#endif
#include <openssl/rand.h>
-const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
-
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/* list of available SSLv3 ciphers (sorted by id) */
SSL_eNULL,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_STRONG_NONE,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+#ifndef OPENSSL_NO_PSK
+ /* Cipher 2C */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_NULL_SHA,
+ TLS1_CK_PSK_WITH_NULL_SHA,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ /* Cipher 2D */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+ TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ /* Cipher 2E */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+ TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+#endif
/* New AES ciphersuites */
/* Cipher 2F */
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_AES256,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* GOST Ciphersuites */
-
- {
- 1,
- "GOST94-GOST89-GOST89",
- 0x3000080,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
- 256,
- 256},
+#ifndef OPENSL_NO_GOST
{
1,
"GOST2001-GOST89-GOST89",
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
- 256},
- {
- 1,
- "GOST94-NULL-GOST94",
- 0x3000082,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eNULL,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
- 0,
- 0},
+ 256
+ },
{
1,
"GOST2001-NULL-GOST94",
SSL_eNULL,
SSL_GOST94,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
- 0},
-
+ 0
+ },
+#endif
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDH,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aNULL,
SSL_SEED,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
SSL_CAMELLIA128,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_CAMELLIA256,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
SSL_aECDH,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aECDH,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aECDH,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aECDH,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aECDH,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aECDH,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aECDH,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aECDH,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_aSRP,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aDSS,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aSRP,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aSRP,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL_TLSV1,
+ SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_SSLV3,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
SSL_eNULL,
SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0,
0,
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_EC */
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
- {
+#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK)
+ { /* Cipher C094 */
1,
- "GOST-MD5",
- 0x0300ff00,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_MD5,
+ TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
SSL_TLSV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C095 */
+ 1,
+ TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
+ 256},
+
+ { /* Cipher C096 */
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C097 */
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- },
- {
+ 256},
+
+ { /* Cipher C098 */
1,
- "GOST-GOST94",
- 0x0300ff01,
- SSL_kRSA,
+ TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kRSAPSK,
SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST94,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
SSL_TLSV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C099 */
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
- {
+
+ { /* Cipher C09A */
1,
- "GOST-GOST89MAC",
- 0x0300ff02,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
+ TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
SSL_TLSV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C09B */
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
+#endif
+
+ /* Cipher C09C */
{
1,
- "GOST-GOST89STREAM",
- 0x0300ff03,
+ TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_CK_RSA_WITH_AES_128_CCM,
SSL_kRSA,
SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C09D */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_CK_RSA_WITH_AES_256_CCM,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C09E */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C09F */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A0 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_RSA_WITH_AES_128_CCM_8,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A1 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_RSA_WITH_AES_256_CCM_8,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A2 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A3 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A4 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_CK_PSK_WITH_AES_128_CCM,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A4 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_CK_PSK_WITH_AES_256_CCM,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A6 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A7 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_PSK_WITH_AES_128_CCM_8,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_PSK_WITH_AES_256_CCM_8,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AA */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AB */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AC */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AD */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AE */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AF */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+#ifndef OPENSSL_NO_GOST
+ {
+ 1,
+ "GOST2012-GOST8912-GOST8912",
+ 0x0300ff85,
+ SSL_kGOST,
+ SSL_aGOST12 | SSL_aGOST01,
+ SSL_eGOST2814789CNT12,
+ SSL_GOST89MAC12,
SSL_TLSV1,
SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256,
256},
+ {
+ 1,
+ "GOST2012-NULL-GOST12",
+ 0x0300ff87,
+ SSL_kGOST,
+ SSL_aGOST12 | SSL_aGOST01,
+ SSL_eNULL,
+ SSL_GOST12_256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
+ 0,
+ 0},
#endif
/* end of list */
ssl3_change_cipher_state,
ssl3_final_finish_mac,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
- ssl3_cert_verify_mac,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
{
SSL3_STATE *s3;
- if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
+ if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
goto err;
- memset(s3, 0, sizeof(*s3));
s->s3 = s3;
#ifndef OPENSSL_NO_SRP
void ssl3_free(SSL *s)
{
- if (s == NULL)
+ if (s == NULL || s->s3 == NULL)
return;
ssl3_cleanup_key_block(s);
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
- EC_KEY *ecdh = NULL;
+ const EC_GROUP *group = NULL;
+ int nid;
if (parg == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return (ret);
- }
- if (!EC_KEY_up_ref((EC_KEY *)parg)) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
- return (ret);
+ return 0;
}
- ecdh = (EC_KEY *)parg;
- if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
- if (!EC_KEY_generate_key(ecdh)) {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
- return (ret);
- }
+ group = EC_KEY_get0_group((const EC_KEY *)parg);
+ if (group == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+ return 0;
}
- EC_KEY_free(s->cert->ecdh_tmp);
- s->cert->ecdh_tmp = ecdh;
- ret = 1;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+ &s->tlsext_ellipticcurvelist_length,
+ &nid, 1);
}
break;
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
- }
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
-# ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_ECDH_AUTO:
- s->cert->ecdh_tmp_auto = larg;
- return 1;
-# endif
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
return 0;
#endif
ptmp = EVP_PKEY_new();
- if (!ptmp)
+ if (ptmp == NULL)
return 0;
#ifndef OPENSSL_NO_RSA
else if (s->s3->peer_rsa_tmp)
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int, int,
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
- EC_KEY *ecdh = NULL;
+ const EC_GROUP *group = NULL;
+ int nid;
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ecdh = EC_KEY_dup((EC_KEY *)parg);
- if (ecdh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
+ group = EC_KEY_get0_group((const EC_KEY *)parg);
+ if (group == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
return 0;
}
- if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
- if (!EC_KEY_generate_key(ecdh)) {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
- return 0;
- }
- }
-
- EC_KEY_free(cert->ecdh_tmp);
- cert->ecdh_tmp = ecdh;
- return 1;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+ &ctx->tlsext_ellipticcurvelist_length,
+ &nid, 1);
}
/* break; */
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
- }
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
- case SSL_CTRL_SET_ECDH_AUTO:
- ctx->cert->ecdh_tmp_auto = larg;
- return 1;
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
{
SSL_CIPHER c;
const SSL_CIPHER *cp;
- unsigned long id;
+ uint32_t id;
- id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+ id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
/* Skip TLS v1.2 only ciphersuites if not supported */
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
continue;
+ /* Skip TLS v1.0 ciphersuites if SSLv3 */
+ if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
+ continue;
ssl_set_masks(s, c);
mask_k = s->s3->tmp.mask_k;
{
int ret = 0;
int nostrict = 1;
- unsigned long alg_k, alg_a = 0;
+ uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */
if (s->cert->ctypes) {
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION) {
if (alg_k & SSL_kGOST) {
- p[ret++] = TLS_CT_GOST94_SIGN;
p[ret++] = TLS_CT_GOST01_SIGN;
+ p[ret++] = TLS_CT_GOST12_SIGN;
+ p[ret++] = TLS_CT_GOST12_512_SIGN;
return (ret);
}
}
if (len > 0xff)
return 0;
c->ctypes = OPENSSL_malloc(len);
- if (!c->ctypes)
+ if (c->ctypes == NULL)
return 0;
memcpy(c->ctypes, p, len);
c->ctype_num = len;
* Don't do anything much if we have not done the handshake or we don't
* want to send messages :-)
*/
- if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
+ if (s->quiet_shutdown || SSL_in_before(s)) {
s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
return (1);
}
/*
* If we are waiting for a close from our peer, we are closed
*/
- s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
+ s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
return (-1); /* return WANT_READ */
}
ssl3_renegotiate_check(s);
s->s3->in_read_app_data = 1;
ret =
- s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+ s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
peek);
if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
/*
* makes sense here; so disable handshake processing and try to read
* application data again.
*/
- s->in_handshake++;
+ ossl_statem_set_in_handshake(s, 1);
ret =
- s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
- peek);
- s->in_handshake--;
+ s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
+ len, peek);
+ ossl_statem_set_in_handshake(s, 0);
} else
s->s3->in_read_app_data = 0;
&& !SSL_in_init(s)) {
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
- * message, we need to go to SSL_ST_ACCEPT.
+ * message, we need to set the state machine into the renegotiate
+ * state.
*/
- /* SSL_ST_ACCEPT */
- s->state = SSL_ST_RENEGOTIATE;
+ ossl_statem_set_renegotiate(s);
s->s3->renegotiate = 0;
s->s3->num_renegotiations++;
s->s3->total_renegotiations++;
pskpmslen = 4 + pmslen + psklen;
pskpms = OPENSSL_malloc(pskpmslen);
- if (pskpms == NULL)
- return 0;
+ if (pskpms == NULL) {
+ s->session->master_key_length = 0;
+ goto err;
+ }
t = pskpms;
s2n(pmslen, t);
if (alg_k & SSL_kPSK)
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
pms, pmslen);
+#ifndef OPENSSL_NO_PSK
+ err:
+#endif
if (pms) {
if (free_pms)
OPENSSL_clear_free(pms, pmslen);
projects / openssl.git / blobdiff