Store groups as uint16_t
[openssl.git] / ssl / s3_lib.c
1 /*
2  * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  * Copyright 2005 Nokia. All rights reserved.
5  *
6  * Licensed under the OpenSSL license (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_locl.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
20
21 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
23
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
27 };
28 const unsigned char tls12downgrade[] = {
29     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
30 };
31
32 /*
33  * The list of available ciphers, mostly organized into the following
34  * groups:
35  *      Always there
36  *      EC
37  *      PSK
38  *      SRP (within that: RSA EC PSK)
39  *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
40  *      Weak ciphers
41  */
42 static SSL_CIPHER ssl3_ciphers[] = {
43     {
44      1,
45      SSL3_TXT_RSA_NULL_MD5,
46      SSL3_RFC_RSA_NULL_MD5,
47      SSL3_CK_RSA_NULL_MD5,
48      SSL_kRSA,
49      SSL_aRSA,
50      SSL_eNULL,
51      SSL_MD5,
52      SSL3_VERSION, TLS1_2_VERSION,
53      DTLS1_BAD_VER, DTLS1_2_VERSION,
54      SSL_STRONG_NONE,
55      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56      0,
57      0,
58      },
59     {
60      1,
61      SSL3_TXT_RSA_NULL_SHA,
62      SSL3_RFC_RSA_NULL_SHA,
63      SSL3_CK_RSA_NULL_SHA,
64      SSL_kRSA,
65      SSL_aRSA,
66      SSL_eNULL,
67      SSL_SHA1,
68      SSL3_VERSION, TLS1_2_VERSION,
69      DTLS1_BAD_VER, DTLS1_2_VERSION,
70      SSL_STRONG_NONE | SSL_FIPS,
71      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
72      0,
73      0,
74      },
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
76     {
77      1,
78      SSL3_TXT_RSA_DES_192_CBC3_SHA,
79      SSL3_RFC_RSA_DES_192_CBC3_SHA,
80      SSL3_CK_RSA_DES_192_CBC3_SHA,
81      SSL_kRSA,
82      SSL_aRSA,
83      SSL_3DES,
84      SSL_SHA1,
85      SSL3_VERSION, TLS1_2_VERSION,
86      DTLS1_BAD_VER, DTLS1_2_VERSION,
87      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
89      112,
90      168,
91      },
92     {
93      1,
94      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95      SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
97      SSL_kDHE,
98      SSL_aDSS,
99      SSL_3DES,
100      SSL_SHA1,
101      SSL3_VERSION, TLS1_2_VERSION,
102      DTLS1_BAD_VER, DTLS1_2_VERSION,
103      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
105      112,
106      168,
107      },
108     {
109      1,
110      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111      SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
113      SSL_kDHE,
114      SSL_aRSA,
115      SSL_3DES,
116      SSL_SHA1,
117      SSL3_VERSION, TLS1_2_VERSION,
118      DTLS1_BAD_VER, DTLS1_2_VERSION,
119      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
121      112,
122      168,
123      },
124     {
125      1,
126      SSL3_TXT_ADH_DES_192_CBC_SHA,
127      SSL3_RFC_ADH_DES_192_CBC_SHA,
128      SSL3_CK_ADH_DES_192_CBC_SHA,
129      SSL_kDHE,
130      SSL_aNULL,
131      SSL_3DES,
132      SSL_SHA1,
133      SSL3_VERSION, TLS1_2_VERSION,
134      DTLS1_BAD_VER, DTLS1_2_VERSION,
135      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
137      112,
138      168,
139      },
140 #endif
141     {
142      1,
143      TLS1_TXT_RSA_WITH_AES_128_SHA,
144      TLS1_RFC_RSA_WITH_AES_128_SHA,
145      TLS1_CK_RSA_WITH_AES_128_SHA,
146      SSL_kRSA,
147      SSL_aRSA,
148      SSL_AES128,
149      SSL_SHA1,
150      SSL3_VERSION, TLS1_2_VERSION,
151      DTLS1_BAD_VER, DTLS1_2_VERSION,
152      SSL_HIGH | SSL_FIPS,
153      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
154      128,
155      128,
156      },
157     {
158      1,
159      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
162      SSL_kDHE,
163      SSL_aDSS,
164      SSL_AES128,
165      SSL_SHA1,
166      SSL3_VERSION, TLS1_2_VERSION,
167      DTLS1_BAD_VER, DTLS1_2_VERSION,
168      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
170      128,
171      128,
172      },
173     {
174      1,
175      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
178      SSL_kDHE,
179      SSL_aRSA,
180      SSL_AES128,
181      SSL_SHA1,
182      SSL3_VERSION, TLS1_2_VERSION,
183      DTLS1_BAD_VER, DTLS1_2_VERSION,
184      SSL_HIGH | SSL_FIPS,
185      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
186      128,
187      128,
188      },
189     {
190      1,
191      TLS1_TXT_ADH_WITH_AES_128_SHA,
192      TLS1_RFC_ADH_WITH_AES_128_SHA,
193      TLS1_CK_ADH_WITH_AES_128_SHA,
194      SSL_kDHE,
195      SSL_aNULL,
196      SSL_AES128,
197      SSL_SHA1,
198      SSL3_VERSION, TLS1_2_VERSION,
199      DTLS1_BAD_VER, DTLS1_2_VERSION,
200      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
202      128,
203      128,
204      },
205     {
206      1,
207      TLS1_TXT_RSA_WITH_AES_256_SHA,
208      TLS1_RFC_RSA_WITH_AES_256_SHA,
209      TLS1_CK_RSA_WITH_AES_256_SHA,
210      SSL_kRSA,
211      SSL_aRSA,
212      SSL_AES256,
213      SSL_SHA1,
214      SSL3_VERSION, TLS1_2_VERSION,
215      DTLS1_BAD_VER, DTLS1_2_VERSION,
216      SSL_HIGH | SSL_FIPS,
217      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218      256,
219      256,
220      },
221     {
222      1,
223      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
226      SSL_kDHE,
227      SSL_aDSS,
228      SSL_AES256,
229      SSL_SHA1,
230      SSL3_VERSION, TLS1_2_VERSION,
231      DTLS1_BAD_VER, DTLS1_2_VERSION,
232      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
234      256,
235      256,
236      },
237     {
238      1,
239      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
242      SSL_kDHE,
243      SSL_aRSA,
244      SSL_AES256,
245      SSL_SHA1,
246      SSL3_VERSION, TLS1_2_VERSION,
247      DTLS1_BAD_VER, DTLS1_2_VERSION,
248      SSL_HIGH | SSL_FIPS,
249      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
250      256,
251      256,
252      },
253     {
254      1,
255      TLS1_TXT_ADH_WITH_AES_256_SHA,
256      TLS1_RFC_ADH_WITH_AES_256_SHA,
257      TLS1_CK_ADH_WITH_AES_256_SHA,
258      SSL_kDHE,
259      SSL_aNULL,
260      SSL_AES256,
261      SSL_SHA1,
262      SSL3_VERSION, TLS1_2_VERSION,
263      DTLS1_BAD_VER, DTLS1_2_VERSION,
264      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
266      256,
267      256,
268      },
269     {
270      1,
271      TLS1_TXT_RSA_WITH_NULL_SHA256,
272      TLS1_RFC_RSA_WITH_NULL_SHA256,
273      TLS1_CK_RSA_WITH_NULL_SHA256,
274      SSL_kRSA,
275      SSL_aRSA,
276      SSL_eNULL,
277      SSL_SHA256,
278      TLS1_2_VERSION, TLS1_2_VERSION,
279      DTLS1_2_VERSION, DTLS1_2_VERSION,
280      SSL_STRONG_NONE | SSL_FIPS,
281      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
282      0,
283      0,
284      },
285     {
286      1,
287      TLS1_TXT_RSA_WITH_AES_128_SHA256,
288      TLS1_RFC_RSA_WITH_AES_128_SHA256,
289      TLS1_CK_RSA_WITH_AES_128_SHA256,
290      SSL_kRSA,
291      SSL_aRSA,
292      SSL_AES128,
293      SSL_SHA256,
294      TLS1_2_VERSION, TLS1_2_VERSION,
295      DTLS1_2_VERSION, DTLS1_2_VERSION,
296      SSL_HIGH | SSL_FIPS,
297      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
298      128,
299      128,
300      },
301     {
302      1,
303      TLS1_TXT_RSA_WITH_AES_256_SHA256,
304      TLS1_RFC_RSA_WITH_AES_256_SHA256,
305      TLS1_CK_RSA_WITH_AES_256_SHA256,
306      SSL_kRSA,
307      SSL_aRSA,
308      SSL_AES256,
309      SSL_SHA256,
310      TLS1_2_VERSION, TLS1_2_VERSION,
311      DTLS1_2_VERSION, DTLS1_2_VERSION,
312      SSL_HIGH | SSL_FIPS,
313      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
314      256,
315      256,
316      },
317     {
318      1,
319      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
322      SSL_kDHE,
323      SSL_aDSS,
324      SSL_AES128,
325      SSL_SHA256,
326      TLS1_2_VERSION, TLS1_2_VERSION,
327      DTLS1_2_VERSION, DTLS1_2_VERSION,
328      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
330      128,
331      128,
332      },
333     {
334      1,
335      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
338      SSL_kDHE,
339      SSL_aRSA,
340      SSL_AES128,
341      SSL_SHA256,
342      TLS1_2_VERSION, TLS1_2_VERSION,
343      DTLS1_2_VERSION, DTLS1_2_VERSION,
344      SSL_HIGH | SSL_FIPS,
345      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
346      128,
347      128,
348      },
349     {
350      1,
351      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
354      SSL_kDHE,
355      SSL_aDSS,
356      SSL_AES256,
357      SSL_SHA256,
358      TLS1_2_VERSION, TLS1_2_VERSION,
359      DTLS1_2_VERSION, DTLS1_2_VERSION,
360      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
362      256,
363      256,
364      },
365     {
366      1,
367      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
370      SSL_kDHE,
371      SSL_aRSA,
372      SSL_AES256,
373      SSL_SHA256,
374      TLS1_2_VERSION, TLS1_2_VERSION,
375      DTLS1_2_VERSION, DTLS1_2_VERSION,
376      SSL_HIGH | SSL_FIPS,
377      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
378      256,
379      256,
380      },
381     {
382      1,
383      TLS1_TXT_ADH_WITH_AES_128_SHA256,
384      TLS1_RFC_ADH_WITH_AES_128_SHA256,
385      TLS1_CK_ADH_WITH_AES_128_SHA256,
386      SSL_kDHE,
387      SSL_aNULL,
388      SSL_AES128,
389      SSL_SHA256,
390      TLS1_2_VERSION, TLS1_2_VERSION,
391      DTLS1_2_VERSION, DTLS1_2_VERSION,
392      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
394      128,
395      128,
396      },
397     {
398      1,
399      TLS1_TXT_ADH_WITH_AES_256_SHA256,
400      TLS1_RFC_ADH_WITH_AES_256_SHA256,
401      TLS1_CK_ADH_WITH_AES_256_SHA256,
402      SSL_kDHE,
403      SSL_aNULL,
404      SSL_AES256,
405      SSL_SHA256,
406      TLS1_2_VERSION, TLS1_2_VERSION,
407      DTLS1_2_VERSION, DTLS1_2_VERSION,
408      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
410      256,
411      256,
412      },
413     {
414      1,
415      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416      TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
418      SSL_kRSA,
419      SSL_aRSA,
420      SSL_AES128GCM,
421      SSL_AEAD,
422      TLS1_2_VERSION, TLS1_2_VERSION,
423      DTLS1_2_VERSION, DTLS1_2_VERSION,
424      SSL_HIGH | SSL_FIPS,
425      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
426      128,
427      128,
428      },
429     {
430      1,
431      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432      TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
434      SSL_kRSA,
435      SSL_aRSA,
436      SSL_AES256GCM,
437      SSL_AEAD,
438      TLS1_2_VERSION, TLS1_2_VERSION,
439      DTLS1_2_VERSION, DTLS1_2_VERSION,
440      SSL_HIGH | SSL_FIPS,
441      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
442      256,
443      256,
444      },
445     {
446      1,
447      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448      TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
450      SSL_kDHE,
451      SSL_aRSA,
452      SSL_AES128GCM,
453      SSL_AEAD,
454      TLS1_2_VERSION, TLS1_2_VERSION,
455      DTLS1_2_VERSION, DTLS1_2_VERSION,
456      SSL_HIGH | SSL_FIPS,
457      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
458      128,
459      128,
460      },
461     {
462      1,
463      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464      TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
466      SSL_kDHE,
467      SSL_aRSA,
468      SSL_AES256GCM,
469      SSL_AEAD,
470      TLS1_2_VERSION, TLS1_2_VERSION,
471      DTLS1_2_VERSION, DTLS1_2_VERSION,
472      SSL_HIGH | SSL_FIPS,
473      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
474      256,
475      256,
476      },
477     {
478      1,
479      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480      TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
482      SSL_kDHE,
483      SSL_aDSS,
484      SSL_AES128GCM,
485      SSL_AEAD,
486      TLS1_2_VERSION, TLS1_2_VERSION,
487      DTLS1_2_VERSION, DTLS1_2_VERSION,
488      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
490      128,
491      128,
492      },
493     {
494      1,
495      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496      TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
498      SSL_kDHE,
499      SSL_aDSS,
500      SSL_AES256GCM,
501      SSL_AEAD,
502      TLS1_2_VERSION, TLS1_2_VERSION,
503      DTLS1_2_VERSION, DTLS1_2_VERSION,
504      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
506      256,
507      256,
508      },
509     {
510      1,
511      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512      TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
514      SSL_kDHE,
515      SSL_aNULL,
516      SSL_AES128GCM,
517      SSL_AEAD,
518      TLS1_2_VERSION, TLS1_2_VERSION,
519      DTLS1_2_VERSION, DTLS1_2_VERSION,
520      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
522      128,
523      128,
524      },
525     {
526      1,
527      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528      TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
530      SSL_kDHE,
531      SSL_aNULL,
532      SSL_AES256GCM,
533      SSL_AEAD,
534      TLS1_2_VERSION, TLS1_2_VERSION,
535      DTLS1_2_VERSION, DTLS1_2_VERSION,
536      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
538      256,
539      256,
540      },
541     {
542      1,
543      TLS1_TXT_RSA_WITH_AES_128_CCM,
544      TLS1_RFC_RSA_WITH_AES_128_CCM,
545      TLS1_CK_RSA_WITH_AES_128_CCM,
546      SSL_kRSA,
547      SSL_aRSA,
548      SSL_AES128CCM,
549      SSL_AEAD,
550      TLS1_2_VERSION, TLS1_2_VERSION,
551      DTLS1_2_VERSION, DTLS1_2_VERSION,
552      SSL_NOT_DEFAULT | SSL_HIGH,
553      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554      128,
555      128,
556      },
557     {
558      1,
559      TLS1_TXT_RSA_WITH_AES_256_CCM,
560      TLS1_RFC_RSA_WITH_AES_256_CCM,
561      TLS1_CK_RSA_WITH_AES_256_CCM,
562      SSL_kRSA,
563      SSL_aRSA,
564      SSL_AES256CCM,
565      SSL_AEAD,
566      TLS1_2_VERSION, TLS1_2_VERSION,
567      DTLS1_2_VERSION, DTLS1_2_VERSION,
568      SSL_NOT_DEFAULT | SSL_HIGH,
569      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
570      256,
571      256,
572      },
573     {
574      1,
575      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
578      SSL_kDHE,
579      SSL_aRSA,
580      SSL_AES128CCM,
581      SSL_AEAD,
582      TLS1_2_VERSION, TLS1_2_VERSION,
583      DTLS1_2_VERSION, DTLS1_2_VERSION,
584      SSL_NOT_DEFAULT | SSL_HIGH,
585      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
586      128,
587      128,
588      },
589     {
590      1,
591      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
594      SSL_kDHE,
595      SSL_aRSA,
596      SSL_AES256CCM,
597      SSL_AEAD,
598      TLS1_2_VERSION, TLS1_2_VERSION,
599      DTLS1_2_VERSION, DTLS1_2_VERSION,
600      SSL_NOT_DEFAULT | SSL_HIGH,
601      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
602      256,
603      256,
604      },
605     {
606      1,
607      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608      TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609      TLS1_CK_RSA_WITH_AES_128_CCM_8,
610      SSL_kRSA,
611      SSL_aRSA,
612      SSL_AES128CCM8,
613      SSL_AEAD,
614      TLS1_2_VERSION, TLS1_2_VERSION,
615      DTLS1_2_VERSION, DTLS1_2_VERSION,
616      SSL_NOT_DEFAULT | SSL_HIGH,
617      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
618      128,
619      128,
620      },
621     {
622      1,
623      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624      TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625      TLS1_CK_RSA_WITH_AES_256_CCM_8,
626      SSL_kRSA,
627      SSL_aRSA,
628      SSL_AES256CCM8,
629      SSL_AEAD,
630      TLS1_2_VERSION, TLS1_2_VERSION,
631      DTLS1_2_VERSION, DTLS1_2_VERSION,
632      SSL_NOT_DEFAULT | SSL_HIGH,
633      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
634      256,
635      256,
636      },
637     {
638      1,
639      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
642      SSL_kDHE,
643      SSL_aRSA,
644      SSL_AES128CCM8,
645      SSL_AEAD,
646      TLS1_2_VERSION, TLS1_2_VERSION,
647      DTLS1_2_VERSION, DTLS1_2_VERSION,
648      SSL_NOT_DEFAULT | SSL_HIGH,
649      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
650      128,
651      128,
652      },
653     {
654      1,
655      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
658      SSL_kDHE,
659      SSL_aRSA,
660      SSL_AES256CCM8,
661      SSL_AEAD,
662      TLS1_2_VERSION, TLS1_2_VERSION,
663      DTLS1_2_VERSION, DTLS1_2_VERSION,
664      SSL_NOT_DEFAULT | SSL_HIGH,
665      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
666      256,
667      256,
668      },
669     {
670      1,
671      TLS1_TXT_PSK_WITH_AES_128_CCM,
672      TLS1_RFC_PSK_WITH_AES_128_CCM,
673      TLS1_CK_PSK_WITH_AES_128_CCM,
674      SSL_kPSK,
675      SSL_aPSK,
676      SSL_AES128CCM,
677      SSL_AEAD,
678      TLS1_2_VERSION, TLS1_2_VERSION,
679      DTLS1_2_VERSION, DTLS1_2_VERSION,
680      SSL_NOT_DEFAULT | SSL_HIGH,
681      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
682      128,
683      128,
684      },
685     {
686      1,
687      TLS1_TXT_PSK_WITH_AES_256_CCM,
688      TLS1_RFC_PSK_WITH_AES_256_CCM,
689      TLS1_CK_PSK_WITH_AES_256_CCM,
690      SSL_kPSK,
691      SSL_aPSK,
692      SSL_AES256CCM,
693      SSL_AEAD,
694      TLS1_2_VERSION, TLS1_2_VERSION,
695      DTLS1_2_VERSION, DTLS1_2_VERSION,
696      SSL_NOT_DEFAULT | SSL_HIGH,
697      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698      256,
699      256,
700      },
701     {
702      1,
703      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
706      SSL_kDHEPSK,
707      SSL_aPSK,
708      SSL_AES128CCM,
709      SSL_AEAD,
710      TLS1_2_VERSION, TLS1_2_VERSION,
711      DTLS1_2_VERSION, DTLS1_2_VERSION,
712      SSL_NOT_DEFAULT | SSL_HIGH,
713      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
714      128,
715      128,
716      },
717     {
718      1,
719      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
722      SSL_kDHEPSK,
723      SSL_aPSK,
724      SSL_AES256CCM,
725      SSL_AEAD,
726      TLS1_2_VERSION, TLS1_2_VERSION,
727      DTLS1_2_VERSION, DTLS1_2_VERSION,
728      SSL_NOT_DEFAULT | SSL_HIGH,
729      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
730      256,
731      256,
732      },
733     {
734      1,
735      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736      TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737      TLS1_CK_PSK_WITH_AES_128_CCM_8,
738      SSL_kPSK,
739      SSL_aPSK,
740      SSL_AES128CCM8,
741      SSL_AEAD,
742      TLS1_2_VERSION, TLS1_2_VERSION,
743      DTLS1_2_VERSION, DTLS1_2_VERSION,
744      SSL_NOT_DEFAULT | SSL_HIGH,
745      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
746      128,
747      128,
748      },
749     {
750      1,
751      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752      TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753      TLS1_CK_PSK_WITH_AES_256_CCM_8,
754      SSL_kPSK,
755      SSL_aPSK,
756      SSL_AES256CCM8,
757      SSL_AEAD,
758      TLS1_2_VERSION, TLS1_2_VERSION,
759      DTLS1_2_VERSION, DTLS1_2_VERSION,
760      SSL_NOT_DEFAULT | SSL_HIGH,
761      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
762      256,
763      256,
764      },
765     {
766      1,
767      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
770      SSL_kDHEPSK,
771      SSL_aPSK,
772      SSL_AES128CCM8,
773      SSL_AEAD,
774      TLS1_2_VERSION, TLS1_2_VERSION,
775      DTLS1_2_VERSION, DTLS1_2_VERSION,
776      SSL_NOT_DEFAULT | SSL_HIGH,
777      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
778      128,
779      128,
780      },
781     {
782      1,
783      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
786      SSL_kDHEPSK,
787      SSL_aPSK,
788      SSL_AES256CCM8,
789      SSL_AEAD,
790      TLS1_2_VERSION, TLS1_2_VERSION,
791      DTLS1_2_VERSION, DTLS1_2_VERSION,
792      SSL_NOT_DEFAULT | SSL_HIGH,
793      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
794      256,
795      256,
796      },
797     {
798      1,
799      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
802      SSL_kECDHE,
803      SSL_aECDSA,
804      SSL_AES128CCM,
805      SSL_AEAD,
806      TLS1_2_VERSION, TLS1_2_VERSION,
807      DTLS1_2_VERSION, DTLS1_2_VERSION,
808      SSL_NOT_DEFAULT | SSL_HIGH,
809      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
810      128,
811      128,
812      },
813     {
814      1,
815      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
818      SSL_kECDHE,
819      SSL_aECDSA,
820      SSL_AES256CCM,
821      SSL_AEAD,
822      TLS1_2_VERSION, TLS1_2_VERSION,
823      DTLS1_2_VERSION, DTLS1_2_VERSION,
824      SSL_NOT_DEFAULT | SSL_HIGH,
825      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
826      256,
827      256,
828      },
829     {
830      1,
831      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
834      SSL_kECDHE,
835      SSL_aECDSA,
836      SSL_AES128CCM8,
837      SSL_AEAD,
838      TLS1_2_VERSION, TLS1_2_VERSION,
839      DTLS1_2_VERSION, DTLS1_2_VERSION,
840      SSL_NOT_DEFAULT | SSL_HIGH,
841      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
842      128,
843      128,
844      },
845     {
846      1,
847      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
850      SSL_kECDHE,
851      SSL_aECDSA,
852      SSL_AES256CCM8,
853      SSL_AEAD,
854      TLS1_2_VERSION, TLS1_2_VERSION,
855      DTLS1_2_VERSION, DTLS1_2_VERSION,
856      SSL_NOT_DEFAULT | SSL_HIGH,
857      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
858      256,
859      256,
860      },
861     {
862      1,
863      TLS1_3_TXT_AES_128_GCM_SHA256,
864      TLS1_3_RFC_AES_128_GCM_SHA256,
865      TLS1_3_CK_AES_128_GCM_SHA256,
866      0, 0,
867      SSL_AES128GCM,
868      SSL_AEAD,
869      TLS1_3_VERSION, TLS1_3_VERSION,
870      SSL_kANY,
871      SSL_aANY,
872      SSL_HIGH,
873      SSL_HANDSHAKE_MAC_SHA256,
874      128,
875      128,
876      },
877     {
878      1,
879      TLS1_3_TXT_AES_256_GCM_SHA384,
880      TLS1_3_RFC_AES_256_GCM_SHA384,
881      TLS1_3_CK_AES_256_GCM_SHA384,
882      SSL_kANY,
883      SSL_aANY,
884      SSL_AES256GCM,
885      SSL_AEAD,
886      TLS1_3_VERSION, TLS1_3_VERSION,
887      0, 0,
888      SSL_HIGH,
889      SSL_HANDSHAKE_MAC_SHA384,
890      256,
891      256,
892      },
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
894     {
895      1,
896      TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897      TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898      TLS1_3_CK_CHACHA20_POLY1305_SHA256,
899      SSL_kANY,
900      SSL_aANY,
901      SSL_CHACHA20POLY1305,
902      SSL_AEAD,
903      TLS1_3_VERSION, TLS1_3_VERSION,
904      0, 0,
905      SSL_HIGH,
906      SSL_HANDSHAKE_MAC_SHA256,
907      256,
908      256,
909      },
910 #endif
911     {
912      1,
913      TLS1_3_TXT_AES_128_CCM_SHA256,
914      TLS1_3_RFC_AES_128_CCM_SHA256,
915      TLS1_3_CK_AES_128_CCM_SHA256,
916      SSL_kANY,
917      SSL_aANY,
918      SSL_AES128CCM,
919      SSL_AEAD,
920      TLS1_3_VERSION, TLS1_3_VERSION,
921      0, 0,
922      SSL_NOT_DEFAULT | SSL_HIGH,
923      SSL_HANDSHAKE_MAC_SHA256,
924      128,
925      128,
926      },
927     {
928      1,
929      TLS1_3_TXT_AES_128_CCM_8_SHA256,
930      TLS1_3_RFC_AES_128_CCM_8_SHA256,
931      TLS1_3_CK_AES_128_CCM_8_SHA256,
932      SSL_kANY,
933      SSL_aANY,
934      SSL_AES128CCM8,
935      SSL_AEAD,
936      TLS1_3_VERSION, TLS1_3_VERSION,
937      0, 0,
938      SSL_NOT_DEFAULT | SSL_HIGH,
939      SSL_HANDSHAKE_MAC_SHA256,
940      128,
941      128,
942      },
943
944 #ifndef OPENSSL_NO_EC
945     {
946      1,
947      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
948      TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
949      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
950      SSL_kECDHE,
951      SSL_aECDSA,
952      SSL_eNULL,
953      SSL_SHA1,
954      TLS1_VERSION, TLS1_2_VERSION,
955      DTLS1_BAD_VER, DTLS1_2_VERSION,
956      SSL_STRONG_NONE | SSL_FIPS,
957      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
958      0,
959      0,
960      },
961 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
962     {
963      1,
964      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965      TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967      SSL_kECDHE,
968      SSL_aECDSA,
969      SSL_3DES,
970      SSL_SHA1,
971      TLS1_VERSION, TLS1_2_VERSION,
972      DTLS1_BAD_VER, DTLS1_2_VERSION,
973      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
974      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
975      112,
976      168,
977      },
978 # endif
979     {
980      1,
981      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984      SSL_kECDHE,
985      SSL_aECDSA,
986      SSL_AES128,
987      SSL_SHA1,
988      TLS1_VERSION, TLS1_2_VERSION,
989      DTLS1_BAD_VER, DTLS1_2_VERSION,
990      SSL_HIGH | SSL_FIPS,
991      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
992      128,
993      128,
994      },
995     {
996      1,
997      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000      SSL_kECDHE,
1001      SSL_aECDSA,
1002      SSL_AES256,
1003      SSL_SHA1,
1004      TLS1_VERSION, TLS1_2_VERSION,
1005      DTLS1_BAD_VER, DTLS1_2_VERSION,
1006      SSL_HIGH | SSL_FIPS,
1007      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1008      256,
1009      256,
1010      },
1011     {
1012      1,
1013      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1014      TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1015      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1016      SSL_kECDHE,
1017      SSL_aRSA,
1018      SSL_eNULL,
1019      SSL_SHA1,
1020      TLS1_VERSION, TLS1_2_VERSION,
1021      DTLS1_BAD_VER, DTLS1_2_VERSION,
1022      SSL_STRONG_NONE | SSL_FIPS,
1023      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1024      0,
1025      0,
1026      },
1027 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1028     {
1029      1,
1030      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031      TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033      SSL_kECDHE,
1034      SSL_aRSA,
1035      SSL_3DES,
1036      SSL_SHA1,
1037      TLS1_VERSION, TLS1_2_VERSION,
1038      DTLS1_BAD_VER, DTLS1_2_VERSION,
1039      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1040      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1041      112,
1042      168,
1043      },
1044 # endif
1045     {
1046      1,
1047      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048      TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050      SSL_kECDHE,
1051      SSL_aRSA,
1052      SSL_AES128,
1053      SSL_SHA1,
1054      TLS1_VERSION, TLS1_2_VERSION,
1055      DTLS1_BAD_VER, DTLS1_2_VERSION,
1056      SSL_HIGH | SSL_FIPS,
1057      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1058      128,
1059      128,
1060      },
1061     {
1062      1,
1063      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064      TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066      SSL_kECDHE,
1067      SSL_aRSA,
1068      SSL_AES256,
1069      SSL_SHA1,
1070      TLS1_VERSION, TLS1_2_VERSION,
1071      DTLS1_BAD_VER, DTLS1_2_VERSION,
1072      SSL_HIGH | SSL_FIPS,
1073      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1074      256,
1075      256,
1076      },
1077     {
1078      1,
1079      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1080      TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1081      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1082      SSL_kECDHE,
1083      SSL_aNULL,
1084      SSL_eNULL,
1085      SSL_SHA1,
1086      TLS1_VERSION, TLS1_2_VERSION,
1087      DTLS1_BAD_VER, DTLS1_2_VERSION,
1088      SSL_STRONG_NONE | SSL_FIPS,
1089      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1090      0,
1091      0,
1092      },
1093 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1094     {
1095      1,
1096      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097      TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099      SSL_kECDHE,
1100      SSL_aNULL,
1101      SSL_3DES,
1102      SSL_SHA1,
1103      TLS1_VERSION, TLS1_2_VERSION,
1104      DTLS1_BAD_VER, DTLS1_2_VERSION,
1105      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1106      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1107      112,
1108      168,
1109      },
1110 # endif
1111     {
1112      1,
1113      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1114      TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1115      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1116      SSL_kECDHE,
1117      SSL_aNULL,
1118      SSL_AES128,
1119      SSL_SHA1,
1120      TLS1_VERSION, TLS1_2_VERSION,
1121      DTLS1_BAD_VER, DTLS1_2_VERSION,
1122      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1123      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1124      128,
1125      128,
1126      },
1127     {
1128      1,
1129      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1130      TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1131      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1132      SSL_kECDHE,
1133      SSL_aNULL,
1134      SSL_AES256,
1135      SSL_SHA1,
1136      TLS1_VERSION, TLS1_2_VERSION,
1137      DTLS1_BAD_VER, DTLS1_2_VERSION,
1138      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1139      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1140      256,
1141      256,
1142      },
1143     {
1144      1,
1145      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148      SSL_kECDHE,
1149      SSL_aECDSA,
1150      SSL_AES128,
1151      SSL_SHA256,
1152      TLS1_2_VERSION, TLS1_2_VERSION,
1153      DTLS1_2_VERSION, DTLS1_2_VERSION,
1154      SSL_HIGH | SSL_FIPS,
1155      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1156      128,
1157      128,
1158      },
1159     {
1160      1,
1161      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164      SSL_kECDHE,
1165      SSL_aECDSA,
1166      SSL_AES256,
1167      SSL_SHA384,
1168      TLS1_2_VERSION, TLS1_2_VERSION,
1169      DTLS1_2_VERSION, DTLS1_2_VERSION,
1170      SSL_HIGH | SSL_FIPS,
1171      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1172      256,
1173      256,
1174      },
1175     {
1176      1,
1177      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1178      TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1179      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1180      SSL_kECDHE,
1181      SSL_aRSA,
1182      SSL_AES128,
1183      SSL_SHA256,
1184      TLS1_2_VERSION, TLS1_2_VERSION,
1185      DTLS1_2_VERSION, DTLS1_2_VERSION,
1186      SSL_HIGH | SSL_FIPS,
1187      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1188      128,
1189      128,
1190      },
1191     {
1192      1,
1193      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1194      TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1195      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1196      SSL_kECDHE,
1197      SSL_aRSA,
1198      SSL_AES256,
1199      SSL_SHA384,
1200      TLS1_2_VERSION, TLS1_2_VERSION,
1201      DTLS1_2_VERSION, DTLS1_2_VERSION,
1202      SSL_HIGH | SSL_FIPS,
1203      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1204      256,
1205      256,
1206      },
1207     {
1208      1,
1209      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212      SSL_kECDHE,
1213      SSL_aECDSA,
1214      SSL_AES128GCM,
1215      SSL_AEAD,
1216      TLS1_2_VERSION, TLS1_2_VERSION,
1217      DTLS1_2_VERSION, DTLS1_2_VERSION,
1218      SSL_HIGH | SSL_FIPS,
1219      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1220      128,
1221      128,
1222      },
1223     {
1224      1,
1225      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228      SSL_kECDHE,
1229      SSL_aECDSA,
1230      SSL_AES256GCM,
1231      SSL_AEAD,
1232      TLS1_2_VERSION, TLS1_2_VERSION,
1233      DTLS1_2_VERSION, DTLS1_2_VERSION,
1234      SSL_HIGH | SSL_FIPS,
1235      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1236      256,
1237      256,
1238      },
1239     {
1240      1,
1241      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242      TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244      SSL_kECDHE,
1245      SSL_aRSA,
1246      SSL_AES128GCM,
1247      SSL_AEAD,
1248      TLS1_2_VERSION, TLS1_2_VERSION,
1249      DTLS1_2_VERSION, DTLS1_2_VERSION,
1250      SSL_HIGH | SSL_FIPS,
1251      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1252      128,
1253      128,
1254      },
1255     {
1256      1,
1257      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258      TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260      SSL_kECDHE,
1261      SSL_aRSA,
1262      SSL_AES256GCM,
1263      SSL_AEAD,
1264      TLS1_2_VERSION, TLS1_2_VERSION,
1265      DTLS1_2_VERSION, DTLS1_2_VERSION,
1266      SSL_HIGH | SSL_FIPS,
1267      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1268      256,
1269      256,
1270      },
1271 #endif                          /* OPENSSL_NO_EC */
1272
1273 #ifndef OPENSSL_NO_PSK
1274     {
1275      1,
1276      TLS1_TXT_PSK_WITH_NULL_SHA,
1277      TLS1_RFC_PSK_WITH_NULL_SHA,
1278      TLS1_CK_PSK_WITH_NULL_SHA,
1279      SSL_kPSK,
1280      SSL_aPSK,
1281      SSL_eNULL,
1282      SSL_SHA1,
1283      SSL3_VERSION, TLS1_2_VERSION,
1284      DTLS1_BAD_VER, DTLS1_2_VERSION,
1285      SSL_STRONG_NONE | SSL_FIPS,
1286      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1287      0,
1288      0,
1289      },
1290     {
1291      1,
1292      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293      TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1294      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1295      SSL_kDHEPSK,
1296      SSL_aPSK,
1297      SSL_eNULL,
1298      SSL_SHA1,
1299      SSL3_VERSION, TLS1_2_VERSION,
1300      DTLS1_BAD_VER, DTLS1_2_VERSION,
1301      SSL_STRONG_NONE | SSL_FIPS,
1302      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303      0,
1304      0,
1305      },
1306     {
1307      1,
1308      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309      TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1310      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1311      SSL_kRSAPSK,
1312      SSL_aRSA,
1313      SSL_eNULL,
1314      SSL_SHA1,
1315      SSL3_VERSION, TLS1_2_VERSION,
1316      DTLS1_BAD_VER, DTLS1_2_VERSION,
1317      SSL_STRONG_NONE | SSL_FIPS,
1318      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1319      0,
1320      0,
1321      },
1322 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1323     {
1324      1,
1325      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326      TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1327      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1328      SSL_kPSK,
1329      SSL_aPSK,
1330      SSL_3DES,
1331      SSL_SHA1,
1332      SSL3_VERSION, TLS1_2_VERSION,
1333      DTLS1_BAD_VER, DTLS1_2_VERSION,
1334      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1336      112,
1337      168,
1338      },
1339 # endif
1340     {
1341      1,
1342      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1344      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1345      SSL_kPSK,
1346      SSL_aPSK,
1347      SSL_AES128,
1348      SSL_SHA1,
1349      SSL3_VERSION, TLS1_2_VERSION,
1350      DTLS1_BAD_VER, DTLS1_2_VERSION,
1351      SSL_HIGH | SSL_FIPS,
1352      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1353      128,
1354      128,
1355      },
1356     {
1357      1,
1358      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1360      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1361      SSL_kPSK,
1362      SSL_aPSK,
1363      SSL_AES256,
1364      SSL_SHA1,
1365      SSL3_VERSION, TLS1_2_VERSION,
1366      DTLS1_BAD_VER, DTLS1_2_VERSION,
1367      SSL_HIGH | SSL_FIPS,
1368      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1369      256,
1370      256,
1371      },
1372 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373     {
1374      1,
1375      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376      TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1378      SSL_kDHEPSK,
1379      SSL_aPSK,
1380      SSL_3DES,
1381      SSL_SHA1,
1382      SSL3_VERSION, TLS1_2_VERSION,
1383      DTLS1_BAD_VER, DTLS1_2_VERSION,
1384      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1386      112,
1387      168,
1388      },
1389 # endif
1390     {
1391      1,
1392      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1394      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1395      SSL_kDHEPSK,
1396      SSL_aPSK,
1397      SSL_AES128,
1398      SSL_SHA1,
1399      SSL3_VERSION, TLS1_2_VERSION,
1400      DTLS1_BAD_VER, DTLS1_2_VERSION,
1401      SSL_HIGH | SSL_FIPS,
1402      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1403      128,
1404      128,
1405      },
1406     {
1407      1,
1408      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1410      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1411      SSL_kDHEPSK,
1412      SSL_aPSK,
1413      SSL_AES256,
1414      SSL_SHA1,
1415      SSL3_VERSION, TLS1_2_VERSION,
1416      DTLS1_BAD_VER, DTLS1_2_VERSION,
1417      SSL_HIGH | SSL_FIPS,
1418      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1419      256,
1420      256,
1421      },
1422 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1423     {
1424      1,
1425      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426      TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1428      SSL_kRSAPSK,
1429      SSL_aRSA,
1430      SSL_3DES,
1431      SSL_SHA1,
1432      SSL3_VERSION, TLS1_2_VERSION,
1433      DTLS1_BAD_VER, DTLS1_2_VERSION,
1434      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1436      112,
1437      168,
1438      },
1439 # endif
1440     {
1441      1,
1442      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1444      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1445      SSL_kRSAPSK,
1446      SSL_aRSA,
1447      SSL_AES128,
1448      SSL_SHA1,
1449      SSL3_VERSION, TLS1_2_VERSION,
1450      DTLS1_BAD_VER, DTLS1_2_VERSION,
1451      SSL_HIGH | SSL_FIPS,
1452      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1453      128,
1454      128,
1455      },
1456     {
1457      1,
1458      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1460      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1461      SSL_kRSAPSK,
1462      SSL_aRSA,
1463      SSL_AES256,
1464      SSL_SHA1,
1465      SSL3_VERSION, TLS1_2_VERSION,
1466      DTLS1_BAD_VER, DTLS1_2_VERSION,
1467      SSL_HIGH | SSL_FIPS,
1468      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1469      256,
1470      256,
1471      },
1472     {
1473      1,
1474      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475      TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1476      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1477      SSL_kPSK,
1478      SSL_aPSK,
1479      SSL_AES128GCM,
1480      SSL_AEAD,
1481      TLS1_2_VERSION, TLS1_2_VERSION,
1482      DTLS1_2_VERSION, DTLS1_2_VERSION,
1483      SSL_HIGH | SSL_FIPS,
1484      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485      128,
1486      128,
1487      },
1488     {
1489      1,
1490      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491      TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1492      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1493      SSL_kPSK,
1494      SSL_aPSK,
1495      SSL_AES256GCM,
1496      SSL_AEAD,
1497      TLS1_2_VERSION, TLS1_2_VERSION,
1498      DTLS1_2_VERSION, DTLS1_2_VERSION,
1499      SSL_HIGH | SSL_FIPS,
1500      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1501      256,
1502      256,
1503      },
1504     {
1505      1,
1506      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507      TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1509      SSL_kDHEPSK,
1510      SSL_aPSK,
1511      SSL_AES128GCM,
1512      SSL_AEAD,
1513      TLS1_2_VERSION, TLS1_2_VERSION,
1514      DTLS1_2_VERSION, DTLS1_2_VERSION,
1515      SSL_HIGH | SSL_FIPS,
1516      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1517      128,
1518      128,
1519      },
1520     {
1521      1,
1522      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523      TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1525      SSL_kDHEPSK,
1526      SSL_aPSK,
1527      SSL_AES256GCM,
1528      SSL_AEAD,
1529      TLS1_2_VERSION, TLS1_2_VERSION,
1530      DTLS1_2_VERSION, DTLS1_2_VERSION,
1531      SSL_HIGH | SSL_FIPS,
1532      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533      256,
1534      256,
1535      },
1536     {
1537      1,
1538      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539      TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1541      SSL_kRSAPSK,
1542      SSL_aRSA,
1543      SSL_AES128GCM,
1544      SSL_AEAD,
1545      TLS1_2_VERSION, TLS1_2_VERSION,
1546      DTLS1_2_VERSION, DTLS1_2_VERSION,
1547      SSL_HIGH | SSL_FIPS,
1548      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1549      128,
1550      128,
1551      },
1552     {
1553      1,
1554      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555      TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1557      SSL_kRSAPSK,
1558      SSL_aRSA,
1559      SSL_AES256GCM,
1560      SSL_AEAD,
1561      TLS1_2_VERSION, TLS1_2_VERSION,
1562      DTLS1_2_VERSION, DTLS1_2_VERSION,
1563      SSL_HIGH | SSL_FIPS,
1564      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1565      256,
1566      256,
1567      },
1568     {
1569      1,
1570      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1572      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1573      SSL_kPSK,
1574      SSL_aPSK,
1575      SSL_AES128,
1576      SSL_SHA256,
1577      TLS1_VERSION, TLS1_2_VERSION,
1578      DTLS1_BAD_VER, DTLS1_2_VERSION,
1579      SSL_HIGH | SSL_FIPS,
1580      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581      128,
1582      128,
1583      },
1584     {
1585      1,
1586      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1588      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1589      SSL_kPSK,
1590      SSL_aPSK,
1591      SSL_AES256,
1592      SSL_SHA384,
1593      TLS1_VERSION, TLS1_2_VERSION,
1594      DTLS1_BAD_VER, DTLS1_2_VERSION,
1595      SSL_HIGH | SSL_FIPS,
1596      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1597      256,
1598      256,
1599      },
1600     {
1601      1,
1602      TLS1_TXT_PSK_WITH_NULL_SHA256,
1603      TLS1_RFC_PSK_WITH_NULL_SHA256,
1604      TLS1_CK_PSK_WITH_NULL_SHA256,
1605      SSL_kPSK,
1606      SSL_aPSK,
1607      SSL_eNULL,
1608      SSL_SHA256,
1609      TLS1_VERSION, TLS1_2_VERSION,
1610      DTLS1_BAD_VER, DTLS1_2_VERSION,
1611      SSL_STRONG_NONE | SSL_FIPS,
1612      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613      0,
1614      0,
1615      },
1616     {
1617      1,
1618      TLS1_TXT_PSK_WITH_NULL_SHA384,
1619      TLS1_RFC_PSK_WITH_NULL_SHA384,
1620      TLS1_CK_PSK_WITH_NULL_SHA384,
1621      SSL_kPSK,
1622      SSL_aPSK,
1623      SSL_eNULL,
1624      SSL_SHA384,
1625      TLS1_VERSION, TLS1_2_VERSION,
1626      DTLS1_BAD_VER, DTLS1_2_VERSION,
1627      SSL_STRONG_NONE | SSL_FIPS,
1628      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1629      0,
1630      0,
1631      },
1632     {
1633      1,
1634      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1637      SSL_kDHEPSK,
1638      SSL_aPSK,
1639      SSL_AES128,
1640      SSL_SHA256,
1641      TLS1_VERSION, TLS1_2_VERSION,
1642      DTLS1_BAD_VER, DTLS1_2_VERSION,
1643      SSL_HIGH | SSL_FIPS,
1644      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1645      128,
1646      128,
1647      },
1648     {
1649      1,
1650      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1653      SSL_kDHEPSK,
1654      SSL_aPSK,
1655      SSL_AES256,
1656      SSL_SHA384,
1657      TLS1_VERSION, TLS1_2_VERSION,
1658      DTLS1_BAD_VER, DTLS1_2_VERSION,
1659      SSL_HIGH | SSL_FIPS,
1660      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1661      256,
1662      256,
1663      },
1664     {
1665      1,
1666      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667      TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1668      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1669      SSL_kDHEPSK,
1670      SSL_aPSK,
1671      SSL_eNULL,
1672      SSL_SHA256,
1673      TLS1_VERSION, TLS1_2_VERSION,
1674      DTLS1_BAD_VER, DTLS1_2_VERSION,
1675      SSL_STRONG_NONE | SSL_FIPS,
1676      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1677      0,
1678      0,
1679      },
1680     {
1681      1,
1682      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683      TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1684      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1685      SSL_kDHEPSK,
1686      SSL_aPSK,
1687      SSL_eNULL,
1688      SSL_SHA384,
1689      TLS1_VERSION, TLS1_2_VERSION,
1690      DTLS1_BAD_VER, DTLS1_2_VERSION,
1691      SSL_STRONG_NONE | SSL_FIPS,
1692      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1693      0,
1694      0,
1695      },
1696     {
1697      1,
1698      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1701      SSL_kRSAPSK,
1702      SSL_aRSA,
1703      SSL_AES128,
1704      SSL_SHA256,
1705      TLS1_VERSION, TLS1_2_VERSION,
1706      DTLS1_BAD_VER, DTLS1_2_VERSION,
1707      SSL_HIGH | SSL_FIPS,
1708      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709      128,
1710      128,
1711      },
1712     {
1713      1,
1714      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1717      SSL_kRSAPSK,
1718      SSL_aRSA,
1719      SSL_AES256,
1720      SSL_SHA384,
1721      TLS1_VERSION, TLS1_2_VERSION,
1722      DTLS1_BAD_VER, DTLS1_2_VERSION,
1723      SSL_HIGH | SSL_FIPS,
1724      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1725      256,
1726      256,
1727      },
1728     {
1729      1,
1730      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731      TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1732      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1733      SSL_kRSAPSK,
1734      SSL_aRSA,
1735      SSL_eNULL,
1736      SSL_SHA256,
1737      TLS1_VERSION, TLS1_2_VERSION,
1738      DTLS1_BAD_VER, DTLS1_2_VERSION,
1739      SSL_STRONG_NONE | SSL_FIPS,
1740      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741      0,
1742      0,
1743      },
1744     {
1745      1,
1746      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747      TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1748      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1749      SSL_kRSAPSK,
1750      SSL_aRSA,
1751      SSL_eNULL,
1752      SSL_SHA384,
1753      TLS1_VERSION, TLS1_2_VERSION,
1754      DTLS1_BAD_VER, DTLS1_2_VERSION,
1755      SSL_STRONG_NONE | SSL_FIPS,
1756      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1757      0,
1758      0,
1759      },
1760 # ifndef OPENSSL_NO_EC
1761 #  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1762     {
1763      1,
1764      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765      TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1767      SSL_kECDHEPSK,
1768      SSL_aPSK,
1769      SSL_3DES,
1770      SSL_SHA1,
1771      TLS1_VERSION, TLS1_2_VERSION,
1772      DTLS1_BAD_VER, DTLS1_2_VERSION,
1773      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1775      112,
1776      168,
1777      },
1778 #  endif
1779     {
1780      1,
1781      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1784      SSL_kECDHEPSK,
1785      SSL_aPSK,
1786      SSL_AES128,
1787      SSL_SHA1,
1788      TLS1_VERSION, TLS1_2_VERSION,
1789      DTLS1_BAD_VER, DTLS1_2_VERSION,
1790      SSL_HIGH | SSL_FIPS,
1791      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792      128,
1793      128,
1794      },
1795     {
1796      1,
1797      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1800      SSL_kECDHEPSK,
1801      SSL_aPSK,
1802      SSL_AES256,
1803      SSL_SHA1,
1804      TLS1_VERSION, TLS1_2_VERSION,
1805      DTLS1_BAD_VER, DTLS1_2_VERSION,
1806      SSL_HIGH | SSL_FIPS,
1807      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1808      256,
1809      256,
1810      },
1811     {
1812      1,
1813      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1816      SSL_kECDHEPSK,
1817      SSL_aPSK,
1818      SSL_AES128,
1819      SSL_SHA256,
1820      TLS1_VERSION, TLS1_2_VERSION,
1821      DTLS1_BAD_VER, DTLS1_2_VERSION,
1822      SSL_HIGH | SSL_FIPS,
1823      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1824      128,
1825      128,
1826      },
1827     {
1828      1,
1829      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1832      SSL_kECDHEPSK,
1833      SSL_aPSK,
1834      SSL_AES256,
1835      SSL_SHA384,
1836      TLS1_VERSION, TLS1_2_VERSION,
1837      DTLS1_BAD_VER, DTLS1_2_VERSION,
1838      SSL_HIGH | SSL_FIPS,
1839      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1840      256,
1841      256,
1842      },
1843     {
1844      1,
1845      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1848      SSL_kECDHEPSK,
1849      SSL_aPSK,
1850      SSL_eNULL,
1851      SSL_SHA1,
1852      TLS1_VERSION, TLS1_2_VERSION,
1853      DTLS1_BAD_VER, DTLS1_2_VERSION,
1854      SSL_STRONG_NONE | SSL_FIPS,
1855      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1856      0,
1857      0,
1858      },
1859     {
1860      1,
1861      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1864      SSL_kECDHEPSK,
1865      SSL_aPSK,
1866      SSL_eNULL,
1867      SSL_SHA256,
1868      TLS1_VERSION, TLS1_2_VERSION,
1869      DTLS1_BAD_VER, DTLS1_2_VERSION,
1870      SSL_STRONG_NONE | SSL_FIPS,
1871      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1872      0,
1873      0,
1874      },
1875     {
1876      1,
1877      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1880      SSL_kECDHEPSK,
1881      SSL_aPSK,
1882      SSL_eNULL,
1883      SSL_SHA384,
1884      TLS1_VERSION, TLS1_2_VERSION,
1885      DTLS1_BAD_VER, DTLS1_2_VERSION,
1886      SSL_STRONG_NONE | SSL_FIPS,
1887      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1888      0,
1889      0,
1890      },
1891 # endif                         /* OPENSSL_NO_EC */
1892 #endif                          /* OPENSSL_NO_PSK */
1893
1894 #ifndef OPENSSL_NO_SRP
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1896     {
1897      1,
1898      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899      TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1901      SSL_kSRP,
1902      SSL_aSRP,
1903      SSL_3DES,
1904      SSL_SHA1,
1905      SSL3_VERSION, TLS1_2_VERSION,
1906      DTLS1_BAD_VER, DTLS1_2_VERSION,
1907      SSL_NOT_DEFAULT | SSL_MEDIUM,
1908      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909      112,
1910      168,
1911      },
1912     {
1913      1,
1914      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915      TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1917      SSL_kSRP,
1918      SSL_aRSA,
1919      SSL_3DES,
1920      SSL_SHA1,
1921      SSL3_VERSION, TLS1_2_VERSION,
1922      DTLS1_BAD_VER, DTLS1_2_VERSION,
1923      SSL_NOT_DEFAULT | SSL_MEDIUM,
1924      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925      112,
1926      168,
1927      },
1928     {
1929      1,
1930      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931      TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1933      SSL_kSRP,
1934      SSL_aDSS,
1935      SSL_3DES,
1936      SSL_SHA1,
1937      SSL3_VERSION, TLS1_2_VERSION,
1938      DTLS1_BAD_VER, DTLS1_2_VERSION,
1939      SSL_NOT_DEFAULT | SSL_MEDIUM,
1940      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941      112,
1942      168,
1943      },
1944 # endif
1945     {
1946      1,
1947      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948      TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1949      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1950      SSL_kSRP,
1951      SSL_aSRP,
1952      SSL_AES128,
1953      SSL_SHA1,
1954      SSL3_VERSION, TLS1_2_VERSION,
1955      DTLS1_BAD_VER, DTLS1_2_VERSION,
1956      SSL_HIGH,
1957      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958      128,
1959      128,
1960      },
1961     {
1962      1,
1963      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964      TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1966      SSL_kSRP,
1967      SSL_aRSA,
1968      SSL_AES128,
1969      SSL_SHA1,
1970      SSL3_VERSION, TLS1_2_VERSION,
1971      DTLS1_BAD_VER, DTLS1_2_VERSION,
1972      SSL_HIGH,
1973      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974      128,
1975      128,
1976      },
1977     {
1978      1,
1979      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980      TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1982      SSL_kSRP,
1983      SSL_aDSS,
1984      SSL_AES128,
1985      SSL_SHA1,
1986      SSL3_VERSION, TLS1_2_VERSION,
1987      DTLS1_BAD_VER, DTLS1_2_VERSION,
1988      SSL_NOT_DEFAULT | SSL_HIGH,
1989      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990      128,
1991      128,
1992      },
1993     {
1994      1,
1995      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996      TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1997      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1998      SSL_kSRP,
1999      SSL_aSRP,
2000      SSL_AES256,
2001      SSL_SHA1,
2002      SSL3_VERSION, TLS1_2_VERSION,
2003      DTLS1_BAD_VER, DTLS1_2_VERSION,
2004      SSL_HIGH,
2005      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2006      256,
2007      256,
2008      },
2009     {
2010      1,
2011      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012      TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2014      SSL_kSRP,
2015      SSL_aRSA,
2016      SSL_AES256,
2017      SSL_SHA1,
2018      SSL3_VERSION, TLS1_2_VERSION,
2019      DTLS1_BAD_VER, DTLS1_2_VERSION,
2020      SSL_HIGH,
2021      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2022      256,
2023      256,
2024      },
2025     {
2026      1,
2027      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028      TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2030      SSL_kSRP,
2031      SSL_aDSS,
2032      SSL_AES256,
2033      SSL_SHA1,
2034      SSL3_VERSION, TLS1_2_VERSION,
2035      DTLS1_BAD_VER, DTLS1_2_VERSION,
2036      SSL_NOT_DEFAULT | SSL_HIGH,
2037      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2038      256,
2039      256,
2040      },
2041 #endif                          /* OPENSSL_NO_SRP */
2042
2043 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2044 # ifndef OPENSSL_NO_RSA
2045     {
2046      1,
2047      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2048      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2049      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2050      SSL_kDHE,
2051      SSL_aRSA,
2052      SSL_CHACHA20POLY1305,
2053      SSL_AEAD,
2054      TLS1_2_VERSION, TLS1_2_VERSION,
2055      DTLS1_2_VERSION, DTLS1_2_VERSION,
2056      SSL_HIGH,
2057      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2058      256,
2059      256,
2060      },
2061 # endif                         /* OPENSSL_NO_RSA */
2062
2063 # ifndef OPENSSL_NO_EC
2064     {
2065      1,
2066      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2067      TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2068      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2069      SSL_kECDHE,
2070      SSL_aRSA,
2071      SSL_CHACHA20POLY1305,
2072      SSL_AEAD,
2073      TLS1_2_VERSION, TLS1_2_VERSION,
2074      DTLS1_2_VERSION, DTLS1_2_VERSION,
2075      SSL_HIGH,
2076      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2077      256,
2078      256,
2079      },
2080     {
2081      1,
2082      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2083      TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2084      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2085      SSL_kECDHE,
2086      SSL_aECDSA,
2087      SSL_CHACHA20POLY1305,
2088      SSL_AEAD,
2089      TLS1_2_VERSION, TLS1_2_VERSION,
2090      DTLS1_2_VERSION, DTLS1_2_VERSION,
2091      SSL_HIGH,
2092      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2093      256,
2094      256,
2095      },
2096 # endif                         /* OPENSSL_NO_EC */
2097
2098 # ifndef OPENSSL_NO_PSK
2099     {
2100      1,
2101      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2102      TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2103      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2104      SSL_kPSK,
2105      SSL_aPSK,
2106      SSL_CHACHA20POLY1305,
2107      SSL_AEAD,
2108      TLS1_2_VERSION, TLS1_2_VERSION,
2109      DTLS1_2_VERSION, DTLS1_2_VERSION,
2110      SSL_HIGH,
2111      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2112      256,
2113      256,
2114      },
2115     {
2116      1,
2117      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2118      TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2119      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2120      SSL_kECDHEPSK,
2121      SSL_aPSK,
2122      SSL_CHACHA20POLY1305,
2123      SSL_AEAD,
2124      TLS1_2_VERSION, TLS1_2_VERSION,
2125      DTLS1_2_VERSION, DTLS1_2_VERSION,
2126      SSL_HIGH,
2127      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2128      256,
2129      256,
2130      },
2131     {
2132      1,
2133      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2134      TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2135      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2136      SSL_kDHEPSK,
2137      SSL_aPSK,
2138      SSL_CHACHA20POLY1305,
2139      SSL_AEAD,
2140      TLS1_2_VERSION, TLS1_2_VERSION,
2141      DTLS1_2_VERSION, DTLS1_2_VERSION,
2142      SSL_HIGH,
2143      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2144      256,
2145      256,
2146      },
2147     {
2148      1,
2149      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2150      TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2151      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2152      SSL_kRSAPSK,
2153      SSL_aRSA,
2154      SSL_CHACHA20POLY1305,
2155      SSL_AEAD,
2156      TLS1_2_VERSION, TLS1_2_VERSION,
2157      DTLS1_2_VERSION, DTLS1_2_VERSION,
2158      SSL_HIGH,
2159      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2160      256,
2161      256,
2162      },
2163 # endif                         /* OPENSSL_NO_PSK */
2164 #endif                          /* !defined(OPENSSL_NO_CHACHA) &&
2165                                  * !defined(OPENSSL_NO_POLY1305) */
2166
2167 #ifndef OPENSSL_NO_CAMELLIA
2168     {
2169      1,
2170      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2171      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2172      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2173      SSL_kRSA,
2174      SSL_aRSA,
2175      SSL_CAMELLIA128,
2176      SSL_SHA256,
2177      TLS1_2_VERSION, TLS1_2_VERSION,
2178      DTLS1_2_VERSION, DTLS1_2_VERSION,
2179      SSL_NOT_DEFAULT | SSL_HIGH,
2180      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2181      128,
2182      128,
2183      },
2184     {
2185      1,
2186      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2187      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2188      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2189      SSL_kEDH,
2190      SSL_aDSS,
2191      SSL_CAMELLIA128,
2192      SSL_SHA256,
2193      TLS1_2_VERSION, TLS1_2_VERSION,
2194      DTLS1_2_VERSION, DTLS1_2_VERSION,
2195      SSL_NOT_DEFAULT | SSL_HIGH,
2196      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2197      128,
2198      128,
2199      },
2200     {
2201      1,
2202      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2203      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2204      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2205      SSL_kEDH,
2206      SSL_aRSA,
2207      SSL_CAMELLIA128,
2208      SSL_SHA256,
2209      TLS1_2_VERSION, TLS1_2_VERSION,
2210      DTLS1_2_VERSION, DTLS1_2_VERSION,
2211      SSL_NOT_DEFAULT | SSL_HIGH,
2212      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2213      128,
2214      128,
2215      },
2216     {
2217      1,
2218      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2219      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2220      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2221      SSL_kEDH,
2222      SSL_aNULL,
2223      SSL_CAMELLIA128,
2224      SSL_SHA256,
2225      TLS1_2_VERSION, TLS1_2_VERSION,
2226      DTLS1_2_VERSION, DTLS1_2_VERSION,
2227      SSL_NOT_DEFAULT | SSL_HIGH,
2228      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2229      128,
2230      128,
2231      },
2232     {
2233      1,
2234      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2235      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2236      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2237      SSL_kRSA,
2238      SSL_aRSA,
2239      SSL_CAMELLIA256,
2240      SSL_SHA256,
2241      TLS1_2_VERSION, TLS1_2_VERSION,
2242      DTLS1_2_VERSION, DTLS1_2_VERSION,
2243      SSL_NOT_DEFAULT | SSL_HIGH,
2244      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2245      256,
2246      256,
2247      },
2248     {
2249      1,
2250      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2251      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2252      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2253      SSL_kEDH,
2254      SSL_aDSS,
2255      SSL_CAMELLIA256,
2256      SSL_SHA256,
2257      TLS1_2_VERSION, TLS1_2_VERSION,
2258      DTLS1_2_VERSION, DTLS1_2_VERSION,
2259      SSL_NOT_DEFAULT | SSL_HIGH,
2260      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2261      256,
2262      256,
2263      },
2264     {
2265      1,
2266      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2267      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2268      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2269      SSL_kEDH,
2270      SSL_aRSA,
2271      SSL_CAMELLIA256,
2272      SSL_SHA256,
2273      TLS1_2_VERSION, TLS1_2_VERSION,
2274      DTLS1_2_VERSION, DTLS1_2_VERSION,
2275      SSL_NOT_DEFAULT | SSL_HIGH,
2276      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2277      256,
2278      256,
2279      },
2280     {
2281      1,
2282      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2283      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2284      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2285      SSL_kEDH,
2286      SSL_aNULL,
2287      SSL_CAMELLIA256,
2288      SSL_SHA256,
2289      TLS1_2_VERSION, TLS1_2_VERSION,
2290      DTLS1_2_VERSION, DTLS1_2_VERSION,
2291      SSL_NOT_DEFAULT | SSL_HIGH,
2292      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2293      256,
2294      256,
2295      },
2296     {
2297      1,
2298      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2299      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2300      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2301      SSL_kRSA,
2302      SSL_aRSA,
2303      SSL_CAMELLIA256,
2304      SSL_SHA1,
2305      SSL3_VERSION, TLS1_2_VERSION,
2306      DTLS1_BAD_VER, DTLS1_2_VERSION,
2307      SSL_NOT_DEFAULT | SSL_HIGH,
2308      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2309      256,
2310      256,
2311      },
2312     {
2313      1,
2314      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2315      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2316      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2317      SSL_kDHE,
2318      SSL_aDSS,
2319      SSL_CAMELLIA256,
2320      SSL_SHA1,
2321      SSL3_VERSION, TLS1_2_VERSION,
2322      DTLS1_BAD_VER, DTLS1_2_VERSION,
2323      SSL_NOT_DEFAULT | SSL_HIGH,
2324      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2325      256,
2326      256,
2327      },
2328     {
2329      1,
2330      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2331      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2332      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2333      SSL_kDHE,
2334      SSL_aRSA,
2335      SSL_CAMELLIA256,
2336      SSL_SHA1,
2337      SSL3_VERSION, TLS1_2_VERSION,
2338      DTLS1_BAD_VER, DTLS1_2_VERSION,
2339      SSL_NOT_DEFAULT | SSL_HIGH,
2340      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2341      256,
2342      256,
2343      },
2344     {
2345      1,
2346      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2347      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2348      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2349      SSL_kDHE,
2350      SSL_aNULL,
2351      SSL_CAMELLIA256,
2352      SSL_SHA1,
2353      SSL3_VERSION, TLS1_2_VERSION,
2354      DTLS1_BAD_VER, DTLS1_2_VERSION,
2355      SSL_NOT_DEFAULT | SSL_HIGH,
2356      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2357      256,
2358      256,
2359      },
2360     {
2361      1,
2362      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2363      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2364      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2365      SSL_kRSA,
2366      SSL_aRSA,
2367      SSL_CAMELLIA128,
2368      SSL_SHA1,
2369      SSL3_VERSION, TLS1_2_VERSION,
2370      DTLS1_BAD_VER, DTLS1_2_VERSION,
2371      SSL_NOT_DEFAULT | SSL_HIGH,
2372      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2373      128,
2374      128,
2375      },
2376     {
2377      1,
2378      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2379      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2380      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2381      SSL_kDHE,
2382      SSL_aDSS,
2383      SSL_CAMELLIA128,
2384      SSL_SHA1,
2385      SSL3_VERSION, TLS1_2_VERSION,
2386      DTLS1_BAD_VER, DTLS1_2_VERSION,
2387      SSL_NOT_DEFAULT | SSL_HIGH,
2388      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2389      128,
2390      128,
2391      },
2392     {
2393      1,
2394      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2395      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2396      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2397      SSL_kDHE,
2398      SSL_aRSA,
2399      SSL_CAMELLIA128,
2400      SSL_SHA1,
2401      SSL3_VERSION, TLS1_2_VERSION,
2402      DTLS1_BAD_VER, DTLS1_2_VERSION,
2403      SSL_NOT_DEFAULT | SSL_HIGH,
2404      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2405      128,
2406      128,
2407      },
2408     {
2409      1,
2410      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2411      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2412      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2413      SSL_kDHE,
2414      SSL_aNULL,
2415      SSL_CAMELLIA128,
2416      SSL_SHA1,
2417      SSL3_VERSION, TLS1_2_VERSION,
2418      DTLS1_BAD_VER, DTLS1_2_VERSION,
2419      SSL_NOT_DEFAULT | SSL_HIGH,
2420      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2421      128,
2422      128,
2423      },
2424
2425 # ifndef OPENSSL_NO_EC
2426     {
2427      1,
2428      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2429      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2431      SSL_kECDHE,
2432      SSL_aECDSA,
2433      SSL_CAMELLIA128,
2434      SSL_SHA256,
2435      TLS1_2_VERSION, TLS1_2_VERSION,
2436      DTLS1_2_VERSION, DTLS1_2_VERSION,
2437      SSL_NOT_DEFAULT | SSL_HIGH,
2438      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2439      128,
2440      128,
2441      },
2442     {
2443      1,
2444      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2445      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2447      SSL_kECDHE,
2448      SSL_aECDSA,
2449      SSL_CAMELLIA256,
2450      SSL_SHA384,
2451      TLS1_2_VERSION, TLS1_2_VERSION,
2452      DTLS1_2_VERSION, DTLS1_2_VERSION,
2453      SSL_NOT_DEFAULT | SSL_HIGH,
2454      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2455      256,
2456      256,
2457      },
2458     {
2459      1,
2460      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2461      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2463      SSL_kECDHE,
2464      SSL_aRSA,
2465      SSL_CAMELLIA128,
2466      SSL_SHA256,
2467      TLS1_2_VERSION, TLS1_2_VERSION,
2468      DTLS1_2_VERSION, DTLS1_2_VERSION,
2469      SSL_NOT_DEFAULT | SSL_HIGH,
2470      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2471      128,
2472      128,
2473      },
2474     {
2475      1,
2476      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2477      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2479      SSL_kECDHE,
2480      SSL_aRSA,
2481      SSL_CAMELLIA256,
2482      SSL_SHA384,
2483      TLS1_2_VERSION, TLS1_2_VERSION,
2484      DTLS1_2_VERSION, DTLS1_2_VERSION,
2485      SSL_NOT_DEFAULT | SSL_HIGH,
2486      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2487      256,
2488      256,
2489      },
2490 # endif                         /* OPENSSL_NO_EC */
2491
2492 # ifndef OPENSSL_NO_PSK
2493     {
2494      1,
2495      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2496      TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2498      SSL_kPSK,
2499      SSL_aPSK,
2500      SSL_CAMELLIA128,
2501      SSL_SHA256,
2502      TLS1_VERSION, TLS1_2_VERSION,
2503      DTLS1_BAD_VER, DTLS1_2_VERSION,
2504      SSL_NOT_DEFAULT | SSL_HIGH,
2505      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2506      128,
2507      128,
2508      },
2509     {
2510      1,
2511      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2512      TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2514      SSL_kPSK,
2515      SSL_aPSK,
2516      SSL_CAMELLIA256,
2517      SSL_SHA384,
2518      TLS1_VERSION, TLS1_2_VERSION,
2519      DTLS1_BAD_VER, DTLS1_2_VERSION,
2520      SSL_NOT_DEFAULT | SSL_HIGH,
2521      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2522      256,
2523      256,
2524      },
2525     {
2526      1,
2527      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2530      SSL_kDHEPSK,
2531      SSL_aPSK,
2532      SSL_CAMELLIA128,
2533      SSL_SHA256,
2534      TLS1_VERSION, TLS1_2_VERSION,
2535      DTLS1_BAD_VER, DTLS1_2_VERSION,
2536      SSL_NOT_DEFAULT | SSL_HIGH,
2537      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2538      128,
2539      128,
2540      },
2541     {
2542      1,
2543      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2546      SSL_kDHEPSK,
2547      SSL_aPSK,
2548      SSL_CAMELLIA256,
2549      SSL_SHA384,
2550      TLS1_VERSION, TLS1_2_VERSION,
2551      DTLS1_BAD_VER, DTLS1_2_VERSION,
2552      SSL_NOT_DEFAULT | SSL_HIGH,
2553      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2554      256,
2555      256,
2556      },
2557     {
2558      1,
2559      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2562      SSL_kRSAPSK,
2563      SSL_aRSA,
2564      SSL_CAMELLIA128,
2565      SSL_SHA256,
2566      TLS1_VERSION, TLS1_2_VERSION,
2567      DTLS1_BAD_VER, DTLS1_2_VERSION,
2568      SSL_NOT_DEFAULT | SSL_HIGH,
2569      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2570      128,
2571      128,
2572      },
2573     {
2574      1,
2575      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2578      SSL_kRSAPSK,
2579      SSL_aRSA,
2580      SSL_CAMELLIA256,
2581      SSL_SHA384,
2582      TLS1_VERSION, TLS1_2_VERSION,
2583      DTLS1_BAD_VER, DTLS1_2_VERSION,
2584      SSL_NOT_DEFAULT | SSL_HIGH,
2585      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2586      256,
2587      256,
2588      },
2589     {
2590      1,
2591      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2594      SSL_kECDHEPSK,
2595      SSL_aPSK,
2596      SSL_CAMELLIA128,
2597      SSL_SHA256,
2598      TLS1_VERSION, TLS1_2_VERSION,
2599      DTLS1_BAD_VER, DTLS1_2_VERSION,
2600      SSL_NOT_DEFAULT | SSL_HIGH,
2601      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602      128,
2603      128,
2604      },
2605     {
2606      1,
2607      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2610      SSL_kECDHEPSK,
2611      SSL_aPSK,
2612      SSL_CAMELLIA256,
2613      SSL_SHA384,
2614      TLS1_VERSION, TLS1_2_VERSION,
2615      DTLS1_BAD_VER, DTLS1_2_VERSION,
2616      SSL_NOT_DEFAULT | SSL_HIGH,
2617      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2618      256,
2619      256,
2620      },
2621 # endif                         /* OPENSSL_NO_PSK */
2622
2623 #endif                          /* OPENSSL_NO_CAMELLIA */
2624
2625 #ifndef OPENSSL_NO_GOST
2626     {
2627      1,
2628      "GOST2001-GOST89-GOST89",
2629      "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2630      0x3000081,
2631      SSL_kGOST,
2632      SSL_aGOST01,
2633      SSL_eGOST2814789CNT,
2634      SSL_GOST89MAC,
2635      TLS1_VERSION, TLS1_2_VERSION,
2636      0, 0,
2637      SSL_HIGH,
2638      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2639      256,
2640      256,
2641      },
2642     {
2643      1,
2644      "GOST2001-NULL-GOST94",
2645      "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2646      0x3000083,
2647      SSL_kGOST,
2648      SSL_aGOST01,
2649      SSL_eNULL,
2650      SSL_GOST94,
2651      TLS1_VERSION, TLS1_2_VERSION,
2652      0, 0,
2653      SSL_STRONG_NONE,
2654      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2655      0,
2656      0,
2657      },
2658     {
2659      1,
2660      "GOST2012-GOST8912-GOST8912",
2661      NULL,
2662      0x0300ff85,
2663      SSL_kGOST,
2664      SSL_aGOST12 | SSL_aGOST01,
2665      SSL_eGOST2814789CNT12,
2666      SSL_GOST89MAC12,
2667      TLS1_VERSION, TLS1_2_VERSION,
2668      0, 0,
2669      SSL_HIGH,
2670      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2671      256,
2672      256,
2673      },
2674     {
2675      1,
2676      "GOST2012-NULL-GOST12",
2677      NULL,
2678      0x0300ff87,
2679      SSL_kGOST,
2680      SSL_aGOST12 | SSL_aGOST01,
2681      SSL_eNULL,
2682      SSL_GOST12_256,
2683      TLS1_VERSION, TLS1_2_VERSION,
2684      0, 0,
2685      SSL_STRONG_NONE,
2686      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2687      0,
2688      0,
2689      },
2690 #endif                          /* OPENSSL_NO_GOST */
2691
2692 #ifndef OPENSSL_NO_IDEA
2693     {
2694      1,
2695      SSL3_TXT_RSA_IDEA_128_SHA,
2696      SSL3_RFC_RSA_IDEA_128_SHA,
2697      SSL3_CK_RSA_IDEA_128_SHA,
2698      SSL_kRSA,
2699      SSL_aRSA,
2700      SSL_IDEA,
2701      SSL_SHA1,
2702      SSL3_VERSION, TLS1_1_VERSION,
2703      DTLS1_BAD_VER, DTLS1_VERSION,
2704      SSL_NOT_DEFAULT | SSL_MEDIUM,
2705      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2706      128,
2707      128,
2708      },
2709 #endif
2710
2711 #ifndef OPENSSL_NO_SEED
2712     {
2713      1,
2714      TLS1_TXT_RSA_WITH_SEED_SHA,
2715      TLS1_RFC_RSA_WITH_SEED_SHA,
2716      TLS1_CK_RSA_WITH_SEED_SHA,
2717      SSL_kRSA,
2718      SSL_aRSA,
2719      SSL_SEED,
2720      SSL_SHA1,
2721      SSL3_VERSION, TLS1_2_VERSION,
2722      DTLS1_BAD_VER, DTLS1_2_VERSION,
2723      SSL_NOT_DEFAULT | SSL_MEDIUM,
2724      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2725      128,
2726      128,
2727      },
2728     {
2729      1,
2730      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2731      TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2732      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2733      SSL_kDHE,
2734      SSL_aDSS,
2735      SSL_SEED,
2736      SSL_SHA1,
2737      SSL3_VERSION, TLS1_2_VERSION,
2738      DTLS1_BAD_VER, DTLS1_2_VERSION,
2739      SSL_NOT_DEFAULT | SSL_MEDIUM,
2740      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2741      128,
2742      128,
2743      },
2744     {
2745      1,
2746      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2747      TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2748      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2749      SSL_kDHE,
2750      SSL_aRSA,
2751      SSL_SEED,
2752      SSL_SHA1,
2753      SSL3_VERSION, TLS1_2_VERSION,
2754      DTLS1_BAD_VER, DTLS1_2_VERSION,
2755      SSL_NOT_DEFAULT | SSL_MEDIUM,
2756      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2757      128,
2758      128,
2759      },
2760     {
2761      1,
2762      TLS1_TXT_ADH_WITH_SEED_SHA,
2763      TLS1_RFC_ADH_WITH_SEED_SHA,
2764      TLS1_CK_ADH_WITH_SEED_SHA,
2765      SSL_kDHE,
2766      SSL_aNULL,
2767      SSL_SEED,
2768      SSL_SHA1,
2769      SSL3_VERSION, TLS1_2_VERSION,
2770      DTLS1_BAD_VER, DTLS1_2_VERSION,
2771      SSL_NOT_DEFAULT | SSL_MEDIUM,
2772      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2773      128,
2774      128,
2775      },
2776 #endif                          /* OPENSSL_NO_SEED */
2777
2778 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2779     {
2780      1,
2781      SSL3_TXT_RSA_RC4_128_MD5,
2782      SSL3_RFC_RSA_RC4_128_MD5,
2783      SSL3_CK_RSA_RC4_128_MD5,
2784      SSL_kRSA,
2785      SSL_aRSA,
2786      SSL_RC4,
2787      SSL_MD5,
2788      SSL3_VERSION, TLS1_2_VERSION,
2789      0, 0,
2790      SSL_NOT_DEFAULT | SSL_MEDIUM,
2791      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2792      128,
2793      128,
2794      },
2795     {
2796      1,
2797      SSL3_TXT_RSA_RC4_128_SHA,
2798      SSL3_RFC_RSA_RC4_128_SHA,
2799      SSL3_CK_RSA_RC4_128_SHA,
2800      SSL_kRSA,
2801      SSL_aRSA,
2802      SSL_RC4,
2803      SSL_SHA1,
2804      SSL3_VERSION, TLS1_2_VERSION,
2805      0, 0,
2806      SSL_NOT_DEFAULT | SSL_MEDIUM,
2807      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2808      128,
2809      128,
2810      },
2811     {
2812      1,
2813      SSL3_TXT_ADH_RC4_128_MD5,
2814      SSL3_RFC_ADH_RC4_128_MD5,
2815      SSL3_CK_ADH_RC4_128_MD5,
2816      SSL_kDHE,
2817      SSL_aNULL,
2818      SSL_RC4,
2819      SSL_MD5,
2820      SSL3_VERSION, TLS1_2_VERSION,
2821      0, 0,
2822      SSL_NOT_DEFAULT | SSL_MEDIUM,
2823      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2824      128,
2825      128,
2826      },
2827
2828 # ifndef OPENSSL_NO_EC
2829     {
2830      1,
2831      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2832      TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2833      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2834      SSL_kECDHEPSK,
2835      SSL_aPSK,
2836      SSL_RC4,
2837      SSL_SHA1,
2838      TLS1_VERSION, TLS1_2_VERSION,
2839      0, 0,
2840      SSL_NOT_DEFAULT | SSL_MEDIUM,
2841      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2842      128,
2843      128,
2844      },
2845     {
2846      1,
2847      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2848      TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2849      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2850      SSL_kECDHE,
2851      SSL_aNULL,
2852      SSL_RC4,
2853      SSL_SHA1,
2854      TLS1_VERSION, TLS1_2_VERSION,
2855      0, 0,
2856      SSL_NOT_DEFAULT | SSL_MEDIUM,
2857      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2858      128,
2859      128,
2860      },
2861     {
2862      1,
2863      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2864      TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2865      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2866      SSL_kECDHE,
2867      SSL_aECDSA,
2868      SSL_RC4,
2869      SSL_SHA1,
2870      TLS1_VERSION, TLS1_2_VERSION,
2871      0, 0,
2872      SSL_NOT_DEFAULT | SSL_MEDIUM,
2873      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2874      128,
2875      128,
2876      },
2877     {
2878      1,
2879      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2880      TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2881      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2882      SSL_kECDHE,
2883      SSL_aRSA,
2884      SSL_RC4,
2885      SSL_SHA1,
2886      TLS1_VERSION, TLS1_2_VERSION,
2887      0, 0,
2888      SSL_NOT_DEFAULT | SSL_MEDIUM,
2889      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2890      128,
2891      128,
2892      },
2893 # endif                         /* OPENSSL_NO_EC */
2894
2895 # ifndef OPENSSL_NO_PSK
2896     {
2897      1,
2898      TLS1_TXT_PSK_WITH_RC4_128_SHA,
2899      TLS1_RFC_PSK_WITH_RC4_128_SHA,
2900      TLS1_CK_PSK_WITH_RC4_128_SHA,
2901      SSL_kPSK,
2902      SSL_aPSK,
2903      SSL_RC4,
2904      SSL_SHA1,
2905      SSL3_VERSION, TLS1_2_VERSION,
2906      0, 0,
2907      SSL_NOT_DEFAULT | SSL_MEDIUM,
2908      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2909      128,
2910      128,
2911      },
2912     {
2913      1,
2914      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2915      TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2916      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2917      SSL_kRSAPSK,
2918      SSL_aRSA,
2919      SSL_RC4,
2920      SSL_SHA1,
2921      SSL3_VERSION, TLS1_2_VERSION,
2922      0, 0,
2923      SSL_NOT_DEFAULT | SSL_MEDIUM,
2924      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2925      128,
2926      128,
2927      },
2928     {
2929      1,
2930      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2931      TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2932      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2933      SSL_kDHEPSK,
2934      SSL_aPSK,
2935      SSL_RC4,
2936      SSL_SHA1,
2937      SSL3_VERSION, TLS1_2_VERSION,
2938      0, 0,
2939      SSL_NOT_DEFAULT | SSL_MEDIUM,
2940      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2941      128,
2942      128,
2943      },
2944 # endif                         /* OPENSSL_NO_PSK */
2945
2946 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2947
2948 #ifndef OPENSSL_NO_ARIA
2949     {
2950      1,
2951      TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2952      TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2953      TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2954      SSL_kRSA,
2955      SSL_aRSA,
2956      SSL_ARIA128GCM,
2957      SSL_AEAD,
2958      TLS1_2_VERSION, TLS1_2_VERSION,
2959      DTLS1_2_VERSION, DTLS1_2_VERSION,
2960      SSL_NOT_DEFAULT | SSL_HIGH,
2961      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2962      128,
2963      128,
2964      },
2965     {
2966      1,
2967      TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2968      TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2969      TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2970      SSL_kRSA,
2971      SSL_aRSA,
2972      SSL_ARIA256GCM,
2973      SSL_AEAD,
2974      TLS1_2_VERSION, TLS1_2_VERSION,
2975      DTLS1_2_VERSION, DTLS1_2_VERSION,
2976      SSL_NOT_DEFAULT | SSL_HIGH,
2977      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2978      256,
2979      256,
2980      },
2981     {
2982      1,
2983      TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2984      TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2985      TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2986      SSL_kDHE,
2987      SSL_aRSA,
2988      SSL_ARIA128GCM,
2989      SSL_AEAD,
2990      TLS1_2_VERSION, TLS1_2_VERSION,
2991      DTLS1_2_VERSION, DTLS1_2_VERSION,
2992      SSL_NOT_DEFAULT | SSL_HIGH,
2993      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2994      128,
2995      128,
2996      },
2997     {
2998      1,
2999      TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3000      TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3001      TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3002      SSL_kDHE,
3003      SSL_aRSA,
3004      SSL_ARIA256GCM,
3005      SSL_AEAD,
3006      TLS1_2_VERSION, TLS1_2_VERSION,
3007      DTLS1_2_VERSION, DTLS1_2_VERSION,
3008      SSL_NOT_DEFAULT | SSL_HIGH,
3009      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3010      256,
3011      256,
3012      },
3013     {
3014      1,
3015      TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3016      TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3017      TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3018      SSL_kDHE,
3019      SSL_aDSS,
3020      SSL_ARIA128GCM,
3021      SSL_AEAD,
3022      TLS1_2_VERSION, TLS1_2_VERSION,
3023      DTLS1_2_VERSION, DTLS1_2_VERSION,
3024      SSL_NOT_DEFAULT | SSL_HIGH,
3025      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3026      128,
3027      128,
3028      },
3029     {
3030      1,
3031      TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3032      TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3033      TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3034      SSL_kDHE,
3035      SSL_aDSS,
3036      SSL_ARIA256GCM,
3037      SSL_AEAD,
3038      TLS1_2_VERSION, TLS1_2_VERSION,
3039      DTLS1_2_VERSION, DTLS1_2_VERSION,
3040      SSL_NOT_DEFAULT | SSL_HIGH,
3041      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3042      256,
3043      256,
3044      },
3045     {
3046      1,
3047      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3048      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3049      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3050      SSL_kECDHE,
3051      SSL_aECDSA,
3052      SSL_ARIA128GCM,
3053      SSL_AEAD,
3054      TLS1_2_VERSION, TLS1_2_VERSION,
3055      DTLS1_2_VERSION, DTLS1_2_VERSION,
3056      SSL_NOT_DEFAULT | SSL_HIGH,
3057      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3058      128,
3059      128,
3060      },
3061     {
3062      1,
3063      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3064      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3065      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3066      SSL_kECDHE,
3067      SSL_aECDSA,
3068      SSL_ARIA256GCM,
3069      SSL_AEAD,
3070      TLS1_2_VERSION, TLS1_2_VERSION,
3071      DTLS1_2_VERSION, DTLS1_2_VERSION,
3072      SSL_NOT_DEFAULT | SSL_HIGH,
3073      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3074      256,
3075      256,
3076      },
3077
3078     {
3079      1,
3080      TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3081      TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3082      TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3083      SSL_kECDHE,
3084      SSL_aRSA,
3085      SSL_ARIA128GCM,
3086      SSL_AEAD,
3087      TLS1_2_VERSION, TLS1_2_VERSION,
3088      DTLS1_2_VERSION, DTLS1_2_VERSION,
3089      SSL_NOT_DEFAULT | SSL_HIGH,
3090      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3091      128,
3092      128,
3093      },
3094     {
3095      1,
3096      TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3097      TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3098      TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3099      SSL_kECDHE,
3100      SSL_aRSA,
3101      SSL_ARIA256GCM,
3102      SSL_AEAD,
3103      TLS1_2_VERSION, TLS1_2_VERSION,
3104      DTLS1_2_VERSION, DTLS1_2_VERSION,
3105      SSL_NOT_DEFAULT | SSL_HIGH,
3106      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3107      256,
3108      256,
3109      },
3110     {
3111      1,
3112      TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3113      TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3114      TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3115      SSL_kPSK,
3116      SSL_aPSK,
3117      SSL_ARIA128GCM,
3118      SSL_AEAD,
3119      TLS1_2_VERSION, TLS1_2_VERSION,
3120      DTLS1_2_VERSION, DTLS1_2_VERSION,
3121      SSL_NOT_DEFAULT | SSL_HIGH,
3122      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3123      128,
3124      128,
3125      },
3126     {
3127      1,
3128      TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3129      TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3130      TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3131      SSL_kPSK,
3132      SSL_aPSK,
3133      SSL_ARIA256GCM,
3134      SSL_AEAD,
3135      TLS1_2_VERSION, TLS1_2_VERSION,
3136      DTLS1_2_VERSION, DTLS1_2_VERSION,
3137      SSL_NOT_DEFAULT | SSL_HIGH,
3138      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3139      256,
3140      256,
3141      },
3142     {
3143      1,
3144      TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3145      TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3146      TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3147      SSL_kDHEPSK,
3148      SSL_aPSK,
3149      SSL_ARIA128GCM,
3150      SSL_AEAD,
3151      TLS1_2_VERSION, TLS1_2_VERSION,
3152      DTLS1_2_VERSION, DTLS1_2_VERSION,
3153      SSL_NOT_DEFAULT | SSL_HIGH,
3154      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3155      128,
3156      128,
3157      },
3158     {
3159      1,
3160      TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3161      TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3162      TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3163      SSL_kDHEPSK,
3164      SSL_aPSK,
3165      SSL_ARIA256GCM,
3166      SSL_AEAD,
3167      TLS1_2_VERSION, TLS1_2_VERSION,
3168      DTLS1_2_VERSION, DTLS1_2_VERSION,
3169      SSL_NOT_DEFAULT | SSL_HIGH,
3170      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3171      256,
3172      256,
3173      },
3174
3175     {
3176      1,
3177      TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3178      TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3179      TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3180      SSL_kRSAPSK,
3181      SSL_aRSA,
3182      SSL_ARIA128GCM,
3183      SSL_AEAD,
3184      TLS1_2_VERSION, TLS1_2_VERSION,
3185      DTLS1_2_VERSION, DTLS1_2_VERSION,
3186      SSL_NOT_DEFAULT | SSL_HIGH,
3187      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3188      128,
3189      128,
3190      },
3191     {
3192      1,
3193      TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3194      TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3195      TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3196      SSL_kRSAPSK,
3197      SSL_aRSA,
3198      SSL_ARIA256GCM,
3199      SSL_AEAD,
3200      TLS1_2_VERSION, TLS1_2_VERSION,
3201      DTLS1_2_VERSION, DTLS1_2_VERSION,
3202      SSL_NOT_DEFAULT | SSL_HIGH,
3203      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3204      256,
3205      256,
3206      },
3207 #endif /* OPENSSL_NO_ARIA */
3208 };
3209
3210 /*
3211  * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3212  * values stuffed into the ciphers field of the wire protocol for signalling
3213  * purposes.
3214  */
3215 static SSL_CIPHER ssl3_scsvs[] = {
3216     {
3217      0,
3218      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3219      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3220      SSL3_CK_SCSV,
3221      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3222     },
3223     {
3224      0,
3225      "TLS_FALLBACK_SCSV",
3226      "TLS_FALLBACK_SCSV",
3227      SSL3_CK_FALLBACK_SCSV,
3228      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3229     },
3230 };
3231
3232 static int cipher_compare(const void *a, const void *b)
3233 {
3234     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3235     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3236
3237     if (ap->id == bp->id)
3238         return 0;
3239     return ap->id < bp->id ? -1 : 1;
3240 }
3241
3242 void ssl_sort_cipher_list(void)
3243 {
3244     qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
3245           cipher_compare);
3246     qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
3247 }
3248
3249 const SSL3_ENC_METHOD SSLv3_enc_data = {
3250     ssl3_enc,
3251     n_ssl3_mac,
3252     ssl3_setup_key_block,
3253     ssl3_generate_master_secret,
3254     ssl3_change_cipher_state,
3255     ssl3_final_finish_mac,
3256     SSL3_MD_CLIENT_FINISHED_CONST, 4,
3257     SSL3_MD_SERVER_FINISHED_CONST, 4,
3258     ssl3_alert_code,
3259     (int (*)(SSL *, unsigned char *, size_t, const char *,
3260              size_t, const unsigned char *, size_t,
3261              int use_context))ssl_undefined_function,
3262     0,
3263     ssl3_set_handshake_header,
3264     tls_close_construct_packet,
3265     ssl3_handshake_write
3266 };
3267
3268 long ssl3_default_timeout(void)
3269 {
3270     /*
3271      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3272      * http, the cache would over fill
3273      */
3274     return (60 * 60 * 2);
3275 }
3276
3277 int ssl3_num_ciphers(void)
3278 {
3279     return (SSL3_NUM_CIPHERS);
3280 }
3281
3282 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3283 {
3284     if (u < SSL3_NUM_CIPHERS)
3285         return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
3286     else
3287         return (NULL);
3288 }
3289
3290 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3291 {
3292     /* No header in the event of a CCS */
3293     if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3294         return 1;
3295
3296     /* Set the content type and 3 bytes for the message len */
3297     if (!WPACKET_put_bytes_u8(pkt, htype)
3298             || !WPACKET_start_sub_packet_u24(pkt))
3299         return 0;
3300
3301     return 1;
3302 }
3303
3304 int ssl3_handshake_write(SSL *s)
3305 {
3306     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3307 }
3308
3309 int ssl3_new(SSL *s)
3310 {
3311     SSL3_STATE *s3;
3312
3313     if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3314         goto err;
3315     s->s3 = s3;
3316
3317 #ifndef OPENSSL_NO_SRP
3318     if (!SSL_SRP_CTX_init(s))
3319         goto err;
3320 #endif
3321
3322     if (!s->method->ssl_clear(s))
3323         return 0;
3324
3325     return 1;
3326  err:
3327     return 0;
3328 }
3329
3330 void ssl3_free(SSL *s)
3331 {
3332     if (s == NULL || s->s3 == NULL)
3333         return;
3334
3335     ssl3_cleanup_key_block(s);
3336
3337 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3338     EVP_PKEY_free(s->s3->peer_tmp);
3339     s->s3->peer_tmp = NULL;
3340     EVP_PKEY_free(s->s3->tmp.pkey);
3341     s->s3->tmp.pkey = NULL;
3342 #endif
3343
3344     OPENSSL_free(s->s3->tmp.ctype);
3345     sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3346     OPENSSL_free(s->s3->tmp.ciphers_raw);
3347     OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3348     OPENSSL_free(s->s3->tmp.peer_sigalgs);
3349     ssl3_free_digest_list(s);
3350     OPENSSL_free(s->s3->alpn_selected);
3351     OPENSSL_free(s->s3->alpn_proposed);
3352
3353 #ifndef OPENSSL_NO_SRP
3354     SSL_SRP_CTX_free(s);
3355 #endif
3356     OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3357     s->s3 = NULL;
3358 }
3359
3360 int ssl3_clear(SSL *s)
3361 {
3362     ssl3_cleanup_key_block(s);
3363     OPENSSL_free(s->s3->tmp.ctype);
3364     sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3365     OPENSSL_free(s->s3->tmp.ciphers_raw);
3366     OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3367     OPENSSL_free(s->s3->tmp.peer_sigalgs);
3368
3369 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3370     EVP_PKEY_free(s->s3->tmp.pkey);
3371     EVP_PKEY_free(s->s3->peer_tmp);
3372 #endif                          /* !OPENSSL_NO_EC */
3373
3374     ssl3_free_digest_list(s);
3375
3376     OPENSSL_free(s->s3->alpn_selected);
3377     OPENSSL_free(s->s3->alpn_proposed);
3378
3379     /* NULL/zero-out everything in the s3 struct */
3380     memset(s->s3, 0, sizeof(*s->s3));
3381
3382     if (!ssl_free_wbio_buffer(s))
3383         return 0;
3384
3385     s->version = SSL3_VERSION;
3386
3387 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3388     OPENSSL_free(s->ext.npn);
3389     s->ext.npn = NULL;
3390     s->ext.npn_len = 0;
3391 #endif
3392
3393     return 1;
3394 }
3395
3396 #ifndef OPENSSL_NO_SRP
3397 static char *srp_password_from_info_cb(SSL *s, void *arg)
3398 {
3399     return OPENSSL_strdup(s->srp_ctx.info);
3400 }
3401 #endif
3402
3403 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3404
3405 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3406 {
3407     int ret = 0;
3408
3409     switch (cmd) {
3410     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3411         break;
3412     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3413         ret = s->s3->num_renegotiations;
3414         break;
3415     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3416         ret = s->s3->num_renegotiations;
3417         s->s3->num_renegotiations = 0;
3418         break;
3419     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3420         ret = s->s3->total_renegotiations;
3421         break;
3422     case SSL_CTRL_GET_FLAGS:
3423         ret = (int)(s->s3->flags);
3424         break;
3425 #ifndef OPENSSL_NO_DH
3426     case SSL_CTRL_SET_TMP_DH:
3427         {
3428             DH *dh = (DH *)parg;
3429             EVP_PKEY *pkdh = NULL;
3430             if (dh == NULL) {
3431                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3432                 return (ret);
3433             }
3434             pkdh = ssl_dh_to_pkey(dh);
3435             if (pkdh == NULL) {
3436                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3437                 return 0;
3438             }
3439             if (!ssl_security(s, SSL_SECOP_TMP_DH,
3440                               EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3441                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3442                 EVP_PKEY_free(pkdh);
3443                 return ret;
3444             }
3445             EVP_PKEY_free(s->cert->dh_tmp);
3446             s->cert->dh_tmp = pkdh;
3447             ret = 1;
3448         }
3449         break;
3450     case SSL_CTRL_SET_TMP_DH_CB:
3451         {
3452             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3453             return (ret);
3454         }
3455     case SSL_CTRL_SET_DH_AUTO:
3456         s->cert->dh_tmp_auto = larg;
3457         return 1;
3458 #endif
3459 #ifndef OPENSSL_NO_EC
3460     case SSL_CTRL_SET_TMP_ECDH:
3461         {
3462             const EC_GROUP *group = NULL;
3463             int nid;
3464
3465             if (parg == NULL) {
3466                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3467                 return 0;
3468             }
3469             group = EC_KEY_get0_group((const EC_KEY *)parg);
3470             if (group == NULL) {
3471                 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3472                 return 0;
3473             }
3474             nid = EC_GROUP_get_curve_name(group);
3475             if (nid == NID_undef)
3476                 return 0;
3477             return tls1_set_groups(&s->ext.supportedgroups,
3478                                    &s->ext.supportedgroups_len,
3479                                    &nid, 1);
3480         }
3481         break;
3482 #endif                          /* !OPENSSL_NO_EC */
3483     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3484         if (larg == TLSEXT_NAMETYPE_host_name) {
3485             size_t len;
3486
3487             OPENSSL_free(s->ext.hostname);
3488             s->ext.hostname = NULL;
3489
3490             ret = 1;
3491             if (parg == NULL)
3492                 break;
3493             len = strlen((char *)parg);
3494             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3495                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3496                 return 0;
3497             }
3498             if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3499                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3500                 return 0;
3501             }
3502         } else {
3503             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3504             return 0;
3505         }
3506         break;
3507     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3508         s->ext.debug_arg = parg;
3509         ret = 1;
3510         break;
3511
3512     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3513         ret = s->ext.status_type;
3514         break;
3515
3516     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3517         s->ext.status_type = larg;
3518         ret = 1;
3519         break;
3520
3521     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3522         *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3523         ret = 1;
3524         break;
3525
3526     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3527         s->ext.ocsp.exts = parg;
3528         ret = 1;
3529         break;
3530
3531     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3532         *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3533         ret = 1;
3534         break;
3535
3536     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3537         s->ext.ocsp.ids = parg;
3538         ret = 1;
3539         break;
3540
3541     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3542         *(unsigned char **)parg = s->ext.ocsp.resp;
3543         if (s->ext.ocsp.resp_len == 0
3544                 || s->ext.ocsp.resp_len > LONG_MAX)
3545             return -1;
3546         return (long)s->ext.ocsp.resp_len;
3547
3548     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3549         OPENSSL_free(s->ext.ocsp.resp);
3550         s->ext.ocsp.resp = parg;
3551         s->ext.ocsp.resp_len = larg;
3552         ret = 1;
3553         break;
3554
3555 #ifndef OPENSSL_NO_HEARTBEATS
3556     case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3557     case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3558     case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3559         break;
3560 #endif
3561
3562     case SSL_CTRL_CHAIN:
3563         if (larg)
3564             return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3565         else
3566             return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3567
3568     case SSL_CTRL_CHAIN_CERT:
3569         if (larg)
3570             return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3571         else
3572             return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3573
3574     case SSL_CTRL_GET_CHAIN_CERTS:
3575         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3576         break;
3577
3578     case SSL_CTRL_SELECT_CURRENT_CERT:
3579         return ssl_cert_select_current(s->cert, (X509 *)parg);
3580
3581     case SSL_CTRL_SET_CURRENT_CERT:
3582         if (larg == SSL_CERT_SET_SERVER) {
3583             const SSL_CIPHER *cipher;
3584             if (!s->server)
3585                 return 0;
3586             cipher = s->s3->tmp.new_cipher;
3587             if (cipher == NULL)
3588                 return 0;
3589             /*
3590              * No certificate for unauthenticated ciphersuites or using SRP
3591              * authentication
3592              */
3593             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3594                 return 2;
3595             if (s->s3->tmp.cert == NULL)
3596                 return 0;
3597             s->cert->key = s->s3->tmp.cert;
3598             return 1;
3599         }
3600         return ssl_cert_set_current(s->cert, larg);
3601
3602 #ifndef OPENSSL_NO_EC
3603     case SSL_CTRL_GET_GROUPS:
3604         {
3605             uint16_t *clist;
3606             size_t clistlen;
3607
3608             if (!s->session)
3609                 return 0;
3610             clist = s->session->ext.supportedgroups;
3611             clistlen = s->session->ext.supportedgroups_len;
3612             if (parg) {
3613                 size_t i;
3614                 int *cptr = parg;
3615                 for (i = 0; i < clistlen; i++) {
3616                     /* TODO(TLS1.3): Handle DH groups here */
3617                     int nid = tls1_ec_curve_id2nid(clist[i], NULL);
3618                     if (nid != 0)
3619                         cptr[i] = nid;
3620                     else
3621                         cptr[i] = TLSEXT_nid_unknown | clist[i];
3622                 }
3623             }
3624             return (int)clistlen;
3625         }
3626
3627     case SSL_CTRL_SET_GROUPS:
3628         return tls1_set_groups(&s->ext.supportedgroups,
3629                                &s->ext.supportedgroups_len, parg, larg);
3630
3631     case SSL_CTRL_SET_GROUPS_LIST:
3632         return tls1_set_groups_list(&s->ext.supportedgroups,
3633                                     &s->ext.supportedgroups_len, parg);
3634
3635     case SSL_CTRL_GET_SHARED_GROUP:
3636         return tls1_shared_group(s, larg);
3637
3638 #endif
3639     case SSL_CTRL_SET_SIGALGS:
3640         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3641
3642     case SSL_CTRL_SET_SIGALGS_LIST:
3643         return tls1_set_sigalgs_list(s->cert, parg, 0);
3644
3645     case SSL_CTRL_SET_CLIENT_SIGALGS:
3646         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3647
3648     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3649         return tls1_set_sigalgs_list(s->cert, parg, 1);
3650
3651     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3652         {
3653             const unsigned char **pctype = parg;
3654             if (s->server || !s->s3->tmp.cert_req)
3655                 return 0;
3656             if (pctype)
3657                 *pctype = s->s3->tmp.ctype;
3658             return s->s3->tmp.ctype_len;
3659         }
3660
3661     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3662         if (!s->server)
3663             return 0;
3664         return ssl3_set_req_cert_type(s->cert, parg, larg);
3665
3666     case SSL_CTRL_BUILD_CERT_CHAIN:
3667         return ssl_build_cert_chain(s, NULL, larg);
3668
3669     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3670         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3671
3672     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3673         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3674
3675     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3676         if (s->s3->tmp.peer_sigalg == NULL)
3677             return 0;
3678         *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3679         return 1;
3680
3681     case SSL_CTRL_GET_SERVER_TMP_KEY:
3682 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3683         if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3684             return 0;
3685         } else {
3686             EVP_PKEY_up_ref(s->s3->peer_tmp);
3687             *(EVP_PKEY **)parg = s->s3->peer_tmp;
3688             return 1;
3689         }
3690 #else
3691         return 0;
3692 #endif
3693 #ifndef OPENSSL_NO_EC
3694     case SSL_CTRL_GET_EC_POINT_FORMATS:
3695         {
3696             SSL_SESSION *sess = s->session;
3697             const unsigned char **pformat = parg;
3698
3699             if (sess == NULL || sess->ext.ecpointformats == NULL)
3700                 return 0;
3701             *pformat = sess->ext.ecpointformats;
3702             return (int)sess->ext.ecpointformats_len;
3703         }
3704 #endif
3705
3706     default:
3707         break;
3708     }
3709     return (ret);
3710 }
3711
3712 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3713 {
3714     int ret = 0;
3715
3716     switch (cmd) {
3717 #ifndef OPENSSL_NO_DH
3718     case SSL_CTRL_SET_TMP_DH_CB:
3719         {
3720             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3721         }
3722         break;
3723 #endif
3724     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3725         s->ext.debug_cb = (void (*)(SSL *, int, int,
3726                                     const unsigned char *, int, void *))fp;
3727         break;
3728
3729     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3730         {
3731             s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3732         }
3733         break;
3734     default:
3735         break;
3736     }
3737     return (ret);
3738 }
3739
3740 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3741 {
3742     switch (cmd) {
3743 #ifndef OPENSSL_NO_DH
3744     case SSL_CTRL_SET_TMP_DH:
3745         {
3746             DH *dh = (DH *)parg;
3747             EVP_PKEY *pkdh = NULL;
3748             if (dh == NULL) {
3749                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3750                 return 0;
3751             }
3752             pkdh = ssl_dh_to_pkey(dh);
3753             if (pkdh == NULL) {
3754                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3755                 return 0;
3756             }
3757             if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3758                                   EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3759                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3760                 EVP_PKEY_free(pkdh);
3761                 return 1;
3762             }
3763             EVP_PKEY_free(ctx->cert->dh_tmp);
3764             ctx->cert->dh_tmp = pkdh;
3765             return 1;
3766         }
3767     case SSL_CTRL_SET_TMP_DH_CB:
3768         {
3769             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3770             return (0);
3771         }
3772     case SSL_CTRL_SET_DH_AUTO:
3773         ctx->cert->dh_tmp_auto = larg;
3774         return 1;
3775 #endif
3776 #ifndef OPENSSL_NO_EC
3777     case SSL_CTRL_SET_TMP_ECDH:
3778         {
3779             const EC_GROUP *group = NULL;
3780             int nid;
3781
3782             if (parg == NULL) {
3783                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3784                 return 0;
3785             }
3786             group = EC_KEY_get0_group((const EC_KEY *)parg);
3787             if (group == NULL) {
3788                 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3789                 return 0;
3790             }
3791             nid = EC_GROUP_get_curve_name(group);
3792             if (nid == NID_undef)
3793                 return 0;
3794             return tls1_set_groups(&ctx->ext.supportedgroups,
3795                                    &ctx->ext.supportedgroups_len,
3796                                    &nid, 1);
3797         }
3798 #endif                          /* !OPENSSL_NO_EC */
3799     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3800         ctx->ext.servername_arg = parg;
3801         break;
3802     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3803     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3804         {
3805             unsigned char *keys = parg;
3806             long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3807                                 sizeof(ctx->ext.tick_hmac_key) +
3808                                 sizeof(ctx->ext.tick_aes_key));
3809             if (keys == NULL)
3810                 return tick_keylen;
3811             if (larg != tick_keylen) {
3812                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3813                 return 0;
3814             }
3815             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3816                 memcpy(ctx->ext.tick_key_name, keys,
3817                        sizeof(ctx->ext.tick_key_name));
3818                 memcpy(ctx->ext.tick_hmac_key,
3819                        keys + sizeof(ctx->ext.tick_key_name),
3820                        sizeof(ctx->ext.tick_hmac_key));
3821                 memcpy(ctx->ext.tick_aes_key,
3822                        keys + sizeof(ctx->ext.tick_key_name) +
3823                        sizeof(ctx->ext.tick_hmac_key),
3824                        sizeof(ctx->ext.tick_aes_key));
3825             } else {
3826                 memcpy(keys, ctx->ext.tick_key_name,
3827                        sizeof(ctx->ext.tick_key_name));
3828                 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3829                        ctx->ext.tick_hmac_key,
3830                        sizeof(ctx->ext.tick_hmac_key));
3831                 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3832                        sizeof(ctx->ext.tick_hmac_key),
3833                        ctx->ext.tick_aes_key,
3834                        sizeof(ctx->ext.tick_aes_key));
3835             }
3836             return 1;
3837         }
3838
3839     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3840         return ctx->ext.status_type;
3841
3842     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3843         ctx->ext.status_type = larg;
3844         break;
3845
3846     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3847         ctx->ext.status_arg = parg;
3848         return 1;
3849
3850     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3851         *(void**)parg = ctx->ext.status_arg;
3852         break;
3853
3854     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3855         *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3856         break;
3857
3858 #ifndef OPENSSL_NO_SRP
3859     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3860         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3861         OPENSSL_free(ctx->srp_ctx.login);
3862         ctx->srp_ctx.login = NULL;
3863         if (parg == NULL)
3864             break;
3865         if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3866             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3867             return 0;
3868         }
3869         if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3870             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3871             return 0;
3872         }
3873         break;
3874     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3875         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3876             srp_password_from_info_cb;
3877         if (ctx->srp_ctx.info != NULL)
3878             OPENSSL_free(ctx->srp_ctx.info);
3879         if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3880             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3881             return 0;
3882         }
3883         break;
3884     case SSL_CTRL_SET_SRP_ARG:
3885         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3886         ctx->srp_ctx.SRP_cb_arg = parg;
3887         break;
3888
3889     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3890         ctx->srp_ctx.strength = larg;
3891         break;
3892 #endif
3893
3894 #ifndef OPENSSL_NO_EC
3895     case SSL_CTRL_SET_GROUPS:
3896         return tls1_set_groups(&ctx->ext.supportedgroups,
3897                                &ctx->ext.supportedgroups_len,
3898                                parg, larg);
3899
3900     case SSL_CTRL_SET_GROUPS_LIST:
3901         return tls1_set_groups_list(&ctx->ext.supportedgroups,
3902                                     &ctx->ext.supportedgroups_len,
3903                                     parg);
3904 #endif
3905     case SSL_CTRL_SET_SIGALGS:
3906         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3907
3908     case SSL_CTRL_SET_SIGALGS_LIST:
3909         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3910
3911     case SSL_CTRL_SET_CLIENT_SIGALGS:
3912         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3913
3914     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3915         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3916
3917     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3918         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3919
3920     case SSL_CTRL_BUILD_CERT_CHAIN:
3921         return ssl_build_cert_chain(NULL, ctx, larg);
3922
3923     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3924         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3925
3926     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3927         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3928
3929         /* A Thawte special :-) */
3930     case SSL_CTRL_EXTRA_CHAIN_CERT:
3931         if (ctx->extra_certs == NULL) {
3932             if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3933                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3934                 return 0;
3935             }
3936         }
3937         if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3938             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3939             return 0;
3940         }
3941         break;
3942
3943     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3944         if (ctx->extra_certs == NULL && larg == 0)
3945             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3946         else
3947             *(STACK_OF(X509) **)parg = ctx->extra_certs;
3948         break;
3949
3950     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3951         sk_X509_pop_free(ctx->extra_certs, X509_free);
3952         ctx->extra_certs = NULL;
3953         break;
3954
3955     case SSL_CTRL_CHAIN:
3956         if (larg)
3957             return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3958         else
3959             return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3960
3961     case SSL_CTRL_CHAIN_CERT:
3962         if (larg)
3963             return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3964         else
3965             return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3966
3967     case SSL_CTRL_GET_CHAIN_CERTS:
3968         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3969         break;
3970
3971     case SSL_CTRL_SELECT_CURRENT_CERT:
3972         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3973
3974     case SSL_CTRL_SET_CURRENT_CERT:
3975         return ssl_cert_set_current(ctx->cert, larg);
3976
3977     default:
3978         return (0);
3979     }
3980     return (1);
3981 }
3982
3983 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3984 {
3985     switch (cmd) {
3986 #ifndef OPENSSL_NO_DH
3987     case SSL_CTRL_SET_TMP_DH_CB:
3988         {
3989             ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3990         }
3991         break;
3992 #endif
3993     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3994         ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3995         break;
3996
3997     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3998         ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3999         break;
4000
4001     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4002         ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,