2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28 const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 * The list of available ciphers, mostly organized into the following
38 * SRP (within that: RSA EC PSK)
39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
42 static SSL_CIPHER ssl3_ciphers[] = {
45 SSL3_TXT_RSA_NULL_MD5,
46 SSL3_RFC_RSA_NULL_MD5,
52 SSL3_VERSION, TLS1_2_VERSION,
53 DTLS1_BAD_VER, DTLS1_2_VERSION,
55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
61 SSL3_TXT_RSA_NULL_SHA,
62 SSL3_RFC_RSA_NULL_SHA,
68 SSL3_VERSION, TLS1_2_VERSION,
69 DTLS1_BAD_VER, DTLS1_2_VERSION,
70 SSL_STRONG_NONE | SSL_FIPS,
71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 SSL3_CK_RSA_DES_192_CBC3_SHA,
85 SSL3_VERSION, TLS1_2_VERSION,
86 DTLS1_BAD_VER, DTLS1_2_VERSION,
87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
101 SSL3_VERSION, TLS1_2_VERSION,
102 DTLS1_BAD_VER, DTLS1_2_VERSION,
103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
117 SSL3_VERSION, TLS1_2_VERSION,
118 DTLS1_BAD_VER, DTLS1_2_VERSION,
119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
127 SSL3_RFC_ADH_DES_192_CBC_SHA,
128 SSL3_CK_ADH_DES_192_CBC_SHA,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
144 TLS1_RFC_RSA_WITH_AES_128_SHA,
145 TLS1_CK_RSA_WITH_AES_128_SHA,
150 SSL3_VERSION, TLS1_2_VERSION,
151 DTLS1_BAD_VER, DTLS1_2_VERSION,
153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
166 SSL3_VERSION, TLS1_2_VERSION,
167 DTLS1_BAD_VER, DTLS1_2_VERSION,
168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
192 TLS1_RFC_ADH_WITH_AES_128_SHA,
193 TLS1_CK_ADH_WITH_AES_128_SHA,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
208 TLS1_RFC_RSA_WITH_AES_256_SHA,
209 TLS1_CK_RSA_WITH_AES_256_SHA,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
256 TLS1_RFC_ADH_WITH_AES_256_SHA,
257 TLS1_CK_ADH_WITH_AES_256_SHA,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
272 TLS1_RFC_RSA_WITH_NULL_SHA256,
273 TLS1_CK_RSA_WITH_NULL_SHA256,
278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
280 SSL_STRONG_NONE | SSL_FIPS,
281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 TLS1_CK_RSA_WITH_AES_128_SHA256,
294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 TLS1_CK_RSA_WITH_AES_256_SHA256,
310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 TLS1_CK_ADH_WITH_AES_256_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
543 TLS1_TXT_RSA_WITH_AES_128_CCM,
544 TLS1_RFC_RSA_WITH_AES_128_CCM,
545 TLS1_CK_RSA_WITH_AES_128_CCM,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
559 TLS1_TXT_RSA_WITH_AES_256_CCM,
560 TLS1_RFC_RSA_WITH_AES_256_CCM,
561 TLS1_CK_RSA_WITH_AES_256_CCM,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 TLS1_TXT_PSK_WITH_AES_128_CCM,
672 TLS1_RFC_PSK_WITH_AES_128_CCM,
673 TLS1_CK_PSK_WITH_AES_128_CCM,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 TLS1_TXT_PSK_WITH_AES_256_CCM,
688 TLS1_RFC_PSK_WITH_AES_256_CCM,
689 TLS1_CK_PSK_WITH_AES_256_CCM,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
808 SSL_NOT_DEFAULT | SSL_HIGH,
809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
864 TLS1_3_RFC_AES_128_GCM_SHA256,
865 TLS1_3_CK_AES_128_GCM_SHA256,
869 TLS1_3_VERSION, TLS1_3_VERSION,
873 SSL_HANDSHAKE_MAC_SHA256,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
880 TLS1_3_RFC_AES_256_GCM_SHA384,
881 TLS1_3_CK_AES_256_GCM_SHA384,
886 TLS1_3_VERSION, TLS1_3_VERSION,
889 SSL_HANDSHAKE_MAC_SHA384,
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 SSL_CHACHA20POLY1305,
903 TLS1_3_VERSION, TLS1_3_VERSION,
906 SSL_HANDSHAKE_MAC_SHA256,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
914 TLS1_3_RFC_AES_128_CCM_SHA256,
915 TLS1_3_CK_AES_128_CCM_SHA256,
920 TLS1_3_VERSION, TLS1_3_VERSION,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 TLS1_3_CK_AES_128_CCM_8_SHA256,
936 TLS1_3_VERSION, TLS1_3_VERSION,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
944 #ifndef OPENSSL_NO_EC
947 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
948 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
954 TLS1_VERSION, TLS1_2_VERSION,
955 DTLS1_BAD_VER, DTLS1_2_VERSION,
956 SSL_STRONG_NONE | SSL_FIPS,
957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
961 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
964 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
971 TLS1_VERSION, TLS1_2_VERSION,
972 DTLS1_BAD_VER, DTLS1_2_VERSION,
973 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
981 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
988 TLS1_VERSION, TLS1_2_VERSION,
989 DTLS1_BAD_VER, DTLS1_2_VERSION,
991 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
997 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1004 TLS1_VERSION, TLS1_2_VERSION,
1005 DTLS1_BAD_VER, DTLS1_2_VERSION,
1006 SSL_HIGH | SSL_FIPS,
1007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1013 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1014 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1020 TLS1_VERSION, TLS1_2_VERSION,
1021 DTLS1_BAD_VER, DTLS1_2_VERSION,
1022 SSL_STRONG_NONE | SSL_FIPS,
1023 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1027 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1030 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1037 TLS1_VERSION, TLS1_2_VERSION,
1038 DTLS1_BAD_VER, DTLS1_2_VERSION,
1039 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1040 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1047 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1054 TLS1_VERSION, TLS1_2_VERSION,
1055 DTLS1_BAD_VER, DTLS1_2_VERSION,
1056 SSL_HIGH | SSL_FIPS,
1057 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1063 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1070 TLS1_VERSION, TLS1_2_VERSION,
1071 DTLS1_BAD_VER, DTLS1_2_VERSION,
1072 SSL_HIGH | SSL_FIPS,
1073 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1079 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1080 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1086 TLS1_VERSION, TLS1_2_VERSION,
1087 DTLS1_BAD_VER, DTLS1_2_VERSION,
1088 SSL_STRONG_NONE | SSL_FIPS,
1089 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1093 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1096 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1103 TLS1_VERSION, TLS1_2_VERSION,
1104 DTLS1_BAD_VER, DTLS1_2_VERSION,
1105 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1106 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1113 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1114 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1120 TLS1_VERSION, TLS1_2_VERSION,
1121 DTLS1_BAD_VER, DTLS1_2_VERSION,
1122 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1123 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1129 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1130 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1136 TLS1_VERSION, TLS1_2_VERSION,
1137 DTLS1_BAD_VER, DTLS1_2_VERSION,
1138 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1139 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1145 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1152 TLS1_2_VERSION, TLS1_2_VERSION,
1153 DTLS1_2_VERSION, DTLS1_2_VERSION,
1154 SSL_HIGH | SSL_FIPS,
1155 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1161 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1168 TLS1_2_VERSION, TLS1_2_VERSION,
1169 DTLS1_2_VERSION, DTLS1_2_VERSION,
1170 SSL_HIGH | SSL_FIPS,
1171 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1177 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1178 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1184 TLS1_2_VERSION, TLS1_2_VERSION,
1185 DTLS1_2_VERSION, DTLS1_2_VERSION,
1186 SSL_HIGH | SSL_FIPS,
1187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1193 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1194 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1200 TLS1_2_VERSION, TLS1_2_VERSION,
1201 DTLS1_2_VERSION, DTLS1_2_VERSION,
1202 SSL_HIGH | SSL_FIPS,
1203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1209 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1216 TLS1_2_VERSION, TLS1_2_VERSION,
1217 DTLS1_2_VERSION, DTLS1_2_VERSION,
1218 SSL_HIGH | SSL_FIPS,
1219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1225 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1232 TLS1_2_VERSION, TLS1_2_VERSION,
1233 DTLS1_2_VERSION, DTLS1_2_VERSION,
1234 SSL_HIGH | SSL_FIPS,
1235 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1241 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1248 TLS1_2_VERSION, TLS1_2_VERSION,
1249 DTLS1_2_VERSION, DTLS1_2_VERSION,
1250 SSL_HIGH | SSL_FIPS,
1251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1257 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1264 TLS1_2_VERSION, TLS1_2_VERSION,
1265 DTLS1_2_VERSION, DTLS1_2_VERSION,
1266 SSL_HIGH | SSL_FIPS,
1267 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1271 #endif /* OPENSSL_NO_EC */
1273 #ifndef OPENSSL_NO_PSK
1276 TLS1_TXT_PSK_WITH_NULL_SHA,
1277 TLS1_RFC_PSK_WITH_NULL_SHA,
1278 TLS1_CK_PSK_WITH_NULL_SHA,
1283 SSL3_VERSION, TLS1_2_VERSION,
1284 DTLS1_BAD_VER, DTLS1_2_VERSION,
1285 SSL_STRONG_NONE | SSL_FIPS,
1286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1292 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1294 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1299 SSL3_VERSION, TLS1_2_VERSION,
1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
1301 SSL_STRONG_NONE | SSL_FIPS,
1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1308 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1310 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1315 SSL3_VERSION, TLS1_2_VERSION,
1316 DTLS1_BAD_VER, DTLS1_2_VERSION,
1317 SSL_STRONG_NONE | SSL_FIPS,
1318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1322 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1325 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1327 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1332 SSL3_VERSION, TLS1_2_VERSION,
1333 DTLS1_BAD_VER, DTLS1_2_VERSION,
1334 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1342 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1344 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1349 SSL3_VERSION, TLS1_2_VERSION,
1350 DTLS1_BAD_VER, DTLS1_2_VERSION,
1351 SSL_HIGH | SSL_FIPS,
1352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1358 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1360 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1365 SSL3_VERSION, TLS1_2_VERSION,
1366 DTLS1_BAD_VER, DTLS1_2_VERSION,
1367 SSL_HIGH | SSL_FIPS,
1368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1372 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1375 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1382 SSL3_VERSION, TLS1_2_VERSION,
1383 DTLS1_BAD_VER, DTLS1_2_VERSION,
1384 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1392 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_BAD_VER, DTLS1_2_VERSION,
1401 SSL_HIGH | SSL_FIPS,
1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1408 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1415 SSL3_VERSION, TLS1_2_VERSION,
1416 DTLS1_BAD_VER, DTLS1_2_VERSION,
1417 SSL_HIGH | SSL_FIPS,
1418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1422 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1425 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1432 SSL3_VERSION, TLS1_2_VERSION,
1433 DTLS1_BAD_VER, DTLS1_2_VERSION,
1434 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1442 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1449 SSL3_VERSION, TLS1_2_VERSION,
1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
1451 SSL_HIGH | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1458 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1465 SSL3_VERSION, TLS1_2_VERSION,
1466 DTLS1_BAD_VER, DTLS1_2_VERSION,
1467 SSL_HIGH | SSL_FIPS,
1468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1474 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1481 TLS1_2_VERSION, TLS1_2_VERSION,
1482 DTLS1_2_VERSION, DTLS1_2_VERSION,
1483 SSL_HIGH | SSL_FIPS,
1484 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1490 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1497 TLS1_2_VERSION, TLS1_2_VERSION,
1498 DTLS1_2_VERSION, DTLS1_2_VERSION,
1499 SSL_HIGH | SSL_FIPS,
1500 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1506 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1513 TLS1_2_VERSION, TLS1_2_VERSION,
1514 DTLS1_2_VERSION, DTLS1_2_VERSION,
1515 SSL_HIGH | SSL_FIPS,
1516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1522 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1529 TLS1_2_VERSION, TLS1_2_VERSION,
1530 DTLS1_2_VERSION, DTLS1_2_VERSION,
1531 SSL_HIGH | SSL_FIPS,
1532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1538 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1545 TLS1_2_VERSION, TLS1_2_VERSION,
1546 DTLS1_2_VERSION, DTLS1_2_VERSION,
1547 SSL_HIGH | SSL_FIPS,
1548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1554 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1561 TLS1_2_VERSION, TLS1_2_VERSION,
1562 DTLS1_2_VERSION, DTLS1_2_VERSION,
1563 SSL_HIGH | SSL_FIPS,
1564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1570 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1577 TLS1_VERSION, TLS1_2_VERSION,
1578 DTLS1_BAD_VER, DTLS1_2_VERSION,
1579 SSL_HIGH | SSL_FIPS,
1580 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1593 TLS1_VERSION, TLS1_2_VERSION,
1594 DTLS1_BAD_VER, DTLS1_2_VERSION,
1595 SSL_HIGH | SSL_FIPS,
1596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1602 TLS1_TXT_PSK_WITH_NULL_SHA256,
1603 TLS1_RFC_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_PSK_WITH_NULL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_BAD_VER, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618 TLS1_TXT_PSK_WITH_NULL_SHA384,
1619 TLS1_RFC_PSK_WITH_NULL_SHA384,
1620 TLS1_CK_PSK_WITH_NULL_SHA384,
1625 TLS1_VERSION, TLS1_2_VERSION,
1626 DTLS1_BAD_VER, DTLS1_2_VERSION,
1627 SSL_STRONG_NONE | SSL_FIPS,
1628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1634 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1641 TLS1_VERSION, TLS1_2_VERSION,
1642 DTLS1_BAD_VER, DTLS1_2_VERSION,
1643 SSL_HIGH | SSL_FIPS,
1644 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1650 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1657 TLS1_VERSION, TLS1_2_VERSION,
1658 DTLS1_BAD_VER, DTLS1_2_VERSION,
1659 SSL_HIGH | SSL_FIPS,
1660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1666 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1673 TLS1_VERSION, TLS1_2_VERSION,
1674 DTLS1_BAD_VER, DTLS1_2_VERSION,
1675 SSL_STRONG_NONE | SSL_FIPS,
1676 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1682 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1689 TLS1_VERSION, TLS1_2_VERSION,
1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
1691 SSL_STRONG_NONE | SSL_FIPS,
1692 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1698 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_HIGH | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1714 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1721 TLS1_VERSION, TLS1_2_VERSION,
1722 DTLS1_BAD_VER, DTLS1_2_VERSION,
1723 SSL_HIGH | SSL_FIPS,
1724 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1730 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1737 TLS1_VERSION, TLS1_2_VERSION,
1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
1739 SSL_STRONG_NONE | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1746 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_STRONG_NONE | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1760 # ifndef OPENSSL_NO_EC
1761 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1764 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1771 TLS1_VERSION, TLS1_2_VERSION,
1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
1773 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1781 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1788 TLS1_VERSION, TLS1_2_VERSION,
1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
1790 SSL_HIGH | SSL_FIPS,
1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1797 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1804 TLS1_VERSION, TLS1_2_VERSION,
1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
1806 SSL_HIGH | SSL_FIPS,
1807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1813 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1820 TLS1_VERSION, TLS1_2_VERSION,
1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
1822 SSL_HIGH | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1829 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1836 TLS1_VERSION, TLS1_2_VERSION,
1837 DTLS1_BAD_VER, DTLS1_2_VERSION,
1838 SSL_HIGH | SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1845 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1852 TLS1_VERSION, TLS1_2_VERSION,
1853 DTLS1_BAD_VER, DTLS1_2_VERSION,
1854 SSL_STRONG_NONE | SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1861 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1868 TLS1_VERSION, TLS1_2_VERSION,
1869 DTLS1_BAD_VER, DTLS1_2_VERSION,
1870 SSL_STRONG_NONE | SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1877 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1884 TLS1_VERSION, TLS1_2_VERSION,
1885 DTLS1_BAD_VER, DTLS1_2_VERSION,
1886 SSL_STRONG_NONE | SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891 # endif /* OPENSSL_NO_EC */
1892 #endif /* OPENSSL_NO_PSK */
1894 #ifndef OPENSSL_NO_SRP
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1898 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1905 SSL3_VERSION, TLS1_2_VERSION,
1906 DTLS1_BAD_VER, DTLS1_2_VERSION,
1907 SSL_NOT_DEFAULT | SSL_MEDIUM,
1908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1921 SSL3_VERSION, TLS1_2_VERSION,
1922 DTLS1_BAD_VER, DTLS1_2_VERSION,
1923 SSL_NOT_DEFAULT | SSL_MEDIUM,
1924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1930 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1937 SSL3_VERSION, TLS1_2_VERSION,
1938 DTLS1_BAD_VER, DTLS1_2_VERSION,
1939 SSL_NOT_DEFAULT | SSL_MEDIUM,
1940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1947 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1954 SSL3_VERSION, TLS1_2_VERSION,
1955 DTLS1_BAD_VER, DTLS1_2_VERSION,
1957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1970 SSL3_VERSION, TLS1_2_VERSION,
1971 DTLS1_BAD_VER, DTLS1_2_VERSION,
1973 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1986 SSL3_VERSION, TLS1_2_VERSION,
1987 DTLS1_BAD_VER, DTLS1_2_VERSION,
1988 SSL_NOT_DEFAULT | SSL_HIGH,
1989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1995 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2002 SSL3_VERSION, TLS1_2_VERSION,
2003 DTLS1_BAD_VER, DTLS1_2_VERSION,
2005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2018 SSL3_VERSION, TLS1_2_VERSION,
2019 DTLS1_BAD_VER, DTLS1_2_VERSION,
2021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2034 SSL3_VERSION, TLS1_2_VERSION,
2035 DTLS1_BAD_VER, DTLS1_2_VERSION,
2036 SSL_NOT_DEFAULT | SSL_HIGH,
2037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2041 #endif /* OPENSSL_NO_SRP */
2043 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2044 # ifndef OPENSSL_NO_RSA
2047 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2048 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2049 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2052 SSL_CHACHA20POLY1305,
2054 TLS1_2_VERSION, TLS1_2_VERSION,
2055 DTLS1_2_VERSION, DTLS1_2_VERSION,
2057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2061 # endif /* OPENSSL_NO_RSA */
2063 # ifndef OPENSSL_NO_EC
2066 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2067 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2068 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2071 SSL_CHACHA20POLY1305,
2073 TLS1_2_VERSION, TLS1_2_VERSION,
2074 DTLS1_2_VERSION, DTLS1_2_VERSION,
2076 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2083 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2084 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2087 SSL_CHACHA20POLY1305,
2089 TLS1_2_VERSION, TLS1_2_VERSION,
2090 DTLS1_2_VERSION, DTLS1_2_VERSION,
2092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2096 # endif /* OPENSSL_NO_EC */
2098 # ifndef OPENSSL_NO_PSK
2101 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2102 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2103 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2106 SSL_CHACHA20POLY1305,
2108 TLS1_2_VERSION, TLS1_2_VERSION,
2109 DTLS1_2_VERSION, DTLS1_2_VERSION,
2111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2117 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2118 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2119 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2122 SSL_CHACHA20POLY1305,
2124 TLS1_2_VERSION, TLS1_2_VERSION,
2125 DTLS1_2_VERSION, DTLS1_2_VERSION,
2127 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2133 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2134 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2135 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2138 SSL_CHACHA20POLY1305,
2140 TLS1_2_VERSION, TLS1_2_VERSION,
2141 DTLS1_2_VERSION, DTLS1_2_VERSION,
2143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2150 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2151 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2154 SSL_CHACHA20POLY1305,
2156 TLS1_2_VERSION, TLS1_2_VERSION,
2157 DTLS1_2_VERSION, DTLS1_2_VERSION,
2159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2163 # endif /* OPENSSL_NO_PSK */
2164 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2165 * !defined(OPENSSL_NO_POLY1305) */
2167 #ifndef OPENSSL_NO_CAMELLIA
2170 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2171 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2177 TLS1_2_VERSION, TLS1_2_VERSION,
2178 DTLS1_2_VERSION, DTLS1_2_VERSION,
2179 SSL_NOT_DEFAULT | SSL_HIGH,
2180 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2186 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2187 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2193 TLS1_2_VERSION, TLS1_2_VERSION,
2194 DTLS1_2_VERSION, DTLS1_2_VERSION,
2195 SSL_NOT_DEFAULT | SSL_HIGH,
2196 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2202 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2203 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209 TLS1_2_VERSION, TLS1_2_VERSION,
2210 DTLS1_2_VERSION, DTLS1_2_VERSION,
2211 SSL_NOT_DEFAULT | SSL_HIGH,
2212 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2218 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2219 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2220 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2225 TLS1_2_VERSION, TLS1_2_VERSION,
2226 DTLS1_2_VERSION, DTLS1_2_VERSION,
2227 SSL_NOT_DEFAULT | SSL_HIGH,
2228 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2234 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2235 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2241 TLS1_2_VERSION, TLS1_2_VERSION,
2242 DTLS1_2_VERSION, DTLS1_2_VERSION,
2243 SSL_NOT_DEFAULT | SSL_HIGH,
2244 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2250 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2251 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2257 TLS1_2_VERSION, TLS1_2_VERSION,
2258 DTLS1_2_VERSION, DTLS1_2_VERSION,
2259 SSL_NOT_DEFAULT | SSL_HIGH,
2260 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2266 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2267 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273 TLS1_2_VERSION, TLS1_2_VERSION,
2274 DTLS1_2_VERSION, DTLS1_2_VERSION,
2275 SSL_NOT_DEFAULT | SSL_HIGH,
2276 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2282 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2283 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2284 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2289 TLS1_2_VERSION, TLS1_2_VERSION,
2290 DTLS1_2_VERSION, DTLS1_2_VERSION,
2291 SSL_NOT_DEFAULT | SSL_HIGH,
2292 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2298 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2299 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2305 SSL3_VERSION, TLS1_2_VERSION,
2306 DTLS1_BAD_VER, DTLS1_2_VERSION,
2307 SSL_NOT_DEFAULT | SSL_HIGH,
2308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2314 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2315 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2321 SSL3_VERSION, TLS1_2_VERSION,
2322 DTLS1_BAD_VER, DTLS1_2_VERSION,
2323 SSL_NOT_DEFAULT | SSL_HIGH,
2324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2330 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2331 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337 SSL3_VERSION, TLS1_2_VERSION,
2338 DTLS1_BAD_VER, DTLS1_2_VERSION,
2339 SSL_NOT_DEFAULT | SSL_HIGH,
2340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2346 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2347 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2348 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2353 SSL3_VERSION, TLS1_2_VERSION,
2354 DTLS1_BAD_VER, DTLS1_2_VERSION,
2355 SSL_NOT_DEFAULT | SSL_HIGH,
2356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2362 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2363 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2369 SSL3_VERSION, TLS1_2_VERSION,
2370 DTLS1_BAD_VER, DTLS1_2_VERSION,
2371 SSL_NOT_DEFAULT | SSL_HIGH,
2372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2378 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2379 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2385 SSL3_VERSION, TLS1_2_VERSION,
2386 DTLS1_BAD_VER, DTLS1_2_VERSION,
2387 SSL_NOT_DEFAULT | SSL_HIGH,
2388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2394 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2395 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401 SSL3_VERSION, TLS1_2_VERSION,
2402 DTLS1_BAD_VER, DTLS1_2_VERSION,
2403 SSL_NOT_DEFAULT | SSL_HIGH,
2404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2410 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2411 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2412 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2417 SSL3_VERSION, TLS1_2_VERSION,
2418 DTLS1_BAD_VER, DTLS1_2_VERSION,
2419 SSL_NOT_DEFAULT | SSL_HIGH,
2420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425 # ifndef OPENSSL_NO_EC
2428 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2429 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2435 TLS1_2_VERSION, TLS1_2_VERSION,
2436 DTLS1_2_VERSION, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2444 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2445 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2451 TLS1_2_VERSION, TLS1_2_VERSION,
2452 DTLS1_2_VERSION, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2460 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2461 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2476 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2477 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_2_VERSION, TLS1_2_VERSION,
2484 DTLS1_2_VERSION, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2490 # endif /* OPENSSL_NO_EC */
2492 # ifndef OPENSSL_NO_PSK
2495 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2496 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2502 TLS1_VERSION, TLS1_2_VERSION,
2503 DTLS1_BAD_VER, DTLS1_2_VERSION,
2504 SSL_NOT_DEFAULT | SSL_HIGH,
2505 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2511 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2512 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2518 TLS1_VERSION, TLS1_2_VERSION,
2519 DTLS1_BAD_VER, DTLS1_2_VERSION,
2520 SSL_NOT_DEFAULT | SSL_HIGH,
2521 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2527 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2534 TLS1_VERSION, TLS1_2_VERSION,
2535 DTLS1_BAD_VER, DTLS1_2_VERSION,
2536 SSL_NOT_DEFAULT | SSL_HIGH,
2537 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2543 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2550 TLS1_VERSION, TLS1_2_VERSION,
2551 DTLS1_BAD_VER, DTLS1_2_VERSION,
2552 SSL_NOT_DEFAULT | SSL_HIGH,
2553 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2559 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2566 TLS1_VERSION, TLS1_2_VERSION,
2567 DTLS1_BAD_VER, DTLS1_2_VERSION,
2568 SSL_NOT_DEFAULT | SSL_HIGH,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2575 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2582 TLS1_VERSION, TLS1_2_VERSION,
2583 DTLS1_BAD_VER, DTLS1_2_VERSION,
2584 SSL_NOT_DEFAULT | SSL_HIGH,
2585 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2591 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2598 TLS1_VERSION, TLS1_2_VERSION,
2599 DTLS1_BAD_VER, DTLS1_2_VERSION,
2600 SSL_NOT_DEFAULT | SSL_HIGH,
2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2607 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2614 TLS1_VERSION, TLS1_2_VERSION,
2615 DTLS1_BAD_VER, DTLS1_2_VERSION,
2616 SSL_NOT_DEFAULT | SSL_HIGH,
2617 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2621 # endif /* OPENSSL_NO_PSK */
2623 #endif /* OPENSSL_NO_CAMELLIA */
2625 #ifndef OPENSSL_NO_GOST
2628 "GOST2001-GOST89-GOST89",
2629 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2633 SSL_eGOST2814789CNT,
2635 TLS1_VERSION, TLS1_2_VERSION,
2638 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2644 "GOST2001-NULL-GOST94",
2645 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2651 TLS1_VERSION, TLS1_2_VERSION,
2654 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2660 "GOST2012-GOST8912-GOST8912",
2664 SSL_aGOST12 | SSL_aGOST01,
2665 SSL_eGOST2814789CNT12,
2667 TLS1_VERSION, TLS1_2_VERSION,
2670 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2676 "GOST2012-NULL-GOST12",
2680 SSL_aGOST12 | SSL_aGOST01,
2683 TLS1_VERSION, TLS1_2_VERSION,
2686 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2690 #endif /* OPENSSL_NO_GOST */
2692 #ifndef OPENSSL_NO_IDEA
2695 SSL3_TXT_RSA_IDEA_128_SHA,
2696 SSL3_RFC_RSA_IDEA_128_SHA,
2697 SSL3_CK_RSA_IDEA_128_SHA,
2702 SSL3_VERSION, TLS1_1_VERSION,
2703 DTLS1_BAD_VER, DTLS1_VERSION,
2704 SSL_NOT_DEFAULT | SSL_MEDIUM,
2705 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2711 #ifndef OPENSSL_NO_SEED
2714 TLS1_TXT_RSA_WITH_SEED_SHA,
2715 TLS1_RFC_RSA_WITH_SEED_SHA,
2716 TLS1_CK_RSA_WITH_SEED_SHA,
2721 SSL3_VERSION, TLS1_2_VERSION,
2722 DTLS1_BAD_VER, DTLS1_2_VERSION,
2723 SSL_NOT_DEFAULT | SSL_MEDIUM,
2724 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2730 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2731 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2732 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2737 SSL3_VERSION, TLS1_2_VERSION,
2738 DTLS1_BAD_VER, DTLS1_2_VERSION,
2739 SSL_NOT_DEFAULT | SSL_MEDIUM,
2740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2746 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2747 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2748 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2753 SSL3_VERSION, TLS1_2_VERSION,
2754 DTLS1_BAD_VER, DTLS1_2_VERSION,
2755 SSL_NOT_DEFAULT | SSL_MEDIUM,
2756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2762 TLS1_TXT_ADH_WITH_SEED_SHA,
2763 TLS1_RFC_ADH_WITH_SEED_SHA,
2764 TLS1_CK_ADH_WITH_SEED_SHA,
2769 SSL3_VERSION, TLS1_2_VERSION,
2770 DTLS1_BAD_VER, DTLS1_2_VERSION,
2771 SSL_NOT_DEFAULT | SSL_MEDIUM,
2772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776 #endif /* OPENSSL_NO_SEED */
2778 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2781 SSL3_TXT_RSA_RC4_128_MD5,
2782 SSL3_RFC_RSA_RC4_128_MD5,
2783 SSL3_CK_RSA_RC4_128_MD5,
2788 SSL3_VERSION, TLS1_2_VERSION,
2790 SSL_NOT_DEFAULT | SSL_MEDIUM,
2791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2797 SSL3_TXT_RSA_RC4_128_SHA,
2798 SSL3_RFC_RSA_RC4_128_SHA,
2799 SSL3_CK_RSA_RC4_128_SHA,
2804 SSL3_VERSION, TLS1_2_VERSION,
2806 SSL_NOT_DEFAULT | SSL_MEDIUM,
2807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2813 SSL3_TXT_ADH_RC4_128_MD5,
2814 SSL3_RFC_ADH_RC4_128_MD5,
2815 SSL3_CK_ADH_RC4_128_MD5,
2820 SSL3_VERSION, TLS1_2_VERSION,
2822 SSL_NOT_DEFAULT | SSL_MEDIUM,
2823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2828 # ifndef OPENSSL_NO_EC
2831 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2832 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2833 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2838 TLS1_VERSION, TLS1_2_VERSION,
2840 SSL_NOT_DEFAULT | SSL_MEDIUM,
2841 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2847 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2848 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2849 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2854 TLS1_VERSION, TLS1_2_VERSION,
2856 SSL_NOT_DEFAULT | SSL_MEDIUM,
2857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2863 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2864 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2865 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2870 TLS1_VERSION, TLS1_2_VERSION,
2872 SSL_NOT_DEFAULT | SSL_MEDIUM,
2873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2879 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2880 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2881 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2886 TLS1_VERSION, TLS1_2_VERSION,
2888 SSL_NOT_DEFAULT | SSL_MEDIUM,
2889 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2893 # endif /* OPENSSL_NO_EC */
2895 # ifndef OPENSSL_NO_PSK
2898 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2899 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2900 TLS1_CK_PSK_WITH_RC4_128_SHA,
2905 SSL3_VERSION, TLS1_2_VERSION,
2907 SSL_NOT_DEFAULT | SSL_MEDIUM,
2908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2915 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2916 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2921 SSL3_VERSION, TLS1_2_VERSION,
2923 SSL_NOT_DEFAULT | SSL_MEDIUM,
2924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2930 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2931 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2932 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2937 SSL3_VERSION, TLS1_2_VERSION,
2939 SSL_NOT_DEFAULT | SSL_MEDIUM,
2940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2944 # endif /* OPENSSL_NO_PSK */
2946 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2951 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2952 * values stuffed into the ciphers field of the wire protocol for signalling
2955 static SSL_CIPHER ssl3_scsvs[] = {
2958 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2959 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2961 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2965 "TLS_FALLBACK_SCSV",
2966 "TLS_FALLBACK_SCSV",
2967 SSL3_CK_FALLBACK_SCSV,
2968 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2972 static int cipher_compare(const void *a, const void *b)
2974 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2975 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2977 if (ap->id == bp->id)
2979 return ap->id < bp->id ? -1 : 1;
2982 void ssl_sort_cipher_list(void)
2984 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2986 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2989 const SSL3_ENC_METHOD SSLv3_enc_data = {
2992 ssl3_setup_key_block,
2993 ssl3_generate_master_secret,
2994 ssl3_change_cipher_state,
2995 ssl3_final_finish_mac,
2996 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2997 SSL3_MD_SERVER_FINISHED_CONST, 4,
2999 (int (*)(SSL *, unsigned char *, size_t, const char *,
3000 size_t, const unsigned char *, size_t,
3001 int use_context))ssl_undefined_function,
3003 ssl3_set_handshake_header,
3004 tls_close_construct_packet,
3005 ssl3_handshake_write
3008 long ssl3_default_timeout(void)
3011 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3012 * http, the cache would over fill
3014 return (60 * 60 * 2);
3017 int ssl3_num_ciphers(void)
3019 return (SSL3_NUM_CIPHERS);
3022 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3024 if (u < SSL3_NUM_CIPHERS)
3025 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
3030 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3032 /* No header in the event of a CCS */
3033 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3036 /* Set the content type and 3 bytes for the message len */
3037 if (!WPACKET_put_bytes_u8(pkt, htype)
3038 || !WPACKET_start_sub_packet_u24(pkt))
3044 int ssl3_handshake_write(SSL *s)
3046 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3049 int ssl3_new(SSL *s)
3053 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3057 #ifndef OPENSSL_NO_SRP
3058 if (!SSL_SRP_CTX_init(s))
3062 if (!s->method->ssl_clear(s))
3070 void ssl3_free(SSL *s)
3072 if (s == NULL || s->s3 == NULL)
3075 ssl3_cleanup_key_block(s);
3077 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3078 EVP_PKEY_free(s->s3->peer_tmp);
3079 s->s3->peer_tmp = NULL;
3080 EVP_PKEY_free(s->s3->tmp.pkey);
3081 s->s3->tmp.pkey = NULL;
3084 OPENSSL_free(s->s3->tmp.ctype);
3085 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3086 OPENSSL_free(s->s3->tmp.ciphers_raw);
3087 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3088 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3089 ssl3_free_digest_list(s);
3090 OPENSSL_free(s->s3->alpn_selected);
3091 OPENSSL_free(s->s3->alpn_proposed);
3093 #ifndef OPENSSL_NO_SRP
3094 SSL_SRP_CTX_free(s);
3096 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3100 int ssl3_clear(SSL *s)
3102 ssl3_cleanup_key_block(s);
3103 OPENSSL_free(s->s3->tmp.ctype);
3104 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3105 OPENSSL_free(s->s3->tmp.ciphers_raw);
3106 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3107 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3109 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3110 EVP_PKEY_free(s->s3->tmp.pkey);
3111 EVP_PKEY_free(s->s3->peer_tmp);
3112 #endif /* !OPENSSL_NO_EC */
3114 ssl3_free_digest_list(s);
3116 OPENSSL_free(s->s3->alpn_selected);
3117 OPENSSL_free(s->s3->alpn_proposed);
3119 /* NULL/zero-out everything in the s3 struct */
3120 memset(s->s3, 0, sizeof(*s->s3));
3122 if (!ssl_free_wbio_buffer(s))
3125 s->version = SSL3_VERSION;
3127 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3128 OPENSSL_free(s->ext.npn);
3136 #ifndef OPENSSL_NO_SRP
3137 static char *srp_password_from_info_cb(SSL *s, void *arg)
3139 return OPENSSL_strdup(s->srp_ctx.info);
3143 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3145 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3150 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3152 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3153 ret = s->s3->num_renegotiations;
3155 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3156 ret = s->s3->num_renegotiations;
3157 s->s3->num_renegotiations = 0;
3159 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3160 ret = s->s3->total_renegotiations;
3162 case SSL_CTRL_GET_FLAGS:
3163 ret = (int)(s->s3->flags);
3165 #ifndef OPENSSL_NO_DH
3166 case SSL_CTRL_SET_TMP_DH:
3168 DH *dh = (DH *)parg;
3169 EVP_PKEY *pkdh = NULL;
3171 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3174 pkdh = ssl_dh_to_pkey(dh);
3176 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3179 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3180 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3181 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3182 EVP_PKEY_free(pkdh);
3185 EVP_PKEY_free(s->cert->dh_tmp);
3186 s->cert->dh_tmp = pkdh;
3190 case SSL_CTRL_SET_TMP_DH_CB:
3192 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3195 case SSL_CTRL_SET_DH_AUTO:
3196 s->cert->dh_tmp_auto = larg;
3199 #ifndef OPENSSL_NO_EC
3200 case SSL_CTRL_SET_TMP_ECDH:
3202 const EC_GROUP *group = NULL;
3206 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3209 group = EC_KEY_get0_group((const EC_KEY *)parg);
3210 if (group == NULL) {
3211 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3214 nid = EC_GROUP_get_curve_name(group);
3215 if (nid == NID_undef)
3217 return tls1_set_groups(&s->ext.supportedgroups,
3218 &s->ext.supportedgroups_len,
3222 #endif /* !OPENSSL_NO_EC */
3223 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3224 if (larg == TLSEXT_NAMETYPE_host_name) {
3227 OPENSSL_free(s->ext.hostname);
3228 s->ext.hostname = NULL;
3233 len = strlen((char *)parg);
3234 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3235 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3238 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3239 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3243 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3247 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3248 s->ext.debug_arg = parg;
3252 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3253 ret = s->ext.status_type;
3256 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3257 s->ext.status_type = larg;
3261 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3262 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3266 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3267 s->ext.ocsp.exts = parg;
3271 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3272 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3276 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3277 s->ext.ocsp.ids = parg;
3281 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3282 *(unsigned char **)parg = s->ext.ocsp.resp;
3283 if (s->ext.ocsp.resp_len == 0
3284 || s->ext.ocsp.resp_len > LONG_MAX)
3286 return (long)s->ext.ocsp.resp_len;
3288 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3289 OPENSSL_free(s->ext.ocsp.resp);
3290 s->ext.ocsp.resp = parg;
3291 s->ext.ocsp.resp_len = larg;
3295 #ifndef OPENSSL_NO_HEARTBEATS
3296 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3297 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3298 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3302 case SSL_CTRL_CHAIN:
3304 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3306 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3308 case SSL_CTRL_CHAIN_CERT:
3310 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3312 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3314 case SSL_CTRL_GET_CHAIN_CERTS:
3315 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3318 case SSL_CTRL_SELECT_CURRENT_CERT:
3319 return ssl_cert_select_current(s->cert, (X509 *)parg);
3321 case SSL_CTRL_SET_CURRENT_CERT:
3322 if (larg == SSL_CERT_SET_SERVER) {
3323 const SSL_CIPHER *cipher;
3326 cipher = s->s3->tmp.new_cipher;
3330 * No certificate for unauthenticated ciphersuites or using SRP
3333 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3335 if (s->s3->tmp.cert == NULL)
3337 s->cert->key = s->s3->tmp.cert;
3340 return ssl_cert_set_current(s->cert, larg);
3342 #ifndef OPENSSL_NO_EC
3343 case SSL_CTRL_GET_GROUPS:
3345 unsigned char *clist;
3350 clist = s->session->ext.supportedgroups;
3351 clistlen = s->session->ext.supportedgroups_len / 2;
3355 unsigned int cid, nid;
3356 for (i = 0; i < clistlen; i++) {
3358 /* TODO(TLS1.3): Handle DH groups here */
3359 nid = tls1_ec_curve_id2nid(cid, NULL);
3363 cptr[i] = TLSEXT_nid_unknown | cid;
3366 return (int)clistlen;
3369 case SSL_CTRL_SET_GROUPS:
3370 return tls1_set_groups(&s->ext.supportedgroups,
3371 &s->ext.supportedgroups_len, parg, larg);
3373 case SSL_CTRL_SET_GROUPS_LIST:
3374 return tls1_set_groups_list(&s->ext.supportedgroups,
3375 &s->ext.supportedgroups_len, parg);
3377 case SSL_CTRL_GET_SHARED_GROUP:
3378 return tls1_shared_group(s, larg);
3381 case SSL_CTRL_SET_SIGALGS:
3382 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3384 case SSL_CTRL_SET_SIGALGS_LIST:
3385 return tls1_set_sigalgs_list(s->cert, parg, 0);
3387 case SSL_CTRL_SET_CLIENT_SIGALGS:
3388 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3390 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3391 return tls1_set_sigalgs_list(s->cert, parg, 1);
3393 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3395 const unsigned char **pctype = parg;
3396 if (s->server || !s->s3->tmp.cert_req)
3399 *pctype = s->s3->tmp.ctype;
3400 return s->s3->tmp.ctype_len;
3403 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3406 return ssl3_set_req_cert_type(s->cert, parg, larg);
3408 case SSL_CTRL_BUILD_CERT_CHAIN:
3409 return ssl_build_cert_chain(s, NULL, larg);
3411 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3412 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3414 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3415 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3417 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3418 if (s->s3->tmp.peer_sigalg == NULL)
3420 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3423 case SSL_CTRL_GET_SERVER_TMP_KEY:
3424 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3425 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3428 EVP_PKEY_up_ref(s->s3->peer_tmp);
3429 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3435 #ifndef OPENSSL_NO_EC
3436 case SSL_CTRL_GET_EC_POINT_FORMATS:
3438 SSL_SESSION *sess = s->session;
3439 const unsigned char **pformat = parg;
3441 if (sess == NULL || sess->ext.ecpointformats == NULL)
3443 *pformat = sess->ext.ecpointformats;
3444 return (int)sess->ext.ecpointformats_len;
3454 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3459 #ifndef OPENSSL_NO_DH
3460 case SSL_CTRL_SET_TMP_DH_CB:
3462 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3466 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3467 s->ext.debug_cb = (void (*)(SSL *, int, int,
3468 const unsigned char *, int, void *))fp;
3471 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3473 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3482 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3485 #ifndef OPENSSL_NO_DH
3486 case SSL_CTRL_SET_TMP_DH:
3488 DH *dh = (DH *)parg;
3489 EVP_PKEY *pkdh = NULL;
3491 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3494 pkdh = ssl_dh_to_pkey(dh);
3496 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3499 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3500 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3501 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3502 EVP_PKEY_free(pkdh);
3505 EVP_PKEY_free(ctx->cert->dh_tmp);
3506 ctx->cert->dh_tmp = pkdh;
3509 case SSL_CTRL_SET_TMP_DH_CB:
3511 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3514 case SSL_CTRL_SET_DH_AUTO:
3515 ctx->cert->dh_tmp_auto = larg;
3518 #ifndef OPENSSL_NO_EC
3519 case SSL_CTRL_SET_TMP_ECDH:
3521 const EC_GROUP *group = NULL;
3525 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3528 group = EC_KEY_get0_group((const EC_KEY *)parg);
3529 if (group == NULL) {
3530 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3533 nid = EC_GROUP_get_curve_name(group);
3534 if (nid == NID_undef)
3536 return tls1_set_groups(&ctx->ext.supportedgroups,
3537 &ctx->ext.supportedgroups_len,
3540 #endif /* !OPENSSL_NO_EC */
3541 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3542 ctx->ext.servername_arg = parg;
3544 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3545 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3547 unsigned char *keys = parg;
3548 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3549 sizeof(ctx->ext.tick_hmac_key) +
3550 sizeof(ctx->ext.tick_aes_key));
3553 if (larg != tick_keylen) {
3554 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3557 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3558 memcpy(ctx->ext.tick_key_name, keys,
3559 sizeof(ctx->ext.tick_key_name));
3560 memcpy(ctx->ext.tick_hmac_key,
3561 keys + sizeof(ctx->ext.tick_key_name),
3562 sizeof(ctx->ext.tick_hmac_key));
3563 memcpy(ctx->ext.tick_aes_key,
3564 keys + sizeof(ctx->ext.tick_key_name) +
3565 sizeof(ctx->ext.tick_hmac_key),
3566 sizeof(ctx->ext.tick_aes_key));
3568 memcpy(keys, ctx->ext.tick_key_name,
3569 sizeof(ctx->ext.tick_key_name));
3570 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3571 ctx->ext.tick_hmac_key,
3572 sizeof(ctx->ext.tick_hmac_key));
3573 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3574 sizeof(ctx->ext.tick_hmac_key),
3575 ctx->ext.tick_aes_key,
3576 sizeof(ctx->ext.tick_aes_key));
3581 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3582 return ctx->ext.status_type;
3584 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3585 ctx->ext.status_type = larg;
3588 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3589 ctx->ext.status_arg = parg;
3592 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3593 *(void**)parg = ctx->ext.status_arg;
3596 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3597 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3600 #ifndef OPENSSL_NO_SRP
3601 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3602 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3603 OPENSSL_free(ctx->srp_ctx.login);
3604 ctx->srp_ctx.login = NULL;
3607 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3608 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3611 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3612 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3616 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3617 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3618 srp_password_from_info_cb;
3619 if (ctx->srp_ctx.info != NULL)
3620 OPENSSL_free(ctx->srp_ctx.info);
3621 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3622 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3626 case SSL_CTRL_SET_SRP_ARG:
3627 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3628 ctx->srp_ctx.SRP_cb_arg = parg;
3631 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3632 ctx->srp_ctx.strength = larg;
3636 #ifndef OPENSSL_NO_EC
3637 case SSL_CTRL_SET_GROUPS:
3638 return tls1_set_groups(&ctx->ext.supportedgroups,
3639 &ctx->ext.supportedgroups_len,
3642 case SSL_CTRL_SET_GROUPS_LIST:
3643 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3644 &ctx->ext.supportedgroups_len,
3647 case SSL_CTRL_SET_SIGALGS:
3648 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3650 case SSL_CTRL_SET_SIGALGS_LIST:
3651 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3653 case SSL_CTRL_SET_CLIENT_SIGALGS:
3654 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3656 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3657 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3659 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3660 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3662 case SSL_CTRL_BUILD_CERT_CHAIN:
3663 return ssl_build_cert_chain(NULL, ctx, larg);
3665 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3666 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3668 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3669 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3671 /* A Thawte special :-) */
3672 case SSL_CTRL_EXTRA_CHAIN_CERT:
3673 if (ctx->extra_certs == NULL) {
3674 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3675 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3679 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3680 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3685 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3686 if (ctx->extra_certs == NULL && larg == 0)
3687 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3689 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3692 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3693 sk_X509_pop_free(ctx->extra_certs, X509_free);
3694 ctx->extra_certs = NULL;
3697 case SSL_CTRL_CHAIN:
3699 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3701 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3703 case SSL_CTRL_CHAIN_CERT:
3705 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3707 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3709 case SSL_CTRL_GET_CHAIN_CERTS:
3710 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3713 case SSL_CTRL_SELECT_CURRENT_CERT:
3714 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3716 case SSL_CTRL_SET_CURRENT_CERT:
3717 return ssl_cert_set_current(ctx->cert, larg);
3725 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3728 #ifndef OPENSSL_NO_DH
3729 case SSL_CTRL_SET_TMP_DH_CB:
3731 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3735 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3736 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3739 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3740 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3743 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3744 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3747 HMAC_CTX *, int))fp;
3750 #ifndef OPENSSL_NO_SRP
3751 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3752 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3753 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3755 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3756 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3757 ctx->srp_ctx.TLS_ext_srp_username_callback =
3758 (int (*)(SSL *, int *, void *))fp;
3760 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3761 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3762 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3763 (char *(*)(SSL *, void *))fp;
3766 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3768 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3777 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3780 const SSL_CIPHER *cp;
3783 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3786 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3789 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
3791 SSL_CIPHER *c = NULL;
3792 SSL_CIPHER *tbl = ssl3_ciphers;
3795 /* this is not efficient, necessary to optimize this? */
3796 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
3797 if (tbl->stdname == NULL)
3799 if (strcmp(stdname, tbl->stdname) == 0) {
3806 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
3807 if (strcmp(stdname, tbl->stdname) == 0) {
3817 * This function needs to check if the ciphers required are actually
3820 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3822 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3823 | ((uint32_t)p[0] << 8L)
3827 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3829 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3834 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3842 * ssl3_choose_cipher - choose a cipher from those offered by the client
3843 * @s: SSL connection
3844 * @clnt: ciphers offered by the client
3845 * @srvr: ciphers enabled on the server?
3847 * Returns the selected cipher or NULL when no common ciphers.
3849 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3850 STACK_OF(SSL_CIPHER) *srvr)
3852 const SSL_CIPHER *c, *ret = NULL;
3853 STACK_OF(SSL_CIPHER) *prio, *allow;
3855 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
3857 /* Let's see which ciphers we can support */
3860 * Do not set the compare functions, because this may lead to a
3861 * reordering by "id". We want to keep the original ordering. We may pay
3862 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3863 * pay with the price of sk_SSL_CIPHER_dup().
3867 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3869 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3870 c = sk_SSL_CIPHER_value(srvr, i);
3871 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3873 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3875 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3876 c = sk_SSL_CIPHER_value(clnt, i);
3877 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3881 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3889 if (!SSL_IS_TLS13(s)) {
3890 tls1_set_cert_validity(s);
3894 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3895 c = sk_SSL_CIPHER_value(prio, i);
3897 /* Skip ciphers not supported by the protocol version */
3898 if (!SSL_IS_DTLS(s) &&
3899 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3901 if (SSL_IS_DTLS(s) &&
3902 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3903 DTLS_VERSION_GT(s->version, c->max_dtls)))
3907 * Since TLS 1.3 ciphersuites can be used with any auth or
3908 * key exchange scheme skip tests.
3910 if (!SSL_IS_TLS13(s)) {
3911 mask_k = s->s3->tmp.mask_k;
3912 mask_a = s->s3->tmp.mask_a;
3913 #ifndef OPENSSL_NO_SRP
3914 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3920 alg_k = c->algorithm_mkey;
3921 alg_a = c->algorithm_auth;
3923 #ifndef OPENSSL_NO_PSK
3924 /* with PSK there must be server callback set */
3925 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3927 #endif /* OPENSSL_NO_PSK */
3929 ok = (alg_k & mask_k) && (alg_a & mask_a);
3931 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3932 alg_a, mask_k, mask_a, (void *)c, c->name);
3935 #ifndef OPENSSL_NO_EC
3937 * if we are considering an ECC cipher suite that uses an ephemeral
3940 if (alg_k & SSL_kECDHE)
3941 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3942 #endif /* OPENSSL_NO_EC */
3947 ii = sk_SSL_CIPHER_find(allow, c);
3949 /* Check security callback permits this cipher */
3950 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3951 c->strength_bits, 0, (void *)c))
3953 #if !defined(OPENSSL_NO_EC)
3954 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3955 && s->s3->is_probably_safari) {
3957 ret = sk_SSL_CIPHER_value(allow, ii);
3961 ret = sk_SSL_CIPHER_value(allow, ii);
3968 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3970 uint32_t alg_k, alg_a = 0;
3972 /* If we have custom certificate types set, use them */
3974 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3975 /* Get mask of algorithms disabled by signature list */
3976 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3978 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3980 #ifndef OPENSSL_NO_GOST
3981 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3982 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3983 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3984 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3987 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3988 #ifndef OPENSSL_NO_DH
3989 # ifndef OPENSSL_NO_RSA
3990 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3993 # ifndef OPENSSL_NO_DSA
3994 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3997 #endif /* !OPENSSL_NO_DH */
3999 #ifndef OPENSSL_NO_RSA
4000 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4003 #ifndef OPENSSL_NO_DSA
4004 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4007 #ifndef OPENSSL_NO_EC
4009 * ECDSA certs can be used with RSA cipher suites too so we don't
4010 * need to check for SSL_kECDH or SSL_kECDHE
4012 if (s->version >= TLS1_VERSION
4013 && !(alg_a & SSL_aECDSA)
4014 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4020 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4022 OPENSSL_free(c->ctype);
4025 if (p == NULL || len == 0)
4029 c->ctype = OPENSSL_memdup(p, len);
4030 if (c->ctype == NULL)
4036 int ssl3_shutdown(SSL *s)
4041 * Don't do anything much if we have not done the handshake or we don't
4042 * want to send messages :-)
4044 if (s->quiet_shutdown || SSL_in_before(s)) {
4045 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4049 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4050 s->shutdown |= SSL_SENT_SHUTDOWN;
4051 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4053 * our shutdown alert has been sent now, and if it still needs to be
4054 * written, s->s3->alert_dispatch will be true
4056 if (s->s3->alert_dispatch)
4057 return (-1); /* return WANT_WRITE */
4058 } else if (s->s3->alert_dispatch) {
4059 /* resend it if not sent */
4060 ret = s->method->ssl_dispatch_alert(s);
4063 * we only get to return -1 here the 2nd/Nth invocation, we must
4064 * have already signalled return 0 upon a previous invocation,
4069 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4072 * If we are waiting for a close from our peer, we are closed
4074 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4075 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4076 return -1; /* return WANT_READ */
4080 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4081 !s->s3->alert_dispatch)
4087 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4090 if (s->s3->renegotiate)
4091 ssl3_renegotiate_check(s, 0);
4093 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4097 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4103 if (s->s3->renegotiate)
4104 ssl3_renegotiate_check(s, 0);
4105 s->s3->in_read_app_data = 1;
4107 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4109 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4111 * ssl3_read_bytes decided to call s->handshake_func, which called
4112 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4113 * actually found application data and thinks that application data
4114 * makes sense here; so disable handshake processing and try to read
4115 * application data again.
4117 ossl_statem_set_in_handshake(s, 1);
4119 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4120 len, peek, readbytes);
4121 ossl_statem_set_in_handshake(s, 0);
4123 s->s3->in_read_app_data = 0;
4128 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4130 return ssl3_read_internal(s, buf, len, 0, readbytes);
4133 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4135 return ssl3_read_internal(s, buf, len, 1, readbytes);
4138 int ssl3_renegotiate(SSL *s)
4140 if (s->handshake_func == NULL)
4143 s->s3->renegotiate = 1;
4148 * Check if we are waiting to do a renegotiation and if so whether now is a
4149 * good time to do it. If |initok| is true then we are being called from inside
4150 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4151 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4152 * should do a renegotiation now and sets up the state machine for it. Otherwise
4155 int ssl3_renegotiate_check(SSL *s, int initok)
4159 if (s->s3->renegotiate) {
4160 if (!RECORD_LAYER_read_pending(&s->rlayer)
4161 && !RECORD_LAYER_write_pending(&s->rlayer)
4162 && (initok || !SSL_in_init(s))) {
4164 * if we are the server, and we have sent a 'RENEGOTIATE'
4165 * message, we need to set the state machine into the renegotiate
4168 ossl_statem_set_renegotiate(s);
4169 s->s3->renegotiate = 0;
4170 s->s3->num_renegotiations++;
4171 s->s3->total_renegotiations++;
4179 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4180 * handshake macs if required.
4182 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4184 long ssl_get_algorithm2(SSL *s)
4187 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4189 alg2 = s->s3->tmp.new_cipher->algorithm2;
4190 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4191 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4192 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4193 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4194 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4195 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4201 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4202 * failure, 1 on success.
4204 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4207 int send_time = 0, ret;
4212 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4214 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4216 unsigned long Time = (unsigned long)time(NULL);
4217 unsigned char *p = result;
4220 ret = ssl_randbytes(s, p, len - 4);
4222 ret = ssl_randbytes(s, result, len);
4224 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4226 if (!ossl_assert(sizeof(tls11downgrade) < len)
4227 || !ossl_assert(sizeof(tls12downgrade) < len))
4229 if (dgrd == DOWNGRADE_TO_1_2)
4230 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4231 sizeof(tls12downgrade));
4232 else if (dgrd == DOWNGRADE_TO_1_1)
4233 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4234 sizeof(tls11downgrade));
4240 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4243 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4246 if (alg_k & SSL_PSK) {
4247 #ifndef OPENSSL_NO_PSK
4248 unsigned char *pskpms, *t;
4249 size_t psklen = s->s3->tmp.psklen;
4252 /* create PSK premaster_secret */
4254 /* For plain PSK "other_secret" is psklen zeroes */
4255 if (alg_k & SSL_kPSK)
4258 pskpmslen = 4 + pmslen + psklen;
4259 pskpms = OPENSSL_malloc(pskpmslen);
4264 if (alg_k & SSL_kPSK)
4265 memset(t, 0, pmslen);
4267 memcpy(t, pms, pmslen);
4270 memcpy(t, s->s3->tmp.psk, psklen);
4272 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4273 s->s3->tmp.psk = NULL;
4274 if (!s->method->ssl3_enc->generate_master_secret(s,
4275 s->session->master_key,pskpms, pskpmslen,
4276 &s->session->master_key_length))
4278 OPENSSL_clear_free(pskpms, pskpmslen);
4280 /* Should never happen */
4284 if (!s->method->ssl3_enc->generate_master_secret(s,
4285 s->session->master_key, pms, pmslen,
4286 &s->session->master_key_length))
4294 OPENSSL_clear_free(pms, pmslen);
4296 OPENSSL_cleanse(pms, pmslen);
4299 s->s3->tmp.pms = NULL;
4303 /* Generate a private key from parameters */
4304 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4306 EVP_PKEY_CTX *pctx = NULL;
4307 EVP_PKEY *pkey = NULL;
4311 pctx = EVP_PKEY_CTX_new(pm, NULL);
4314 if (EVP_PKEY_keygen_init(pctx) <= 0)
4316 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4317 EVP_PKEY_free(pkey);
4322 EVP_PKEY_CTX_free(pctx);
4325 #ifndef OPENSSL_NO_EC
4326 /* Generate a private key a curve ID */
4327 EVP_PKEY *ssl_generate_pkey_curve(int id)
4329 EVP_PKEY_CTX *pctx = NULL;
4330 EVP_PKEY *pkey = NULL;
4331 unsigned int curve_flags;
4332 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4336 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4337 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4340 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4344 if (EVP_PKEY_keygen_init(pctx) <= 0)
4346 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4348 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4349 EVP_PKEY_free(pkey);
4354 EVP_PKEY_CTX_free(pctx);
4359 /* Derive secrets for ECDH/DH */
4360 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4363 unsigned char *pms = NULL;
4367 if (privkey == NULL || pubkey == NULL)
4370 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4372 if (EVP_PKEY_derive_init(pctx) <= 0
4373 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4374 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4378 pms = OPENSSL_malloc(pmslen);
4382 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4386 if (SSL_IS_TLS13(s)) {
4388 * If we are resuming then we already generated the early secret
4389 * when we created the ClientHello, so don't recreate it.
4392 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4394 (unsigned char *)&s->early_secret);
4398 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4400 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4403 /* Save premaster secret */
4404 s->s3->tmp.pms = pms;
4405 s->s3->tmp.pmslen = pmslen;
4411 OPENSSL_clear_free(pms, pmslen);
4412 EVP_PKEY_CTX_free(pctx);
4416 #ifndef OPENSSL_NO_DH
4417 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4422 ret = EVP_PKEY_new();
4423 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {