#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
+static const SSL_CIPHER ssl3_ciphers[] = {
/* The RSA ciphers */
/* Cipher 01 */
SSL_aRSA,
SSL_eNULL,
SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
},
/* Cipher 04 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
SSL_aRSA,
SSL_RC4,
SSL_MD5,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
SSL_aRSA,
SSL_IDEA,
SSL_SHA1,
- SSL_SSLV3,
- SSL_MEDIUM,
+ SSL3_VERSION, TLS1_1_VERSION,
+ DTLS1_VERSION, DTLS1_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aDSS,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
},
/* Cipher 18 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
SSL_aNULL,
SSL_RC4,
SSL_MD5,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher 1B */
{
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_eNULL,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aGOST01,
SSL_eGOST2814789CNT,
SSL_GOST89MAC,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
SSL_aGOST01,
SSL_eNULL,
SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
0
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
#ifndef OPENSSL_NO_PSK
/* PSK ciphersuites from RFC 4279 */
/* Cipher 8A */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher 8B */
{
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
},
/* Cipher 8E */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher 8F */
{
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
},
/* Cipher 92 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher 93 */
{
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
- SSL_SSLV3,
- SSL_MEDIUM,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aDSS,
SSL_SEED,
SSL_SHA1,
- SSL_SSLV3,
- SSL_MEDIUM,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
- SSL_SSLV3,
- SSL_MEDIUM,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aNULL,
SSL_SEED,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aDSS,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aDSS,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
SSL_aNULL,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aNULL,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aPSK,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aPSK,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aPSK,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aPSK,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aPSK,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA384,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aPSK,
SSL_eNULL,
SSL_SHA256,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aPSK,
SSL_eNULL,
SSL_SHA384,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_aPSK,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA384,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aPSK,
SSL_eNULL,
SSL_SHA256,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aPSK,
SSL_eNULL,
SSL_SHA384,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA384,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aRSA,
SSL_eNULL,
SSL_SHA256,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_eNULL,
SSL_SHA384,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Cipher FF */
- {
- 1,
- "SCSV",
- SSL3_CK_SCSV,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0},
-#endif
-
#ifndef OPENSSL_NO_EC
- /* Cipher C001 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C002 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C003 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C004 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C005 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
/* Cipher C006 */
{
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
},
/* Cipher C007 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher C008 */
{
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
-
- /* Cipher C00B */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C00C */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00D */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C00E */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00F */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
},
/* Cipher C011 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher C012 */
{
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
},
/* Cipher C016 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher C017 */
{
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aSRP,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aDSS,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_aSRP,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aSRP,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aECDSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aECDSA,
SSL_AES256,
SSL_SHA384,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
- /* Cipher C025 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C026 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
/* Cipher C027 */
{
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
- /* Cipher C029 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02A */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
- /* Cipher C02D */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02E */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
- /* Cipher C031 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C032 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
/* PSK ciphersuites from RFC 5489 */
/* Cipher C033 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
/* Cipher C034 */
{
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_SSLV3,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA384,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aPSK,
SSL_eNULL,
SSL_SHA256,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aPSK,
SSL_eNULL,
SSL_SHA384,
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_aECDSA,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128},
SSL_aECDSA,
SSL_CAMELLIA256,
SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256},
-
- { /* Cipher C074 */
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_CAMELLIA128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128},
-
- { /* Cipher C075 */
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_CAMELLIA256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128},
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
- { /* Cipher C078 */
- 1,
- TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_CAMELLIA128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128},
-
- { /* Cipher C079 */
- 1,
- TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_CAMELLIA256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256},
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_EC */
SSL_aPSK,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128},
SSL_aPSK,
SSL_CAMELLIA256,
SSL_SHA384,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
SSL_aPSK,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128},
SSL_aPSK,
SSL_CAMELLIA256,
SSL_SHA384,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128},
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA384,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
SSL_aPSK,
SSL_CAMELLIA128,
SSL_SHA256,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128},
SSL_aPSK,
SSL_CAMELLIA256,
SSL_SHA384,
- SSL_TLSV1,
- SSL_HIGH,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
SSL_aRSA,
SSL_AES128CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aRSA,
SSL_AES256CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aRSA,
SSL_AES128CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aRSA,
SSL_AES256CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aRSA,
SSL_AES128CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aRSA,
SSL_AES256CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aRSA,
SSL_AES128CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aRSA,
SSL_AES256CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aPSK,
SSL_AES128CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aPSK,
SSL_AES256CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aPSK,
SSL_AES128CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aPSK,
SSL_AES256CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aPSK,
SSL_AES128CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aPSK,
SSL_AES256CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aPSK,
SSL_AES128CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aPSK,
SSL_AES256CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aECDSA,
SSL_AES128CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aECDSA,
SSL_AES256CCM,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aECDSA,
SSL_AES128CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_aECDSA,
SSL_AES256CCM8,
SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# ifndef OPENSSL_NO_EC
- /* Cipher CCA8 as per draft-ietf-tls-chacha20-poly1305-03 */
+ /* Cipher CCA8 */
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
SSL_aRSA,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aECDSA,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aRSA,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aPSK,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aPSK,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aPSK,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aRSA,
SSL_CHACHA20POLY1305,
SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
SSL_aGOST12 | SSL_aGOST01,
SSL_eGOST2814789CNT12,
SSL_GOST89MAC12,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256,
SSL_aGOST12 | SSL_aGOST01,
SSL_eNULL,
SSL_GOST12_256,
- SSL_TLSV1,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
OPENSSL_free(s->s3->tmp.peer_sigalgs);
ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected);
+ OPENSSL_free(s->s3->alpn_proposed);
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
ssl3_cleanup_key_block(s);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw);
- s->s3->tmp.ciphers_raw = NULL;
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
- s->s3->tmp.pms = NULL;
OPENSSL_free(s->s3->tmp.peer_sigalgs);
- s->s3->tmp.peer_sigalgs = NULL;
-#ifndef OPENSSL_NO_EC
- s->s3->is_probably_safari = 0;
-#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->tmp.pkey);
- s->s3->tmp.pkey = NULL;
EVP_PKEY_free(s->s3->peer_tmp);
- s->s3->peer_tmp = NULL;
#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
- if (s->s3->alpn_selected) {
- OPENSSL_free(s->s3->alpn_selected);
- s->s3->alpn_selected = NULL;
- }
+ OPENSSL_free(s->s3->alpn_selected);
+ OPENSSL_free(s->s3->alpn_proposed);
+ /* NULL/zero-out everything in the s3 struct */
memset(s->s3, 0, sizeof(*s->s3));
ssl_free_wbio_buffer(s);
- s->s3->renegotiate = 0;
- s->s3->total_renegotiations = 0;
- s->s3->num_renegotiations = 0;
- s->s3->in_read_app_data = 0;
s->version = SSL3_VERSION;
#if !defined(OPENSSL_NO_NEXTPROTONEG)
int ret = 0;
switch (cmd) {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret = s->hit;
- break;
case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
break;
case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
break;
#ifndef OPENSSL_NO_HEARTBEATS
- case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
+ case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
if (SSL_IS_DTLS(s))
ret = dtls1_heartbeat(s);
- else
- ret = tls1_heartbeat(s);
break;
- case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
- ret = s->tlsext_hb_pending;
+ case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+ if (SSL_IS_DTLS(s))
+ ret = s->tlsext_hb_pending;
break;
- case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
- if (larg)
- s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
- else
- s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
- ret = 1;
+ case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
+ if (SSL_IS_DTLS(s)) {
+ if (larg)
+ s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+ else
+ s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+ ret = 1;
+ }
break;
#endif
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int, int,
- unsigned char *, int, void *))fp;
+ const unsigned char *, int, void *))fp;
break;
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
return cp;
}
return (2);
}
+/*
+ * ssl3_choose_cipher - choose a cipher from those offered by the client
+ * @s: SSL connection
+ * @clnt: ciphers offered by the client
+ * @srvr: ciphers enabled on the server?
+ *
+ * Returns the selected cipher or NULL when no common ciphers.
+ */
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr)
{
}
tls1_set_cert_validity(s);
+ ssl_set_masks(s);
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
- /* Skip TLS v1.2 only ciphersuites if not supported */
- if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
+ /* Skip ciphers not supported by the protocol version */
+ if (!SSL_IS_DTLS(s) &&
+ ((s->version < c->min_tls) || (s->version > c->max_tls)))
continue;
- /* Skip TLS v1.0 ciphersuites if SSLv3 */
- if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
+ if (SSL_IS_DTLS(s) &&
+ (DTLS_VERSION_LT(s->version, c->min_dtls) ||
+ DTLS_VERSION_GT(s->version, c->max_dtls)))
continue;
- ssl_set_masks(s, c);
mask_k = s->s3->tmp.mask_k;
mask_a = s->s3->tmp.mask_a;
#ifndef OPENSSL_NO_SRP
return (ret);
}
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
- if (SSL_in_init(s)) {
- /*
- * We can't shutdown properly if we are in the middle of a
- * handshake. Doing so is problematic because the peer may send a
- * CCS before it acts on our close_notify. However we should not
- * continue to process received handshake messages or CCS once our
- * close_notify has been sent. Therefore any close_notify from
- * the peer will be unreadable because we have not moved to the next
- * cipher state. Its best just to avoid this can-of-worms. Return
- * an error if we are wanting to wait for a close_notify from the
- * peer and we are in init.
- */
- SSLerr(SSL_F_SSL3_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
- return -1;
- }
/*
* If we are waiting for a close from our peer, we are closed
*/
projects / openssl.git / blobdiff