From 748f254657ab900c0de5e9e1843150c2df4c4bea Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 16 Mar 2016 12:33:00 -0400 Subject: [PATCH] Sort cipher-list at runtime. Reduces #ifdef complexity. Reviewed-by: Viktor Dukhovni --- ssl/s3_lib.c | 3244 ++++++++++++++++++++++-------------------------- ssl/ssl_ciph.c | 2 + ssl/ssl_locl.h | 1 + test/ssltest.c | 3 +- 4 files changed, 1474 insertions(+), 1776 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 973274bc8d..49180cd34a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -158,11 +158,18 @@ #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -/* list of available SSLv3 ciphers (sorted by id) */ -static const SSL_CIPHER ssl3_ciphers[] = { - -/* The RSA ciphers */ -/* Cipher 01 */ +/* + * The list of available ciphers, organized into the following + * groups: + * Always there + * EC + * PSK + * SRP (within that: RSA EC PSK) + * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED + * Weak ciphers + */ +static SSL_CIPHER ssl3_ciphers[] = +{ { 1, SSL3_TXT_RSA_NULL_MD5, @@ -178,8 +185,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, - -/* Cipher 02 */ { 1, SSL3_TXT_RSA_NULL_SHA, @@ -195,63 +200,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, - -/* Cipher 04 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 05 */ - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - -/* Cipher 07 */ -#ifndef OPENSSL_NO_IDEA - { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL3_VERSION, TLS1_1_VERSION, - DTLS1_VERSION, DTLS1_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - -/* Cipher 0A */ { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, @@ -267,8 +215,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, - -/* Cipher 13 */ { 1, SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, @@ -284,8 +230,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, - -/* Cipher 16 */ { 1, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, @@ -301,27 +245,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, - -/* Cipher 18 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kDHE, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - -/* Cipher 1B */ { 1, SSL3_TXT_ADH_DES_192_CBC_SHA, @@ -337,59 +260,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, -#ifndef OPENSSL_NO_PSK - /* Cipher 2C */ - { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA, - TLS1_CK_PSK_WITH_NULL_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - /* Cipher 2D */ - { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA, - TLS1_CK_DHE_PSK_WITH_NULL_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - /* Cipher 2E */ - { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA, - TLS1_CK_RSA_PSK_WITH_NULL_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -#endif - -/* New AES ciphersuites */ -/* Cipher 2F */ { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, @@ -405,7 +275,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, -/* Cipher 32 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, @@ -421,7 +290,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, -/* Cipher 33 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, @@ -437,7 +305,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, -/* Cipher 34 */ { 1, TLS1_TXT_ADH_WITH_AES_128_SHA, @@ -453,8 +320,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - -/* Cipher 35 */ { 1, TLS1_TXT_RSA_WITH_AES_256_SHA, @@ -470,8 +335,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - -/* Cipher 38 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, @@ -487,8 +350,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - -/* Cipher 39 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, @@ -504,8 +365,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher 3A */ { 1, TLS1_TXT_ADH_WITH_AES_256_SHA, @@ -521,9 +380,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* TLS v1.2 ciphersuites */ - /* Cipher 3B */ { 1, TLS1_TXT_RSA_WITH_NULL_SHA256, @@ -539,8 +395,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, - - /* Cipher 3C */ { 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, @@ -556,8 +410,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher 3D */ { 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, @@ -573,8 +425,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher 40 */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, @@ -590,81 +440,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - -#ifndef OPENSSL_NO_CAMELLIA - /* Camellia ciphersuites from RFC4132 (128-bit portion) */ - - /* Cipher 41 */ - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 44 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 45 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 46 */ - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - - /* TLS v1.2 ciphersuites */ - /* Cipher 67 */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, @@ -680,8 +455,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher 6A */ { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, @@ -697,8 +470,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher 6B */ { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, @@ -714,8 +485,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher 6C */ { 1, TLS1_TXT_ADH_WITH_AES_128_SHA256, @@ -731,8 +500,6 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher 6D */ { 1, TLS1_TXT_ADH_WITH_AES_256_SHA256, @@ -748,994 +515,737 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* GOST Ciphersuites */ -#ifndef OPENSL_NO_GOST { 1, - "GOST2001-GOST89-GOST89", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST2001-NULL-GOST94", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, - 0, - 0 - }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - /* Camellia ciphersuites from RFC4132 (256-bit portion) */ - - /* Cipher 84 */ + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher 87 */ { 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, }, - - /* Cipher 88 */ { 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher 89 */ { 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_CAMELLIA */ - -#ifndef OPENSSL_NO_PSK - /* PSK ciphersuites from RFC 4279 */ - /* Cipher 8A */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_aDSS, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, -#endif - - /* Cipher 8B */ { 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher 8C */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 8D */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aNULL, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher 8E */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_RSA_WITH_AES_128_CCM, + TLS1_CK_RSA_WITH_AES_128_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, -#endif - - /* Cipher 8F */ { 1, - TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + TLS1_TXT_RSA_WITH_AES_256_CCM, + TLS1_CK_RSA_WITH_AES_256_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, }, - - /* Cipher 90 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 91 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher 92 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, - TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, - SSL_kRSAPSK, + TLS1_TXT_RSA_WITH_AES_128_CCM_8, + TLS1_CK_RSA_WITH_AES_128_CCM_8, + SSL_kRSA, SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - - /* Cipher 93 */ - { - 1, - TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - - /* Cipher 94 */ - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 95 */ - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_SEED - /* SEED ciphersuites from RFC4162 */ - - /* Cipher 96 */ - { - 1, - TLS1_TXT_RSA_WITH_SEED_SHA, - TLS1_CK_RSA_WITH_SEED_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 99 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_SEED_SHA, - TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 9A */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_SEED_SHA, - TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 9B */ - { - 1, - TLS1_TXT_ADH_WITH_SEED_SHA, - TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -#endif /* OPENSSL_NO_SEED */ - - /* GCM ciphersuites from RFC5288 */ - - /* Cipher 9C */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, + SSL_AES128CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 9D */ { 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_RSA_WITH_AES_256_CCM_8, + TLS1_CK_RSA_WITH_AES_256_CCM_8, SSL_kRSA, SSL_aRSA, - SSL_AES256GCM, + SSL_AES256CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher 9E */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, SSL_kDHE, SSL_aRSA, - SSL_AES128GCM, + SSL_AES128CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher 9F */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, SSL_kDHE, SSL_aRSA, - SSL_AES256GCM, + SSL_AES256CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher A2 */ { 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES128GCM, + TLS1_TXT_PSK_WITH_AES_128_CCM, + TLS1_CK_PSK_WITH_AES_128_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher A3 */ { 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aDSS, - SSL_AES256GCM, + TLS1_TXT_PSK_WITH_AES_256_CCM, + TLS1_CK_PSK_WITH_AES_256_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher A6 */ { 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES128GCM, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher A7 */ { 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aNULL, - SSL_AES256GCM, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, -#ifndef OPENSSL_NO_PSK - /* PSK ciphersuites from RFC5487 */ - - /* Cipher A8 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + TLS1_TXT_PSK_WITH_AES_128_CCM_8, + TLS1_CK_PSK_WITH_AES_128_CCM_8, SSL_kPSK, SSL_aPSK, - SSL_AES128GCM, + SSL_AES128CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher A9 */ { 1, - TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + TLS1_TXT_PSK_WITH_AES_256_CCM_8, + TLS1_CK_PSK_WITH_AES_256_CCM_8, SSL_kPSK, SSL_aPSK, - SSL_AES256GCM, + SSL_AES256CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher AA */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, SSL_kDHEPSK, SSL_aPSK, - SSL_AES128GCM, + SSL_AES128CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher AB */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, SSL_kDHEPSK, SSL_aPSK, - SSL_AES256GCM, + SSL_AES256CCM8, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher AC */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128GCM, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher AD */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256GCM, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - - /* Cipher AE */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher AF */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, }, - /* Cipher B0 */ +#ifndef OPENSSL_NO_EC { 1, - TLS1_TXT_PSK_WITH_NULL_SHA256, - TLS1_CK_PSK_WITH_NULL_SHA256, - SSL_kPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aECDSA, SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher B1 */ { 1, - TLS1_TXT_PSK_WITH_NULL_SHA384, - TLS1_CK_PSK_WITH_NULL_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, }, - - /* Cipher B2 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher B3 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher B4 */ { 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, - TLS1_CK_DHE_PSK_WITH_NULL_SHA256, - SSL_kDHEPSK, - SSL_aPSK, + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aRSA, SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher B5 */ { 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, - TLS1_CK_DHE_PSK_WITH_NULL_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, }, - - /* Cipher B6 */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, - SSL_kRSAPSK, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, SSL_aRSA, SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher B7 */ { 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, - SSL_kRSAPSK, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, SSL_aRSA, SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher B8 */ { 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, - TLS1_CK_RSA_PSK_WITH_NULL_SHA256, - SSL_kRSAPSK, - SSL_aRSA, + TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_CK_ECDH_anon_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aNULL, SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, - - /* Cipher B9 */ { 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, - TLS1_CK_RSA_PSK_WITH_NULL_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, }, -#endif /* OPENSSL_NO_PSK */ - -#ifndef OPENSSL_NO_CAMELLIA - /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ - - /* Cipher BA */ { 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher BD */ + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA128, + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher BE */ { 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA384, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher BF */ { 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA128, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, - - /* Cipher C0 */ { 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kRSA, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + SSL_kECDHE, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, + SSL_AES256, + SSL_SHA384, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C3 */ { 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA256, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128GCM, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C4 */ { 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, + SSL_AES128GCM, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + 128, + 128, }, - - /* Cipher C5 */ { 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA256, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#endif - -#ifndef OPENSSL_NO_EC +#endif /* OPENSSL_NO_EC */ - /* Cipher C006 */ +#ifndef OPENSSL_NO_PSK { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, SSL_eNULL, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, @@ -1745,33 +1255,42 @@ static const SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, - - /* Cipher C007 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_RC4, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_CK_DHE_PSK_WITH_NULL_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + 0, + 0, }, -#endif - - /* Cipher C008 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_CK_RSA_PSK_WITH_NULL_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kPSK, + SSL_aPSK, SSL_3DES, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, @@ -1781,14 +1300,12 @@ static const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, - - /* Cipher C009 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, + SSL_aPSK, SSL_AES128, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, @@ -1798,14 +1315,12 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher C00A */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, + SSL_aPSK, SSL_AES256, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, @@ -1815,49 +1330,56 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher C010 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_eNULL, + TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_3DES, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + 112, + 168, }, - - /* Cipher C011 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -#endif - - /* Cipher C012 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kRSAPSK, SSL_aRSA, SSL_3DES, SSL_SHA1, @@ -1868,13 +1390,11 @@ static const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, - - /* Cipher C013 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, + SSL_kRSAPSK, SSL_aRSA, SSL_AES128, SSL_SHA1, @@ -1885,13 +1405,11 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher C014 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, + SSL_kRSAPSK, SSL_aRSA, SSL_AES256, SSL_SHA1, @@ -1902,777 +1420,678 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher C015 */ { 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, }, - - /* Cipher C016 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, }, -#endif - - /* Cipher C017 */ { 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher C018 */ { 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, + TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C019 */ { 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#endif /* OPENSSL_NO_EC */ - -#ifndef OPENSSL_NO_SRP - /* Cipher C01A */ { 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + TLS1_TXT_PSK_WITH_NULL_SHA256, + TLS1_CK_PSK_WITH_NULL_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + 0, + 0, }, - - /* Cipher C01B */ { 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + TLS1_TXT_PSK_WITH_NULL_SHA384, + TLS1_CK_PSK_WITH_NULL_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + 128, + 128, }, - - /* Cipher C01C */ { 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, }, - - /* Cipher C01D */ { 1, - TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, + TLS1_CK_DHE_PSK_WITH_NULL_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + 0, + 0, }, - - /* Cipher C01E */ { 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, + TLS1_CK_DHE_PSK_WITH_NULL_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, }, - - /* Cipher C01F */ { 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aDSS, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C020 */ { 1, - TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aSRP, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* Cipher C021 */ { 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - SSL_kSRP, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, + TLS1_CK_RSA_PSK_WITH_NULL_SHA256, + SSL_kRSAPSK, SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH, + SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + 0, + 0, }, - - /* Cipher C022 */ { 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES256, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, + TLS1_CK_RSA_PSK_WITH_NULL_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, +# ifndef OPENSSL_NO_EC + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_3DES, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + 112, + 168, }, -#endif /* OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_EC - - /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C023 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C024 */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aECDSA, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, SSL_AES256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - - /* Cipher C027 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aRSA, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, SSL_AES128, SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C028 */ { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aRSA, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, SSL_AES256, SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, - - /* GCM based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C02B */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, }, - - /* Cipher C02C */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - - /* Cipher C02F */ + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, }, +# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_PSK */ - /* Cipher C030 */ +#ifndef OPENSSL_NO_SRP { 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, + TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, }, - - /* PSK ciphersuites from RFC 5489 */ - /* Cipher C033 */ -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, - TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_RC4, + TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_3DES, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, + 112, + 168, }, -#endif - - /* Cipher C034 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, + TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aDSS, SSL_3DES, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, - - /* Cipher C035 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, + TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aSRP, SSL_AES128, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C036 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES256, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES128, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, + 128, + 128, }, - - /* Cipher C037 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aDSS, SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C038 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, + TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aSRP, SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher C039 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES256, SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + 256, + 256, }, - - /* Cipher C03A */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, + 256, + 256, }, +#endif /* OPENSSL_NO_SRP */ - /* Cipher C03B */ +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# ifndef OPENSSL_NO_RSA { 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, }, +# endif /* OPENSSL_NO_RSA */ -# ifndef OPENSSL_NO_CAMELLIA - { /* Cipher C072 */ +# ifndef OPENSSL_NO_EC + { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA128, - SSL_SHA256, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128}, - - { /* Cipher C073 */ + 256, + 256, + }, + { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, - SSL_CAMELLIA256, - SSL_SHA384, + SSL_CHACHA20POLY1305, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, - 256}, + 256, + }, +# endif /* OPENSSL_NO_EC */ - { /* Cipher C076 */ +# ifndef OPENSSL_NO_PSK + { 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, + TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_PSK_WITH_CHACHA20_POLY1305, + SSL_kPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128}, - - { /* Cipher C077 */ + 256, + 256, + }, + { 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, + TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, - 256}, - -# endif /* OPENSSL_NO_CAMELLIA */ -#endif /* OPENSSL_NO_EC */ - -#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK) - { /* Cipher C094 */ - 1, - TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128}, - - { /* Cipher C095 */ - 1, - TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - 256}, - - { /* Cipher C096 */ - 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128}, - - { /* Cipher C097 */ + }, + { 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, SSL_kDHEPSK, SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256}, - - { /* Cipher C098 */ - 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128}, - - { /* Cipher C099 */ - 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, - 256}, - - { /* Cipher C09A */ - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128}, - - { /* Cipher C09B */ - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - 256}, -#endif - - /* Cipher C09C */ + }, { 1, - TLS1_TXT_RSA_WITH_AES_128_CCM, - TLS1_CK_RSA_WITH_AES_128_CCM, - SSL_kRSA, + TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + SSL_kRSAPSK, SSL_aRSA, - SSL_AES128CCM, + SSL_CHACHA20POLY1305, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, +# endif /* OPENSSL_NO_PSK */ +#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ - /* Cipher C09D */ +#ifndef OPENSSL_NO_CAMELLIA { 1, - TLS1_TXT_RSA_WITH_AES_256_CCM, - TLS1_CK_RSA_WITH_AES_256_CCM, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kRSA, SSL_aRSA, - SSL_AES256CCM, - SSL_AEAD, + SSL_CAMELLIA128, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + 128, + 128, }, - - /* Cipher C09E */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM, - SSL_AEAD, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, @@ -2680,33 +2099,29 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher C09F */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM, - SSL_kDHE, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kEDH, SSL_aRSA, - SSL_AES256CCM, - SSL_AEAD, + SSL_CAMELLIA128, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + 128, + 128, }, - - /* Cipher C0A0 */ { 1, - TLS1_TXT_RSA_WITH_AES_128_CCM_8, - TLS1_CK_RSA_WITH_AES_128_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES128CCM8, - SSL_AEAD, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, @@ -2714,16 +2129,14 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - - /* Cipher C0A1 */ { 1, - TLS1_TXT_RSA_WITH_AES_256_CCM_8, - TLS1_CK_RSA_WITH_AES_256_CCM_8, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, SSL_kRSA, SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, + SSL_CAMELLIA256, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, @@ -2731,33 +2144,29 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher C0A2 */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM8, - SSL_AEAD, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kEDH, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + 256, + 256, }, - - /* Cipher C0A3 */ { 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, - SSL_kDHE, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kEDH, SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, + SSL_CAMELLIA256, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, @@ -2765,33 +2174,14 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher C0A4 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CCM, - TLS1_CK_PSK_WITH_AES_128_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher C0A4 */ - { - 1, - TLS1_TXT_PSK_WITH_AES_256_CCM, - TLS1_CK_PSK_WITH_AES_256_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kEDH, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, @@ -2799,297 +2189,346 @@ static const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - - /* Cipher C0A6 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, }, - - /* Cipher C0A7 */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher C0A8 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_CCM_8, - TLS1_CK_PSK_WITH_AES_128_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, }, - - /* Cipher C0A9 */ { 1, - TLS1_TXT_PSK_WITH_AES_256_CCM_8, - TLS1_CK_PSK_WITH_AES_256_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, }, - - /* Cipher C0AA */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C0AB */ { 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, }, - - /* Cipher C0AC */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, - - /* Cipher C0AD */ { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, }, - /* Cipher C0AE */ +# ifndef OPENSSL_NO_EC { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHE, SSL_aECDSA, - SSL_AES128CCM8, - SSL_AEAD, + SSL_CAMELLIA128, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, - 128, - }, - - /* Cipher C0AF */ + 128 + }, { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHE, SSL_aECDSA, - SSL_AES256CCM8, - SSL_AEAD, + SSL_CAMELLIA256, + SSL_SHA384, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - }, -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) -# ifndef OPENSSL_NO_EC - /* Cipher CCA8 */ + 256 + }, { 1, - TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHE, SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, + SSL_CAMELLIA128, + SSL_SHA256, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - /* Cipher CCA9 */ + 128, + 128 + }, { 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHE, - SSL_aECDSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - }, -# endif -# ifndef OPENSSL_NO_RSA - /* Cipher CCAA */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kDHE, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, -# endif + 256 + }, +# endif /* OPENSSL_NO_EC */ + # ifndef OPENSSL_NO_PSK - /* Cipher CCAB */ { 1, - TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_PSK_WITH_CHACHA20_POLY1305, + TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kPSK, SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - /* Cipher CCAC */ + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128 + }, { 1, - TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kECDHEPSK, + TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kPSK, SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - }, - /* Cipher CCAD */ + 256 + }, { 1, - TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kDHEPSK, SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128 + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - }, - /* Cipher CCAE */ + 256 + }, { 1, - TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kRSAPSK, SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128 + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, + 256 + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128 + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, - }, -# endif -#endif -#ifndef OPENSSL_NO_GOST + 256 + }, +# endif /* OPENSSL_NO_PSK */ + +#endif /* OPENSSL_NO_CAMELLIA */ + +#ifndef OPENSL_NO_GOST + { + 1, + "GOST2001-GOST89-GOST89", + 0x3000081, + SSL_kGOST, + SSL_aGOST01, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, + 256, + 256 + }, + { + 1, + "GOST2001-NULL-GOST94", + 0x3000083, + SSL_kGOST, + SSL_aGOST01, + SSL_eNULL, + SSL_GOST94, + TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, + 0, + 0 + }, { 1, "GOST2012-GOST8912-GOST8912", @@ -3103,7 +2542,8 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_HIGH, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, - 256}, + 256 + }, { 1, "GOST2012-NULL-GOST12", @@ -3118,11 +2558,267 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 0, 0}, +#endif /* OPENSL_NO_GOST */ + +#ifndef OPENSSL_NO_IDEA + { + 1, + SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_CK_RSA_IDEA_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_IDEA, + SSL_SHA1, + SSL3_VERSION, TLS1_1_VERSION, + DTLS1_VERSION, DTLS1_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, #endif -/* end of list */ +#ifndef OPENSSL_NO_SEED + { + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +#endif /* OPENSSL_NO_SEED */ + +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kDHE, + SSL_aNULL, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + +# ifndef OPENSSL_NO_EC + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +# endif /* OPENSSL_NO_EC */ + +# ifndef OPENSSL_NO_PSK + { + 1, + TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_CK_PSK_WITH_RC4_128_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, + TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, TLS1_2_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +# endif /* OPENSSL_NO_PSK */ + +#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ + }; + +static int cipher_compare(const void *a, const void *b) +{ + const SSL_CIPHER *ap = (const SSL_CIPHER *)a; + const SSL_CIPHER *bp = (const SSL_CIPHER *)b; + + return ap->id - bp->id; +} + +void ssl_sort_cipher_list(void) +{ + qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0], + cipher_compare); +} + + const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_enc, n_ssl3_mac, diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index f7e9259c93..aaeeb8da27 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -488,7 +488,9 @@ void ssl_load_ciphers(void) { size_t i; const ssl_cipher_table *t; + disabled_enc_mask = 0; + ssl_sort_cipher_list(); for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) { if (t->nid == NID_undef) { ssl_cipher_methods[i] = NULL; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d01fb5415b..fa0254c809 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1949,6 +1949,7 @@ __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); +void ssl_sort_cipher_list(void); void ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, diff --git a/test/ssltest.c b/test/ssltest.c index 9460da57e7..cf9f060086 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1057,7 +1057,6 @@ int main(int argc, char *argv[]) #endif int no_protocol; int min_version = 0, max_version = 0; - #ifndef OPENSSL_NO_CT /* * Disable CT validation by default, because it will interfere with @@ -1065,7 +1064,6 @@ int main(int argc, char *argv[]) */ ct_validation_cb ct_validation = NULL; #endif - SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL; STACK_OF(OPENSSL_STRING) *conf_args = NULL; char *arg = NULL, *argn = NULL; @@ -3569,6 +3567,7 @@ static int do_test_cipherlist(void) * call functions, thus avoiding auto-init */ OPENSSL_init_crypto(0, NULL); + OPENSSL_init_ssl(0, NULL); meth = TLS_method(); tci = NULL; -- 2.34.1