X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=54c49ab7628a5dcc838eca57ec9682a254181309;hp=8f6eda2c719ad31335045b4182099687cbdf5f9e;hb=fa7c263747cb73f03b321399a1452cc40516d9a4;hpb=f0ff328e360f56d8a79cbb61b2931a13fb7199c2 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8f6eda2c71..54c49ab762 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,112 +1,12 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -148,21 +48,35 @@ */ #include +#include #include #include "ssl_locl.h" #include -#ifndef OPENSSL_NO_DH -# include -#endif +#include #include #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) +#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) -/* list of available SSLv3 ciphers (sorted by id) */ -static const SSL_CIPHER ssl3_ciphers[] = { +/* TLSv1.3 downgrade protection sentinel values */ +const unsigned char tls11downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 +}; +const unsigned char tls12downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 +}; -/* The RSA ciphers */ -/* Cipher 01 */ +/* + * The list of available ciphers, mostly organized into the following + * groups: + * Always there + * EC + * PSK + * SRP (within that: RSA EC PSK) + * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED + * Weak ciphers + */ +static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_NULL_MD5, @@ -171,14 +85,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_MD5, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - -/* Cipher 02 */ { 1, SSL3_TXT_RSA_NULL_SHA, @@ -187,64 +100,14 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - -/* Cipher 04 */ - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 05 */ - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 07 */ -#ifndef OPENSSL_NO_IDEA - { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - -/* Cipher 0A */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, @@ -253,14 +116,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - -/* Cipher 13 */ { 1, SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, @@ -269,14 +131,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - -/* Cipher 16 */ { 1, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, @@ -285,30 +146,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - -/* Cipher 18 */ - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kDHE, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 1B */ { 1, SSL3_TXT_ADH_DES_192_CBC_SHA, @@ -317,62 +161,14 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, -#ifndef OPENSSL_NO_PSK - /* Cipher 2C */ - { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA, - TLS1_CK_PSK_WITH_NULL_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - /* Cipher 2D */ - { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA, - TLS1_CK_DHE_PSK_WITH_NULL_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - /* Cipher 2E */ - { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA, - TLS1_CK_RSA_PSK_WITH_NULL_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, #endif - -/* New AES ciphersuites */ -/* Cipher 2F */ { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, @@ -381,13 +177,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -/* Cipher 32 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, @@ -396,13 +192,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES128, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -/* Cipher 33 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, @@ -411,13 +207,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -/* Cipher 34 */ { 1, TLS1_TXT_ADH_WITH_AES_128_SHA, @@ -426,14 +222,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES128, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - -/* Cipher 35 */ { 1, TLS1_TXT_RSA_WITH_AES_256_SHA, @@ -442,14 +237,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - -/* Cipher 38 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, @@ -458,14 +252,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES256, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - -/* Cipher 39 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, @@ -474,14 +267,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher 3A */ { 1, TLS1_TXT_ADH_WITH_AES_256_SHA, @@ -490,15 +282,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES256, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* TLS v1.2 ciphersuites */ - /* Cipher 3B */ { 1, TLS1_TXT_RSA_WITH_NULL_SHA256, @@ -507,14 +297,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher 3C */ { 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, @@ -523,14 +312,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher 3D */ { 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, @@ -539,14 +327,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA256, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher 40 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, @@ -555,83 +342,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -#ifndef OPENSSL_NO_CAMELLIA - /* Camellia ciphersuites from RFC4132 (128-bit portion) */ - - /* Cipher 41 */ - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 44 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 45 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 46 */ - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_HIGH, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -#endif /* OPENSSL_NO_CAMELLIA */ - - /* TLS v1.2 ciphersuites */ - /* Cipher 67 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, @@ -640,14 +357,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher 6A */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, @@ -656,14 +372,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES256, SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher 6B */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, @@ -672,14 +387,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA256, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher 6C */ { 1, TLS1_TXT_ADH_WITH_AES_128_SHA256, @@ -688,14 +402,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher 6D */ { 1, TLS1_TXT_ADH_WITH_AES_256_SHA256, @@ -704,1487 +417,1279 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES256, SSL_SHA256, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* GOST Ciphersuites */ -#ifndef OPENSL_NO_GOST - { - 1, - "GOST2001-GOST89-GOST89", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST2001-NULL-GOST94", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, - 0, - 0 - }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - /* Camellia ciphersuites from RFC4132 (256-bit portion) */ - - /* Cipher 84 */ { 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, }, - - /* Cipher 87 */ { 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher 88 */ { 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, }, - - /* Cipher 89 */ { 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#endif /* OPENSSL_NO_CAMELLIA */ - -#ifndef OPENSSL_NO_PSK - /* PSK ciphersuites from RFC 4279 */ - /* Cipher 8A */ { 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 8B */ { 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher 8C */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 8D */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aNULL, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher 8E */ { 1, - TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_RSA_WITH_AES_128_CCM, + TLS1_CK_RSA_WITH_AES_128_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 8F */ { 1, - TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + TLS1_TXT_RSA_WITH_AES_256_CCM, + TLS1_CK_RSA_WITH_AES_256_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, }, - - /* Cipher 90 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 91 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher 92 */ { 1, - TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, - TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, - SSL_kRSAPSK, + TLS1_TXT_RSA_WITH_AES_128_CCM_8, + TLS1_CK_RSA_WITH_AES_128_CCM_8, + SSL_kRSA, SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 93 */ { 1, - TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kRSAPSK, + TLS1_TXT_RSA_WITH_AES_256_CCM_8, + TLS1_CK_RSA_WITH_AES_256_CCM_8, + SSL_kRSA, SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, }, - - /* Cipher 94 */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, - SSL_kRSAPSK, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, + SSL_kDHE, SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 95 */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, - SSL_kRSAPSK, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, + SSL_kDHE, SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_SEED - /* SEED ciphersuites from RFC4162 */ - - /* Cipher 96 */ { 1, - TLS1_TXT_RSA_WITH_SEED_SHA, - TLS1_CK_RSA_WITH_SEED_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL_SSLV3, - SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_PSK_WITH_AES_128_CCM, + TLS1_CK_PSK_WITH_AES_128_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 99 */ { 1, - TLS1_TXT_DHE_DSS_WITH_SEED_SHA, - TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_SEED, - SSL_SHA1, - SSL_SSLV3, - SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + TLS1_TXT_PSK_WITH_AES_256_CCM, + TLS1_CK_PSK_WITH_AES_256_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, }, - - /* Cipher 9A */ { 1, - TLS1_TXT_DHE_RSA_WITH_SEED_SHA, - TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL_SSLV3, - SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 9B */ { 1, - TLS1_TXT_ADH_WITH_SEED_SHA, - TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_SEED, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, }, - -#endif /* OPENSSL_NO_SEED */ - - /* GCM ciphersuites from RFC5288 */ - - /* Cipher 9C */ { 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, + TLS1_TXT_PSK_WITH_AES_128_CCM_8, + TLS1_CK_PSK_WITH_AES_128_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 9D */ { 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_AES256GCM, + TLS1_TXT_PSK_WITH_AES_256_CCM_8, + TLS1_CK_PSK_WITH_AES_256_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher 9E */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES128GCM, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 9F */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aRSA, - SSL_AES256GCM, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher A2 */ { 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES128GCM, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher A3 */ { 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aDSS, - SSL_AES256GCM, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher A6 */ { 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES128GCM, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher A7 */ { 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aNULL, - SSL_AES256GCM, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, -#ifndef OPENSSL_NO_PSK - /* PSK ciphersuites from RFC5487 */ - - /* Cipher A8 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, - SSL_kPSK, - SSL_aPSK, + TLS1_3_TXT_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + 0, 0, SSL_AES128GCM, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_3_VERSION, TLS1_3_VERSION, + SSL_kANY, + SSL_aANY, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, 128, 128, }, - - /* Cipher A9 */ { 1, - TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, - SSL_kPSK, - SSL_aPSK, + TLS1_3_TXT_AES_256_GCM_SHA384, + TLS1_3_CK_AES_256_GCM_SHA384, + SSL_kANY, + SSL_aANY, SSL_AES256GCM, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384, 256, 256, }, - - /* Cipher AA */ +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128GCM, + TLS1_3_TXT_CHACHA20_POLY1305_SHA256, + TLS1_3_CK_CHACHA20_POLY1305_SHA256, + SSL_kANY, + SSL_aANY, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 256, + 256, }, - - /* Cipher AB */ +#endif { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256GCM, + TLS1_3_TXT_AES_128_CCM_SHA256, + TLS1_3_CK_AES_128_CCM_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128CCM, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, }, - - /* Cipher AC */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128GCM, + TLS1_3_TXT_AES_128_CCM_8_SHA256, + TLS1_3_CK_AES_128_CCM_8_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128CCM8, SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, 128, 128, }, - /* Cipher AD */ +#ifndef OPENSSL_NO_EC { 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, }, - - /* Cipher AE */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +# endif + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, SSL_AES128, - SSL_SHA256, - SSL_TLSV1, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher AF */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, SSL_AES256, - SSL_SHA384, - SSL_TLSV1, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher B0 */ { 1, - TLS1_TXT_PSK_WITH_NULL_SHA256, - TLS1_CK_PSK_WITH_NULL_SHA256, - SSL_kPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aRSA, SSL_eNULL, - SSL_SHA256, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher B1 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_PSK_WITH_NULL_SHA384, - TLS1_CK_PSK_WITH_NULL_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, }, - - /* Cipher B2 */ +# endif { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, SSL_AES128, - SSL_SHA256, - SSL_TLSV1, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher B3 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, SSL_AES256, - SSL_SHA384, - SSL_TLSV1, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher B4 */ { 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, - TLS1_CK_DHE_PSK_WITH_NULL_SHA256, - SSL_kDHEPSK, - SSL_aPSK, + TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_CK_ECDH_anon_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aNULL, SSL_eNULL, - SSL_SHA256, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher B5 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, - TLS1_CK_DHE_PSK_WITH_NULL_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, }, - - /* Cipher B6 */ +# endif { 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, - SSL_kRSAPSK, - SSL_aRSA, + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, SSL_AES128, - SSL_SHA256, - SSL_TLSV1, - SSL_HIGH | SSL_FIPS, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher B7 */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, SSL_AES256, - SSL_SHA384, - SSL_TLSV1, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher B8 */ { 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, - TLS1_CK_RSA_PSK_WITH_NULL_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, SSL_SHA256, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, }, - - /* Cipher B9 */ { 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, - TLS1_CK_RSA_PSK_WITH_NULL_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, SSL_SHA384, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + 256, + 256, }, -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_CAMELLIA - /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ - - /* Cipher BA */ { 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSA, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + SSL_kECDHE, SSL_aRSA, - SSL_CAMELLIA128, + SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher BD */ { 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher BE */ { 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher BF */ { 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C0 */ - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - - /* Cipher C3 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C4 */ { 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + 128, + 128, }, - - /* Cipher C5 */ { 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#endif +#endif /* OPENSSL_NO_EC */ -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL - /* Cipher FF */ +#ifndef OPENSSL_NO_PSK { 1, - "SCSV", - SSL3_CK_SCSV, - 0, - 0, - 0, - 0, - 0, - 0, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, - 0}, -#endif - -#ifndef OPENSSL_NO_EC - - /* Cipher C006 */ + }, { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_CK_DHE_PSK_WITH_NULL_SHA, + SSL_kDHEPSK, + SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher C007 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_RC4, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_CK_RSA_PSK_WITH_NULL_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + 0, + 0, }, - - /* Cipher C008 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kPSK, + SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - - /* Cipher C009 */ +# endif { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, + SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C00A */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, + SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher C010 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_eNULL, + TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + 112, + 168, }, - - /* Cipher C011 */ +# endif { 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_RC4, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C012 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kRSAPSK, SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - - /* Cipher C013 */ +# endif { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, + SSL_kRSAPSK, SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C014 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, + SSL_kRSAPSK, SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher C015 */ { 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, }, - - /* Cipher C016 */ { 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher C017 */ { 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - - /* Cipher C018 */ - { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C019 */ { 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#endif /* OPENSSL_NO_EC */ - -#ifndef OPENSSL_NO_SRP - /* Cipher C01A */ - { - 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - - /* Cipher C01B */ { 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, + TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, + SSL_kRSAPSK, SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - - /* Cipher C01C */ - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - - /* Cipher C01D */ - { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C01E */ { 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - SSL_kSRP, + TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, + SSL_kRSAPSK, SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher C01F */ { 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aDSS, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C020 */ { 1, - TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aSRP, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C021 */ { 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, + TLS1_TXT_PSK_WITH_NULL_SHA256, + TLS1_CK_PSK_WITH_NULL_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + 0, + 0, }, - - /* Cipher C022 */ { 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + TLS1_TXT_PSK_WITH_NULL_SHA384, + TLS1_CK_PSK_WITH_NULL_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, }, -#endif /* OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_EC - - /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C023 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C024 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, SSL_AES256, SSL_SHA384, - SSL_TLSV1_2, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - - /* Cipher C027 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kECDHE, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, + TLS1_CK_DHE_PSK_WITH_NULL_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, + TLS1_CK_DHE_PSK_WITH_NULL_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, + SSL_kRSAPSK, SSL_aRSA, SSL_AES128, SSL_SHA256, - SSL_TLSV1_2, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C028 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, + SSL_kRSAPSK, SSL_aRSA, SSL_AES256, SSL_SHA384, - SSL_TLSV1_2, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* GCM based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C02B */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C02C */ - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C02F */ - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, + TLS1_CK_RSA_PSK_WITH_NULL_SHA256, + SSL_kRSAPSK, SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, }, - - /* Cipher C030 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, + TLS1_CK_RSA_PSK_WITH_NULL_SHA384, + SSL_kRSAPSK, SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - - /* PSK ciphersuites from RFC 5489 */ - /* Cipher C033 */ - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + 0, + 0, }, - - /* Cipher C034 */ +# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, @@ -2193,14 +1698,14 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - - /* Cipher C035 */ +# endif { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, @@ -2209,14 +1714,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C036 */ { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, @@ -2225,14 +1729,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_SSLV3, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher C037 */ { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, @@ -2241,14 +1744,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C038 */ { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, @@ -2257,14 +1759,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA384, - SSL_TLSV1, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C039 */ { 1, TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, @@ -2273,14 +1774,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher C03A */ { 1, TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, @@ -2289,14 +1789,13 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA256, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher C03B */ { 1, TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, @@ -2305,651 +1804,1044 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA384, - SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, }, +# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_PSK */ -# ifndef OPENSSL_NO_CAMELLIA - { /* Cipher C072 */ - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128}, - - { /* Cipher C073 */ +#ifndef OPENSSL_NO_SRP +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256}, - - { /* Cipher C076 */ + TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, + TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128}, - - { /* Cipher C077 */ + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256}, - -# endif /* OPENSSL_NO_CAMELLIA */ -#endif /* OPENSSL_NO_EC */ - -#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK) - { /* Cipher C094 */ + TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +# endif + { 1, - TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1, + TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, - 128}, - - { /* Cipher C095 */ + 128, + }, + { 1, - TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - SSL_TLSV1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256}, - - { /* Cipher C096 */ + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1, - SSL_HIGH, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, - 128}, - - { /* Cipher C097 */ + 128, + }, + { 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - SSL_TLSV1, + TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, - 256}, - - { /* Cipher C098 */ + 256, + }, + { 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSAPSK, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + SSL_kSRP, SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128}, - - { /* Cipher C099 */ + 256, + 256, + }, + { 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - SSL_TLSV1, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256}, - - { /* Cipher C09A */ - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1, - SSL_HIGH, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128}, - - { /* Cipher C09B */ - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - SSL_TLSV1, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - 256}, -#endif + 256, + }, +#endif /* OPENSSL_NO_SRP */ - /* Cipher C09C */ +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# ifndef OPENSSL_NO_RSA { 1, - TLS1_TXT_RSA_WITH_AES_128_CCM, - TLS1_CK_RSA_WITH_AES_128_CCM, - SSL_kRSA, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kDHE, SSL_aRSA, - SSL_AES128CCM, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, +# endif /* OPENSSL_NO_RSA */ - /* Cipher C09D */ +# ifndef OPENSSL_NO_EC { 1, - TLS1_TXT_RSA_WITH_AES_256_CCM, - TLS1_CK_RSA_WITH_AES_256_CCM, - SSL_kRSA, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, SSL_aRSA, - SSL_AES256CCM, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher C09E */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aECDSA, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, +# endif /* OPENSSL_NO_EC */ - /* Cipher C09F */ +# ifndef OPENSSL_NO_PSK { 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES256CCM, + TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_PSK_WITH_CHACHA20_POLY1305, + SSL_kPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher C0A0 */ { 1, - TLS1_TXT_RSA_WITH_AES_128_CCM_8, - TLS1_CK_RSA_WITH_AES_128_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES128CCM8, + TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, - - /* Cipher C0A1 */ { 1, - TLS1_TXT_RSA_WITH_AES_256_CCM_8, - TLS1_CK_RSA_WITH_AES_256_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES256CCM8, + TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher C0A2 */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, - SSL_kDHE, + TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + SSL_kRSAPSK, SSL_aRSA, - SSL_AES128CCM8, + SSL_CHACHA20POLY1305, SSL_AEAD, - SSL_TLSV1_2, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, +# endif /* OPENSSL_NO_PSK */ +#endif /* !defined(OPENSSL_NO_CHACHA) && + * !defined(OPENSSL_NO_POLY1305) */ - /* Cipher C0A3 */ +#ifndef OPENSSL_NO_CAMELLIA { 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, - SSL_kDHE, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSA, SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + 128, + 128, }, - - /* Cipher C0A4 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CCM, - TLS1_CK_PSK_WITH_AES_128_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C0A4 */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CCM, - TLS1_CK_PSK_WITH_AES_256_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kEDH, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + 128, + 128, }, - - /* Cipher C0A6 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C0A7 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher C0A8 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CCM_8, - TLS1_CK_PSK_WITH_AES_128_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, - - /* Cipher C0A9 */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CCM_8, - TLS1_CK_PSK_WITH_AES_256_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kEDH, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher C0AA */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, - - /* Cipher C0AB */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, - /* Cipher C0AC */ +# ifndef OPENSSL_NO_EC { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHE, SSL_aECDSA, - SSL_AES128CCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C0AD */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHE, SSL_aECDSA, - SSL_AES256CCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C0AE */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHE, - SSL_aECDSA, - SSL_AES128CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C0AF */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHE, - SSL_aECDSA, - SSL_AES256CCM8, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) -# ifndef OPENSSL_NO_EC - /* Cipher CCA8 as per draft-ietf-tls-chacha20-poly1305-03 */ +# endif /* OPENSSL_NO_EC */ + +# ifndef OPENSSL_NO_PSK { 1, - TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kECDHE, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - /* Cipher CCA9 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - SSL_kECDHE, - SSL_aECDSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -# endif -# ifndef OPENSSL_NO_RSA - /* Cipher CCAA */ { 1, - TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kDHE, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSAPSK, SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -# endif -# ifndef OPENSSL_NO_PSK - /* Cipher CCAB */ { 1, - TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_PSK_WITH_CHACHA20_POLY1305, - SSL_kPSK, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHEPSK, SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, +# endif /* OPENSSL_NO_PSK */ + +#endif /* OPENSSL_NO_CAMELLIA */ + +#ifndef OPENSSL_NO_GOST + { + 1, + "GOST2001-GOST89-GOST89", + 0x3000081, + SSL_kGOST, + SSL_aGOST01, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, 256, }, - /* Cipher CCAC */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, + "GOST2001-NULL-GOST94", + 0x3000083, + SSL_kGOST, + SSL_aGOST01, + SSL_eNULL, + SSL_GOST94, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, + 0, + 0, + }, + { + 1, + "GOST2012-GOST8912-GOST8912", + 0x0300ff85, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, 256, }, - /* Cipher CCAD */ { 1, - TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kDHEPSK, + "GOST2012-NULL-GOST12", + 0x0300ff87, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eNULL, + SSL_GOST12_256, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 0, + 0, + }, +#endif /* OPENSSL_NO_GOST */ + +#ifndef OPENSSL_NO_IDEA + { + 1, + SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_CK_RSA_IDEA_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_IDEA, + SSL_SHA1, + SSL3_VERSION, TLS1_1_VERSION, + DTLS1_BAD_VER, DTLS1_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +#endif + +#ifndef OPENSSL_NO_SEED + { + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +#endif /* OPENSSL_NO_SEED */ + +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kDHE, + SSL_aNULL, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + +# ifndef OPENSSL_NO_EC + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +# endif /* OPENSSL_NO_EC */ + +# ifndef OPENSSL_NO_PSK + { + 1, + TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_CK_PSK_WITH_RC4_128_SHA, + SSL_kPSK, SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, }, - /* Cipher CCAE */ { 1, - TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, + TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, SSL_kRSAPSK, SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, }, -# endif -#endif -#ifndef OPENSSL_NO_GOST { 1, - "GOST2012-GOST8912-GOST8912", - 0x0300ff85, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eGOST2814789CNT12, - SSL_GOST89MAC12, - SSL_TLSV1, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256}, + TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +# endif /* OPENSSL_NO_PSK */ + +#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ + +}; + +/* + * The list of known Signalling Cipher-Suite Value "ciphers", non-valid + * values stuffed into the ciphers field of the wire protocol for signalling + * purposes. + */ +static SSL_CIPHER ssl3_scsvs[] = { { - 1, - "GOST2012-NULL-GOST12", - 0x0300ff87, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eNULL, - SSL_GOST12_256, - SSL_TLSV1, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 0, - 0}, -#endif - -/* end of list */ + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + SSL3_CK_SCSV, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + }, + { + 0, + "TLS_FALLBACK_SCSV", + SSL3_CK_FALLBACK_SCSV, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + }, }; +static int cipher_compare(const void *a, const void *b) +{ + const SSL_CIPHER *ap = (const SSL_CIPHER *)a; + const SSL_CIPHER *bp = (const SSL_CIPHER *)b; + + return ap->id - bp->id; +} + +void ssl_sort_cipher_list(void) +{ + qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0], + cipher_compare); + qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare); +} + const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_enc, n_ssl3_mac, @@ -2957,7 +2849,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_generate_master_secret, ssl3_change_cipher_state, ssl3_final_finish_mac, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, @@ -2965,8 +2856,8 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, 0, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, + tls_close_construct_packet, ssl3_handshake_write }; @@ -2992,15 +2883,18 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) return (NULL); } -int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) +int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) { - unsigned char *p = (unsigned char *)s->init_buf->data; - *(p++) = htype; - l2n3(len, p); - s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; - s->init_off = 0; + /* No header in the event of a CCS */ + if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) + return 1; + + /* Set the content type and 3 bytes for the message len */ + if (!WPACKET_put_bytes_u8(pkt, htype) + || !WPACKET_start_sub_packet_u24(pkt)) + return 0; - return 1; + return 1; } int ssl3_handshake_write(SSL *s) @@ -3018,7 +2912,7 @@ int ssl3_new(SSL *s) #ifndef OPENSSL_NO_SRP if (!SSL_SRP_CTX_init(s)) - goto err; + goto err; #endif s->method->ssl_clear(s); return (1); @@ -3040,12 +2934,14 @@ void ssl3_free(SSL *s) s->s3->tmp.pkey = NULL; #endif - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.ctype); + sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); OPENSSL_free(s->s3->tmp.peer_sigalgs); ssl3_free_digest_list(s); OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_proposed); #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); @@ -3057,45 +2953,33 @@ void ssl3_free(SSL *s) void ssl3_clear(SSL *s) { ssl3_cleanup_key_block(s); - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.ctype); + sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); OPENSSL_free(s->s3->tmp.ciphers_raw); - s->s3->tmp.ciphers_raw = NULL; OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); - s->s3->tmp.pms = NULL; OPENSSL_free(s->s3->tmp.peer_sigalgs); - s->s3->tmp.peer_sigalgs = NULL; -#ifndef OPENSSL_NO_EC - s->s3->is_probably_safari = 0; -#endif #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; EVP_PKEY_free(s->s3->peer_tmp); - s->s3->peer_tmp = NULL; -#endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_EC */ ssl3_free_digest_list(s); - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_proposed); + /* NULL/zero-out everything in the s3 struct */ memset(s->s3, 0, sizeof(*s->s3)); ssl_free_wbio_buffer(s); - s->s3->renegotiate = 0; - s->s3->total_renegotiations = 0; - s->s3->num_renegotiations = 0; - s->s3->in_read_app_data = 0; s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; + OPENSSL_free(s->ext.npn); + s->ext.npn = NULL; + s->ext.npn_len = 0; #endif } @@ -3106,8 +2990,7 @@ static char *srp_password_from_info_cb(SSL *s, void *arg) } #endif -static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, - size_t len); +static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { @@ -3181,8 +3064,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, &nid, 1); } break; @@ -3191,8 +3074,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg == TLSEXT_NAMETYPE_host_name) { size_t len; - OPENSSL_free(s->tlsext_hostname); - s->tlsext_hostname = NULL; + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; ret = 1; if (parg == NULL) @@ -3202,7 +3085,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) { + if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); return 0; } @@ -3212,65 +3095,57 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->tlsext_debug_arg = parg; + s->ext.debug_arg = parg; ret = 1; break; + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: + ret = s->ext.status_type; + break; + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - s->tlsext_status_type = larg; + s->ext.status_type = larg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; + *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - s->tlsext_ocsp_exts = parg; + s->ext.ocsp.exts = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; + *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - s->tlsext_ocsp_ids = parg; + s->ext.ocsp.ids = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - *(unsigned char **)parg = s->tlsext_ocsp_resp; - return s->tlsext_ocsp_resplen; + *(unsigned char **)parg = s->ext.ocsp.resp; + if (s->ext.ocsp.resp_len == 0 + || s->ext.ocsp.resp_len > LONG_MAX) + return -1; + return (long)s->ext.ocsp.resp_len; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = parg; - s->tlsext_ocsp_resplen = larg; + OPENSSL_free(s->ext.ocsp.resp); + s->ext.ocsp.resp = parg; + s->ext.ocsp.resp_len = larg; ret = 1; break; #ifndef OPENSSL_NO_HEARTBEATS case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT: - if (SSL_IS_DTLS(s)) - ret = dtls1_heartbeat(s); - break; - case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING: - if (SSL_IS_DTLS(s)) - ret = s->tlsext_hb_pending; - break; - case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS: - if (SSL_IS_DTLS(s)) { - if (larg) - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - else - s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - ret = 1; - } break; #endif @@ -3295,12 +3170,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CURRENT_CERT: if (larg == SSL_CERT_SET_SERVER) { - CERT_PKEY *cpk; const SSL_CIPHER *cipher; if (!s->server) return 0; cipher = s->s3->tmp.new_cipher; - if (!cipher) + if (cipher == NULL) return 0; /* * No certificate for unauthenticated ciphersuites or using SRP @@ -3308,30 +3182,31 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) */ if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) return 2; - cpk = ssl_get_server_send_pkey(s); - if (!cpk) + if (s->s3->tmp.cert == NULL) return 0; - s->cert->key = cpk; + s->cert->key = s->s3->tmp.cert; return 1; } return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC - case SSL_CTRL_GET_CURVES: + case SSL_CTRL_GET_GROUPS: { unsigned char *clist; size_t clistlen; + if (!s->session) return 0; - clist = s->session->tlsext_ellipticcurvelist; - clistlen = s->session->tlsext_ellipticcurvelist_length / 2; + clist = s->session->ext.supportedgroups; + clistlen = s->session->ext.supportedgroups_len / 2; if (parg) { size_t i; int *cptr = parg; unsigned int cid, nid; for (i = 0; i < clistlen; i++) { n2s(clist, cid); - nid = tls1_ec_curve_id2nid(cid); + /* TODO(TLS1.3): Handle DH groups here */ + nid = tls1_ec_curve_id2nid(cid, NULL); if (nid != 0) cptr[i] = nid; else @@ -3341,18 +3216,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, - parg, larg); + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, - parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, parg); - case SSL_CTRL_GET_SHARED_CURVE: - return tls1_shared_curve(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: + return tls1_shared_group(s, larg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3372,14 +3245,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) const unsigned char **pctype = parg; if (s->server || !s->s3->tmp.cert_req) return 0; - if (s->cert->ctypes) { - if (pctype) - *pctype = s->cert->ctypes; - return (int)s->cert->ctype_num; - } if (pctype) - *pctype = (unsigned char *)s->s3->tmp.ctype; - return s->s3->tmp.ctype_num; + *pctype = s->s3->tmp.ctype; + return s->s3->tmp.ctype_len; } case SSL_CTRL_SET_CLIENT_CERT_TYPES: @@ -3397,20 +3265,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_cert_store(s->cert, parg, 1, larg); case SSL_CTRL_GET_PEER_SIGNATURE_NID: - if (SSL_USE_SIGALGS(s)) { - if (s->session) { - const EVP_MD *sig; - sig = s->s3->tmp.peer_md; - if (sig) { - *(int *)parg = EVP_MD_type(sig); - return 1; - } - } - return 0; - } - /* Might want to do something here for other versions */ - else + if (s->s3->tmp.peer_sigalg == NULL) return 0; + *(int *)parg = s->s3->tmp.peer_sigalg->hash; + return 1; case SSL_CTRL_GET_SERVER_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) @@ -3429,10 +3287,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { SSL_SESSION *sess = s->session; const unsigned char **pformat = parg; - if (!sess || !sess->tlsext_ecpointformatlist) + + if (sess == NULL || sess->ext.ecpointformats == NULL) return 0; - *pformat = sess->tlsext_ecpointformatlist; - return (int)sess->tlsext_ecpointformatlist_length; + *pformat = sess->ext.ecpointformats; + return (int)sess->ext.ecpointformats_len; } #endif @@ -3455,8 +3314,8 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) break; #endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb = (void (*)(SSL *, int, int, - const unsigned char *, int, void *))fp; + s->ext.debug_cb = (void (*)(SSL *, int, int, + const unsigned char *, int, void *))fp; break; case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: @@ -3497,9 +3356,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->cert->dh_tmp = pkdh; return 1; } - /* - * break; - */ case SSL_CTRL_SET_TMP_DH_CB: { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -3527,41 +3383,70 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, &nid, 1); } - /* break; */ #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg = parg; + ctx->ext.servername_arg = parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { unsigned char *keys = parg; - if (!keys) - return 48; - if (larg != 48) { + long tick_keylen = (sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.tick_hmac_key) + + sizeof(ctx->ext.tick_aes_key)); + if (keys == NULL) + return tick_keylen; + if (larg != tick_keylen) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { - memcpy(ctx->tlsext_tick_key_name, keys, 16); - memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); - memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); + memcpy(ctx->ext.tick_key_name, keys, + sizeof(ctx->ext.tick_key_name)); + memcpy(ctx->ext.tick_hmac_key, + keys + sizeof(ctx->ext.tick_key_name), + sizeof(ctx->ext.tick_hmac_key)); + memcpy(ctx->ext.tick_aes_key, + keys + sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.tick_hmac_key), + sizeof(ctx->ext.tick_aes_key)); } else { - memcpy(keys, ctx->tlsext_tick_key_name, 16); - memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); - memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); + memcpy(keys, ctx->ext.tick_key_name, + sizeof(ctx->ext.tick_key_name)); + memcpy(keys + sizeof(ctx->ext.tick_key_name), + ctx->ext.tick_hmac_key, + sizeof(ctx->ext.tick_hmac_key)); + memcpy(keys + sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.tick_hmac_key), + ctx->ext.tick_aes_key, + sizeof(ctx->ext.tick_aes_key)); } return 1; } + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: + return ctx->ext.status_type; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: + ctx->ext.status_type = larg; + break; + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg = parg; + ctx->ext.status_arg = parg; return 1; + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: + *(void**)parg = ctx->ext.status_arg; + break; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: + *(int (**)(SSL*, void*))parg = ctx->ext.status_cb; + break; + #ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: ctx->srp_ctx.srp_Mask |= SSL_kSRP; @@ -3569,8 +3454,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->srp_ctx.login = NULL; if (parg == NULL) break; - if (strlen((const char *)parg) > 255 - || strlen((const char *)parg) < 1) { + if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); return 0; } @@ -3595,14 +3479,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, parg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3632,10 +3516,15 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) { - if ((ctx->extra_certs = sk_X509_new_null()) == NULL) - return (0); + if ((ctx->extra_certs = sk_X509_new_null()) == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + } + if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE); + return 0; } - sk_X509_push(ctx->extra_certs, (X509 *)parg); break; case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: @@ -3689,15 +3578,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) break; #endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; + ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; + ctx->ext.status_cb = (int (*)(SSL *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, + ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; @@ -3730,60 +3619,67 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) return (1); } -/* - * This function needs to check if the ciphers required are actually - * available - */ -const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) { SSL_CIPHER c; const SSL_CIPHER *cp; - uint32_t id; - id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]; c.id = id; cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); -#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES - if (cp == NULL) - fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); -#endif - return cp; + if (cp != NULL) + return cp; + return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS); } -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +/* + * This function needs to check if the ciphers required are actually + * available + */ +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { - long l; + return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG + | ((uint32_t)p[0] << 8L) + | (uint32_t)p[1]); +} - if (p != NULL) { - l = c->id; - if ((l & 0xff000000) != 0x03000000) - return (0); - p[0] = ((unsigned char)(l >> 8L)) & 0xFF; - p[1] = ((unsigned char)(l)) & 0xFF; +int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +{ + if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) { + *len = 0; + return 1; } - return (2); + + if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff)) + return 0; + + *len = 2; + return 1; } +/* + * ssl3_choose_cipher - choose a cipher from those offered by the client + * @s: SSL connection + * @clnt: ciphers offered by the client + * @srvr: ciphers enabled on the server? + * + * Returns the selected cipher or NULL when no common ciphers. + */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) + STACK_OF(SSL_CIPHER) *srvr) { const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok; - unsigned long alg_k, alg_a, mask_k, mask_a; + unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a; /* Let's see which ciphers we can support */ -#if 0 /* * Do not set the compare functions, because this may lead to a * reordering by "id". We want to keep the original ordering. We may pay * a price in performance during sk_SSL_CIPHER_find(), but would have to * pay with the price of sk_SSL_CIPHER_dup(). */ - sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); -#endif #ifdef CIPHER_DEBUG fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), @@ -3809,53 +3705,60 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } tls1_set_cert_validity(s); + ssl_set_masks(s); for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); - /* Skip TLS v1.2 only ciphersuites if not supported */ - if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) + /* Skip ciphers not supported by the protocol version */ + if (!SSL_IS_DTLS(s) && + ((s->version < c->min_tls) || (s->version > c->max_tls))) continue; - /* Skip TLS v1.0 ciphersuites if SSLv3 */ - if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION) + if (SSL_IS_DTLS(s) && + (DTLS_VERSION_LT(s->version, c->min_dtls) || + DTLS_VERSION_GT(s->version, c->max_dtls))) continue; - - ssl_set_masks(s, c); - mask_k = s->s3->tmp.mask_k; - mask_a = s->s3->tmp.mask_a; + /* + * Since TLS 1.3 ciphersuites can be used with any auth or + * key exchange scheme skip tests. + */ + if (!SSL_IS_TLS13(s)) { + mask_k = s->s3->tmp.mask_k; + mask_a = s->s3->tmp.mask_a; #ifndef OPENSSL_NO_SRP - if (s->srp_ctx.srp_Mask & SSL_kSRP) { - mask_k |= SSL_kSRP; - mask_a |= SSL_aSRP; - } + if (s->srp_ctx.srp_Mask & SSL_kSRP) { + mask_k |= SSL_kSRP; + mask_a |= SSL_aSRP; + } #endif - alg_k = c->algorithm_mkey; - alg_a = c->algorithm_auth; + alg_k = c->algorithm_mkey; + alg_a = c->algorithm_auth; #ifndef OPENSSL_NO_PSK - /* with PSK there must be server callback set */ - if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) - continue; + /* with PSK there must be server callback set */ + if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) + continue; #endif /* OPENSSL_NO_PSK */ - ok = (alg_k & mask_k) && (alg_a & mask_a); + ok = (alg_k & mask_k) && (alg_a & mask_a); #ifdef CIPHER_DEBUG - fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, - alg_a, mask_k, mask_a, (void *)c, c->name); + fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, + alg_a, mask_k, mask_a, (void *)c, c->name); #endif -# ifndef OPENSSL_NO_EC - /* - * if we are considering an ECC cipher suite that uses an ephemeral - * EC key check it - */ - if (alg_k & SSL_kECDHE) - ok = ok && tls1_check_ec_tmp_key(s, c->id); -# endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_EC + /* + * if we are considering an ECC cipher suite that uses an ephemeral + * EC key check it + */ + if (alg_k & SSL_kECDHE) + ok = ok && tls1_check_ec_tmp_key(s, c->id); +#endif /* OPENSSL_NO_EC */ - if (!ok) - continue; + if (!ok) + continue; + } ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { /* Check security callback permits this cipher */ @@ -3877,76 +3780,71 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, return (ret); } -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) +int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) { - int ret = 0; uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ - if (s->cert->ctypes) { - memcpy(p, s->cert->ctypes, s->cert->ctype_num); - return (int)s->cert->ctype_num; - } + if (s->cert->ctype) + return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len); /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); alg_k = s->s3->tmp.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST - if (s->version >= TLS1_VERSION) { - if (alg_k & SSL_kGOST) { - p[ret++] = TLS_CT_GOST01_SIGN; - p[ret++] = TLS_CT_GOST12_SIGN; - p[ret++] = TLS_CT_GOST12_512_SIGN; - return (ret); - } - } + if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) + return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_RSA - p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) + return 0; # endif # ifndef OPENSSL_NO_DSA - p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + return 0; # endif #endif /* !OPENSSL_NO_DH */ } #ifndef OPENSSL_NO_RSA - if (!(alg_a & SSL_aRSA)) - p[ret++] = SSL3_CT_RSA_SIGN; + if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_DSA - if (!(alg_a & SSL_aDSS)) - p[ret++] = SSL3_CT_DSS_SIGN; + if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_EC /* * ECDSA certs can be used with RSA cipher suites too so we don't * need to check for SSL_kECDH or SSL_kECDHE */ - if (s->version >= TLS1_VERSION) { - if (!(alg_a & SSL_aECDSA)) - p[ret++] = TLS_CT_ECDSA_SIGN; - } + if (s->version >= TLS1_VERSION + && !(alg_a & SSL_aECDSA) + && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) + return 0; #endif - return (ret); + return 1; } static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) { - OPENSSL_free(c->ctypes); - c->ctypes = NULL; - if (!p || !len) + OPENSSL_free(c->ctype); + c->ctype = NULL; + c->ctype_len = 0; + if (p == NULL || len == 0) return 1; if (len > 0xff) return 0; - c->ctypes = OPENSSL_malloc(len); - if (c->ctypes == NULL) + c->ctype = OPENSSL_memdup(p, len); + if (c->ctype == NULL) return 0; - memcpy(c->ctypes, p, len); - c->ctype_num = len; + c->ctype_len = len; return 1; } @@ -3978,18 +3876,19 @@ int ssl3_shutdown(SSL *s) if (ret == -1) { /* * we only get to return -1 here the 2nd/Nth invocation, we must - * have already signalled return 0 upon a previous invoation, + * have already signalled return 0 upon a previous invocation, * return WANT_WRITE */ return (ret); } } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + size_t readbytes; /* * If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ + return -1; /* return WANT_READ */ } } @@ -4000,27 +3899,28 @@ int ssl3_shutdown(SSL *s) return (0); } -int ssl3_write(SSL *s, const void *buf, int len) +int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { clear_sys_error(); if (s->s3->renegotiate) - ssl3_renegotiate_check(s); + ssl3_renegotiate_check(s, 0); - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + written); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) +static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, + size_t *readbytes) { int ret; clear_sys_error(); if (s->s3->renegotiate) - ssl3_renegotiate_check(s); + ssl3_renegotiate_check(s, 0); s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek); + peek, readbytes); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -4032,22 +3932,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek); + len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; - return (ret); + return ret; } -int ssl3_read(SSL *s, void *buf, int len) +int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 0); + return ssl3_read_internal(s, buf, len, 0, readbytes); } -int ssl3_peek(SSL *s, void *buf, int len) +int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 1); + return ssl3_read_internal(s, buf, len, 1, readbytes); } int ssl3_renegotiate(SSL *s) @@ -4055,21 +3955,26 @@ int ssl3_renegotiate(SSL *s) if (s->handshake_func == NULL) return (1); - if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return (0); - s->s3->renegotiate = 1; return (1); } -int ssl3_renegotiate_check(SSL *s) +/* + * Check if we are waiting to do a renegotiation and if so whether now is a + * good time to do it. If |initok| is true then we are being called from inside + * the state machine so ignore the result of SSL_in_init(s). Otherwise we + * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we + * should do a renegotiation now and sets up the state machine for it. Otherwise + * returns 0. + */ +int ssl3_renegotiate_check(SSL *s, int initok) { int ret = 0; if (s->s3->renegotiate) { if (!RECORD_LAYER_read_pending(&s->rlayer) && !RECORD_LAYER_write_pending(&s->rlayer) - && !SSL_in_init(s)) { + && (initok || !SSL_in_init(s))) { /* * if we are the server, and we have sent a 'RENEGOTIATE' * message, we need to set the state machine into the renegotiate @@ -4082,7 +3987,7 @@ int ssl3_renegotiate_check(SSL *s) ret = 1; } } - return (ret); + return ret; } /* @@ -4093,7 +3998,10 @@ int ssl3_renegotiate_check(SSL *s) */ long ssl_get_algorithm2(SSL *s) { - long alg2 = s->s3->tmp.new_cipher->algorithm2; + long alg2; + if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL) + return -1; + alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; @@ -4108,9 +4016,10 @@ long ssl_get_algorithm2(SSL *s) * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on * failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, + DOWNGRADE dgrd) { - int send_time = 0; + int send_time = 0, ret; if (len < 4) return 0; @@ -4122,17 +4031,33 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) unsigned long Time = (unsigned long)time(NULL); unsigned char *p = result; l2n(Time, p); - return RAND_bytes(p, len - 4); - } else - return RAND_bytes(result, len); + /* TODO(size_t): Convert this */ + ret = RAND_bytes(p, (int)(len - 4)); + } else { + ret = RAND_bytes(result, (int)len); + } +#ifndef OPENSSL_NO_TLS13DOWNGRADE + if (ret) { + assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len); + if (dgrd == DOWNGRADE_TO_1_2) + memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, + sizeof(tls12downgrade)); + else if (dgrd == DOWNGRADE_TO_1_1) + memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, + sizeof(tls11downgrade)); + } +#endif + return ret; } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { -#ifndef OPENSSL_NO_PSK unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + int ret = 0; + if (alg_k & SSL_PSK) { +#ifndef OPENSSL_NO_PSK unsigned char *pskpms, *t; size_t psklen = s->s3->tmp.psklen; size_t pskpmslen; @@ -4145,10 +4070,8 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, pskpmslen = 4 + pmslen + psklen; pskpms = OPENSSL_malloc(pskpmslen); - if (pskpms == NULL) { - s->session->master_key_length = 0; + if (pskpms == NULL) goto err; - } t = pskpms; s2n(pmslen, t); if (alg_k & SSL_kPSK) @@ -4161,20 +4084,24 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pskpms, pskpmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key,pskpms, pskpmslen, + &s->session->master_key_length)) + goto err; OPENSSL_clear_free(pskpms, pskpmslen); - } else -#endif - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pms, pmslen); -#ifndef OPENSSL_NO_PSK - err: +#else + /* Should never happen */ + goto err; #endif + } else { + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, pms, pmslen, + &s->session->master_key_length)) + goto err; + } + + ret = 1; + err: if (pms) { if (free_pms) OPENSSL_clear_free(pms, pmslen); @@ -4183,44 +4110,67 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } if (s->server == 0) s->s3->tmp.pms = NULL; - return s->session->master_key_length >= 0; + return ret; } -/* Generate a private key from parameters or a curve NID */ -EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid) +/* Generate a private key from parameters */ +EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + + if (pm == NULL) + return NULL; + pctx = EVP_PKEY_CTX_new(pm, NULL); + if (pctx == NULL) + goto err; + if (EVP_PKEY_keygen_init(pctx) <= 0) + goto err; + if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + + err: + EVP_PKEY_CTX_free(pctx); + return pkey; +} +#ifndef OPENSSL_NO_EC +/* Generate a private key a curve ID */ +EVP_PKEY *ssl_generate_pkey_curve(int id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; - if (pm != NULL) { - pctx = EVP_PKEY_CTX_new(pm, NULL); + unsigned int curve_flags; + int nid = tls1_ec_curve_id2nid(id, &curve_flags); + + if (nid == 0) + goto err; + if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { + pctx = EVP_PKEY_CTX_new_id(nid, NULL); + nid = 0; } else { - /* - * Generate a new key for this curve. - * Should not be called if EC is disabled: if it is it will - * fail with an unknown algorithm error. - */ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); } if (pctx == NULL) goto err; if (EVP_PKEY_keygen_init(pctx) <= 0) goto err; -#ifndef OPENSSL_NO_EC - if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) + if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) goto err; -#endif - if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { EVP_PKEY_free(pkey); pkey = NULL; } - err: + err: EVP_PKEY_CTX_free(pctx); return pkey; } -/* Derive premaster or master secret for ECDH/DH */ -int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) +#endif + +/* Derive secrets for ECDH/DH */ +int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) { int rv = 0; unsigned char *pms = NULL; @@ -4245,19 +4195,32 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) goto err; - if (s->server) { - /* For server generate master secret and discard premaster */ - rv = ssl_generate_master_secret(s, pms, pmslen, 1); - pms = NULL; + if (gensecret) { + if (SSL_IS_TLS13(s)) { + /* + * If we are resuming then we already generated the early secret + * when we created the ClientHello, so don't recreate it. + */ + if (!s->hit) + rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, + 0, + (unsigned char *)&s->early_secret); + else + rv = 1; + + rv = rv && tls13_generate_handshake_secret(s, pms, pmslen); + } else { + rv = ssl_generate_master_secret(s, pms, pmslen, 0); + } } else { - /* For client just save premaster secret */ + /* Save premaster secret */ s->s3->tmp.pms = pms; s->s3->tmp.pmslen = pmslen; pms = NULL; rv = 1; } - err: + err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); return rv;