]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_locl.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
20
21 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
23
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
27 };
28 const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
30 };
31
32 /*
33 * The list of available ciphers, mostly organized into the following
34 * groups:
35 * Always there
36 * EC
37 * PSK
38 * SRP (within that: RSA EC PSK)
39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
40 * Weak ciphers
41 */
42 static SSL_CIPHER ssl3_ciphers[] = {
43 {
44 1,
45 SSL3_TXT_RSA_NULL_MD5,
46 SSL3_RFC_RSA_NULL_MD5,
47 SSL3_CK_RSA_NULL_MD5,
48 SSL_kRSA,
49 SSL_aRSA,
50 SSL_eNULL,
51 SSL_MD5,
52 SSL3_VERSION, TLS1_2_VERSION,
53 DTLS1_BAD_VER, DTLS1_2_VERSION,
54 SSL_STRONG_NONE,
55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56 0,
57 0,
58 },
59 {
60 1,
61 SSL3_TXT_RSA_NULL_SHA,
62 SSL3_RFC_RSA_NULL_SHA,
63 SSL3_CK_RSA_NULL_SHA,
64 SSL_kRSA,
65 SSL_aRSA,
66 SSL_eNULL,
67 SSL_SHA1,
68 SSL3_VERSION, TLS1_2_VERSION,
69 DTLS1_BAD_VER, DTLS1_2_VERSION,
70 SSL_STRONG_NONE | SSL_FIPS,
71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
72 0,
73 0,
74 },
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
76 {
77 1,
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 SSL3_CK_RSA_DES_192_CBC3_SHA,
81 SSL_kRSA,
82 SSL_aRSA,
83 SSL_3DES,
84 SSL_SHA1,
85 SSL3_VERSION, TLS1_2_VERSION,
86 DTLS1_BAD_VER, DTLS1_2_VERSION,
87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
89 112,
90 168,
91 },
92 {
93 1,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
97 SSL_kDHE,
98 SSL_aDSS,
99 SSL_3DES,
100 SSL_SHA1,
101 SSL3_VERSION, TLS1_2_VERSION,
102 DTLS1_BAD_VER, DTLS1_2_VERSION,
103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
105 112,
106 168,
107 },
108 {
109 1,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
113 SSL_kDHE,
114 SSL_aRSA,
115 SSL_3DES,
116 SSL_SHA1,
117 SSL3_VERSION, TLS1_2_VERSION,
118 DTLS1_BAD_VER, DTLS1_2_VERSION,
119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
121 112,
122 168,
123 },
124 {
125 1,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
127 SSL3_RFC_ADH_DES_192_CBC_SHA,
128 SSL3_CK_ADH_DES_192_CBC_SHA,
129 SSL_kDHE,
130 SSL_aNULL,
131 SSL_3DES,
132 SSL_SHA1,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
137 112,
138 168,
139 },
140 #endif
141 {
142 1,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
144 TLS1_RFC_RSA_WITH_AES_128_SHA,
145 TLS1_CK_RSA_WITH_AES_128_SHA,
146 SSL_kRSA,
147 SSL_aRSA,
148 SSL_AES128,
149 SSL_SHA1,
150 SSL3_VERSION, TLS1_2_VERSION,
151 DTLS1_BAD_VER, DTLS1_2_VERSION,
152 SSL_HIGH | SSL_FIPS,
153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
154 128,
155 128,
156 },
157 {
158 1,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
162 SSL_kDHE,
163 SSL_aDSS,
164 SSL_AES128,
165 SSL_SHA1,
166 SSL3_VERSION, TLS1_2_VERSION,
167 DTLS1_BAD_VER, DTLS1_2_VERSION,
168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
170 128,
171 128,
172 },
173 {
174 1,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
178 SSL_kDHE,
179 SSL_aRSA,
180 SSL_AES128,
181 SSL_SHA1,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
184 SSL_HIGH | SSL_FIPS,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
186 128,
187 128,
188 },
189 {
190 1,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
192 TLS1_RFC_ADH_WITH_AES_128_SHA,
193 TLS1_CK_ADH_WITH_AES_128_SHA,
194 SSL_kDHE,
195 SSL_aNULL,
196 SSL_AES128,
197 SSL_SHA1,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
202 128,
203 128,
204 },
205 {
206 1,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
208 TLS1_RFC_RSA_WITH_AES_256_SHA,
209 TLS1_CK_RSA_WITH_AES_256_SHA,
210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_AES256,
213 SSL_SHA1,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
216 SSL_HIGH | SSL_FIPS,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218 256,
219 256,
220 },
221 {
222 1,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
226 SSL_kDHE,
227 SSL_aDSS,
228 SSL_AES256,
229 SSL_SHA1,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
234 256,
235 256,
236 },
237 {
238 1,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
242 SSL_kDHE,
243 SSL_aRSA,
244 SSL_AES256,
245 SSL_SHA1,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
248 SSL_HIGH | SSL_FIPS,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
250 256,
251 256,
252 },
253 {
254 1,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
256 TLS1_RFC_ADH_WITH_AES_256_SHA,
257 TLS1_CK_ADH_WITH_AES_256_SHA,
258 SSL_kDHE,
259 SSL_aNULL,
260 SSL_AES256,
261 SSL_SHA1,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
266 256,
267 256,
268 },
269 {
270 1,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
272 TLS1_RFC_RSA_WITH_NULL_SHA256,
273 TLS1_CK_RSA_WITH_NULL_SHA256,
274 SSL_kRSA,
275 SSL_aRSA,
276 SSL_eNULL,
277 SSL_SHA256,
278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
280 SSL_STRONG_NONE | SSL_FIPS,
281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
282 0,
283 0,
284 },
285 {
286 1,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 TLS1_CK_RSA_WITH_AES_128_SHA256,
290 SSL_kRSA,
291 SSL_aRSA,
292 SSL_AES128,
293 SSL_SHA256,
294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
296 SSL_HIGH | SSL_FIPS,
297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
298 128,
299 128,
300 },
301 {
302 1,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 TLS1_CK_RSA_WITH_AES_256_SHA256,
306 SSL_kRSA,
307 SSL_aRSA,
308 SSL_AES256,
309 SSL_SHA256,
310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
312 SSL_HIGH | SSL_FIPS,
313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
314 256,
315 256,
316 },
317 {
318 1,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
322 SSL_kDHE,
323 SSL_aDSS,
324 SSL_AES128,
325 SSL_SHA256,
326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
330 128,
331 128,
332 },
333 {
334 1,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
338 SSL_kDHE,
339 SSL_aRSA,
340 SSL_AES128,
341 SSL_SHA256,
342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
344 SSL_HIGH | SSL_FIPS,
345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
346 128,
347 128,
348 },
349 {
350 1,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
354 SSL_kDHE,
355 SSL_aDSS,
356 SSL_AES256,
357 SSL_SHA256,
358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
362 256,
363 256,
364 },
365 {
366 1,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
370 SSL_kDHE,
371 SSL_aRSA,
372 SSL_AES256,
373 SSL_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
376 SSL_HIGH | SSL_FIPS,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
378 256,
379 256,
380 },
381 {
382 1,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 TLS1_CK_ADH_WITH_AES_128_SHA256,
386 SSL_kDHE,
387 SSL_aNULL,
388 SSL_AES128,
389 SSL_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
394 128,
395 128,
396 },
397 {
398 1,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 TLS1_CK_ADH_WITH_AES_256_SHA256,
402 SSL_kDHE,
403 SSL_aNULL,
404 SSL_AES256,
405 SSL_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
410 256,
411 256,
412 },
413 {
414 1,
415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
418 SSL_kRSA,
419 SSL_aRSA,
420 SSL_AES128GCM,
421 SSL_AEAD,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
424 SSL_HIGH | SSL_FIPS,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
426 128,
427 128,
428 },
429 {
430 1,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
434 SSL_kRSA,
435 SSL_aRSA,
436 SSL_AES256GCM,
437 SSL_AEAD,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
440 SSL_HIGH | SSL_FIPS,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
442 256,
443 256,
444 },
445 {
446 1,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
450 SSL_kDHE,
451 SSL_aRSA,
452 SSL_AES128GCM,
453 SSL_AEAD,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
456 SSL_HIGH | SSL_FIPS,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
458 128,
459 128,
460 },
461 {
462 1,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
466 SSL_kDHE,
467 SSL_aRSA,
468 SSL_AES256GCM,
469 SSL_AEAD,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
472 SSL_HIGH | SSL_FIPS,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
474 256,
475 256,
476 },
477 {
478 1,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
482 SSL_kDHE,
483 SSL_aDSS,
484 SSL_AES128GCM,
485 SSL_AEAD,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
490 128,
491 128,
492 },
493 {
494 1,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
498 SSL_kDHE,
499 SSL_aDSS,
500 SSL_AES256GCM,
501 SSL_AEAD,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
506 256,
507 256,
508 },
509 {
510 1,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
514 SSL_kDHE,
515 SSL_aNULL,
516 SSL_AES128GCM,
517 SSL_AEAD,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
522 128,
523 128,
524 },
525 {
526 1,
527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
530 SSL_kDHE,
531 SSL_aNULL,
532 SSL_AES256GCM,
533 SSL_AEAD,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
538 256,
539 256,
540 },
541 {
542 1,
543 TLS1_TXT_RSA_WITH_AES_128_CCM,
544 TLS1_RFC_RSA_WITH_AES_128_CCM,
545 TLS1_CK_RSA_WITH_AES_128_CCM,
546 SSL_kRSA,
547 SSL_aRSA,
548 SSL_AES128CCM,
549 SSL_AEAD,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554 128,
555 128,
556 },
557 {
558 1,
559 TLS1_TXT_RSA_WITH_AES_256_CCM,
560 TLS1_RFC_RSA_WITH_AES_256_CCM,
561 TLS1_CK_RSA_WITH_AES_256_CCM,
562 SSL_kRSA,
563 SSL_aRSA,
564 SSL_AES256CCM,
565 SSL_AEAD,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
570 256,
571 256,
572 },
573 {
574 1,
575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
578 SSL_kDHE,
579 SSL_aRSA,
580 SSL_AES128CCM,
581 SSL_AEAD,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
586 128,
587 128,
588 },
589 {
590 1,
591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
594 SSL_kDHE,
595 SSL_aRSA,
596 SSL_AES256CCM,
597 SSL_AEAD,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
602 256,
603 256,
604 },
605 {
606 1,
607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
610 SSL_kRSA,
611 SSL_aRSA,
612 SSL_AES128CCM8,
613 SSL_AEAD,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
618 128,
619 128,
620 },
621 {
622 1,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
626 SSL_kRSA,
627 SSL_aRSA,
628 SSL_AES256CCM8,
629 SSL_AEAD,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
634 256,
635 256,
636 },
637 {
638 1,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
642 SSL_kDHE,
643 SSL_aRSA,
644 SSL_AES128CCM8,
645 SSL_AEAD,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
650 128,
651 128,
652 },
653 {
654 1,
655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
658 SSL_kDHE,
659 SSL_aRSA,
660 SSL_AES256CCM8,
661 SSL_AEAD,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
666 256,
667 256,
668 },
669 {
670 1,
671 TLS1_TXT_PSK_WITH_AES_128_CCM,
672 TLS1_RFC_PSK_WITH_AES_128_CCM,
673 TLS1_CK_PSK_WITH_AES_128_CCM,
674 SSL_kPSK,
675 SSL_aPSK,
676 SSL_AES128CCM,
677 SSL_AEAD,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
682 128,
683 128,
684 },
685 {
686 1,
687 TLS1_TXT_PSK_WITH_AES_256_CCM,
688 TLS1_RFC_PSK_WITH_AES_256_CCM,
689 TLS1_CK_PSK_WITH_AES_256_CCM,
690 SSL_kPSK,
691 SSL_aPSK,
692 SSL_AES256CCM,
693 SSL_AEAD,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 256,
699 256,
700 },
701 {
702 1,
703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
706 SSL_kDHEPSK,
707 SSL_aPSK,
708 SSL_AES128CCM,
709 SSL_AEAD,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
714 128,
715 128,
716 },
717 {
718 1,
719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
722 SSL_kDHEPSK,
723 SSL_aPSK,
724 SSL_AES256CCM,
725 SSL_AEAD,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
730 256,
731 256,
732 },
733 {
734 1,
735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
738 SSL_kPSK,
739 SSL_aPSK,
740 SSL_AES128CCM8,
741 SSL_AEAD,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
746 128,
747 128,
748 },
749 {
750 1,
751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
754 SSL_kPSK,
755 SSL_aPSK,
756 SSL_AES256CCM8,
757 SSL_AEAD,
758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
762 256,
763 256,
764 },
765 {
766 1,
767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
770 SSL_kDHEPSK,
771 SSL_aPSK,
772 SSL_AES128CCM8,
773 SSL_AEAD,
774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
778 128,
779 128,
780 },
781 {
782 1,
783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
786 SSL_kDHEPSK,
787 SSL_aPSK,
788 SSL_AES256CCM8,
789 SSL_AEAD,
790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
794 256,
795 256,
796 },
797 {
798 1,
799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
802 SSL_kECDHE,
803 SSL_aECDSA,
804 SSL_AES128CCM,
805 SSL_AEAD,
806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
808 SSL_NOT_DEFAULT | SSL_HIGH,
809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
810 128,
811 128,
812 },
813 {
814 1,
815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
818 SSL_kECDHE,
819 SSL_aECDSA,
820 SSL_AES256CCM,
821 SSL_AEAD,
822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
826 256,
827 256,
828 },
829 {
830 1,
831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
834 SSL_kECDHE,
835 SSL_aECDSA,
836 SSL_AES128CCM8,
837 SSL_AEAD,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
842 128,
843 128,
844 },
845 {
846 1,
847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
850 SSL_kECDHE,
851 SSL_aECDSA,
852 SSL_AES256CCM8,
853 SSL_AEAD,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
858 256,
859 256,
860 },
861 {
862 1,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
864 TLS1_3_RFC_AES_128_GCM_SHA256,
865 TLS1_3_CK_AES_128_GCM_SHA256,
866 0, 0,
867 SSL_AES128GCM,
868 SSL_AEAD,
869 TLS1_3_VERSION, TLS1_3_VERSION,
870 SSL_kANY,
871 SSL_aANY,
872 SSL_HIGH,
873 SSL_HANDSHAKE_MAC_SHA256,
874 128,
875 128,
876 },
877 {
878 1,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
880 TLS1_3_RFC_AES_256_GCM_SHA384,
881 TLS1_3_CK_AES_256_GCM_SHA384,
882 SSL_kANY,
883 SSL_aANY,
884 SSL_AES256GCM,
885 SSL_AEAD,
886 TLS1_3_VERSION, TLS1_3_VERSION,
887 0, 0,
888 SSL_HIGH,
889 SSL_HANDSHAKE_MAC_SHA384,
890 256,
891 256,
892 },
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
894 {
895 1,
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
899 SSL_kANY,
900 SSL_aANY,
901 SSL_CHACHA20POLY1305,
902 SSL_AEAD,
903 TLS1_3_VERSION, TLS1_3_VERSION,
904 0, 0,
905 SSL_HIGH,
906 SSL_HANDSHAKE_MAC_SHA256,
907 256,
908 256,
909 },
910 #endif
911 {
912 1,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
914 TLS1_3_RFC_AES_128_CCM_SHA256,
915 TLS1_3_CK_AES_128_CCM_SHA256,
916 SSL_kANY,
917 SSL_aANY,
918 SSL_AES128CCM,
919 SSL_AEAD,
920 TLS1_3_VERSION, TLS1_3_VERSION,
921 0, 0,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
924 128,
925 128,
926 },
927 {
928 1,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 TLS1_3_CK_AES_128_CCM_8_SHA256,
932 SSL_kANY,
933 SSL_aANY,
934 SSL_AES128CCM8,
935 SSL_AEAD,
936 TLS1_3_VERSION, TLS1_3_VERSION,
937 0, 0,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
940 128,
941 128,
942 },
943 {
944 1,
945 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
946 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
947 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
948 SSL_kECDHE,
949 SSL_aECDSA,
950 SSL_eNULL,
951 SSL_SHA1,
952 TLS1_VERSION, TLS1_2_VERSION,
953 DTLS1_BAD_VER, DTLS1_2_VERSION,
954 SSL_STRONG_NONE | SSL_FIPS,
955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
956 0,
957 0,
958 },
959 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
960 {
961 1,
962 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
963 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
964 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965 SSL_kECDHE,
966 SSL_aECDSA,
967 SSL_3DES,
968 SSL_SHA1,
969 TLS1_VERSION, TLS1_2_VERSION,
970 DTLS1_BAD_VER, DTLS1_2_VERSION,
971 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
972 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
973 112,
974 168,
975 },
976 # endif
977 {
978 1,
979 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
980 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
981 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982 SSL_kECDHE,
983 SSL_aECDSA,
984 SSL_AES128,
985 SSL_SHA1,
986 TLS1_VERSION, TLS1_2_VERSION,
987 DTLS1_BAD_VER, DTLS1_2_VERSION,
988 SSL_HIGH | SSL_FIPS,
989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
990 128,
991 128,
992 },
993 {
994 1,
995 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
996 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998 SSL_kECDHE,
999 SSL_aECDSA,
1000 SSL_AES256,
1001 SSL_SHA1,
1002 TLS1_VERSION, TLS1_2_VERSION,
1003 DTLS1_BAD_VER, DTLS1_2_VERSION,
1004 SSL_HIGH | SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1006 256,
1007 256,
1008 },
1009 {
1010 1,
1011 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1012 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1013 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1014 SSL_kECDHE,
1015 SSL_aRSA,
1016 SSL_eNULL,
1017 SSL_SHA1,
1018 TLS1_VERSION, TLS1_2_VERSION,
1019 DTLS1_BAD_VER, DTLS1_2_VERSION,
1020 SSL_STRONG_NONE | SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1022 0,
1023 0,
1024 },
1025 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1026 {
1027 1,
1028 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1029 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1030 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031 SSL_kECDHE,
1032 SSL_aRSA,
1033 SSL_3DES,
1034 SSL_SHA1,
1035 TLS1_VERSION, TLS1_2_VERSION,
1036 DTLS1_BAD_VER, DTLS1_2_VERSION,
1037 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1039 112,
1040 168,
1041 },
1042 # endif
1043 {
1044 1,
1045 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1046 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1047 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048 SSL_kECDHE,
1049 SSL_aRSA,
1050 SSL_AES128,
1051 SSL_SHA1,
1052 TLS1_VERSION, TLS1_2_VERSION,
1053 DTLS1_BAD_VER, DTLS1_2_VERSION,
1054 SSL_HIGH | SSL_FIPS,
1055 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1056 128,
1057 128,
1058 },
1059 {
1060 1,
1061 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1062 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1063 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064 SSL_kECDHE,
1065 SSL_aRSA,
1066 SSL_AES256,
1067 SSL_SHA1,
1068 TLS1_VERSION, TLS1_2_VERSION,
1069 DTLS1_BAD_VER, DTLS1_2_VERSION,
1070 SSL_HIGH | SSL_FIPS,
1071 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1072 256,
1073 256,
1074 },
1075 {
1076 1,
1077 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1078 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1079 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1080 SSL_kECDHE,
1081 SSL_aNULL,
1082 SSL_eNULL,
1083 SSL_SHA1,
1084 TLS1_VERSION, TLS1_2_VERSION,
1085 DTLS1_BAD_VER, DTLS1_2_VERSION,
1086 SSL_STRONG_NONE | SSL_FIPS,
1087 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1088 0,
1089 0,
1090 },
1091 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1092 {
1093 1,
1094 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1095 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1096 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097 SSL_kECDHE,
1098 SSL_aNULL,
1099 SSL_3DES,
1100 SSL_SHA1,
1101 TLS1_VERSION, TLS1_2_VERSION,
1102 DTLS1_BAD_VER, DTLS1_2_VERSION,
1103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1105 112,
1106 168,
1107 },
1108 # endif
1109 {
1110 1,
1111 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1112 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1113 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1114 SSL_kECDHE,
1115 SSL_aNULL,
1116 SSL_AES128,
1117 SSL_SHA1,
1118 TLS1_VERSION, TLS1_2_VERSION,
1119 DTLS1_BAD_VER, DTLS1_2_VERSION,
1120 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1121 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1122 128,
1123 128,
1124 },
1125 {
1126 1,
1127 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1128 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1129 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1130 SSL_kECDHE,
1131 SSL_aNULL,
1132 SSL_AES256,
1133 SSL_SHA1,
1134 TLS1_VERSION, TLS1_2_VERSION,
1135 DTLS1_BAD_VER, DTLS1_2_VERSION,
1136 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1137 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1138 256,
1139 256,
1140 },
1141 {
1142 1,
1143 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1144 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1145 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146 SSL_kECDHE,
1147 SSL_aECDSA,
1148 SSL_AES128,
1149 SSL_SHA256,
1150 TLS1_2_VERSION, TLS1_2_VERSION,
1151 DTLS1_2_VERSION, DTLS1_2_VERSION,
1152 SSL_HIGH | SSL_FIPS,
1153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1154 128,
1155 128,
1156 },
1157 {
1158 1,
1159 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1160 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1161 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162 SSL_kECDHE,
1163 SSL_aECDSA,
1164 SSL_AES256,
1165 SSL_SHA384,
1166 TLS1_2_VERSION, TLS1_2_VERSION,
1167 DTLS1_2_VERSION, DTLS1_2_VERSION,
1168 SSL_HIGH | SSL_FIPS,
1169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1170 256,
1171 256,
1172 },
1173 {
1174 1,
1175 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1176 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1177 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1178 SSL_kECDHE,
1179 SSL_aRSA,
1180 SSL_AES128,
1181 SSL_SHA256,
1182 TLS1_2_VERSION, TLS1_2_VERSION,
1183 DTLS1_2_VERSION, DTLS1_2_VERSION,
1184 SSL_HIGH | SSL_FIPS,
1185 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1186 128,
1187 128,
1188 },
1189 {
1190 1,
1191 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1192 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1193 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1194 SSL_kECDHE,
1195 SSL_aRSA,
1196 SSL_AES256,
1197 SSL_SHA384,
1198 TLS1_2_VERSION, TLS1_2_VERSION,
1199 DTLS1_2_VERSION, DTLS1_2_VERSION,
1200 SSL_HIGH | SSL_FIPS,
1201 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1202 256,
1203 256,
1204 },
1205 {
1206 1,
1207 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1208 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1209 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210 SSL_kECDHE,
1211 SSL_aECDSA,
1212 SSL_AES128GCM,
1213 SSL_AEAD,
1214 TLS1_2_VERSION, TLS1_2_VERSION,
1215 DTLS1_2_VERSION, DTLS1_2_VERSION,
1216 SSL_HIGH | SSL_FIPS,
1217 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1218 128,
1219 128,
1220 },
1221 {
1222 1,
1223 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1224 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1225 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226 SSL_kECDHE,
1227 SSL_aECDSA,
1228 SSL_AES256GCM,
1229 SSL_AEAD,
1230 TLS1_2_VERSION, TLS1_2_VERSION,
1231 DTLS1_2_VERSION, DTLS1_2_VERSION,
1232 SSL_HIGH | SSL_FIPS,
1233 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1234 256,
1235 256,
1236 },
1237 {
1238 1,
1239 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1240 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1241 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242 SSL_kECDHE,
1243 SSL_aRSA,
1244 SSL_AES128GCM,
1245 SSL_AEAD,
1246 TLS1_2_VERSION, TLS1_2_VERSION,
1247 DTLS1_2_VERSION, DTLS1_2_VERSION,
1248 SSL_HIGH | SSL_FIPS,
1249 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1250 128,
1251 128,
1252 },
1253 {
1254 1,
1255 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1256 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1257 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258 SSL_kECDHE,
1259 SSL_aRSA,
1260 SSL_AES256GCM,
1261 SSL_AEAD,
1262 TLS1_2_VERSION, TLS1_2_VERSION,
1263 DTLS1_2_VERSION, DTLS1_2_VERSION,
1264 SSL_HIGH | SSL_FIPS,
1265 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1266 256,
1267 256,
1268 },
1269 {
1270 1,
1271 TLS1_TXT_PSK_WITH_NULL_SHA,
1272 TLS1_RFC_PSK_WITH_NULL_SHA,
1273 TLS1_CK_PSK_WITH_NULL_SHA,
1274 SSL_kPSK,
1275 SSL_aPSK,
1276 SSL_eNULL,
1277 SSL_SHA1,
1278 SSL3_VERSION, TLS1_2_VERSION,
1279 DTLS1_BAD_VER, DTLS1_2_VERSION,
1280 SSL_STRONG_NONE | SSL_FIPS,
1281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1282 0,
1283 0,
1284 },
1285 {
1286 1,
1287 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1288 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1289 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1290 SSL_kDHEPSK,
1291 SSL_aPSK,
1292 SSL_eNULL,
1293 SSL_SHA1,
1294 SSL3_VERSION, TLS1_2_VERSION,
1295 DTLS1_BAD_VER, DTLS1_2_VERSION,
1296 SSL_STRONG_NONE | SSL_FIPS,
1297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1298 0,
1299 0,
1300 },
1301 {
1302 1,
1303 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1304 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1305 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1306 SSL_kRSAPSK,
1307 SSL_aRSA,
1308 SSL_eNULL,
1309 SSL_SHA1,
1310 SSL3_VERSION, TLS1_2_VERSION,
1311 DTLS1_BAD_VER, DTLS1_2_VERSION,
1312 SSL_STRONG_NONE | SSL_FIPS,
1313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1314 0,
1315 0,
1316 },
1317 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1318 {
1319 1,
1320 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1321 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1322 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1323 SSL_kPSK,
1324 SSL_aPSK,
1325 SSL_3DES,
1326 SSL_SHA1,
1327 SSL3_VERSION, TLS1_2_VERSION,
1328 DTLS1_BAD_VER, DTLS1_2_VERSION,
1329 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1331 112,
1332 168,
1333 },
1334 # endif
1335 {
1336 1,
1337 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1338 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1339 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1340 SSL_kPSK,
1341 SSL_aPSK,
1342 SSL_AES128,
1343 SSL_SHA1,
1344 SSL3_VERSION, TLS1_2_VERSION,
1345 DTLS1_BAD_VER, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348 128,
1349 128,
1350 },
1351 {
1352 1,
1353 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1354 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1355 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1356 SSL_kPSK,
1357 SSL_aPSK,
1358 SSL_AES256,
1359 SSL_SHA1,
1360 SSL3_VERSION, TLS1_2_VERSION,
1361 DTLS1_BAD_VER, DTLS1_2_VERSION,
1362 SSL_HIGH | SSL_FIPS,
1363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1364 256,
1365 256,
1366 },
1367 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1368 {
1369 1,
1370 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1371 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1372 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1373 SSL_kDHEPSK,
1374 SSL_aPSK,
1375 SSL_3DES,
1376 SSL_SHA1,
1377 SSL3_VERSION, TLS1_2_VERSION,
1378 DTLS1_BAD_VER, DTLS1_2_VERSION,
1379 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1380 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1381 112,
1382 168,
1383 },
1384 # endif
1385 {
1386 1,
1387 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1388 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1389 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1390 SSL_kDHEPSK,
1391 SSL_aPSK,
1392 SSL_AES128,
1393 SSL_SHA1,
1394 SSL3_VERSION, TLS1_2_VERSION,
1395 DTLS1_BAD_VER, DTLS1_2_VERSION,
1396 SSL_HIGH | SSL_FIPS,
1397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1398 128,
1399 128,
1400 },
1401 {
1402 1,
1403 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1404 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1405 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1406 SSL_kDHEPSK,
1407 SSL_aPSK,
1408 SSL_AES256,
1409 SSL_SHA1,
1410 SSL3_VERSION, TLS1_2_VERSION,
1411 DTLS1_BAD_VER, DTLS1_2_VERSION,
1412 SSL_HIGH | SSL_FIPS,
1413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1414 256,
1415 256,
1416 },
1417 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1418 {
1419 1,
1420 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1421 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1422 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1423 SSL_kRSAPSK,
1424 SSL_aRSA,
1425 SSL_3DES,
1426 SSL_SHA1,
1427 SSL3_VERSION, TLS1_2_VERSION,
1428 DTLS1_BAD_VER, DTLS1_2_VERSION,
1429 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1431 112,
1432 168,
1433 },
1434 # endif
1435 {
1436 1,
1437 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1438 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1439 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1440 SSL_kRSAPSK,
1441 SSL_aRSA,
1442 SSL_AES128,
1443 SSL_SHA1,
1444 SSL3_VERSION, TLS1_2_VERSION,
1445 DTLS1_BAD_VER, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1448 128,
1449 128,
1450 },
1451 {
1452 1,
1453 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1454 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1456 SSL_kRSAPSK,
1457 SSL_aRSA,
1458 SSL_AES256,
1459 SSL_SHA1,
1460 SSL3_VERSION, TLS1_2_VERSION,
1461 DTLS1_BAD_VER, DTLS1_2_VERSION,
1462 SSL_HIGH | SSL_FIPS,
1463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1464 256,
1465 256,
1466 },
1467 {
1468 1,
1469 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1470 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1471 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1472 SSL_kPSK,
1473 SSL_aPSK,
1474 SSL_AES128GCM,
1475 SSL_AEAD,
1476 TLS1_2_VERSION, TLS1_2_VERSION,
1477 DTLS1_2_VERSION, DTLS1_2_VERSION,
1478 SSL_HIGH | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1480 128,
1481 128,
1482 },
1483 {
1484 1,
1485 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1486 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1487 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1488 SSL_kPSK,
1489 SSL_aPSK,
1490 SSL_AES256GCM,
1491 SSL_AEAD,
1492 TLS1_2_VERSION, TLS1_2_VERSION,
1493 DTLS1_2_VERSION, DTLS1_2_VERSION,
1494 SSL_HIGH | SSL_FIPS,
1495 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1496 256,
1497 256,
1498 },
1499 {
1500 1,
1501 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1502 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1503 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1504 SSL_kDHEPSK,
1505 SSL_aPSK,
1506 SSL_AES128GCM,
1507 SSL_AEAD,
1508 TLS1_2_VERSION, TLS1_2_VERSION,
1509 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510 SSL_HIGH | SSL_FIPS,
1511 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1512 128,
1513 128,
1514 },
1515 {
1516 1,
1517 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1518 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1519 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1520 SSL_kDHEPSK,
1521 SSL_aPSK,
1522 SSL_AES256GCM,
1523 SSL_AEAD,
1524 TLS1_2_VERSION, TLS1_2_VERSION,
1525 DTLS1_2_VERSION, DTLS1_2_VERSION,
1526 SSL_HIGH | SSL_FIPS,
1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1528 256,
1529 256,
1530 },
1531 {
1532 1,
1533 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1534 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1535 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1536 SSL_kRSAPSK,
1537 SSL_aRSA,
1538 SSL_AES128GCM,
1539 SSL_AEAD,
1540 TLS1_2_VERSION, TLS1_2_VERSION,
1541 DTLS1_2_VERSION, DTLS1_2_VERSION,
1542 SSL_HIGH | SSL_FIPS,
1543 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1544 128,
1545 128,
1546 },
1547 {
1548 1,
1549 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1550 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1551 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1552 SSL_kRSAPSK,
1553 SSL_aRSA,
1554 SSL_AES256GCM,
1555 SSL_AEAD,
1556 TLS1_2_VERSION, TLS1_2_VERSION,
1557 DTLS1_2_VERSION, DTLS1_2_VERSION,
1558 SSL_HIGH | SSL_FIPS,
1559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1560 256,
1561 256,
1562 },
1563 {
1564 1,
1565 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1566 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1567 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1568 SSL_kPSK,
1569 SSL_aPSK,
1570 SSL_AES128,
1571 SSL_SHA256,
1572 TLS1_VERSION, TLS1_2_VERSION,
1573 DTLS1_BAD_VER, DTLS1_2_VERSION,
1574 SSL_HIGH | SSL_FIPS,
1575 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1576 128,
1577 128,
1578 },
1579 {
1580 1,
1581 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1582 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1583 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1584 SSL_kPSK,
1585 SSL_aPSK,
1586 SSL_AES256,
1587 SSL_SHA384,
1588 TLS1_VERSION, TLS1_2_VERSION,
1589 DTLS1_BAD_VER, DTLS1_2_VERSION,
1590 SSL_HIGH | SSL_FIPS,
1591 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1592 256,
1593 256,
1594 },
1595 {
1596 1,
1597 TLS1_TXT_PSK_WITH_NULL_SHA256,
1598 TLS1_RFC_PSK_WITH_NULL_SHA256,
1599 TLS1_CK_PSK_WITH_NULL_SHA256,
1600 SSL_kPSK,
1601 SSL_aPSK,
1602 SSL_eNULL,
1603 SSL_SHA256,
1604 TLS1_VERSION, TLS1_2_VERSION,
1605 DTLS1_BAD_VER, DTLS1_2_VERSION,
1606 SSL_STRONG_NONE | SSL_FIPS,
1607 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1608 0,
1609 0,
1610 },
1611 {
1612 1,
1613 TLS1_TXT_PSK_WITH_NULL_SHA384,
1614 TLS1_RFC_PSK_WITH_NULL_SHA384,
1615 TLS1_CK_PSK_WITH_NULL_SHA384,
1616 SSL_kPSK,
1617 SSL_aPSK,
1618 SSL_eNULL,
1619 SSL_SHA384,
1620 TLS1_VERSION, TLS1_2_VERSION,
1621 DTLS1_BAD_VER, DTLS1_2_VERSION,
1622 SSL_STRONG_NONE | SSL_FIPS,
1623 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1624 0,
1625 0,
1626 },
1627 {
1628 1,
1629 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1630 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1631 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1632 SSL_kDHEPSK,
1633 SSL_aPSK,
1634 SSL_AES128,
1635 SSL_SHA256,
1636 TLS1_VERSION, TLS1_2_VERSION,
1637 DTLS1_BAD_VER, DTLS1_2_VERSION,
1638 SSL_HIGH | SSL_FIPS,
1639 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1640 128,
1641 128,
1642 },
1643 {
1644 1,
1645 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1646 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1647 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1648 SSL_kDHEPSK,
1649 SSL_aPSK,
1650 SSL_AES256,
1651 SSL_SHA384,
1652 TLS1_VERSION, TLS1_2_VERSION,
1653 DTLS1_BAD_VER, DTLS1_2_VERSION,
1654 SSL_HIGH | SSL_FIPS,
1655 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1656 256,
1657 256,
1658 },
1659 {
1660 1,
1661 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1662 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1663 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1664 SSL_kDHEPSK,
1665 SSL_aPSK,
1666 SSL_eNULL,
1667 SSL_SHA256,
1668 TLS1_VERSION, TLS1_2_VERSION,
1669 DTLS1_BAD_VER, DTLS1_2_VERSION,
1670 SSL_STRONG_NONE | SSL_FIPS,
1671 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1672 0,
1673 0,
1674 },
1675 {
1676 1,
1677 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1678 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1679 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1680 SSL_kDHEPSK,
1681 SSL_aPSK,
1682 SSL_eNULL,
1683 SSL_SHA384,
1684 TLS1_VERSION, TLS1_2_VERSION,
1685 DTLS1_BAD_VER, DTLS1_2_VERSION,
1686 SSL_STRONG_NONE | SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1688 0,
1689 0,
1690 },
1691 {
1692 1,
1693 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1694 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1695 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1696 SSL_kRSAPSK,
1697 SSL_aRSA,
1698 SSL_AES128,
1699 SSL_SHA256,
1700 TLS1_VERSION, TLS1_2_VERSION,
1701 DTLS1_BAD_VER, DTLS1_2_VERSION,
1702 SSL_HIGH | SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1704 128,
1705 128,
1706 },
1707 {
1708 1,
1709 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1710 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1711 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1712 SSL_kRSAPSK,
1713 SSL_aRSA,
1714 SSL_AES256,
1715 SSL_SHA384,
1716 TLS1_VERSION, TLS1_2_VERSION,
1717 DTLS1_BAD_VER, DTLS1_2_VERSION,
1718 SSL_HIGH | SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1720 256,
1721 256,
1722 },
1723 {
1724 1,
1725 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1726 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1727 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1728 SSL_kRSAPSK,
1729 SSL_aRSA,
1730 SSL_eNULL,
1731 SSL_SHA256,
1732 TLS1_VERSION, TLS1_2_VERSION,
1733 DTLS1_BAD_VER, DTLS1_2_VERSION,
1734 SSL_STRONG_NONE | SSL_FIPS,
1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1736 0,
1737 0,
1738 },
1739 {
1740 1,
1741 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1742 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1743 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1744 SSL_kRSAPSK,
1745 SSL_aRSA,
1746 SSL_eNULL,
1747 SSL_SHA384,
1748 TLS1_VERSION, TLS1_2_VERSION,
1749 DTLS1_BAD_VER, DTLS1_2_VERSION,
1750 SSL_STRONG_NONE | SSL_FIPS,
1751 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1752 0,
1753 0,
1754 },
1755 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1756 {
1757 1,
1758 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1759 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1760 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1761 SSL_kECDHEPSK,
1762 SSL_aPSK,
1763 SSL_3DES,
1764 SSL_SHA1,
1765 TLS1_VERSION, TLS1_2_VERSION,
1766 DTLS1_BAD_VER, DTLS1_2_VERSION,
1767 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1768 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1769 112,
1770 168,
1771 },
1772 # endif
1773 {
1774 1,
1775 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1776 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1777 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1778 SSL_kECDHEPSK,
1779 SSL_aPSK,
1780 SSL_AES128,
1781 SSL_SHA1,
1782 TLS1_VERSION, TLS1_2_VERSION,
1783 DTLS1_BAD_VER, DTLS1_2_VERSION,
1784 SSL_HIGH | SSL_FIPS,
1785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1786 128,
1787 128,
1788 },
1789 {
1790 1,
1791 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1792 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1793 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1794 SSL_kECDHEPSK,
1795 SSL_aPSK,
1796 SSL_AES256,
1797 SSL_SHA1,
1798 TLS1_VERSION, TLS1_2_VERSION,
1799 DTLS1_BAD_VER, DTLS1_2_VERSION,
1800 SSL_HIGH | SSL_FIPS,
1801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1802 256,
1803 256,
1804 },
1805 {
1806 1,
1807 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1808 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1809 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1810 SSL_kECDHEPSK,
1811 SSL_aPSK,
1812 SSL_AES128,
1813 SSL_SHA256,
1814 TLS1_VERSION, TLS1_2_VERSION,
1815 DTLS1_BAD_VER, DTLS1_2_VERSION,
1816 SSL_HIGH | SSL_FIPS,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1818 128,
1819 128,
1820 },
1821 {
1822 1,
1823 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1824 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1825 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1826 SSL_kECDHEPSK,
1827 SSL_aPSK,
1828 SSL_AES256,
1829 SSL_SHA384,
1830 TLS1_VERSION, TLS1_2_VERSION,
1831 DTLS1_BAD_VER, DTLS1_2_VERSION,
1832 SSL_HIGH | SSL_FIPS,
1833 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1834 256,
1835 256,
1836 },
1837 {
1838 1,
1839 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1840 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1841 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1842 SSL_kECDHEPSK,
1843 SSL_aPSK,
1844 SSL_eNULL,
1845 SSL_SHA1,
1846 TLS1_VERSION, TLS1_2_VERSION,
1847 DTLS1_BAD_VER, DTLS1_2_VERSION,
1848 SSL_STRONG_NONE | SSL_FIPS,
1849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1850 0,
1851 0,
1852 },
1853 {
1854 1,
1855 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1856 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1857 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1858 SSL_kECDHEPSK,
1859 SSL_aPSK,
1860 SSL_eNULL,
1861 SSL_SHA256,
1862 TLS1_VERSION, TLS1_2_VERSION,
1863 DTLS1_BAD_VER, DTLS1_2_VERSION,
1864 SSL_STRONG_NONE | SSL_FIPS,
1865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1866 0,
1867 0,
1868 },
1869 {
1870 1,
1871 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1872 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1873 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1874 SSL_kECDHEPSK,
1875 SSL_aPSK,
1876 SSL_eNULL,
1877 SSL_SHA384,
1878 TLS1_VERSION, TLS1_2_VERSION,
1879 DTLS1_BAD_VER, DTLS1_2_VERSION,
1880 SSL_STRONG_NONE | SSL_FIPS,
1881 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1882 0,
1883 0,
1884 },
1885
1886 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1887 {
1888 1,
1889 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1890 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1891 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1892 SSL_kSRP,
1893 SSL_aSRP,
1894 SSL_3DES,
1895 SSL_SHA1,
1896 SSL3_VERSION, TLS1_2_VERSION,
1897 DTLS1_BAD_VER, DTLS1_2_VERSION,
1898 SSL_NOT_DEFAULT | SSL_MEDIUM,
1899 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1900 112,
1901 168,
1902 },
1903 {
1904 1,
1905 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1906 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1907 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1908 SSL_kSRP,
1909 SSL_aRSA,
1910 SSL_3DES,
1911 SSL_SHA1,
1912 SSL3_VERSION, TLS1_2_VERSION,
1913 DTLS1_BAD_VER, DTLS1_2_VERSION,
1914 SSL_NOT_DEFAULT | SSL_MEDIUM,
1915 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1916 112,
1917 168,
1918 },
1919 {
1920 1,
1921 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1922 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1923 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1924 SSL_kSRP,
1925 SSL_aDSS,
1926 SSL_3DES,
1927 SSL_SHA1,
1928 SSL3_VERSION, TLS1_2_VERSION,
1929 DTLS1_BAD_VER, DTLS1_2_VERSION,
1930 SSL_NOT_DEFAULT | SSL_MEDIUM,
1931 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1932 112,
1933 168,
1934 },
1935 # endif
1936 {
1937 1,
1938 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1939 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1940 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1941 SSL_kSRP,
1942 SSL_aSRP,
1943 SSL_AES128,
1944 SSL_SHA1,
1945 SSL3_VERSION, TLS1_2_VERSION,
1946 DTLS1_BAD_VER, DTLS1_2_VERSION,
1947 SSL_HIGH,
1948 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1949 128,
1950 128,
1951 },
1952 {
1953 1,
1954 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1955 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1956 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1957 SSL_kSRP,
1958 SSL_aRSA,
1959 SSL_AES128,
1960 SSL_SHA1,
1961 SSL3_VERSION, TLS1_2_VERSION,
1962 DTLS1_BAD_VER, DTLS1_2_VERSION,
1963 SSL_HIGH,
1964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1965 128,
1966 128,
1967 },
1968 {
1969 1,
1970 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1971 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1972 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1973 SSL_kSRP,
1974 SSL_aDSS,
1975 SSL_AES128,
1976 SSL_SHA1,
1977 SSL3_VERSION, TLS1_2_VERSION,
1978 DTLS1_BAD_VER, DTLS1_2_VERSION,
1979 SSL_NOT_DEFAULT | SSL_HIGH,
1980 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1981 128,
1982 128,
1983 },
1984 {
1985 1,
1986 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1987 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1988 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1989 SSL_kSRP,
1990 SSL_aSRP,
1991 SSL_AES256,
1992 SSL_SHA1,
1993 SSL3_VERSION, TLS1_2_VERSION,
1994 DTLS1_BAD_VER, DTLS1_2_VERSION,
1995 SSL_HIGH,
1996 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1997 256,
1998 256,
1999 },
2000 {
2001 1,
2002 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2003 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2004 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2005 SSL_kSRP,
2006 SSL_aRSA,
2007 SSL_AES256,
2008 SSL_SHA1,
2009 SSL3_VERSION, TLS1_2_VERSION,
2010 DTLS1_BAD_VER, DTLS1_2_VERSION,
2011 SSL_HIGH,
2012 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2013 256,
2014 256,
2015 },
2016 {
2017 1,
2018 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2019 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2020 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2021 SSL_kSRP,
2022 SSL_aDSS,
2023 SSL_AES256,
2024 SSL_SHA1,
2025 SSL3_VERSION, TLS1_2_VERSION,
2026 DTLS1_BAD_VER, DTLS1_2_VERSION,
2027 SSL_NOT_DEFAULT | SSL_HIGH,
2028 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2029 256,
2030 256,
2031 },
2032
2033 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2034 {
2035 1,
2036 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2037 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2038 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2039 SSL_kDHE,
2040 SSL_aRSA,
2041 SSL_CHACHA20POLY1305,
2042 SSL_AEAD,
2043 TLS1_2_VERSION, TLS1_2_VERSION,
2044 DTLS1_2_VERSION, DTLS1_2_VERSION,
2045 SSL_HIGH,
2046 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2047 256,
2048 256,
2049 },
2050 {
2051 1,
2052 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2053 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2054 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2055 SSL_kECDHE,
2056 SSL_aRSA,
2057 SSL_CHACHA20POLY1305,
2058 SSL_AEAD,
2059 TLS1_2_VERSION, TLS1_2_VERSION,
2060 DTLS1_2_VERSION, DTLS1_2_VERSION,
2061 SSL_HIGH,
2062 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2063 256,
2064 256,
2065 },
2066 {
2067 1,
2068 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2069 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2070 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2071 SSL_kECDHE,
2072 SSL_aECDSA,
2073 SSL_CHACHA20POLY1305,
2074 SSL_AEAD,
2075 TLS1_2_VERSION, TLS1_2_VERSION,
2076 DTLS1_2_VERSION, DTLS1_2_VERSION,
2077 SSL_HIGH,
2078 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2079 256,
2080 256,
2081 },
2082 {
2083 1,
2084 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2085 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2086 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2087 SSL_kPSK,
2088 SSL_aPSK,
2089 SSL_CHACHA20POLY1305,
2090 SSL_AEAD,
2091 TLS1_2_VERSION, TLS1_2_VERSION,
2092 DTLS1_2_VERSION, DTLS1_2_VERSION,
2093 SSL_HIGH,
2094 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2095 256,
2096 256,
2097 },
2098 {
2099 1,
2100 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2101 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2102 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2103 SSL_kECDHEPSK,
2104 SSL_aPSK,
2105 SSL_CHACHA20POLY1305,
2106 SSL_AEAD,
2107 TLS1_2_VERSION, TLS1_2_VERSION,
2108 DTLS1_2_VERSION, DTLS1_2_VERSION,
2109 SSL_HIGH,
2110 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2111 256,
2112 256,
2113 },
2114 {
2115 1,
2116 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2117 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2118 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2119 SSL_kDHEPSK,
2120 SSL_aPSK,
2121 SSL_CHACHA20POLY1305,
2122 SSL_AEAD,
2123 TLS1_2_VERSION, TLS1_2_VERSION,
2124 DTLS1_2_VERSION, DTLS1_2_VERSION,
2125 SSL_HIGH,
2126 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2127 256,
2128 256,
2129 },
2130 {
2131 1,
2132 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2133 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2134 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2135 SSL_kRSAPSK,
2136 SSL_aRSA,
2137 SSL_CHACHA20POLY1305,
2138 SSL_AEAD,
2139 TLS1_2_VERSION, TLS1_2_VERSION,
2140 DTLS1_2_VERSION, DTLS1_2_VERSION,
2141 SSL_HIGH,
2142 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2143 256,
2144 256,
2145 },
2146 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2147 * !defined(OPENSSL_NO_POLY1305) */
2148
2149 #ifndef OPENSSL_NO_CAMELLIA
2150 {
2151 1,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2153 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2154 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2155 SSL_kRSA,
2156 SSL_aRSA,
2157 SSL_CAMELLIA128,
2158 SSL_SHA256,
2159 TLS1_2_VERSION, TLS1_2_VERSION,
2160 DTLS1_2_VERSION, DTLS1_2_VERSION,
2161 SSL_NOT_DEFAULT | SSL_HIGH,
2162 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2163 128,
2164 128,
2165 },
2166 {
2167 1,
2168 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2169 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2170 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2171 SSL_kEDH,
2172 SSL_aDSS,
2173 SSL_CAMELLIA128,
2174 SSL_SHA256,
2175 TLS1_2_VERSION, TLS1_2_VERSION,
2176 DTLS1_2_VERSION, DTLS1_2_VERSION,
2177 SSL_NOT_DEFAULT | SSL_HIGH,
2178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2179 128,
2180 128,
2181 },
2182 {
2183 1,
2184 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2185 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2186 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2187 SSL_kEDH,
2188 SSL_aRSA,
2189 SSL_CAMELLIA128,
2190 SSL_SHA256,
2191 TLS1_2_VERSION, TLS1_2_VERSION,
2192 DTLS1_2_VERSION, DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_HIGH,
2194 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2195 128,
2196 128,
2197 },
2198 {
2199 1,
2200 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2201 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2202 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2203 SSL_kEDH,
2204 SSL_aNULL,
2205 SSL_CAMELLIA128,
2206 SSL_SHA256,
2207 TLS1_2_VERSION, TLS1_2_VERSION,
2208 DTLS1_2_VERSION, DTLS1_2_VERSION,
2209 SSL_NOT_DEFAULT | SSL_HIGH,
2210 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2211 128,
2212 128,
2213 },
2214 {
2215 1,
2216 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2217 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2218 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2219 SSL_kRSA,
2220 SSL_aRSA,
2221 SSL_CAMELLIA256,
2222 SSL_SHA256,
2223 TLS1_2_VERSION, TLS1_2_VERSION,
2224 DTLS1_2_VERSION, DTLS1_2_VERSION,
2225 SSL_NOT_DEFAULT | SSL_HIGH,
2226 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2227 256,
2228 256,
2229 },
2230 {
2231 1,
2232 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2233 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2234 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2235 SSL_kEDH,
2236 SSL_aDSS,
2237 SSL_CAMELLIA256,
2238 SSL_SHA256,
2239 TLS1_2_VERSION, TLS1_2_VERSION,
2240 DTLS1_2_VERSION, DTLS1_2_VERSION,
2241 SSL_NOT_DEFAULT | SSL_HIGH,
2242 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2243 256,
2244 256,
2245 },
2246 {
2247 1,
2248 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2249 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2250 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2251 SSL_kEDH,
2252 SSL_aRSA,
2253 SSL_CAMELLIA256,
2254 SSL_SHA256,
2255 TLS1_2_VERSION, TLS1_2_VERSION,
2256 DTLS1_2_VERSION, DTLS1_2_VERSION,
2257 SSL_NOT_DEFAULT | SSL_HIGH,
2258 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2259 256,
2260 256,
2261 },
2262 {
2263 1,
2264 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2265 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2266 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2267 SSL_kEDH,
2268 SSL_aNULL,
2269 SSL_CAMELLIA256,
2270 SSL_SHA256,
2271 TLS1_2_VERSION, TLS1_2_VERSION,
2272 DTLS1_2_VERSION, DTLS1_2_VERSION,
2273 SSL_NOT_DEFAULT | SSL_HIGH,
2274 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2275 256,
2276 256,
2277 },
2278 {
2279 1,
2280 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2281 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2282 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2283 SSL_kRSA,
2284 SSL_aRSA,
2285 SSL_CAMELLIA256,
2286 SSL_SHA1,
2287 SSL3_VERSION, TLS1_2_VERSION,
2288 DTLS1_BAD_VER, DTLS1_2_VERSION,
2289 SSL_NOT_DEFAULT | SSL_HIGH,
2290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2291 256,
2292 256,
2293 },
2294 {
2295 1,
2296 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2297 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2298 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2299 SSL_kDHE,
2300 SSL_aDSS,
2301 SSL_CAMELLIA256,
2302 SSL_SHA1,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_BAD_VER, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2307 256,
2308 256,
2309 },
2310 {
2311 1,
2312 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2313 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2314 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2315 SSL_kDHE,
2316 SSL_aRSA,
2317 SSL_CAMELLIA256,
2318 SSL_SHA1,
2319 SSL3_VERSION, TLS1_2_VERSION,
2320 DTLS1_BAD_VER, DTLS1_2_VERSION,
2321 SSL_NOT_DEFAULT | SSL_HIGH,
2322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2323 256,
2324 256,
2325 },
2326 {
2327 1,
2328 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2329 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2330 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2331 SSL_kDHE,
2332 SSL_aNULL,
2333 SSL_CAMELLIA256,
2334 SSL_SHA1,
2335 SSL3_VERSION, TLS1_2_VERSION,
2336 DTLS1_BAD_VER, DTLS1_2_VERSION,
2337 SSL_NOT_DEFAULT | SSL_HIGH,
2338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2339 256,
2340 256,
2341 },
2342 {
2343 1,
2344 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2345 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2346 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2347 SSL_kRSA,
2348 SSL_aRSA,
2349 SSL_CAMELLIA128,
2350 SSL_SHA1,
2351 SSL3_VERSION, TLS1_2_VERSION,
2352 DTLS1_BAD_VER, DTLS1_2_VERSION,
2353 SSL_NOT_DEFAULT | SSL_HIGH,
2354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2355 128,
2356 128,
2357 },
2358 {
2359 1,
2360 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2361 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2362 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2363 SSL_kDHE,
2364 SSL_aDSS,
2365 SSL_CAMELLIA128,
2366 SSL_SHA1,
2367 SSL3_VERSION, TLS1_2_VERSION,
2368 DTLS1_BAD_VER, DTLS1_2_VERSION,
2369 SSL_NOT_DEFAULT | SSL_HIGH,
2370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2371 128,
2372 128,
2373 },
2374 {
2375 1,
2376 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2377 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2378 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2379 SSL_kDHE,
2380 SSL_aRSA,
2381 SSL_CAMELLIA128,
2382 SSL_SHA1,
2383 SSL3_VERSION, TLS1_2_VERSION,
2384 DTLS1_BAD_VER, DTLS1_2_VERSION,
2385 SSL_NOT_DEFAULT | SSL_HIGH,
2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2387 128,
2388 128,
2389 },
2390 {
2391 1,
2392 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2393 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2394 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2395 SSL_kDHE,
2396 SSL_aNULL,
2397 SSL_CAMELLIA128,
2398 SSL_SHA1,
2399 SSL3_VERSION, TLS1_2_VERSION,
2400 DTLS1_BAD_VER, DTLS1_2_VERSION,
2401 SSL_NOT_DEFAULT | SSL_HIGH,
2402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2403 128,
2404 128,
2405 },
2406 {
2407 1,
2408 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2409 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2410 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2411 SSL_kECDHE,
2412 SSL_aECDSA,
2413 SSL_CAMELLIA128,
2414 SSL_SHA256,
2415 TLS1_2_VERSION, TLS1_2_VERSION,
2416 DTLS1_2_VERSION, DTLS1_2_VERSION,
2417 SSL_NOT_DEFAULT | SSL_HIGH,
2418 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2419 128,
2420 128,
2421 },
2422 {
2423 1,
2424 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2425 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2426 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2427 SSL_kECDHE,
2428 SSL_aECDSA,
2429 SSL_CAMELLIA256,
2430 SSL_SHA384,
2431 TLS1_2_VERSION, TLS1_2_VERSION,
2432 DTLS1_2_VERSION, DTLS1_2_VERSION,
2433 SSL_NOT_DEFAULT | SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2435 256,
2436 256,
2437 },
2438 {
2439 1,
2440 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2441 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2442 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2443 SSL_kECDHE,
2444 SSL_aRSA,
2445 SSL_CAMELLIA128,
2446 SSL_SHA256,
2447 TLS1_2_VERSION, TLS1_2_VERSION,
2448 DTLS1_2_VERSION, DTLS1_2_VERSION,
2449 SSL_NOT_DEFAULT | SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2451 128,
2452 128,
2453 },
2454 {
2455 1,
2456 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2457 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2458 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2459 SSL_kECDHE,
2460 SSL_aRSA,
2461 SSL_CAMELLIA256,
2462 SSL_SHA384,
2463 TLS1_2_VERSION, TLS1_2_VERSION,
2464 DTLS1_2_VERSION, DTLS1_2_VERSION,
2465 SSL_NOT_DEFAULT | SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2467 256,
2468 256,
2469 },
2470 {
2471 1,
2472 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2474 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2475 SSL_kPSK,
2476 SSL_aPSK,
2477 SSL_CAMELLIA128,
2478 SSL_SHA256,
2479 TLS1_VERSION, TLS1_2_VERSION,
2480 DTLS1_BAD_VER, DTLS1_2_VERSION,
2481 SSL_NOT_DEFAULT | SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2483 128,
2484 128,
2485 },
2486 {
2487 1,
2488 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2489 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2490 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2491 SSL_kPSK,
2492 SSL_aPSK,
2493 SSL_CAMELLIA256,
2494 SSL_SHA384,
2495 TLS1_VERSION, TLS1_2_VERSION,
2496 DTLS1_BAD_VER, DTLS1_2_VERSION,
2497 SSL_NOT_DEFAULT | SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2499 256,
2500 256,
2501 },
2502 {
2503 1,
2504 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2505 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2506 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2507 SSL_kDHEPSK,
2508 SSL_aPSK,
2509 SSL_CAMELLIA128,
2510 SSL_SHA256,
2511 TLS1_VERSION, TLS1_2_VERSION,
2512 DTLS1_BAD_VER, DTLS1_2_VERSION,
2513 SSL_NOT_DEFAULT | SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2515 128,
2516 128,
2517 },
2518 {
2519 1,
2520 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2521 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2522 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2523 SSL_kDHEPSK,
2524 SSL_aPSK,
2525 SSL_CAMELLIA256,
2526 SSL_SHA384,
2527 TLS1_VERSION, TLS1_2_VERSION,
2528 DTLS1_BAD_VER, DTLS1_2_VERSION,
2529 SSL_NOT_DEFAULT | SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2531 256,
2532 256,
2533 },
2534 {
2535 1,
2536 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2537 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2538 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2539 SSL_kRSAPSK,
2540 SSL_aRSA,
2541 SSL_CAMELLIA128,
2542 SSL_SHA256,
2543 TLS1_VERSION, TLS1_2_VERSION,
2544 DTLS1_BAD_VER, DTLS1_2_VERSION,
2545 SSL_NOT_DEFAULT | SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2547 128,
2548 128,
2549 },
2550 {
2551 1,
2552 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2553 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2554 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2555 SSL_kRSAPSK,
2556 SSL_aRSA,
2557 SSL_CAMELLIA256,
2558 SSL_SHA384,
2559 TLS1_VERSION, TLS1_2_VERSION,
2560 DTLS1_BAD_VER, DTLS1_2_VERSION,
2561 SSL_NOT_DEFAULT | SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2563 256,
2564 256,
2565 },
2566 {
2567 1,
2568 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2569 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2570 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2571 SSL_kECDHEPSK,
2572 SSL_aPSK,
2573 SSL_CAMELLIA128,
2574 SSL_SHA256,
2575 TLS1_VERSION, TLS1_2_VERSION,
2576 DTLS1_BAD_VER, DTLS1_2_VERSION,
2577 SSL_NOT_DEFAULT | SSL_HIGH,
2578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2579 128,
2580 128,
2581 },
2582 {
2583 1,
2584 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2585 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2586 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2587 SSL_kECDHEPSK,
2588 SSL_aPSK,
2589 SSL_CAMELLIA256,
2590 SSL_SHA384,
2591 TLS1_VERSION, TLS1_2_VERSION,
2592 DTLS1_BAD_VER, DTLS1_2_VERSION,
2593 SSL_NOT_DEFAULT | SSL_HIGH,
2594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2595 256,
2596 256,
2597 },
2598 #endif /* OPENSSL_NO_CAMELLIA */
2599
2600 #ifndef OPENSSL_NO_GOST
2601 {
2602 1,
2603 "GOST2001-GOST89-GOST89",
2604 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2605 0x3000081,
2606 SSL_kGOST,
2607 SSL_aGOST01,
2608 SSL_eGOST2814789CNT,
2609 SSL_GOST89MAC,
2610 TLS1_VERSION, TLS1_2_VERSION,
2611 0, 0,
2612 SSL_HIGH,
2613 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2614 256,
2615 256,
2616 },
2617 {
2618 1,
2619 "GOST2001-NULL-GOST94",
2620 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2621 0x3000083,
2622 SSL_kGOST,
2623 SSL_aGOST01,
2624 SSL_eNULL,
2625 SSL_GOST94,
2626 TLS1_VERSION, TLS1_2_VERSION,
2627 0, 0,
2628 SSL_STRONG_NONE,
2629 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2630 0,
2631 0,
2632 },
2633 {
2634 1,
2635 "GOST2012-GOST8912-GOST8912",
2636 NULL,
2637 0x0300ff85,
2638 SSL_kGOST,
2639 SSL_aGOST12 | SSL_aGOST01,
2640 SSL_eGOST2814789CNT12,
2641 SSL_GOST89MAC12,
2642 TLS1_VERSION, TLS1_2_VERSION,
2643 0, 0,
2644 SSL_HIGH,
2645 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2646 256,
2647 256,
2648 },
2649 {
2650 1,
2651 "GOST2012-NULL-GOST12",
2652 NULL,
2653 0x0300ff87,
2654 SSL_kGOST,
2655 SSL_aGOST12 | SSL_aGOST01,
2656 SSL_eNULL,
2657 SSL_GOST12_256,
2658 TLS1_VERSION, TLS1_2_VERSION,
2659 0, 0,
2660 SSL_STRONG_NONE,
2661 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2662 0,
2663 0,
2664 },
2665 #endif /* OPENSSL_NO_GOST */
2666
2667 #ifndef OPENSSL_NO_IDEA
2668 {
2669 1,
2670 SSL3_TXT_RSA_IDEA_128_SHA,
2671 SSL3_RFC_RSA_IDEA_128_SHA,
2672 SSL3_CK_RSA_IDEA_128_SHA,
2673 SSL_kRSA,
2674 SSL_aRSA,
2675 SSL_IDEA,
2676 SSL_SHA1,
2677 SSL3_VERSION, TLS1_1_VERSION,
2678 DTLS1_BAD_VER, DTLS1_VERSION,
2679 SSL_NOT_DEFAULT | SSL_MEDIUM,
2680 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2681 128,
2682 128,
2683 },
2684 #endif
2685
2686 #ifndef OPENSSL_NO_SEED
2687 {
2688 1,
2689 TLS1_TXT_RSA_WITH_SEED_SHA,
2690 TLS1_RFC_RSA_WITH_SEED_SHA,
2691 TLS1_CK_RSA_WITH_SEED_SHA,
2692 SSL_kRSA,
2693 SSL_aRSA,
2694 SSL_SEED,
2695 SSL_SHA1,
2696 SSL3_VERSION, TLS1_2_VERSION,
2697 DTLS1_BAD_VER, DTLS1_2_VERSION,
2698 SSL_NOT_DEFAULT | SSL_MEDIUM,
2699 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2700 128,
2701 128,
2702 },
2703 {
2704 1,
2705 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2706 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2707 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2708 SSL_kDHE,
2709 SSL_aDSS,
2710 SSL_SEED,
2711 SSL_SHA1,
2712 SSL3_VERSION, TLS1_2_VERSION,
2713 DTLS1_BAD_VER, DTLS1_2_VERSION,
2714 SSL_NOT_DEFAULT | SSL_MEDIUM,
2715 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2716 128,
2717 128,
2718 },
2719 {
2720 1,
2721 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2722 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2723 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2724 SSL_kDHE,
2725 SSL_aRSA,
2726 SSL_SEED,
2727 SSL_SHA1,
2728 SSL3_VERSION, TLS1_2_VERSION,
2729 DTLS1_BAD_VER, DTLS1_2_VERSION,
2730 SSL_NOT_DEFAULT | SSL_MEDIUM,
2731 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2732 128,
2733 128,
2734 },
2735 {
2736 1,
2737 TLS1_TXT_ADH_WITH_SEED_SHA,
2738 TLS1_RFC_ADH_WITH_SEED_SHA,
2739 TLS1_CK_ADH_WITH_SEED_SHA,
2740 SSL_kDHE,
2741 SSL_aNULL,
2742 SSL_SEED,
2743 SSL_SHA1,
2744 SSL3_VERSION, TLS1_2_VERSION,
2745 DTLS1_BAD_VER, DTLS1_2_VERSION,
2746 SSL_NOT_DEFAULT | SSL_MEDIUM,
2747 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2748 128,
2749 128,
2750 },
2751 #endif /* OPENSSL_NO_SEED */
2752
2753 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2754 {
2755 1,
2756 SSL3_TXT_RSA_RC4_128_MD5,
2757 SSL3_RFC_RSA_RC4_128_MD5,
2758 SSL3_CK_RSA_RC4_128_MD5,
2759 SSL_kRSA,
2760 SSL_aRSA,
2761 SSL_RC4,
2762 SSL_MD5,
2763 SSL3_VERSION, TLS1_2_VERSION,
2764 0, 0,
2765 SSL_NOT_DEFAULT | SSL_MEDIUM,
2766 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2767 128,
2768 128,
2769 },
2770 {
2771 1,
2772 SSL3_TXT_RSA_RC4_128_SHA,
2773 SSL3_RFC_RSA_RC4_128_SHA,
2774 SSL3_CK_RSA_RC4_128_SHA,
2775 SSL_kRSA,
2776 SSL_aRSA,
2777 SSL_RC4,
2778 SSL_SHA1,
2779 SSL3_VERSION, TLS1_2_VERSION,
2780 0, 0,
2781 SSL_NOT_DEFAULT | SSL_MEDIUM,
2782 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2783 128,
2784 128,
2785 },
2786 {
2787 1,
2788 SSL3_TXT_ADH_RC4_128_MD5,
2789 SSL3_RFC_ADH_RC4_128_MD5,
2790 SSL3_CK_ADH_RC4_128_MD5,
2791 SSL_kDHE,
2792 SSL_aNULL,
2793 SSL_RC4,
2794 SSL_MD5,
2795 SSL3_VERSION, TLS1_2_VERSION,
2796 0, 0,
2797 SSL_NOT_DEFAULT | SSL_MEDIUM,
2798 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2799 128,
2800 128,
2801 },
2802 {
2803 1,
2804 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2805 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2806 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2807 SSL_kECDHEPSK,
2808 SSL_aPSK,
2809 SSL_RC4,
2810 SSL_SHA1,
2811 TLS1_VERSION, TLS1_2_VERSION,
2812 0, 0,
2813 SSL_NOT_DEFAULT | SSL_MEDIUM,
2814 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2815 128,
2816 128,
2817 },
2818 {
2819 1,
2820 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2821 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2822 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2823 SSL_kECDHE,
2824 SSL_aNULL,
2825 SSL_RC4,
2826 SSL_SHA1,
2827 TLS1_VERSION, TLS1_2_VERSION,
2828 0, 0,
2829 SSL_NOT_DEFAULT | SSL_MEDIUM,
2830 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2831 128,
2832 128,
2833 },
2834 {
2835 1,
2836 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2837 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2838 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2839 SSL_kECDHE,
2840 SSL_aECDSA,
2841 SSL_RC4,
2842 SSL_SHA1,
2843 TLS1_VERSION, TLS1_2_VERSION,
2844 0, 0,
2845 SSL_NOT_DEFAULT | SSL_MEDIUM,
2846 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2847 128,
2848 128,
2849 },
2850 {
2851 1,
2852 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2853 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2854 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2855 SSL_kECDHE,
2856 SSL_aRSA,
2857 SSL_RC4,
2858 SSL_SHA1,
2859 TLS1_VERSION, TLS1_2_VERSION,
2860 0, 0,
2861 SSL_NOT_DEFAULT | SSL_MEDIUM,
2862 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2863 128,
2864 128,
2865 },
2866 {
2867 1,
2868 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2869 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2870 TLS1_CK_PSK_WITH_RC4_128_SHA,
2871 SSL_kPSK,
2872 SSL_aPSK,
2873 SSL_RC4,
2874 SSL_SHA1,
2875 SSL3_VERSION, TLS1_2_VERSION,
2876 0, 0,
2877 SSL_NOT_DEFAULT | SSL_MEDIUM,
2878 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2879 128,
2880 128,
2881 },
2882 {
2883 1,
2884 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2885 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2886 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2887 SSL_kRSAPSK,
2888 SSL_aRSA,
2889 SSL_RC4,
2890 SSL_SHA1,
2891 SSL3_VERSION, TLS1_2_VERSION,
2892 0, 0,
2893 SSL_NOT_DEFAULT | SSL_MEDIUM,
2894 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2895 128,
2896 128,
2897 },
2898 {
2899 1,
2900 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2901 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2902 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2903 SSL_kDHEPSK,
2904 SSL_aPSK,
2905 SSL_RC4,
2906 SSL_SHA1,
2907 SSL3_VERSION, TLS1_2_VERSION,
2908 0, 0,
2909 SSL_NOT_DEFAULT | SSL_MEDIUM,
2910 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2911 128,
2912 128,
2913 },
2914 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2915
2916 #ifndef OPENSSL_NO_ARIA
2917 {
2918 1,
2919 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2920 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2921 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2922 SSL_kRSA,
2923 SSL_aRSA,
2924 SSL_ARIA128GCM,
2925 SSL_AEAD,
2926 TLS1_2_VERSION, TLS1_2_VERSION,
2927 DTLS1_2_VERSION, DTLS1_2_VERSION,
2928 SSL_NOT_DEFAULT | SSL_HIGH,
2929 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2930 128,
2931 128,
2932 },
2933 {
2934 1,
2935 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2936 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2937 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2938 SSL_kRSA,
2939 SSL_aRSA,
2940 SSL_ARIA256GCM,
2941 SSL_AEAD,
2942 TLS1_2_VERSION, TLS1_2_VERSION,
2943 DTLS1_2_VERSION, DTLS1_2_VERSION,
2944 SSL_NOT_DEFAULT | SSL_HIGH,
2945 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2946 256,
2947 256,
2948 },
2949 {
2950 1,
2951 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2952 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2953 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2954 SSL_kDHE,
2955 SSL_aRSA,
2956 SSL_ARIA128GCM,
2957 SSL_AEAD,
2958 TLS1_2_VERSION, TLS1_2_VERSION,
2959 DTLS1_2_VERSION, DTLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_HIGH,
2961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2962 128,
2963 128,
2964 },
2965 {
2966 1,
2967 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2968 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2969 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2970 SSL_kDHE,
2971 SSL_aRSA,
2972 SSL_ARIA256GCM,
2973 SSL_AEAD,
2974 TLS1_2_VERSION, TLS1_2_VERSION,
2975 DTLS1_2_VERSION, DTLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_HIGH,
2977 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2978 256,
2979 256,
2980 },
2981 {
2982 1,
2983 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2984 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2985 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2986 SSL_kDHE,
2987 SSL_aDSS,
2988 SSL_ARIA128GCM,
2989 SSL_AEAD,
2990 TLS1_2_VERSION, TLS1_2_VERSION,
2991 DTLS1_2_VERSION, DTLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_HIGH,
2993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2994 128,
2995 128,
2996 },
2997 {
2998 1,
2999 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3000 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3001 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3002 SSL_kDHE,
3003 SSL_aDSS,
3004 SSL_ARIA256GCM,
3005 SSL_AEAD,
3006 TLS1_2_VERSION, TLS1_2_VERSION,
3007 DTLS1_2_VERSION, DTLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_HIGH,
3009 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3010 256,
3011 256,
3012 },
3013 {
3014 1,
3015 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3016 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3017 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3018 SSL_kECDHE,
3019 SSL_aECDSA,
3020 SSL_ARIA128GCM,
3021 SSL_AEAD,
3022 TLS1_2_VERSION, TLS1_2_VERSION,
3023 DTLS1_2_VERSION, DTLS1_2_VERSION,
3024 SSL_NOT_DEFAULT | SSL_HIGH,
3025 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3026 128,
3027 128,
3028 },
3029 {
3030 1,
3031 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3032 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3033 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3034 SSL_kECDHE,
3035 SSL_aECDSA,
3036 SSL_ARIA256GCM,
3037 SSL_AEAD,
3038 TLS1_2_VERSION, TLS1_2_VERSION,
3039 DTLS1_2_VERSION, DTLS1_2_VERSION,
3040 SSL_NOT_DEFAULT | SSL_HIGH,
3041 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3042 256,
3043 256,
3044 },
3045 {
3046 1,
3047 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3048 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3049 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3050 SSL_kECDHE,
3051 SSL_aRSA,
3052 SSL_ARIA128GCM,
3053 SSL_AEAD,
3054 TLS1_2_VERSION, TLS1_2_VERSION,
3055 DTLS1_2_VERSION, DTLS1_2_VERSION,
3056 SSL_NOT_DEFAULT | SSL_HIGH,
3057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3058 128,
3059 128,
3060 },
3061 {
3062 1,
3063 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3064 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3065 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3066 SSL_kECDHE,
3067 SSL_aRSA,
3068 SSL_ARIA256GCM,
3069 SSL_AEAD,
3070 TLS1_2_VERSION, TLS1_2_VERSION,
3071 DTLS1_2_VERSION, DTLS1_2_VERSION,
3072 SSL_NOT_DEFAULT | SSL_HIGH,
3073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3074 256,
3075 256,
3076 },
3077 {
3078 1,
3079 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3080 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3081 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3082 SSL_kPSK,
3083 SSL_aPSK,
3084 SSL_ARIA128GCM,
3085 SSL_AEAD,
3086 TLS1_2_VERSION, TLS1_2_VERSION,
3087 DTLS1_2_VERSION, DTLS1_2_VERSION,
3088 SSL_NOT_DEFAULT | SSL_HIGH,
3089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3090 128,
3091 128,
3092 },
3093 {
3094 1,
3095 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3096 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3097 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3098 SSL_kPSK,
3099 SSL_aPSK,
3100 SSL_ARIA256GCM,
3101 SSL_AEAD,
3102 TLS1_2_VERSION, TLS1_2_VERSION,
3103 DTLS1_2_VERSION, DTLS1_2_VERSION,
3104 SSL_NOT_DEFAULT | SSL_HIGH,
3105 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3106 256,
3107 256,
3108 },
3109 {
3110 1,
3111 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3112 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3113 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3114 SSL_kDHEPSK,
3115 SSL_aPSK,
3116 SSL_ARIA128GCM,
3117 SSL_AEAD,
3118 TLS1_2_VERSION, TLS1_2_VERSION,
3119 DTLS1_2_VERSION, DTLS1_2_VERSION,
3120 SSL_NOT_DEFAULT | SSL_HIGH,
3121 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3122 128,
3123 128,
3124 },
3125 {
3126 1,
3127 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3128 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3129 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3130 SSL_kDHEPSK,
3131 SSL_aPSK,
3132 SSL_ARIA256GCM,
3133 SSL_AEAD,
3134 TLS1_2_VERSION, TLS1_2_VERSION,
3135 DTLS1_2_VERSION, DTLS1_2_VERSION,
3136 SSL_NOT_DEFAULT | SSL_HIGH,
3137 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3138 256,
3139 256,
3140 },
3141 {
3142 1,
3143 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3144 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3145 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3146 SSL_kRSAPSK,
3147 SSL_aRSA,
3148 SSL_ARIA128GCM,
3149 SSL_AEAD,
3150 TLS1_2_VERSION, TLS1_2_VERSION,
3151 DTLS1_2_VERSION, DTLS1_2_VERSION,
3152 SSL_NOT_DEFAULT | SSL_HIGH,
3153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3154 128,
3155 128,
3156 },
3157 {
3158 1,
3159 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3160 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3161 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3162 SSL_kRSAPSK,
3163 SSL_aRSA,
3164 SSL_ARIA256GCM,
3165 SSL_AEAD,
3166 TLS1_2_VERSION, TLS1_2_VERSION,
3167 DTLS1_2_VERSION, DTLS1_2_VERSION,
3168 SSL_NOT_DEFAULT | SSL_HIGH,
3169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3170 256,
3171 256,
3172 },
3173 #endif /* OPENSSL_NO_ARIA */
3174 };
3175
3176 /*
3177 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3178 * values stuffed into the ciphers field of the wire protocol for signalling
3179 * purposes.
3180 */
3181 static SSL_CIPHER ssl3_scsvs[] = {
3182 {
3183 0,
3184 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3185 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3186 SSL3_CK_SCSV,
3187 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3188 },
3189 {
3190 0,
3191 "TLS_FALLBACK_SCSV",
3192 "TLS_FALLBACK_SCSV",
3193 SSL3_CK_FALLBACK_SCSV,
3194 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3195 },
3196 };
3197
3198 static int cipher_compare(const void *a, const void *b)
3199 {
3200 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3201 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3202
3203 if (ap->id == bp->id)
3204 return 0;
3205 return ap->id < bp->id ? -1 : 1;
3206 }
3207
3208 void ssl_sort_cipher_list(void)
3209 {
3210 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3211 cipher_compare);
3212 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3213 }
3214
3215 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3216 const char * t, size_t u,
3217 const unsigned char * v, size_t w, int x)
3218 {
3219 (void)r;
3220 (void)s;
3221 (void)t;
3222 (void)u;
3223 (void)v;
3224 (void)w;
3225 (void)x;
3226 return ssl_undefined_function(ssl);
3227 }
3228
3229 const SSL3_ENC_METHOD SSLv3_enc_data = {
3230 ssl3_enc,
3231 n_ssl3_mac,
3232 ssl3_setup_key_block,
3233 ssl3_generate_master_secret,
3234 ssl3_change_cipher_state,
3235 ssl3_final_finish_mac,
3236 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3237 SSL3_MD_SERVER_FINISHED_CONST, 4,
3238 ssl3_alert_code,
3239 ssl_undefined_function_1,
3240 0,
3241 ssl3_set_handshake_header,
3242 tls_close_construct_packet,
3243 ssl3_handshake_write
3244 };
3245
3246 long ssl3_default_timeout(void)
3247 {
3248 /*
3249 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3250 * http, the cache would over fill
3251 */
3252 return (60 * 60 * 2);
3253 }
3254
3255 int ssl3_num_ciphers(void)
3256 {
3257 return SSL3_NUM_CIPHERS;
3258 }
3259
3260 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3261 {
3262 if (u < SSL3_NUM_CIPHERS)
3263 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3264 else
3265 return NULL;
3266 }
3267
3268 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3269 {
3270 /* No header in the event of a CCS */
3271 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3272 return 1;
3273
3274 /* Set the content type and 3 bytes for the message len */
3275 if (!WPACKET_put_bytes_u8(pkt, htype)
3276 || !WPACKET_start_sub_packet_u24(pkt))
3277 return 0;
3278
3279 return 1;
3280 }
3281
3282 int ssl3_handshake_write(SSL *s)
3283 {
3284 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3285 }
3286
3287 int ssl3_new(SSL *s)
3288 {
3289 SSL3_STATE *s3;
3290
3291 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3292 goto err;
3293 s->s3 = s3;
3294
3295 #ifndef OPENSSL_NO_SRP
3296 if (!SSL_SRP_CTX_init(s))
3297 goto err;
3298 #endif
3299
3300 if (!s->method->ssl_clear(s))
3301 return 0;
3302
3303 return 1;
3304 err:
3305 return 0;
3306 }
3307
3308 void ssl3_free(SSL *s)
3309 {
3310 if (s == NULL || s->s3 == NULL)
3311 return;
3312
3313 ssl3_cleanup_key_block(s);
3314
3315 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3316 EVP_PKEY_free(s->s3->peer_tmp);
3317 s->s3->peer_tmp = NULL;
3318 EVP_PKEY_free(s->s3->tmp.pkey);
3319 s->s3->tmp.pkey = NULL;
3320 #endif
3321
3322 OPENSSL_free(s->s3->tmp.ctype);
3323 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3324 OPENSSL_free(s->s3->tmp.ciphers_raw);
3325 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3326 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3327 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3328 ssl3_free_digest_list(s);
3329 OPENSSL_free(s->s3->alpn_selected);
3330 OPENSSL_free(s->s3->alpn_proposed);
3331
3332 #ifndef OPENSSL_NO_SRP
3333 SSL_SRP_CTX_free(s);
3334 #endif
3335 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3336 s->s3 = NULL;
3337 }
3338
3339 int ssl3_clear(SSL *s)
3340 {
3341 ssl3_cleanup_key_block(s);
3342 OPENSSL_free(s->s3->tmp.ctype);
3343 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3344 OPENSSL_free(s->s3->tmp.ciphers_raw);
3345 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3346 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3347 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3348
3349 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3350 EVP_PKEY_free(s->s3->tmp.pkey);
3351 EVP_PKEY_free(s->s3->peer_tmp);
3352 #endif /* !OPENSSL_NO_EC */
3353
3354 ssl3_free_digest_list(s);
3355
3356 OPENSSL_free(s->s3->alpn_selected);
3357 OPENSSL_free(s->s3->alpn_proposed);
3358
3359 /* NULL/zero-out everything in the s3 struct */
3360 memset(s->s3, 0, sizeof(*s->s3));
3361
3362 if (!ssl_free_wbio_buffer(s))
3363 return 0;
3364
3365 s->version = SSL3_VERSION;
3366
3367 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3368 OPENSSL_free(s->ext.npn);
3369 s->ext.npn = NULL;
3370 s->ext.npn_len = 0;
3371 #endif
3372
3373 return 1;
3374 }
3375
3376 #ifndef OPENSSL_NO_SRP
3377 static char *srp_password_from_info_cb(SSL *s, void *arg)
3378 {
3379 return OPENSSL_strdup(s->srp_ctx.info);
3380 }
3381 #endif
3382
3383 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3384
3385 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3386 {
3387 int ret = 0;
3388
3389 switch (cmd) {
3390 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3391 break;
3392 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3393 ret = s->s3->num_renegotiations;
3394 break;
3395 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3396 ret = s->s3->num_renegotiations;
3397 s->s3->num_renegotiations = 0;
3398 break;
3399 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3400 ret = s->s3->total_renegotiations;
3401 break;
3402 case SSL_CTRL_GET_FLAGS:
3403 ret = (int)(s->s3->flags);
3404 break;
3405 #ifndef OPENSSL_NO_DH
3406 case SSL_CTRL_SET_TMP_DH:
3407 {
3408 DH *dh = (DH *)parg;
3409 EVP_PKEY *pkdh = NULL;
3410 if (dh == NULL) {
3411 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3412 return ret;
3413 }
3414 pkdh = ssl_dh_to_pkey(dh);
3415 if (pkdh == NULL) {
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3417 return 0;
3418 }
3419 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3420 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3421 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3422 EVP_PKEY_free(pkdh);
3423 return ret;
3424 }
3425 EVP_PKEY_free(s->cert->dh_tmp);
3426 s->cert->dh_tmp = pkdh;
3427 ret = 1;
3428 }
3429 break;
3430 case SSL_CTRL_SET_TMP_DH_CB:
3431 {
3432 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3433 return ret;
3434 }
3435 case SSL_CTRL_SET_DH_AUTO:
3436 s->cert->dh_tmp_auto = larg;
3437 return 1;
3438 #endif
3439 #ifndef OPENSSL_NO_EC
3440 case SSL_CTRL_SET_TMP_ECDH:
3441 {
3442 const EC_GROUP *group = NULL;
3443 int nid;
3444
3445 if (parg == NULL) {
3446 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3447 return 0;
3448 }
3449 group = EC_KEY_get0_group((const EC_KEY *)parg);
3450 if (group == NULL) {
3451 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3452 return 0;
3453 }
3454 nid = EC_GROUP_get_curve_name(group);
3455 if (nid == NID_undef)
3456 return 0;
3457 return tls1_set_groups(&s->ext.supportedgroups,
3458 &s->ext.supportedgroups_len,
3459 &nid, 1);
3460 }
3461 break;
3462 #endif /* !OPENSSL_NO_EC */
3463 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3464 if (larg == TLSEXT_NAMETYPE_host_name) {
3465 size_t len;
3466
3467 OPENSSL_free(s->ext.hostname);
3468 s->ext.hostname = NULL;
3469
3470 ret = 1;
3471 if (parg == NULL)
3472 break;
3473 len = strlen((char *)parg);
3474 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3475 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3476 return 0;
3477 }
3478 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3479 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3480 return 0;
3481 }
3482 } else {
3483 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3484 return 0;
3485 }
3486 break;
3487 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3488 s->ext.debug_arg = parg;
3489 ret = 1;
3490 break;
3491
3492 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3493 ret = s->ext.status_type;
3494 break;
3495
3496 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3497 s->ext.status_type = larg;
3498 ret = 1;
3499 break;
3500
3501 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3502 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3503 ret = 1;
3504 break;
3505
3506 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3507 s->ext.ocsp.exts = parg;
3508 ret = 1;
3509 break;
3510
3511 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3512 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3513 ret = 1;
3514 break;
3515
3516 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3517 s->ext.ocsp.ids = parg;
3518 ret = 1;
3519 break;
3520
3521 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3522 *(unsigned char **)parg = s->ext.ocsp.resp;
3523 if (s->ext.ocsp.resp_len == 0
3524 || s->ext.ocsp.resp_len > LONG_MAX)
3525 return -1;
3526 return (long)s->ext.ocsp.resp_len;
3527
3528 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3529 OPENSSL_free(s->ext.ocsp.resp);
3530 s->ext.ocsp.resp = parg;
3531 s->ext.ocsp.resp_len = larg;
3532 ret = 1;
3533 break;
3534
3535 #ifndef OPENSSL_NO_HEARTBEATS
3536 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3537 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3538 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3539 break;
3540 #endif
3541
3542 case SSL_CTRL_CHAIN:
3543 if (larg)
3544 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3545 else
3546 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3547
3548 case SSL_CTRL_CHAIN_CERT:
3549 if (larg)
3550 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3551 else
3552 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3553
3554 case SSL_CTRL_GET_CHAIN_CERTS:
3555 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3556 break;
3557
3558 case SSL_CTRL_SELECT_CURRENT_CERT:
3559 return ssl_cert_select_current(s->cert, (X509 *)parg);
3560
3561 case SSL_CTRL_SET_CURRENT_CERT:
3562 if (larg == SSL_CERT_SET_SERVER) {
3563 const SSL_CIPHER *cipher;
3564 if (!s->server)
3565 return 0;
3566 cipher = s->s3->tmp.new_cipher;
3567 if (cipher == NULL)
3568 return 0;
3569 /*
3570 * No certificate for unauthenticated ciphersuites or using SRP
3571 * authentication
3572 */
3573 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3574 return 2;
3575 if (s->s3->tmp.cert == NULL)
3576 return 0;
3577 s->cert->key = s->s3->tmp.cert;
3578 return 1;
3579 }
3580 return ssl_cert_set_current(s->cert, larg);
3581
3582 #ifndef OPENSSL_NO_EC
3583 case SSL_CTRL_GET_GROUPS:
3584 {
3585 uint16_t *clist;
3586 size_t clistlen;
3587
3588 if (!s->session)
3589 return 0;
3590 clist = s->session->ext.supportedgroups;
3591 clistlen = s->session->ext.supportedgroups_len;
3592 if (parg) {
3593 size_t i;
3594 int *cptr = parg;
3595
3596 for (i = 0; i < clistlen; i++) {
3597 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3598
3599 if (cinf != NULL)
3600 cptr[i] = cinf->nid;
3601 else
3602 cptr[i] = TLSEXT_nid_unknown | clist[i];
3603 }
3604 }
3605 return (int)clistlen;
3606 }
3607
3608 case SSL_CTRL_SET_GROUPS:
3609 return tls1_set_groups(&s->ext.supportedgroups,
3610 &s->ext.supportedgroups_len, parg, larg);
3611
3612 case SSL_CTRL_SET_GROUPS_LIST:
3613 return tls1_set_groups_list(&s->ext.supportedgroups,
3614 &s->ext.supportedgroups_len, parg);
3615
3616 case SSL_CTRL_GET_SHARED_GROUP:
3617 {
3618 uint16_t id = tls1_shared_group(s, larg);
3619
3620 if (larg != -1) {
3621 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3622
3623 return ginf == NULL ? 0 : ginf->nid;
3624 }
3625 return id;
3626 }
3627 #endif
3628 case SSL_CTRL_SET_SIGALGS:
3629 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3630
3631 case SSL_CTRL_SET_SIGALGS_LIST:
3632 return tls1_set_sigalgs_list(s->cert, parg, 0);
3633
3634 case SSL_CTRL_SET_CLIENT_SIGALGS:
3635 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3636
3637 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3638 return tls1_set_sigalgs_list(s->cert, parg, 1);
3639
3640 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3641 {
3642 const unsigned char **pctype = parg;
3643 if (s->server || !s->s3->tmp.cert_req)
3644 return 0;
3645 if (pctype)
3646 *pctype = s->s3->tmp.ctype;
3647 return s->s3->tmp.ctype_len;
3648 }
3649
3650 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3651 if (!s->server)
3652 return 0;
3653 return ssl3_set_req_cert_type(s->cert, parg, larg);
3654
3655 case SSL_CTRL_BUILD_CERT_CHAIN:
3656 return ssl_build_cert_chain(s, NULL, larg);
3657
3658 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3659 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3660
3661 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3662 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3663
3664 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3665 if (s->s3->tmp.peer_sigalg == NULL)
3666 return 0;
3667 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3668 return 1;
3669
3670 case SSL_CTRL_GET_SERVER_TMP_KEY:
3671 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3672 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3673 return 0;
3674 } else {
3675 EVP_PKEY_up_ref(s->s3->peer_tmp);
3676 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3677 return 1;
3678 }
3679 #else
3680 return 0;
3681 #endif
3682 #ifndef OPENSSL_NO_EC
3683 case SSL_CTRL_GET_EC_POINT_FORMATS:
3684 {
3685 SSL_SESSION *sess = s->session;
3686 const unsigned char **pformat = parg;
3687
3688 if (sess == NULL || sess->ext.ecpointformats == NULL)
3689 return 0;
3690 *pformat = sess->ext.ecpointformats;
3691 return (int)sess->ext.ecpointformats_len;
3692 }
3693 #endif
3694
3695 default:
3696 break;
3697 }
3698 return ret;
3699 }
3700
3701 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3702 {
3703 int ret = 0;
3704
3705 switch (cmd) {
3706 #ifndef OPENSSL_NO_DH
3707 case SSL_CTRL_SET_TMP_DH_CB:
3708 {
3709 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3710 }
3711 break;
3712 #endif
3713 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3714 s->ext.debug_cb = (void (*)(SSL *, int, int,
3715 const unsigned char *, int, void *))fp;
3716 break;
3717
3718 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3719 {
3720 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3721 }
3722 break;
3723 default:
3724 break;
3725 }
3726 return ret;
3727 }
3728
3729 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3730 {
3731 switch (cmd) {
3732 #ifndef OPENSSL_NO_DH
3733 case SSL_CTRL_SET_TMP_DH:
3734 {
3735 DH *dh = (DH *)parg;
3736 EVP_PKEY *pkdh = NULL;
3737 if (dh == NULL) {
3738 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3739 return 0;
3740 }
3741 pkdh = ssl_dh_to_pkey(dh);
3742 if (pkdh == NULL) {
3743 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3744 return 0;
3745 }
3746 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3747 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3748 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3749 EVP_PKEY_free(pkdh);
3750 return 1;
3751 }
3752 EVP_PKEY_free(ctx->cert->dh_tmp);
3753 ctx->cert->dh_tmp = pkdh;
3754 return 1;
3755 }
3756 case SSL_CTRL_SET_TMP_DH_CB:
3757 {
3758 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3759 return 0;
3760 }
3761 case SSL_CTRL_SET_DH_AUTO:
3762 ctx->cert->dh_tmp_auto = larg;
3763 return 1;
3764 #endif
3765 #ifndef OPENSSL_NO_EC
3766 case SSL_CTRL_SET_TMP_ECDH:
3767 {
3768 const EC_GROUP *group = NULL;
3769 int nid;
3770
3771 if (parg == NULL) {
3772 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3773 return 0;
3774 }
3775 group = EC_KEY_get0_group((const EC_KEY *)parg);
3776 if (group == NULL) {
3777 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3778 return 0;
3779 }
3780 nid = EC_GROUP_get_curve_name(group);
3781 if (nid == NID_undef)
3782 return 0;
3783 return tls1_set_groups(&ctx->ext.supportedgroups,
3784 &ctx->ext.supportedgroups_len,
3785 &nid, 1);
3786 }
3787 #endif /* !OPENSSL_NO_EC */
3788 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3789 ctx->ext.servername_arg = parg;
3790 break;
3791 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3792 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3793 {
3794 unsigned char *keys = parg;
3795 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3796 sizeof(ctx->ext.tick_hmac_key) +
3797 sizeof(ctx->ext.tick_aes_key));
3798 if (keys == NULL)
3799 return tick_keylen;
3800 if (larg != tick_keylen) {
3801 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3802 return 0;
3803 }
3804 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3805 memcpy(ctx->ext.tick_key_name, keys,
3806 sizeof(ctx->ext.tick_key_name));
3807 memcpy(ctx->ext.tick_hmac_key,
3808 keys + sizeof(ctx->ext.tick_key_name),
3809 sizeof(ctx->ext.tick_hmac_key));
3810 memcpy(ctx->ext.tick_aes_key,
3811 keys + sizeof(ctx->ext.tick_key_name) +
3812 sizeof(ctx->ext.tick_hmac_key),
3813 sizeof(ctx->ext.tick_aes_key));
3814 } else {
3815 memcpy(keys, ctx->ext.tick_key_name,
3816 sizeof(ctx->ext.tick_key_name));
3817 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3818 ctx->ext.tick_hmac_key,
3819 sizeof(ctx->ext.tick_hmac_key));
3820 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3821 sizeof(ctx->ext.tick_hmac_key),
3822 ctx->ext.tick_aes_key,
3823 sizeof(ctx->ext.tick_aes_key));
3824 }
3825 return 1;
3826 }
3827
3828 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3829 return ctx->ext.status_type;
3830
3831 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3832 ctx->ext.status_type = larg;
3833 break;
3834
3835 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3836 ctx->ext.status_arg = parg;
3837 return 1;
3838
3839 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3840 *(void**)parg = ctx->ext.status_arg;
3841 break;
3842
3843 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3844 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3845 break;
3846
3847 #ifndef OPENSSL_NO_SRP
3848 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3849 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3850 OPENSSL_free(ctx->srp_ctx.login);
3851 ctx->srp_ctx.login = NULL;
3852 if (parg == NULL)
3853 break;
3854 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3855 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3856 return 0;
3857 }
3858 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3859 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3860 return 0;
3861 }
3862 break;
3863 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3864 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3865 srp_password_from_info_cb;
3866 if (ctx->srp_ctx.info != NULL)
3867 OPENSSL_free(ctx->srp_ctx.info);
3868 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3869 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3870 return 0;
3871 }
3872 break;
3873 case SSL_CTRL_SET_SRP_ARG:
3874 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3875 ctx->srp_ctx.SRP_cb_arg = parg;
3876 break;
3877
3878 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3879 ctx->srp_ctx.strength = larg;
3880 break;
3881 #endif
3882
3883 #ifndef OPENSSL_NO_EC
3884 case SSL_CTRL_SET_GROUPS:
3885 return tls1_set_groups(&ctx->ext.supportedgroups,
3886 &ctx->ext.supportedgroups_len,
3887 parg, larg);
3888
3889 case SSL_CTRL_SET_GROUPS_LIST:
3890 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3891 &ctx->ext.supportedgroups_len,
3892 parg);
3893 #endif
3894 case SSL_CTRL_SET_SIGALGS:
3895 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3896
3897 case SSL_CTRL_SET_SIGALGS_LIST:
3898 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3899
3900 case SSL_CTRL_SET_CLIENT_SIGALGS:
3901 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3902
3903 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3904 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3905
3906 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3907 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3908
3909 case SSL_CTRL_BUILD_CERT_CHAIN:
3910 return ssl_build_cert_chain(NULL, ctx, larg);
3911
3912 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3913 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3914
3915 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3916 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3917
3918 /* A Thawte special :-) */
3919 case SSL_CTRL_EXTRA_CHAIN_CERT:
3920 if (ctx->extra_certs == NULL) {
3921 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3922 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3923 return 0;
3924 }
3925 }
3926 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3927 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3928 return 0;
3929 }
3930 break;
3931
3932 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3933 if (ctx->extra_certs == NULL && larg == 0)
3934 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3935 else
3936 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3937 break;
3938
3939 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3940 sk_X509_pop_free(ctx->extra_certs, X509_free);
3941 ctx->extra_certs = NULL;
3942 break;
3943
3944 case SSL_CTRL_CHAIN:
3945 if (larg)
3946 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3947 else
3948 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3949
3950 case SSL_CTRL_CHAIN_CERT:
3951 if (larg)
3952 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3953 else
3954 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3955
3956 case SSL_CTRL_GET_CHAIN_CERTS:
3957 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3958 break;
3959
3960 case SSL_CTRL_SELECT_CURRENT_CERT:
3961 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3962
3963 case SSL_CTRL_SET_CURRENT_CERT:
3964 return ssl_cert_set_current(ctx->cert, larg);
3965
3966 default:
3967 return 0;
3968 }
3969 return 1;
3970 }
3971
3972 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3973 {
3974 switch (cmd) {
3975 #ifndef OPENSSL_NO_DH
3976 case SSL_CTRL_SET_TMP_DH_CB:
3977 {
3978 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3979 }
3980 break;
3981 #endif
3982 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3983 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3984 break;
3985
3986 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3987 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3988 break;
3989
3990 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3991 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3992 unsigned char *,
3993 EVP_CIPHER_CTX *,
3994 HMAC_CTX *, int))fp;
3995 break;
3996
3997 #ifndef OPENSSL_NO_SRP
3998 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3999 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4000 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4001 break;
4002 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4003 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4004 ctx->srp_ctx.TLS_ext_srp_username_callback =
4005 (int (*)(SSL *, int *, void *))fp;
4006 break;
4007 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4008 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4009 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4010 (char *(*)(SSL *, void *))fp;
4011 break;
4012 #endif
4013 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4014 {
4015 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4016 }
4017 break;
4018 default:
4019 return 0;
4020 }
4021 return 1;
4022 }
4023
4024 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4025 {
4026 SSL_CIPHER c;
4027 const SSL_CIPHER *cp;
4028
4029 c.id = id;
4030 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4031 if (cp != NULL)
4032 return cp;
4033 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4034 }
4035
4036 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4037 {
4038 SSL_CIPHER *c = NULL;
4039 SSL_CIPHER *tbl = ssl3_ciphers;
4040 size_t i;
4041
4042 /* this is not efficient, necessary to optimize this? */
4043 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
4044 if (tbl->stdname == NULL)
4045 continue;
4046 if (strcmp(stdname, tbl->stdname) == 0) {
4047 c = tbl;
4048 break;
4049 }
4050 }
4051 if (c == NULL) {
4052 tbl = ssl3_scsvs;
4053 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4054 if (strcmp(stdname, tbl->stdname) == 0) {
4055 c = tbl;
4056 break;
4057 }
4058 }
4059 }
4060 return c;
4061 }
4062
4063 /*
4064 * This function needs to check if the ciphers required are actually
4065 * available
4066 */
4067 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4068 {
4069 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4070 | ((uint32_t)p[0] << 8L)
4071 | (uint32_t)p[1]);
4072 }
4073
4074 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4075 {
4076 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4077 *len = 0;
4078 return 1;
4079 }
4080
4081 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4082 return 0;
4083
4084 *len = 2;
4085 return 1;
4086 }
4087
4088 /*
4089 * ssl3_choose_cipher - choose a cipher from those offered by the client
4090 * @s: SSL connection
4091 * @clnt: ciphers offered by the client
4092 * @srvr: ciphers enabled on the server?
4093 *
4094 * Returns the selected cipher or NULL when no common ciphers.
4095 */
4096 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4097 STACK_OF(SSL_CIPHER) *srvr)
4098 {
4099 const SSL_CIPHER *c, *ret = NULL;
4100 STACK_OF(SSL_CIPHER) *prio, *allow;
4101 int i, ii, ok;
4102 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4103 #ifndef OPENSSL_NO_CHACHA
4104 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4105 #endif
4106
4107 /* Let's see which ciphers we can support */
4108
4109 /*
4110 * Do not set the compare functions, because this may lead to a
4111 * reordering by "id". We want to keep the original ordering. We may pay
4112 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4113 * pay with the price of sk_SSL_CIPHER_dup().
4114 */
4115
4116 #ifdef CIPHER_DEBUG
4117 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4118 (void *)srvr);
4119 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4120 c = sk_SSL_CIPHER_value(srvr, i);
4121 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4122 }
4123 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4124 (void *)clnt);
4125 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4126 c = sk_SSL_CIPHER_value(clnt, i);
4127 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4128 }
4129 #endif
4130
4131 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4132 if (tls1_suiteb(s)) {
4133 prio = srvr;
4134 allow = clnt;
4135 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4136 prio = srvr;
4137 allow = clnt;
4138 #ifndef OPENSSL_NO_CHACHA
4139 /* If ChaCha20 is at the top of the client preference list,
4140 and there are ChaCha20 ciphers in the server list, then
4141 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4142 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4143 c = sk_SSL_CIPHER_value(clnt, 0);
4144 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4145 /* ChaCha20 is client preferred, check server... */
4146 int num = sk_SSL_CIPHER_num(srvr);
4147 int found = 0;
4148 for (i = 0; i < num; i++) {
4149 c = sk_SSL_CIPHER_value(srvr, i);
4150 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4151 found = 1;
4152 break;
4153 }
4154 }
4155 if (found) {
4156 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4157 /* if reserve fails, then there's likely a memory issue */
4158 if (prio_chacha != NULL) {
4159 /* Put all ChaCha20 at the top, starting with the one we just found */
4160 sk_SSL_CIPHER_push(prio_chacha, c);
4161 for (i++; i < num; i++) {
4162 c = sk_SSL_CIPHER_value(srvr, i);
4163 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4164 sk_SSL_CIPHER_push(prio_chacha, c);
4165 }
4166 /* Pull in the rest */
4167 for (i = 0; i < num; i++) {
4168 c = sk_SSL_CIPHER_value(srvr, i);
4169 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4170 sk_SSL_CIPHER_push(prio_chacha, c);
4171 }
4172 prio = prio_chacha;
4173 }
4174 }
4175 }
4176 }
4177 # endif
4178 } else {
4179 prio = clnt;
4180 allow = srvr;
4181 }
4182
4183 if (!SSL_IS_TLS13(s)) {
4184 tls1_set_cert_validity(s);
4185 ssl_set_masks(s);
4186 }
4187
4188 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4189 c = sk_SSL_CIPHER_value(prio, i);
4190
4191 /* Skip ciphers not supported by the protocol version */
4192 if (!SSL_IS_DTLS(s) &&
4193 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4194 continue;
4195 if (SSL_IS_DTLS(s) &&
4196 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4197 DTLS_VERSION_GT(s->version, c->max_dtls)))
4198 continue;
4199
4200 /*
4201 * Since TLS 1.3 ciphersuites can be used with any auth or
4202 * key exchange scheme skip tests.
4203 */
4204 if (!SSL_IS_TLS13(s)) {
4205 mask_k = s->s3->tmp.mask_k;
4206 mask_a = s->s3->tmp.mask_a;
4207 #ifndef OPENSSL_NO_SRP
4208 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4209 mask_k |= SSL_kSRP;
4210 mask_a |= SSL_aSRP;
4211 }
4212 #endif
4213
4214 alg_k = c->algorithm_mkey;
4215 alg_a = c->algorithm_auth;
4216
4217 #ifndef OPENSSL_NO_PSK
4218 /* with PSK there must be server callback set */
4219 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4220 continue;
4221 #endif /* OPENSSL_NO_PSK */
4222
4223 ok = (alg_k & mask_k) && (alg_a & mask_a);
4224 #ifdef CIPHER_DEBUG
4225 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4226 alg_a, mask_k, mask_a, (void *)c, c->name);
4227 #endif
4228
4229 #ifndef OPENSSL_NO_EC
4230 /*
4231 * if we are considering an ECC cipher suite that uses an ephemeral
4232 * EC key check it
4233 */
4234 if (alg_k & SSL_kECDHE)
4235 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4236 #endif /* OPENSSL_NO_EC */
4237
4238 if (!ok)
4239 continue;
4240 }
4241 ii = sk_SSL_CIPHER_find(allow, c);
4242 if (ii >= 0) {
4243 /* Check security callback permits this cipher */
4244 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4245 c->strength_bits, 0, (void *)c))
4246 continue;
4247 #if !defined(OPENSSL_NO_EC)
4248 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4249 && s->s3->is_probably_safari) {
4250 if (!ret)
4251 ret = sk_SSL_CIPHER_value(allow, ii);
4252 continue;
4253 }
4254 #endif
4255 ret = sk_SSL_CIPHER_value(allow, ii);
4256 break;
4257 }
4258 }
4259 #ifndef OPENSSL_NO_CHACHA
4260 sk_SSL_CIPHER_free(prio_chacha);
4261 #endif
4262 return ret;
4263 }
4264
4265 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4266 {
4267 uint32_t alg_k, alg_a = 0;
4268
4269 /* If we have custom certificate types set, use them */
4270 if (s->cert->ctype)
4271 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4272 /* Get mask of algorithms disabled by signature list */
4273 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4274
4275 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4276
4277 #ifndef OPENSSL_NO_GOST
4278 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4279 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4280 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4281 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4282 #endif
4283
4284 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4285 #ifndef OPENSSL_NO_DH
4286 # ifndef OPENSSL_NO_RSA
4287 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4288 return 0;
4289 # endif
4290 # ifndef OPENSSL_NO_DSA
4291 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4292 return 0;
4293 # endif
4294 #endif /* !OPENSSL_NO_DH */
4295 }
4296 #ifndef OPENSSL_NO_RSA
4297 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4298 return 0;
4299 #endif
4300 #ifndef OPENSSL_NO_DSA
4301 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4302 return 0;
4303 #endif
4304 #ifndef OPENSSL_NO_EC
4305 /*
4306 * ECDSA certs can be used with RSA cipher suites too so we don't
4307 * need to check for SSL_kECDH or SSL_kECDHE
4308 */
4309 if (s->version >= TLS1_VERSION
4310 && !(alg_a & SSL_aECDSA)
4311 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4312 return 0;
4313 #endif
4314 return 1;
4315 }
4316
4317 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4318 {
4319 OPENSSL_free(c->ctype);
4320 c->ctype = NULL;
4321 c->ctype_len = 0;
4322 if (p == NULL || len == 0)
4323 return 1;
4324 if (len > 0xff)
4325 return 0;
4326 c->ctype = OPENSSL_memdup(p, len);
4327 if (c->ctype == NULL)
4328 return 0;
4329 c->ctype_len = len;
4330 return 1;
4331 }
4332
4333 int ssl3_shutdown(SSL *s)
4334 {
4335 int ret;
4336
4337 /*
4338 * Don't do anything much if we have not done the handshake or we don't
4339 * want to send messages :-)
4340 */
4341 if (s->quiet_shutdown || SSL_in_before(s)) {
4342 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4343 return 1;
4344 }
4345
4346 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4347 s->shutdown |= SSL_SENT_SHUTDOWN;
4348 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4349 /*
4350 * our shutdown alert has been sent now, and if it still needs to be
4351 * written, s->s3->alert_dispatch will be true
4352 */
4353 if (s->s3->alert_dispatch)
4354 return -1; /* return WANT_WRITE */
4355 } else if (s->s3->alert_dispatch) {
4356 /* resend it if not sent */
4357 ret = s->method->ssl_dispatch_alert(s);
4358 if (ret == -1) {
4359 /*
4360 * we only get to return -1 here the 2nd/Nth invocation, we must
4361 * have already signalled return 0 upon a previous invocation,
4362 * return WANT_WRITE
4363 */
4364 return ret;
4365 }
4366 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4367 size_t readbytes;
4368 /*
4369 * If we are waiting for a close from our peer, we are closed
4370 */
4371 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4372 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4373 return -1; /* return WANT_READ */
4374 }
4375 }
4376
4377 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4378 !s->s3->alert_dispatch)
4379 return 1;
4380 else
4381 return 0;
4382 }
4383
4384 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4385 {
4386 clear_sys_error();
4387 if (s->s3->renegotiate)
4388 ssl3_renegotiate_check(s, 0);
4389
4390 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4391 written);
4392 }
4393
4394 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4395 size_t *readbytes)
4396 {
4397 int ret;
4398
4399 clear_sys_error();
4400 if (s->s3->renegotiate)
4401 ssl3_renegotiate_check(s, 0);
4402 s->s3->in_read_app_data = 1;
4403 ret =
4404 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4405 peek, readbytes);
4406 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4407 /*
4408 * ssl3_read_bytes decided to call s->handshake_func, which called
4409 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4410 * actually found application data and thinks that application data
4411 * makes sense here; so disable handshake processing and try to read
4412 * application data again.
4413 */
4414 ossl_statem_set_in_handshake(s, 1);
4415 ret =
4416 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4417 len, peek, readbytes);
4418 ossl_statem_set_in_handshake(s, 0);
4419 } else
4420 s->s3->in_read_app_data = 0;
4421
4422 return ret;
4423 }
4424
4425 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4426 {
4427 return ssl3_read_internal(s, buf, len, 0, readbytes);
4428 }
4429
4430 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4431 {
4432 return ssl3_read_internal(s, buf, len, 1, readbytes);
4433 }
4434
4435 int ssl3_renegotiate(SSL *s)
4436 {
4437 if (s->handshake_func == NULL)
4438 return 1;
4439
4440 s->s3->renegotiate = 1;
4441 return 1;
4442 }
4443
4444 /*
4445 * Check if we are waiting to do a renegotiation and if so whether now is a
4446 * good time to do it. If |initok| is true then we are being called from inside
4447 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4448 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4449 * should do a renegotiation now and sets up the state machine for it. Otherwise
4450 * returns 0.
4451 */
4452 int ssl3_renegotiate_check(SSL *s, int initok)
4453 {
4454 int ret = 0;
4455
4456 if (s->s3->renegotiate) {
4457 if (!RECORD_LAYER_read_pending(&s->rlayer)
4458 && !RECORD_LAYER_write_pending(&s->rlayer)
4459 && (initok || !SSL_in_init(s))) {
4460 /*
4461 * if we are the server, and we have sent a 'RENEGOTIATE'
4462 * message, we need to set the state machine into the renegotiate
4463 * state.
4464 */
4465 ossl_statem_set_renegotiate(s);
4466 s->s3->renegotiate = 0;
4467 s->s3->num_renegotiations++;
4468 s->s3->total_renegotiations++;
4469 ret = 1;
4470 }
4471 }
4472 return ret;
4473 }
4474
4475 /*
4476 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4477 * handshake macs if required.
4478 *
4479 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4480 */
4481 long ssl_get_algorithm2(SSL *s)
4482 {
4483 long alg2;
4484 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4485 return -1;
4486 alg2 = s->s3->tmp.new_cipher->algorithm2;
4487 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4488 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4489 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4490 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4491 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4492 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4493 }
4494 return alg2;
4495 }
4496
4497 /*
4498 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4499 * failure, 1 on success.
4500 */
4501 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4502 DOWNGRADE dgrd)
4503 {
4504 int send_time = 0, ret;
4505
4506 if (len < 4)
4507 return 0;
4508 if (server)
4509 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4510 else
4511 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4512 if (send_time) {
4513 unsigned long Time = (unsigned long)time(NULL);
4514 unsigned char *p = result;
4515
4516 l2n(Time, p);
4517 ret = ssl_randbytes(s, p, len - 4);
4518 } else {
4519 ret = ssl_randbytes(s, result, len);
4520 }
4521 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4522 if (ret) {
4523 if (!ossl_assert(sizeof(tls11downgrade) < len)
4524 || !ossl_assert(sizeof(tls12downgrade) < len))
4525 return 0;
4526 if (dgrd == DOWNGRADE_TO_1_2)
4527 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4528 sizeof(tls12downgrade));
4529 else if (dgrd == DOWNGRADE_TO_1_1)
4530 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4531 sizeof(tls11downgrade));
4532 }
4533 #endif
4534 return ret;
4535 }
4536
4537 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4538 int free_pms)
4539 {
4540 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4541 int ret = 0;
4542
4543 if (alg_k & SSL_PSK) {
4544 #ifndef OPENSSL_NO_PSK
4545 unsigned char *pskpms, *t;
4546 size_t psklen = s->s3->tmp.psklen;
4547 size_t pskpmslen;
4548
4549 /* create PSK premaster_secret */
4550
4551 /* For plain PSK "other_secret" is psklen zeroes */
4552 if (alg_k & SSL_kPSK)
4553 pmslen = psklen;
4554
4555 pskpmslen = 4 + pmslen + psklen;
4556 pskpms = OPENSSL_malloc(pskpmslen);
4557 if (pskpms == NULL)
4558 goto err;
4559 t = pskpms;
4560 s2n(pmslen, t);
4561 if (alg_k & SSL_kPSK)
4562 memset(t, 0, pmslen);
4563 else
4564 memcpy(t, pms, pmslen);
4565 t += pmslen;
4566 s2n(psklen, t);
4567 memcpy(t, s->s3->tmp.psk, psklen);
4568
4569 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4570 s->s3->tmp.psk = NULL;
4571 if (!s->method->ssl3_enc->generate_master_secret(s,
4572 s->session->master_key,pskpms, pskpmslen,
4573 &s->session->master_key_length)) {
4574 /* SSLfatal() already called */
4575 goto err;
4576 }
4577 OPENSSL_clear_free(pskpms, pskpmslen);
4578 #else
4579 /* Should never happen */
4580 goto err;
4581 #endif
4582 } else {
4583 if (!s->method->ssl3_enc->generate_master_secret(s,
4584 s->session->master_key, pms, pmslen,
4585 &s->session->master_key_length)) {
4586 /* SSLfatal() already called */
4587 goto err;
4588 }
4589 }
4590
4591 ret = 1;
4592 err:
4593 if (pms) {
4594 if (free_pms)
4595 OPENSSL_clear_free(pms, pmslen);
4596 else
4597 OPENSSL_cleanse(pms, pmslen);
4598 }
4599 if (s->server == 0)
4600 s->s3->tmp.pms = NULL;
4601 return ret;
4602 }
4603
4604 /* Generate a private key from parameters */
4605 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4606 {
4607 EVP_PKEY_CTX *pctx = NULL;
4608 EVP_PKEY *pkey = NULL;
4609
4610 if (pm == NULL)
4611 return NULL;
4612 pctx = EVP_PKEY_CTX_new(pm, NULL);
4613 if (pctx == NULL)
4614 goto err;
4615 if (EVP_PKEY_keygen_init(pctx) <= 0)
4616 goto err;
4617 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4618 EVP_PKEY_free(pkey);
4619 pkey = NULL;
4620 }
4621
4622 err:
4623 EVP_PKEY_CTX_free(pctx);
4624 return pkey;
4625 }
4626 #ifndef OPENSSL_NO_EC
4627 /* Generate a private key from a group ID */
4628 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4629 {
4630 EVP_PKEY_CTX *pctx = NULL;
4631 EVP_PKEY *pkey = NULL;
4632 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4633 uint16_t gtype;
4634
4635 if (ginf == NULL) {
4636 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4637 ERR_R_INTERNAL_ERROR);
4638 goto err;
4639 }
4640 gtype = ginf->flags & TLS_CURVE_TYPE;
4641 if (gtype == TLS_CURVE_CUSTOM)
4642 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4643 else
4644 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4645 if (pctx == NULL) {
4646 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4647 ERR_R_MALLOC_FAILURE);
4648 goto err;
4649 }
4650 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4651 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4652 ERR_R_EVP_LIB);
4653 goto err;
4654 }
4655 if (gtype != TLS_CURVE_CUSTOM
4656 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4657 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4658 ERR_R_EVP_LIB);
4659 goto err;
4660 }
4661 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4662 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4663 ERR_R_EVP_LIB);
4664 EVP_PKEY_free(pkey);
4665 pkey = NULL;
4666 }
4667
4668 err:
4669 EVP_PKEY_CTX_free(pctx);
4670 return pkey;
4671 }
4672
4673 /*
4674 * Generate parameters from a group ID
4675 */
4676 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4677 {
4678 EVP_PKEY_CTX *pctx = NULL;
4679 EVP_PKEY *pkey = NULL;
4680 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4681
4682 if (ginf == NULL)
4683 goto err;
4684
4685 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4686 pkey = EVP_PKEY_new();
4687 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4688 return pkey;
4689 EVP_PKEY_free(pkey);
4690 return NULL;
4691 }
4692
4693 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4694 if (pctx == NULL)
4695 goto err;
4696 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4697 goto err;
4698 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4699 goto err;
4700 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4701 EVP_PKEY_free(pkey);
4702 pkey = NULL;
4703 }
4704
4705 err:
4706 EVP_PKEY_CTX_free(pctx);
4707 return pkey;
4708 }
4709 #endif
4710
4711 /* Derive secrets for ECDH/DH */
4712 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4713 {
4714 int rv = 0;
4715 unsigned char *pms = NULL;
4716 size_t pmslen = 0;
4717 EVP_PKEY_CTX *pctx;
4718
4719 if (privkey == NULL || pubkey == NULL) {
4720 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4721 ERR_R_INTERNAL_ERROR);
4722 return 0;
4723 }
4724
4725 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4726
4727 if (EVP_PKEY_derive_init(pctx) <= 0
4728 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4729 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4730 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4731 ERR_R_INTERNAL_ERROR);
4732 goto err;
4733 }
4734
4735 pms = OPENSSL_malloc(pmslen);
4736 if (pms == NULL) {
4737 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4738 ERR_R_MALLOC_FAILURE);
4739 goto err;
4740 }
4741
4742 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4743 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4744 ERR_R_INTERNAL_ERROR);
4745 goto err;
4746 }
4747
4748 if (gensecret) {
4749 /* SSLfatal() called as appropriate in the below functions */
4750 if (SSL_IS_TLS13(s)) {
4751 /*
4752 * If we are resuming then we already generated the early secret
4753 * when we created the ClientHello, so don't recreate it.
4754 */
4755 if (!s->hit)
4756 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4757 0,
4758 (unsigned char *)&s->early_secret);
4759 else
4760 rv = 1;
4761
4762 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4763 } else {
4764 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4765 }
4766 } else {
4767 /* Save premaster secret */
4768 s->s3->tmp.pms = pms;
4769 s->s3->tmp.pmslen = pmslen;
4770 pms = NULL;
4771 rv = 1;
4772 }
4773
4774 err:
4775 OPENSSL_clear_free(pms, pmslen);
4776 EVP_PKEY_CTX_free(pctx);
4777 return rv;
4778 }
4779
4780 #ifndef OPENSSL_NO_DH
4781 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4782 {
4783 EVP_PKEY *ret;
4784 if (dh == NULL)
4785 return NULL;
4786 ret = EVP_PKEY_new();
4787 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4788 EVP_PKEY_free(ret);
4789 return NULL;
4790 }
4791 return ret;
4792 }
4793 #endif
A mirror of the official openssl repository