2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
17 #include <openssl/md5.h>
18 #include <openssl/dh.h>
19 #include <openssl/rand.h>
20 #include "internal/cryptlib.h"
22 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
23 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
25 /* TLSv1.3 downgrade protection sentinel values */
26 const unsigned char tls11downgrade[] = {
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
29 const unsigned char tls12downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
34 * The list of available ciphers, mostly organized into the following
39 * SRP (within that: RSA EC PSK)
40 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
43 static SSL_CIPHER ssl3_ciphers[] = {
46 SSL3_TXT_RSA_NULL_MD5,
47 SSL3_RFC_RSA_NULL_MD5,
53 SSL3_VERSION, TLS1_2_VERSION,
54 DTLS1_BAD_VER, DTLS1_2_VERSION,
56 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
62 SSL3_TXT_RSA_NULL_SHA,
63 SSL3_RFC_RSA_NULL_SHA,
69 SSL3_VERSION, TLS1_2_VERSION,
70 DTLS1_BAD_VER, DTLS1_2_VERSION,
71 SSL_STRONG_NONE | SSL_FIPS,
72 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
76 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
79 SSL3_TXT_RSA_DES_192_CBC3_SHA,
80 SSL3_RFC_RSA_DES_192_CBC3_SHA,
81 SSL3_CK_RSA_DES_192_CBC3_SHA,
86 SSL3_VERSION, TLS1_2_VERSION,
87 DTLS1_BAD_VER, DTLS1_2_VERSION,
88 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
89 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
95 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
97 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
102 SSL3_VERSION, TLS1_2_VERSION,
103 DTLS1_BAD_VER, DTLS1_2_VERSION,
104 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
105 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
111 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
113 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
118 SSL3_VERSION, TLS1_2_VERSION,
119 DTLS1_BAD_VER, DTLS1_2_VERSION,
120 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
121 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
127 SSL3_TXT_ADH_DES_192_CBC_SHA,
128 SSL3_RFC_ADH_DES_192_CBC_SHA,
129 SSL3_CK_ADH_DES_192_CBC_SHA,
134 SSL3_VERSION, TLS1_2_VERSION,
135 DTLS1_BAD_VER, DTLS1_2_VERSION,
136 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
137 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
144 TLS1_TXT_RSA_WITH_AES_128_SHA,
145 TLS1_RFC_RSA_WITH_AES_128_SHA,
146 TLS1_CK_RSA_WITH_AES_128_SHA,
151 SSL3_VERSION, TLS1_2_VERSION,
152 DTLS1_BAD_VER, DTLS1_2_VERSION,
154 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
160 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
162 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
167 SSL3_VERSION, TLS1_2_VERSION,
168 DTLS1_BAD_VER, DTLS1_2_VERSION,
169 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
170 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
178 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
183 SSL3_VERSION, TLS1_2_VERSION,
184 DTLS1_BAD_VER, DTLS1_2_VERSION,
186 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
192 TLS1_TXT_ADH_WITH_AES_128_SHA,
193 TLS1_RFC_ADH_WITH_AES_128_SHA,
194 TLS1_CK_ADH_WITH_AES_128_SHA,
199 SSL3_VERSION, TLS1_2_VERSION,
200 DTLS1_BAD_VER, DTLS1_2_VERSION,
201 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
202 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
208 TLS1_TXT_RSA_WITH_AES_256_SHA,
209 TLS1_RFC_RSA_WITH_AES_256_SHA,
210 TLS1_CK_RSA_WITH_AES_256_SHA,
215 SSL3_VERSION, TLS1_2_VERSION,
216 DTLS1_BAD_VER, DTLS1_2_VERSION,
218 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
224 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
226 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
231 SSL3_VERSION, TLS1_2_VERSION,
232 DTLS1_BAD_VER, DTLS1_2_VERSION,
233 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
234 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
240 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
242 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
247 SSL3_VERSION, TLS1_2_VERSION,
248 DTLS1_BAD_VER, DTLS1_2_VERSION,
250 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256 TLS1_TXT_ADH_WITH_AES_256_SHA,
257 TLS1_RFC_ADH_WITH_AES_256_SHA,
258 TLS1_CK_ADH_WITH_AES_256_SHA,
263 SSL3_VERSION, TLS1_2_VERSION,
264 DTLS1_BAD_VER, DTLS1_2_VERSION,
265 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
266 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
272 TLS1_TXT_RSA_WITH_NULL_SHA256,
273 TLS1_RFC_RSA_WITH_NULL_SHA256,
274 TLS1_CK_RSA_WITH_NULL_SHA256,
279 TLS1_2_VERSION, TLS1_2_VERSION,
280 DTLS1_2_VERSION, DTLS1_2_VERSION,
281 SSL_STRONG_NONE | SSL_FIPS,
282 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
288 TLS1_TXT_RSA_WITH_AES_128_SHA256,
289 TLS1_RFC_RSA_WITH_AES_128_SHA256,
290 TLS1_CK_RSA_WITH_AES_128_SHA256,
295 TLS1_2_VERSION, TLS1_2_VERSION,
296 DTLS1_2_VERSION, DTLS1_2_VERSION,
298 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
304 TLS1_TXT_RSA_WITH_AES_256_SHA256,
305 TLS1_RFC_RSA_WITH_AES_256_SHA256,
306 TLS1_CK_RSA_WITH_AES_256_SHA256,
311 TLS1_2_VERSION, TLS1_2_VERSION,
312 DTLS1_2_VERSION, DTLS1_2_VERSION,
314 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
320 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
322 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
327 TLS1_2_VERSION, TLS1_2_VERSION,
328 DTLS1_2_VERSION, DTLS1_2_VERSION,
329 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
336 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
338 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
343 TLS1_2_VERSION, TLS1_2_VERSION,
344 DTLS1_2_VERSION, DTLS1_2_VERSION,
346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
352 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
354 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
359 TLS1_2_VERSION, TLS1_2_VERSION,
360 DTLS1_2_VERSION, DTLS1_2_VERSION,
361 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
370 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
375 TLS1_2_VERSION, TLS1_2_VERSION,
376 DTLS1_2_VERSION, DTLS1_2_VERSION,
378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
384 TLS1_TXT_ADH_WITH_AES_128_SHA256,
385 TLS1_RFC_ADH_WITH_AES_128_SHA256,
386 TLS1_CK_ADH_WITH_AES_128_SHA256,
391 TLS1_2_VERSION, TLS1_2_VERSION,
392 DTLS1_2_VERSION, DTLS1_2_VERSION,
393 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
394 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
400 TLS1_TXT_ADH_WITH_AES_256_SHA256,
401 TLS1_RFC_ADH_WITH_AES_256_SHA256,
402 TLS1_CK_ADH_WITH_AES_256_SHA256,
407 TLS1_2_VERSION, TLS1_2_VERSION,
408 DTLS1_2_VERSION, DTLS1_2_VERSION,
409 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
410 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
418 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
423 TLS1_2_VERSION, TLS1_2_VERSION,
424 DTLS1_2_VERSION, DTLS1_2_VERSION,
426 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
432 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
434 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
439 TLS1_2_VERSION, TLS1_2_VERSION,
440 DTLS1_2_VERSION, DTLS1_2_VERSION,
442 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
448 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
450 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
455 TLS1_2_VERSION, TLS1_2_VERSION,
456 DTLS1_2_VERSION, DTLS1_2_VERSION,
458 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
464 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
466 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
471 TLS1_2_VERSION, TLS1_2_VERSION,
472 DTLS1_2_VERSION, DTLS1_2_VERSION,
474 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
480 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
482 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
487 TLS1_2_VERSION, TLS1_2_VERSION,
488 DTLS1_2_VERSION, DTLS1_2_VERSION,
489 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
490 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
496 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
498 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
503 TLS1_2_VERSION, TLS1_2_VERSION,
504 DTLS1_2_VERSION, DTLS1_2_VERSION,
505 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
506 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
512 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
514 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
519 TLS1_2_VERSION, TLS1_2_VERSION,
520 DTLS1_2_VERSION, DTLS1_2_VERSION,
521 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
522 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
528 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
530 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
535 TLS1_2_VERSION, TLS1_2_VERSION,
536 DTLS1_2_VERSION, DTLS1_2_VERSION,
537 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
538 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
544 TLS1_TXT_RSA_WITH_AES_128_CCM,
545 TLS1_RFC_RSA_WITH_AES_128_CCM,
546 TLS1_CK_RSA_WITH_AES_128_CCM,
551 TLS1_2_VERSION, TLS1_2_VERSION,
552 DTLS1_2_VERSION, DTLS1_2_VERSION,
553 SSL_NOT_DEFAULT | SSL_HIGH,
554 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
560 TLS1_TXT_RSA_WITH_AES_256_CCM,
561 TLS1_RFC_RSA_WITH_AES_256_CCM,
562 TLS1_CK_RSA_WITH_AES_256_CCM,
567 TLS1_2_VERSION, TLS1_2_VERSION,
568 DTLS1_2_VERSION, DTLS1_2_VERSION,
569 SSL_NOT_DEFAULT | SSL_HIGH,
570 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
576 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
578 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
583 TLS1_2_VERSION, TLS1_2_VERSION,
584 DTLS1_2_VERSION, DTLS1_2_VERSION,
585 SSL_NOT_DEFAULT | SSL_HIGH,
586 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
592 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
594 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
599 TLS1_2_VERSION, TLS1_2_VERSION,
600 DTLS1_2_VERSION, DTLS1_2_VERSION,
601 SSL_NOT_DEFAULT | SSL_HIGH,
602 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
609 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
610 TLS1_CK_RSA_WITH_AES_128_CCM_8,
615 TLS1_2_VERSION, TLS1_2_VERSION,
616 DTLS1_2_VERSION, DTLS1_2_VERSION,
617 SSL_NOT_DEFAULT | SSL_HIGH,
618 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
624 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
625 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
626 TLS1_CK_RSA_WITH_AES_256_CCM_8,
631 TLS1_2_VERSION, TLS1_2_VERSION,
632 DTLS1_2_VERSION, DTLS1_2_VERSION,
633 SSL_NOT_DEFAULT | SSL_HIGH,
634 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
640 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
642 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
647 TLS1_2_VERSION, TLS1_2_VERSION,
648 DTLS1_2_VERSION, DTLS1_2_VERSION,
649 SSL_NOT_DEFAULT | SSL_HIGH,
650 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
656 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
658 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
663 TLS1_2_VERSION, TLS1_2_VERSION,
664 DTLS1_2_VERSION, DTLS1_2_VERSION,
665 SSL_NOT_DEFAULT | SSL_HIGH,
666 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
672 TLS1_TXT_PSK_WITH_AES_128_CCM,
673 TLS1_RFC_PSK_WITH_AES_128_CCM,
674 TLS1_CK_PSK_WITH_AES_128_CCM,
679 TLS1_2_VERSION, TLS1_2_VERSION,
680 DTLS1_2_VERSION, DTLS1_2_VERSION,
681 SSL_NOT_DEFAULT | SSL_HIGH,
682 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688 TLS1_TXT_PSK_WITH_AES_256_CCM,
689 TLS1_RFC_PSK_WITH_AES_256_CCM,
690 TLS1_CK_PSK_WITH_AES_256_CCM,
695 TLS1_2_VERSION, TLS1_2_VERSION,
696 DTLS1_2_VERSION, DTLS1_2_VERSION,
697 SSL_NOT_DEFAULT | SSL_HIGH,
698 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
704 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
706 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
711 TLS1_2_VERSION, TLS1_2_VERSION,
712 DTLS1_2_VERSION, DTLS1_2_VERSION,
713 SSL_NOT_DEFAULT | SSL_HIGH,
714 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
720 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
722 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
727 TLS1_2_VERSION, TLS1_2_VERSION,
728 DTLS1_2_VERSION, DTLS1_2_VERSION,
729 SSL_NOT_DEFAULT | SSL_HIGH,
730 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
736 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
737 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
738 TLS1_CK_PSK_WITH_AES_128_CCM_8,
743 TLS1_2_VERSION, TLS1_2_VERSION,
744 DTLS1_2_VERSION, DTLS1_2_VERSION,
745 SSL_NOT_DEFAULT | SSL_HIGH,
746 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
752 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
753 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
754 TLS1_CK_PSK_WITH_AES_256_CCM_8,
759 TLS1_2_VERSION, TLS1_2_VERSION,
760 DTLS1_2_VERSION, DTLS1_2_VERSION,
761 SSL_NOT_DEFAULT | SSL_HIGH,
762 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
768 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
770 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
775 TLS1_2_VERSION, TLS1_2_VERSION,
776 DTLS1_2_VERSION, DTLS1_2_VERSION,
777 SSL_NOT_DEFAULT | SSL_HIGH,
778 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
784 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
786 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
791 TLS1_2_VERSION, TLS1_2_VERSION,
792 DTLS1_2_VERSION, DTLS1_2_VERSION,
793 SSL_NOT_DEFAULT | SSL_HIGH,
794 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
800 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
802 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
807 TLS1_2_VERSION, TLS1_2_VERSION,
808 DTLS1_2_VERSION, DTLS1_2_VERSION,
809 SSL_NOT_DEFAULT | SSL_HIGH,
810 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
816 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
818 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
823 TLS1_2_VERSION, TLS1_2_VERSION,
824 DTLS1_2_VERSION, DTLS1_2_VERSION,
825 SSL_NOT_DEFAULT | SSL_HIGH,
826 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
832 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
834 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
839 TLS1_2_VERSION, TLS1_2_VERSION,
840 DTLS1_2_VERSION, DTLS1_2_VERSION,
841 SSL_NOT_DEFAULT | SSL_HIGH,
842 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
848 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
850 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
855 TLS1_2_VERSION, TLS1_2_VERSION,
856 DTLS1_2_VERSION, DTLS1_2_VERSION,
857 SSL_NOT_DEFAULT | SSL_HIGH,
858 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
864 TLS1_3_TXT_AES_128_GCM_SHA256,
865 TLS1_3_RFC_AES_128_GCM_SHA256,
866 TLS1_3_CK_AES_128_GCM_SHA256,
870 TLS1_3_VERSION, TLS1_3_VERSION,
874 SSL_HANDSHAKE_MAC_SHA256,
880 TLS1_3_TXT_AES_256_GCM_SHA384,
881 TLS1_3_RFC_AES_256_GCM_SHA384,
882 TLS1_3_CK_AES_256_GCM_SHA384,
887 TLS1_3_VERSION, TLS1_3_VERSION,
890 SSL_HANDSHAKE_MAC_SHA384,
894 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
897 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
898 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
899 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
902 SSL_CHACHA20POLY1305,
904 TLS1_3_VERSION, TLS1_3_VERSION,
907 SSL_HANDSHAKE_MAC_SHA256,
914 TLS1_3_TXT_AES_128_CCM_SHA256,
915 TLS1_3_RFC_AES_128_CCM_SHA256,
916 TLS1_3_CK_AES_128_CCM_SHA256,
921 TLS1_3_VERSION, TLS1_3_VERSION,
923 SSL_NOT_DEFAULT | SSL_HIGH,
924 SSL_HANDSHAKE_MAC_SHA256,
930 TLS1_3_TXT_AES_128_CCM_8_SHA256,
931 TLS1_3_RFC_AES_128_CCM_8_SHA256,
932 TLS1_3_CK_AES_128_CCM_8_SHA256,
937 TLS1_3_VERSION, TLS1_3_VERSION,
939 SSL_NOT_DEFAULT | SSL_HIGH,
940 SSL_HANDSHAKE_MAC_SHA256,
945 #ifndef OPENSSL_NO_EC
948 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
955 TLS1_VERSION, TLS1_2_VERSION,
956 DTLS1_BAD_VER, DTLS1_2_VERSION,
957 SSL_STRONG_NONE | SSL_FIPS,
958 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
962 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
965 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
972 TLS1_VERSION, TLS1_2_VERSION,
973 DTLS1_BAD_VER, DTLS1_2_VERSION,
974 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
975 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
982 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
989 TLS1_VERSION, TLS1_2_VERSION,
990 DTLS1_BAD_VER, DTLS1_2_VERSION,
992 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
998 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1005 TLS1_VERSION, TLS1_2_VERSION,
1006 DTLS1_BAD_VER, DTLS1_2_VERSION,
1007 SSL_HIGH | SSL_FIPS,
1008 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1014 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1021 TLS1_VERSION, TLS1_2_VERSION,
1022 DTLS1_BAD_VER, DTLS1_2_VERSION,
1023 SSL_STRONG_NONE | SSL_FIPS,
1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1028 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1031 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1038 TLS1_VERSION, TLS1_2_VERSION,
1039 DTLS1_BAD_VER, DTLS1_2_VERSION,
1040 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1048 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1055 TLS1_VERSION, TLS1_2_VERSION,
1056 DTLS1_BAD_VER, DTLS1_2_VERSION,
1057 SSL_HIGH | SSL_FIPS,
1058 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1064 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1071 TLS1_VERSION, TLS1_2_VERSION,
1072 DTLS1_BAD_VER, DTLS1_2_VERSION,
1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1080 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1087 TLS1_VERSION, TLS1_2_VERSION,
1088 DTLS1_BAD_VER, DTLS1_2_VERSION,
1089 SSL_STRONG_NONE | SSL_FIPS,
1090 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1094 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1097 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1104 TLS1_VERSION, TLS1_2_VERSION,
1105 DTLS1_BAD_VER, DTLS1_2_VERSION,
1106 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1107 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1121 TLS1_VERSION, TLS1_2_VERSION,
1122 DTLS1_BAD_VER, DTLS1_2_VERSION,
1123 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1130 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1137 TLS1_VERSION, TLS1_2_VERSION,
1138 DTLS1_BAD_VER, DTLS1_2_VERSION,
1139 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1146 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1153 TLS1_2_VERSION, TLS1_2_VERSION,
1154 DTLS1_2_VERSION, DTLS1_2_VERSION,
1155 SSL_HIGH | SSL_FIPS,
1156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1162 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1169 TLS1_2_VERSION, TLS1_2_VERSION,
1170 DTLS1_2_VERSION, DTLS1_2_VERSION,
1171 SSL_HIGH | SSL_FIPS,
1172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1178 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1185 TLS1_2_VERSION, TLS1_2_VERSION,
1186 DTLS1_2_VERSION, DTLS1_2_VERSION,
1187 SSL_HIGH | SSL_FIPS,
1188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1194 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1201 TLS1_2_VERSION, TLS1_2_VERSION,
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,
1203 SSL_HIGH | SSL_FIPS,
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1210 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1217 TLS1_2_VERSION, TLS1_2_VERSION,
1218 DTLS1_2_VERSION, DTLS1_2_VERSION,
1219 SSL_HIGH | SSL_FIPS,
1220 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1226 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1233 TLS1_2_VERSION, TLS1_2_VERSION,
1234 DTLS1_2_VERSION, DTLS1_2_VERSION,
1235 SSL_HIGH | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1242 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1249 TLS1_2_VERSION, TLS1_2_VERSION,
1250 DTLS1_2_VERSION, DTLS1_2_VERSION,
1251 SSL_HIGH | SSL_FIPS,
1252 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1258 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1265 TLS1_2_VERSION, TLS1_2_VERSION,
1266 DTLS1_2_VERSION, DTLS1_2_VERSION,
1267 SSL_HIGH | SSL_FIPS,
1268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1272 #endif /* OPENSSL_NO_EC */
1274 #ifndef OPENSSL_NO_PSK
1277 TLS1_TXT_PSK_WITH_NULL_SHA,
1278 TLS1_RFC_PSK_WITH_NULL_SHA,
1279 TLS1_CK_PSK_WITH_NULL_SHA,
1284 SSL3_VERSION, TLS1_2_VERSION,
1285 DTLS1_BAD_VER, DTLS1_2_VERSION,
1286 SSL_STRONG_NONE | SSL_FIPS,
1287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1293 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1294 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1295 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1300 SSL3_VERSION, TLS1_2_VERSION,
1301 DTLS1_BAD_VER, DTLS1_2_VERSION,
1302 SSL_STRONG_NONE | SSL_FIPS,
1303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1309 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1310 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1311 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1316 SSL3_VERSION, TLS1_2_VERSION,
1317 DTLS1_BAD_VER, DTLS1_2_VERSION,
1318 SSL_STRONG_NONE | SSL_FIPS,
1319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1323 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1326 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1327 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1328 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1333 SSL3_VERSION, TLS1_2_VERSION,
1334 DTLS1_BAD_VER, DTLS1_2_VERSION,
1335 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1343 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1344 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1345 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1350 SSL3_VERSION, TLS1_2_VERSION,
1351 DTLS1_BAD_VER, DTLS1_2_VERSION,
1352 SSL_HIGH | SSL_FIPS,
1353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1359 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1360 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1361 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1366 SSL3_VERSION, TLS1_2_VERSION,
1367 DTLS1_BAD_VER, DTLS1_2_VERSION,
1368 SSL_HIGH | SSL_FIPS,
1369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1373 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1376 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1378 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1383 SSL3_VERSION, TLS1_2_VERSION,
1384 DTLS1_BAD_VER, DTLS1_2_VERSION,
1385 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1393 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1395 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1400 SSL3_VERSION, TLS1_2_VERSION,
1401 DTLS1_BAD_VER, DTLS1_2_VERSION,
1402 SSL_HIGH | SSL_FIPS,
1403 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1409 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1411 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1416 SSL3_VERSION, TLS1_2_VERSION,
1417 DTLS1_BAD_VER, DTLS1_2_VERSION,
1418 SSL_HIGH | SSL_FIPS,
1419 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1426 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1428 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1433 SSL3_VERSION, TLS1_2_VERSION,
1434 DTLS1_BAD_VER, DTLS1_2_VERSION,
1435 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1443 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1445 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1450 SSL3_VERSION, TLS1_2_VERSION,
1451 DTLS1_BAD_VER, DTLS1_2_VERSION,
1452 SSL_HIGH | SSL_FIPS,
1453 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1459 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1461 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1466 SSL3_VERSION, TLS1_2_VERSION,
1467 DTLS1_BAD_VER, DTLS1_2_VERSION,
1468 SSL_HIGH | SSL_FIPS,
1469 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1475 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1477 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1482 TLS1_2_VERSION, TLS1_2_VERSION,
1483 DTLS1_2_VERSION, DTLS1_2_VERSION,
1484 SSL_HIGH | SSL_FIPS,
1485 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1491 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1493 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1498 TLS1_2_VERSION, TLS1_2_VERSION,
1499 DTLS1_2_VERSION, DTLS1_2_VERSION,
1500 SSL_HIGH | SSL_FIPS,
1501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1507 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1509 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1514 TLS1_2_VERSION, TLS1_2_VERSION,
1515 DTLS1_2_VERSION, DTLS1_2_VERSION,
1516 SSL_HIGH | SSL_FIPS,
1517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1523 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1525 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1530 TLS1_2_VERSION, TLS1_2_VERSION,
1531 DTLS1_2_VERSION, DTLS1_2_VERSION,
1532 SSL_HIGH | SSL_FIPS,
1533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1539 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1541 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1546 TLS1_2_VERSION, TLS1_2_VERSION,
1547 DTLS1_2_VERSION, DTLS1_2_VERSION,
1548 SSL_HIGH | SSL_FIPS,
1549 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1555 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1557 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1562 TLS1_2_VERSION, TLS1_2_VERSION,
1563 DTLS1_2_VERSION, DTLS1_2_VERSION,
1564 SSL_HIGH | SSL_FIPS,
1565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1571 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1573 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1578 TLS1_VERSION, TLS1_2_VERSION,
1579 DTLS1_BAD_VER, DTLS1_2_VERSION,
1580 SSL_HIGH | SSL_FIPS,
1581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1587 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1589 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1594 TLS1_VERSION, TLS1_2_VERSION,
1595 DTLS1_BAD_VER, DTLS1_2_VERSION,
1596 SSL_HIGH | SSL_FIPS,
1597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1603 TLS1_TXT_PSK_WITH_NULL_SHA256,
1604 TLS1_RFC_PSK_WITH_NULL_SHA256,
1605 TLS1_CK_PSK_WITH_NULL_SHA256,
1610 TLS1_VERSION, TLS1_2_VERSION,
1611 DTLS1_BAD_VER, DTLS1_2_VERSION,
1612 SSL_STRONG_NONE | SSL_FIPS,
1613 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1619 TLS1_TXT_PSK_WITH_NULL_SHA384,
1620 TLS1_RFC_PSK_WITH_NULL_SHA384,
1621 TLS1_CK_PSK_WITH_NULL_SHA384,
1626 TLS1_VERSION, TLS1_2_VERSION,
1627 DTLS1_BAD_VER, DTLS1_2_VERSION,
1628 SSL_STRONG_NONE | SSL_FIPS,
1629 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1635 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1637 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1642 TLS1_VERSION, TLS1_2_VERSION,
1643 DTLS1_BAD_VER, DTLS1_2_VERSION,
1644 SSL_HIGH | SSL_FIPS,
1645 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1651 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1653 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1658 TLS1_VERSION, TLS1_2_VERSION,
1659 DTLS1_BAD_VER, DTLS1_2_VERSION,
1660 SSL_HIGH | SSL_FIPS,
1661 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1667 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1669 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1674 TLS1_VERSION, TLS1_2_VERSION,
1675 DTLS1_BAD_VER, DTLS1_2_VERSION,
1676 SSL_STRONG_NONE | SSL_FIPS,
1677 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1683 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1685 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1690 TLS1_VERSION, TLS1_2_VERSION,
1691 DTLS1_BAD_VER, DTLS1_2_VERSION,
1692 SSL_STRONG_NONE | SSL_FIPS,
1693 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1699 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1701 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1706 TLS1_VERSION, TLS1_2_VERSION,
1707 DTLS1_BAD_VER, DTLS1_2_VERSION,
1708 SSL_HIGH | SSL_FIPS,
1709 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1715 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1717 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1722 TLS1_VERSION, TLS1_2_VERSION,
1723 DTLS1_BAD_VER, DTLS1_2_VERSION,
1724 SSL_HIGH | SSL_FIPS,
1725 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1731 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1733 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1738 TLS1_VERSION, TLS1_2_VERSION,
1739 DTLS1_BAD_VER, DTLS1_2_VERSION,
1740 SSL_STRONG_NONE | SSL_FIPS,
1741 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1747 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1749 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1754 TLS1_VERSION, TLS1_2_VERSION,
1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
1756 SSL_STRONG_NONE | SSL_FIPS,
1757 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1761 # ifndef OPENSSL_NO_EC
1762 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1765 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1767 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1772 TLS1_VERSION, TLS1_2_VERSION,
1773 DTLS1_BAD_VER, DTLS1_2_VERSION,
1774 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1775 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1782 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1784 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1789 TLS1_VERSION, TLS1_2_VERSION,
1790 DTLS1_BAD_VER, DTLS1_2_VERSION,
1791 SSL_HIGH | SSL_FIPS,
1792 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1798 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1800 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1805 TLS1_VERSION, TLS1_2_VERSION,
1806 DTLS1_BAD_VER, DTLS1_2_VERSION,
1807 SSL_HIGH | SSL_FIPS,
1808 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1814 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1816 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1821 TLS1_VERSION, TLS1_2_VERSION,
1822 DTLS1_BAD_VER, DTLS1_2_VERSION,
1823 SSL_HIGH | SSL_FIPS,
1824 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1830 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1832 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1837 TLS1_VERSION, TLS1_2_VERSION,
1838 DTLS1_BAD_VER, DTLS1_2_VERSION,
1839 SSL_HIGH | SSL_FIPS,
1840 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1846 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1847 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1848 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1853 TLS1_VERSION, TLS1_2_VERSION,
1854 DTLS1_BAD_VER, DTLS1_2_VERSION,
1855 SSL_STRONG_NONE | SSL_FIPS,
1856 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1862 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1863 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1864 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1869 TLS1_VERSION, TLS1_2_VERSION,
1870 DTLS1_BAD_VER, DTLS1_2_VERSION,
1871 SSL_STRONG_NONE | SSL_FIPS,
1872 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1878 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1879 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1880 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1885 TLS1_VERSION, TLS1_2_VERSION,
1886 DTLS1_BAD_VER, DTLS1_2_VERSION,
1887 SSL_STRONG_NONE | SSL_FIPS,
1888 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1892 # endif /* OPENSSL_NO_EC */
1893 #endif /* OPENSSL_NO_PSK */
1895 #ifndef OPENSSL_NO_SRP
1896 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1899 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1901 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1906 SSL3_VERSION, TLS1_2_VERSION,
1907 DTLS1_BAD_VER, DTLS1_2_VERSION,
1908 SSL_NOT_DEFAULT | SSL_MEDIUM,
1909 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1915 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1917 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1922 SSL3_VERSION, TLS1_2_VERSION,
1923 DTLS1_BAD_VER, DTLS1_2_VERSION,
1924 SSL_NOT_DEFAULT | SSL_MEDIUM,
1925 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1931 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1933 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1938 SSL3_VERSION, TLS1_2_VERSION,
1939 DTLS1_BAD_VER, DTLS1_2_VERSION,
1940 SSL_NOT_DEFAULT | SSL_MEDIUM,
1941 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1948 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1950 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1955 SSL3_VERSION, TLS1_2_VERSION,
1956 DTLS1_BAD_VER, DTLS1_2_VERSION,
1958 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1964 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1966 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1971 SSL3_VERSION, TLS1_2_VERSION,
1972 DTLS1_BAD_VER, DTLS1_2_VERSION,
1974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1980 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1982 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1987 SSL3_VERSION, TLS1_2_VERSION,
1988 DTLS1_BAD_VER, DTLS1_2_VERSION,
1989 SSL_NOT_DEFAULT | SSL_HIGH,
1990 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1996 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1998 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2003 SSL3_VERSION, TLS1_2_VERSION,
2004 DTLS1_BAD_VER, DTLS1_2_VERSION,
2006 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2012 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2014 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2019 SSL3_VERSION, TLS1_2_VERSION,
2020 DTLS1_BAD_VER, DTLS1_2_VERSION,
2022 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2028 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2030 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2035 SSL3_VERSION, TLS1_2_VERSION,
2036 DTLS1_BAD_VER, DTLS1_2_VERSION,
2037 SSL_NOT_DEFAULT | SSL_HIGH,
2038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2042 #endif /* OPENSSL_NO_SRP */
2044 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2045 # ifndef OPENSSL_NO_RSA
2048 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2049 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2050 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2053 SSL_CHACHA20POLY1305,
2055 TLS1_2_VERSION, TLS1_2_VERSION,
2056 DTLS1_2_VERSION, DTLS1_2_VERSION,
2058 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2062 # endif /* OPENSSL_NO_RSA */
2064 # ifndef OPENSSL_NO_EC
2067 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2068 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2069 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2072 SSL_CHACHA20POLY1305,
2074 TLS1_2_VERSION, TLS1_2_VERSION,
2075 DTLS1_2_VERSION, DTLS1_2_VERSION,
2077 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2083 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2084 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2085 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2088 SSL_CHACHA20POLY1305,
2090 TLS1_2_VERSION, TLS1_2_VERSION,
2091 DTLS1_2_VERSION, DTLS1_2_VERSION,
2093 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2097 # endif /* OPENSSL_NO_EC */
2099 # ifndef OPENSSL_NO_PSK
2102 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2103 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2104 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2107 SSL_CHACHA20POLY1305,
2109 TLS1_2_VERSION, TLS1_2_VERSION,
2110 DTLS1_2_VERSION, DTLS1_2_VERSION,
2112 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2118 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2119 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2120 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2123 SSL_CHACHA20POLY1305,
2125 TLS1_2_VERSION, TLS1_2_VERSION,
2126 DTLS1_2_VERSION, DTLS1_2_VERSION,
2128 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2134 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2135 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2136 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2139 SSL_CHACHA20POLY1305,
2141 TLS1_2_VERSION, TLS1_2_VERSION,
2142 DTLS1_2_VERSION, DTLS1_2_VERSION,
2144 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2150 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2151 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2152 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2155 SSL_CHACHA20POLY1305,
2157 TLS1_2_VERSION, TLS1_2_VERSION,
2158 DTLS1_2_VERSION, DTLS1_2_VERSION,
2160 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2164 # endif /* OPENSSL_NO_PSK */
2165 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2166 * !defined(OPENSSL_NO_POLY1305) */
2168 #ifndef OPENSSL_NO_CAMELLIA
2171 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2173 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_NOT_DEFAULT | SSL_HIGH,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2187 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2189 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2194 TLS1_2_VERSION, TLS1_2_VERSION,
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,
2196 SSL_NOT_DEFAULT | SSL_HIGH,
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2203 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2210 TLS1_2_VERSION, TLS1_2_VERSION,
2211 DTLS1_2_VERSION, DTLS1_2_VERSION,
2212 SSL_NOT_DEFAULT | SSL_HIGH,
2213 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2219 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2220 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2221 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2226 TLS1_2_VERSION, TLS1_2_VERSION,
2227 DTLS1_2_VERSION, DTLS1_2_VERSION,
2228 SSL_NOT_DEFAULT | SSL_HIGH,
2229 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2235 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2237 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2242 TLS1_2_VERSION, TLS1_2_VERSION,
2243 DTLS1_2_VERSION, DTLS1_2_VERSION,
2244 SSL_NOT_DEFAULT | SSL_HIGH,
2245 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2251 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2253 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2258 TLS1_2_VERSION, TLS1_2_VERSION,
2259 DTLS1_2_VERSION, DTLS1_2_VERSION,
2260 SSL_NOT_DEFAULT | SSL_HIGH,
2261 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2267 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2274 TLS1_2_VERSION, TLS1_2_VERSION,
2275 DTLS1_2_VERSION, DTLS1_2_VERSION,
2276 SSL_NOT_DEFAULT | SSL_HIGH,
2277 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2283 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2284 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2285 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2290 TLS1_2_VERSION, TLS1_2_VERSION,
2291 DTLS1_2_VERSION, DTLS1_2_VERSION,
2292 SSL_NOT_DEFAULT | SSL_HIGH,
2293 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2299 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2301 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2306 SSL3_VERSION, TLS1_2_VERSION,
2307 DTLS1_BAD_VER, DTLS1_2_VERSION,
2308 SSL_NOT_DEFAULT | SSL_HIGH,
2309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2315 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2317 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2322 SSL3_VERSION, TLS1_2_VERSION,
2323 DTLS1_BAD_VER, DTLS1_2_VERSION,
2324 SSL_NOT_DEFAULT | SSL_HIGH,
2325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2331 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2338 SSL3_VERSION, TLS1_2_VERSION,
2339 DTLS1_BAD_VER, DTLS1_2_VERSION,
2340 SSL_NOT_DEFAULT | SSL_HIGH,
2341 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2347 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2348 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2349 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2354 SSL3_VERSION, TLS1_2_VERSION,
2355 DTLS1_BAD_VER, DTLS1_2_VERSION,
2356 SSL_NOT_DEFAULT | SSL_HIGH,
2357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2363 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2365 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2370 SSL3_VERSION, TLS1_2_VERSION,
2371 DTLS1_BAD_VER, DTLS1_2_VERSION,
2372 SSL_NOT_DEFAULT | SSL_HIGH,
2373 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2379 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2381 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2386 SSL3_VERSION, TLS1_2_VERSION,
2387 DTLS1_BAD_VER, DTLS1_2_VERSION,
2388 SSL_NOT_DEFAULT | SSL_HIGH,
2389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2395 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2402 SSL3_VERSION, TLS1_2_VERSION,
2403 DTLS1_BAD_VER, DTLS1_2_VERSION,
2404 SSL_NOT_DEFAULT | SSL_HIGH,
2405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2411 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2412 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2413 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2418 SSL3_VERSION, TLS1_2_VERSION,
2419 DTLS1_BAD_VER, DTLS1_2_VERSION,
2420 SSL_NOT_DEFAULT | SSL_HIGH,
2421 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2426 # ifndef OPENSSL_NO_EC
2429 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2431 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2436 TLS1_2_VERSION, TLS1_2_VERSION,
2437 DTLS1_2_VERSION, DTLS1_2_VERSION,
2438 SSL_NOT_DEFAULT | SSL_HIGH,
2439 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2445 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2447 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2452 TLS1_2_VERSION, TLS1_2_VERSION,
2453 DTLS1_2_VERSION, DTLS1_2_VERSION,
2454 SSL_NOT_DEFAULT | SSL_HIGH,
2455 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2461 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2463 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2468 TLS1_2_VERSION, TLS1_2_VERSION,
2469 DTLS1_2_VERSION, DTLS1_2_VERSION,
2470 SSL_NOT_DEFAULT | SSL_HIGH,
2471 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2477 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2479 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2484 TLS1_2_VERSION, TLS1_2_VERSION,
2485 DTLS1_2_VERSION, DTLS1_2_VERSION,
2486 SSL_NOT_DEFAULT | SSL_HIGH,
2487 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2491 # endif /* OPENSSL_NO_EC */
2493 # ifndef OPENSSL_NO_PSK
2496 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2498 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2503 TLS1_VERSION, TLS1_2_VERSION,
2504 DTLS1_BAD_VER, DTLS1_2_VERSION,
2505 SSL_NOT_DEFAULT | SSL_HIGH,
2506 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2512 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2514 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2519 TLS1_VERSION, TLS1_2_VERSION,
2520 DTLS1_BAD_VER, DTLS1_2_VERSION,
2521 SSL_NOT_DEFAULT | SSL_HIGH,
2522 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2528 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2530 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2535 TLS1_VERSION, TLS1_2_VERSION,
2536 DTLS1_BAD_VER, DTLS1_2_VERSION,
2537 SSL_NOT_DEFAULT | SSL_HIGH,
2538 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2544 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2546 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2551 TLS1_VERSION, TLS1_2_VERSION,
2552 DTLS1_BAD_VER, DTLS1_2_VERSION,
2553 SSL_NOT_DEFAULT | SSL_HIGH,
2554 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2560 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2562 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2567 TLS1_VERSION, TLS1_2_VERSION,
2568 DTLS1_BAD_VER, DTLS1_2_VERSION,
2569 SSL_NOT_DEFAULT | SSL_HIGH,
2570 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2576 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2578 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2583 TLS1_VERSION, TLS1_2_VERSION,
2584 DTLS1_BAD_VER, DTLS1_2_VERSION,
2585 SSL_NOT_DEFAULT | SSL_HIGH,
2586 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2592 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2594 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2599 TLS1_VERSION, TLS1_2_VERSION,
2600 DTLS1_BAD_VER, DTLS1_2_VERSION,
2601 SSL_NOT_DEFAULT | SSL_HIGH,
2602 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2608 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2610 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2615 TLS1_VERSION, TLS1_2_VERSION,
2616 DTLS1_BAD_VER, DTLS1_2_VERSION,
2617 SSL_NOT_DEFAULT | SSL_HIGH,
2618 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2622 # endif /* OPENSSL_NO_PSK */
2624 #endif /* OPENSSL_NO_CAMELLIA */
2626 #ifndef OPENSSL_NO_GOST
2629 "GOST2001-GOST89-GOST89",
2630 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2634 SSL_eGOST2814789CNT,
2636 TLS1_VERSION, TLS1_2_VERSION,
2639 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2645 "GOST2001-NULL-GOST94",
2646 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2652 TLS1_VERSION, TLS1_2_VERSION,
2655 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2661 "GOST2012-GOST8912-GOST8912",
2665 SSL_aGOST12 | SSL_aGOST01,
2666 SSL_eGOST2814789CNT12,
2668 TLS1_VERSION, TLS1_2_VERSION,
2671 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2677 "GOST2012-NULL-GOST12",
2681 SSL_aGOST12 | SSL_aGOST01,
2684 TLS1_VERSION, TLS1_2_VERSION,
2687 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2691 #endif /* OPENSSL_NO_GOST */
2693 #ifndef OPENSSL_NO_IDEA
2696 SSL3_TXT_RSA_IDEA_128_SHA,
2697 SSL3_RFC_RSA_IDEA_128_SHA,
2698 SSL3_CK_RSA_IDEA_128_SHA,
2703 SSL3_VERSION, TLS1_1_VERSION,
2704 DTLS1_BAD_VER, DTLS1_VERSION,
2705 SSL_NOT_DEFAULT | SSL_MEDIUM,
2706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2712 #ifndef OPENSSL_NO_SEED
2715 TLS1_TXT_RSA_WITH_SEED_SHA,
2716 TLS1_RFC_RSA_WITH_SEED_SHA,
2717 TLS1_CK_RSA_WITH_SEED_SHA,
2722 SSL3_VERSION, TLS1_2_VERSION,
2723 DTLS1_BAD_VER, DTLS1_2_VERSION,
2724 SSL_NOT_DEFAULT | SSL_MEDIUM,
2725 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2731 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2732 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2733 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2738 SSL3_VERSION, TLS1_2_VERSION,
2739 DTLS1_BAD_VER, DTLS1_2_VERSION,
2740 SSL_NOT_DEFAULT | SSL_MEDIUM,
2741 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2747 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2748 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2749 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2754 SSL3_VERSION, TLS1_2_VERSION,
2755 DTLS1_BAD_VER, DTLS1_2_VERSION,
2756 SSL_NOT_DEFAULT | SSL_MEDIUM,
2757 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2763 TLS1_TXT_ADH_WITH_SEED_SHA,
2764 TLS1_RFC_ADH_WITH_SEED_SHA,
2765 TLS1_CK_ADH_WITH_SEED_SHA,
2770 SSL3_VERSION, TLS1_2_VERSION,
2771 DTLS1_BAD_VER, DTLS1_2_VERSION,
2772 SSL_NOT_DEFAULT | SSL_MEDIUM,
2773 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2777 #endif /* OPENSSL_NO_SEED */
2779 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2782 SSL3_TXT_RSA_RC4_128_MD5,
2783 SSL3_RFC_RSA_RC4_128_MD5,
2784 SSL3_CK_RSA_RC4_128_MD5,
2789 SSL3_VERSION, TLS1_2_VERSION,
2791 SSL_NOT_DEFAULT | SSL_MEDIUM,
2792 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2798 SSL3_TXT_RSA_RC4_128_SHA,
2799 SSL3_RFC_RSA_RC4_128_SHA,
2800 SSL3_CK_RSA_RC4_128_SHA,
2805 SSL3_VERSION, TLS1_2_VERSION,
2807 SSL_NOT_DEFAULT | SSL_MEDIUM,
2808 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2814 SSL3_TXT_ADH_RC4_128_MD5,
2815 SSL3_RFC_ADH_RC4_128_MD5,
2816 SSL3_CK_ADH_RC4_128_MD5,
2821 SSL3_VERSION, TLS1_2_VERSION,
2823 SSL_NOT_DEFAULT | SSL_MEDIUM,
2824 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2829 # ifndef OPENSSL_NO_EC
2832 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2833 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2834 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2839 TLS1_VERSION, TLS1_2_VERSION,
2841 SSL_NOT_DEFAULT | SSL_MEDIUM,
2842 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2848 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2849 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2850 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2855 TLS1_VERSION, TLS1_2_VERSION,
2857 SSL_NOT_DEFAULT | SSL_MEDIUM,
2858 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2864 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2865 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2866 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2871 TLS1_VERSION, TLS1_2_VERSION,
2873 SSL_NOT_DEFAULT | SSL_MEDIUM,
2874 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2880 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2881 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2882 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2887 TLS1_VERSION, TLS1_2_VERSION,
2889 SSL_NOT_DEFAULT | SSL_MEDIUM,
2890 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2894 # endif /* OPENSSL_NO_EC */
2896 # ifndef OPENSSL_NO_PSK
2899 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2900 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2901 TLS1_CK_PSK_WITH_RC4_128_SHA,
2906 SSL3_VERSION, TLS1_2_VERSION,
2908 SSL_NOT_DEFAULT | SSL_MEDIUM,
2909 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2915 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2916 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2917 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2922 SSL3_VERSION, TLS1_2_VERSION,
2924 SSL_NOT_DEFAULT | SSL_MEDIUM,
2925 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2931 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2932 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2933 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2938 SSL3_VERSION, TLS1_2_VERSION,
2940 SSL_NOT_DEFAULT | SSL_MEDIUM,
2941 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2945 # endif /* OPENSSL_NO_PSK */
2947 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2952 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2953 * values stuffed into the ciphers field of the wire protocol for signalling
2956 static SSL_CIPHER ssl3_scsvs[] = {
2959 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2960 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2962 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2966 "TLS_FALLBACK_SCSV",
2967 "TLS_FALLBACK_SCSV",
2968 SSL3_CK_FALLBACK_SCSV,
2969 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2973 static int cipher_compare(const void *a, const void *b)
2975 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2976 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2978 if (ap->id == bp->id)
2980 return ap->id < bp->id ? -1 : 1;
2983 void ssl_sort_cipher_list(void)
2985 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2987 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2990 const SSL3_ENC_METHOD SSLv3_enc_data = {
2993 ssl3_setup_key_block,
2994 ssl3_generate_master_secret,
2995 ssl3_change_cipher_state,
2996 ssl3_final_finish_mac,
2997 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2998 SSL3_MD_SERVER_FINISHED_CONST, 4,
3000 (int (*)(SSL *, unsigned char *, size_t, const char *,
3001 size_t, const unsigned char *, size_t,
3002 int use_context))ssl_undefined_function,
3004 ssl3_set_handshake_header,
3005 tls_close_construct_packet,
3006 ssl3_handshake_write
3009 long ssl3_default_timeout(void)
3012 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3013 * http, the cache would over fill
3015 return (60 * 60 * 2);
3018 int ssl3_num_ciphers(void)
3020 return (SSL3_NUM_CIPHERS);
3023 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3025 if (u < SSL3_NUM_CIPHERS)
3026 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
3031 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3033 /* No header in the event of a CCS */
3034 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3037 /* Set the content type and 3 bytes for the message len */
3038 if (!WPACKET_put_bytes_u8(pkt, htype)
3039 || !WPACKET_start_sub_packet_u24(pkt))
3045 int ssl3_handshake_write(SSL *s)
3047 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3050 int ssl3_new(SSL *s)
3054 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3058 #ifndef OPENSSL_NO_SRP
3059 if (!SSL_SRP_CTX_init(s))
3063 if (!s->method->ssl_clear(s))
3071 void ssl3_free(SSL *s)
3073 if (s == NULL || s->s3 == NULL)
3076 ssl3_cleanup_key_block(s);
3078 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3079 EVP_PKEY_free(s->s3->peer_tmp);
3080 s->s3->peer_tmp = NULL;
3081 EVP_PKEY_free(s->s3->tmp.pkey);
3082 s->s3->tmp.pkey = NULL;
3085 OPENSSL_free(s->s3->tmp.ctype);
3086 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3087 OPENSSL_free(s->s3->tmp.ciphers_raw);
3088 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3089 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3090 ssl3_free_digest_list(s);
3091 OPENSSL_free(s->s3->alpn_selected);
3092 OPENSSL_free(s->s3->alpn_proposed);
3094 #ifndef OPENSSL_NO_SRP
3095 SSL_SRP_CTX_free(s);
3097 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3101 int ssl3_clear(SSL *s)
3103 ssl3_cleanup_key_block(s);
3104 OPENSSL_free(s->s3->tmp.ctype);
3105 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3106 OPENSSL_free(s->s3->tmp.ciphers_raw);
3107 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3108 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3110 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3111 EVP_PKEY_free(s->s3->tmp.pkey);
3112 EVP_PKEY_free(s->s3->peer_tmp);
3113 #endif /* !OPENSSL_NO_EC */
3115 ssl3_free_digest_list(s);
3117 OPENSSL_free(s->s3->alpn_selected);
3118 OPENSSL_free(s->s3->alpn_proposed);
3120 /* NULL/zero-out everything in the s3 struct */
3121 memset(s->s3, 0, sizeof(*s->s3));
3123 if (!ssl_free_wbio_buffer(s))
3126 s->version = SSL3_VERSION;
3128 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3129 OPENSSL_free(s->ext.npn);
3137 #ifndef OPENSSL_NO_SRP
3138 static char *srp_password_from_info_cb(SSL *s, void *arg)
3140 return OPENSSL_strdup(s->srp_ctx.info);
3144 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3146 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3151 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3153 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3154 ret = s->s3->num_renegotiations;
3156 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3157 ret = s->s3->num_renegotiations;
3158 s->s3->num_renegotiations = 0;
3160 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3161 ret = s->s3->total_renegotiations;
3163 case SSL_CTRL_GET_FLAGS:
3164 ret = (int)(s->s3->flags);
3166 #ifndef OPENSSL_NO_DH
3167 case SSL_CTRL_SET_TMP_DH:
3169 DH *dh = (DH *)parg;
3170 EVP_PKEY *pkdh = NULL;
3172 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3175 pkdh = ssl_dh_to_pkey(dh);
3177 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3180 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3181 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3182 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3183 EVP_PKEY_free(pkdh);
3186 EVP_PKEY_free(s->cert->dh_tmp);
3187 s->cert->dh_tmp = pkdh;
3191 case SSL_CTRL_SET_TMP_DH_CB:
3193 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3196 case SSL_CTRL_SET_DH_AUTO:
3197 s->cert->dh_tmp_auto = larg;
3200 #ifndef OPENSSL_NO_EC
3201 case SSL_CTRL_SET_TMP_ECDH:
3203 const EC_GROUP *group = NULL;
3207 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3210 group = EC_KEY_get0_group((const EC_KEY *)parg);
3211 if (group == NULL) {
3212 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3215 nid = EC_GROUP_get_curve_name(group);
3216 if (nid == NID_undef)
3218 return tls1_set_groups(&s->ext.supportedgroups,
3219 &s->ext.supportedgroups_len,
3223 #endif /* !OPENSSL_NO_EC */
3224 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3225 if (larg == TLSEXT_NAMETYPE_host_name) {
3228 OPENSSL_free(s->ext.hostname);
3229 s->ext.hostname = NULL;
3234 len = strlen((char *)parg);
3235 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3236 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3239 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3240 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3244 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3248 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3249 s->ext.debug_arg = parg;
3253 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3254 ret = s->ext.status_type;
3257 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3258 s->ext.status_type = larg;
3262 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3263 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3267 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3268 s->ext.ocsp.exts = parg;
3272 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3273 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3277 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3278 s->ext.ocsp.ids = parg;
3282 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3283 *(unsigned char **)parg = s->ext.ocsp.resp;
3284 if (s->ext.ocsp.resp_len == 0
3285 || s->ext.ocsp.resp_len > LONG_MAX)
3287 return (long)s->ext.ocsp.resp_len;
3289 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3290 OPENSSL_free(s->ext.ocsp.resp);
3291 s->ext.ocsp.resp = parg;
3292 s->ext.ocsp.resp_len = larg;
3296 #ifndef OPENSSL_NO_HEARTBEATS
3297 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3298 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3299 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3303 case SSL_CTRL_CHAIN:
3305 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3307 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3309 case SSL_CTRL_CHAIN_CERT:
3311 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3313 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3315 case SSL_CTRL_GET_CHAIN_CERTS:
3316 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3319 case SSL_CTRL_SELECT_CURRENT_CERT:
3320 return ssl_cert_select_current(s->cert, (X509 *)parg);
3322 case SSL_CTRL_SET_CURRENT_CERT:
3323 if (larg == SSL_CERT_SET_SERVER) {
3324 const SSL_CIPHER *cipher;
3327 cipher = s->s3->tmp.new_cipher;
3331 * No certificate for unauthenticated ciphersuites or using SRP
3334 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3336 if (s->s3->tmp.cert == NULL)
3338 s->cert->key = s->s3->tmp.cert;
3341 return ssl_cert_set_current(s->cert, larg);
3343 #ifndef OPENSSL_NO_EC
3344 case SSL_CTRL_GET_GROUPS:
3346 unsigned char *clist;
3351 clist = s->session->ext.supportedgroups;
3352 clistlen = s->session->ext.supportedgroups_len / 2;
3356 unsigned int cid, nid;
3357 for (i = 0; i < clistlen; i++) {
3359 /* TODO(TLS1.3): Handle DH groups here */
3360 nid = tls1_ec_curve_id2nid(cid, NULL);
3364 cptr[i] = TLSEXT_nid_unknown | cid;
3367 return (int)clistlen;
3370 case SSL_CTRL_SET_GROUPS:
3371 return tls1_set_groups(&s->ext.supportedgroups,
3372 &s->ext.supportedgroups_len, parg, larg);
3374 case SSL_CTRL_SET_GROUPS_LIST:
3375 return tls1_set_groups_list(&s->ext.supportedgroups,
3376 &s->ext.supportedgroups_len, parg);
3378 case SSL_CTRL_GET_SHARED_GROUP:
3379 return tls1_shared_group(s, larg);
3382 case SSL_CTRL_SET_SIGALGS:
3383 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3385 case SSL_CTRL_SET_SIGALGS_LIST:
3386 return tls1_set_sigalgs_list(s->cert, parg, 0);
3388 case SSL_CTRL_SET_CLIENT_SIGALGS:
3389 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3391 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3392 return tls1_set_sigalgs_list(s->cert, parg, 1);
3394 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3396 const unsigned char **pctype = parg;
3397 if (s->server || !s->s3->tmp.cert_req)
3400 *pctype = s->s3->tmp.ctype;
3401 return s->s3->tmp.ctype_len;
3404 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3407 return ssl3_set_req_cert_type(s->cert, parg, larg);
3409 case SSL_CTRL_BUILD_CERT_CHAIN:
3410 return ssl_build_cert_chain(s, NULL, larg);
3412 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3413 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3415 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3416 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3418 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3419 if (s->s3->tmp.peer_sigalg == NULL)
3421 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3424 case SSL_CTRL_GET_SERVER_TMP_KEY:
3425 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3426 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3429 EVP_PKEY_up_ref(s->s3->peer_tmp);
3430 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3436 #ifndef OPENSSL_NO_EC
3437 case SSL_CTRL_GET_EC_POINT_FORMATS:
3439 SSL_SESSION *sess = s->session;
3440 const unsigned char **pformat = parg;
3442 if (sess == NULL || sess->ext.ecpointformats == NULL)
3444 *pformat = sess->ext.ecpointformats;
3445 return (int)sess->ext.ecpointformats_len;
3455 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3460 #ifndef OPENSSL_NO_DH
3461 case SSL_CTRL_SET_TMP_DH_CB:
3463 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3467 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3468 s->ext.debug_cb = (void (*)(SSL *, int, int,
3469 const unsigned char *, int, void *))fp;
3472 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3474 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3483 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3486 #ifndef OPENSSL_NO_DH
3487 case SSL_CTRL_SET_TMP_DH:
3489 DH *dh = (DH *)parg;
3490 EVP_PKEY *pkdh = NULL;
3492 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3495 pkdh = ssl_dh_to_pkey(dh);
3497 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3500 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3501 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3502 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3503 EVP_PKEY_free(pkdh);
3506 EVP_PKEY_free(ctx->cert->dh_tmp);
3507 ctx->cert->dh_tmp = pkdh;
3510 case SSL_CTRL_SET_TMP_DH_CB:
3512 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3515 case SSL_CTRL_SET_DH_AUTO:
3516 ctx->cert->dh_tmp_auto = larg;
3519 #ifndef OPENSSL_NO_EC
3520 case SSL_CTRL_SET_TMP_ECDH:
3522 const EC_GROUP *group = NULL;
3526 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3529 group = EC_KEY_get0_group((const EC_KEY *)parg);
3530 if (group == NULL) {
3531 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3534 nid = EC_GROUP_get_curve_name(group);
3535 if (nid == NID_undef)
3537 return tls1_set_groups(&ctx->ext.supportedgroups,
3538 &ctx->ext.supportedgroups_len,
3541 #endif /* !OPENSSL_NO_EC */
3542 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3543 ctx->ext.servername_arg = parg;
3545 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3546 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3548 unsigned char *keys = parg;
3549 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3550 sizeof(ctx->ext.tick_hmac_key) +
3551 sizeof(ctx->ext.tick_aes_key));
3554 if (larg != tick_keylen) {
3555 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3558 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3559 memcpy(ctx->ext.tick_key_name, keys,
3560 sizeof(ctx->ext.tick_key_name));
3561 memcpy(ctx->ext.tick_hmac_key,
3562 keys + sizeof(ctx->ext.tick_key_name),
3563 sizeof(ctx->ext.tick_hmac_key));
3564 memcpy(ctx->ext.tick_aes_key,
3565 keys + sizeof(ctx->ext.tick_key_name) +
3566 sizeof(ctx->ext.tick_hmac_key),
3567 sizeof(ctx->ext.tick_aes_key));
3569 memcpy(keys, ctx->ext.tick_key_name,
3570 sizeof(ctx->ext.tick_key_name));
3571 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3572 ctx->ext.tick_hmac_key,
3573 sizeof(ctx->ext.tick_hmac_key));
3574 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3575 sizeof(ctx->ext.tick_hmac_key),
3576 ctx->ext.tick_aes_key,
3577 sizeof(ctx->ext.tick_aes_key));
3582 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3583 return ctx->ext.status_type;
3585 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3586 ctx->ext.status_type = larg;
3589 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3590 ctx->ext.status_arg = parg;
3593 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3594 *(void**)parg = ctx->ext.status_arg;
3597 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3598 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3601 #ifndef OPENSSL_NO_SRP
3602 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3603 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3604 OPENSSL_free(ctx->srp_ctx.login);
3605 ctx->srp_ctx.login = NULL;
3608 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3609 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3612 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3613 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3617 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3618 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3619 srp_password_from_info_cb;
3620 if (ctx->srp_ctx.info != NULL)
3621 OPENSSL_free(ctx->srp_ctx.info);
3622 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3623 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3627 case SSL_CTRL_SET_SRP_ARG:
3628 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3629 ctx->srp_ctx.SRP_cb_arg = parg;
3632 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3633 ctx->srp_ctx.strength = larg;
3637 #ifndef OPENSSL_NO_EC
3638 case SSL_CTRL_SET_GROUPS:
3639 return tls1_set_groups(&ctx->ext.supportedgroups,
3640 &ctx->ext.supportedgroups_len,
3643 case SSL_CTRL_SET_GROUPS_LIST:
3644 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3645 &ctx->ext.supportedgroups_len,
3648 case SSL_CTRL_SET_SIGALGS:
3649 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3651 case SSL_CTRL_SET_SIGALGS_LIST:
3652 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3654 case SSL_CTRL_SET_CLIENT_SIGALGS:
3655 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3657 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3658 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3660 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3661 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3663 case SSL_CTRL_BUILD_CERT_CHAIN:
3664 return ssl_build_cert_chain(NULL, ctx, larg);
3666 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3667 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3669 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3670 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3672 /* A Thawte special :-) */
3673 case SSL_CTRL_EXTRA_CHAIN_CERT:
3674 if (ctx->extra_certs == NULL) {
3675 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3676 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3680 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3681 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3686 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3687 if (ctx->extra_certs == NULL && larg == 0)
3688 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3690 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3693 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3694 sk_X509_pop_free(ctx->extra_certs, X509_free);
3695 ctx->extra_certs = NULL;
3698 case SSL_CTRL_CHAIN:
3700 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3702 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3704 case SSL_CTRL_CHAIN_CERT:
3706 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3708 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3710 case SSL_CTRL_GET_CHAIN_CERTS:
3711 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3714 case SSL_CTRL_SELECT_CURRENT_CERT:
3715 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3717 case SSL_CTRL_SET_CURRENT_CERT:
3718 return ssl_cert_set_current(ctx->cert, larg);
3726 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3729 #ifndef OPENSSL_NO_DH
3730 case SSL_CTRL_SET_TMP_DH_CB:
3732 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3736 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3737 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3740 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3741 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3744 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3745 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3748 HMAC_CTX *, int))fp;
3751 #ifndef OPENSSL_NO_SRP
3752 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3753 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3754 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3756 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3757 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3758 ctx->srp_ctx.TLS_ext_srp_username_callback =
3759 (int (*)(SSL *, int *, void *))fp;
3761 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3762 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3763 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3764 (char *(*)(SSL *, void *))fp;
3767 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3769 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3778 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3781 const SSL_CIPHER *cp;
3784 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3787 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3790 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
3792 SSL_CIPHER *c = NULL;
3793 SSL_CIPHER *tbl = ssl3_ciphers;
3796 /* this is not efficient, necessary to optimize this? */
3797 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
3798 if (tbl->stdname == NULL)
3800 if (strcmp(stdname, tbl->stdname) == 0) {
3807 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
3808 if (strcmp(stdname, tbl->stdname) == 0) {
3818 * This function needs to check if the ciphers required are actually
3821 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3823 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3824 | ((uint32_t)p[0] << 8L)
3828 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3830 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3835 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3843 * ssl3_choose_cipher - choose a cipher from those offered by the client
3844 * @s: SSL connection
3845 * @clnt: ciphers offered by the client
3846 * @srvr: ciphers enabled on the server?
3848 * Returns the selected cipher or NULL when no common ciphers.
3850 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3851 STACK_OF(SSL_CIPHER) *srvr)
3853 const SSL_CIPHER *c, *ret = NULL;
3854 STACK_OF(SSL_CIPHER) *prio, *allow;
3856 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
3858 /* Let's see which ciphers we can support */
3861 * Do not set the compare functions, because this may lead to a
3862 * reordering by "id". We want to keep the original ordering. We may pay
3863 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3864 * pay with the price of sk_SSL_CIPHER_dup().
3868 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3870 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3871 c = sk_SSL_CIPHER_value(srvr, i);
3872 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3874 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3876 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3877 c = sk_SSL_CIPHER_value(clnt, i);
3878 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3882 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3890 if (!SSL_IS_TLS13(s)) {
3891 tls1_set_cert_validity(s);
3895 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3896 c = sk_SSL_CIPHER_value(prio, i);
3898 /* Skip ciphers not supported by the protocol version */
3899 if (!SSL_IS_DTLS(s) &&
3900 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3902 if (SSL_IS_DTLS(s) &&
3903 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3904 DTLS_VERSION_GT(s->version, c->max_dtls)))
3908 * Since TLS 1.3 ciphersuites can be used with any auth or
3909 * key exchange scheme skip tests.
3911 if (!SSL_IS_TLS13(s)) {
3912 mask_k = s->s3->tmp.mask_k;
3913 mask_a = s->s3->tmp.mask_a;
3914 #ifndef OPENSSL_NO_SRP
3915 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3921 alg_k = c->algorithm_mkey;
3922 alg_a = c->algorithm_auth;
3924 #ifndef OPENSSL_NO_PSK
3925 /* with PSK there must be server callback set */
3926 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3928 #endif /* OPENSSL_NO_PSK */
3930 ok = (alg_k & mask_k) && (alg_a & mask_a);
3932 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3933 alg_a, mask_k, mask_a, (void *)c, c->name);
3936 #ifndef OPENSSL_NO_EC
3938 * if we are considering an ECC cipher suite that uses an ephemeral
3941 if (alg_k & SSL_kECDHE)
3942 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3943 #endif /* OPENSSL_NO_EC */
3948 ii = sk_SSL_CIPHER_find(allow, c);
3950 /* Check security callback permits this cipher */
3951 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3952 c->strength_bits, 0, (void *)c))
3954 #if !defined(OPENSSL_NO_EC)
3955 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3956 && s->s3->is_probably_safari) {
3958 ret = sk_SSL_CIPHER_value(allow, ii);
3962 ret = sk_SSL_CIPHER_value(allow, ii);
3969 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3971 uint32_t alg_k, alg_a = 0;
3973 /* If we have custom certificate types set, use them */
3975 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3976 /* Get mask of algorithms disabled by signature list */
3977 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3979 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3981 #ifndef OPENSSL_NO_GOST
3982 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3983 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3984 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3985 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3988 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3989 #ifndef OPENSSL_NO_DH
3990 # ifndef OPENSSL_NO_RSA
3991 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3994 # ifndef OPENSSL_NO_DSA
3995 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3998 #endif /* !OPENSSL_NO_DH */
4000 #ifndef OPENSSL_NO_RSA
4001 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4004 #ifndef OPENSSL_NO_DSA
4005 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4008 #ifndef OPENSSL_NO_EC
4010 * ECDSA certs can be used with RSA cipher suites too so we don't
4011 * need to check for SSL_kECDH or SSL_kECDHE
4013 if (s->version >= TLS1_VERSION
4014 && !(alg_a & SSL_aECDSA)
4015 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4021 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4023 OPENSSL_free(c->ctype);
4026 if (p == NULL || len == 0)
4030 c->ctype = OPENSSL_memdup(p, len);
4031 if (c->ctype == NULL)
4037 int ssl3_shutdown(SSL *s)
4042 * Don't do anything much if we have not done the handshake or we don't
4043 * want to send messages :-)
4045 if (s->quiet_shutdown || SSL_in_before(s)) {
4046 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4050 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4051 s->shutdown |= SSL_SENT_SHUTDOWN;
4052 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4054 * our shutdown alert has been sent now, and if it still needs to be
4055 * written, s->s3->alert_dispatch will be true
4057 if (s->s3->alert_dispatch)
4058 return (-1); /* return WANT_WRITE */
4059 } else if (s->s3->alert_dispatch) {
4060 /* resend it if not sent */
4061 ret = s->method->ssl_dispatch_alert(s);
4064 * we only get to return -1 here the 2nd/Nth invocation, we must
4065 * have already signalled return 0 upon a previous invocation,
4070 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4073 * If we are waiting for a close from our peer, we are closed
4075 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4076 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4077 return -1; /* return WANT_READ */
4081 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4082 !s->s3->alert_dispatch)
4088 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4091 if (s->s3->renegotiate)
4092 ssl3_renegotiate_check(s, 0);
4094 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4098 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4104 if (s->s3->renegotiate)
4105 ssl3_renegotiate_check(s, 0);
4106 s->s3->in_read_app_data = 1;
4108 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4110 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4112 * ssl3_read_bytes decided to call s->handshake_func, which called
4113 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4114 * actually found application data and thinks that application data
4115 * makes sense here; so disable handshake processing and try to read
4116 * application data again.
4118 ossl_statem_set_in_handshake(s, 1);
4120 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4121 len, peek, readbytes);
4122 ossl_statem_set_in_handshake(s, 0);
4124 s->s3->in_read_app_data = 0;
4129 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4131 return ssl3_read_internal(s, buf, len, 0, readbytes);
4134 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4136 return ssl3_read_internal(s, buf, len, 1, readbytes);
4139 int ssl3_renegotiate(SSL *s)
4141 if (s->handshake_func == NULL)
4144 s->s3->renegotiate = 1;
4149 * Check if we are waiting to do a renegotiation and if so whether now is a
4150 * good time to do it. If |initok| is true then we are being called from inside
4151 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4152 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4153 * should do a renegotiation now and sets up the state machine for it. Otherwise
4156 int ssl3_renegotiate_check(SSL *s, int initok)
4160 if (s->s3->renegotiate) {
4161 if (!RECORD_LAYER_read_pending(&s->rlayer)
4162 && !RECORD_LAYER_write_pending(&s->rlayer)
4163 && (initok || !SSL_in_init(s))) {
4165 * if we are the server, and we have sent a 'RENEGOTIATE'
4166 * message, we need to set the state machine into the renegotiate
4169 ossl_statem_set_renegotiate(s);
4170 s->s3->renegotiate = 0;
4171 s->s3->num_renegotiations++;
4172 s->s3->total_renegotiations++;
4180 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4181 * handshake macs if required.
4183 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4185 long ssl_get_algorithm2(SSL *s)
4188 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4190 alg2 = s->s3->tmp.new_cipher->algorithm2;
4191 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4192 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4193 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4194 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4195 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4196 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4202 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4203 * failure, 1 on success.
4205 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4208 int send_time = 0, ret;
4213 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4215 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4217 unsigned long Time = (unsigned long)time(NULL);
4218 unsigned char *p = result;
4221 ret = ssl_randbytes(s, p, len - 4);
4223 ret = ssl_randbytes(s, result, len);
4225 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4227 if (!ossl_assert(sizeof(tls11downgrade) < len)
4228 || !ossl_assert(sizeof(tls12downgrade) < len))
4230 if (dgrd == DOWNGRADE_TO_1_2)
4231 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4232 sizeof(tls12downgrade));
4233 else if (dgrd == DOWNGRADE_TO_1_1)
4234 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4235 sizeof(tls11downgrade));
4241 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4244 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4247 if (alg_k & SSL_PSK) {
4248 #ifndef OPENSSL_NO_PSK
4249 unsigned char *pskpms, *t;
4250 size_t psklen = s->s3->tmp.psklen;
4253 /* create PSK premaster_secret */
4255 /* For plain PSK "other_secret" is psklen zeroes */
4256 if (alg_k & SSL_kPSK)
4259 pskpmslen = 4 + pmslen + psklen;
4260 pskpms = OPENSSL_malloc(pskpmslen);
4265 if (alg_k & SSL_kPSK)
4266 memset(t, 0, pmslen);
4268 memcpy(t, pms, pmslen);
4271 memcpy(t, s->s3->tmp.psk, psklen);
4273 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4274 s->s3->tmp.psk = NULL;
4275 if (!s->method->ssl3_enc->generate_master_secret(s,
4276 s->session->master_key,pskpms, pskpmslen,
4277 &s->session->master_key_length))
4279 OPENSSL_clear_free(pskpms, pskpmslen);
4281 /* Should never happen */
4285 if (!s->method->ssl3_enc->generate_master_secret(s,
4286 s->session->master_key, pms, pmslen,
4287 &s->session->master_key_length))
4295 OPENSSL_clear_free(pms, pmslen);
4297 OPENSSL_cleanse(pms, pmslen);
4300 s->s3->tmp.pms = NULL;
4304 /* Generate a private key from parameters */
4305 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4307 EVP_PKEY_CTX *pctx = NULL;
4308 EVP_PKEY *pkey = NULL;
4312 pctx = EVP_PKEY_CTX_new(pm, NULL);
4315 if (EVP_PKEY_keygen_init(pctx) <= 0)
4317 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4318 EVP_PKEY_free(pkey);
4323 EVP_PKEY_CTX_free(pctx);
4326 #ifndef OPENSSL_NO_EC
4327 /* Generate a private key a curve ID */
4328 EVP_PKEY *ssl_generate_pkey_curve(int id)
4330 EVP_PKEY_CTX *pctx = NULL;
4331 EVP_PKEY *pkey = NULL;
4332 unsigned int curve_flags;
4333 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4337 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4338 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4341 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4345 if (EVP_PKEY_keygen_init(pctx) <= 0)
4347 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4349 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4350 EVP_PKEY_free(pkey);
4355 EVP_PKEY_CTX_free(pctx);
4360 /* Derive secrets for ECDH/DH */
4361 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4364 unsigned char *pms = NULL;
4368 if (privkey == NULL || pubkey == NULL)
4371 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4373 if (EVP_PKEY_derive_init(pctx) <= 0
4374 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4375 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4379 pms = OPENSSL_malloc(pmslen);
4383 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4387 if (SSL_IS_TLS13(s)) {
4389 * If we are resuming then we already generated the early secret
4390 * when we created the ClientHello, so don't recreate it.
4393 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4395 (unsigned char *)&s->early_secret);
4399 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4401 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4404 /* Save premaster secret */
4405 s->s3->tmp.pms = pms;
4406 s->s3->tmp.pmslen = pmslen;
4412 OPENSSL_clear_free(pms, pmslen);
4413 EVP_PKEY_CTX_free(pctx);
4417 #ifndef OPENSSL_NO_DH
4418 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4423 ret = EVP_PKEY_new();
4424 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {