1ebfedea0SLionel Sambuc /* ssl/s3_lib.c */
2ebfedea0SLionel Sambuc /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3ebfedea0SLionel Sambuc * All rights reserved.
4ebfedea0SLionel Sambuc *
5ebfedea0SLionel Sambuc * This package is an SSL implementation written
6ebfedea0SLionel Sambuc * by Eric Young (eay@cryptsoft.com).
7ebfedea0SLionel Sambuc * The implementation was written so as to conform with Netscapes SSL.
8ebfedea0SLionel Sambuc *
9ebfedea0SLionel Sambuc * This library is free for commercial and non-commercial use as long as
10ebfedea0SLionel Sambuc * the following conditions are aheared to. The following conditions
11ebfedea0SLionel Sambuc * apply to all code found in this distribution, be it the RC4, RSA,
12ebfedea0SLionel Sambuc * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13ebfedea0SLionel Sambuc * included with this distribution is covered by the same copyright terms
14ebfedea0SLionel Sambuc * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15ebfedea0SLionel Sambuc *
16ebfedea0SLionel Sambuc * Copyright remains Eric Young's, and as such any Copyright notices in
17ebfedea0SLionel Sambuc * the code are not to be removed.
18ebfedea0SLionel Sambuc * If this package is used in a product, Eric Young should be given attribution
19ebfedea0SLionel Sambuc * as the author of the parts of the library used.
20ebfedea0SLionel Sambuc * This can be in the form of a textual message at program startup or
21ebfedea0SLionel Sambuc * in documentation (online or textual) provided with the package.
22ebfedea0SLionel Sambuc *
23ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
24ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
25ebfedea0SLionel Sambuc * are met:
26ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the copyright
27ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
28ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
29ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
30ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
31ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this software
32ebfedea0SLionel Sambuc * must display the following acknowledgement:
33ebfedea0SLionel Sambuc * "This product includes cryptographic software written by
34ebfedea0SLionel Sambuc * Eric Young (eay@cryptsoft.com)"
35ebfedea0SLionel Sambuc * The word 'cryptographic' can be left out if the rouines from the library
36ebfedea0SLionel Sambuc * being used are not cryptographic related :-).
37ebfedea0SLionel Sambuc * 4. If you include any Windows specific code (or a derivative thereof) from
38ebfedea0SLionel Sambuc * the apps directory (application code) you must include an acknowledgement:
39ebfedea0SLionel Sambuc * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40ebfedea0SLionel Sambuc *
41ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51ebfedea0SLionel Sambuc * SUCH DAMAGE.
52ebfedea0SLionel Sambuc *
53ebfedea0SLionel Sambuc * The licence and distribution terms for any publically available version or
54ebfedea0SLionel Sambuc * derivative of this code cannot be changed. i.e. this code cannot simply be
55ebfedea0SLionel Sambuc * copied and put under another distribution licence
56ebfedea0SLionel Sambuc * [including the GNU Public Licence.]
57ebfedea0SLionel Sambuc */
58ebfedea0SLionel Sambuc /* ====================================================================
59ebfedea0SLionel Sambuc * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60ebfedea0SLionel Sambuc *
61ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
62ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
63ebfedea0SLionel Sambuc * are met:
64ebfedea0SLionel Sambuc *
65ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
66ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
67ebfedea0SLionel Sambuc *
68ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
69ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in
70ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the
71ebfedea0SLionel Sambuc * distribution.
72ebfedea0SLionel Sambuc *
73ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this
74ebfedea0SLionel Sambuc * software must display the following acknowledgment:
75ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
76ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77ebfedea0SLionel Sambuc *
78ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79ebfedea0SLionel Sambuc * endorse or promote products derived from this software without
80ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact
81ebfedea0SLionel Sambuc * openssl-core@openssl.org.
82ebfedea0SLionel Sambuc *
83ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL"
84ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written
85ebfedea0SLionel Sambuc * permission of the OpenSSL Project.
86ebfedea0SLionel Sambuc *
87ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following
88ebfedea0SLionel Sambuc * acknowledgment:
89ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
90ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91ebfedea0SLionel Sambuc *
92ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE.
104ebfedea0SLionel Sambuc * ====================================================================
105ebfedea0SLionel Sambuc *
106ebfedea0SLionel Sambuc * This product includes cryptographic software written by Eric Young
107ebfedea0SLionel Sambuc * (eay@cryptsoft.com). This product includes software written by Tim
108ebfedea0SLionel Sambuc * Hudson (tjh@cryptsoft.com).
109ebfedea0SLionel Sambuc *
110ebfedea0SLionel Sambuc */
111ebfedea0SLionel Sambuc /* ====================================================================
112ebfedea0SLionel Sambuc * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113ebfedea0SLionel Sambuc *
114ebfedea0SLionel Sambuc * Portions of the attached software ("Contribution") are developed by
115ebfedea0SLionel Sambuc * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116ebfedea0SLionel Sambuc *
117ebfedea0SLionel Sambuc * The Contribution is licensed pursuant to the OpenSSL open source
118ebfedea0SLionel Sambuc * license provided above.
119ebfedea0SLionel Sambuc *
120ebfedea0SLionel Sambuc * ECC cipher suite support in OpenSSL originally written by
121ebfedea0SLionel Sambuc * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122ebfedea0SLionel Sambuc *
123ebfedea0SLionel Sambuc */
124ebfedea0SLionel Sambuc /* ====================================================================
125ebfedea0SLionel Sambuc * Copyright 2005 Nokia. All rights reserved.
126ebfedea0SLionel Sambuc *
127ebfedea0SLionel Sambuc * The portions of the attached software ("Contribution") is developed by
128ebfedea0SLionel Sambuc * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129ebfedea0SLionel Sambuc * license.
130ebfedea0SLionel Sambuc *
131ebfedea0SLionel Sambuc * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132ebfedea0SLionel Sambuc * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133ebfedea0SLionel Sambuc * support (see RFC 4279) to OpenSSL.
134ebfedea0SLionel Sambuc *
135ebfedea0SLionel Sambuc * No patent licenses or other rights except those expressly stated in
136ebfedea0SLionel Sambuc * the OpenSSL open source license shall be deemed granted or received
137ebfedea0SLionel Sambuc * expressly, by implication, estoppel, or otherwise.
138ebfedea0SLionel Sambuc *
139ebfedea0SLionel Sambuc * No assurances are provided by Nokia that the Contribution does not
140ebfedea0SLionel Sambuc * infringe the patent or other intellectual property rights of any third
141ebfedea0SLionel Sambuc * party or that the license provides you with all the necessary rights
142ebfedea0SLionel Sambuc * to make use of the Contribution.
143ebfedea0SLionel Sambuc *
144ebfedea0SLionel Sambuc * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145ebfedea0SLionel Sambuc * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146ebfedea0SLionel Sambuc * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147ebfedea0SLionel Sambuc * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148ebfedea0SLionel Sambuc * OTHERWISE.
149ebfedea0SLionel Sambuc */
150ebfedea0SLionel Sambuc
151ebfedea0SLionel Sambuc #include <stdio.h>
152ebfedea0SLionel Sambuc #include <openssl/objects.h>
153ebfedea0SLionel Sambuc #include "ssl_locl.h"
154ebfedea0SLionel Sambuc #include "kssl_lcl.h"
155ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
156ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_EC
157ebfedea0SLionel Sambuc # include "../crypto/ec/ec_lcl.h"
158ebfedea0SLionel Sambuc # endif /* OPENSSL_NO_EC */
159ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_TLSEXT */
160ebfedea0SLionel Sambuc #include <openssl/md5.h>
161ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
162ebfedea0SLionel Sambuc # include <openssl/dh.h>
163ebfedea0SLionel Sambuc #endif
164ebfedea0SLionel Sambuc
165ebfedea0SLionel Sambuc const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
166ebfedea0SLionel Sambuc
167ebfedea0SLionel Sambuc #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168ebfedea0SLionel Sambuc
169ebfedea0SLionel Sambuc /* list of available SSLv3 ciphers (sorted by id) */
170ebfedea0SLionel Sambuc OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
171ebfedea0SLionel Sambuc
172ebfedea0SLionel Sambuc /* The RSA ciphers */
173ebfedea0SLionel Sambuc /* Cipher 01 */
174ebfedea0SLionel Sambuc {
175ebfedea0SLionel Sambuc 1,
176ebfedea0SLionel Sambuc SSL3_TXT_RSA_NULL_MD5,
177ebfedea0SLionel Sambuc SSL3_CK_RSA_NULL_MD5,
178ebfedea0SLionel Sambuc SSL_kRSA,
179ebfedea0SLionel Sambuc SSL_aRSA,
180ebfedea0SLionel Sambuc SSL_eNULL,
181ebfedea0SLionel Sambuc SSL_MD5,
182ebfedea0SLionel Sambuc SSL_SSLV3,
183ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE,
184ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
185ebfedea0SLionel Sambuc 0,
186ebfedea0SLionel Sambuc 0,
187ebfedea0SLionel Sambuc },
188ebfedea0SLionel Sambuc
189ebfedea0SLionel Sambuc /* Cipher 02 */
190ebfedea0SLionel Sambuc {
191ebfedea0SLionel Sambuc 1,
192ebfedea0SLionel Sambuc SSL3_TXT_RSA_NULL_SHA,
193ebfedea0SLionel Sambuc SSL3_CK_RSA_NULL_SHA,
194ebfedea0SLionel Sambuc SSL_kRSA,
195ebfedea0SLionel Sambuc SSL_aRSA,
196ebfedea0SLionel Sambuc SSL_eNULL,
197ebfedea0SLionel Sambuc SSL_SHA1,
198ebfedea0SLionel Sambuc SSL_SSLV3,
199ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
200ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
201ebfedea0SLionel Sambuc 0,
202ebfedea0SLionel Sambuc 0,
203ebfedea0SLionel Sambuc },
204ebfedea0SLionel Sambuc
205ebfedea0SLionel Sambuc /* Cipher 03 */
206ebfedea0SLionel Sambuc {
207ebfedea0SLionel Sambuc 1,
208ebfedea0SLionel Sambuc SSL3_TXT_RSA_RC4_40_MD5,
209ebfedea0SLionel Sambuc SSL3_CK_RSA_RC4_40_MD5,
210ebfedea0SLionel Sambuc SSL_kRSA,
211ebfedea0SLionel Sambuc SSL_aRSA,
212ebfedea0SLionel Sambuc SSL_RC4,
213ebfedea0SLionel Sambuc SSL_MD5,
214ebfedea0SLionel Sambuc SSL_SSLV3,
215ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
216ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
217ebfedea0SLionel Sambuc 40,
218ebfedea0SLionel Sambuc 128,
219ebfedea0SLionel Sambuc },
220ebfedea0SLionel Sambuc
221ebfedea0SLionel Sambuc /* Cipher 04 */
222ebfedea0SLionel Sambuc {
223ebfedea0SLionel Sambuc 1,
224ebfedea0SLionel Sambuc SSL3_TXT_RSA_RC4_128_MD5,
225ebfedea0SLionel Sambuc SSL3_CK_RSA_RC4_128_MD5,
226ebfedea0SLionel Sambuc SSL_kRSA,
227ebfedea0SLionel Sambuc SSL_aRSA,
228ebfedea0SLionel Sambuc SSL_RC4,
229ebfedea0SLionel Sambuc SSL_MD5,
230ebfedea0SLionel Sambuc SSL_SSLV3,
231ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
232ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233ebfedea0SLionel Sambuc 128,
234ebfedea0SLionel Sambuc 128,
235ebfedea0SLionel Sambuc },
236ebfedea0SLionel Sambuc
237ebfedea0SLionel Sambuc /* Cipher 05 */
238ebfedea0SLionel Sambuc {
239ebfedea0SLionel Sambuc 1,
240ebfedea0SLionel Sambuc SSL3_TXT_RSA_RC4_128_SHA,
241ebfedea0SLionel Sambuc SSL3_CK_RSA_RC4_128_SHA,
242ebfedea0SLionel Sambuc SSL_kRSA,
243ebfedea0SLionel Sambuc SSL_aRSA,
244ebfedea0SLionel Sambuc SSL_RC4,
245ebfedea0SLionel Sambuc SSL_SHA1,
246ebfedea0SLionel Sambuc SSL_SSLV3,
247ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
248ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
249ebfedea0SLionel Sambuc 128,
250ebfedea0SLionel Sambuc 128,
251ebfedea0SLionel Sambuc },
252ebfedea0SLionel Sambuc
253ebfedea0SLionel Sambuc /* Cipher 06 */
254ebfedea0SLionel Sambuc {
255ebfedea0SLionel Sambuc 1,
256ebfedea0SLionel Sambuc SSL3_TXT_RSA_RC2_40_MD5,
257ebfedea0SLionel Sambuc SSL3_CK_RSA_RC2_40_MD5,
258ebfedea0SLionel Sambuc SSL_kRSA,
259ebfedea0SLionel Sambuc SSL_aRSA,
260ebfedea0SLionel Sambuc SSL_RC2,
261ebfedea0SLionel Sambuc SSL_MD5,
262ebfedea0SLionel Sambuc SSL_SSLV3,
263ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
264ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
265ebfedea0SLionel Sambuc 40,
266ebfedea0SLionel Sambuc 128,
267ebfedea0SLionel Sambuc },
268ebfedea0SLionel Sambuc
269ebfedea0SLionel Sambuc /* Cipher 07 */
270ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_IDEA
271ebfedea0SLionel Sambuc {
272ebfedea0SLionel Sambuc 1,
273ebfedea0SLionel Sambuc SSL3_TXT_RSA_IDEA_128_SHA,
274ebfedea0SLionel Sambuc SSL3_CK_RSA_IDEA_128_SHA,
275ebfedea0SLionel Sambuc SSL_kRSA,
276ebfedea0SLionel Sambuc SSL_aRSA,
277ebfedea0SLionel Sambuc SSL_IDEA,
278ebfedea0SLionel Sambuc SSL_SHA1,
279ebfedea0SLionel Sambuc SSL_SSLV3,
280ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
281ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
282ebfedea0SLionel Sambuc 128,
283ebfedea0SLionel Sambuc 128,
284ebfedea0SLionel Sambuc },
285ebfedea0SLionel Sambuc #endif
286ebfedea0SLionel Sambuc
287ebfedea0SLionel Sambuc /* Cipher 08 */
288ebfedea0SLionel Sambuc {
289ebfedea0SLionel Sambuc 1,
290ebfedea0SLionel Sambuc SSL3_TXT_RSA_DES_40_CBC_SHA,
291ebfedea0SLionel Sambuc SSL3_CK_RSA_DES_40_CBC_SHA,
292ebfedea0SLionel Sambuc SSL_kRSA,
293ebfedea0SLionel Sambuc SSL_aRSA,
294ebfedea0SLionel Sambuc SSL_DES,
295ebfedea0SLionel Sambuc SSL_SHA1,
296ebfedea0SLionel Sambuc SSL_SSLV3,
297ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
298ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
299ebfedea0SLionel Sambuc 40,
300ebfedea0SLionel Sambuc 56,
301ebfedea0SLionel Sambuc },
302ebfedea0SLionel Sambuc
303ebfedea0SLionel Sambuc /* Cipher 09 */
304ebfedea0SLionel Sambuc {
305ebfedea0SLionel Sambuc 1,
306ebfedea0SLionel Sambuc SSL3_TXT_RSA_DES_64_CBC_SHA,
307ebfedea0SLionel Sambuc SSL3_CK_RSA_DES_64_CBC_SHA,
308ebfedea0SLionel Sambuc SSL_kRSA,
309ebfedea0SLionel Sambuc SSL_aRSA,
310ebfedea0SLionel Sambuc SSL_DES,
311ebfedea0SLionel Sambuc SSL_SHA1,
312ebfedea0SLionel Sambuc SSL_SSLV3,
313ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
314ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
315ebfedea0SLionel Sambuc 56,
316ebfedea0SLionel Sambuc 56,
317ebfedea0SLionel Sambuc },
318ebfedea0SLionel Sambuc
319ebfedea0SLionel Sambuc /* Cipher 0A */
320ebfedea0SLionel Sambuc {
321ebfedea0SLionel Sambuc 1,
322ebfedea0SLionel Sambuc SSL3_TXT_RSA_DES_192_CBC3_SHA,
323ebfedea0SLionel Sambuc SSL3_CK_RSA_DES_192_CBC3_SHA,
324ebfedea0SLionel Sambuc SSL_kRSA,
325ebfedea0SLionel Sambuc SSL_aRSA,
326ebfedea0SLionel Sambuc SSL_3DES,
327ebfedea0SLionel Sambuc SSL_SHA1,
328ebfedea0SLionel Sambuc SSL_SSLV3,
329ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
330ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
331*0a6a1f1dSLionel Sambuc 112,
332ebfedea0SLionel Sambuc 168,
333ebfedea0SLionel Sambuc },
334ebfedea0SLionel Sambuc
335ebfedea0SLionel Sambuc /* The DH ciphers */
336ebfedea0SLionel Sambuc /* Cipher 0B */
337ebfedea0SLionel Sambuc {
338ebfedea0SLionel Sambuc 0,
339ebfedea0SLionel Sambuc SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340ebfedea0SLionel Sambuc SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341ebfedea0SLionel Sambuc SSL_kDHd,
342ebfedea0SLionel Sambuc SSL_aDH,
343ebfedea0SLionel Sambuc SSL_DES,
344ebfedea0SLionel Sambuc SSL_SHA1,
345ebfedea0SLionel Sambuc SSL_SSLV3,
346ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
347ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
348ebfedea0SLionel Sambuc 40,
349ebfedea0SLionel Sambuc 56,
350ebfedea0SLionel Sambuc },
351ebfedea0SLionel Sambuc
352ebfedea0SLionel Sambuc /* Cipher 0C */
353ebfedea0SLionel Sambuc {
354ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
355ebfedea0SLionel Sambuc SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356ebfedea0SLionel Sambuc SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357ebfedea0SLionel Sambuc SSL_kDHd,
358ebfedea0SLionel Sambuc SSL_aDH,
359ebfedea0SLionel Sambuc SSL_DES,
360ebfedea0SLionel Sambuc SSL_SHA1,
361ebfedea0SLionel Sambuc SSL_SSLV3,
362ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
363ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
364ebfedea0SLionel Sambuc 56,
365ebfedea0SLionel Sambuc 56,
366ebfedea0SLionel Sambuc },
367ebfedea0SLionel Sambuc
368ebfedea0SLionel Sambuc /* Cipher 0D */
369ebfedea0SLionel Sambuc {
370ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
371ebfedea0SLionel Sambuc SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372ebfedea0SLionel Sambuc SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373ebfedea0SLionel Sambuc SSL_kDHd,
374ebfedea0SLionel Sambuc SSL_aDH,
375ebfedea0SLionel Sambuc SSL_3DES,
376ebfedea0SLionel Sambuc SSL_SHA1,
377ebfedea0SLionel Sambuc SSL_SSLV3,
378ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
379ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
380*0a6a1f1dSLionel Sambuc 112,
381ebfedea0SLionel Sambuc 168,
382ebfedea0SLionel Sambuc },
383ebfedea0SLionel Sambuc
384ebfedea0SLionel Sambuc /* Cipher 0E */
385ebfedea0SLionel Sambuc {
386ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
387ebfedea0SLionel Sambuc SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388ebfedea0SLionel Sambuc SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389ebfedea0SLionel Sambuc SSL_kDHr,
390ebfedea0SLionel Sambuc SSL_aDH,
391ebfedea0SLionel Sambuc SSL_DES,
392ebfedea0SLionel Sambuc SSL_SHA1,
393ebfedea0SLionel Sambuc SSL_SSLV3,
394ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
395ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
396ebfedea0SLionel Sambuc 40,
397ebfedea0SLionel Sambuc 56,
398ebfedea0SLionel Sambuc },
399ebfedea0SLionel Sambuc
400ebfedea0SLionel Sambuc /* Cipher 0F */
401ebfedea0SLionel Sambuc {
402ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
403ebfedea0SLionel Sambuc SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404ebfedea0SLionel Sambuc SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405ebfedea0SLionel Sambuc SSL_kDHr,
406ebfedea0SLionel Sambuc SSL_aDH,
407ebfedea0SLionel Sambuc SSL_DES,
408ebfedea0SLionel Sambuc SSL_SHA1,
409ebfedea0SLionel Sambuc SSL_SSLV3,
410ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
411ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
412ebfedea0SLionel Sambuc 56,
413ebfedea0SLionel Sambuc 56,
414ebfedea0SLionel Sambuc },
415ebfedea0SLionel Sambuc
416ebfedea0SLionel Sambuc /* Cipher 10 */
417ebfedea0SLionel Sambuc {
418ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
419ebfedea0SLionel Sambuc SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420ebfedea0SLionel Sambuc SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421ebfedea0SLionel Sambuc SSL_kDHr,
422ebfedea0SLionel Sambuc SSL_aDH,
423ebfedea0SLionel Sambuc SSL_3DES,
424ebfedea0SLionel Sambuc SSL_SHA1,
425ebfedea0SLionel Sambuc SSL_SSLV3,
426ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
427ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
428*0a6a1f1dSLionel Sambuc 112,
429ebfedea0SLionel Sambuc 168,
430ebfedea0SLionel Sambuc },
431ebfedea0SLionel Sambuc
432ebfedea0SLionel Sambuc /* The Ephemeral DH ciphers */
433ebfedea0SLionel Sambuc /* Cipher 11 */
434ebfedea0SLionel Sambuc {
435ebfedea0SLionel Sambuc 1,
436ebfedea0SLionel Sambuc SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437ebfedea0SLionel Sambuc SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438ebfedea0SLionel Sambuc SSL_kEDH,
439ebfedea0SLionel Sambuc SSL_aDSS,
440ebfedea0SLionel Sambuc SSL_DES,
441ebfedea0SLionel Sambuc SSL_SHA1,
442ebfedea0SLionel Sambuc SSL_SSLV3,
443ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
444ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
445ebfedea0SLionel Sambuc 40,
446ebfedea0SLionel Sambuc 56,
447ebfedea0SLionel Sambuc },
448ebfedea0SLionel Sambuc
449ebfedea0SLionel Sambuc /* Cipher 12 */
450ebfedea0SLionel Sambuc {
451ebfedea0SLionel Sambuc 1,
452ebfedea0SLionel Sambuc SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453ebfedea0SLionel Sambuc SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454ebfedea0SLionel Sambuc SSL_kEDH,
455ebfedea0SLionel Sambuc SSL_aDSS,
456ebfedea0SLionel Sambuc SSL_DES,
457ebfedea0SLionel Sambuc SSL_SHA1,
458ebfedea0SLionel Sambuc SSL_SSLV3,
459ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
460ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
461ebfedea0SLionel Sambuc 56,
462ebfedea0SLionel Sambuc 56,
463ebfedea0SLionel Sambuc },
464ebfedea0SLionel Sambuc
465ebfedea0SLionel Sambuc /* Cipher 13 */
466ebfedea0SLionel Sambuc {
467ebfedea0SLionel Sambuc 1,
468ebfedea0SLionel Sambuc SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469ebfedea0SLionel Sambuc SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470ebfedea0SLionel Sambuc SSL_kEDH,
471ebfedea0SLionel Sambuc SSL_aDSS,
472ebfedea0SLionel Sambuc SSL_3DES,
473ebfedea0SLionel Sambuc SSL_SHA1,
474ebfedea0SLionel Sambuc SSL_SSLV3,
475ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
476ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
477*0a6a1f1dSLionel Sambuc 112,
478ebfedea0SLionel Sambuc 168,
479ebfedea0SLionel Sambuc },
480ebfedea0SLionel Sambuc
481ebfedea0SLionel Sambuc /* Cipher 14 */
482ebfedea0SLionel Sambuc {
483ebfedea0SLionel Sambuc 1,
484ebfedea0SLionel Sambuc SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485ebfedea0SLionel Sambuc SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486ebfedea0SLionel Sambuc SSL_kEDH,
487ebfedea0SLionel Sambuc SSL_aRSA,
488ebfedea0SLionel Sambuc SSL_DES,
489ebfedea0SLionel Sambuc SSL_SHA1,
490ebfedea0SLionel Sambuc SSL_SSLV3,
491ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
492ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
493ebfedea0SLionel Sambuc 40,
494ebfedea0SLionel Sambuc 56,
495ebfedea0SLionel Sambuc },
496ebfedea0SLionel Sambuc
497ebfedea0SLionel Sambuc /* Cipher 15 */
498ebfedea0SLionel Sambuc {
499ebfedea0SLionel Sambuc 1,
500ebfedea0SLionel Sambuc SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501ebfedea0SLionel Sambuc SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502ebfedea0SLionel Sambuc SSL_kEDH,
503ebfedea0SLionel Sambuc SSL_aRSA,
504ebfedea0SLionel Sambuc SSL_DES,
505ebfedea0SLionel Sambuc SSL_SHA1,
506ebfedea0SLionel Sambuc SSL_SSLV3,
507ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
508ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
509ebfedea0SLionel Sambuc 56,
510ebfedea0SLionel Sambuc 56,
511ebfedea0SLionel Sambuc },
512ebfedea0SLionel Sambuc
513ebfedea0SLionel Sambuc /* Cipher 16 */
514ebfedea0SLionel Sambuc {
515ebfedea0SLionel Sambuc 1,
516ebfedea0SLionel Sambuc SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517ebfedea0SLionel Sambuc SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518ebfedea0SLionel Sambuc SSL_kEDH,
519ebfedea0SLionel Sambuc SSL_aRSA,
520ebfedea0SLionel Sambuc SSL_3DES,
521ebfedea0SLionel Sambuc SSL_SHA1,
522ebfedea0SLionel Sambuc SSL_SSLV3,
523ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
524ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
525*0a6a1f1dSLionel Sambuc 112,
526ebfedea0SLionel Sambuc 168,
527ebfedea0SLionel Sambuc },
528ebfedea0SLionel Sambuc
529ebfedea0SLionel Sambuc /* Cipher 17 */
530ebfedea0SLionel Sambuc {
531ebfedea0SLionel Sambuc 1,
532ebfedea0SLionel Sambuc SSL3_TXT_ADH_RC4_40_MD5,
533ebfedea0SLionel Sambuc SSL3_CK_ADH_RC4_40_MD5,
534ebfedea0SLionel Sambuc SSL_kEDH,
535ebfedea0SLionel Sambuc SSL_aNULL,
536ebfedea0SLionel Sambuc SSL_RC4,
537ebfedea0SLionel Sambuc SSL_MD5,
538ebfedea0SLionel Sambuc SSL_SSLV3,
539ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
540ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
541ebfedea0SLionel Sambuc 40,
542ebfedea0SLionel Sambuc 128,
543ebfedea0SLionel Sambuc },
544ebfedea0SLionel Sambuc
545ebfedea0SLionel Sambuc /* Cipher 18 */
546ebfedea0SLionel Sambuc {
547ebfedea0SLionel Sambuc 1,
548ebfedea0SLionel Sambuc SSL3_TXT_ADH_RC4_128_MD5,
549ebfedea0SLionel Sambuc SSL3_CK_ADH_RC4_128_MD5,
550ebfedea0SLionel Sambuc SSL_kEDH,
551ebfedea0SLionel Sambuc SSL_aNULL,
552ebfedea0SLionel Sambuc SSL_RC4,
553ebfedea0SLionel Sambuc SSL_MD5,
554ebfedea0SLionel Sambuc SSL_SSLV3,
555ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
556ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
557ebfedea0SLionel Sambuc 128,
558ebfedea0SLionel Sambuc 128,
559ebfedea0SLionel Sambuc },
560ebfedea0SLionel Sambuc
561ebfedea0SLionel Sambuc /* Cipher 19 */
562ebfedea0SLionel Sambuc {
563ebfedea0SLionel Sambuc 1,
564ebfedea0SLionel Sambuc SSL3_TXT_ADH_DES_40_CBC_SHA,
565ebfedea0SLionel Sambuc SSL3_CK_ADH_DES_40_CBC_SHA,
566ebfedea0SLionel Sambuc SSL_kEDH,
567ebfedea0SLionel Sambuc SSL_aNULL,
568ebfedea0SLionel Sambuc SSL_DES,
569ebfedea0SLionel Sambuc SSL_SHA1,
570ebfedea0SLionel Sambuc SSL_SSLV3,
571ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
572ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
573ebfedea0SLionel Sambuc 40,
574ebfedea0SLionel Sambuc 128,
575ebfedea0SLionel Sambuc },
576ebfedea0SLionel Sambuc
577ebfedea0SLionel Sambuc /* Cipher 1A */
578ebfedea0SLionel Sambuc {
579ebfedea0SLionel Sambuc 1,
580ebfedea0SLionel Sambuc SSL3_TXT_ADH_DES_64_CBC_SHA,
581ebfedea0SLionel Sambuc SSL3_CK_ADH_DES_64_CBC_SHA,
582ebfedea0SLionel Sambuc SSL_kEDH,
583ebfedea0SLionel Sambuc SSL_aNULL,
584ebfedea0SLionel Sambuc SSL_DES,
585ebfedea0SLionel Sambuc SSL_SHA1,
586ebfedea0SLionel Sambuc SSL_SSLV3,
587ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
588ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
589ebfedea0SLionel Sambuc 56,
590ebfedea0SLionel Sambuc 56,
591ebfedea0SLionel Sambuc },
592ebfedea0SLionel Sambuc
593ebfedea0SLionel Sambuc /* Cipher 1B */
594ebfedea0SLionel Sambuc {
595ebfedea0SLionel Sambuc 1,
596ebfedea0SLionel Sambuc SSL3_TXT_ADH_DES_192_CBC_SHA,
597ebfedea0SLionel Sambuc SSL3_CK_ADH_DES_192_CBC_SHA,
598ebfedea0SLionel Sambuc SSL_kEDH,
599ebfedea0SLionel Sambuc SSL_aNULL,
600ebfedea0SLionel Sambuc SSL_3DES,
601ebfedea0SLionel Sambuc SSL_SHA1,
602ebfedea0SLionel Sambuc SSL_SSLV3,
603ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
604ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
605*0a6a1f1dSLionel Sambuc 112,
606ebfedea0SLionel Sambuc 168,
607ebfedea0SLionel Sambuc },
608ebfedea0SLionel Sambuc
609ebfedea0SLionel Sambuc /* Fortezza ciphersuite from SSL 3.0 spec */
610ebfedea0SLionel Sambuc #if 0
611ebfedea0SLionel Sambuc /* Cipher 1C */
612ebfedea0SLionel Sambuc {
613ebfedea0SLionel Sambuc 0,
614ebfedea0SLionel Sambuc SSL3_TXT_FZA_DMS_NULL_SHA,
615ebfedea0SLionel Sambuc SSL3_CK_FZA_DMS_NULL_SHA,
616ebfedea0SLionel Sambuc SSL_kFZA,
617ebfedea0SLionel Sambuc SSL_aFZA,
618ebfedea0SLionel Sambuc SSL_eNULL,
619ebfedea0SLionel Sambuc SSL_SHA1,
620ebfedea0SLionel Sambuc SSL_SSLV3,
621ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE,
622ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
623ebfedea0SLionel Sambuc 0,
624ebfedea0SLionel Sambuc 0,
625ebfedea0SLionel Sambuc },
626ebfedea0SLionel Sambuc
627ebfedea0SLionel Sambuc /* Cipher 1D */
628ebfedea0SLionel Sambuc {
629ebfedea0SLionel Sambuc 0,
630ebfedea0SLionel Sambuc SSL3_TXT_FZA_DMS_FZA_SHA,
631ebfedea0SLionel Sambuc SSL3_CK_FZA_DMS_FZA_SHA,
632ebfedea0SLionel Sambuc SSL_kFZA,
633ebfedea0SLionel Sambuc SSL_aFZA,
634ebfedea0SLionel Sambuc SSL_eFZA,
635ebfedea0SLionel Sambuc SSL_SHA1,
636ebfedea0SLionel Sambuc SSL_SSLV3,
637ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE,
638ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
639ebfedea0SLionel Sambuc 0,
640ebfedea0SLionel Sambuc 0,
641ebfedea0SLionel Sambuc },
642ebfedea0SLionel Sambuc
643ebfedea0SLionel Sambuc /* Cipher 1E */
644ebfedea0SLionel Sambuc {
645ebfedea0SLionel Sambuc 0,
646ebfedea0SLionel Sambuc SSL3_TXT_FZA_DMS_RC4_SHA,
647ebfedea0SLionel Sambuc SSL3_CK_FZA_DMS_RC4_SHA,
648ebfedea0SLionel Sambuc SSL_kFZA,
649ebfedea0SLionel Sambuc SSL_aFZA,
650ebfedea0SLionel Sambuc SSL_RC4,
651ebfedea0SLionel Sambuc SSL_SHA1,
652ebfedea0SLionel Sambuc SSL_SSLV3,
653ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
654ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
655ebfedea0SLionel Sambuc 128,
656ebfedea0SLionel Sambuc 128,
657ebfedea0SLionel Sambuc },
658ebfedea0SLionel Sambuc #endif
659ebfedea0SLionel Sambuc
660ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_KRB5
661ebfedea0SLionel Sambuc /* The Kerberos ciphers*/
662ebfedea0SLionel Sambuc /* Cipher 1E */
663ebfedea0SLionel Sambuc {
664ebfedea0SLionel Sambuc 1,
665ebfedea0SLionel Sambuc SSL3_TXT_KRB5_DES_64_CBC_SHA,
666ebfedea0SLionel Sambuc SSL3_CK_KRB5_DES_64_CBC_SHA,
667ebfedea0SLionel Sambuc SSL_kKRB5,
668ebfedea0SLionel Sambuc SSL_aKRB5,
669ebfedea0SLionel Sambuc SSL_DES,
670ebfedea0SLionel Sambuc SSL_SHA1,
671ebfedea0SLionel Sambuc SSL_SSLV3,
672ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
673ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
674ebfedea0SLionel Sambuc 56,
675ebfedea0SLionel Sambuc 56,
676ebfedea0SLionel Sambuc },
677ebfedea0SLionel Sambuc
678ebfedea0SLionel Sambuc /* Cipher 1F */
679ebfedea0SLionel Sambuc {
680ebfedea0SLionel Sambuc 1,
681ebfedea0SLionel Sambuc SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682ebfedea0SLionel Sambuc SSL3_CK_KRB5_DES_192_CBC3_SHA,
683ebfedea0SLionel Sambuc SSL_kKRB5,
684ebfedea0SLionel Sambuc SSL_aKRB5,
685ebfedea0SLionel Sambuc SSL_3DES,
686ebfedea0SLionel Sambuc SSL_SHA1,
687ebfedea0SLionel Sambuc SSL_SSLV3,
688ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
689ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
690*0a6a1f1dSLionel Sambuc 112,
691ebfedea0SLionel Sambuc 168,
692ebfedea0SLionel Sambuc },
693ebfedea0SLionel Sambuc
694ebfedea0SLionel Sambuc /* Cipher 20 */
695ebfedea0SLionel Sambuc {
696ebfedea0SLionel Sambuc 1,
697ebfedea0SLionel Sambuc SSL3_TXT_KRB5_RC4_128_SHA,
698ebfedea0SLionel Sambuc SSL3_CK_KRB5_RC4_128_SHA,
699ebfedea0SLionel Sambuc SSL_kKRB5,
700ebfedea0SLionel Sambuc SSL_aKRB5,
701ebfedea0SLionel Sambuc SSL_RC4,
702ebfedea0SLionel Sambuc SSL_SHA1,
703ebfedea0SLionel Sambuc SSL_SSLV3,
704ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
705ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
706ebfedea0SLionel Sambuc 128,
707ebfedea0SLionel Sambuc 128,
708ebfedea0SLionel Sambuc },
709ebfedea0SLionel Sambuc
710ebfedea0SLionel Sambuc /* Cipher 21 */
711ebfedea0SLionel Sambuc {
712ebfedea0SLionel Sambuc 1,
713ebfedea0SLionel Sambuc SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714ebfedea0SLionel Sambuc SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715ebfedea0SLionel Sambuc SSL_kKRB5,
716ebfedea0SLionel Sambuc SSL_aKRB5,
717ebfedea0SLionel Sambuc SSL_IDEA,
718ebfedea0SLionel Sambuc SSL_SHA1,
719ebfedea0SLionel Sambuc SSL_SSLV3,
720ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
721ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
722ebfedea0SLionel Sambuc 128,
723ebfedea0SLionel Sambuc 128,
724ebfedea0SLionel Sambuc },
725ebfedea0SLionel Sambuc
726ebfedea0SLionel Sambuc /* Cipher 22 */
727ebfedea0SLionel Sambuc {
728ebfedea0SLionel Sambuc 1,
729ebfedea0SLionel Sambuc SSL3_TXT_KRB5_DES_64_CBC_MD5,
730ebfedea0SLionel Sambuc SSL3_CK_KRB5_DES_64_CBC_MD5,
731ebfedea0SLionel Sambuc SSL_kKRB5,
732ebfedea0SLionel Sambuc SSL_aKRB5,
733ebfedea0SLionel Sambuc SSL_DES,
734ebfedea0SLionel Sambuc SSL_MD5,
735ebfedea0SLionel Sambuc SSL_SSLV3,
736ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_LOW,
737ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
738ebfedea0SLionel Sambuc 56,
739ebfedea0SLionel Sambuc 56,
740ebfedea0SLionel Sambuc },
741ebfedea0SLionel Sambuc
742ebfedea0SLionel Sambuc /* Cipher 23 */
743ebfedea0SLionel Sambuc {
744ebfedea0SLionel Sambuc 1,
745ebfedea0SLionel Sambuc SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746ebfedea0SLionel Sambuc SSL3_CK_KRB5_DES_192_CBC3_MD5,
747ebfedea0SLionel Sambuc SSL_kKRB5,
748ebfedea0SLionel Sambuc SSL_aKRB5,
749ebfedea0SLionel Sambuc SSL_3DES,
750ebfedea0SLionel Sambuc SSL_MD5,
751ebfedea0SLionel Sambuc SSL_SSLV3,
752ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
753ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
754*0a6a1f1dSLionel Sambuc 112,
755ebfedea0SLionel Sambuc 168,
756ebfedea0SLionel Sambuc },
757ebfedea0SLionel Sambuc
758ebfedea0SLionel Sambuc /* Cipher 24 */
759ebfedea0SLionel Sambuc {
760ebfedea0SLionel Sambuc 1,
761ebfedea0SLionel Sambuc SSL3_TXT_KRB5_RC4_128_MD5,
762ebfedea0SLionel Sambuc SSL3_CK_KRB5_RC4_128_MD5,
763ebfedea0SLionel Sambuc SSL_kKRB5,
764ebfedea0SLionel Sambuc SSL_aKRB5,
765ebfedea0SLionel Sambuc SSL_RC4,
766ebfedea0SLionel Sambuc SSL_MD5,
767ebfedea0SLionel Sambuc SSL_SSLV3,
768ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
769ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
770ebfedea0SLionel Sambuc 128,
771ebfedea0SLionel Sambuc 128,
772ebfedea0SLionel Sambuc },
773ebfedea0SLionel Sambuc
774ebfedea0SLionel Sambuc /* Cipher 25 */
775ebfedea0SLionel Sambuc {
776ebfedea0SLionel Sambuc 1,
777ebfedea0SLionel Sambuc SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778ebfedea0SLionel Sambuc SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779ebfedea0SLionel Sambuc SSL_kKRB5,
780ebfedea0SLionel Sambuc SSL_aKRB5,
781ebfedea0SLionel Sambuc SSL_IDEA,
782ebfedea0SLionel Sambuc SSL_MD5,
783ebfedea0SLionel Sambuc SSL_SSLV3,
784ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
785ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
786ebfedea0SLionel Sambuc 128,
787ebfedea0SLionel Sambuc 128,
788ebfedea0SLionel Sambuc },
789ebfedea0SLionel Sambuc
790ebfedea0SLionel Sambuc /* Cipher 26 */
791ebfedea0SLionel Sambuc {
792ebfedea0SLionel Sambuc 1,
793ebfedea0SLionel Sambuc SSL3_TXT_KRB5_DES_40_CBC_SHA,
794ebfedea0SLionel Sambuc SSL3_CK_KRB5_DES_40_CBC_SHA,
795ebfedea0SLionel Sambuc SSL_kKRB5,
796ebfedea0SLionel Sambuc SSL_aKRB5,
797ebfedea0SLionel Sambuc SSL_DES,
798ebfedea0SLionel Sambuc SSL_SHA1,
799ebfedea0SLionel Sambuc SSL_SSLV3,
800ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
801ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
802ebfedea0SLionel Sambuc 40,
803ebfedea0SLionel Sambuc 56,
804ebfedea0SLionel Sambuc },
805ebfedea0SLionel Sambuc
806ebfedea0SLionel Sambuc /* Cipher 27 */
807ebfedea0SLionel Sambuc {
808ebfedea0SLionel Sambuc 1,
809ebfedea0SLionel Sambuc SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810ebfedea0SLionel Sambuc SSL3_CK_KRB5_RC2_40_CBC_SHA,
811ebfedea0SLionel Sambuc SSL_kKRB5,
812ebfedea0SLionel Sambuc SSL_aKRB5,
813ebfedea0SLionel Sambuc SSL_RC2,
814ebfedea0SLionel Sambuc SSL_SHA1,
815ebfedea0SLionel Sambuc SSL_SSLV3,
816ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
817ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
818ebfedea0SLionel Sambuc 40,
819ebfedea0SLionel Sambuc 128,
820ebfedea0SLionel Sambuc },
821ebfedea0SLionel Sambuc
822ebfedea0SLionel Sambuc /* Cipher 28 */
823ebfedea0SLionel Sambuc {
824ebfedea0SLionel Sambuc 1,
825ebfedea0SLionel Sambuc SSL3_TXT_KRB5_RC4_40_SHA,
826ebfedea0SLionel Sambuc SSL3_CK_KRB5_RC4_40_SHA,
827ebfedea0SLionel Sambuc SSL_kKRB5,
828ebfedea0SLionel Sambuc SSL_aKRB5,
829ebfedea0SLionel Sambuc SSL_RC4,
830ebfedea0SLionel Sambuc SSL_SHA1,
831ebfedea0SLionel Sambuc SSL_SSLV3,
832ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
833ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
834ebfedea0SLionel Sambuc 40,
835ebfedea0SLionel Sambuc 128,
836ebfedea0SLionel Sambuc },
837ebfedea0SLionel Sambuc
838ebfedea0SLionel Sambuc /* Cipher 29 */
839ebfedea0SLionel Sambuc {
840ebfedea0SLionel Sambuc 1,
841ebfedea0SLionel Sambuc SSL3_TXT_KRB5_DES_40_CBC_MD5,
842ebfedea0SLionel Sambuc SSL3_CK_KRB5_DES_40_CBC_MD5,
843ebfedea0SLionel Sambuc SSL_kKRB5,
844ebfedea0SLionel Sambuc SSL_aKRB5,
845ebfedea0SLionel Sambuc SSL_DES,
846ebfedea0SLionel Sambuc SSL_MD5,
847ebfedea0SLionel Sambuc SSL_SSLV3,
848ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
849ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
850ebfedea0SLionel Sambuc 40,
851ebfedea0SLionel Sambuc 56,
852ebfedea0SLionel Sambuc },
853ebfedea0SLionel Sambuc
854ebfedea0SLionel Sambuc /* Cipher 2A */
855ebfedea0SLionel Sambuc {
856ebfedea0SLionel Sambuc 1,
857ebfedea0SLionel Sambuc SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858ebfedea0SLionel Sambuc SSL3_CK_KRB5_RC2_40_CBC_MD5,
859ebfedea0SLionel Sambuc SSL_kKRB5,
860ebfedea0SLionel Sambuc SSL_aKRB5,
861ebfedea0SLionel Sambuc SSL_RC2,
862ebfedea0SLionel Sambuc SSL_MD5,
863ebfedea0SLionel Sambuc SSL_SSLV3,
864ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
865ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
866ebfedea0SLionel Sambuc 40,
867ebfedea0SLionel Sambuc 128,
868ebfedea0SLionel Sambuc },
869ebfedea0SLionel Sambuc
870ebfedea0SLionel Sambuc /* Cipher 2B */
871ebfedea0SLionel Sambuc {
872ebfedea0SLionel Sambuc 1,
873ebfedea0SLionel Sambuc SSL3_TXT_KRB5_RC4_40_MD5,
874ebfedea0SLionel Sambuc SSL3_CK_KRB5_RC4_40_MD5,
875ebfedea0SLionel Sambuc SSL_kKRB5,
876ebfedea0SLionel Sambuc SSL_aKRB5,
877ebfedea0SLionel Sambuc SSL_RC4,
878ebfedea0SLionel Sambuc SSL_MD5,
879ebfedea0SLionel Sambuc SSL_SSLV3,
880ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP40,
881ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
882ebfedea0SLionel Sambuc 40,
883ebfedea0SLionel Sambuc 128,
884ebfedea0SLionel Sambuc },
885ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_KRB5 */
886ebfedea0SLionel Sambuc
887ebfedea0SLionel Sambuc /* New AES ciphersuites */
888ebfedea0SLionel Sambuc /* Cipher 2F */
889ebfedea0SLionel Sambuc {
890ebfedea0SLionel Sambuc 1,
891ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_AES_128_SHA,
892ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_AES_128_SHA,
893ebfedea0SLionel Sambuc SSL_kRSA,
894ebfedea0SLionel Sambuc SSL_aRSA,
895ebfedea0SLionel Sambuc SSL_AES128,
896ebfedea0SLionel Sambuc SSL_SHA1,
897ebfedea0SLionel Sambuc SSL_TLSV1,
898ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
899ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
900ebfedea0SLionel Sambuc 128,
901ebfedea0SLionel Sambuc 128,
902ebfedea0SLionel Sambuc },
903ebfedea0SLionel Sambuc /* Cipher 30 */
904ebfedea0SLionel Sambuc {
905ebfedea0SLionel Sambuc 0,
906ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908ebfedea0SLionel Sambuc SSL_kDHd,
909ebfedea0SLionel Sambuc SSL_aDH,
910ebfedea0SLionel Sambuc SSL_AES128,
911ebfedea0SLionel Sambuc SSL_SHA1,
912ebfedea0SLionel Sambuc SSL_TLSV1,
913ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
914ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
915ebfedea0SLionel Sambuc 128,
916ebfedea0SLionel Sambuc 128,
917ebfedea0SLionel Sambuc },
918ebfedea0SLionel Sambuc /* Cipher 31 */
919ebfedea0SLionel Sambuc {
920ebfedea0SLionel Sambuc 0,
921ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923ebfedea0SLionel Sambuc SSL_kDHr,
924ebfedea0SLionel Sambuc SSL_aDH,
925ebfedea0SLionel Sambuc SSL_AES128,
926ebfedea0SLionel Sambuc SSL_SHA1,
927ebfedea0SLionel Sambuc SSL_TLSV1,
928ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
929ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
930ebfedea0SLionel Sambuc 128,
931ebfedea0SLionel Sambuc 128,
932ebfedea0SLionel Sambuc },
933ebfedea0SLionel Sambuc /* Cipher 32 */
934ebfedea0SLionel Sambuc {
935ebfedea0SLionel Sambuc 1,
936ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938ebfedea0SLionel Sambuc SSL_kEDH,
939ebfedea0SLionel Sambuc SSL_aDSS,
940ebfedea0SLionel Sambuc SSL_AES128,
941ebfedea0SLionel Sambuc SSL_SHA1,
942ebfedea0SLionel Sambuc SSL_TLSV1,
943ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
944ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
945ebfedea0SLionel Sambuc 128,
946ebfedea0SLionel Sambuc 128,
947ebfedea0SLionel Sambuc },
948ebfedea0SLionel Sambuc /* Cipher 33 */
949ebfedea0SLionel Sambuc {
950ebfedea0SLionel Sambuc 1,
951ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953ebfedea0SLionel Sambuc SSL_kEDH,
954ebfedea0SLionel Sambuc SSL_aRSA,
955ebfedea0SLionel Sambuc SSL_AES128,
956ebfedea0SLionel Sambuc SSL_SHA1,
957ebfedea0SLionel Sambuc SSL_TLSV1,
958ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
959ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960ebfedea0SLionel Sambuc 128,
961ebfedea0SLionel Sambuc 128,
962ebfedea0SLionel Sambuc },
963ebfedea0SLionel Sambuc /* Cipher 34 */
964ebfedea0SLionel Sambuc {
965ebfedea0SLionel Sambuc 1,
966ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_AES_128_SHA,
967ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_AES_128_SHA,
968ebfedea0SLionel Sambuc SSL_kEDH,
969ebfedea0SLionel Sambuc SSL_aNULL,
970ebfedea0SLionel Sambuc SSL_AES128,
971ebfedea0SLionel Sambuc SSL_SHA1,
972ebfedea0SLionel Sambuc SSL_TLSV1,
973ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
974ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
975ebfedea0SLionel Sambuc 128,
976ebfedea0SLionel Sambuc 128,
977ebfedea0SLionel Sambuc },
978ebfedea0SLionel Sambuc
979ebfedea0SLionel Sambuc /* Cipher 35 */
980ebfedea0SLionel Sambuc {
981ebfedea0SLionel Sambuc 1,
982ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_AES_256_SHA,
983ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_AES_256_SHA,
984ebfedea0SLionel Sambuc SSL_kRSA,
985ebfedea0SLionel Sambuc SSL_aRSA,
986ebfedea0SLionel Sambuc SSL_AES256,
987ebfedea0SLionel Sambuc SSL_SHA1,
988ebfedea0SLionel Sambuc SSL_TLSV1,
989ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
990ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
991ebfedea0SLionel Sambuc 256,
992ebfedea0SLionel Sambuc 256,
993ebfedea0SLionel Sambuc },
994ebfedea0SLionel Sambuc /* Cipher 36 */
995ebfedea0SLionel Sambuc {
996ebfedea0SLionel Sambuc 0,
997ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999ebfedea0SLionel Sambuc SSL_kDHd,
1000ebfedea0SLionel Sambuc SSL_aDH,
1001ebfedea0SLionel Sambuc SSL_AES256,
1002ebfedea0SLionel Sambuc SSL_SHA1,
1003ebfedea0SLionel Sambuc SSL_TLSV1,
1004ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1005ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1006ebfedea0SLionel Sambuc 256,
1007ebfedea0SLionel Sambuc 256,
1008ebfedea0SLionel Sambuc },
1009ebfedea0SLionel Sambuc
1010ebfedea0SLionel Sambuc /* Cipher 37 */
1011ebfedea0SLionel Sambuc {
1012ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1013ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015ebfedea0SLionel Sambuc SSL_kDHr,
1016ebfedea0SLionel Sambuc SSL_aDH,
1017ebfedea0SLionel Sambuc SSL_AES256,
1018ebfedea0SLionel Sambuc SSL_SHA1,
1019ebfedea0SLionel Sambuc SSL_TLSV1,
1020ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1021ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1022ebfedea0SLionel Sambuc 256,
1023ebfedea0SLionel Sambuc 256,
1024ebfedea0SLionel Sambuc },
1025ebfedea0SLionel Sambuc
1026ebfedea0SLionel Sambuc /* Cipher 38 */
1027ebfedea0SLionel Sambuc {
1028ebfedea0SLionel Sambuc 1,
1029ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031ebfedea0SLionel Sambuc SSL_kEDH,
1032ebfedea0SLionel Sambuc SSL_aDSS,
1033ebfedea0SLionel Sambuc SSL_AES256,
1034ebfedea0SLionel Sambuc SSL_SHA1,
1035ebfedea0SLionel Sambuc SSL_TLSV1,
1036ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1037ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1038ebfedea0SLionel Sambuc 256,
1039ebfedea0SLionel Sambuc 256,
1040ebfedea0SLionel Sambuc },
1041ebfedea0SLionel Sambuc
1042ebfedea0SLionel Sambuc /* Cipher 39 */
1043ebfedea0SLionel Sambuc {
1044ebfedea0SLionel Sambuc 1,
1045ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047ebfedea0SLionel Sambuc SSL_kEDH,
1048ebfedea0SLionel Sambuc SSL_aRSA,
1049ebfedea0SLionel Sambuc SSL_AES256,
1050ebfedea0SLionel Sambuc SSL_SHA1,
1051ebfedea0SLionel Sambuc SSL_TLSV1,
1052ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1053ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1054ebfedea0SLionel Sambuc 256,
1055ebfedea0SLionel Sambuc 256,
1056ebfedea0SLionel Sambuc },
1057ebfedea0SLionel Sambuc
1058ebfedea0SLionel Sambuc /* Cipher 3A */
1059ebfedea0SLionel Sambuc {
1060ebfedea0SLionel Sambuc 1,
1061ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_AES_256_SHA,
1062ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_AES_256_SHA,
1063ebfedea0SLionel Sambuc SSL_kEDH,
1064ebfedea0SLionel Sambuc SSL_aNULL,
1065ebfedea0SLionel Sambuc SSL_AES256,
1066ebfedea0SLionel Sambuc SSL_SHA1,
1067ebfedea0SLionel Sambuc SSL_TLSV1,
1068ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1069ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1070ebfedea0SLionel Sambuc 256,
1071ebfedea0SLionel Sambuc 256,
1072ebfedea0SLionel Sambuc },
1073ebfedea0SLionel Sambuc
1074ebfedea0SLionel Sambuc /* TLS v1.2 ciphersuites */
1075ebfedea0SLionel Sambuc /* Cipher 3B */
1076ebfedea0SLionel Sambuc {
1077ebfedea0SLionel Sambuc 1,
1078ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_NULL_SHA256,
1079ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_NULL_SHA256,
1080ebfedea0SLionel Sambuc SSL_kRSA,
1081ebfedea0SLionel Sambuc SSL_aRSA,
1082ebfedea0SLionel Sambuc SSL_eNULL,
1083ebfedea0SLionel Sambuc SSL_SHA256,
1084ebfedea0SLionel Sambuc SSL_TLSV1_2,
1085ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
1086ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1087ebfedea0SLionel Sambuc 0,
1088ebfedea0SLionel Sambuc 0,
1089ebfedea0SLionel Sambuc },
1090ebfedea0SLionel Sambuc
1091ebfedea0SLionel Sambuc /* Cipher 3C */
1092ebfedea0SLionel Sambuc {
1093ebfedea0SLionel Sambuc 1,
1094ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_AES_128_SHA256,
1096ebfedea0SLionel Sambuc SSL_kRSA,
1097ebfedea0SLionel Sambuc SSL_aRSA,
1098ebfedea0SLionel Sambuc SSL_AES128,
1099ebfedea0SLionel Sambuc SSL_SHA256,
1100ebfedea0SLionel Sambuc SSL_TLSV1_2,
1101ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1102ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1103ebfedea0SLionel Sambuc 128,
1104ebfedea0SLionel Sambuc 128,
1105ebfedea0SLionel Sambuc },
1106ebfedea0SLionel Sambuc
1107ebfedea0SLionel Sambuc /* Cipher 3D */
1108ebfedea0SLionel Sambuc {
1109ebfedea0SLionel Sambuc 1,
1110ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_AES_256_SHA256,
1112ebfedea0SLionel Sambuc SSL_kRSA,
1113ebfedea0SLionel Sambuc SSL_aRSA,
1114ebfedea0SLionel Sambuc SSL_AES256,
1115ebfedea0SLionel Sambuc SSL_SHA256,
1116ebfedea0SLionel Sambuc SSL_TLSV1_2,
1117ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1118ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119ebfedea0SLionel Sambuc 256,
1120ebfedea0SLionel Sambuc 256,
1121ebfedea0SLionel Sambuc },
1122ebfedea0SLionel Sambuc
1123ebfedea0SLionel Sambuc /* Cipher 3E */
1124ebfedea0SLionel Sambuc {
1125ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1126ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128ebfedea0SLionel Sambuc SSL_kDHd,
1129ebfedea0SLionel Sambuc SSL_aDH,
1130ebfedea0SLionel Sambuc SSL_AES128,
1131ebfedea0SLionel Sambuc SSL_SHA256,
1132ebfedea0SLionel Sambuc SSL_TLSV1_2,
1133ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1134ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1135ebfedea0SLionel Sambuc 128,
1136ebfedea0SLionel Sambuc 128,
1137ebfedea0SLionel Sambuc },
1138ebfedea0SLionel Sambuc
1139ebfedea0SLionel Sambuc /* Cipher 3F */
1140ebfedea0SLionel Sambuc {
1141ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1142ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144ebfedea0SLionel Sambuc SSL_kDHr,
1145ebfedea0SLionel Sambuc SSL_aDH,
1146ebfedea0SLionel Sambuc SSL_AES128,
1147ebfedea0SLionel Sambuc SSL_SHA256,
1148ebfedea0SLionel Sambuc SSL_TLSV1_2,
1149ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1150ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1151ebfedea0SLionel Sambuc 128,
1152ebfedea0SLionel Sambuc 128,
1153ebfedea0SLionel Sambuc },
1154ebfedea0SLionel Sambuc
1155ebfedea0SLionel Sambuc /* Cipher 40 */
1156ebfedea0SLionel Sambuc {
1157ebfedea0SLionel Sambuc 1,
1158ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160ebfedea0SLionel Sambuc SSL_kEDH,
1161ebfedea0SLionel Sambuc SSL_aDSS,
1162ebfedea0SLionel Sambuc SSL_AES128,
1163ebfedea0SLionel Sambuc SSL_SHA256,
1164ebfedea0SLionel Sambuc SSL_TLSV1_2,
1165ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1166ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1167ebfedea0SLionel Sambuc 128,
1168ebfedea0SLionel Sambuc 128,
1169ebfedea0SLionel Sambuc },
1170ebfedea0SLionel Sambuc
1171ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_CAMELLIA
1172ebfedea0SLionel Sambuc /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173ebfedea0SLionel Sambuc
1174ebfedea0SLionel Sambuc /* Cipher 41 */
1175ebfedea0SLionel Sambuc {
1176ebfedea0SLionel Sambuc 1,
1177ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179ebfedea0SLionel Sambuc SSL_kRSA,
1180ebfedea0SLionel Sambuc SSL_aRSA,
1181ebfedea0SLionel Sambuc SSL_CAMELLIA128,
1182ebfedea0SLionel Sambuc SSL_SHA1,
1183ebfedea0SLionel Sambuc SSL_TLSV1,
1184ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1185ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1186ebfedea0SLionel Sambuc 128,
1187ebfedea0SLionel Sambuc 128,
1188ebfedea0SLionel Sambuc },
1189ebfedea0SLionel Sambuc
1190ebfedea0SLionel Sambuc /* Cipher 42 */
1191ebfedea0SLionel Sambuc {
1192ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1193ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195ebfedea0SLionel Sambuc SSL_kDHd,
1196ebfedea0SLionel Sambuc SSL_aDH,
1197ebfedea0SLionel Sambuc SSL_CAMELLIA128,
1198ebfedea0SLionel Sambuc SSL_SHA1,
1199ebfedea0SLionel Sambuc SSL_TLSV1,
1200ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1201ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1202ebfedea0SLionel Sambuc 128,
1203ebfedea0SLionel Sambuc 128,
1204ebfedea0SLionel Sambuc },
1205ebfedea0SLionel Sambuc
1206ebfedea0SLionel Sambuc /* Cipher 43 */
1207ebfedea0SLionel Sambuc {
1208ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1209ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211ebfedea0SLionel Sambuc SSL_kDHr,
1212ebfedea0SLionel Sambuc SSL_aDH,
1213ebfedea0SLionel Sambuc SSL_CAMELLIA128,
1214ebfedea0SLionel Sambuc SSL_SHA1,
1215ebfedea0SLionel Sambuc SSL_TLSV1,
1216ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1217ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1218ebfedea0SLionel Sambuc 128,
1219ebfedea0SLionel Sambuc 128,
1220ebfedea0SLionel Sambuc },
1221ebfedea0SLionel Sambuc
1222ebfedea0SLionel Sambuc /* Cipher 44 */
1223ebfedea0SLionel Sambuc {
1224ebfedea0SLionel Sambuc 1,
1225ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227ebfedea0SLionel Sambuc SSL_kEDH,
1228ebfedea0SLionel Sambuc SSL_aDSS,
1229ebfedea0SLionel Sambuc SSL_CAMELLIA128,
1230ebfedea0SLionel Sambuc SSL_SHA1,
1231ebfedea0SLionel Sambuc SSL_TLSV1,
1232ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1233ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1234ebfedea0SLionel Sambuc 128,
1235ebfedea0SLionel Sambuc 128,
1236ebfedea0SLionel Sambuc },
1237ebfedea0SLionel Sambuc
1238ebfedea0SLionel Sambuc /* Cipher 45 */
1239ebfedea0SLionel Sambuc {
1240ebfedea0SLionel Sambuc 1,
1241ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243ebfedea0SLionel Sambuc SSL_kEDH,
1244ebfedea0SLionel Sambuc SSL_aRSA,
1245ebfedea0SLionel Sambuc SSL_CAMELLIA128,
1246ebfedea0SLionel Sambuc SSL_SHA1,
1247ebfedea0SLionel Sambuc SSL_TLSV1,
1248ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1249ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1250ebfedea0SLionel Sambuc 128,
1251ebfedea0SLionel Sambuc 128,
1252ebfedea0SLionel Sambuc },
1253ebfedea0SLionel Sambuc
1254ebfedea0SLionel Sambuc /* Cipher 46 */
1255ebfedea0SLionel Sambuc {
1256ebfedea0SLionel Sambuc 1,
1257ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259ebfedea0SLionel Sambuc SSL_kEDH,
1260ebfedea0SLionel Sambuc SSL_aNULL,
1261ebfedea0SLionel Sambuc SSL_CAMELLIA128,
1262ebfedea0SLionel Sambuc SSL_SHA1,
1263ebfedea0SLionel Sambuc SSL_TLSV1,
1264ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1265ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1266ebfedea0SLionel Sambuc 128,
1267ebfedea0SLionel Sambuc 128,
1268ebfedea0SLionel Sambuc },
1269ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_CAMELLIA */
1270ebfedea0SLionel Sambuc
1271ebfedea0SLionel Sambuc #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272ebfedea0SLionel Sambuc /* New TLS Export CipherSuites from expired ID */
1273ebfedea0SLionel Sambuc # if 0
1274ebfedea0SLionel Sambuc /* Cipher 60 */
1275ebfedea0SLionel Sambuc {
1276ebfedea0SLionel Sambuc 1,
1277ebfedea0SLionel Sambuc TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278ebfedea0SLionel Sambuc TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279ebfedea0SLionel Sambuc SSL_kRSA,
1280ebfedea0SLionel Sambuc SSL_aRSA,
1281ebfedea0SLionel Sambuc SSL_RC4,
1282ebfedea0SLionel Sambuc SSL_MD5,
1283ebfedea0SLionel Sambuc SSL_TLSV1,
1284ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP56,
1285ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1286ebfedea0SLionel Sambuc 56,
1287ebfedea0SLionel Sambuc 128,
1288ebfedea0SLionel Sambuc },
1289ebfedea0SLionel Sambuc
1290ebfedea0SLionel Sambuc /* Cipher 61 */
1291ebfedea0SLionel Sambuc {
1292ebfedea0SLionel Sambuc 1,
1293ebfedea0SLionel Sambuc TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294ebfedea0SLionel Sambuc TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295ebfedea0SLionel Sambuc SSL_kRSA,
1296ebfedea0SLionel Sambuc SSL_aRSA,
1297ebfedea0SLionel Sambuc SSL_RC2,
1298ebfedea0SLionel Sambuc SSL_MD5,
1299ebfedea0SLionel Sambuc SSL_TLSV1,
1300ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP56,
1301ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1302ebfedea0SLionel Sambuc 56,
1303ebfedea0SLionel Sambuc 128,
1304ebfedea0SLionel Sambuc },
1305ebfedea0SLionel Sambuc # endif
1306ebfedea0SLionel Sambuc
1307ebfedea0SLionel Sambuc /* Cipher 62 */
1308ebfedea0SLionel Sambuc {
1309ebfedea0SLionel Sambuc 1,
1310ebfedea0SLionel Sambuc TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311ebfedea0SLionel Sambuc TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312ebfedea0SLionel Sambuc SSL_kRSA,
1313ebfedea0SLionel Sambuc SSL_aRSA,
1314ebfedea0SLionel Sambuc SSL_DES,
1315ebfedea0SLionel Sambuc SSL_SHA1,
1316ebfedea0SLionel Sambuc SSL_TLSV1,
1317ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP56,
1318ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1319ebfedea0SLionel Sambuc 56,
1320ebfedea0SLionel Sambuc 56,
1321ebfedea0SLionel Sambuc },
1322ebfedea0SLionel Sambuc
1323ebfedea0SLionel Sambuc /* Cipher 63 */
1324ebfedea0SLionel Sambuc {
1325ebfedea0SLionel Sambuc 1,
1326ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328ebfedea0SLionel Sambuc SSL_kEDH,
1329ebfedea0SLionel Sambuc SSL_aDSS,
1330ebfedea0SLionel Sambuc SSL_DES,
1331ebfedea0SLionel Sambuc SSL_SHA1,
1332ebfedea0SLionel Sambuc SSL_TLSV1,
1333ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP56,
1334ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335ebfedea0SLionel Sambuc 56,
1336ebfedea0SLionel Sambuc 56,
1337ebfedea0SLionel Sambuc },
1338ebfedea0SLionel Sambuc
1339ebfedea0SLionel Sambuc /* Cipher 64 */
1340ebfedea0SLionel Sambuc {
1341ebfedea0SLionel Sambuc 1,
1342ebfedea0SLionel Sambuc TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343ebfedea0SLionel Sambuc TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344ebfedea0SLionel Sambuc SSL_kRSA,
1345ebfedea0SLionel Sambuc SSL_aRSA,
1346ebfedea0SLionel Sambuc SSL_RC4,
1347ebfedea0SLionel Sambuc SSL_SHA1,
1348ebfedea0SLionel Sambuc SSL_TLSV1,
1349ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP56,
1350ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1351ebfedea0SLionel Sambuc 56,
1352ebfedea0SLionel Sambuc 128,
1353ebfedea0SLionel Sambuc },
1354ebfedea0SLionel Sambuc
1355ebfedea0SLionel Sambuc /* Cipher 65 */
1356ebfedea0SLionel Sambuc {
1357ebfedea0SLionel Sambuc 1,
1358ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360ebfedea0SLionel Sambuc SSL_kEDH,
1361ebfedea0SLionel Sambuc SSL_aDSS,
1362ebfedea0SLionel Sambuc SSL_RC4,
1363ebfedea0SLionel Sambuc SSL_SHA1,
1364ebfedea0SLionel Sambuc SSL_TLSV1,
1365ebfedea0SLionel Sambuc SSL_EXPORT | SSL_EXP56,
1366ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1367ebfedea0SLionel Sambuc 56,
1368ebfedea0SLionel Sambuc 128,
1369ebfedea0SLionel Sambuc },
1370ebfedea0SLionel Sambuc
1371ebfedea0SLionel Sambuc /* Cipher 66 */
1372ebfedea0SLionel Sambuc {
1373ebfedea0SLionel Sambuc 1,
1374ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376ebfedea0SLionel Sambuc SSL_kEDH,
1377ebfedea0SLionel Sambuc SSL_aDSS,
1378ebfedea0SLionel Sambuc SSL_RC4,
1379ebfedea0SLionel Sambuc SSL_SHA1,
1380ebfedea0SLionel Sambuc SSL_TLSV1,
1381ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1382ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1383ebfedea0SLionel Sambuc 128,
1384ebfedea0SLionel Sambuc 128,
1385ebfedea0SLionel Sambuc },
1386ebfedea0SLionel Sambuc #endif
1387ebfedea0SLionel Sambuc
1388ebfedea0SLionel Sambuc /* TLS v1.2 ciphersuites */
1389ebfedea0SLionel Sambuc /* Cipher 67 */
1390ebfedea0SLionel Sambuc {
1391ebfedea0SLionel Sambuc 1,
1392ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394ebfedea0SLionel Sambuc SSL_kEDH,
1395ebfedea0SLionel Sambuc SSL_aRSA,
1396ebfedea0SLionel Sambuc SSL_AES128,
1397ebfedea0SLionel Sambuc SSL_SHA256,
1398ebfedea0SLionel Sambuc SSL_TLSV1_2,
1399ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1400ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1401ebfedea0SLionel Sambuc 128,
1402ebfedea0SLionel Sambuc 128,
1403ebfedea0SLionel Sambuc },
1404ebfedea0SLionel Sambuc
1405ebfedea0SLionel Sambuc /* Cipher 68 */
1406ebfedea0SLionel Sambuc {
1407ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1408ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410ebfedea0SLionel Sambuc SSL_kDHd,
1411ebfedea0SLionel Sambuc SSL_aDH,
1412ebfedea0SLionel Sambuc SSL_AES256,
1413ebfedea0SLionel Sambuc SSL_SHA256,
1414ebfedea0SLionel Sambuc SSL_TLSV1_2,
1415ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1416ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1417ebfedea0SLionel Sambuc 256,
1418ebfedea0SLionel Sambuc 256,
1419ebfedea0SLionel Sambuc },
1420ebfedea0SLionel Sambuc
1421ebfedea0SLionel Sambuc /* Cipher 69 */
1422ebfedea0SLionel Sambuc {
1423ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1424ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426ebfedea0SLionel Sambuc SSL_kDHr,
1427ebfedea0SLionel Sambuc SSL_aDH,
1428ebfedea0SLionel Sambuc SSL_AES256,
1429ebfedea0SLionel Sambuc SSL_SHA256,
1430ebfedea0SLionel Sambuc SSL_TLSV1_2,
1431ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1432ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1433ebfedea0SLionel Sambuc 256,
1434ebfedea0SLionel Sambuc 256,
1435ebfedea0SLionel Sambuc },
1436ebfedea0SLionel Sambuc
1437ebfedea0SLionel Sambuc /* Cipher 6A */
1438ebfedea0SLionel Sambuc {
1439ebfedea0SLionel Sambuc 1,
1440ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442ebfedea0SLionel Sambuc SSL_kEDH,
1443ebfedea0SLionel Sambuc SSL_aDSS,
1444ebfedea0SLionel Sambuc SSL_AES256,
1445ebfedea0SLionel Sambuc SSL_SHA256,
1446ebfedea0SLionel Sambuc SSL_TLSV1_2,
1447ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1448ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1449ebfedea0SLionel Sambuc 256,
1450ebfedea0SLionel Sambuc 256,
1451ebfedea0SLionel Sambuc },
1452ebfedea0SLionel Sambuc
1453ebfedea0SLionel Sambuc /* Cipher 6B */
1454ebfedea0SLionel Sambuc {
1455ebfedea0SLionel Sambuc 1,
1456ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458ebfedea0SLionel Sambuc SSL_kEDH,
1459ebfedea0SLionel Sambuc SSL_aRSA,
1460ebfedea0SLionel Sambuc SSL_AES256,
1461ebfedea0SLionel Sambuc SSL_SHA256,
1462ebfedea0SLionel Sambuc SSL_TLSV1_2,
1463ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1464ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1465ebfedea0SLionel Sambuc 256,
1466ebfedea0SLionel Sambuc 256,
1467ebfedea0SLionel Sambuc },
1468ebfedea0SLionel Sambuc
1469ebfedea0SLionel Sambuc /* Cipher 6C */
1470ebfedea0SLionel Sambuc {
1471ebfedea0SLionel Sambuc 1,
1472ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_AES_128_SHA256,
1474ebfedea0SLionel Sambuc SSL_kEDH,
1475ebfedea0SLionel Sambuc SSL_aNULL,
1476ebfedea0SLionel Sambuc SSL_AES128,
1477ebfedea0SLionel Sambuc SSL_SHA256,
1478ebfedea0SLionel Sambuc SSL_TLSV1_2,
1479ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1480ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1481ebfedea0SLionel Sambuc 128,
1482ebfedea0SLionel Sambuc 128,
1483ebfedea0SLionel Sambuc },
1484ebfedea0SLionel Sambuc
1485ebfedea0SLionel Sambuc /* Cipher 6D */
1486ebfedea0SLionel Sambuc {
1487ebfedea0SLionel Sambuc 1,
1488ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_AES_256_SHA256,
1490ebfedea0SLionel Sambuc SSL_kEDH,
1491ebfedea0SLionel Sambuc SSL_aNULL,
1492ebfedea0SLionel Sambuc SSL_AES256,
1493ebfedea0SLionel Sambuc SSL_SHA256,
1494ebfedea0SLionel Sambuc SSL_TLSV1_2,
1495ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1496ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1497ebfedea0SLionel Sambuc 256,
1498ebfedea0SLionel Sambuc 256,
1499ebfedea0SLionel Sambuc },
1500ebfedea0SLionel Sambuc
1501ebfedea0SLionel Sambuc /* GOST Ciphersuites */
1502ebfedea0SLionel Sambuc
1503ebfedea0SLionel Sambuc {
1504ebfedea0SLionel Sambuc 1,
1505ebfedea0SLionel Sambuc "GOST94-GOST89-GOST89",
1506ebfedea0SLionel Sambuc 0x3000080,
1507ebfedea0SLionel Sambuc SSL_kGOST,
1508ebfedea0SLionel Sambuc SSL_aGOST94,
1509ebfedea0SLionel Sambuc SSL_eGOST2814789CNT,
1510ebfedea0SLionel Sambuc SSL_GOST89MAC,
1511ebfedea0SLionel Sambuc SSL_TLSV1,
1512ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1513ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1514ebfedea0SLionel Sambuc 256,
1515*0a6a1f1dSLionel Sambuc 256},
1516ebfedea0SLionel Sambuc {
1517ebfedea0SLionel Sambuc 1,
1518ebfedea0SLionel Sambuc "GOST2001-GOST89-GOST89",
1519ebfedea0SLionel Sambuc 0x3000081,
1520ebfedea0SLionel Sambuc SSL_kGOST,
1521ebfedea0SLionel Sambuc SSL_aGOST01,
1522ebfedea0SLionel Sambuc SSL_eGOST2814789CNT,
1523ebfedea0SLionel Sambuc SSL_GOST89MAC,
1524ebfedea0SLionel Sambuc SSL_TLSV1,
1525ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1526ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1527ebfedea0SLionel Sambuc 256,
1528*0a6a1f1dSLionel Sambuc 256},
1529ebfedea0SLionel Sambuc {
1530ebfedea0SLionel Sambuc 1,
1531ebfedea0SLionel Sambuc "GOST94-NULL-GOST94",
1532ebfedea0SLionel Sambuc 0x3000082,
1533ebfedea0SLionel Sambuc SSL_kGOST,
1534ebfedea0SLionel Sambuc SSL_aGOST94,
1535ebfedea0SLionel Sambuc SSL_eNULL,
1536ebfedea0SLionel Sambuc SSL_GOST94,
1537ebfedea0SLionel Sambuc SSL_TLSV1,
1538ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE,
1539ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1540ebfedea0SLionel Sambuc 0,
1541*0a6a1f1dSLionel Sambuc 0},
1542ebfedea0SLionel Sambuc {
1543ebfedea0SLionel Sambuc 1,
1544ebfedea0SLionel Sambuc "GOST2001-NULL-GOST94",
1545ebfedea0SLionel Sambuc 0x3000083,
1546ebfedea0SLionel Sambuc SSL_kGOST,
1547ebfedea0SLionel Sambuc SSL_aGOST01,
1548ebfedea0SLionel Sambuc SSL_eNULL,
1549ebfedea0SLionel Sambuc SSL_GOST94,
1550ebfedea0SLionel Sambuc SSL_TLSV1,
1551ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE,
1552ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1553ebfedea0SLionel Sambuc 0,
1554*0a6a1f1dSLionel Sambuc 0},
1555ebfedea0SLionel Sambuc
1556ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_CAMELLIA
1557ebfedea0SLionel Sambuc /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1558ebfedea0SLionel Sambuc
1559ebfedea0SLionel Sambuc /* Cipher 84 */
1560ebfedea0SLionel Sambuc {
1561ebfedea0SLionel Sambuc 1,
1562ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1563ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1564ebfedea0SLionel Sambuc SSL_kRSA,
1565ebfedea0SLionel Sambuc SSL_aRSA,
1566ebfedea0SLionel Sambuc SSL_CAMELLIA256,
1567ebfedea0SLionel Sambuc SSL_SHA1,
1568ebfedea0SLionel Sambuc SSL_TLSV1,
1569ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1570ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1571ebfedea0SLionel Sambuc 256,
1572ebfedea0SLionel Sambuc 256,
1573ebfedea0SLionel Sambuc },
1574ebfedea0SLionel Sambuc /* Cipher 85 */
1575ebfedea0SLionel Sambuc {
1576ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1577ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1578ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1579ebfedea0SLionel Sambuc SSL_kDHd,
1580ebfedea0SLionel Sambuc SSL_aDH,
1581ebfedea0SLionel Sambuc SSL_CAMELLIA256,
1582ebfedea0SLionel Sambuc SSL_SHA1,
1583ebfedea0SLionel Sambuc SSL_TLSV1,
1584ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1585ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586ebfedea0SLionel Sambuc 256,
1587ebfedea0SLionel Sambuc 256,
1588ebfedea0SLionel Sambuc },
1589ebfedea0SLionel Sambuc
1590ebfedea0SLionel Sambuc /* Cipher 86 */
1591ebfedea0SLionel Sambuc {
1592ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1593ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1594ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1595ebfedea0SLionel Sambuc SSL_kDHr,
1596ebfedea0SLionel Sambuc SSL_aDH,
1597ebfedea0SLionel Sambuc SSL_CAMELLIA256,
1598ebfedea0SLionel Sambuc SSL_SHA1,
1599ebfedea0SLionel Sambuc SSL_TLSV1,
1600ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1601ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1602ebfedea0SLionel Sambuc 256,
1603ebfedea0SLionel Sambuc 256,
1604ebfedea0SLionel Sambuc },
1605ebfedea0SLionel Sambuc
1606ebfedea0SLionel Sambuc /* Cipher 87 */
1607ebfedea0SLionel Sambuc {
1608ebfedea0SLionel Sambuc 1,
1609ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1610ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1611ebfedea0SLionel Sambuc SSL_kEDH,
1612ebfedea0SLionel Sambuc SSL_aDSS,
1613ebfedea0SLionel Sambuc SSL_CAMELLIA256,
1614ebfedea0SLionel Sambuc SSL_SHA1,
1615ebfedea0SLionel Sambuc SSL_TLSV1,
1616ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1617ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618ebfedea0SLionel Sambuc 256,
1619ebfedea0SLionel Sambuc 256,
1620ebfedea0SLionel Sambuc },
1621ebfedea0SLionel Sambuc
1622ebfedea0SLionel Sambuc /* Cipher 88 */
1623ebfedea0SLionel Sambuc {
1624ebfedea0SLionel Sambuc 1,
1625ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1626ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1627ebfedea0SLionel Sambuc SSL_kEDH,
1628ebfedea0SLionel Sambuc SSL_aRSA,
1629ebfedea0SLionel Sambuc SSL_CAMELLIA256,
1630ebfedea0SLionel Sambuc SSL_SHA1,
1631ebfedea0SLionel Sambuc SSL_TLSV1,
1632ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1633ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1634ebfedea0SLionel Sambuc 256,
1635ebfedea0SLionel Sambuc 256,
1636ebfedea0SLionel Sambuc },
1637ebfedea0SLionel Sambuc
1638ebfedea0SLionel Sambuc /* Cipher 89 */
1639ebfedea0SLionel Sambuc {
1640ebfedea0SLionel Sambuc 1,
1641ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1642ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1643ebfedea0SLionel Sambuc SSL_kEDH,
1644ebfedea0SLionel Sambuc SSL_aNULL,
1645ebfedea0SLionel Sambuc SSL_CAMELLIA256,
1646ebfedea0SLionel Sambuc SSL_SHA1,
1647ebfedea0SLionel Sambuc SSL_TLSV1,
1648ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
1649ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1650ebfedea0SLionel Sambuc 256,
1651ebfedea0SLionel Sambuc 256,
1652ebfedea0SLionel Sambuc },
1653ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_CAMELLIA */
1654ebfedea0SLionel Sambuc
1655ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_PSK
1656ebfedea0SLionel Sambuc /* Cipher 8A */
1657ebfedea0SLionel Sambuc {
1658ebfedea0SLionel Sambuc 1,
1659ebfedea0SLionel Sambuc TLS1_TXT_PSK_WITH_RC4_128_SHA,
1660ebfedea0SLionel Sambuc TLS1_CK_PSK_WITH_RC4_128_SHA,
1661ebfedea0SLionel Sambuc SSL_kPSK,
1662ebfedea0SLionel Sambuc SSL_aPSK,
1663ebfedea0SLionel Sambuc SSL_RC4,
1664ebfedea0SLionel Sambuc SSL_SHA1,
1665ebfedea0SLionel Sambuc SSL_TLSV1,
1666ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1667ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1668ebfedea0SLionel Sambuc 128,
1669ebfedea0SLionel Sambuc 128,
1670ebfedea0SLionel Sambuc },
1671ebfedea0SLionel Sambuc
1672ebfedea0SLionel Sambuc /* Cipher 8B */
1673ebfedea0SLionel Sambuc {
1674ebfedea0SLionel Sambuc 1,
1675ebfedea0SLionel Sambuc TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1676ebfedea0SLionel Sambuc TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1677ebfedea0SLionel Sambuc SSL_kPSK,
1678ebfedea0SLionel Sambuc SSL_aPSK,
1679ebfedea0SLionel Sambuc SSL_3DES,
1680ebfedea0SLionel Sambuc SSL_SHA1,
1681ebfedea0SLionel Sambuc SSL_TLSV1,
1682*0a6a1f1dSLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1683ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1684*0a6a1f1dSLionel Sambuc 112,
1685ebfedea0SLionel Sambuc 168,
1686ebfedea0SLionel Sambuc },
1687ebfedea0SLionel Sambuc
1688ebfedea0SLionel Sambuc /* Cipher 8C */
1689ebfedea0SLionel Sambuc {
1690ebfedea0SLionel Sambuc 1,
1691ebfedea0SLionel Sambuc TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1692ebfedea0SLionel Sambuc TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1693ebfedea0SLionel Sambuc SSL_kPSK,
1694ebfedea0SLionel Sambuc SSL_aPSK,
1695ebfedea0SLionel Sambuc SSL_AES128,
1696ebfedea0SLionel Sambuc SSL_SHA1,
1697ebfedea0SLionel Sambuc SSL_TLSV1,
1698*0a6a1f1dSLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1699ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1700ebfedea0SLionel Sambuc 128,
1701ebfedea0SLionel Sambuc 128,
1702ebfedea0SLionel Sambuc },
1703ebfedea0SLionel Sambuc
1704ebfedea0SLionel Sambuc /* Cipher 8D */
1705ebfedea0SLionel Sambuc {
1706ebfedea0SLionel Sambuc 1,
1707ebfedea0SLionel Sambuc TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1708ebfedea0SLionel Sambuc TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1709ebfedea0SLionel Sambuc SSL_kPSK,
1710ebfedea0SLionel Sambuc SSL_aPSK,
1711ebfedea0SLionel Sambuc SSL_AES256,
1712ebfedea0SLionel Sambuc SSL_SHA1,
1713ebfedea0SLionel Sambuc SSL_TLSV1,
1714*0a6a1f1dSLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1715ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1716ebfedea0SLionel Sambuc 256,
1717ebfedea0SLionel Sambuc 256,
1718ebfedea0SLionel Sambuc },
1719ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_PSK */
1720ebfedea0SLionel Sambuc
1721ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_SEED
1722ebfedea0SLionel Sambuc /* SEED ciphersuites from RFC4162 */
1723ebfedea0SLionel Sambuc
1724ebfedea0SLionel Sambuc /* Cipher 96 */
1725ebfedea0SLionel Sambuc {
1726ebfedea0SLionel Sambuc 1,
1727ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_SEED_SHA,
1728ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_SEED_SHA,
1729ebfedea0SLionel Sambuc SSL_kRSA,
1730ebfedea0SLionel Sambuc SSL_aRSA,
1731ebfedea0SLionel Sambuc SSL_SEED,
1732ebfedea0SLionel Sambuc SSL_SHA1,
1733ebfedea0SLionel Sambuc SSL_TLSV1,
1734ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1735ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1736ebfedea0SLionel Sambuc 128,
1737ebfedea0SLionel Sambuc 128,
1738ebfedea0SLionel Sambuc },
1739ebfedea0SLionel Sambuc
1740ebfedea0SLionel Sambuc /* Cipher 97 */
1741ebfedea0SLionel Sambuc {
1742ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1743ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1744ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_SEED_SHA,
1745ebfedea0SLionel Sambuc SSL_kDHd,
1746ebfedea0SLionel Sambuc SSL_aDH,
1747ebfedea0SLionel Sambuc SSL_SEED,
1748ebfedea0SLionel Sambuc SSL_SHA1,
1749ebfedea0SLionel Sambuc SSL_TLSV1,
1750ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1751ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1752ebfedea0SLionel Sambuc 128,
1753ebfedea0SLionel Sambuc 128,
1754ebfedea0SLionel Sambuc },
1755ebfedea0SLionel Sambuc
1756ebfedea0SLionel Sambuc /* Cipher 98 */
1757ebfedea0SLionel Sambuc {
1758ebfedea0SLionel Sambuc 0, /* not implemented (non-ephemeral DH) */
1759ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1760ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_SEED_SHA,
1761ebfedea0SLionel Sambuc SSL_kDHr,
1762ebfedea0SLionel Sambuc SSL_aDH,
1763ebfedea0SLionel Sambuc SSL_SEED,
1764ebfedea0SLionel Sambuc SSL_SHA1,
1765ebfedea0SLionel Sambuc SSL_TLSV1,
1766ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1767ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1768ebfedea0SLionel Sambuc 128,
1769ebfedea0SLionel Sambuc 128,
1770ebfedea0SLionel Sambuc },
1771ebfedea0SLionel Sambuc
1772ebfedea0SLionel Sambuc /* Cipher 99 */
1773ebfedea0SLionel Sambuc {
1774ebfedea0SLionel Sambuc 1,
1775ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1776ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1777ebfedea0SLionel Sambuc SSL_kEDH,
1778ebfedea0SLionel Sambuc SSL_aDSS,
1779ebfedea0SLionel Sambuc SSL_SEED,
1780ebfedea0SLionel Sambuc SSL_SHA1,
1781ebfedea0SLionel Sambuc SSL_TLSV1,
1782ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1783ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1784ebfedea0SLionel Sambuc 128,
1785ebfedea0SLionel Sambuc 128,
1786ebfedea0SLionel Sambuc },
1787ebfedea0SLionel Sambuc
1788ebfedea0SLionel Sambuc /* Cipher 9A */
1789ebfedea0SLionel Sambuc {
1790ebfedea0SLionel Sambuc 1,
1791ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1792ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1793ebfedea0SLionel Sambuc SSL_kEDH,
1794ebfedea0SLionel Sambuc SSL_aRSA,
1795ebfedea0SLionel Sambuc SSL_SEED,
1796ebfedea0SLionel Sambuc SSL_SHA1,
1797ebfedea0SLionel Sambuc SSL_TLSV1,
1798ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1799ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1800ebfedea0SLionel Sambuc 128,
1801ebfedea0SLionel Sambuc 128,
1802ebfedea0SLionel Sambuc },
1803ebfedea0SLionel Sambuc
1804ebfedea0SLionel Sambuc /* Cipher 9B */
1805ebfedea0SLionel Sambuc {
1806ebfedea0SLionel Sambuc 1,
1807ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_SEED_SHA,
1808ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_SEED_SHA,
1809ebfedea0SLionel Sambuc SSL_kEDH,
1810ebfedea0SLionel Sambuc SSL_aNULL,
1811ebfedea0SLionel Sambuc SSL_SEED,
1812ebfedea0SLionel Sambuc SSL_SHA1,
1813ebfedea0SLionel Sambuc SSL_TLSV1,
1814ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
1815ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1816ebfedea0SLionel Sambuc 128,
1817ebfedea0SLionel Sambuc 128,
1818ebfedea0SLionel Sambuc },
1819ebfedea0SLionel Sambuc
1820ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_SEED */
1821ebfedea0SLionel Sambuc
1822ebfedea0SLionel Sambuc /* GCM ciphersuites from RFC5288 */
1823ebfedea0SLionel Sambuc
1824ebfedea0SLionel Sambuc /* Cipher 9C */
1825ebfedea0SLionel Sambuc {
1826ebfedea0SLionel Sambuc 1,
1827ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1828ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1829ebfedea0SLionel Sambuc SSL_kRSA,
1830ebfedea0SLionel Sambuc SSL_aRSA,
1831ebfedea0SLionel Sambuc SSL_AES128GCM,
1832ebfedea0SLionel Sambuc SSL_AEAD,
1833ebfedea0SLionel Sambuc SSL_TLSV1_2,
1834ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1835ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1836ebfedea0SLionel Sambuc 128,
1837ebfedea0SLionel Sambuc 128,
1838ebfedea0SLionel Sambuc },
1839ebfedea0SLionel Sambuc
1840ebfedea0SLionel Sambuc /* Cipher 9D */
1841ebfedea0SLionel Sambuc {
1842ebfedea0SLionel Sambuc 1,
1843ebfedea0SLionel Sambuc TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1844ebfedea0SLionel Sambuc TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1845ebfedea0SLionel Sambuc SSL_kRSA,
1846ebfedea0SLionel Sambuc SSL_aRSA,
1847ebfedea0SLionel Sambuc SSL_AES256GCM,
1848ebfedea0SLionel Sambuc SSL_AEAD,
1849ebfedea0SLionel Sambuc SSL_TLSV1_2,
1850ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1851ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1852ebfedea0SLionel Sambuc 256,
1853ebfedea0SLionel Sambuc 256,
1854ebfedea0SLionel Sambuc },
1855ebfedea0SLionel Sambuc
1856ebfedea0SLionel Sambuc /* Cipher 9E */
1857ebfedea0SLionel Sambuc {
1858ebfedea0SLionel Sambuc 1,
1859ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1860ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1861ebfedea0SLionel Sambuc SSL_kEDH,
1862ebfedea0SLionel Sambuc SSL_aRSA,
1863ebfedea0SLionel Sambuc SSL_AES128GCM,
1864ebfedea0SLionel Sambuc SSL_AEAD,
1865ebfedea0SLionel Sambuc SSL_TLSV1_2,
1866ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1867ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1868ebfedea0SLionel Sambuc 128,
1869ebfedea0SLionel Sambuc 128,
1870ebfedea0SLionel Sambuc },
1871ebfedea0SLionel Sambuc
1872ebfedea0SLionel Sambuc /* Cipher 9F */
1873ebfedea0SLionel Sambuc {
1874ebfedea0SLionel Sambuc 1,
1875ebfedea0SLionel Sambuc TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1876ebfedea0SLionel Sambuc TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1877ebfedea0SLionel Sambuc SSL_kEDH,
1878ebfedea0SLionel Sambuc SSL_aRSA,
1879ebfedea0SLionel Sambuc SSL_AES256GCM,
1880ebfedea0SLionel Sambuc SSL_AEAD,
1881ebfedea0SLionel Sambuc SSL_TLSV1_2,
1882ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1883ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1884ebfedea0SLionel Sambuc 256,
1885ebfedea0SLionel Sambuc 256,
1886ebfedea0SLionel Sambuc },
1887ebfedea0SLionel Sambuc
1888ebfedea0SLionel Sambuc /* Cipher A0 */
1889ebfedea0SLionel Sambuc {
1890ebfedea0SLionel Sambuc 0,
1891ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1892ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1893ebfedea0SLionel Sambuc SSL_kDHr,
1894ebfedea0SLionel Sambuc SSL_aDH,
1895ebfedea0SLionel Sambuc SSL_AES128GCM,
1896ebfedea0SLionel Sambuc SSL_AEAD,
1897ebfedea0SLionel Sambuc SSL_TLSV1_2,
1898ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1899ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1900ebfedea0SLionel Sambuc 128,
1901ebfedea0SLionel Sambuc 128,
1902ebfedea0SLionel Sambuc },
1903ebfedea0SLionel Sambuc
1904ebfedea0SLionel Sambuc /* Cipher A1 */
1905ebfedea0SLionel Sambuc {
1906ebfedea0SLionel Sambuc 0,
1907ebfedea0SLionel Sambuc TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1908ebfedea0SLionel Sambuc TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1909ebfedea0SLionel Sambuc SSL_kDHr,
1910ebfedea0SLionel Sambuc SSL_aDH,
1911ebfedea0SLionel Sambuc SSL_AES256GCM,
1912ebfedea0SLionel Sambuc SSL_AEAD,
1913ebfedea0SLionel Sambuc SSL_TLSV1_2,
1914ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1915ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1916ebfedea0SLionel Sambuc 256,
1917ebfedea0SLionel Sambuc 256,
1918ebfedea0SLionel Sambuc },
1919ebfedea0SLionel Sambuc
1920ebfedea0SLionel Sambuc /* Cipher A2 */
1921ebfedea0SLionel Sambuc {
1922ebfedea0SLionel Sambuc 1,
1923ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1924ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1925ebfedea0SLionel Sambuc SSL_kEDH,
1926ebfedea0SLionel Sambuc SSL_aDSS,
1927ebfedea0SLionel Sambuc SSL_AES128GCM,
1928ebfedea0SLionel Sambuc SSL_AEAD,
1929ebfedea0SLionel Sambuc SSL_TLSV1_2,
1930ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1931ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1932ebfedea0SLionel Sambuc 128,
1933ebfedea0SLionel Sambuc 128,
1934ebfedea0SLionel Sambuc },
1935ebfedea0SLionel Sambuc
1936ebfedea0SLionel Sambuc /* Cipher A3 */
1937ebfedea0SLionel Sambuc {
1938ebfedea0SLionel Sambuc 1,
1939ebfedea0SLionel Sambuc TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1940ebfedea0SLionel Sambuc TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1941ebfedea0SLionel Sambuc SSL_kEDH,
1942ebfedea0SLionel Sambuc SSL_aDSS,
1943ebfedea0SLionel Sambuc SSL_AES256GCM,
1944ebfedea0SLionel Sambuc SSL_AEAD,
1945ebfedea0SLionel Sambuc SSL_TLSV1_2,
1946ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1947ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1948ebfedea0SLionel Sambuc 256,
1949ebfedea0SLionel Sambuc 256,
1950ebfedea0SLionel Sambuc },
1951ebfedea0SLionel Sambuc
1952ebfedea0SLionel Sambuc /* Cipher A4 */
1953ebfedea0SLionel Sambuc {
1954ebfedea0SLionel Sambuc 0,
1955ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1956ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1957ebfedea0SLionel Sambuc SSL_kDHd,
1958ebfedea0SLionel Sambuc SSL_aDH,
1959ebfedea0SLionel Sambuc SSL_AES128GCM,
1960ebfedea0SLionel Sambuc SSL_AEAD,
1961ebfedea0SLionel Sambuc SSL_TLSV1_2,
1962ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1963ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1964ebfedea0SLionel Sambuc 128,
1965ebfedea0SLionel Sambuc 128,
1966ebfedea0SLionel Sambuc },
1967ebfedea0SLionel Sambuc
1968ebfedea0SLionel Sambuc /* Cipher A5 */
1969ebfedea0SLionel Sambuc {
1970ebfedea0SLionel Sambuc 0,
1971ebfedea0SLionel Sambuc TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1972ebfedea0SLionel Sambuc TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1973ebfedea0SLionel Sambuc SSL_kDHd,
1974ebfedea0SLionel Sambuc SSL_aDH,
1975ebfedea0SLionel Sambuc SSL_AES256GCM,
1976ebfedea0SLionel Sambuc SSL_AEAD,
1977ebfedea0SLionel Sambuc SSL_TLSV1_2,
1978ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1979ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1980ebfedea0SLionel Sambuc 256,
1981ebfedea0SLionel Sambuc 256,
1982ebfedea0SLionel Sambuc },
1983ebfedea0SLionel Sambuc
1984ebfedea0SLionel Sambuc /* Cipher A6 */
1985ebfedea0SLionel Sambuc {
1986ebfedea0SLionel Sambuc 1,
1987ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1988ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1989ebfedea0SLionel Sambuc SSL_kEDH,
1990ebfedea0SLionel Sambuc SSL_aNULL,
1991ebfedea0SLionel Sambuc SSL_AES128GCM,
1992ebfedea0SLionel Sambuc SSL_AEAD,
1993ebfedea0SLionel Sambuc SSL_TLSV1_2,
1994ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1995ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1996ebfedea0SLionel Sambuc 128,
1997ebfedea0SLionel Sambuc 128,
1998ebfedea0SLionel Sambuc },
1999ebfedea0SLionel Sambuc
2000ebfedea0SLionel Sambuc /* Cipher A7 */
2001ebfedea0SLionel Sambuc {
2002ebfedea0SLionel Sambuc 1,
2003ebfedea0SLionel Sambuc TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2004ebfedea0SLionel Sambuc TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2005ebfedea0SLionel Sambuc SSL_kEDH,
2006ebfedea0SLionel Sambuc SSL_aNULL,
2007ebfedea0SLionel Sambuc SSL_AES256GCM,
2008ebfedea0SLionel Sambuc SSL_AEAD,
2009ebfedea0SLionel Sambuc SSL_TLSV1_2,
2010ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2011ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2012ebfedea0SLionel Sambuc 256,
2013ebfedea0SLionel Sambuc 256,
2014ebfedea0SLionel Sambuc },
2015ebfedea0SLionel Sambuc
2016ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
2017ebfedea0SLionel Sambuc /* Cipher C001 */
2018ebfedea0SLionel Sambuc {
2019ebfedea0SLionel Sambuc 1,
2020ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2021ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2022ebfedea0SLionel Sambuc SSL_kECDHe,
2023ebfedea0SLionel Sambuc SSL_aECDH,
2024ebfedea0SLionel Sambuc SSL_eNULL,
2025ebfedea0SLionel Sambuc SSL_SHA1,
2026ebfedea0SLionel Sambuc SSL_TLSV1,
2027ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2028ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2029ebfedea0SLionel Sambuc 0,
2030ebfedea0SLionel Sambuc 0,
2031ebfedea0SLionel Sambuc },
2032ebfedea0SLionel Sambuc
2033ebfedea0SLionel Sambuc /* Cipher C002 */
2034ebfedea0SLionel Sambuc {
2035ebfedea0SLionel Sambuc 1,
2036ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2037ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2038ebfedea0SLionel Sambuc SSL_kECDHe,
2039ebfedea0SLionel Sambuc SSL_aECDH,
2040ebfedea0SLionel Sambuc SSL_RC4,
2041ebfedea0SLionel Sambuc SSL_SHA1,
2042ebfedea0SLionel Sambuc SSL_TLSV1,
2043ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
2044ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2045ebfedea0SLionel Sambuc 128,
2046ebfedea0SLionel Sambuc 128,
2047ebfedea0SLionel Sambuc },
2048ebfedea0SLionel Sambuc
2049ebfedea0SLionel Sambuc /* Cipher C003 */
2050ebfedea0SLionel Sambuc {
2051ebfedea0SLionel Sambuc 1,
2052ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2053ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2054ebfedea0SLionel Sambuc SSL_kECDHe,
2055ebfedea0SLionel Sambuc SSL_aECDH,
2056ebfedea0SLionel Sambuc SSL_3DES,
2057ebfedea0SLionel Sambuc SSL_SHA1,
2058ebfedea0SLionel Sambuc SSL_TLSV1,
2059ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2060ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2061*0a6a1f1dSLionel Sambuc 112,
2062ebfedea0SLionel Sambuc 168,
2063ebfedea0SLionel Sambuc },
2064ebfedea0SLionel Sambuc
2065ebfedea0SLionel Sambuc /* Cipher C004 */
2066ebfedea0SLionel Sambuc {
2067ebfedea0SLionel Sambuc 1,
2068ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2069ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2070ebfedea0SLionel Sambuc SSL_kECDHe,
2071ebfedea0SLionel Sambuc SSL_aECDH,
2072ebfedea0SLionel Sambuc SSL_AES128,
2073ebfedea0SLionel Sambuc SSL_SHA1,
2074ebfedea0SLionel Sambuc SSL_TLSV1,
2075ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2076ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2077ebfedea0SLionel Sambuc 128,
2078ebfedea0SLionel Sambuc 128,
2079ebfedea0SLionel Sambuc },
2080ebfedea0SLionel Sambuc
2081ebfedea0SLionel Sambuc /* Cipher C005 */
2082ebfedea0SLionel Sambuc {
2083ebfedea0SLionel Sambuc 1,
2084ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2085ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2086ebfedea0SLionel Sambuc SSL_kECDHe,
2087ebfedea0SLionel Sambuc SSL_aECDH,
2088ebfedea0SLionel Sambuc SSL_AES256,
2089ebfedea0SLionel Sambuc SSL_SHA1,
2090ebfedea0SLionel Sambuc SSL_TLSV1,
2091ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2092ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2093ebfedea0SLionel Sambuc 256,
2094ebfedea0SLionel Sambuc 256,
2095ebfedea0SLionel Sambuc },
2096ebfedea0SLionel Sambuc
2097ebfedea0SLionel Sambuc /* Cipher C006 */
2098ebfedea0SLionel Sambuc {
2099ebfedea0SLionel Sambuc 1,
2100ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2101ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2102ebfedea0SLionel Sambuc SSL_kEECDH,
2103ebfedea0SLionel Sambuc SSL_aECDSA,
2104ebfedea0SLionel Sambuc SSL_eNULL,
2105ebfedea0SLionel Sambuc SSL_SHA1,
2106ebfedea0SLionel Sambuc SSL_TLSV1,
2107ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2108ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2109ebfedea0SLionel Sambuc 0,
2110ebfedea0SLionel Sambuc 0,
2111ebfedea0SLionel Sambuc },
2112ebfedea0SLionel Sambuc
2113ebfedea0SLionel Sambuc /* Cipher C007 */
2114ebfedea0SLionel Sambuc {
2115ebfedea0SLionel Sambuc 1,
2116ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2117ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2118ebfedea0SLionel Sambuc SSL_kEECDH,
2119ebfedea0SLionel Sambuc SSL_aECDSA,
2120ebfedea0SLionel Sambuc SSL_RC4,
2121ebfedea0SLionel Sambuc SSL_SHA1,
2122ebfedea0SLionel Sambuc SSL_TLSV1,
2123ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
2124ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2125ebfedea0SLionel Sambuc 128,
2126ebfedea0SLionel Sambuc 128,
2127ebfedea0SLionel Sambuc },
2128ebfedea0SLionel Sambuc
2129ebfedea0SLionel Sambuc /* Cipher C008 */
2130ebfedea0SLionel Sambuc {
2131ebfedea0SLionel Sambuc 1,
2132ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2133ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2134ebfedea0SLionel Sambuc SSL_kEECDH,
2135ebfedea0SLionel Sambuc SSL_aECDSA,
2136ebfedea0SLionel Sambuc SSL_3DES,
2137ebfedea0SLionel Sambuc SSL_SHA1,
2138ebfedea0SLionel Sambuc SSL_TLSV1,
2139ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2140ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2141*0a6a1f1dSLionel Sambuc 112,
2142ebfedea0SLionel Sambuc 168,
2143ebfedea0SLionel Sambuc },
2144ebfedea0SLionel Sambuc
2145ebfedea0SLionel Sambuc /* Cipher C009 */
2146ebfedea0SLionel Sambuc {
2147ebfedea0SLionel Sambuc 1,
2148ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2149ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2150ebfedea0SLionel Sambuc SSL_kEECDH,
2151ebfedea0SLionel Sambuc SSL_aECDSA,
2152ebfedea0SLionel Sambuc SSL_AES128,
2153ebfedea0SLionel Sambuc SSL_SHA1,
2154ebfedea0SLionel Sambuc SSL_TLSV1,
2155ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2156ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2157ebfedea0SLionel Sambuc 128,
2158ebfedea0SLionel Sambuc 128,
2159ebfedea0SLionel Sambuc },
2160ebfedea0SLionel Sambuc
2161ebfedea0SLionel Sambuc /* Cipher C00A */
2162ebfedea0SLionel Sambuc {
2163ebfedea0SLionel Sambuc 1,
2164ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2165ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2166ebfedea0SLionel Sambuc SSL_kEECDH,
2167ebfedea0SLionel Sambuc SSL_aECDSA,
2168ebfedea0SLionel Sambuc SSL_AES256,
2169ebfedea0SLionel Sambuc SSL_SHA1,
2170ebfedea0SLionel Sambuc SSL_TLSV1,
2171ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2172ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2173ebfedea0SLionel Sambuc 256,
2174ebfedea0SLionel Sambuc 256,
2175ebfedea0SLionel Sambuc },
2176ebfedea0SLionel Sambuc
2177ebfedea0SLionel Sambuc /* Cipher C00B */
2178ebfedea0SLionel Sambuc {
2179ebfedea0SLionel Sambuc 1,
2180ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2181ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2182ebfedea0SLionel Sambuc SSL_kECDHr,
2183ebfedea0SLionel Sambuc SSL_aECDH,
2184ebfedea0SLionel Sambuc SSL_eNULL,
2185ebfedea0SLionel Sambuc SSL_SHA1,
2186ebfedea0SLionel Sambuc SSL_TLSV1,
2187ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2188ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2189ebfedea0SLionel Sambuc 0,
2190ebfedea0SLionel Sambuc 0,
2191ebfedea0SLionel Sambuc },
2192ebfedea0SLionel Sambuc
2193ebfedea0SLionel Sambuc /* Cipher C00C */
2194ebfedea0SLionel Sambuc {
2195ebfedea0SLionel Sambuc 1,
2196ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2197ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2198ebfedea0SLionel Sambuc SSL_kECDHr,
2199ebfedea0SLionel Sambuc SSL_aECDH,
2200ebfedea0SLionel Sambuc SSL_RC4,
2201ebfedea0SLionel Sambuc SSL_SHA1,
2202ebfedea0SLionel Sambuc SSL_TLSV1,
2203ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
2204ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2205ebfedea0SLionel Sambuc 128,
2206ebfedea0SLionel Sambuc 128,
2207ebfedea0SLionel Sambuc },
2208ebfedea0SLionel Sambuc
2209ebfedea0SLionel Sambuc /* Cipher C00D */
2210ebfedea0SLionel Sambuc {
2211ebfedea0SLionel Sambuc 1,
2212ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2213ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2214ebfedea0SLionel Sambuc SSL_kECDHr,
2215ebfedea0SLionel Sambuc SSL_aECDH,
2216ebfedea0SLionel Sambuc SSL_3DES,
2217ebfedea0SLionel Sambuc SSL_SHA1,
2218ebfedea0SLionel Sambuc SSL_TLSV1,
2219ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2220ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2221*0a6a1f1dSLionel Sambuc 112,
2222ebfedea0SLionel Sambuc 168,
2223ebfedea0SLionel Sambuc },
2224ebfedea0SLionel Sambuc
2225ebfedea0SLionel Sambuc /* Cipher C00E */
2226ebfedea0SLionel Sambuc {
2227ebfedea0SLionel Sambuc 1,
2228ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2229ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2230ebfedea0SLionel Sambuc SSL_kECDHr,
2231ebfedea0SLionel Sambuc SSL_aECDH,
2232ebfedea0SLionel Sambuc SSL_AES128,
2233ebfedea0SLionel Sambuc SSL_SHA1,
2234ebfedea0SLionel Sambuc SSL_TLSV1,
2235ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2236ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2237ebfedea0SLionel Sambuc 128,
2238ebfedea0SLionel Sambuc 128,
2239ebfedea0SLionel Sambuc },
2240ebfedea0SLionel Sambuc
2241ebfedea0SLionel Sambuc /* Cipher C00F */
2242ebfedea0SLionel Sambuc {
2243ebfedea0SLionel Sambuc 1,
2244ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2245ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2246ebfedea0SLionel Sambuc SSL_kECDHr,
2247ebfedea0SLionel Sambuc SSL_aECDH,
2248ebfedea0SLionel Sambuc SSL_AES256,
2249ebfedea0SLionel Sambuc SSL_SHA1,
2250ebfedea0SLionel Sambuc SSL_TLSV1,
2251ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2252ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2253ebfedea0SLionel Sambuc 256,
2254ebfedea0SLionel Sambuc 256,
2255ebfedea0SLionel Sambuc },
2256ebfedea0SLionel Sambuc
2257ebfedea0SLionel Sambuc /* Cipher C010 */
2258ebfedea0SLionel Sambuc {
2259ebfedea0SLionel Sambuc 1,
2260ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2261ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2262ebfedea0SLionel Sambuc SSL_kEECDH,
2263ebfedea0SLionel Sambuc SSL_aRSA,
2264ebfedea0SLionel Sambuc SSL_eNULL,
2265ebfedea0SLionel Sambuc SSL_SHA1,
2266ebfedea0SLionel Sambuc SSL_TLSV1,
2267ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2268ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2269ebfedea0SLionel Sambuc 0,
2270ebfedea0SLionel Sambuc 0,
2271ebfedea0SLionel Sambuc },
2272ebfedea0SLionel Sambuc
2273ebfedea0SLionel Sambuc /* Cipher C011 */
2274ebfedea0SLionel Sambuc {
2275ebfedea0SLionel Sambuc 1,
2276ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2277ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2278ebfedea0SLionel Sambuc SSL_kEECDH,
2279ebfedea0SLionel Sambuc SSL_aRSA,
2280ebfedea0SLionel Sambuc SSL_RC4,
2281ebfedea0SLionel Sambuc SSL_SHA1,
2282ebfedea0SLionel Sambuc SSL_TLSV1,
2283ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
2284ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2285ebfedea0SLionel Sambuc 128,
2286ebfedea0SLionel Sambuc 128,
2287ebfedea0SLionel Sambuc },
2288ebfedea0SLionel Sambuc
2289ebfedea0SLionel Sambuc /* Cipher C012 */
2290ebfedea0SLionel Sambuc {
2291ebfedea0SLionel Sambuc 1,
2292ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2293ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2294ebfedea0SLionel Sambuc SSL_kEECDH,
2295ebfedea0SLionel Sambuc SSL_aRSA,
2296ebfedea0SLionel Sambuc SSL_3DES,
2297ebfedea0SLionel Sambuc SSL_SHA1,
2298ebfedea0SLionel Sambuc SSL_TLSV1,
2299ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2300ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2301*0a6a1f1dSLionel Sambuc 112,
2302ebfedea0SLionel Sambuc 168,
2303ebfedea0SLionel Sambuc },
2304ebfedea0SLionel Sambuc
2305ebfedea0SLionel Sambuc /* Cipher C013 */
2306ebfedea0SLionel Sambuc {
2307ebfedea0SLionel Sambuc 1,
2308ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2309ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2310ebfedea0SLionel Sambuc SSL_kEECDH,
2311ebfedea0SLionel Sambuc SSL_aRSA,
2312ebfedea0SLionel Sambuc SSL_AES128,
2313ebfedea0SLionel Sambuc SSL_SHA1,
2314ebfedea0SLionel Sambuc SSL_TLSV1,
2315ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2316ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2317ebfedea0SLionel Sambuc 128,
2318ebfedea0SLionel Sambuc 128,
2319ebfedea0SLionel Sambuc },
2320ebfedea0SLionel Sambuc
2321ebfedea0SLionel Sambuc /* Cipher C014 */
2322ebfedea0SLionel Sambuc {
2323ebfedea0SLionel Sambuc 1,
2324ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2325ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2326ebfedea0SLionel Sambuc SSL_kEECDH,
2327ebfedea0SLionel Sambuc SSL_aRSA,
2328ebfedea0SLionel Sambuc SSL_AES256,
2329ebfedea0SLionel Sambuc SSL_SHA1,
2330ebfedea0SLionel Sambuc SSL_TLSV1,
2331ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2332ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2333ebfedea0SLionel Sambuc 256,
2334ebfedea0SLionel Sambuc 256,
2335ebfedea0SLionel Sambuc },
2336ebfedea0SLionel Sambuc
2337ebfedea0SLionel Sambuc /* Cipher C015 */
2338ebfedea0SLionel Sambuc {
2339ebfedea0SLionel Sambuc 1,
2340ebfedea0SLionel Sambuc TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2341ebfedea0SLionel Sambuc TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2342ebfedea0SLionel Sambuc SSL_kEECDH,
2343ebfedea0SLionel Sambuc SSL_aNULL,
2344ebfedea0SLionel Sambuc SSL_eNULL,
2345ebfedea0SLionel Sambuc SSL_SHA1,
2346ebfedea0SLionel Sambuc SSL_TLSV1,
2347ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2348ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2349ebfedea0SLionel Sambuc 0,
2350ebfedea0SLionel Sambuc 0,
2351ebfedea0SLionel Sambuc },
2352ebfedea0SLionel Sambuc
2353ebfedea0SLionel Sambuc /* Cipher C016 */
2354ebfedea0SLionel Sambuc {
2355ebfedea0SLionel Sambuc 1,
2356ebfedea0SLionel Sambuc TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2357ebfedea0SLionel Sambuc TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2358ebfedea0SLionel Sambuc SSL_kEECDH,
2359ebfedea0SLionel Sambuc SSL_aNULL,
2360ebfedea0SLionel Sambuc SSL_RC4,
2361ebfedea0SLionel Sambuc SSL_SHA1,
2362ebfedea0SLionel Sambuc SSL_TLSV1,
2363ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_MEDIUM,
2364ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2365ebfedea0SLionel Sambuc 128,
2366ebfedea0SLionel Sambuc 128,
2367ebfedea0SLionel Sambuc },
2368ebfedea0SLionel Sambuc
2369ebfedea0SLionel Sambuc /* Cipher C017 */
2370ebfedea0SLionel Sambuc {
2371ebfedea0SLionel Sambuc 1,
2372ebfedea0SLionel Sambuc TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2373ebfedea0SLionel Sambuc TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2374ebfedea0SLionel Sambuc SSL_kEECDH,
2375ebfedea0SLionel Sambuc SSL_aNULL,
2376ebfedea0SLionel Sambuc SSL_3DES,
2377ebfedea0SLionel Sambuc SSL_SHA1,
2378ebfedea0SLionel Sambuc SSL_TLSV1,
2379ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2380ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2381*0a6a1f1dSLionel Sambuc 112,
2382ebfedea0SLionel Sambuc 168,
2383ebfedea0SLionel Sambuc },
2384ebfedea0SLionel Sambuc
2385ebfedea0SLionel Sambuc /* Cipher C018 */
2386ebfedea0SLionel Sambuc {
2387ebfedea0SLionel Sambuc 1,
2388ebfedea0SLionel Sambuc TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2389ebfedea0SLionel Sambuc TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2390ebfedea0SLionel Sambuc SSL_kEECDH,
2391ebfedea0SLionel Sambuc SSL_aNULL,
2392ebfedea0SLionel Sambuc SSL_AES128,
2393ebfedea0SLionel Sambuc SSL_SHA1,
2394ebfedea0SLionel Sambuc SSL_TLSV1,
2395ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2396ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2397ebfedea0SLionel Sambuc 128,
2398ebfedea0SLionel Sambuc 128,
2399ebfedea0SLionel Sambuc },
2400ebfedea0SLionel Sambuc
2401ebfedea0SLionel Sambuc /* Cipher C019 */
2402ebfedea0SLionel Sambuc {
2403ebfedea0SLionel Sambuc 1,
2404ebfedea0SLionel Sambuc TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2405ebfedea0SLionel Sambuc TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2406ebfedea0SLionel Sambuc SSL_kEECDH,
2407ebfedea0SLionel Sambuc SSL_aNULL,
2408ebfedea0SLionel Sambuc SSL_AES256,
2409ebfedea0SLionel Sambuc SSL_SHA1,
2410ebfedea0SLionel Sambuc SSL_TLSV1,
2411ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2412ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2413ebfedea0SLionel Sambuc 256,
2414ebfedea0SLionel Sambuc 256,
2415ebfedea0SLionel Sambuc },
2416ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_ECDH */
2417ebfedea0SLionel Sambuc
2418ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_SRP
2419ebfedea0SLionel Sambuc /* Cipher C01A */
2420ebfedea0SLionel Sambuc {
2421ebfedea0SLionel Sambuc 1,
2422ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2423ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2424ebfedea0SLionel Sambuc SSL_kSRP,
2425*0a6a1f1dSLionel Sambuc SSL_aSRP,
2426ebfedea0SLionel Sambuc SSL_3DES,
2427ebfedea0SLionel Sambuc SSL_SHA1,
2428ebfedea0SLionel Sambuc SSL_TLSV1,
2429ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2430ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2431*0a6a1f1dSLionel Sambuc 112,
2432ebfedea0SLionel Sambuc 168,
2433ebfedea0SLionel Sambuc },
2434ebfedea0SLionel Sambuc
2435ebfedea0SLionel Sambuc /* Cipher C01B */
2436ebfedea0SLionel Sambuc {
2437ebfedea0SLionel Sambuc 1,
2438ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2439ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2440ebfedea0SLionel Sambuc SSL_kSRP,
2441ebfedea0SLionel Sambuc SSL_aRSA,
2442ebfedea0SLionel Sambuc SSL_3DES,
2443ebfedea0SLionel Sambuc SSL_SHA1,
2444ebfedea0SLionel Sambuc SSL_TLSV1,
2445ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2446ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2447*0a6a1f1dSLionel Sambuc 112,
2448ebfedea0SLionel Sambuc 168,
2449ebfedea0SLionel Sambuc },
2450ebfedea0SLionel Sambuc
2451ebfedea0SLionel Sambuc /* Cipher C01C */
2452ebfedea0SLionel Sambuc {
2453ebfedea0SLionel Sambuc 1,
2454ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2455ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2456ebfedea0SLionel Sambuc SSL_kSRP,
2457ebfedea0SLionel Sambuc SSL_aDSS,
2458ebfedea0SLionel Sambuc SSL_3DES,
2459ebfedea0SLionel Sambuc SSL_SHA1,
2460ebfedea0SLionel Sambuc SSL_TLSV1,
2461ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2462ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2463*0a6a1f1dSLionel Sambuc 112,
2464ebfedea0SLionel Sambuc 168,
2465ebfedea0SLionel Sambuc },
2466ebfedea0SLionel Sambuc
2467ebfedea0SLionel Sambuc /* Cipher C01D */
2468ebfedea0SLionel Sambuc {
2469ebfedea0SLionel Sambuc 1,
2470ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2471ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2472ebfedea0SLionel Sambuc SSL_kSRP,
2473*0a6a1f1dSLionel Sambuc SSL_aSRP,
2474ebfedea0SLionel Sambuc SSL_AES128,
2475ebfedea0SLionel Sambuc SSL_SHA1,
2476ebfedea0SLionel Sambuc SSL_TLSV1,
2477ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2478ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2479ebfedea0SLionel Sambuc 128,
2480ebfedea0SLionel Sambuc 128,
2481ebfedea0SLionel Sambuc },
2482ebfedea0SLionel Sambuc
2483ebfedea0SLionel Sambuc /* Cipher C01E */
2484ebfedea0SLionel Sambuc {
2485ebfedea0SLionel Sambuc 1,
2486ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2487ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2488ebfedea0SLionel Sambuc SSL_kSRP,
2489ebfedea0SLionel Sambuc SSL_aRSA,
2490ebfedea0SLionel Sambuc SSL_AES128,
2491ebfedea0SLionel Sambuc SSL_SHA1,
2492ebfedea0SLionel Sambuc SSL_TLSV1,
2493ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2494ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2495ebfedea0SLionel Sambuc 128,
2496ebfedea0SLionel Sambuc 128,
2497ebfedea0SLionel Sambuc },
2498ebfedea0SLionel Sambuc
2499ebfedea0SLionel Sambuc /* Cipher C01F */
2500ebfedea0SLionel Sambuc {
2501ebfedea0SLionel Sambuc 1,
2502ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2503ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2504ebfedea0SLionel Sambuc SSL_kSRP,
2505ebfedea0SLionel Sambuc SSL_aDSS,
2506ebfedea0SLionel Sambuc SSL_AES128,
2507ebfedea0SLionel Sambuc SSL_SHA1,
2508ebfedea0SLionel Sambuc SSL_TLSV1,
2509ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2510ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2511ebfedea0SLionel Sambuc 128,
2512ebfedea0SLionel Sambuc 128,
2513ebfedea0SLionel Sambuc },
2514ebfedea0SLionel Sambuc
2515ebfedea0SLionel Sambuc /* Cipher C020 */
2516ebfedea0SLionel Sambuc {
2517ebfedea0SLionel Sambuc 1,
2518ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2519ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2520ebfedea0SLionel Sambuc SSL_kSRP,
2521*0a6a1f1dSLionel Sambuc SSL_aSRP,
2522ebfedea0SLionel Sambuc SSL_AES256,
2523ebfedea0SLionel Sambuc SSL_SHA1,
2524ebfedea0SLionel Sambuc SSL_TLSV1,
2525ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2526ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2527ebfedea0SLionel Sambuc 256,
2528ebfedea0SLionel Sambuc 256,
2529ebfedea0SLionel Sambuc },
2530ebfedea0SLionel Sambuc
2531ebfedea0SLionel Sambuc /* Cipher C021 */
2532ebfedea0SLionel Sambuc {
2533ebfedea0SLionel Sambuc 1,
2534ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2535ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2536ebfedea0SLionel Sambuc SSL_kSRP,
2537ebfedea0SLionel Sambuc SSL_aRSA,
2538ebfedea0SLionel Sambuc SSL_AES256,
2539ebfedea0SLionel Sambuc SSL_SHA1,
2540ebfedea0SLionel Sambuc SSL_TLSV1,
2541ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2542ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2543ebfedea0SLionel Sambuc 256,
2544ebfedea0SLionel Sambuc 256,
2545ebfedea0SLionel Sambuc },
2546ebfedea0SLionel Sambuc
2547ebfedea0SLionel Sambuc /* Cipher C022 */
2548ebfedea0SLionel Sambuc {
2549ebfedea0SLionel Sambuc 1,
2550ebfedea0SLionel Sambuc TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2551ebfedea0SLionel Sambuc TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2552ebfedea0SLionel Sambuc SSL_kSRP,
2553ebfedea0SLionel Sambuc SSL_aDSS,
2554ebfedea0SLionel Sambuc SSL_AES256,
2555ebfedea0SLionel Sambuc SSL_SHA1,
2556ebfedea0SLionel Sambuc SSL_TLSV1,
2557ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2558ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2559ebfedea0SLionel Sambuc 256,
2560ebfedea0SLionel Sambuc 256,
2561ebfedea0SLionel Sambuc },
2562ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_SRP */
2563ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
2564ebfedea0SLionel Sambuc
2565ebfedea0SLionel Sambuc /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2566ebfedea0SLionel Sambuc
2567ebfedea0SLionel Sambuc /* Cipher C023 */
2568ebfedea0SLionel Sambuc {
2569ebfedea0SLionel Sambuc 1,
2570ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2571ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2572ebfedea0SLionel Sambuc SSL_kEECDH,
2573ebfedea0SLionel Sambuc SSL_aECDSA,
2574ebfedea0SLionel Sambuc SSL_AES128,
2575ebfedea0SLionel Sambuc SSL_SHA256,
2576ebfedea0SLionel Sambuc SSL_TLSV1_2,
2577ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2578ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2579ebfedea0SLionel Sambuc 128,
2580ebfedea0SLionel Sambuc 128,
2581ebfedea0SLionel Sambuc },
2582ebfedea0SLionel Sambuc
2583ebfedea0SLionel Sambuc /* Cipher C024 */
2584ebfedea0SLionel Sambuc {
2585ebfedea0SLionel Sambuc 1,
2586ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2587ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2588ebfedea0SLionel Sambuc SSL_kEECDH,
2589ebfedea0SLionel Sambuc SSL_aECDSA,
2590ebfedea0SLionel Sambuc SSL_AES256,
2591ebfedea0SLionel Sambuc SSL_SHA384,
2592ebfedea0SLionel Sambuc SSL_TLSV1_2,
2593ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2594ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2595ebfedea0SLionel Sambuc 256,
2596ebfedea0SLionel Sambuc 256,
2597ebfedea0SLionel Sambuc },
2598ebfedea0SLionel Sambuc
2599ebfedea0SLionel Sambuc /* Cipher C025 */
2600ebfedea0SLionel Sambuc {
2601ebfedea0SLionel Sambuc 1,
2602ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2603ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2604ebfedea0SLionel Sambuc SSL_kECDHe,
2605ebfedea0SLionel Sambuc SSL_aECDH,
2606ebfedea0SLionel Sambuc SSL_AES128,
2607ebfedea0SLionel Sambuc SSL_SHA256,
2608ebfedea0SLionel Sambuc SSL_TLSV1_2,
2609ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2610ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2611ebfedea0SLionel Sambuc 128,
2612ebfedea0SLionel Sambuc 128,
2613ebfedea0SLionel Sambuc },
2614ebfedea0SLionel Sambuc
2615ebfedea0SLionel Sambuc /* Cipher C026 */
2616ebfedea0SLionel Sambuc {
2617ebfedea0SLionel Sambuc 1,
2618ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2619ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2620ebfedea0SLionel Sambuc SSL_kECDHe,
2621ebfedea0SLionel Sambuc SSL_aECDH,
2622ebfedea0SLionel Sambuc SSL_AES256,
2623ebfedea0SLionel Sambuc SSL_SHA384,
2624ebfedea0SLionel Sambuc SSL_TLSV1_2,
2625ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2626ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2627ebfedea0SLionel Sambuc 256,
2628ebfedea0SLionel Sambuc 256,
2629ebfedea0SLionel Sambuc },
2630ebfedea0SLionel Sambuc
2631ebfedea0SLionel Sambuc /* Cipher C027 */
2632ebfedea0SLionel Sambuc {
2633ebfedea0SLionel Sambuc 1,
2634ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2635ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2636ebfedea0SLionel Sambuc SSL_kEECDH,
2637ebfedea0SLionel Sambuc SSL_aRSA,
2638ebfedea0SLionel Sambuc SSL_AES128,
2639ebfedea0SLionel Sambuc SSL_SHA256,
2640ebfedea0SLionel Sambuc SSL_TLSV1_2,
2641ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2642ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2643ebfedea0SLionel Sambuc 128,
2644ebfedea0SLionel Sambuc 128,
2645ebfedea0SLionel Sambuc },
2646ebfedea0SLionel Sambuc
2647ebfedea0SLionel Sambuc /* Cipher C028 */
2648ebfedea0SLionel Sambuc {
2649ebfedea0SLionel Sambuc 1,
2650ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2651ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2652ebfedea0SLionel Sambuc SSL_kEECDH,
2653ebfedea0SLionel Sambuc SSL_aRSA,
2654ebfedea0SLionel Sambuc SSL_AES256,
2655ebfedea0SLionel Sambuc SSL_SHA384,
2656ebfedea0SLionel Sambuc SSL_TLSV1_2,
2657ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2658ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2659ebfedea0SLionel Sambuc 256,
2660ebfedea0SLionel Sambuc 256,
2661ebfedea0SLionel Sambuc },
2662ebfedea0SLionel Sambuc
2663ebfedea0SLionel Sambuc /* Cipher C029 */
2664ebfedea0SLionel Sambuc {
2665ebfedea0SLionel Sambuc 1,
2666ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2667ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2668ebfedea0SLionel Sambuc SSL_kECDHr,
2669ebfedea0SLionel Sambuc SSL_aECDH,
2670ebfedea0SLionel Sambuc SSL_AES128,
2671ebfedea0SLionel Sambuc SSL_SHA256,
2672ebfedea0SLionel Sambuc SSL_TLSV1_2,
2673ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2674ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2675ebfedea0SLionel Sambuc 128,
2676ebfedea0SLionel Sambuc 128,
2677ebfedea0SLionel Sambuc },
2678ebfedea0SLionel Sambuc
2679ebfedea0SLionel Sambuc /* Cipher C02A */
2680ebfedea0SLionel Sambuc {
2681ebfedea0SLionel Sambuc 1,
2682ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2683ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2684ebfedea0SLionel Sambuc SSL_kECDHr,
2685ebfedea0SLionel Sambuc SSL_aECDH,
2686ebfedea0SLionel Sambuc SSL_AES256,
2687ebfedea0SLionel Sambuc SSL_SHA384,
2688ebfedea0SLionel Sambuc SSL_TLSV1_2,
2689ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2690ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2691ebfedea0SLionel Sambuc 256,
2692ebfedea0SLionel Sambuc 256,
2693ebfedea0SLionel Sambuc },
2694ebfedea0SLionel Sambuc
2695ebfedea0SLionel Sambuc /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2696ebfedea0SLionel Sambuc
2697ebfedea0SLionel Sambuc /* Cipher C02B */
2698ebfedea0SLionel Sambuc {
2699ebfedea0SLionel Sambuc 1,
2700ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2701ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2702ebfedea0SLionel Sambuc SSL_kEECDH,
2703ebfedea0SLionel Sambuc SSL_aECDSA,
2704ebfedea0SLionel Sambuc SSL_AES128GCM,
2705ebfedea0SLionel Sambuc SSL_AEAD,
2706ebfedea0SLionel Sambuc SSL_TLSV1_2,
2707ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2708ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2709ebfedea0SLionel Sambuc 128,
2710ebfedea0SLionel Sambuc 128,
2711ebfedea0SLionel Sambuc },
2712ebfedea0SLionel Sambuc
2713ebfedea0SLionel Sambuc /* Cipher C02C */
2714ebfedea0SLionel Sambuc {
2715ebfedea0SLionel Sambuc 1,
2716ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2717ebfedea0SLionel Sambuc TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2718ebfedea0SLionel Sambuc SSL_kEECDH,
2719ebfedea0SLionel Sambuc SSL_aECDSA,
2720ebfedea0SLionel Sambuc SSL_AES256GCM,
2721ebfedea0SLionel Sambuc SSL_AEAD,
2722ebfedea0SLionel Sambuc SSL_TLSV1_2,
2723ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2724ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2725ebfedea0SLionel Sambuc 256,
2726ebfedea0SLionel Sambuc 256,
2727ebfedea0SLionel Sambuc },
2728ebfedea0SLionel Sambuc
2729ebfedea0SLionel Sambuc /* Cipher C02D */
2730ebfedea0SLionel Sambuc {
2731ebfedea0SLionel Sambuc 1,
2732ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2733ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2734ebfedea0SLionel Sambuc SSL_kECDHe,
2735ebfedea0SLionel Sambuc SSL_aECDH,
2736ebfedea0SLionel Sambuc SSL_AES128GCM,
2737ebfedea0SLionel Sambuc SSL_AEAD,
2738ebfedea0SLionel Sambuc SSL_TLSV1_2,
2739ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2740ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2741ebfedea0SLionel Sambuc 128,
2742ebfedea0SLionel Sambuc 128,
2743ebfedea0SLionel Sambuc },
2744ebfedea0SLionel Sambuc
2745ebfedea0SLionel Sambuc /* Cipher C02E */
2746ebfedea0SLionel Sambuc {
2747ebfedea0SLionel Sambuc 1,
2748ebfedea0SLionel Sambuc TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2749ebfedea0SLionel Sambuc TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2750ebfedea0SLionel Sambuc SSL_kECDHe,
2751ebfedea0SLionel Sambuc SSL_aECDH,
2752ebfedea0SLionel Sambuc SSL_AES256GCM,
2753ebfedea0SLionel Sambuc SSL_AEAD,
2754ebfedea0SLionel Sambuc SSL_TLSV1_2,
2755ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2756ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2757ebfedea0SLionel Sambuc 256,
2758ebfedea0SLionel Sambuc 256,
2759ebfedea0SLionel Sambuc },
2760ebfedea0SLionel Sambuc
2761ebfedea0SLionel Sambuc /* Cipher C02F */
2762ebfedea0SLionel Sambuc {
2763ebfedea0SLionel Sambuc 1,
2764ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2765ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2766ebfedea0SLionel Sambuc SSL_kEECDH,
2767ebfedea0SLionel Sambuc SSL_aRSA,
2768ebfedea0SLionel Sambuc SSL_AES128GCM,
2769ebfedea0SLionel Sambuc SSL_AEAD,
2770ebfedea0SLionel Sambuc SSL_TLSV1_2,
2771ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2772ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2773ebfedea0SLionel Sambuc 128,
2774ebfedea0SLionel Sambuc 128,
2775ebfedea0SLionel Sambuc },
2776ebfedea0SLionel Sambuc
2777ebfedea0SLionel Sambuc /* Cipher C030 */
2778ebfedea0SLionel Sambuc {
2779ebfedea0SLionel Sambuc 1,
2780ebfedea0SLionel Sambuc TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2781ebfedea0SLionel Sambuc TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2782ebfedea0SLionel Sambuc SSL_kEECDH,
2783ebfedea0SLionel Sambuc SSL_aRSA,
2784ebfedea0SLionel Sambuc SSL_AES256GCM,
2785ebfedea0SLionel Sambuc SSL_AEAD,
2786ebfedea0SLionel Sambuc SSL_TLSV1_2,
2787ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2788ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2789ebfedea0SLionel Sambuc 256,
2790ebfedea0SLionel Sambuc 256,
2791ebfedea0SLionel Sambuc },
2792ebfedea0SLionel Sambuc
2793ebfedea0SLionel Sambuc /* Cipher C031 */
2794ebfedea0SLionel Sambuc {
2795ebfedea0SLionel Sambuc 1,
2796ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2797ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2798ebfedea0SLionel Sambuc SSL_kECDHr,
2799ebfedea0SLionel Sambuc SSL_aECDH,
2800ebfedea0SLionel Sambuc SSL_AES128GCM,
2801ebfedea0SLionel Sambuc SSL_AEAD,
2802ebfedea0SLionel Sambuc SSL_TLSV1_2,
2803ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2804ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2805ebfedea0SLionel Sambuc 128,
2806ebfedea0SLionel Sambuc 128,
2807ebfedea0SLionel Sambuc },
2808ebfedea0SLionel Sambuc
2809ebfedea0SLionel Sambuc /* Cipher C032 */
2810ebfedea0SLionel Sambuc {
2811ebfedea0SLionel Sambuc 1,
2812ebfedea0SLionel Sambuc TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2813ebfedea0SLionel Sambuc TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2814ebfedea0SLionel Sambuc SSL_kECDHr,
2815ebfedea0SLionel Sambuc SSL_aECDH,
2816ebfedea0SLionel Sambuc SSL_AES256GCM,
2817ebfedea0SLionel Sambuc SSL_AEAD,
2818ebfedea0SLionel Sambuc SSL_TLSV1_2,
2819ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2820ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2821ebfedea0SLionel Sambuc 256,
2822ebfedea0SLionel Sambuc 256,
2823ebfedea0SLionel Sambuc },
2824ebfedea0SLionel Sambuc
2825ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_ECDH */
2826ebfedea0SLionel Sambuc
2827ebfedea0SLionel Sambuc #ifdef TEMP_GOST_TLS
2828ebfedea0SLionel Sambuc /* Cipher FF00 */
2829ebfedea0SLionel Sambuc {
2830ebfedea0SLionel Sambuc 1,
2831ebfedea0SLionel Sambuc "GOST-MD5",
2832ebfedea0SLionel Sambuc 0x0300ff00,
2833ebfedea0SLionel Sambuc SSL_kRSA,
2834ebfedea0SLionel Sambuc SSL_aRSA,
2835ebfedea0SLionel Sambuc SSL_eGOST2814789CNT,
2836ebfedea0SLionel Sambuc SSL_MD5,
2837ebfedea0SLionel Sambuc SSL_TLSV1,
2838ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2839ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2840ebfedea0SLionel Sambuc 256,
2841ebfedea0SLionel Sambuc 256,
2842ebfedea0SLionel Sambuc },
2843ebfedea0SLionel Sambuc {
2844ebfedea0SLionel Sambuc 1,
2845ebfedea0SLionel Sambuc "GOST-GOST94",
2846ebfedea0SLionel Sambuc 0x0300ff01,
2847ebfedea0SLionel Sambuc SSL_kRSA,
2848ebfedea0SLionel Sambuc SSL_aRSA,
2849ebfedea0SLionel Sambuc SSL_eGOST2814789CNT,
2850ebfedea0SLionel Sambuc SSL_GOST94,
2851ebfedea0SLionel Sambuc SSL_TLSV1,
2852ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2853ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2854ebfedea0SLionel Sambuc 256,
2855*0a6a1f1dSLionel Sambuc 256},
2856ebfedea0SLionel Sambuc {
2857ebfedea0SLionel Sambuc 1,
2858ebfedea0SLionel Sambuc "GOST-GOST89MAC",
2859ebfedea0SLionel Sambuc 0x0300ff02,
2860ebfedea0SLionel Sambuc SSL_kRSA,
2861ebfedea0SLionel Sambuc SSL_aRSA,
2862ebfedea0SLionel Sambuc SSL_eGOST2814789CNT,
2863ebfedea0SLionel Sambuc SSL_GOST89MAC,
2864ebfedea0SLionel Sambuc SSL_TLSV1,
2865ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2866ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2867ebfedea0SLionel Sambuc 256,
2868*0a6a1f1dSLionel Sambuc 256},
2869ebfedea0SLionel Sambuc {
2870ebfedea0SLionel Sambuc 1,
2871ebfedea0SLionel Sambuc "GOST-GOST89STREAM",
2872ebfedea0SLionel Sambuc 0x0300ff03,
2873ebfedea0SLionel Sambuc SSL_kRSA,
2874ebfedea0SLionel Sambuc SSL_aRSA,
2875ebfedea0SLionel Sambuc SSL_eGOST2814789CNT,
2876ebfedea0SLionel Sambuc SSL_GOST89MAC,
2877ebfedea0SLionel Sambuc SSL_TLSV1,
2878ebfedea0SLionel Sambuc SSL_NOT_EXP | SSL_HIGH,
2879ebfedea0SLionel Sambuc SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
2880ebfedea0SLionel Sambuc 256,
2881*0a6a1f1dSLionel Sambuc 256},
2882ebfedea0SLionel Sambuc #endif
2883ebfedea0SLionel Sambuc
2884ebfedea0SLionel Sambuc /* end of list */
2885ebfedea0SLionel Sambuc };
2886ebfedea0SLionel Sambuc
2887ebfedea0SLionel Sambuc SSL3_ENC_METHOD SSLv3_enc_data = {
2888ebfedea0SLionel Sambuc ssl3_enc,
2889ebfedea0SLionel Sambuc n_ssl3_mac,
2890ebfedea0SLionel Sambuc ssl3_setup_key_block,
2891ebfedea0SLionel Sambuc ssl3_generate_master_secret,
2892ebfedea0SLionel Sambuc ssl3_change_cipher_state,
2893ebfedea0SLionel Sambuc ssl3_final_finish_mac,
2894ebfedea0SLionel Sambuc MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2895ebfedea0SLionel Sambuc ssl3_cert_verify_mac,
2896ebfedea0SLionel Sambuc SSL3_MD_CLIENT_FINISHED_CONST, 4,
2897ebfedea0SLionel Sambuc SSL3_MD_SERVER_FINISHED_CONST, 4,
2898ebfedea0SLionel Sambuc ssl3_alert_code,
2899ebfedea0SLionel Sambuc (int (*)(SSL *, unsigned char *, size_t, const char *,
2900ebfedea0SLionel Sambuc size_t, const unsigned char *, size_t,
2901ebfedea0SLionel Sambuc int use_context))ssl_undefined_function,
2902ebfedea0SLionel Sambuc };
2903ebfedea0SLionel Sambuc
ssl3_default_timeout(void)2904ebfedea0SLionel Sambuc long ssl3_default_timeout(void)
2905ebfedea0SLionel Sambuc {
2906*0a6a1f1dSLionel Sambuc /*
2907*0a6a1f1dSLionel Sambuc * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2908*0a6a1f1dSLionel Sambuc * http, the cache would over fill
2909*0a6a1f1dSLionel Sambuc */
2910ebfedea0SLionel Sambuc return (60 * 60 * 2);
2911ebfedea0SLionel Sambuc }
2912ebfedea0SLionel Sambuc
ssl3_num_ciphers(void)2913ebfedea0SLionel Sambuc int ssl3_num_ciphers(void)
2914ebfedea0SLionel Sambuc {
2915ebfedea0SLionel Sambuc return (SSL3_NUM_CIPHERS);
2916ebfedea0SLionel Sambuc }
2917ebfedea0SLionel Sambuc
ssl3_get_cipher(unsigned int u)2918ebfedea0SLionel Sambuc const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2919ebfedea0SLionel Sambuc {
2920ebfedea0SLionel Sambuc if (u < SSL3_NUM_CIPHERS)
2921ebfedea0SLionel Sambuc return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2922ebfedea0SLionel Sambuc else
2923ebfedea0SLionel Sambuc return (NULL);
2924ebfedea0SLionel Sambuc }
2925ebfedea0SLionel Sambuc
ssl3_pending(const SSL * s)2926ebfedea0SLionel Sambuc int ssl3_pending(const SSL *s)
2927ebfedea0SLionel Sambuc {
2928ebfedea0SLionel Sambuc if (s->rstate == SSL_ST_READ_BODY)
2929ebfedea0SLionel Sambuc return 0;
2930ebfedea0SLionel Sambuc
2931*0a6a1f1dSLionel Sambuc return (s->s3->rrec.type ==
2932*0a6a1f1dSLionel Sambuc SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2933ebfedea0SLionel Sambuc }
2934ebfedea0SLionel Sambuc
ssl3_new(SSL * s)2935ebfedea0SLionel Sambuc int ssl3_new(SSL *s)
2936ebfedea0SLionel Sambuc {
2937ebfedea0SLionel Sambuc SSL3_STATE *s3;
2938ebfedea0SLionel Sambuc
2939*0a6a1f1dSLionel Sambuc if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
2940*0a6a1f1dSLionel Sambuc goto err;
2941ebfedea0SLionel Sambuc memset(s3, 0, sizeof *s3);
2942ebfedea0SLionel Sambuc memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2943ebfedea0SLionel Sambuc memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2944ebfedea0SLionel Sambuc
2945ebfedea0SLionel Sambuc s->s3 = s3;
2946ebfedea0SLionel Sambuc
2947ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_SRP
2948ebfedea0SLionel Sambuc SSL_SRP_CTX_init(s);
2949ebfedea0SLionel Sambuc #endif
2950ebfedea0SLionel Sambuc s->method->ssl_clear(s);
2951ebfedea0SLionel Sambuc return (1);
2952ebfedea0SLionel Sambuc err:
2953ebfedea0SLionel Sambuc return (0);
2954ebfedea0SLionel Sambuc }
2955ebfedea0SLionel Sambuc
ssl3_free(SSL * s)2956ebfedea0SLionel Sambuc void ssl3_free(SSL *s)
2957ebfedea0SLionel Sambuc {
2958ebfedea0SLionel Sambuc if (s == NULL)
2959ebfedea0SLionel Sambuc return;
2960ebfedea0SLionel Sambuc
2961ebfedea0SLionel Sambuc #ifdef TLSEXT_TYPE_opaque_prf_input
2962ebfedea0SLionel Sambuc if (s->s3->client_opaque_prf_input != NULL)
2963ebfedea0SLionel Sambuc OPENSSL_free(s->s3->client_opaque_prf_input);
2964ebfedea0SLionel Sambuc if (s->s3->server_opaque_prf_input != NULL)
2965ebfedea0SLionel Sambuc OPENSSL_free(s->s3->server_opaque_prf_input);
2966ebfedea0SLionel Sambuc #endif
2967ebfedea0SLionel Sambuc
2968ebfedea0SLionel Sambuc ssl3_cleanup_key_block(s);
2969ebfedea0SLionel Sambuc if (s->s3->rbuf.buf != NULL)
2970ebfedea0SLionel Sambuc ssl3_release_read_buffer(s);
2971ebfedea0SLionel Sambuc if (s->s3->wbuf.buf != NULL)
2972ebfedea0SLionel Sambuc ssl3_release_write_buffer(s);
2973ebfedea0SLionel Sambuc if (s->s3->rrec.comp != NULL)
2974ebfedea0SLionel Sambuc OPENSSL_free(s->s3->rrec.comp);
2975ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
2976ebfedea0SLionel Sambuc if (s->s3->tmp.dh != NULL)
2977ebfedea0SLionel Sambuc DH_free(s->s3->tmp.dh);
2978ebfedea0SLionel Sambuc #endif
2979ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
2980ebfedea0SLionel Sambuc if (s->s3->tmp.ecdh != NULL)
2981ebfedea0SLionel Sambuc EC_KEY_free(s->s3->tmp.ecdh);
2982ebfedea0SLionel Sambuc #endif
2983ebfedea0SLionel Sambuc
2984ebfedea0SLionel Sambuc if (s->s3->tmp.ca_names != NULL)
2985ebfedea0SLionel Sambuc sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2986ebfedea0SLionel Sambuc if (s->s3->handshake_buffer) {
2987ebfedea0SLionel Sambuc BIO_free(s->s3->handshake_buffer);
2988ebfedea0SLionel Sambuc }
2989*0a6a1f1dSLionel Sambuc if (s->s3->handshake_dgst)
2990*0a6a1f1dSLionel Sambuc ssl3_free_digest_list(s);
2991ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_SRP
2992ebfedea0SLionel Sambuc SSL_SRP_CTX_free(s);
2993ebfedea0SLionel Sambuc #endif
2994ebfedea0SLionel Sambuc OPENSSL_cleanse(s->s3, sizeof *s->s3);
2995ebfedea0SLionel Sambuc OPENSSL_free(s->s3);
2996ebfedea0SLionel Sambuc s->s3 = NULL;
2997ebfedea0SLionel Sambuc }
2998ebfedea0SLionel Sambuc
ssl3_clear(SSL * s)2999ebfedea0SLionel Sambuc void ssl3_clear(SSL *s)
3000ebfedea0SLionel Sambuc {
3001ebfedea0SLionel Sambuc unsigned char *rp, *wp;
3002ebfedea0SLionel Sambuc size_t rlen, wlen;
3003ebfedea0SLionel Sambuc int init_extra;
3004ebfedea0SLionel Sambuc
3005ebfedea0SLionel Sambuc #ifdef TLSEXT_TYPE_opaque_prf_input
3006ebfedea0SLionel Sambuc if (s->s3->client_opaque_prf_input != NULL)
3007ebfedea0SLionel Sambuc OPENSSL_free(s->s3->client_opaque_prf_input);
3008ebfedea0SLionel Sambuc s->s3->client_opaque_prf_input = NULL;
3009ebfedea0SLionel Sambuc if (s->s3->server_opaque_prf_input != NULL)
3010ebfedea0SLionel Sambuc OPENSSL_free(s->s3->server_opaque_prf_input);
3011ebfedea0SLionel Sambuc s->s3->server_opaque_prf_input = NULL;
3012ebfedea0SLionel Sambuc #endif
3013ebfedea0SLionel Sambuc
3014ebfedea0SLionel Sambuc ssl3_cleanup_key_block(s);
3015ebfedea0SLionel Sambuc if (s->s3->tmp.ca_names != NULL)
3016ebfedea0SLionel Sambuc sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3017ebfedea0SLionel Sambuc
3018*0a6a1f1dSLionel Sambuc if (s->s3->rrec.comp != NULL) {
3019ebfedea0SLionel Sambuc OPENSSL_free(s->s3->rrec.comp);
3020ebfedea0SLionel Sambuc s->s3->rrec.comp = NULL;
3021ebfedea0SLionel Sambuc }
3022ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
3023*0a6a1f1dSLionel Sambuc if (s->s3->tmp.dh != NULL) {
3024ebfedea0SLionel Sambuc DH_free(s->s3->tmp.dh);
3025ebfedea0SLionel Sambuc s->s3->tmp.dh = NULL;
3026ebfedea0SLionel Sambuc }
3027ebfedea0SLionel Sambuc #endif
3028ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
3029*0a6a1f1dSLionel Sambuc if (s->s3->tmp.ecdh != NULL) {
3030ebfedea0SLionel Sambuc EC_KEY_free(s->s3->tmp.ecdh);
3031ebfedea0SLionel Sambuc s->s3->tmp.ecdh = NULL;
3032ebfedea0SLionel Sambuc }
3033ebfedea0SLionel Sambuc #endif
3034*0a6a1f1dSLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
3035*0a6a1f1dSLionel Sambuc # ifndef OPENSSL_NO_EC
3036*0a6a1f1dSLionel Sambuc s->s3->is_probably_safari = 0;
3037*0a6a1f1dSLionel Sambuc # endif /* !OPENSSL_NO_EC */
3038*0a6a1f1dSLionel Sambuc #endif /* !OPENSSL_NO_TLSEXT */
3039ebfedea0SLionel Sambuc
3040ebfedea0SLionel Sambuc rp = s->s3->rbuf.buf;
3041ebfedea0SLionel Sambuc wp = s->s3->wbuf.buf;
3042ebfedea0SLionel Sambuc rlen = s->s3->rbuf.len;
3043ebfedea0SLionel Sambuc wlen = s->s3->wbuf.len;
3044ebfedea0SLionel Sambuc init_extra = s->s3->init_extra;
3045ebfedea0SLionel Sambuc if (s->s3->handshake_buffer) {
3046ebfedea0SLionel Sambuc BIO_free(s->s3->handshake_buffer);
3047ebfedea0SLionel Sambuc s->s3->handshake_buffer = NULL;
3048ebfedea0SLionel Sambuc }
3049ebfedea0SLionel Sambuc if (s->s3->handshake_dgst) {
3050ebfedea0SLionel Sambuc ssl3_free_digest_list(s);
3051ebfedea0SLionel Sambuc }
3052ebfedea0SLionel Sambuc memset(s->s3, 0, sizeof *s->s3);
3053ebfedea0SLionel Sambuc s->s3->rbuf.buf = rp;
3054ebfedea0SLionel Sambuc s->s3->wbuf.buf = wp;
3055ebfedea0SLionel Sambuc s->s3->rbuf.len = rlen;
3056ebfedea0SLionel Sambuc s->s3->wbuf.len = wlen;
3057ebfedea0SLionel Sambuc s->s3->init_extra = init_extra;
3058ebfedea0SLionel Sambuc
3059ebfedea0SLionel Sambuc ssl_free_wbio_buffer(s);
3060ebfedea0SLionel Sambuc
3061ebfedea0SLionel Sambuc s->packet_length = 0;
3062ebfedea0SLionel Sambuc s->s3->renegotiate = 0;
3063ebfedea0SLionel Sambuc s->s3->total_renegotiations = 0;
3064ebfedea0SLionel Sambuc s->s3->num_renegotiations = 0;
3065ebfedea0SLionel Sambuc s->s3->in_read_app_data = 0;
3066ebfedea0SLionel Sambuc s->version = SSL3_VERSION;
3067ebfedea0SLionel Sambuc
3068ebfedea0SLionel Sambuc #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3069*0a6a1f1dSLionel Sambuc if (s->next_proto_negotiated) {
3070ebfedea0SLionel Sambuc OPENSSL_free(s->next_proto_negotiated);
3071ebfedea0SLionel Sambuc s->next_proto_negotiated = NULL;
3072ebfedea0SLionel Sambuc s->next_proto_negotiated_len = 0;
3073ebfedea0SLionel Sambuc }
3074ebfedea0SLionel Sambuc #endif
3075ebfedea0SLionel Sambuc }
3076ebfedea0SLionel Sambuc
3077ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_SRP
srp_password_from_info_cb(SSL * s,void * arg)3078ebfedea0SLionel Sambuc static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3079ebfedea0SLionel Sambuc {
3080ebfedea0SLionel Sambuc return BUF_strdup(s->srp_ctx.info);
3081ebfedea0SLionel Sambuc }
3082ebfedea0SLionel Sambuc #endif
3083ebfedea0SLionel Sambuc
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)3084ebfedea0SLionel Sambuc long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3085ebfedea0SLionel Sambuc {
3086ebfedea0SLionel Sambuc int ret = 0;
3087ebfedea0SLionel Sambuc
3088ebfedea0SLionel Sambuc #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3089ebfedea0SLionel Sambuc if (
3090ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA
3091*0a6a1f1dSLionel Sambuc cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3092ebfedea0SLionel Sambuc # endif
3093ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DSA
3094*0a6a1f1dSLionel Sambuc cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
3095ebfedea0SLionel Sambuc # endif
3096*0a6a1f1dSLionel Sambuc 0) {
3097*0a6a1f1dSLionel Sambuc if (!ssl_cert_inst(&s->cert)) {
3098ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3099ebfedea0SLionel Sambuc return (0);
3100ebfedea0SLionel Sambuc }
3101ebfedea0SLionel Sambuc }
3102ebfedea0SLionel Sambuc #endif
3103ebfedea0SLionel Sambuc
3104*0a6a1f1dSLionel Sambuc switch (cmd) {
3105ebfedea0SLionel Sambuc case SSL_CTRL_GET_SESSION_REUSED:
3106ebfedea0SLionel Sambuc ret = s->hit;
3107ebfedea0SLionel Sambuc break;
3108ebfedea0SLionel Sambuc case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3109ebfedea0SLionel Sambuc break;
3110ebfedea0SLionel Sambuc case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3111ebfedea0SLionel Sambuc ret = s->s3->num_renegotiations;
3112ebfedea0SLionel Sambuc break;
3113ebfedea0SLionel Sambuc case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3114ebfedea0SLionel Sambuc ret = s->s3->num_renegotiations;
3115ebfedea0SLionel Sambuc s->s3->num_renegotiations = 0;
3116ebfedea0SLionel Sambuc break;
3117ebfedea0SLionel Sambuc case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3118ebfedea0SLionel Sambuc ret = s->s3->total_renegotiations;
3119ebfedea0SLionel Sambuc break;
3120ebfedea0SLionel Sambuc case SSL_CTRL_GET_FLAGS:
3121ebfedea0SLionel Sambuc ret = (int)(s->s3->flags);
3122ebfedea0SLionel Sambuc break;
3123ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_RSA
3124ebfedea0SLionel Sambuc case SSL_CTRL_NEED_TMP_RSA:
3125ebfedea0SLionel Sambuc if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3126ebfedea0SLionel Sambuc ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3127*0a6a1f1dSLionel Sambuc (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3128*0a6a1f1dSLionel Sambuc (512 / 8))))
3129ebfedea0SLionel Sambuc ret = 1;
3130ebfedea0SLionel Sambuc break;
3131ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_RSA:
3132ebfedea0SLionel Sambuc {
3133ebfedea0SLionel Sambuc RSA *rsa = (RSA *)parg;
3134*0a6a1f1dSLionel Sambuc if (rsa == NULL) {
3135ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3136ebfedea0SLionel Sambuc return (ret);
3137ebfedea0SLionel Sambuc }
3138*0a6a1f1dSLionel Sambuc if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3139ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3140ebfedea0SLionel Sambuc return (ret);
3141ebfedea0SLionel Sambuc }
3142ebfedea0SLionel Sambuc if (s->cert->rsa_tmp != NULL)
3143ebfedea0SLionel Sambuc RSA_free(s->cert->rsa_tmp);
3144ebfedea0SLionel Sambuc s->cert->rsa_tmp = rsa;
3145ebfedea0SLionel Sambuc ret = 1;
3146ebfedea0SLionel Sambuc }
3147ebfedea0SLionel Sambuc break;
3148ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_RSA_CB:
3149ebfedea0SLionel Sambuc {
3150ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3151ebfedea0SLionel Sambuc return (ret);
3152ebfedea0SLionel Sambuc }
3153ebfedea0SLionel Sambuc break;
3154ebfedea0SLionel Sambuc #endif
3155ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
3156ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_DH:
3157ebfedea0SLionel Sambuc {
3158ebfedea0SLionel Sambuc DH *dh = (DH *)parg;
3159*0a6a1f1dSLionel Sambuc if (dh == NULL) {
3160ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3161ebfedea0SLionel Sambuc return (ret);
3162ebfedea0SLionel Sambuc }
3163*0a6a1f1dSLionel Sambuc if ((dh = DHparams_dup(dh)) == NULL) {
3164ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3165ebfedea0SLionel Sambuc return (ret);
3166ebfedea0SLionel Sambuc }
3167*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3168*0a6a1f1dSLionel Sambuc if (!DH_generate_key(dh)) {
3169ebfedea0SLionel Sambuc DH_free(dh);
3170ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3171ebfedea0SLionel Sambuc return (ret);
3172ebfedea0SLionel Sambuc }
3173ebfedea0SLionel Sambuc }
3174ebfedea0SLionel Sambuc if (s->cert->dh_tmp != NULL)
3175ebfedea0SLionel Sambuc DH_free(s->cert->dh_tmp);
3176ebfedea0SLionel Sambuc s->cert->dh_tmp = dh;
3177ebfedea0SLionel Sambuc ret = 1;
3178ebfedea0SLionel Sambuc }
3179ebfedea0SLionel Sambuc break;
3180ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_DH_CB:
3181ebfedea0SLionel Sambuc {
3182ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3183ebfedea0SLionel Sambuc return (ret);
3184ebfedea0SLionel Sambuc }
3185ebfedea0SLionel Sambuc break;
3186ebfedea0SLionel Sambuc #endif
3187ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
3188ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_ECDH:
3189ebfedea0SLionel Sambuc {
3190ebfedea0SLionel Sambuc EC_KEY *ecdh = NULL;
3191ebfedea0SLionel Sambuc
3192*0a6a1f1dSLionel Sambuc if (parg == NULL) {
3193ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3194ebfedea0SLionel Sambuc return (ret);
3195ebfedea0SLionel Sambuc }
3196*0a6a1f1dSLionel Sambuc if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3197ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3198ebfedea0SLionel Sambuc return (ret);
3199ebfedea0SLionel Sambuc }
3200ebfedea0SLionel Sambuc ecdh = (EC_KEY *)parg;
3201*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3202*0a6a1f1dSLionel Sambuc if (!EC_KEY_generate_key(ecdh)) {
3203ebfedea0SLionel Sambuc EC_KEY_free(ecdh);
3204ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3205ebfedea0SLionel Sambuc return (ret);
3206ebfedea0SLionel Sambuc }
3207ebfedea0SLionel Sambuc }
3208ebfedea0SLionel Sambuc if (s->cert->ecdh_tmp != NULL)
3209ebfedea0SLionel Sambuc EC_KEY_free(s->cert->ecdh_tmp);
3210ebfedea0SLionel Sambuc s->cert->ecdh_tmp = ecdh;
3211ebfedea0SLionel Sambuc ret = 1;
3212ebfedea0SLionel Sambuc }
3213ebfedea0SLionel Sambuc break;
3214ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_ECDH_CB:
3215ebfedea0SLionel Sambuc {
3216ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3217ebfedea0SLionel Sambuc return (ret);
3218ebfedea0SLionel Sambuc }
3219ebfedea0SLionel Sambuc break;
3220ebfedea0SLionel Sambuc #endif /* !OPENSSL_NO_ECDH */
3221ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
3222ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3223*0a6a1f1dSLionel Sambuc if (larg == TLSEXT_NAMETYPE_host_name) {
3224ebfedea0SLionel Sambuc if (s->tlsext_hostname != NULL)
3225ebfedea0SLionel Sambuc OPENSSL_free(s->tlsext_hostname);
3226ebfedea0SLionel Sambuc s->tlsext_hostname = NULL;
3227ebfedea0SLionel Sambuc
3228ebfedea0SLionel Sambuc ret = 1;
3229ebfedea0SLionel Sambuc if (parg == NULL)
3230ebfedea0SLionel Sambuc break;
3231*0a6a1f1dSLionel Sambuc if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3232ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3233ebfedea0SLionel Sambuc return 0;
3234ebfedea0SLionel Sambuc }
3235*0a6a1f1dSLionel Sambuc if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3236ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3237ebfedea0SLionel Sambuc return 0;
3238ebfedea0SLionel Sambuc }
3239*0a6a1f1dSLionel Sambuc } else {
3240ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3241ebfedea0SLionel Sambuc return 0;
3242ebfedea0SLionel Sambuc }
3243ebfedea0SLionel Sambuc break;
3244ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3245ebfedea0SLionel Sambuc s->tlsext_debug_arg = parg;
3246ebfedea0SLionel Sambuc ret = 1;
3247ebfedea0SLionel Sambuc break;
3248ebfedea0SLionel Sambuc
3249ebfedea0SLionel Sambuc # ifdef TLSEXT_TYPE_opaque_prf_input
3250ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3251*0a6a1f1dSLionel Sambuc if (larg > 12288) { /* actual internal limit is 2^16 for the
3252*0a6a1f1dSLionel Sambuc * complete hello message * (including the
3253*0a6a1f1dSLionel Sambuc * cert chain and everything) */
3254ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3255ebfedea0SLionel Sambuc break;
3256ebfedea0SLionel Sambuc }
3257ebfedea0SLionel Sambuc if (s->tlsext_opaque_prf_input != NULL)
3258ebfedea0SLionel Sambuc OPENSSL_free(s->tlsext_opaque_prf_input);
3259ebfedea0SLionel Sambuc if ((size_t)larg == 0)
3260*0a6a1f1dSLionel Sambuc s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
3261*0a6a1f1dSLionel Sambuc * just to get
3262*0a6a1f1dSLionel Sambuc * non-NULL */
3263ebfedea0SLionel Sambuc else
3264ebfedea0SLionel Sambuc s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3265*0a6a1f1dSLionel Sambuc if (s->tlsext_opaque_prf_input != NULL) {
3266ebfedea0SLionel Sambuc s->tlsext_opaque_prf_input_len = (size_t)larg;
3267ebfedea0SLionel Sambuc ret = 1;
3268*0a6a1f1dSLionel Sambuc } else
3269ebfedea0SLionel Sambuc s->tlsext_opaque_prf_input_len = 0;
3270ebfedea0SLionel Sambuc break;
3271ebfedea0SLionel Sambuc # endif
3272ebfedea0SLionel Sambuc
3273ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3274ebfedea0SLionel Sambuc s->tlsext_status_type = larg;
3275ebfedea0SLionel Sambuc ret = 1;
3276ebfedea0SLionel Sambuc break;
3277ebfedea0SLionel Sambuc
3278ebfedea0SLionel Sambuc case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3279ebfedea0SLionel Sambuc *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3280ebfedea0SLionel Sambuc ret = 1;
3281ebfedea0SLionel Sambuc break;
3282ebfedea0SLionel Sambuc
3283ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3284ebfedea0SLionel Sambuc s->tlsext_ocsp_exts = parg;
3285ebfedea0SLionel Sambuc ret = 1;
3286ebfedea0SLionel Sambuc break;
3287ebfedea0SLionel Sambuc
3288ebfedea0SLionel Sambuc case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3289ebfedea0SLionel Sambuc *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3290ebfedea0SLionel Sambuc ret = 1;
3291ebfedea0SLionel Sambuc break;
3292ebfedea0SLionel Sambuc
3293ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3294ebfedea0SLionel Sambuc s->tlsext_ocsp_ids = parg;
3295ebfedea0SLionel Sambuc ret = 1;
3296ebfedea0SLionel Sambuc break;
3297ebfedea0SLionel Sambuc
3298ebfedea0SLionel Sambuc case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3299ebfedea0SLionel Sambuc *(unsigned char **)parg = s->tlsext_ocsp_resp;
3300ebfedea0SLionel Sambuc return s->tlsext_ocsp_resplen;
3301ebfedea0SLionel Sambuc
3302ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3303ebfedea0SLionel Sambuc if (s->tlsext_ocsp_resp)
3304ebfedea0SLionel Sambuc OPENSSL_free(s->tlsext_ocsp_resp);
3305ebfedea0SLionel Sambuc s->tlsext_ocsp_resp = parg;
3306ebfedea0SLionel Sambuc s->tlsext_ocsp_resplen = larg;
3307ebfedea0SLionel Sambuc ret = 1;
3308ebfedea0SLionel Sambuc break;
3309ebfedea0SLionel Sambuc
3310ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_HEARTBEATS
3311ebfedea0SLionel Sambuc case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3312*0a6a1f1dSLionel Sambuc if (SSL_version(s) == DTLS1_VERSION
3313*0a6a1f1dSLionel Sambuc || SSL_version(s) == DTLS1_BAD_VER)
3314ebfedea0SLionel Sambuc ret = dtls1_heartbeat(s);
3315ebfedea0SLionel Sambuc else
3316ebfedea0SLionel Sambuc ret = tls1_heartbeat(s);
3317ebfedea0SLionel Sambuc break;
3318ebfedea0SLionel Sambuc
3319ebfedea0SLionel Sambuc case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3320ebfedea0SLionel Sambuc ret = s->tlsext_hb_pending;
3321ebfedea0SLionel Sambuc break;
3322ebfedea0SLionel Sambuc
3323ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3324ebfedea0SLionel Sambuc if (larg)
3325ebfedea0SLionel Sambuc s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3326ebfedea0SLionel Sambuc else
3327ebfedea0SLionel Sambuc s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3328ebfedea0SLionel Sambuc ret = 1;
3329ebfedea0SLionel Sambuc break;
3330ebfedea0SLionel Sambuc # endif
3331ebfedea0SLionel Sambuc
3332ebfedea0SLionel Sambuc #endif /* !OPENSSL_NO_TLSEXT */
3333*0a6a1f1dSLionel Sambuc
3334*0a6a1f1dSLionel Sambuc case SSL_CTRL_CHECK_PROTO_VERSION:
3335*0a6a1f1dSLionel Sambuc /*
3336*0a6a1f1dSLionel Sambuc * For library-internal use; checks that the current protocol is the
3337*0a6a1f1dSLionel Sambuc * highest enabled version (according to s->ctx->method, as version
3338*0a6a1f1dSLionel Sambuc * negotiation may have changed s->method).
3339*0a6a1f1dSLionel Sambuc */
3340*0a6a1f1dSLionel Sambuc if (s->version == s->ctx->method->version)
3341*0a6a1f1dSLionel Sambuc return 1;
3342*0a6a1f1dSLionel Sambuc /*
3343*0a6a1f1dSLionel Sambuc * Apparently we're using a version-flexible SSL_METHOD (not at its
3344*0a6a1f1dSLionel Sambuc * highest protocol version).
3345*0a6a1f1dSLionel Sambuc */
3346*0a6a1f1dSLionel Sambuc if (s->ctx->method->version == SSLv23_method()->version) {
3347*0a6a1f1dSLionel Sambuc #if TLS_MAX_VERSION != TLS1_2_VERSION
3348*0a6a1f1dSLionel Sambuc # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3349*0a6a1f1dSLionel Sambuc #endif
3350*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_NO_TLSv1_2))
3351*0a6a1f1dSLionel Sambuc return s->version == TLS1_2_VERSION;
3352*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_NO_TLSv1_1))
3353*0a6a1f1dSLionel Sambuc return s->version == TLS1_1_VERSION;
3354*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_NO_TLSv1))
3355*0a6a1f1dSLionel Sambuc return s->version == TLS1_VERSION;
3356*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_NO_SSLv3))
3357*0a6a1f1dSLionel Sambuc return s->version == SSL3_VERSION;
3358*0a6a1f1dSLionel Sambuc if (!(s->options & SSL_OP_NO_SSLv2))
3359*0a6a1f1dSLionel Sambuc return s->version == SSL2_VERSION;
3360*0a6a1f1dSLionel Sambuc }
3361*0a6a1f1dSLionel Sambuc return 0; /* Unexpected state; fail closed. */
3362*0a6a1f1dSLionel Sambuc
3363ebfedea0SLionel Sambuc default:
3364ebfedea0SLionel Sambuc break;
3365ebfedea0SLionel Sambuc }
3366ebfedea0SLionel Sambuc return (ret);
3367ebfedea0SLionel Sambuc }
3368ebfedea0SLionel Sambuc
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3369ebfedea0SLionel Sambuc long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3370ebfedea0SLionel Sambuc {
3371ebfedea0SLionel Sambuc int ret = 0;
3372ebfedea0SLionel Sambuc
3373ebfedea0SLionel Sambuc #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3374ebfedea0SLionel Sambuc if (
3375ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA
3376ebfedea0SLionel Sambuc cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3377ebfedea0SLionel Sambuc # endif
3378ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DSA
3379ebfedea0SLionel Sambuc cmd == SSL_CTRL_SET_TMP_DH_CB ||
3380ebfedea0SLionel Sambuc # endif
3381*0a6a1f1dSLionel Sambuc 0) {
3382*0a6a1f1dSLionel Sambuc if (!ssl_cert_inst(&s->cert)) {
3383ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3384ebfedea0SLionel Sambuc return (0);
3385ebfedea0SLionel Sambuc }
3386ebfedea0SLionel Sambuc }
3387ebfedea0SLionel Sambuc #endif
3388ebfedea0SLionel Sambuc
3389*0a6a1f1dSLionel Sambuc switch (cmd) {
3390ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_RSA
3391ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_RSA_CB:
3392ebfedea0SLionel Sambuc {
3393ebfedea0SLionel Sambuc s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3394ebfedea0SLionel Sambuc }
3395ebfedea0SLionel Sambuc break;
3396ebfedea0SLionel Sambuc #endif
3397ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
3398ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_DH_CB:
3399ebfedea0SLionel Sambuc {
3400ebfedea0SLionel Sambuc s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3401ebfedea0SLionel Sambuc }
3402ebfedea0SLionel Sambuc break;
3403ebfedea0SLionel Sambuc #endif
3404ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
3405ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_ECDH_CB:
3406ebfedea0SLionel Sambuc {
3407ebfedea0SLionel Sambuc s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3408ebfedea0SLionel Sambuc }
3409ebfedea0SLionel Sambuc break;
3410ebfedea0SLionel Sambuc #endif
3411ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
3412ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3413ebfedea0SLionel Sambuc s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3414ebfedea0SLionel Sambuc unsigned char *, int, void *))fp;
3415ebfedea0SLionel Sambuc break;
3416ebfedea0SLionel Sambuc #endif
3417ebfedea0SLionel Sambuc default:
3418ebfedea0SLionel Sambuc break;
3419ebfedea0SLionel Sambuc }
3420ebfedea0SLionel Sambuc return (ret);
3421ebfedea0SLionel Sambuc }
3422ebfedea0SLionel Sambuc
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3423ebfedea0SLionel Sambuc long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3424ebfedea0SLionel Sambuc {
3425ebfedea0SLionel Sambuc CERT *cert;
3426ebfedea0SLionel Sambuc
3427ebfedea0SLionel Sambuc cert = ctx->cert;
3428ebfedea0SLionel Sambuc
3429*0a6a1f1dSLionel Sambuc switch (cmd) {
3430ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_RSA
3431ebfedea0SLionel Sambuc case SSL_CTRL_NEED_TMP_RSA:
3432ebfedea0SLionel Sambuc if ((cert->rsa_tmp == NULL) &&
3433ebfedea0SLionel Sambuc ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3434*0a6a1f1dSLionel Sambuc (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3435*0a6a1f1dSLionel Sambuc (512 / 8)))
3436ebfedea0SLionel Sambuc )
3437ebfedea0SLionel Sambuc return (1);
3438ebfedea0SLionel Sambuc else
3439ebfedea0SLionel Sambuc return (0);
3440ebfedea0SLionel Sambuc /* break; */
3441ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_RSA:
3442ebfedea0SLionel Sambuc {
3443ebfedea0SLionel Sambuc RSA *rsa;
3444ebfedea0SLionel Sambuc int i;
3445ebfedea0SLionel Sambuc
3446ebfedea0SLionel Sambuc rsa = (RSA *)parg;
3447ebfedea0SLionel Sambuc i = 1;
3448ebfedea0SLionel Sambuc if (rsa == NULL)
3449ebfedea0SLionel Sambuc i = 0;
3450*0a6a1f1dSLionel Sambuc else {
3451ebfedea0SLionel Sambuc if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3452ebfedea0SLionel Sambuc i = 0;
3453ebfedea0SLionel Sambuc }
3454*0a6a1f1dSLionel Sambuc if (!i) {
3455ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3456ebfedea0SLionel Sambuc return (0);
3457*0a6a1f1dSLionel Sambuc } else {
3458ebfedea0SLionel Sambuc if (cert->rsa_tmp != NULL)
3459ebfedea0SLionel Sambuc RSA_free(cert->rsa_tmp);
3460ebfedea0SLionel Sambuc cert->rsa_tmp = rsa;
3461ebfedea0SLionel Sambuc return (1);
3462ebfedea0SLionel Sambuc }
3463ebfedea0SLionel Sambuc }
3464ebfedea0SLionel Sambuc /* break; */
3465ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_RSA_CB:
3466ebfedea0SLionel Sambuc {
3467ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3468ebfedea0SLionel Sambuc return (0);
3469ebfedea0SLionel Sambuc }
3470ebfedea0SLionel Sambuc break;
3471ebfedea0SLionel Sambuc #endif
3472ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
3473ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_DH:
3474ebfedea0SLionel Sambuc {
3475ebfedea0SLionel Sambuc DH *new = NULL, *dh;
3476ebfedea0SLionel Sambuc
3477ebfedea0SLionel Sambuc dh = (DH *)parg;
3478*0a6a1f1dSLionel Sambuc if ((new = DHparams_dup(dh)) == NULL) {
3479ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3480ebfedea0SLionel Sambuc return 0;
3481ebfedea0SLionel Sambuc }
3482*0a6a1f1dSLionel Sambuc if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3483*0a6a1f1dSLionel Sambuc if (!DH_generate_key(new)) {
3484ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3485ebfedea0SLionel Sambuc DH_free(new);
3486ebfedea0SLionel Sambuc return 0;
3487ebfedea0SLionel Sambuc }
3488ebfedea0SLionel Sambuc }
3489ebfedea0SLionel Sambuc if (cert->dh_tmp != NULL)
3490ebfedea0SLionel Sambuc DH_free(cert->dh_tmp);
3491ebfedea0SLionel Sambuc cert->dh_tmp = new;
3492ebfedea0SLionel Sambuc return 1;
3493ebfedea0SLionel Sambuc }
3494*0a6a1f1dSLionel Sambuc /*
3495*0a6a1f1dSLionel Sambuc * break;
3496*0a6a1f1dSLionel Sambuc */
3497ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_DH_CB:
3498ebfedea0SLionel Sambuc {
3499ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3500ebfedea0SLionel Sambuc return (0);
3501ebfedea0SLionel Sambuc }
3502ebfedea0SLionel Sambuc break;
3503ebfedea0SLionel Sambuc #endif
3504ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
3505ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_ECDH:
3506ebfedea0SLionel Sambuc {
3507ebfedea0SLionel Sambuc EC_KEY *ecdh = NULL;
3508ebfedea0SLionel Sambuc
3509*0a6a1f1dSLionel Sambuc if (parg == NULL) {
3510ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3511ebfedea0SLionel Sambuc return 0;
3512ebfedea0SLionel Sambuc }
3513ebfedea0SLionel Sambuc ecdh = EC_KEY_dup((EC_KEY *)parg);
3514*0a6a1f1dSLionel Sambuc if (ecdh == NULL) {
3515ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3516ebfedea0SLionel Sambuc return 0;
3517ebfedea0SLionel Sambuc }
3518*0a6a1f1dSLionel Sambuc if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3519*0a6a1f1dSLionel Sambuc if (!EC_KEY_generate_key(ecdh)) {
3520ebfedea0SLionel Sambuc EC_KEY_free(ecdh);
3521ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3522ebfedea0SLionel Sambuc return 0;
3523ebfedea0SLionel Sambuc }
3524ebfedea0SLionel Sambuc }
3525ebfedea0SLionel Sambuc
3526*0a6a1f1dSLionel Sambuc if (cert->ecdh_tmp != NULL) {
3527ebfedea0SLionel Sambuc EC_KEY_free(cert->ecdh_tmp);
3528ebfedea0SLionel Sambuc }
3529ebfedea0SLionel Sambuc cert->ecdh_tmp = ecdh;
3530ebfedea0SLionel Sambuc return 1;
3531ebfedea0SLionel Sambuc }
3532ebfedea0SLionel Sambuc /* break; */
3533ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_ECDH_CB:
3534ebfedea0SLionel Sambuc {
3535ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3536ebfedea0SLionel Sambuc return (0);
3537ebfedea0SLionel Sambuc }
3538ebfedea0SLionel Sambuc break;
3539ebfedea0SLionel Sambuc #endif /* !OPENSSL_NO_ECDH */
3540ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
3541ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3542ebfedea0SLionel Sambuc ctx->tlsext_servername_arg = parg;
3543ebfedea0SLionel Sambuc break;
3544ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3545ebfedea0SLionel Sambuc case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3546ebfedea0SLionel Sambuc {
3547ebfedea0SLionel Sambuc unsigned char *keys = parg;
3548ebfedea0SLionel Sambuc if (!keys)
3549ebfedea0SLionel Sambuc return 48;
3550*0a6a1f1dSLionel Sambuc if (larg != 48) {
3551ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3552ebfedea0SLionel Sambuc return 0;
3553ebfedea0SLionel Sambuc }
3554*0a6a1f1dSLionel Sambuc if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3555ebfedea0SLionel Sambuc memcpy(ctx->tlsext_tick_key_name, keys, 16);
3556ebfedea0SLionel Sambuc memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3557ebfedea0SLionel Sambuc memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3558*0a6a1f1dSLionel Sambuc } else {
3559ebfedea0SLionel Sambuc memcpy(keys, ctx->tlsext_tick_key_name, 16);
3560ebfedea0SLionel Sambuc memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3561ebfedea0SLionel Sambuc memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3562ebfedea0SLionel Sambuc }
3563ebfedea0SLionel Sambuc return 1;
3564ebfedea0SLionel Sambuc }
3565ebfedea0SLionel Sambuc
3566ebfedea0SLionel Sambuc # ifdef TLSEXT_TYPE_opaque_prf_input
3567ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3568ebfedea0SLionel Sambuc ctx->tlsext_opaque_prf_input_callback_arg = parg;
3569ebfedea0SLionel Sambuc return 1;
3570ebfedea0SLionel Sambuc # endif
3571ebfedea0SLionel Sambuc
3572ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3573ebfedea0SLionel Sambuc ctx->tlsext_status_arg = parg;
3574ebfedea0SLionel Sambuc return 1;
3575ebfedea0SLionel Sambuc break;
3576ebfedea0SLionel Sambuc
3577ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_SRP
3578ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3579ebfedea0SLionel Sambuc ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3580ebfedea0SLionel Sambuc if (ctx->srp_ctx.login != NULL)
3581ebfedea0SLionel Sambuc OPENSSL_free(ctx->srp_ctx.login);
3582ebfedea0SLionel Sambuc ctx->srp_ctx.login = NULL;
3583ebfedea0SLionel Sambuc if (parg == NULL)
3584ebfedea0SLionel Sambuc break;
3585*0a6a1f1dSLionel Sambuc if (strlen((const char *)parg) > 255
3586*0a6a1f1dSLionel Sambuc || strlen((const char *)parg) < 1) {
3587ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3588ebfedea0SLionel Sambuc return 0;
3589ebfedea0SLionel Sambuc }
3590*0a6a1f1dSLionel Sambuc if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3591ebfedea0SLionel Sambuc SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3592ebfedea0SLionel Sambuc return 0;
3593ebfedea0SLionel Sambuc }
3594ebfedea0SLionel Sambuc break;
3595ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3596*0a6a1f1dSLionel Sambuc ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3597*0a6a1f1dSLionel Sambuc srp_password_from_info_cb;
3598ebfedea0SLionel Sambuc ctx->srp_ctx.info = parg;
3599ebfedea0SLionel Sambuc break;
3600ebfedea0SLionel Sambuc case SSL_CTRL_SET_SRP_ARG:
3601ebfedea0SLionel Sambuc ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3602ebfedea0SLionel Sambuc ctx->srp_ctx.SRP_cb_arg = parg;
3603ebfedea0SLionel Sambuc break;
3604ebfedea0SLionel Sambuc
3605ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3606ebfedea0SLionel Sambuc ctx->srp_ctx.strength = larg;
3607ebfedea0SLionel Sambuc break;
3608ebfedea0SLionel Sambuc # endif
3609ebfedea0SLionel Sambuc #endif /* !OPENSSL_NO_TLSEXT */
3610ebfedea0SLionel Sambuc
3611ebfedea0SLionel Sambuc /* A Thawte special :-) */
3612ebfedea0SLionel Sambuc case SSL_CTRL_EXTRA_CHAIN_CERT:
3613*0a6a1f1dSLionel Sambuc if (ctx->extra_certs == NULL) {
3614ebfedea0SLionel Sambuc if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3615ebfedea0SLionel Sambuc return (0);
3616ebfedea0SLionel Sambuc }
3617ebfedea0SLionel Sambuc sk_X509_push(ctx->extra_certs, (X509 *)parg);
3618ebfedea0SLionel Sambuc break;
3619ebfedea0SLionel Sambuc
3620ebfedea0SLionel Sambuc case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3621ebfedea0SLionel Sambuc *(STACK_OF(X509) **)parg = ctx->extra_certs;
3622ebfedea0SLionel Sambuc break;
3623ebfedea0SLionel Sambuc
3624ebfedea0SLionel Sambuc case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3625*0a6a1f1dSLionel Sambuc if (ctx->extra_certs) {
3626ebfedea0SLionel Sambuc sk_X509_pop_free(ctx->extra_certs, X509_free);
3627ebfedea0SLionel Sambuc ctx->extra_certs = NULL;
3628ebfedea0SLionel Sambuc }
3629ebfedea0SLionel Sambuc break;
3630ebfedea0SLionel Sambuc
3631ebfedea0SLionel Sambuc default:
3632ebfedea0SLionel Sambuc return (0);
3633ebfedea0SLionel Sambuc }
3634ebfedea0SLionel Sambuc return (1);
3635ebfedea0SLionel Sambuc }
3636ebfedea0SLionel Sambuc
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))3637ebfedea0SLionel Sambuc long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3638ebfedea0SLionel Sambuc {
3639ebfedea0SLionel Sambuc CERT *cert;
3640ebfedea0SLionel Sambuc
3641ebfedea0SLionel Sambuc cert = ctx->cert;
3642ebfedea0SLionel Sambuc
3643*0a6a1f1dSLionel Sambuc switch (cmd) {
3644ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_RSA
3645ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_RSA_CB:
3646ebfedea0SLionel Sambuc {
3647ebfedea0SLionel Sambuc cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3648ebfedea0SLionel Sambuc }
3649ebfedea0SLionel Sambuc break;
3650ebfedea0SLionel Sambuc #endif
3651ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
3652ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_DH_CB:
3653ebfedea0SLionel Sambuc {
3654ebfedea0SLionel Sambuc cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3655ebfedea0SLionel Sambuc }
3656ebfedea0SLionel Sambuc break;
3657ebfedea0SLionel Sambuc #endif
3658ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
3659ebfedea0SLionel Sambuc case SSL_CTRL_SET_TMP_ECDH_CB:
3660ebfedea0SLionel Sambuc {
3661ebfedea0SLionel Sambuc cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3662ebfedea0SLionel Sambuc }
3663ebfedea0SLionel Sambuc break;
3664ebfedea0SLionel Sambuc #endif
3665ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
3666ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3667ebfedea0SLionel Sambuc ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3668ebfedea0SLionel Sambuc break;
3669ebfedea0SLionel Sambuc
3670ebfedea0SLionel Sambuc # ifdef TLSEXT_TYPE_opaque_prf_input
3671ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3672*0a6a1f1dSLionel Sambuc ctx->tlsext_opaque_prf_input_callback =
3673*0a6a1f1dSLionel Sambuc (int (*)(SSL *, void *, size_t, void *))fp;
3674ebfedea0SLionel Sambuc break;
3675ebfedea0SLionel Sambuc # endif
3676ebfedea0SLionel Sambuc
3677ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3678ebfedea0SLionel Sambuc ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3679ebfedea0SLionel Sambuc break;
3680ebfedea0SLionel Sambuc
3681ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3682ebfedea0SLionel Sambuc ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3683ebfedea0SLionel Sambuc unsigned char *,
3684ebfedea0SLionel Sambuc EVP_CIPHER_CTX *,
3685ebfedea0SLionel Sambuc HMAC_CTX *, int))fp;
3686ebfedea0SLionel Sambuc break;
3687ebfedea0SLionel Sambuc
3688ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_SRP
3689ebfedea0SLionel Sambuc case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3690ebfedea0SLionel Sambuc ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3691ebfedea0SLionel Sambuc ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3692ebfedea0SLionel Sambuc break;
3693ebfedea0SLionel Sambuc case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3694ebfedea0SLionel Sambuc ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3695*0a6a1f1dSLionel Sambuc ctx->srp_ctx.TLS_ext_srp_username_callback =
3696*0a6a1f1dSLionel Sambuc (int (*)(SSL *, int *, void *))fp;
3697ebfedea0SLionel Sambuc break;
3698ebfedea0SLionel Sambuc case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3699ebfedea0SLionel Sambuc ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3700*0a6a1f1dSLionel Sambuc ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3701*0a6a1f1dSLionel Sambuc (char *(*)(SSL *, void *))fp;
3702ebfedea0SLionel Sambuc break;
3703ebfedea0SLionel Sambuc # endif
3704ebfedea0SLionel Sambuc #endif
3705*0a6a1f1dSLionel Sambuc
3706ebfedea0SLionel Sambuc default:
3707ebfedea0SLionel Sambuc return (0);
3708ebfedea0SLionel Sambuc }
3709ebfedea0SLionel Sambuc return (1);
3710ebfedea0SLionel Sambuc }
3711ebfedea0SLionel Sambuc
3712*0a6a1f1dSLionel Sambuc /*
3713*0a6a1f1dSLionel Sambuc * This function needs to check if the ciphers required are actually
3714*0a6a1f1dSLionel Sambuc * available
3715*0a6a1f1dSLionel Sambuc */
ssl3_get_cipher_by_char(const unsigned char * p)3716ebfedea0SLionel Sambuc const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3717ebfedea0SLionel Sambuc {
3718ebfedea0SLionel Sambuc SSL_CIPHER c;
3719ebfedea0SLionel Sambuc const SSL_CIPHER *cp;
3720ebfedea0SLionel Sambuc unsigned long id;
3721ebfedea0SLionel Sambuc
3722ebfedea0SLionel Sambuc id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3723ebfedea0SLionel Sambuc c.id = id;
3724ebfedea0SLionel Sambuc cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3725ebfedea0SLionel Sambuc #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3726*0a6a1f1dSLionel Sambuc if (cp == NULL)
3727*0a6a1f1dSLionel Sambuc fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3728ebfedea0SLionel Sambuc #endif
3729ebfedea0SLionel Sambuc if (cp == NULL || cp->valid == 0)
3730ebfedea0SLionel Sambuc return NULL;
3731ebfedea0SLionel Sambuc else
3732ebfedea0SLionel Sambuc return cp;
3733ebfedea0SLionel Sambuc }
3734ebfedea0SLionel Sambuc
ssl3_put_cipher_by_char(const SSL_CIPHER * c,unsigned char * p)3735ebfedea0SLionel Sambuc int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3736ebfedea0SLionel Sambuc {
3737ebfedea0SLionel Sambuc long l;
3738ebfedea0SLionel Sambuc
3739*0a6a1f1dSLionel Sambuc if (p != NULL) {
3740ebfedea0SLionel Sambuc l = c->id;
3741*0a6a1f1dSLionel Sambuc if ((l & 0xff000000) != 0x03000000)
3742*0a6a1f1dSLionel Sambuc return (0);
3743ebfedea0SLionel Sambuc p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3744ebfedea0SLionel Sambuc p[1] = ((unsigned char)(l)) & 0xFF;
3745ebfedea0SLionel Sambuc }
3746ebfedea0SLionel Sambuc return (2);
3747ebfedea0SLionel Sambuc }
3748ebfedea0SLionel Sambuc
ssl3_choose_cipher(SSL * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)3749ebfedea0SLionel Sambuc SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3750ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) *srvr)
3751ebfedea0SLionel Sambuc {
3752ebfedea0SLionel Sambuc SSL_CIPHER *c, *ret = NULL;
3753ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) *prio, *allow;
3754ebfedea0SLionel Sambuc int i, ii, ok;
3755ebfedea0SLionel Sambuc #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3756ebfedea0SLionel Sambuc unsigned int j;
3757ebfedea0SLionel Sambuc int ec_ok, ec_nid;
3758ebfedea0SLionel Sambuc unsigned char ec_search1 = 0, ec_search2 = 0;
3759ebfedea0SLionel Sambuc #endif
3760ebfedea0SLionel Sambuc CERT *cert;
3761ebfedea0SLionel Sambuc unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
3762ebfedea0SLionel Sambuc
3763ebfedea0SLionel Sambuc /* Let's see which ciphers we can support */
3764ebfedea0SLionel Sambuc cert = s->cert;
3765ebfedea0SLionel Sambuc
3766ebfedea0SLionel Sambuc #if 0
3767*0a6a1f1dSLionel Sambuc /*
3768*0a6a1f1dSLionel Sambuc * Do not set the compare functions, because this may lead to a
3769*0a6a1f1dSLionel Sambuc * reordering by "id". We want to keep the original ordering. We may pay
3770*0a6a1f1dSLionel Sambuc * a price in performance during sk_SSL_CIPHER_find(), but would have to
3771*0a6a1f1dSLionel Sambuc * pay with the price of sk_SSL_CIPHER_dup().
3772ebfedea0SLionel Sambuc */
3773ebfedea0SLionel Sambuc sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3774ebfedea0SLionel Sambuc sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3775ebfedea0SLionel Sambuc #endif
3776ebfedea0SLionel Sambuc
3777ebfedea0SLionel Sambuc #ifdef CIPHER_DEBUG
3778*0a6a1f1dSLionel Sambuc fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3779*0a6a1f1dSLionel Sambuc (void *)srvr);
3780*0a6a1f1dSLionel Sambuc for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3781ebfedea0SLionel Sambuc c = sk_SSL_CIPHER_value(srvr, i);
3782*0a6a1f1dSLionel Sambuc fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3783ebfedea0SLionel Sambuc }
3784*0a6a1f1dSLionel Sambuc fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3785*0a6a1f1dSLionel Sambuc (void *)clnt);
3786*0a6a1f1dSLionel Sambuc for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3787ebfedea0SLionel Sambuc c = sk_SSL_CIPHER_value(clnt, i);
3788*0a6a1f1dSLionel Sambuc fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3789ebfedea0SLionel Sambuc }
3790ebfedea0SLionel Sambuc #endif
3791ebfedea0SLionel Sambuc
3792*0a6a1f1dSLionel Sambuc if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3793ebfedea0SLionel Sambuc prio = srvr;
3794ebfedea0SLionel Sambuc allow = clnt;
3795*0a6a1f1dSLionel Sambuc } else {
3796ebfedea0SLionel Sambuc prio = clnt;
3797ebfedea0SLionel Sambuc allow = srvr;
3798ebfedea0SLionel Sambuc }
3799ebfedea0SLionel Sambuc
3800*0a6a1f1dSLionel Sambuc for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3801ebfedea0SLionel Sambuc c = sk_SSL_CIPHER_value(prio, i);
3802ebfedea0SLionel Sambuc
3803ebfedea0SLionel Sambuc /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3804ebfedea0SLionel Sambuc if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3805ebfedea0SLionel Sambuc (TLS1_get_version(s) < TLS1_2_VERSION))
3806ebfedea0SLionel Sambuc continue;
3807ebfedea0SLionel Sambuc
3808ebfedea0SLionel Sambuc ssl_set_cert_masks(cert, c);
3809ebfedea0SLionel Sambuc mask_k = cert->mask_k;
3810ebfedea0SLionel Sambuc mask_a = cert->mask_a;
3811ebfedea0SLionel Sambuc emask_k = cert->export_mask_k;
3812ebfedea0SLionel Sambuc emask_a = cert->export_mask_a;
3813ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_SRP
3814*0a6a1f1dSLionel Sambuc if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3815*0a6a1f1dSLionel Sambuc mask_k |= SSL_kSRP;
3816*0a6a1f1dSLionel Sambuc emask_k |= SSL_kSRP;
3817*0a6a1f1dSLionel Sambuc mask_a |= SSL_aSRP;
3818*0a6a1f1dSLionel Sambuc emask_a |= SSL_aSRP;
3819*0a6a1f1dSLionel Sambuc }
3820ebfedea0SLionel Sambuc #endif
3821ebfedea0SLionel Sambuc
3822ebfedea0SLionel Sambuc #ifdef KSSL_DEBUG
3823*0a6a1f1dSLionel Sambuc /*
3824*0a6a1f1dSLionel Sambuc * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
3825*0a6a1f1dSLionel Sambuc * i,c->algorithms);
3826*0a6a1f1dSLionel Sambuc */
3827ebfedea0SLionel Sambuc #endif /* KSSL_DEBUG */
3828ebfedea0SLionel Sambuc
3829ebfedea0SLionel Sambuc alg_k = c->algorithm_mkey;
3830ebfedea0SLionel Sambuc alg_a = c->algorithm_auth;
3831ebfedea0SLionel Sambuc
3832ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_KRB5
3833*0a6a1f1dSLionel Sambuc if (alg_k & SSL_kKRB5) {
3834ebfedea0SLionel Sambuc if (!kssl_keytab_is_available(s->kssl_ctx))
3835ebfedea0SLionel Sambuc continue;
3836ebfedea0SLionel Sambuc }
3837ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_KRB5 */
3838ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_PSK
3839ebfedea0SLionel Sambuc /* with PSK there must be server callback set */
3840ebfedea0SLionel Sambuc if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3841ebfedea0SLionel Sambuc continue;
3842ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_PSK */
3843ebfedea0SLionel Sambuc
3844*0a6a1f1dSLionel Sambuc if (SSL_C_IS_EXPORT(c)) {
3845ebfedea0SLionel Sambuc ok = (alg_k & emask_k) && (alg_a & emask_a);
3846ebfedea0SLionel Sambuc #ifdef CIPHER_DEBUG
3847*0a6a1f1dSLionel Sambuc fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3848*0a6a1f1dSLionel Sambuc ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
3849ebfedea0SLionel Sambuc #endif
3850*0a6a1f1dSLionel Sambuc } else {
3851ebfedea0SLionel Sambuc ok = (alg_k & mask_k) && (alg_a & mask_a);
3852ebfedea0SLionel Sambuc #ifdef CIPHER_DEBUG
3853*0a6a1f1dSLionel Sambuc fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3854*0a6a1f1dSLionel Sambuc alg_a, mask_k, mask_a, (void *)c, c->name);
3855ebfedea0SLionel Sambuc #endif
3856ebfedea0SLionel Sambuc }
3857ebfedea0SLionel Sambuc
3858ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_TLSEXT
3859ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_EC
3860ebfedea0SLionel Sambuc if (
3861*0a6a1f1dSLionel Sambuc /*
3862*0a6a1f1dSLionel Sambuc * if we are considering an ECC cipher suite that uses our
3863*0a6a1f1dSLionel Sambuc * certificate
3864*0a6a1f1dSLionel Sambuc */
3865ebfedea0SLionel Sambuc (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3866ebfedea0SLionel Sambuc /* and we have an ECC certificate */
3867ebfedea0SLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3868*0a6a1f1dSLionel Sambuc /*
3869*0a6a1f1dSLionel Sambuc * and the client specified a Supported Point Formats
3870*0a6a1f1dSLionel Sambuc * extension
3871*0a6a1f1dSLionel Sambuc */
3872*0a6a1f1dSLionel Sambuc && ((s->session->tlsext_ecpointformatlist_length > 0)
3873*0a6a1f1dSLionel Sambuc && (s->session->tlsext_ecpointformatlist != NULL))
3874ebfedea0SLionel Sambuc /* and our certificate's point is compressed */
3875*0a6a1f1dSLionel Sambuc && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3876*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key !=
3877*0a6a1f1dSLionel Sambuc NULL)
3878*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3879*0a6a1f1dSLionel Sambuc key->public_key != NULL)
3880*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3881*0a6a1f1dSLionel Sambuc key->public_key->data != NULL)
3882*0a6a1f1dSLionel Sambuc &&
3883*0a6a1f1dSLionel Sambuc ((*
3884*0a6a1f1dSLionel Sambuc (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3885*0a6a1f1dSLionel Sambuc key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3886*0a6a1f1dSLionel Sambuc ||
3887*0a6a1f1dSLionel Sambuc (*
3888*0a6a1f1dSLionel Sambuc (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3889*0a6a1f1dSLionel Sambuc key->public_key->data) ==
3890*0a6a1f1dSLionel Sambuc POINT_CONVERSION_COMPRESSED + 1)
3891ebfedea0SLionel Sambuc )
3892ebfedea0SLionel Sambuc )
3893*0a6a1f1dSLionel Sambuc ) {
3894ebfedea0SLionel Sambuc ec_ok = 0;
3895*0a6a1f1dSLionel Sambuc /*
3896*0a6a1f1dSLionel Sambuc * if our certificate's curve is over a field type that the
3897*0a6a1f1dSLionel Sambuc * client does not support then do not allow this cipher suite to
3898*0a6a1f1dSLionel Sambuc * be negotiated
3899*0a6a1f1dSLionel Sambuc */
3900*0a6a1f1dSLionel Sambuc if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3901*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
3902*0a6a1f1dSLionel Sambuc NULL)
3903*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3904*0a6a1f1dSLionel Sambuc group->meth != NULL)
3905*0a6a1f1dSLionel Sambuc &&
3906*0a6a1f1dSLionel Sambuc (EC_METHOD_get_field_type
3907*0a6a1f1dSLionel Sambuc (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3908*0a6a1f1dSLionel Sambuc group->meth) == NID_X9_62_prime_field)
3909*0a6a1f1dSLionel Sambuc ) {
3910*0a6a1f1dSLionel Sambuc for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
3911*0a6a1f1dSLionel Sambuc j++) {
3912*0a6a1f1dSLionel Sambuc if (s->session->tlsext_ecpointformatlist[j] ==
3913*0a6a1f1dSLionel Sambuc TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
3914ebfedea0SLionel Sambuc ec_ok = 1;
3915ebfedea0SLionel Sambuc break;
3916ebfedea0SLionel Sambuc }
3917ebfedea0SLionel Sambuc }
3918*0a6a1f1dSLionel Sambuc } else
3919*0a6a1f1dSLionel Sambuc if (EC_METHOD_get_field_type
3920*0a6a1f1dSLionel Sambuc (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3921*0a6a1f1dSLionel Sambuc group->meth) == NID_X9_62_characteristic_two_field) {
3922*0a6a1f1dSLionel Sambuc for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
3923*0a6a1f1dSLionel Sambuc j++) {
3924*0a6a1f1dSLionel Sambuc if (s->session->tlsext_ecpointformatlist[j] ==
3925*0a6a1f1dSLionel Sambuc TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
3926ebfedea0SLionel Sambuc ec_ok = 1;
3927ebfedea0SLionel Sambuc break;
3928ebfedea0SLionel Sambuc }
3929ebfedea0SLionel Sambuc }
3930ebfedea0SLionel Sambuc }
3931ebfedea0SLionel Sambuc ok = ok && ec_ok;
3932ebfedea0SLionel Sambuc }
3933ebfedea0SLionel Sambuc if (
3934*0a6a1f1dSLionel Sambuc /*
3935*0a6a1f1dSLionel Sambuc * if we are considering an ECC cipher suite that uses our
3936*0a6a1f1dSLionel Sambuc * certificate
3937*0a6a1f1dSLionel Sambuc */
3938ebfedea0SLionel Sambuc (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3939ebfedea0SLionel Sambuc /* and we have an ECC certificate */
3940ebfedea0SLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3941*0a6a1f1dSLionel Sambuc /*
3942*0a6a1f1dSLionel Sambuc * and the client specified an EllipticCurves extension
3943*0a6a1f1dSLionel Sambuc */
3944*0a6a1f1dSLionel Sambuc && ((s->session->tlsext_ellipticcurvelist_length > 0)
3945*0a6a1f1dSLionel Sambuc && (s->session->tlsext_ellipticcurvelist != NULL))
3946*0a6a1f1dSLionel Sambuc ) {
3947ebfedea0SLionel Sambuc ec_ok = 0;
3948*0a6a1f1dSLionel Sambuc if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3949*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
3950*0a6a1f1dSLionel Sambuc NULL)
3951*0a6a1f1dSLionel Sambuc ) {
3952*0a6a1f1dSLionel Sambuc ec_nid =
3953*0a6a1f1dSLionel Sambuc EC_GROUP_get_curve_name(s->cert->
3954*0a6a1f1dSLionel Sambuc pkeys[SSL_PKEY_ECC].privatekey->
3955*0a6a1f1dSLionel Sambuc pkey.ec->group);
3956ebfedea0SLionel Sambuc if ((ec_nid == 0)
3957*0a6a1f1dSLionel Sambuc && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
3958*0a6a1f1dSLionel Sambuc ec->group->meth != NULL)
3959*0a6a1f1dSLionel Sambuc ) {
3960*0a6a1f1dSLionel Sambuc if (EC_METHOD_get_field_type
3961*0a6a1f1dSLionel Sambuc (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
3962*0a6a1f1dSLionel Sambuc ec->group->meth) == NID_X9_62_prime_field) {
3963ebfedea0SLionel Sambuc ec_search1 = 0xFF;
3964ebfedea0SLionel Sambuc ec_search2 = 0x01;
3965*0a6a1f1dSLionel Sambuc } else
3966*0a6a1f1dSLionel Sambuc if (EC_METHOD_get_field_type
3967*0a6a1f1dSLionel Sambuc (s->cert->pkeys[SSL_PKEY_ECC].privatekey->
3968*0a6a1f1dSLionel Sambuc pkey.ec->group->meth) ==
3969*0a6a1f1dSLionel Sambuc NID_X9_62_characteristic_two_field) {
3970ebfedea0SLionel Sambuc ec_search1 = 0xFF;
3971ebfedea0SLionel Sambuc ec_search2 = 0x02;
3972ebfedea0SLionel Sambuc }
3973*0a6a1f1dSLionel Sambuc } else {
3974ebfedea0SLionel Sambuc ec_search1 = 0x00;
3975ebfedea0SLionel Sambuc ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3976ebfedea0SLionel Sambuc }
3977*0a6a1f1dSLionel Sambuc if ((ec_search1 != 0) || (ec_search2 != 0)) {
3978*0a6a1f1dSLionel Sambuc for (j = 0;
3979*0a6a1f1dSLionel Sambuc j < s->session->tlsext_ellipticcurvelist_length / 2;
3980*0a6a1f1dSLionel Sambuc j++) {
3981*0a6a1f1dSLionel Sambuc if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
3982*0a6a1f1dSLionel Sambuc ec_search1)
3983*0a6a1f1dSLionel Sambuc && (s->session->tlsext_ellipticcurvelist[2 * j +
3984*0a6a1f1dSLionel Sambuc 1] ==
3985*0a6a1f1dSLionel Sambuc ec_search2)) {
3986ebfedea0SLionel Sambuc ec_ok = 1;
3987ebfedea0SLionel Sambuc break;
3988ebfedea0SLionel Sambuc }
3989ebfedea0SLionel Sambuc }
3990ebfedea0SLionel Sambuc }
3991ebfedea0SLionel Sambuc }
3992ebfedea0SLionel Sambuc ok = ok && ec_ok;
3993ebfedea0SLionel Sambuc }
3994*0a6a1f1dSLionel Sambuc # ifndef OPENSSL_NO_ECDH
3995ebfedea0SLionel Sambuc if (
3996*0a6a1f1dSLionel Sambuc /*
3997*0a6a1f1dSLionel Sambuc * if we are considering an ECC cipher suite that uses an
3998*0a6a1f1dSLionel Sambuc * ephemeral EC key
3999*0a6a1f1dSLionel Sambuc */
4000ebfedea0SLionel Sambuc (alg_k & SSL_kEECDH)
4001ebfedea0SLionel Sambuc /* and we have an ephemeral EC key */
4002ebfedea0SLionel Sambuc && (s->cert->ecdh_tmp != NULL)
4003*0a6a1f1dSLionel Sambuc /*
4004*0a6a1f1dSLionel Sambuc * and the client specified an EllipticCurves extension
4005*0a6a1f1dSLionel Sambuc */
4006*0a6a1f1dSLionel Sambuc && ((s->session->tlsext_ellipticcurvelist_length > 0)
4007*0a6a1f1dSLionel Sambuc && (s->session->tlsext_ellipticcurvelist != NULL))
4008*0a6a1f1dSLionel Sambuc ) {
4009ebfedea0SLionel Sambuc ec_ok = 0;
4010*0a6a1f1dSLionel Sambuc if (s->cert->ecdh_tmp->group != NULL) {
4011ebfedea0SLionel Sambuc ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
4012ebfedea0SLionel Sambuc if ((ec_nid == 0)
4013ebfedea0SLionel Sambuc && (s->cert->ecdh_tmp->group->meth != NULL)
4014*0a6a1f1dSLionel Sambuc ) {
4015*0a6a1f1dSLionel Sambuc if (EC_METHOD_get_field_type
4016*0a6a1f1dSLionel Sambuc (s->cert->ecdh_tmp->group->meth) ==
4017*0a6a1f1dSLionel Sambuc NID_X9_62_prime_field) {
4018ebfedea0SLionel Sambuc ec_search1 = 0xFF;
4019ebfedea0SLionel Sambuc ec_search2 = 0x01;
4020*0a6a1f1dSLionel Sambuc } else
4021*0a6a1f1dSLionel Sambuc if (EC_METHOD_get_field_type
4022*0a6a1f1dSLionel Sambuc (s->cert->ecdh_tmp->group->meth) ==
4023*0a6a1f1dSLionel Sambuc NID_X9_62_characteristic_two_field) {
4024ebfedea0SLionel Sambuc ec_search1 = 0xFF;
4025ebfedea0SLionel Sambuc ec_search2 = 0x02;
4026ebfedea0SLionel Sambuc }
4027*0a6a1f1dSLionel Sambuc } else {
4028ebfedea0SLionel Sambuc ec_search1 = 0x00;
4029ebfedea0SLionel Sambuc ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4030ebfedea0SLionel Sambuc }
4031*0a6a1f1dSLionel Sambuc if ((ec_search1 != 0) || (ec_search2 != 0)) {
4032*0a6a1f1dSLionel Sambuc for (j = 0;
4033*0a6a1f1dSLionel Sambuc j < s->session->tlsext_ellipticcurvelist_length / 2;
4034*0a6a1f1dSLionel Sambuc j++) {
4035*0a6a1f1dSLionel Sambuc if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
4036*0a6a1f1dSLionel Sambuc ec_search1)
4037*0a6a1f1dSLionel Sambuc && (s->session->tlsext_ellipticcurvelist[2 * j +
4038*0a6a1f1dSLionel Sambuc 1] ==
4039*0a6a1f1dSLionel Sambuc ec_search2)) {
4040ebfedea0SLionel Sambuc ec_ok = 1;
4041ebfedea0SLionel Sambuc break;
4042ebfedea0SLionel Sambuc }
4043ebfedea0SLionel Sambuc }
4044ebfedea0SLionel Sambuc }
4045ebfedea0SLionel Sambuc }
4046ebfedea0SLionel Sambuc ok = ok && ec_ok;
4047ebfedea0SLionel Sambuc }
4048*0a6a1f1dSLionel Sambuc # endif /* OPENSSL_NO_ECDH */
4049ebfedea0SLionel Sambuc # endif /* OPENSSL_NO_EC */
4050ebfedea0SLionel Sambuc #endif /* OPENSSL_NO_TLSEXT */
4051ebfedea0SLionel Sambuc
4052*0a6a1f1dSLionel Sambuc if (!ok)
4053*0a6a1f1dSLionel Sambuc continue;
4054ebfedea0SLionel Sambuc ii = sk_SSL_CIPHER_find(allow, c);
4055*0a6a1f1dSLionel Sambuc if (ii >= 0) {
4056*0a6a1f1dSLionel Sambuc #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4057*0a6a1f1dSLionel Sambuc if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
4058*0a6a1f1dSLionel Sambuc && s->s3->is_probably_safari) {
4059*0a6a1f1dSLionel Sambuc if (!ret)
4060*0a6a1f1dSLionel Sambuc ret = sk_SSL_CIPHER_value(allow, ii);
4061*0a6a1f1dSLionel Sambuc continue;
4062*0a6a1f1dSLionel Sambuc }
4063*0a6a1f1dSLionel Sambuc #endif
4064ebfedea0SLionel Sambuc ret = sk_SSL_CIPHER_value(allow, ii);
4065ebfedea0SLionel Sambuc break;
4066ebfedea0SLionel Sambuc }
4067ebfedea0SLionel Sambuc }
4068ebfedea0SLionel Sambuc return (ret);
4069ebfedea0SLionel Sambuc }
4070ebfedea0SLionel Sambuc
ssl3_get_req_cert_type(SSL * s,unsigned char * p)4071ebfedea0SLionel Sambuc int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4072ebfedea0SLionel Sambuc {
4073ebfedea0SLionel Sambuc int ret = 0;
4074ebfedea0SLionel Sambuc unsigned long alg_k;
4075ebfedea0SLionel Sambuc
4076ebfedea0SLionel Sambuc alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4077ebfedea0SLionel Sambuc
4078ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_GOST
4079*0a6a1f1dSLionel Sambuc if (s->version >= TLS1_VERSION) {
4080*0a6a1f1dSLionel Sambuc if (alg_k & SSL_kGOST) {
4081ebfedea0SLionel Sambuc p[ret++] = TLS_CT_GOST94_SIGN;
4082ebfedea0SLionel Sambuc p[ret++] = TLS_CT_GOST01_SIGN;
4083ebfedea0SLionel Sambuc return (ret);
4084ebfedea0SLionel Sambuc }
4085ebfedea0SLionel Sambuc }
4086ebfedea0SLionel Sambuc #endif
4087ebfedea0SLionel Sambuc
4088ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DH
4089*0a6a1f1dSLionel Sambuc if (alg_k & (SSL_kDHr | SSL_kEDH)) {
4090ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA
4091ebfedea0SLionel Sambuc p[ret++] = SSL3_CT_RSA_FIXED_DH;
4092ebfedea0SLionel Sambuc # endif
4093ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DSA
4094ebfedea0SLionel Sambuc p[ret++] = SSL3_CT_DSS_FIXED_DH;
4095ebfedea0SLionel Sambuc # endif
4096ebfedea0SLionel Sambuc }
4097ebfedea0SLionel Sambuc if ((s->version == SSL3_VERSION) &&
4098*0a6a1f1dSLionel Sambuc (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
4099ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA
4100ebfedea0SLionel Sambuc p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4101ebfedea0SLionel Sambuc # endif
4102ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DSA
4103ebfedea0SLionel Sambuc p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4104ebfedea0SLionel Sambuc # endif
4105ebfedea0SLionel Sambuc }
4106ebfedea0SLionel Sambuc #endif /* !OPENSSL_NO_DH */
4107ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_RSA
4108ebfedea0SLionel Sambuc p[ret++] = SSL3_CT_RSA_SIGN;
4109ebfedea0SLionel Sambuc #endif
4110ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_DSA
4111ebfedea0SLionel Sambuc p[ret++] = SSL3_CT_DSS_SIGN;
4112ebfedea0SLionel Sambuc #endif
4113ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDH
4114*0a6a1f1dSLionel Sambuc if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4115ebfedea0SLionel Sambuc p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4116ebfedea0SLionel Sambuc p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4117ebfedea0SLionel Sambuc }
4118ebfedea0SLionel Sambuc #endif
4119ebfedea0SLionel Sambuc
4120ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ECDSA
4121*0a6a1f1dSLionel Sambuc /*
4122*0a6a1f1dSLionel Sambuc * ECDSA certs can be used with RSA cipher suites as well so we don't
4123*0a6a1f1dSLionel Sambuc * need to check for SSL_kECDH or SSL_kEECDH
4124ebfedea0SLionel Sambuc */
4125*0a6a1f1dSLionel Sambuc if (s->version >= TLS1_VERSION) {
4126ebfedea0SLionel Sambuc p[ret++] = TLS_CT_ECDSA_SIGN;
4127ebfedea0SLionel Sambuc }
4128ebfedea0SLionel Sambuc #endif
4129ebfedea0SLionel Sambuc return (ret);
4130ebfedea0SLionel Sambuc }
4131ebfedea0SLionel Sambuc
ssl3_shutdown(SSL * s)4132ebfedea0SLionel Sambuc int ssl3_shutdown(SSL *s)
4133ebfedea0SLionel Sambuc {
4134ebfedea0SLionel Sambuc int ret;
4135ebfedea0SLionel Sambuc
4136*0a6a1f1dSLionel Sambuc /*
4137*0a6a1f1dSLionel Sambuc * Don't do anything much if we have not done the handshake or we don't
4138*0a6a1f1dSLionel Sambuc * want to send messages :-)
4139*0a6a1f1dSLionel Sambuc */
4140*0a6a1f1dSLionel Sambuc if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4141ebfedea0SLionel Sambuc s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4142ebfedea0SLionel Sambuc return (1);
4143ebfedea0SLionel Sambuc }
4144ebfedea0SLionel Sambuc
4145*0a6a1f1dSLionel Sambuc if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4146ebfedea0SLionel Sambuc s->shutdown |= SSL_SENT_SHUTDOWN;
4147ebfedea0SLionel Sambuc #if 1
4148ebfedea0SLionel Sambuc ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4149ebfedea0SLionel Sambuc #endif
4150*0a6a1f1dSLionel Sambuc /*
4151*0a6a1f1dSLionel Sambuc * our shutdown alert has been sent now, and if it still needs to be
4152*0a6a1f1dSLionel Sambuc * written, s->s3->alert_dispatch will be true
4153*0a6a1f1dSLionel Sambuc */
4154ebfedea0SLionel Sambuc if (s->s3->alert_dispatch)
4155ebfedea0SLionel Sambuc return (-1); /* return WANT_WRITE */
4156*0a6a1f1dSLionel Sambuc } else if (s->s3->alert_dispatch) {
4157ebfedea0SLionel Sambuc /* resend it if not sent */
4158ebfedea0SLionel Sambuc #if 1
4159ebfedea0SLionel Sambuc ret = s->method->ssl_dispatch_alert(s);
4160*0a6a1f1dSLionel Sambuc if (ret == -1) {
4161*0a6a1f1dSLionel Sambuc /*
4162*0a6a1f1dSLionel Sambuc * we only get to return -1 here the 2nd/Nth invocation, we must
4163*0a6a1f1dSLionel Sambuc * have already signalled return 0 upon a previous invoation,
4164*0a6a1f1dSLionel Sambuc * return WANT_WRITE
4165*0a6a1f1dSLionel Sambuc */
4166ebfedea0SLionel Sambuc return (ret);
4167ebfedea0SLionel Sambuc }
4168ebfedea0SLionel Sambuc #endif
4169*0a6a1f1dSLionel Sambuc } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4170*0a6a1f1dSLionel Sambuc /*
4171*0a6a1f1dSLionel Sambuc * If we are waiting for a close from our peer, we are closed
4172*0a6a1f1dSLionel Sambuc */
4173ebfedea0SLionel Sambuc s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4174*0a6a1f1dSLionel Sambuc if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4175ebfedea0SLionel Sambuc return (-1); /* return WANT_READ */
4176ebfedea0SLionel Sambuc }
4177ebfedea0SLionel Sambuc }
4178ebfedea0SLionel Sambuc
4179ebfedea0SLionel Sambuc if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4180ebfedea0SLionel Sambuc !s->s3->alert_dispatch)
4181ebfedea0SLionel Sambuc return (1);
4182ebfedea0SLionel Sambuc else
4183ebfedea0SLionel Sambuc return (0);
4184ebfedea0SLionel Sambuc }
4185ebfedea0SLionel Sambuc
ssl3_write(SSL * s,const void * buf,int len)4186ebfedea0SLionel Sambuc int ssl3_write(SSL *s, const void *buf, int len)
4187ebfedea0SLionel Sambuc {
4188ebfedea0SLionel Sambuc int ret, n;
4189ebfedea0SLionel Sambuc
4190ebfedea0SLionel Sambuc #if 0
4191*0a6a1f1dSLionel Sambuc if (s->shutdown & SSL_SEND_SHUTDOWN) {
4192ebfedea0SLionel Sambuc s->rwstate = SSL_NOTHING;
4193ebfedea0SLionel Sambuc return (0);
4194ebfedea0SLionel Sambuc }
4195ebfedea0SLionel Sambuc #endif
4196ebfedea0SLionel Sambuc clear_sys_error();
4197*0a6a1f1dSLionel Sambuc if (s->s3->renegotiate)
4198*0a6a1f1dSLionel Sambuc ssl3_renegotiate_check(s);
4199ebfedea0SLionel Sambuc
4200*0a6a1f1dSLionel Sambuc /*
4201*0a6a1f1dSLionel Sambuc * This is an experimental flag that sends the last handshake message in
4202*0a6a1f1dSLionel Sambuc * the same packet as the first use data - used to see if it helps the
4203*0a6a1f1dSLionel Sambuc * TCP protocol during session-id reuse
4204*0a6a1f1dSLionel Sambuc */
4205ebfedea0SLionel Sambuc /* The second test is because the buffer may have been removed */
4206*0a6a1f1dSLionel Sambuc if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4207ebfedea0SLionel Sambuc /* First time through, we write into the buffer */
4208*0a6a1f1dSLionel Sambuc if (s->s3->delay_buf_pop_ret == 0) {
4209*0a6a1f1dSLionel Sambuc ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
4210*0a6a1f1dSLionel Sambuc if (ret <= 0)
4211*0a6a1f1dSLionel Sambuc return (ret);
4212ebfedea0SLionel Sambuc
4213ebfedea0SLionel Sambuc s->s3->delay_buf_pop_ret = ret;
4214ebfedea0SLionel Sambuc }
4215ebfedea0SLionel Sambuc
4216ebfedea0SLionel Sambuc s->rwstate = SSL_WRITING;
4217ebfedea0SLionel Sambuc n = BIO_flush(s->wbio);
4218*0a6a1f1dSLionel Sambuc if (n <= 0)
4219*0a6a1f1dSLionel Sambuc return (n);
4220ebfedea0SLionel Sambuc s->rwstate = SSL_NOTHING;
4221ebfedea0SLionel Sambuc
4222ebfedea0SLionel Sambuc /* We have flushed the buffer, so remove it */
4223ebfedea0SLionel Sambuc ssl_free_wbio_buffer(s);
4224ebfedea0SLionel Sambuc s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
4225ebfedea0SLionel Sambuc
4226ebfedea0SLionel Sambuc ret = s->s3->delay_buf_pop_ret;
4227ebfedea0SLionel Sambuc s->s3->delay_buf_pop_ret = 0;
4228*0a6a1f1dSLionel Sambuc } else {
4229ebfedea0SLionel Sambuc ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4230ebfedea0SLionel Sambuc buf, len);
4231*0a6a1f1dSLionel Sambuc if (ret <= 0)
4232*0a6a1f1dSLionel Sambuc return (ret);
4233ebfedea0SLionel Sambuc }
4234ebfedea0SLionel Sambuc
4235ebfedea0SLionel Sambuc return (ret);
4236ebfedea0SLionel Sambuc }
4237ebfedea0SLionel Sambuc
ssl3_read_internal(SSL * s,void * buf,int len,int peek)4238ebfedea0SLionel Sambuc static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4239ebfedea0SLionel Sambuc {
4240ebfedea0SLionel Sambuc int ret;
4241ebfedea0SLionel Sambuc
4242ebfedea0SLionel Sambuc clear_sys_error();
4243*0a6a1f1dSLionel Sambuc if (s->s3->renegotiate)
4244*0a6a1f1dSLionel Sambuc ssl3_renegotiate_check(s);
4245ebfedea0SLionel Sambuc s->s3->in_read_app_data = 1;
4246*0a6a1f1dSLionel Sambuc ret =
4247*0a6a1f1dSLionel Sambuc s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4248*0a6a1f1dSLionel Sambuc peek);
4249*0a6a1f1dSLionel Sambuc if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4250*0a6a1f1dSLionel Sambuc /*
4251*0a6a1f1dSLionel Sambuc * ssl3_read_bytes decided to call s->handshake_func, which called
4252*0a6a1f1dSLionel Sambuc * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4253*0a6a1f1dSLionel Sambuc * actually found application data and thinks that application data
4254*0a6a1f1dSLionel Sambuc * makes sense here; so disable handshake processing and try to read
4255*0a6a1f1dSLionel Sambuc * application data again.
4256*0a6a1f1dSLionel Sambuc */
4257ebfedea0SLionel Sambuc s->in_handshake++;
4258*0a6a1f1dSLionel Sambuc ret =
4259*0a6a1f1dSLionel Sambuc s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4260*0a6a1f1dSLionel Sambuc peek);
4261ebfedea0SLionel Sambuc s->in_handshake--;
4262*0a6a1f1dSLionel Sambuc } else
4263ebfedea0SLionel Sambuc s->s3->in_read_app_data = 0;
4264ebfedea0SLionel Sambuc
4265ebfedea0SLionel Sambuc return (ret);
4266ebfedea0SLionel Sambuc }
4267ebfedea0SLionel Sambuc
ssl3_read(SSL * s,void * buf,int len)4268ebfedea0SLionel Sambuc int ssl3_read(SSL *s, void *buf, int len)
4269ebfedea0SLionel Sambuc {
4270ebfedea0SLionel Sambuc return ssl3_read_internal(s, buf, len, 0);
4271ebfedea0SLionel Sambuc }
4272ebfedea0SLionel Sambuc
ssl3_peek(SSL * s,void * buf,int len)4273ebfedea0SLionel Sambuc int ssl3_peek(SSL *s, void *buf, int len)
4274ebfedea0SLionel Sambuc {
4275ebfedea0SLionel Sambuc return ssl3_read_internal(s, buf, len, 1);
4276ebfedea0SLionel Sambuc }
4277ebfedea0SLionel Sambuc
ssl3_renegotiate(SSL * s)4278ebfedea0SLionel Sambuc int ssl3_renegotiate(SSL *s)
4279ebfedea0SLionel Sambuc {
4280ebfedea0SLionel Sambuc if (s->handshake_func == NULL)
4281ebfedea0SLionel Sambuc return (1);
4282ebfedea0SLionel Sambuc
4283ebfedea0SLionel Sambuc if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4284ebfedea0SLionel Sambuc return (0);
4285ebfedea0SLionel Sambuc
4286ebfedea0SLionel Sambuc s->s3->renegotiate = 1;
4287ebfedea0SLionel Sambuc return (1);
4288ebfedea0SLionel Sambuc }
4289ebfedea0SLionel Sambuc
ssl3_renegotiate_check(SSL * s)4290ebfedea0SLionel Sambuc int ssl3_renegotiate_check(SSL *s)
4291ebfedea0SLionel Sambuc {
4292ebfedea0SLionel Sambuc int ret = 0;
4293ebfedea0SLionel Sambuc
4294*0a6a1f1dSLionel Sambuc if (s->s3->renegotiate) {
4295ebfedea0SLionel Sambuc if ((s->s3->rbuf.left == 0) &&
4296*0a6a1f1dSLionel Sambuc (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
4297ebfedea0SLionel Sambuc /*
4298*0a6a1f1dSLionel Sambuc * if we are the server, and we have sent a 'RENEGOTIATE'
4299*0a6a1f1dSLionel Sambuc * message, we need to go to SSL_ST_ACCEPT.
4300ebfedea0SLionel Sambuc */
4301ebfedea0SLionel Sambuc /* SSL_ST_ACCEPT */
4302ebfedea0SLionel Sambuc s->state = SSL_ST_RENEGOTIATE;
4303ebfedea0SLionel Sambuc s->s3->renegotiate = 0;
4304ebfedea0SLionel Sambuc s->s3->num_renegotiations++;
4305ebfedea0SLionel Sambuc s->s3->total_renegotiations++;
4306ebfedea0SLionel Sambuc ret = 1;
4307ebfedea0SLionel Sambuc }
4308ebfedea0SLionel Sambuc }
4309ebfedea0SLionel Sambuc return (ret);
4310ebfedea0SLionel Sambuc }
4311*0a6a1f1dSLionel Sambuc
4312*0a6a1f1dSLionel Sambuc /*
4313*0a6a1f1dSLionel Sambuc * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4314ebfedea0SLionel Sambuc * to new SHA256 PRF and handshake macs
4315ebfedea0SLionel Sambuc */
ssl_get_algorithm2(SSL * s)4316ebfedea0SLionel Sambuc long ssl_get_algorithm2(SSL *s)
4317ebfedea0SLionel Sambuc {
4318ebfedea0SLionel Sambuc long alg2 = s->s3->tmp.new_cipher->algorithm2;
4319*0a6a1f1dSLionel Sambuc if (s->method->version == TLS1_2_VERSION &&
4320ebfedea0SLionel Sambuc alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4321ebfedea0SLionel Sambuc return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4322ebfedea0SLionel Sambuc return alg2;
4323ebfedea0SLionel Sambuc }
4324