/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
#include <stdio.h>
-#include <assert.h>
#include <openssl/objects.h>
+#include "internal/nelem.h"
#include "ssl_locl.h"
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
+#include "internal/cryptlib.h"
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
{
1,
SSL3_TXT_RSA_NULL_MD5,
+ SSL3_RFC_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_RSA_NULL_SHA,
+ SSL3_RFC_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
+ SSL3_RFC_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+ SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+ SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
+ SSL3_RFC_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
+ TLS1_RFC_RSA_WITH_AES_128_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
+ TLS1_RFC_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA,
+ TLS1_RFC_RSA_WITH_AES_256_SHA,
TLS1_CK_RSA_WITH_AES_256_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA,
+ TLS1_RFC_ADH_WITH_AES_256_SHA,
TLS1_CK_ADH_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_NULL_SHA256,
+ TLS1_RFC_RSA_WITH_NULL_SHA256,
TLS1_CK_RSA_WITH_NULL_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_RSA_WITH_AES_128_SHA256,
TLS1_CK_RSA_WITH_AES_128_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA256,
+ TLS1_RFC_RSA_WITH_AES_256_SHA256,
TLS1_CK_RSA_WITH_AES_256_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA256,
+ TLS1_RFC_ADH_WITH_AES_128_SHA256,
TLS1_CK_ADH_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA256,
+ TLS1_RFC_ADH_WITH_AES_256_SHA256,
TLS1_CK_ADH_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_RFC_RSA_WITH_AES_128_CCM,
TLS1_CK_RSA_WITH_AES_128_CCM,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_RFC_RSA_WITH_AES_256_CCM,
TLS1_CK_RSA_WITH_AES_256_CCM,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_RSA_WITH_AES_128_CCM_8,
TLS1_CK_RSA_WITH_AES_128_CCM_8,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_RSA_WITH_AES_256_CCM_8,
TLS1_CK_RSA_WITH_AES_256_CCM_8,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_RFC_PSK_WITH_AES_128_CCM,
TLS1_CK_PSK_WITH_AES_128_CCM,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_RFC_PSK_WITH_AES_256_CCM,
TLS1_CK_PSK_WITH_AES_256_CCM,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_RFC_PSK_WITH_AES_128_CCM_8,
TLS1_CK_PSK_WITH_AES_128_CCM_8,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_RFC_PSK_WITH_AES_256_CCM_8,
TLS1_CK_PSK_WITH_AES_256_CCM_8,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_3_TXT_AES_128_GCM_SHA256,
+ TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
0, 0,
SSL_AES128GCM,
{
1,
TLS1_3_TXT_AES_256_GCM_SHA384,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
TLS1_3_CK_AES_256_GCM_SHA384,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_3_TXT_AES_128_CCM_SHA256,
+ TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_CK_AES_128_CCM_SHA256,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_3_TXT_AES_128_CCM_8_SHA256,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
TLS1_3_CK_AES_128_CCM_8_SHA256,
SSL_kANY,
SSL_aANY,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA,
+ TLS1_RFC_PSK_WITH_NULL_SHA,
TLS1_CK_PSK_WITH_NULL_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
TLS1_CK_DHE_PSK_WITH_NULL_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
TLS1_CK_RSA_PSK_WITH_NULL_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_PSK_WITH_NULL_SHA256,
TLS1_CK_PSK_WITH_NULL_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_PSK_WITH_NULL_SHA384,
TLS1_CK_PSK_WITH_NULL_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHE,
SSL_aECDSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHE,
SSL_aRSA,
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
{
1,
"GOST2001-GOST89-GOST89",
+ "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
0x3000081,
SSL_kGOST,
SSL_aGOST01,
{
1,
"GOST2001-NULL-GOST94",
+ "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
0x3000083,
SSL_kGOST,
SSL_aGOST01,
{
1,
"GOST2012-GOST8912-GOST8912",
+ NULL,
0x0300ff85,
SSL_kGOST,
SSL_aGOST12 | SSL_aGOST01,
{
1,
"GOST2012-NULL-GOST12",
+ NULL,
0x0300ff87,
SSL_kGOST,
SSL_aGOST12 | SSL_aGOST01,
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
+ SSL3_RFC_RSA_IDEA_128_SHA,
SSL3_CK_RSA_IDEA_128_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_RSA_WITH_SEED_SHA,
+ TLS1_RFC_RSA_WITH_SEED_SHA,
TLS1_CK_RSA_WITH_SEED_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+ TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
TLS1_CK_DHE_DSS_WITH_SEED_SHA,
SSL_kDHE,
SSL_aDSS,
{
1,
TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+ TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
TLS1_CK_DHE_RSA_WITH_SEED_SHA,
SSL_kDHE,
SSL_aRSA,
{
1,
TLS1_TXT_ADH_WITH_SEED_SHA,
+ TLS1_RFC_ADH_WITH_SEED_SHA,
TLS1_CK_ADH_WITH_SEED_SHA,
SSL_kDHE,
SSL_aNULL,
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
+ SSL3_RFC_RSA_RC4_128_MD5,
SSL3_CK_RSA_RC4_128_MD5,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_RSA_RC4_128_SHA,
+ SSL3_RFC_RSA_RC4_128_SHA,
SSL3_CK_RSA_RC4_128_SHA,
SSL_kRSA,
SSL_aRSA,
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
+ SSL3_RFC_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
SSL_kDHE,
SSL_aNULL,
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_PSK_WITH_RC4_128_SHA,
TLS1_CK_PSK_WITH_RC4_128_SHA,
SSL_kPSK,
SSL_aPSK,
{
1,
TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
SSL_kRSAPSK,
SSL_aRSA,
{
1,
TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
SSL_kDHEPSK,
SSL_aPSK,
{
0,
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
SSL3_CK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
{
0,
"TLS_FALLBACK_SCSV",
+ "TLS_FALLBACK_SCSV",
SSL3_CK_FALLBACK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
- return ap->id - bp->id;
+ if (ap->id == bp->id)
+ return 0;
+ return ap->id < bp->id ? -1 : 1;
}
void ssl_sort_cipher_list(void)
if (!SSL_SRP_CTX_init(s))
goto err;
#endif
- s->method->ssl_clear(s);
- return (1);
+
+ if (!s->method->ssl_clear(s))
+ return 0;
+
+ return 1;
err:
- return (0);
+ return 0;
}
void ssl3_free(SSL *s)
s->s3 = NULL;
}
-void ssl3_clear(SSL *s)
+int ssl3_clear(SSL *s)
{
ssl3_cleanup_key_block(s);
OPENSSL_free(s->s3->tmp.ctype);
/* NULL/zero-out everything in the s3 struct */
memset(s->s3, 0, sizeof(*s->s3));
- ssl_free_wbio_buffer(s);
+ if (!ssl_free_wbio_buffer(s))
+ return 0;
s->version = SSL3_VERSION;
s->ext.npn = NULL;
s->ext.npn_len = 0;
#endif
+
+ return 1;
}
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
srp_password_from_info_cb;
- ctx->srp_ctx.info = parg;
+ if (ctx->srp_ctx.info != NULL)
+ OPENSSL_free(ctx->srp_ctx.info);
+ if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
break;
case SSL_CTRL_SET_SRP_ARG:
ctx->srp_ctx.srp_Mask |= SSL_kSRP;
return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
}
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+ SSL_CIPHER *c = NULL;
+ SSL_CIPHER *tbl = ssl3_ciphers;
+ size_t i;
+
+ /* this is not efficient, necessary to optimize this? */
+ for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
+ if (tbl->stdname == NULL)
+ continue;
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
+ }
+ if (c == NULL) {
+ tbl = ssl3_scsvs;
+ for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
+ }
+ }
+ return c;
+}
+
/*
* This function needs to check if the ciphers required are actually
* available
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok;
- unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
+ unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
/* Let's see which ciphers we can support */
allow = srvr;
}
- tls1_set_cert_validity(s);
- ssl_set_masks(s);
+ if (!SSL_IS_TLS13(s)) {
+ tls1_set_cert_validity(s);
+ ssl_set_masks(s);
+ }
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
(DTLS_VERSION_LT(s->version, c->min_dtls) ||
DTLS_VERSION_GT(s->version, c->max_dtls)))
continue;
+
/*
* Since TLS 1.3 ciphersuites can be used with any auth or
* key exchange scheme skip tests.
if (send_time) {
unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
+
l2n(Time, p);
- /* TODO(size_t): Convert this */
- ret = RAND_bytes(p, (int)(len - 4));
+ ret = ssl_randbytes(s, p, len - 4);
} else {
- ret = RAND_bytes(result, (int)len);
+ ret = ssl_randbytes(s, result, len);
}
#ifndef OPENSSL_NO_TLS13DOWNGRADE
if (ret) {
- assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
+ if (!ossl_assert(sizeof(tls11downgrade) < len)
+ || !ossl_assert(sizeof(tls12downgrade) < len))
+ return 0;
if (dgrd == DOWNGRADE_TO_1_2)
memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
sizeof(tls12downgrade));