Add support for new TLS export ciphersuites.
authorBen Laurie <ben@openssl.org>
Sun, 21 Feb 1999 20:03:24 +0000 (20:03 +0000)
committerBen Laurie <ben@openssl.org>
Sun, 21 Feb 1999 20:03:24 +0000 (20:03 +0000)
16 files changed:
CHANGES
ssl/s23_srvr.c
ssl/s2_clnt.c
ssl/s2_lib.c
ssl/s2_srvr.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/ssl_sess.c
ssl/t1_enc.c
ssl/tls1.h

diff --git a/CHANGES b/CHANGES
index f46f964..000f671 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
   *) Add preliminary config info for new extension code.
      [Steve Henson]
 
index d1f49e5..a4d0f1c 100644 (file)
@@ -290,7 +290,7 @@ SSL *s;
                                                for (j=0; j<sk_num(sk); j++)
                                                        {
                                                        c=(SSL_CIPHER *)sk_value(sk,j);
-                                                       if (!(c->algorithms & SSL_EXP))
+                                                       if (!SSL_C_IS_EXPORT(c))
                                                                {
                                                                if ((c->id>>24L) == 2L)
                                                                        ne2=1;
index bbac33c..33112ee 100644 (file)
@@ -568,7 +568,7 @@ SSL *s;
 
                if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
                        enc=8;
-               else if (sess->cipher->algorithms & SSL_EXP)
+               else if (SSL_C_IS_EXPORT(sess->cipher))
                        enc=5;
                else
                        enc=i;
index 12b8458..282d8bd 100644 (file)
@@ -78,7 +78,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_NULL_WITH_MD5,
        SSL2_CK_NULL_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
+       SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -88,7 +88,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
        SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
+       SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
        SSL2_CF_5_BYTE_ENC,
        SSL_ALL_CIPHERS,
        },
@@ -97,7 +97,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_RC4_128_WITH_MD5,
        SSL2_CK_RC4_128_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+       SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -106,7 +106,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
        SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
+       SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
        SSL2_CF_5_BYTE_ENC,
        SSL_ALL_CIPHERS,
        },
@@ -115,7 +115,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_RC2_128_CBC_WITH_MD5,
        SSL2_CK_RC2_128_CBC_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+       SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -124,7 +124,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_IDEA_128_CBC_WITH_MD5,
        SSL2_CK_IDEA_128_CBC_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+       SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -133,7 +133,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_DES_64_CBC_WITH_MD5,
        SSL2_CK_DES_64_CBC_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+       SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -142,7 +142,7 @@ SSL_CIPHER ssl2_ciphers[]={
        1,
        SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
        SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+       SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
        0,
        SSL_ALL_CIPHERS,
        },
index 814e38f..73c19af 100644 (file)
@@ -401,7 +401,7 @@ SSL *s;
                &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
                (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
 
-       export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
+       export=SSL_C_IS_EXPORT(s->session->cipher);
        
        if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
                {
index b2649ed..cb63a9f 100644 (file)
@@ -1689,12 +1689,13 @@ SSL *s;
 #endif
 #endif
 
-       if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
+       if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
                {
 #ifndef NO_RSA
                if (algs & SSL_kRSA)
                        {
-                       if ((rsa == NULL) || (RSA_size(rsa) > 512))
+                       if (rsa == NULL
+                           || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
                                goto f_err;
@@ -1704,8 +1705,9 @@ SSL *s;
 #endif
 #ifndef NO_DH
                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                       {
-                       if ((dh == NULL) || (DH_size(dh) > 512))
+                           {
+                           if (dh == NULL
+                               || DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
                                goto f_err;
index a655e12..d79d927 100644 (file)
@@ -141,7 +141,7 @@ int which;
        MD5_CTX md;
        int exp,n,i,j,k,cl;
 
-       exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+       exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
        if (s->s3->tmp.new_compression == NULL)
@@ -213,7 +213,8 @@ int which;
        p=s->s3->tmp.key_block;
        i=EVP_MD_size(m);
        cl=EVP_CIPHER_key_length(c);
-       j=exp ? (cl < 5 ? cl : 5) : cl;
+       j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+                cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
        /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
        k=EVP_CIPHER_iv_length(c);
        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -283,7 +284,7 @@ SSL *s;
        unsigned char *p;
        EVP_CIPHER *c;
        EVP_MD *hash;
-       int num,exp;
+       int num;
        SSL_COMP *comp;
 
        if (s->s3->tmp.key_block_length != 0)
@@ -299,8 +300,6 @@ SSL *s;
        s->s3->tmp.new_hash=hash;
        s->s3->tmp.new_compression=comp;
 
-       exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
-
        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
        num*=2;
 
index c64b760..ffea4b5 100644 (file)
@@ -77,7 +77,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_NULL_MD5,
        SSL3_CK_RSA_NULL_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -86,7 +86,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_NULL_SHA,
        SSL3_CK_RSA_NULL_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -97,7 +97,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_RC4_40_MD5,
        SSL3_CK_ADH_RC4_40_MD5,
-       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -106,7 +106,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_RC4_128_MD5,
        SSL3_CK_ADH_RC4_128_MD5,
-       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -115,7 +115,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_DES_40_CBC_SHA,
        SSL3_CK_ADH_DES_40_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+       SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -124,7 +124,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_DES_64_CBC_SHA,
        SSL3_CK_ADH_DES_64_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -133,7 +133,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_DES_192_CBC_SHA,
        SSL3_CK_ADH_DES_192_CBC_SHA,
-       SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -144,7 +144,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_RC4_40_MD5,
        SSL3_CK_RSA_RC4_40_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -153,7 +153,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_RC4_128_MD5,
        SSL3_CK_RSA_RC4_128_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -162,7 +162,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_RC4_128_SHA,
        SSL3_CK_RSA_RC4_128_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+       SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -171,7 +171,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_RC2_40_MD5,
        SSL3_CK_RSA_RC2_40_MD5,
-       SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+       SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -180,7 +180,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_IDEA_128_SHA,
        SSL3_CK_RSA_IDEA_128_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+       SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -189,7 +189,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_DES_40_CBC_SHA,
        SSL3_CK_RSA_DES_40_CBC_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+       SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -198,7 +198,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_DES_64_CBC_SHA,
        SSL3_CK_RSA_DES_64_CBC_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+       SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -207,7 +207,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_RSA_DES_192_CBC3_SHA,
        SSL3_CK_RSA_DES_192_CBC3_SHA,
-       SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+       SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -218,7 +218,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-       SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+       SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -227,7 +227,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-       SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+       SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -236,7 +236,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-       SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+       SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -245,7 +245,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-       SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+       SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -254,7 +254,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-       SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+       SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -263,7 +263,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-       SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+       SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -274,7 +274,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+       SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -283,7 +283,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+       SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-       SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+       SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -301,7 +301,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+       SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -310,7 +310,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+       SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -319,7 +319,7 @@ SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-       SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+       SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -330,7 +330,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_NULL_SHA,
        SSL3_CK_FZA_DMS_NULL_SHA,
-       SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -340,7 +340,7 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_FZA_SHA,
        SSL3_CK_FZA_DMS_FZA_SHA,
-       SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
@@ -350,11 +350,40 @@ SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_RC4_SHA,
        SSL3_CK_FZA_DMS_RC4_SHA,
-       SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+       SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
        0,
        SSL_ALL_CIPHERS,
        },
 
+       /* New TLS Export CipherSuites */
+       /* Cipher 60 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5,
+           TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+           0,
+           SSL_ALL_CIPHERS
+           },
+       /* Cipher 61 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
+           TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+           0,
+           SSL_ALL_CIPHERS
+           },
+       /* Cipher 62 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA,
+           TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+           0,
+           SSL_ALL_CIPHERS
+           },
+
 /* end of list */
        };
 
@@ -733,7 +762,7 @@ STACK *have,*pref;
                {
                c=(SSL_CIPHER *)sk_value(have,i);
                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-               if (alg & SSL_EXPORT)
+               if (SSL_IS_EXPORT(alg))
                        {
                        ok=((alg & emask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
index a4c0744..233de6c 100644 (file)
@@ -309,16 +309,16 @@ SSL *s;
 
                        /* only send if a DH key exchange, fortezza or
                         * RSA but we have a sign only certificate */
-                       if ( s->s3->tmp.use_rsa_tmp ||
-                           (l & (SSL_DH|SSL_kFZA)) ||
-                           ((l & SSL_kRSA) &&
-                            ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
-                             ((l & SSL_EXPORT) &&
-                              (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
-                             )
-                            )
+                       if (s->s3->tmp.use_rsa_tmp
+                           || (l & (SSL_DH|SSL_kFZA))
+                           || ((l & SSL_kRSA)
+                               && (ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+                                   || (SSL_IS_EXPORT(l)
+                                       && EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+                                       )
+                                   )
+                               )
                            )
-                          )
                                {
                                ret=ssl3_send_server_key_exchange(s);
                                if (ret <= 0) goto end;
@@ -777,7 +777,7 @@ SSL *s;
                                c=(SSL_CIPHER *)sk_value(sk,i);
                                if (c->algorithms & SSL_eNULL)
                                        nc=c;
-                               if (c->algorithms & SSL_EXP)
+                               if (SSL_C_IS_EXPORT(c))
                                        ec=c;
                                }
                        if (nc != NULL)
@@ -945,8 +945,7 @@ SSL *s;
                        if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
                                {
                                rsa=s->ctx->default_cert->rsa_tmp_cb(s,
-                                       !(s->s3->tmp.new_cipher->algorithms
-                                         &SSL_NOT_EXP));
+                                       !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
                                CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
                                cert->rsa_tmp=rsa;
                                }
@@ -968,8 +967,7 @@ SSL *s;
                        dhp=cert->dh_tmp;
                        if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
                                dhp=cert->dh_tmp_cb(s,
-                                       !(s->s3->tmp.new_cipher->algorithms
-                                         &SSL_NOT_EXP));
+                                       !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
                        if (dhp == NULL)
                                {
                                al=SSL_AD_HANDSHAKE_FAILURE;
index e6a1327..4947e28 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -132,8 +132,9 @@ extern "C" {
 #define SSL_TXT_MD5            "MD5"
 #define SSL_TXT_SHA1           "SHA1"
 #define SSL_TXT_SHA            "SHA"
-#define SSL_TXT_EXP            "EXP"
+#define SSL_TXT_EXP40          "EXP"
 #define SSL_TXT_EXPORT         "EXPORT"
+#define SSL_TXT_EXP56          "EXP56"
 #define SSL_TXT_SSLV2          "SSLv2"
 #define SSL_TXT_SSLV3          "SSLv3"
 #define SSL_TXT_TLSV1          "TLSv1"
@@ -988,18 +989,18 @@ int SSL_state(SSL *ssl);
 void SSL_set_verify_result(SSL *ssl,long v);
 long SSL_get_verify_result(SSL *ssl);
 
-int SSL_set_ex_data(SSL *ssl,int idx,char *data);
-char *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+void *SSL_get_ex_data(SSL *ssl,int idx);
 int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
        int (*dup_func)(), void (*free_func)());
 
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
-char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
 int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
        int (*dup_func)(), void (*free_func)());
 
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
-char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
 int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
        int (*dup_func)(), void (*free_func)());
 
index 30501cb..2bea76c 100644 (file)
@@ -144,14 +144,15 @@ static SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
 
-       {0,SSL_TXT_EXP, 0,SSL_EXP,   0,SSL_EXP_MASK},
-       {0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
-       {0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
-       {0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
-       {0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
-       {0,SSL_TXT_LOW,  0,SSL_LOW,0,SSL_STRONG_MASK},
+       {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,_SSL_EXP_MASK},
+       {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,_SSL_EXP_MASK},
+       {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,_SSL_EXP_MASK},
+       {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
+       {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
+       {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
+       {0,SSL_TXT_LOW,   0,SSL_LOW,   0,SSL_STRONG_MASK},
        {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
-       {0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
+       {0,SSL_TXT_HIGH,  0,SSL_HIGH,  0,SSL_STRONG_MASK},
        };
 
 static int init_ciphers=1;
@@ -615,7 +616,7 @@ SSL_CIPHER *cipher;
 char *buf;
 int len;
        {
-       int export;
+       int _export,pkl,kl;
        char *ver,*exp;
        char *kx,*au,*enc,*mac;
        unsigned long alg,alg2;
@@ -624,8 +625,10 @@ int len;
        alg=cipher->algorithms;
        alg2=cipher->algorithm2;
 
-       export=(alg&SSL_EXP)?1:0;
-       exp=(export)?" export":"";
+       _export=SSL_IS_EXPORT(alg);
+       pkl=SSL_EXPORT_PKEYLENGTH(alg);
+       kl=SSL_EXPORT_KEYLENGTH(alg);
+       exp=_export?" export":"";
 
        if (alg & SSL_SSLV2)
                ver="SSLv2";
@@ -637,7 +640,7 @@ int len;
        switch (alg&SSL_MKEY_MASK)
                {
        case SSL_kRSA:
-               kx=(export)?"RSA(512)":"RSA";
+               kx=_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
                break;
        case SSL_kDHr:
                kx="DH/RSA";
@@ -649,7 +652,7 @@ int len;
                kx="Fortezza";
                break;
        case SSL_kEDH:
-               kx=(export)?"DH(512)":"DH";
+               kx=_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                break;
        default:
                kx="unknown";
@@ -678,16 +681,17 @@ int len;
        switch (alg&SSL_ENC_MASK)
                {
        case SSL_DES:
-               enc=export?"DES(40)":"DES(56)";
+               enc=(_export && kl == 5)?"DES(40)":"DES(56)";
                break;
        case SSL_3DES:
                enc="3DES(168)";
                break;
        case SSL_RC4:
-               enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+               enc=_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+                 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
                break;
        case SSL_RC2:
-               enc=export?"RC2(40)":"RC2(128)";
+               enc=_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
                break;
        case SSL_IDEA:
                enc="IDEA(128)";
@@ -770,9 +774,9 @@ int *alg_bits;
 
                a=EVP_CIPHER_key_length(enc)*8;
 
-               if (c->algorithms & SSL_EXP)
+               if (SSL_C_IS_EXPORT(c))
                        {
-                       ret=40;
+                       ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
                        }
                else
                        {
index 2019a40..862a555 100644 (file)
@@ -1236,13 +1236,13 @@ SSL *s;
        {
        unsigned long alg,mask,kalg;
        CERT *c;
-       int i,export;
+       int i,_export;
 
        c=s->cert;
        ssl_set_cert_masks(c);
        alg=s->s3->tmp.new_cipher->algorithms;
-       export=(alg & SSL_EXPORT)?1:0;
-       mask=(export)?c->export_mask:c->mask;
+       _export=SSL_IS_EXPORT(alg);
+       mask=_export?c->export_mask:c->mask;
        kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
 
        if      (kalg & SSL_kDHr)
@@ -1822,12 +1822,12 @@ void (*free_func)();
 int SSL_set_ex_data(s,idx,arg)
 SSL *s;
 int idx;
-char *arg;
+void *arg;
        {
        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
        }
 
-char *SSL_get_ex_data(s,idx)
+void *SSL_get_ex_data(s,idx)
 SSL *s;
 int idx;
        {
@@ -1849,12 +1849,12 @@ void (*free_func)();
 int SSL_CTX_set_ex_data(s,idx,arg)
 SSL_CTX *s;
 int idx;
-char *arg;
+void *arg;
        {
        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
        }
 
-char *SSL_CTX_get_ex_data(s,idx)
+void *SSL_CTX_get_ex_data(s,idx)
 SSL_CTX *s;
 int idx;
        {
index 1a90751..8c39d69 100644 (file)
 #define SSL_SHA1               0x00040000L
 #define SSL_SHA                        (SSL_SHA1)
 
-#define SSL_EXP_MASK           0x00300000L
-#define SSL_EXP                        0x00100000L
-#define SSL_NOT_EXP            0x00200000L
-#define SSL_EXPORT             SSL_EXP
+#define _SSL_EXP_MASK          0x00300000L
+#define SSL_EXP40              0x00100000L
+#define _SSL_NOT_EXP           0x00200000L
+#define SSL_EXP56              0x00300000L
+#define SSL_IS_EXPORT(a)       ((a)&SSL_EXP40)
+#define SSL_IS_EXPORT56(a)     (((a)&_SSL_EXP_MASK) == SSL_EXP56)
+#define SSL_IS_EXPORT40(a)     (((a)&_SSL_EXP_MASK) == SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)     SSL_IS_EXPORT((c)->algorithms)
+#define SSL_C_IS_EXPORT56(c)   SSL_IS_EXPORT56((c)->algorithms)
+#define SSL_C_IS_EXPORT40(c)   SSL_IS_EXPORT40((c)->algorithms)
+#define SSL_EXPORT_KEYLENGTH(a)        (SSL_IS_EXPORT40(a) ? 5 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)      SSL_EXPORT_KEYLENGTH((c)->algorithms)
+#define SSL_C_EXPORT_PKEYLENGTH(c)     SSL_EXPORT_PKEYLENGTH((c)->algorithms)
 
 #define SSL_SSL_MASK           0x00c00000L
 #define SSL_SSLV2              0x00400000L
 #define SSL_SSLV3              0x00800000L
+#define SSL_TLSV1              SSL_SSLV3       /* for now */
 
 #define SSL_STRONG_MASK                0x07000000L
 #define SSL_LOW                        0x01000000L
 /* we have used 0fffffff - 4 bits left to go */
 #define SSL_ALL                        0xffffffffL
 #define SSL_ALL_CIPHERS                (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
-                               SSL_MAC_MASK|SSL_EXP_MASK)
+                               SSL_MAC_MASK|_SSL_EXP_MASK)
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC       0
index adaab35..2403b06 100644 (file)
@@ -94,12 +94,12 @@ void (*free_func)();
 int SSL_SESSION_set_ex_data(s,idx,arg)
 SSL_SESSION *s;
 int idx;
-char *arg;
+void *arg;
        {
        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
        }
 
-char *SSL_SESSION_get_ex_data(s,idx)
+void *SSL_SESSION_get_ex_data(s,idx)
 SSL_SESSION *s;
 int idx;
        {
index f228295..0f5cbd3 100644 (file)
@@ -178,9 +178,9 @@ int which;
        EVP_CIPHER *c;
        SSL_COMP *comp;
        EVP_MD *m;
-       int exp,n,i,j,k,exp_label_len,cl;
+       int _exp,n,i,j,k,exp_label_len,cl;
 
-       exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+       _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
        comp=s->s3->tmp.new_compression;
@@ -247,7 +247,8 @@ int which;
        p=s->s3->tmp.key_block;
        i=EVP_MD_size(m);
        cl=EVP_CIPHER_key_length(c);
-       j=exp ? (cl < 5 ? cl : 5) : cl;
+       j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+                 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
        /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
        k=EVP_CIPHER_iv_length(c);
        er1= &(s->s3->client_random[0]);
@@ -284,7 +285,7 @@ int which;
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
 #endif
-       if (exp)
+       if (_exp)
                {
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
@@ -297,7 +298,7 @@ printf("which = %04X\nmac key=",which);
                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
                p+=SSL3_RANDOM_SIZE;
                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
-                       tmp1,tmp2,EVP_CIPHER_key_length(c));
+                        tmp1,tmp2,EVP_CIPHER_key_length(c));
                key=tmp1;
 
                if (k > 0)
@@ -347,7 +348,7 @@ SSL *s;
        unsigned char *p1,*p2;
        EVP_CIPHER *c;
        EVP_MD *hash;
-       int num,exp;
+       int num;
        SSL_COMP *comp;
 
        if (s->s3->tmp.key_block_length != 0)
@@ -362,8 +363,6 @@ SSL *s;
        s->s3->tmp.new_sym_enc=c;
        s->s3->tmp.new_hash=hash;
 
-       exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
-
        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
        num*=2;
 
index 6097861..8d47ae5 100644 (file)
@@ -82,6 +82,14 @@ extern "C" {
 #define TLS1_AD_USER_CANCLED           90
 #define TLS1_AD_NO_RENEGOTIATION       100
 
+#define TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5           0x03000060
+#define TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5       0x03000061
+#define TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA          0x03000062
+
+#define TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5          "EXP56-RC4-MD5"
+#define TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5      "EXP56-RC2-CBC-MD5"
+#define TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA         "EXP56-DES-CBC-SHA"
+
 #define TLS_CT_RSA_SIGN                        1
 #define TLS_CT_DSS_SIGN                        2
 #define TLS_CT_RSA_FIXED_DH            3