017 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3022 TLS1_2_VERSION, TLS1_2_VERSION,
3023 DTLS1_2_VERSION, DTLS1_2_VERSION,
3024 SSL_NOT_DEFAULT | SSL_HIGH,
3025 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3031 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3032 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3033 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3038 TLS1_2_VERSION, TLS1_2_VERSION,
3039 DTLS1_2_VERSION, DTLS1_2_VERSION,
3040 SSL_NOT_DEFAULT | SSL_HIGH,
3041 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3047 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3048 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3049 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054 TLS1_2_VERSION, TLS1_2_VERSION,
3055 DTLS1_2_VERSION, DTLS1_2_VERSION,
3056 SSL_NOT_DEFAULT | SSL_HIGH,
3057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3063 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3064 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3065 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070 TLS1_2_VERSION, TLS1_2_VERSION,
3071 DTLS1_2_VERSION, DTLS1_2_VERSION,
3072 SSL_NOT_DEFAULT | SSL_HIGH,
3073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3079 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3080 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3081 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3086 TLS1_2_VERSION, TLS1_2_VERSION,
3087 DTLS1_2_VERSION, DTLS1_2_VERSION,
3088 SSL_NOT_DEFAULT | SSL_HIGH,
3089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3095 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3096 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3097 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3102 TLS1_2_VERSION, TLS1_2_VERSION,
3103 DTLS1_2_VERSION, DTLS1_2_VERSION,
3104 SSL_NOT_DEFAULT | SSL_HIGH,
3105 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3111 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3112 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3113 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3118 TLS1_2_VERSION, TLS1_2_VERSION,
3119 DTLS1_2_VERSION, DTLS1_2_VERSION,
3120 SSL_NOT_DEFAULT | SSL_HIGH,
3121 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3127 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3128 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3129 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3134 TLS1_2_VERSION, TLS1_2_VERSION,
3135 DTLS1_2_VERSION, DTLS1_2_VERSION,
3136 SSL_NOT_DEFAULT | SSL_HIGH,
3137 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3143 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3144 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3145 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3150 TLS1_2_VERSION, TLS1_2_VERSION,
3151 DTLS1_2_VERSION, DTLS1_2_VERSION,
3152 SSL_NOT_DEFAULT | SSL_HIGH,
3153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3159 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3160 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3161 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3166 TLS1_2_VERSION, TLS1_2_VERSION,
3167 DTLS1_2_VERSION, DTLS1_2_VERSION,
3168 SSL_NOT_DEFAULT | SSL_HIGH,
3169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3173 #endif /* OPENSSL_NO_ARIA */
3177 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3178 * values stuffed into the ciphers field of the wire protocol for signalling
3181 static SSL_CIPHER ssl3_scsvs[] = {
3184 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3185 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3187 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3191 "TLS_FALLBACK_SCSV",
3192 "TLS_FALLBACK_SCSV",
3193 SSL3_CK_FALLBACK_SCSV,
3194 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3198 static int cipher_compare(const void *a, const void *b)
3200 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3201 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3203 if (ap->id == bp->id)
3205 return ap->id < bp->id ? -1 : 1;
3208 void ssl_sort_cipher_list(void)
3210 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3212 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3215 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3216 const char * t, size_t u,
3217 const unsigned char * v, size_t w, int x)
3226 return ssl_undefined_function(ssl);
3229 const SSL3_ENC_METHOD SSLv3_enc_data = {
3232 ssl3_setup_key_block,
3233 ssl3_generate_master_secret,
3234 ssl3_change_cipher_state,
3235 ssl3_final_finish_mac,
3236 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3237 SSL3_MD_SERVER_FINISHED_CONST, 4,
3239 ssl_undefined_function_1,
3241 ssl3_set_handshake_header,
3242 tls_close_construct_packet,
3243 ssl3_handshake_write
3246 long ssl3_default_timeout(void)
3249 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3250 * http, the cache would over fill
3252 return (60 * 60 * 2);
3255 int ssl3_num_ciphers(void)
3257 return SSL3_NUM_CIPHERS;
3260 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3262 if (u < SSL3_NUM_CIPHERS)
3263 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3268 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3270 /* No header in the event of a CCS */
3271 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3274 /* Set the content type and 3 bytes for the message len */
3275 if (!WPACKET_put_bytes_u8(pkt, htype)
3276 || !WPACKET_start_sub_packet_u24(pkt))
3282 int ssl3_handshake_write(SSL *s)
3284 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3287 int ssl3_new(SSL *s)
3291 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3295 #ifndef OPENSSL_NO_SRP
3296 if (!SSL_SRP_CTX_init(s))
3300 if (!s->method->ssl_clear(s))
3308 void ssl3_free(SSL *s)
3310 if (s == NULL || s->s3 == NULL)
3313 ssl3_cleanup_key_block(s);
3315 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3316 EVP_PKEY_free(s->s3->peer_tmp);
3317 s->s3->peer_tmp = NULL;
3318 EVP_PKEY_free(s->s3->tmp.pkey);
3319 s->s3->tmp.pkey = NULL;
3322 OPENSSL_free(s->s3->tmp.ctype);
3323 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3324 OPENSSL_free(s->s3->tmp.ciphers_raw);
3325 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3326 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3327 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3328 ssl3_free_digest_list(s);
3329 OPENSSL_free(s->s3->alpn_selected);
3330 OPENSSL_free(s->s3->alpn_proposed);
3332 #ifndef OPENSSL_NO_SRP
3333 SSL_SRP_CTX_free(s);
3335 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3339 int ssl3_clear(SSL *s)
3341 ssl3_cleanup_key_block(s);
3342 OPENSSL_free(s->s3->tmp.ctype);
3343 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3344 OPENSSL_free(s->s3->tmp.ciphers_raw);
3345 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3346 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3347 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3349 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3350 EVP_PKEY_free(s->s3->tmp.pkey);
3351 EVP_PKEY_free(s->s3->peer_tmp);
3352 #endif /* !OPENSSL_NO_EC */
3354 ssl3_free_digest_list(s);
3356 OPENSSL_free(s->s3->alpn_selected);
3357 OPENSSL_free(s->s3->alpn_proposed);
3359 /* NULL/zero-out everything in the s3 struct */
3360 memset(s->s3, 0, sizeof(*s->s3));
3362 if (!ssl_free_wbio_buffer(s))
3365 s->version = SSL3_VERSION;
3367 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3368 OPENSSL_free(s->ext.npn);
3376 #ifndef OPENSSL_NO_SRP
3377 static char *srp_password_from_info_cb(SSL *s, void *arg)
3379 return OPENSSL_strdup(s->srp_ctx.info);
3383 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3385 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3390 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3392 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3393 ret = s->s3->num_renegotiations;
3395 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3396 ret = s->s3->num_renegotiations;
3397 s->s3->num_renegotiations = 0;
3399 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3400 ret = s->s3->total_renegotiations;
3402 case SSL_CTRL_GET_FLAGS:
3403 ret = (int)(s->s3->flags);
3405 #ifndef OPENSSL_NO_DH
3406 case SSL_CTRL_SET_TMP_DH:
3408 DH *dh = (DH *)parg;
3409 EVP_PKEY *pkdh = NULL;
3411 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3414 pkdh = ssl_dh_to_pkey(dh);
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3419 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3420 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3421 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3422 EVP_PKEY_free(pkdh);
3425 EVP_PKEY_free(s->cert->dh_tmp);
3426 s->cert->dh_tmp = pkdh;
3430 case SSL_CTRL_SET_TMP_DH_CB:
3432 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3435 case SSL_CTRL_SET_DH_AUTO:
3436 s->cert->dh_tmp_auto = larg;
3439 #ifndef OPENSSL_NO_EC
3440 case SSL_CTRL_SET_TMP_ECDH:
3442 const EC_GROUP *group = NULL;
3446 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3449 group = EC_KEY_get0_group((const EC_KEY *)parg);
3450 if (group == NULL) {
3451 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3454 nid = EC_GROUP_get_curve_name(group);
3455 if (nid == NID_undef)
3457 return tls1_set_groups(&s->ext.supportedgroups,
3458 &s->ext.supportedgroups_len,
3462 #endif /* !OPENSSL_NO_EC */
3463 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3464 if (larg == TLSEXT_NAMETYPE_host_name) {
3467 OPENSSL_free(s->ext.hostname);
3468 s->ext.hostname = NULL;
3473 len = strlen((char *)parg);
3474 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3475 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3478 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3479 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3483 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3487 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3488 s->ext.debug_arg = parg;
3492 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3493 ret = s->ext.status_type;
3496 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3497 s->ext.status_type = larg;
3501 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3502 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3506 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3507 s->ext.ocsp.exts = parg;
3511 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3512 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3516 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3517 s->ext.ocsp.ids = parg;
3521 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3522 *(unsigned char **)parg = s->ext.ocsp.resp;
3523 if (s->ext.ocsp.resp_len == 0
3524 || s->ext.ocsp.resp_len > LONG_MAX)
3526 return (long)s->ext.ocsp.resp_len;
3528 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3529 OPENSSL_free(s->ext.ocsp.resp);
3530 s->ext.ocsp.resp = parg;
3531 s->ext.ocsp.resp_len = larg;
3535 #ifndef OPENSSL_NO_HEARTBEATS
3536 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3537 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3538 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3542 case SSL_CTRL_CHAIN:
3544 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3546 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3548 case SSL_CTRL_CHAIN_CERT:
3550 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3552 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3554 case SSL_CTRL_GET_CHAIN_CERTS:
3555 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3558 case SSL_CTRL_SELECT_CURRENT_CERT:
3559 return ssl_cert_select_current(s->cert, (X509 *)parg);
3561 case SSL_CTRL_SET_CURRENT_CERT:
3562 if (larg == SSL_CERT_SET_SERVER) {
3563 const SSL_CIPHER *cipher;
3566 cipher = s->s3->tmp.new_cipher;
3570 * No certificate for unauthenticated ciphersuites or using SRP
3573 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3575 if (s->s3->tmp.cert == NULL)
3577 s->cert->key = s->s3->tmp.cert;
3580 return ssl_cert_set_current(s->cert, larg);
3582 #ifndef OPENSSL_NO_EC
3583 case SSL_CTRL_GET_GROUPS:
3590 clist = s->session->ext.supportedgroups;
3591 clistlen = s->session->ext.supportedgroups_len;
3596 for (i = 0; i < clistlen; i++) {
3597 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3600 cptr[i] = cinf->nid;
3602 cptr[i] = TLSEXT_nid_unknown | clist[i];
3605 return (int)clistlen;
3608 case SSL_CTRL_SET_GROUPS:
3609 return tls1_set_groups(&s->ext.supportedgroups,
3610 &s->ext.supportedgroups_len, parg, larg);
3612 case SSL_CTRL_SET_GROUPS_LIST:
3613 return tls1_set_groups_list(&s->ext.supportedgroups,
3614 &s->ext.supportedgroups_len, parg);
3616 case SSL_CTRL_GET_SHARED_GROUP:
3618 uint16_t id = tls1_shared_group(s, larg);
3621 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3623 return ginf == NULL ? 0 : ginf->nid;
3628 case SSL_CTRL_SET_SIGALGS:
3629 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3631 case SSL_CTRL_SET_SIGALGS_LIST:
3632 return tls1_set_sigalgs_list(s->cert, parg, 0);
3634 case SSL_CTRL_SET_CLIENT_SIGALGS:
3635 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3637 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3638 return tls1_set_sigalgs_list(s->cert, parg, 1);
3640 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3642 const unsigned char **pctype = parg;
3643 if (s->server || !s->s3->tmp.cert_req)
3646 *pctype = s->s3->tmp.ctype;
3647 return s->s3->tmp.ctype_len;
3650 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3653 return ssl3_set_req_cert_type(s->cert, parg, larg);
3655 case SSL_CTRL_BUILD_CERT_CHAIN:
3656 return ssl_build_cert_chain(s, NULL, larg);
3658 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3659 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3661 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3662 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3664 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3665 if (s->s3->tmp.peer_sigalg == NULL)
3667 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3670 case SSL_CTRL_GET_SERVER_TMP_KEY:
3671 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3672 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3675 EVP_PKEY_up_ref(s->s3->peer_tmp);
3676 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3682 #ifndef OPENSSL_NO_EC
3683 case SSL_CTRL_GET_EC_POINT_FORMATS:
3685 SSL_SESSION *sess = s->session;
3686 const unsigned char **pformat = parg;
3688 if (sess == NULL || sess->ext.ecpointformats == NULL)
3690 *pformat = sess->ext.ecpointformats;
3691 return (int)sess->ext.ecpointformats_len;
3701 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3706 #ifndef OPENSSL_NO_DH
3707 case SSL_CTRL_SET_TMP_DH_CB:
3709 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3713 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3714 s->ext.debug_cb = (void (*)(SSL *, int, int,
3715 const unsigned char *, int, void *))fp;
3718 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3720 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3729 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3732 #ifndef OPENSSL_NO_DH
3733 case SSL_CTRL_SET_TMP_DH:
3735 DH *dh = (DH *)parg;
3736 EVP_PKEY *pkdh = NULL;
3738 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3741 pkdh = ssl_dh_to_pkey(dh);
3743 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3746 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3747 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3748 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3749 EVP_PKEY_free(pkdh);
3752 EVP_PKEY_free(ctx->cert->dh_tmp);
3753 ctx->cert->dh_tmp = pkdh;
3756 case SSL_CTRL_SET_TMP_DH_CB:
3758 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3761 case SSL_CTRL_SET_DH_AUTO:
3762 ctx->cert->dh_tmp_auto = larg;
3765 #ifndef OPENSSL_NO_EC
3766 case SSL_CTRL_SET_TMP_ECDH:
3768 const EC_GROUP *group = NULL;
3772 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3775 group = EC_KEY_get0_group((const EC_KEY *)parg);
3776 if (group == NULL) {
3777 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3780 nid = EC_GROUP_get_curve_name(group);
3781 if (nid == NID_undef)
3783 return tls1_set_groups(&ctx->ext.supportedgroups,
3784 &ctx->ext.supportedgroups_len,
3787 #endif /* !OPENSSL_NO_EC */
3788 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3789 ctx->ext.servername_arg = parg;
3791 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3792 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3794 unsigned char *keys = parg;
3795 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3796 sizeof(ctx->ext.tick_hmac_key) +
3797 sizeof(ctx->ext.tick_aes_key));
3800 if (larg != tick_keylen) {
3801 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3804 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3805 memcpy(ctx->ext.tick_key_name, keys,
3806 sizeof(ctx->ext.tick_key_name));
3807 memcpy(ctx->ext.tick_hmac_key,
3808 keys + sizeof(ctx->ext.tick_key_name),
3809 sizeof(ctx->ext.tick_hmac_key));
3810 memcpy(ctx->ext.tick_aes_key,
3811 keys + sizeof(ctx->ext.tick_key_name) +
3812 sizeof(ctx->ext.tick_hmac_key),
3813 sizeof(ctx->ext.tick_aes_key));
3815 memcpy(keys, ctx->ext.tick_key_name,
3816 sizeof(ctx->ext.tick_key_name));
3817 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3818 ctx->ext.tick_hmac_key,
3819 sizeof(ctx->ext.tick_hmac_key));
3820 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3821 sizeof(ctx->ext.tick_hmac_key),
3822 ctx->ext.tick_aes_key,
3823 sizeof(ctx->ext.tick_aes_key));
3828 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3829 return ctx->ext.status_type;
3831 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3832 ctx->ext.status_type = larg;
3835 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3836 ctx->ext.status_arg = parg;
3839 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3840 *(void**)parg = ctx->ext.status_arg;
3843 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3844 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3847 #ifndef OPENSSL_NO_SRP
3848 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3849 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3850 OPENSSL_free(ctx->srp_ctx.login);
3851 ctx->srp_ctx.login = NULL;
3854 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3855 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3858 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3859 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3863 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3864 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3865 srp_password_from_info_cb;
3866 if (ctx->srp_ctx.info != NULL)
3867 OPENSSL_free(ctx->srp_ctx.info);
3868 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3869 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3873 case SSL_CTRL_SET_SRP_ARG:
3874 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3875 ctx->srp_ctx.SRP_cb_arg = parg;
3878 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3879 ctx->srp_ctx.strength = larg;
3883 #ifndef OPENSSL_NO_EC
3884 case SSL_CTRL_SET_GROUPS:
3885 return tls1_set_groups(&ctx->ext.supportedgroups,
3886 &ctx->ext.supportedgroups_len,
3889 case SSL_CTRL_SET_GROUPS_LIST:
3890 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3891 &ctx->ext.supportedgroups_len,
3894 case SSL_CTRL_SET_SIGALGS:
3895 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3897 case SSL_CTRL_SET_SIGALGS_LIST:
3898 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3900 case SSL_CTRL_SET_CLIENT_SIGALGS:
3901 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3903 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3904 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3906 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3907 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3909 case SSL_CTRL_BUILD_CERT_CHAIN:
3910 return ssl_build_cert_chain(NULL, ctx, larg);
3912 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3913 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3915 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3916 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3918 /* A Thawte special :-) */
3919 case SSL_CTRL_EXTRA_CHAIN_CERT:
3920 if (ctx->extra_certs == NULL) {
3921 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3922 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3926 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3927 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3932 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3933 if (ctx->extra_certs == NULL && larg == 0)
3934 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3936 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3939 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3940 sk_X509_pop_free(ctx->extra_certs, X509_free);
3941 ctx->extra_certs = NULL;
3944 case SSL_CTRL_CHAIN:
3946 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3948 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3950 case SSL_CTRL_CHAIN_CERT:
3952 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3954 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3956 case SSL_CTRL_GET_CHAIN_CERTS:
3957 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3960 case SSL_CTRL_SELECT_CURRENT_CERT:
3961 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3963 case SSL_CTRL_SET_CURRENT_CERT:
3964 return ssl_cert_set_current(ctx->cert, larg);
3972 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3975 #ifndef OPENSSL_NO_DH
3976 case SSL_CTRL_SET_TMP_DH_CB:
3978 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3982 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3983 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3986 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3987 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3990 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3991 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3994 HMAC_CTX *, int))fp;
3997 #ifndef OPENSSL_NO_SRP
3998 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3999 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4000 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4002 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4003 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4004 ctx->srp_ctx.TLS_ext_srp_username_callback =
4005 (int (*)(SSL *, int *, void *))fp;
4007 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4008 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4009 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4010 (char *(*)(SSL *, void *))fp;
4013 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4015 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4024 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4027 const SSL_CIPHER *cp;
4030 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4033 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4036 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4038 SSL_CIPHER *c = NULL;
4039 SSL_CIPHER *tbl = ssl3_ciphers;
4042 /* this is not efficient, necessary to optimize this? */
4043 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
4044 if (tbl->stdname == NULL)
4046 if (strcmp(stdname, tbl->stdname) == 0) {
4053 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4054 if (strcmp(stdname, tbl->stdname) == 0) {
4064 * This function needs to check if the ciphers required are actually
4067 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4069 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4070 | ((uint32_t)p[0] << 8L)
4074 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4076 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4081 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4089 * ssl3_choose_cipher - choose a cipher from those offered by the client
4090 * @s: SSL connection
4091 * @clnt: ciphers offered by the client
4092 * @srvr: ciphers enabled on the server?
4094 * Returns the selected cipher or NULL when no common ciphers.
4096 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4097 STACK_OF(SSL_CIPHER) *srvr)
4099 const SSL_CIPHER *c, *ret = NULL;
4100 STACK_OF(SSL_CIPHER) *prio, *allow;
4102 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4103 #ifndef OPENSSL_NO_CHACHA
4104 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4107 /* Let's see which ciphers we can support */
4110 * Do not set the compare functions, because this may lead to a
4111 * reordering by "id". We want to keep the original ordering. We may pay
4112 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4113 * pay with the price of sk_SSL_CIPHER_dup().
4117 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4119 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4120 c = sk_SSL_CIPHER_value(srvr, i);
4121 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4123 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4125 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4126 c = sk_SSL_CIPHER_value(clnt, i);
4127 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4131 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4132 if (tls1_suiteb(s)) {
4135 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4138 #ifndef OPENSSL_NO_CHACHA
4139 /* If ChaCha20 is at the top of the client preference list,
4140 and there are ChaCha20 ciphers in the server list, then
4141 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4142 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4143 c = sk_SSL_CIPHER_value(clnt, 0);
4144 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4145 /* ChaCha20 is client preferred, check server... */
4146 int num = sk_SSL_CIPHER_num(srvr);
4148 for (i = 0; i < num; i++) {
4149 c = sk_SSL_CIPHER_value(srvr, i);
4150 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4156 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4157 /* if reserve fails, then there's likely a memory issue */
4158 if (prio_chacha != NULL) {
4159 /* Put all ChaCha20 at the top, starting with the one we just found */
4160 sk_SSL_CIPHER_push(prio_chacha, c);
4161 for (i++; i < num; i++) {
4162 c = sk_SSL_CIPHER_value(srvr, i);
4163 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4164 sk_SSL_CIPHER_push(prio_chacha, c);
4166 /* Pull in the rest */
4167 for (i = 0; i < num; i++) {
4168 c = sk_SSL_CIPHER_value(srvr, i);
4169 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4170 sk_SSL_CIPHER_push(prio_chacha, c);
4183 if (!SSL_IS_TLS13(s)) {
4184 tls1_set_cert_validity(s);
4188 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4189 c = sk_SSL_CIPHER_value(prio, i);
4191 /* Skip ciphers not supported by the protocol version */
4192 if (!SSL_IS_DTLS(s) &&
4193 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4195 if (SSL_IS_DTLS(s) &&
4196 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4197 DTLS_VERSION_GT(s->version, c->max_dtls)))
4201 * Since TLS 1.3 ciphersuites can be used with any auth or
4202 * key exchange scheme skip tests.
4204 if (!SSL_IS_TLS13(s)) {
4205 mask_k = s->s3->tmp.mask_k;
4206 mask_a = s->s3->tmp.mask_a;
4207 #ifndef OPENSSL_NO_SRP
4208 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4214 alg_k = c->algorithm_mkey;
4215 alg_a = c->algorithm_auth;
4217 #ifndef OPENSSL_NO_PSK
4218 /* with PSK there must be server callback set */
4219 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4221 #endif /* OPENSSL_NO_PSK */
4223 ok = (alg_k & mask_k) && (alg_a & mask_a);
4225 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4226 alg_a, mask_k, mask_a, (void *)c, c->name);
4229 #ifndef OPENSSL_NO_EC
4231 * if we are considering an ECC cipher suite that uses an ephemeral
4234 if (alg_k & SSL_kECDHE)
4235 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4236 #endif /* OPENSSL_NO_EC */
4241 ii = sk_SSL_CIPHER_find(allow, c);
4243 /* Check security callback permits this cipher */
4244 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4245 c->strength_bits, 0, (void *)c))
4247 #if !defined(OPENSSL_NO_EC)
4248 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4249 && s->s3->is_probably_safari) {
4251 ret = sk_SSL_CIPHER_value(allow, ii);
4255 ret = sk_SSL_CIPHER_value(allow, ii);
4259 #ifndef OPENSSL_NO_CHACHA
4260 sk_SSL_CIPHER_free(prio_chacha);
4265 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4267 uint32_t alg_k, alg_a = 0;
4269 /* If we have custom certificate types set, use them */
4271 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4272 /* Get mask of algorithms disabled by signature list */
4273 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4275 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4277 #ifndef OPENSSL_NO_GOST
4278 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4279 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4280 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4281 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4284 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4285 #ifndef OPENSSL_NO_DH
4286 # ifndef OPENSSL_NO_RSA
4287 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4290 # ifndef OPENSSL_NO_DSA
4291 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4294 #endif /* !OPENSSL_NO_DH */
4296 #ifndef OPENSSL_NO_RSA
4297 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4300 #ifndef OPENSSL_NO_DSA
4301 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4304 #ifndef OPENSSL_NO_EC
4306 * ECDSA certs can be used with RSA cipher suites too so we don't
4307 * need to check for SSL_kECDH or SSL_kECDHE
4309 if (s->version >= TLS1_VERSION
4310 && !(alg_a & SSL_aECDSA)
4311 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4317 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4319 OPENSSL_free(c->ctype);
4322 if (p == NULL || len == 0)
4326 c->ctype = OPENSSL_memdup(p, len);
4327 if (c->ctype == NULL)
4333 int ssl3_shutdown(SSL *s)
4338 * Don't do anything much if we have not done the handshake or we don't
4339 * want to send messages :-)
4341 if (s->quiet_shutdown || SSL_in_before(s)) {
4342 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4346 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4347 s->shutdown |= SSL_SENT_SHUTDOWN;
4348 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4350 * our shutdown alert has been sent now, and if it still needs to be
4351 * written, s->s3->alert_dispatch will be true
4353 if (s->s3->alert_dispatch)
4354 return -1; /* return WANT_WRITE */
4355 } else if (s->s3->alert_dispatch) {
4356 /* resend it if not sent */
4357 ret = s->method->ssl_dispatch_alert(s);
4360 * we only get to return -1 here the 2nd/Nth invocation, we must
4361 * have already signalled return 0 upon a previous invocation,
4366 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4369 * If we are waiting for a close from our peer, we are closed
4371 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4372 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4373 return -1; /* return WANT_READ */
4377 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4378 !s->s3->alert_dispatch)
4384 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4387 if (s->s3->renegotiate)
4388 ssl3_renegotiate_check(s, 0);
4390 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4394 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4400 if (s->s3->renegotiate)
4401 ssl3_renegotiate_check(s, 0);
4402 s->s3->in_read_app_data = 1;
4404 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4406 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4408 * ssl3_read_bytes decided to call s->handshake_func, which called
4409 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4410 * actually found application data and thinks that application data
4411 * makes sense here; so disable handshake processing and try to read
4412 * application data again.
4414 ossl_statem_set_in_handshake(s, 1);
4416 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4417 len, peek, readbytes);
4418 ossl_statem_set_in_handshake(s, 0);
4420 s->s3->in_read_app_data = 0;
4425 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4427 return ssl3_read_internal(s, buf, len, 0, readbytes);
4430 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4432 return ssl3_read_internal(s, buf, len, 1, readbytes);
4435 int ssl3_renegotiate(SSL *s)
4437 if (s->handshake_func == NULL)
4440 s->s3->renegotiate = 1;
4445 * Check if we are waiting to do a renegotiation and if so whether now is a
4446 * good time to do it. If |initok| is true then we are being called from inside
4447 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4448 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4449 * should do a renegotiation now and sets up the state machine for it. Otherwise
4452 int ssl3_renegotiate_check(SSL *s, int initok)
4456 if (s->s3->renegotiate) {
4457 if (!RECORD_LAYER_read_pending(&s->rlayer)
4458 && !RECORD_LAYER_write_pending(&s->rlayer)
4459 && (initok || !SSL_in_init(s))) {
4461 * if we are the server, and we have sent a 'RENEGOTIATE'
4462 * message, we need to set the state machine into the renegotiate
4465 ossl_statem_set_renegotiate(s);
4466 s->s3->renegotiate = 0;
4467 s->s3->num_renegotiations++;
4468 s->s3->total_renegotiations++;
4476 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4477 * handshake macs if required.
4479 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4481 long ssl_get_algorithm2(SSL *s)
4484 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4486 alg2 = s->s3->tmp.new_cipher->algorithm2;
4487 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4488 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4489 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4490 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4491 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4492 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4498 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4499 * failure, 1 on success.
4501 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4504 int send_time = 0, ret;
4509 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4511 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4513 unsigned long Time = (unsigned long)time(NULL);
4514 unsigned char *p = result;
4517 ret = ssl_randbytes(s, p, len - 4);
4519 ret = ssl_randbytes(s, result, len);
4521 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4523 if (!ossl_assert(sizeof(tls11downgrade) < len)
4524 || !ossl_assert(sizeof(tls12downgrade) < len))
4526 if (dgrd == DOWNGRADE_TO_1_2)
4527 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4528 sizeof(tls12downgrade));
4529 else if (dgrd == DOWNGRADE_TO_1_1)
4530 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4531 sizeof(tls11downgrade));
4537 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4540 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4543 if (alg_k & SSL_PSK) {
4544 #ifndef OPENSSL_NO_PSK
4545 unsigned char *pskpms, *t;
4546 size_t psklen = s->s3->tmp.psklen;
4549 /* create PSK premaster_secret */
4551 /* For plain PSK "other_secret" is psklen zeroes */
4552 if (alg_k & SSL_kPSK)
4555 pskpmslen = 4 + pmslen + psklen;
4556 pskpms = OPENSSL_malloc(pskpmslen);
4561 if (alg_k & SSL_kPSK)
4562 memset(t, 0, pmslen);
4564 memcpy(t, pms, pmslen);
4567 memcpy(t, s->s3->tmp.psk, psklen);
4569 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4570 s->s3->tmp.psk = NULL;
4571 if (!s->method->ssl3_enc->generate_master_secret(s,
4572 s->session->master_key,pskpms, pskpmslen,
4573 &s->session->master_key_length)) {
4574 /* SSLfatal() already called */
4577 OPENSSL_clear_free(pskpms, pskpmslen);
4579 /* Should never happen */
4583 if (!s->method->ssl3_enc->generate_master_secret(s,
4584 s->session->master_key, pms, pmslen,
4585 &s->session->master_key_length)) {
4586 /* SSLfatal() already called */
4595 OPENSSL_clear_free(pms, pmslen);
4597 OPENSSL_cleanse(pms, pmslen);
4600 s->s3->tmp.pms = NULL;
4604 /* Generate a private key from parameters */
4605 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4607 EVP_PKEY_CTX *pctx = NULL;
4608 EVP_PKEY *pkey = NULL;
4612 pctx = EVP_PKEY_CTX_new(pm, NULL);
4615 if (EVP_PKEY_keygen_init(pctx) <= 0)
4617 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4618 EVP_PKEY_free(pkey);
4623 EVP_PKEY_CTX_free(pctx);
4626 #ifndef OPENSSL_NO_EC
4627 /* Generate a private key from a group ID */
4628 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4630 EVP_PKEY_CTX *pctx = NULL;
4631 EVP_PKEY *pkey = NULL;
4632 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4636 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4637 ERR_R_INTERNAL_ERROR);
4640 gtype = ginf->flags & TLS_CURVE_TYPE;
4641 if (gtype == TLS_CURVE_CUSTOM)
4642 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4644 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4646 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4647 ERR_R_MALLOC_FAILURE);
4650 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4651 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4655 if (gtype != TLS_CURVE_CUSTOM
4656 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4657 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4661 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4662 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4664 EVP_PKEY_free(pkey);
4669 EVP_PKEY_CTX_free(pctx);
4674 * Generate parameters from a group ID
4676 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4678 EVP_PKEY_CTX *pctx = NULL;
4679 EVP_PKEY *pkey = NULL;
4680 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4685 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4686 pkey = EVP_PKEY_new();
4687 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4689 EVP_PKEY_free(pkey);
4693 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4696 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4698 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4700 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4701 EVP_PKEY_free(pkey);
4706 EVP_PKEY_CTX_free(pctx);
4711 /* Derive secrets for ECDH/DH */
4712 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4715 unsigned char *pms = NULL;
4719 if (privkey == NULL || pubkey == NULL) {
4720 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4721 ERR_R_INTERNAL_ERROR);
4725 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4727 if (EVP_PKEY_derive_init(pctx) <= 0
4728 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4729 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4730 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4731 ERR_R_INTERNAL_ERROR);
4735 pms = OPENSSL_malloc(pmslen);
4737 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4738 ERR_R_MALLOC_FAILURE);
4742 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4743 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4744 ERR_R_INTERNAL_ERROR);
4749 /* SSLfatal() called as appropriate in the below functions */
4750 if (SSL_IS_TLS13(s)) {
4752 * If we are resuming then we already generated the early secret
4753 * when we created the ClientHello, so don't recreate it.
4756 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4758 (unsigned char *)&s->early_secret);
4762 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4764 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4767 /* Save premaster secret */
4768 s->s3->tmp.pms = pms;
4769 s->s3->tmp.pmslen = pmslen;
4775 OPENSSL_clear_free(pms, pmslen);
4776 EVP_PKEY_CTX_free(pctx);
4780 #ifndef OPENSSL_NO_DH
4781 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4786 ret = EVP_PKEY_new();
4787 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {