2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
58 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
61 * The list of available ciphers, mostly organized into the following
66 * SRP (within that: RSA EC PSK)
67 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
70 static SSL_CIPHER ssl3_ciphers
[] = {
73 SSL3_TXT_RSA_NULL_MD5
,
79 SSL3_VERSION
, TLS1_2_VERSION
,
80 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
82 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
88 SSL3_TXT_RSA_NULL_SHA
,
94 SSL3_VERSION
, TLS1_2_VERSION
,
95 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
96 SSL_STRONG_NONE
| SSL_FIPS
,
97 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
101 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
104 SSL3_TXT_RSA_DES_192_CBC3_SHA
,
105 SSL3_CK_RSA_DES_192_CBC3_SHA
,
110 SSL3_VERSION
, TLS1_2_VERSION
,
111 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
112 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
113 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
119 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA
,
120 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
,
125 SSL3_VERSION
, TLS1_2_VERSION
,
126 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
127 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
128 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
134 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA
,
135 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
,
140 SSL3_VERSION
, TLS1_2_VERSION
,
141 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
142 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
143 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
149 SSL3_TXT_ADH_DES_192_CBC_SHA
,
150 SSL3_CK_ADH_DES_192_CBC_SHA
,
155 SSL3_VERSION
, TLS1_2_VERSION
,
156 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
157 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
158 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
165 TLS1_TXT_RSA_WITH_AES_128_SHA
,
166 TLS1_CK_RSA_WITH_AES_128_SHA
,
171 SSL3_VERSION
, TLS1_2_VERSION
,
172 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
174 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
180 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA
,
181 TLS1_CK_DHE_DSS_WITH_AES_128_SHA
,
186 SSL3_VERSION
, TLS1_2_VERSION
,
187 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
188 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
189 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
195 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
196 TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
201 SSL3_VERSION
, TLS1_2_VERSION
,
202 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
204 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
210 TLS1_TXT_ADH_WITH_AES_128_SHA
,
211 TLS1_CK_ADH_WITH_AES_128_SHA
,
216 SSL3_VERSION
, TLS1_2_VERSION
,
217 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
218 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
219 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
225 TLS1_TXT_RSA_WITH_AES_256_SHA
,
226 TLS1_CK_RSA_WITH_AES_256_SHA
,
231 SSL3_VERSION
, TLS1_2_VERSION
,
232 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
234 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
240 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA
,
241 TLS1_CK_DHE_DSS_WITH_AES_256_SHA
,
246 SSL3_VERSION
, TLS1_2_VERSION
,
247 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
248 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
249 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
255 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
256 TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
261 SSL3_VERSION
, TLS1_2_VERSION
,
262 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
264 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
270 TLS1_TXT_ADH_WITH_AES_256_SHA
,
271 TLS1_CK_ADH_WITH_AES_256_SHA
,
276 SSL3_VERSION
, TLS1_2_VERSION
,
277 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
278 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
279 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
285 TLS1_TXT_RSA_WITH_NULL_SHA256
,
286 TLS1_CK_RSA_WITH_NULL_SHA256
,
291 TLS1_2_VERSION
, TLS1_2_VERSION
,
292 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
293 SSL_STRONG_NONE
| SSL_FIPS
,
294 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
300 TLS1_TXT_RSA_WITH_AES_128_SHA256
,
301 TLS1_CK_RSA_WITH_AES_128_SHA256
,
306 TLS1_2_VERSION
, TLS1_2_VERSION
,
307 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
309 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
315 TLS1_TXT_RSA_WITH_AES_256_SHA256
,
316 TLS1_CK_RSA_WITH_AES_256_SHA256
,
321 TLS1_2_VERSION
, TLS1_2_VERSION
,
322 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
324 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
330 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256
,
331 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256
,
336 TLS1_2_VERSION
, TLS1_2_VERSION
,
337 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
338 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
339 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
345 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
346 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
351 TLS1_2_VERSION
, TLS1_2_VERSION
,
352 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
354 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
360 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256
,
361 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256
,
366 TLS1_2_VERSION
, TLS1_2_VERSION
,
367 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
368 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
369 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
375 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
376 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
381 TLS1_2_VERSION
, TLS1_2_VERSION
,
382 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
384 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
390 TLS1_TXT_ADH_WITH_AES_128_SHA256
,
391 TLS1_CK_ADH_WITH_AES_128_SHA256
,
396 TLS1_2_VERSION
, TLS1_2_VERSION
,
397 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
398 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
399 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
405 TLS1_TXT_ADH_WITH_AES_256_SHA256
,
406 TLS1_CK_ADH_WITH_AES_256_SHA256
,
411 TLS1_2_VERSION
, TLS1_2_VERSION
,
412 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
413 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
414 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
420 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
421 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
426 TLS1_2_VERSION
, TLS1_2_VERSION
,
427 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
429 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
435 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
436 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
441 TLS1_2_VERSION
, TLS1_2_VERSION
,
442 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
444 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
450 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
451 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
456 TLS1_2_VERSION
, TLS1_2_VERSION
,
457 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
459 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
465 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
466 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
471 TLS1_2_VERSION
, TLS1_2_VERSION
,
472 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
474 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
480 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256
,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256
,
486 TLS1_2_VERSION
, TLS1_2_VERSION
,
487 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
488 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
489 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384
,
496 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384
,
501 TLS1_2_VERSION
, TLS1_2_VERSION
,
502 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
503 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
504 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
510 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
511 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
516 TLS1_2_VERSION
, TLS1_2_VERSION
,
517 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
518 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
519 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
525 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
526 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
531 TLS1_2_VERSION
, TLS1_2_VERSION
,
532 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
533 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
534 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
540 TLS1_TXT_RSA_WITH_AES_128_CCM
,
541 TLS1_CK_RSA_WITH_AES_128_CCM
,
546 TLS1_2_VERSION
, TLS1_2_VERSION
,
547 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
548 SSL_NOT_DEFAULT
| SSL_HIGH
,
549 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
555 TLS1_TXT_RSA_WITH_AES_256_CCM
,
556 TLS1_CK_RSA_WITH_AES_256_CCM
,
561 TLS1_2_VERSION
, TLS1_2_VERSION
,
562 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
563 SSL_NOT_DEFAULT
| SSL_HIGH
,
564 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
570 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM
,
571 TLS1_CK_DHE_RSA_WITH_AES_128_CCM
,
576 TLS1_2_VERSION
, TLS1_2_VERSION
,
577 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
578 SSL_NOT_DEFAULT
| SSL_HIGH
,
579 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
585 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM
,
586 TLS1_CK_DHE_RSA_WITH_AES_256_CCM
,
591 TLS1_2_VERSION
, TLS1_2_VERSION
,
592 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
593 SSL_NOT_DEFAULT
| SSL_HIGH
,
594 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
600 TLS1_TXT_RSA_WITH_AES_128_CCM_8
,
601 TLS1_CK_RSA_WITH_AES_128_CCM_8
,
606 TLS1_2_VERSION
, TLS1_2_VERSION
,
607 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
608 SSL_NOT_DEFAULT
| SSL_HIGH
,
609 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
615 TLS1_TXT_RSA_WITH_AES_256_CCM_8
,
616 TLS1_CK_RSA_WITH_AES_256_CCM_8
,
621 TLS1_2_VERSION
, TLS1_2_VERSION
,
622 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
623 SSL_NOT_DEFAULT
| SSL_HIGH
,
624 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
630 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8
,
631 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8
,
636 TLS1_2_VERSION
, TLS1_2_VERSION
,
637 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
638 SSL_NOT_DEFAULT
| SSL_HIGH
,
639 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
645 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8
,
646 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8
,
651 TLS1_2_VERSION
, TLS1_2_VERSION
,
652 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
653 SSL_NOT_DEFAULT
| SSL_HIGH
,
654 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
660 TLS1_TXT_PSK_WITH_AES_128_CCM
,
661 TLS1_CK_PSK_WITH_AES_128_CCM
,
666 TLS1_2_VERSION
, TLS1_2_VERSION
,
667 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
668 SSL_NOT_DEFAULT
| SSL_HIGH
,
669 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
675 TLS1_TXT_PSK_WITH_AES_256_CCM
,
676 TLS1_CK_PSK_WITH_AES_256_CCM
,
681 TLS1_2_VERSION
, TLS1_2_VERSION
,
682 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
683 SSL_NOT_DEFAULT
| SSL_HIGH
,
684 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
690 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM
,
691 TLS1_CK_DHE_PSK_WITH_AES_128_CCM
,
696 TLS1_2_VERSION
, TLS1_2_VERSION
,
697 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
698 SSL_NOT_DEFAULT
| SSL_HIGH
,
699 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
705 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM
,
706 TLS1_CK_DHE_PSK_WITH_AES_256_CCM
,
711 TLS1_2_VERSION
, TLS1_2_VERSION
,
712 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
713 SSL_NOT_DEFAULT
| SSL_HIGH
,
714 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
720 TLS1_TXT_PSK_WITH_AES_128_CCM_8
,
721 TLS1_CK_PSK_WITH_AES_128_CCM_8
,
726 TLS1_2_VERSION
, TLS1_2_VERSION
,
727 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
728 SSL_NOT_DEFAULT
| SSL_HIGH
,
729 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
735 TLS1_TXT_PSK_WITH_AES_256_CCM_8
,
736 TLS1_CK_PSK_WITH_AES_256_CCM_8
,
741 TLS1_2_VERSION
, TLS1_2_VERSION
,
742 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
743 SSL_NOT_DEFAULT
| SSL_HIGH
,
744 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
750 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8
,
751 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8
,
756 TLS1_2_VERSION
, TLS1_2_VERSION
,
757 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
758 SSL_NOT_DEFAULT
| SSL_HIGH
,
759 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
765 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8
,
766 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8
,
771 TLS1_2_VERSION
, TLS1_2_VERSION
,
772 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
773 SSL_NOT_DEFAULT
| SSL_HIGH
,
774 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
780 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM
,
781 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM
,
786 TLS1_2_VERSION
, TLS1_2_VERSION
,
787 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
788 SSL_NOT_DEFAULT
| SSL_HIGH
,
789 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
795 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM
,
796 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM
,
801 TLS1_2_VERSION
, TLS1_2_VERSION
,
802 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
803 SSL_NOT_DEFAULT
| SSL_HIGH
,
804 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
810 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
811 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
816 TLS1_2_VERSION
, TLS1_2_VERSION
,
817 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
818 SSL_NOT_DEFAULT
| SSL_HIGH
,
819 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
825 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
826 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
831 TLS1_2_VERSION
, TLS1_2_VERSION
,
832 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
833 SSL_NOT_DEFAULT
| SSL_HIGH
,
834 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
840 TLS1_3_TXT_AES_128_GCM_SHA256
,
841 TLS1_3_CK_AES_128_GCM_SHA256
,
845 TLS1_3_VERSION
, TLS1_3_VERSION
,
849 SSL_HANDSHAKE_MAC_SHA256
,
855 TLS1_3_TXT_AES_256_GCM_SHA384
,
856 TLS1_3_CK_AES_256_GCM_SHA384
,
861 TLS1_3_VERSION
, TLS1_3_VERSION
,
864 SSL_HANDSHAKE_MAC_SHA384
,
868 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
871 TLS1_3_TXT_CHACHA20_POLY1305_SHA256
,
872 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
875 SSL_CHACHA20POLY1305
,
877 TLS1_3_VERSION
, TLS1_3_VERSION
,
880 SSL_HANDSHAKE_MAC_SHA256
,
887 TLS1_3_TXT_AES_128_CCM_SHA256
,
888 TLS1_3_CK_AES_128_CCM_SHA256
,
893 TLS1_3_VERSION
, TLS1_3_VERSION
,
895 SSL_NOT_DEFAULT
| SSL_HIGH
,
896 SSL_HANDSHAKE_MAC_SHA256
,
902 TLS1_3_TXT_AES_128_CCM_8_SHA256
,
903 TLS1_3_CK_AES_128_CCM_8_SHA256
,
908 TLS1_3_VERSION
, TLS1_3_VERSION
,
910 SSL_NOT_DEFAULT
| SSL_HIGH
,
911 SSL_HANDSHAKE_MAC_SHA256
,
916 #ifndef OPENSSL_NO_EC
919 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
920 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
925 SSL3_VERSION
, TLS1_2_VERSION
,
926 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
927 SSL_STRONG_NONE
| SSL_FIPS
,
928 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
932 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
935 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
936 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
941 SSL3_VERSION
, TLS1_2_VERSION
,
942 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
943 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
944 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
951 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
952 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
957 SSL3_VERSION
, TLS1_2_VERSION
,
958 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
960 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
966 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
967 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
972 SSL3_VERSION
, TLS1_2_VERSION
,
973 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
975 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
981 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
982 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
987 SSL3_VERSION
, TLS1_2_VERSION
,
988 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
989 SSL_STRONG_NONE
| SSL_FIPS
,
990 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
994 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
997 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
998 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1003 SSL3_VERSION
, TLS1_2_VERSION
,
1004 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1005 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1006 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1013 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1014 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1019 SSL3_VERSION
, TLS1_2_VERSION
,
1020 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1021 SSL_HIGH
| SSL_FIPS
,
1022 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1028 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1029 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1034 SSL3_VERSION
, TLS1_2_VERSION
,
1035 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1036 SSL_HIGH
| SSL_FIPS
,
1037 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1043 TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1044 TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1049 SSL3_VERSION
, TLS1_2_VERSION
,
1050 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1051 SSL_STRONG_NONE
| SSL_FIPS
,
1052 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1056 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1059 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1060 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1065 SSL3_VERSION
, TLS1_2_VERSION
,
1066 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1067 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1068 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1075 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1076 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1081 SSL3_VERSION
, TLS1_2_VERSION
,
1082 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1083 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1084 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1090 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1091 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1096 SSL3_VERSION
, TLS1_2_VERSION
,
1097 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1098 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1099 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1105 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1106 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1111 TLS1_2_VERSION
, TLS1_2_VERSION
,
1112 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1113 SSL_HIGH
| SSL_FIPS
,
1114 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1120 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1121 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1126 TLS1_2_VERSION
, TLS1_2_VERSION
,
1127 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1128 SSL_HIGH
| SSL_FIPS
,
1129 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1135 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1136 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1141 TLS1_2_VERSION
, TLS1_2_VERSION
,
1142 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1143 SSL_HIGH
| SSL_FIPS
,
1144 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1150 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1151 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1156 TLS1_2_VERSION
, TLS1_2_VERSION
,
1157 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1158 SSL_HIGH
| SSL_FIPS
,
1159 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1165 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1166 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1171 TLS1_2_VERSION
, TLS1_2_VERSION
,
1172 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1173 SSL_HIGH
| SSL_FIPS
,
1174 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1180 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1181 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1186 TLS1_2_VERSION
, TLS1_2_VERSION
,
1187 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1188 SSL_HIGH
| SSL_FIPS
,
1189 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1195 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1196 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1201 TLS1_2_VERSION
, TLS1_2_VERSION
,
1202 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1203 SSL_HIGH
| SSL_FIPS
,
1204 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1210 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1211 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1216 TLS1_2_VERSION
, TLS1_2_VERSION
,
1217 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1218 SSL_HIGH
| SSL_FIPS
,
1219 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1223 #endif /* OPENSSL_NO_EC */
1225 #ifndef OPENSSL_NO_PSK
1228 TLS1_TXT_PSK_WITH_NULL_SHA
,
1229 TLS1_CK_PSK_WITH_NULL_SHA
,
1234 SSL3_VERSION
, TLS1_2_VERSION
,
1235 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1236 SSL_STRONG_NONE
| SSL_FIPS
,
1237 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1243 TLS1_TXT_DHE_PSK_WITH_NULL_SHA
,
1244 TLS1_CK_DHE_PSK_WITH_NULL_SHA
,
1249 SSL3_VERSION
, TLS1_2_VERSION
,
1250 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1251 SSL_STRONG_NONE
| SSL_FIPS
,
1252 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1258 TLS1_TXT_RSA_PSK_WITH_NULL_SHA
,
1259 TLS1_CK_RSA_PSK_WITH_NULL_SHA
,
1264 SSL3_VERSION
, TLS1_2_VERSION
,
1265 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1266 SSL_STRONG_NONE
| SSL_FIPS
,
1267 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1271 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1274 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA
,
1275 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA
,
1280 SSL3_VERSION
, TLS1_2_VERSION
,
1281 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1282 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1283 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1290 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA
,
1291 TLS1_CK_PSK_WITH_AES_128_CBC_SHA
,
1296 SSL3_VERSION
, TLS1_2_VERSION
,
1297 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1298 SSL_HIGH
| SSL_FIPS
,
1299 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1305 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA
,
1306 TLS1_CK_PSK_WITH_AES_256_CBC_SHA
,
1311 SSL3_VERSION
, TLS1_2_VERSION
,
1312 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1313 SSL_HIGH
| SSL_FIPS
,
1314 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1318 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1321 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1322 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1327 SSL3_VERSION
, TLS1_2_VERSION
,
1328 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1329 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1330 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1337 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA
,
1338 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA
,
1343 SSL3_VERSION
, TLS1_2_VERSION
,
1344 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1345 SSL_HIGH
| SSL_FIPS
,
1346 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1352 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA
,
1353 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA
,
1358 SSL3_VERSION
, TLS1_2_VERSION
,
1359 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1360 SSL_HIGH
| SSL_FIPS
,
1361 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1365 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1368 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1369 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1374 SSL3_VERSION
, TLS1_2_VERSION
,
1375 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1376 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1377 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1384 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA
,
1385 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA
,
1390 SSL3_VERSION
, TLS1_2_VERSION
,
1391 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1392 SSL_HIGH
| SSL_FIPS
,
1393 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1399 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA
,
1400 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA
,
1405 SSL3_VERSION
, TLS1_2_VERSION
,
1406 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1407 SSL_HIGH
| SSL_FIPS
,
1408 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1414 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256
,
1415 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256
,
1420 TLS1_2_VERSION
, TLS1_2_VERSION
,
1421 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1422 SSL_HIGH
| SSL_FIPS
,
1423 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1429 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384
,
1430 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384
,
1435 TLS1_2_VERSION
, TLS1_2_VERSION
,
1436 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1437 SSL_HIGH
| SSL_FIPS
,
1438 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1444 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1445 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1450 TLS1_2_VERSION
, TLS1_2_VERSION
,
1451 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1452 SSL_HIGH
| SSL_FIPS
,
1453 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1459 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1460 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1465 TLS1_2_VERSION
, TLS1_2_VERSION
,
1466 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1467 SSL_HIGH
| SSL_FIPS
,
1468 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1474 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1475 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1480 TLS1_2_VERSION
, TLS1_2_VERSION
,
1481 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1482 SSL_HIGH
| SSL_FIPS
,
1483 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1489 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1490 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1495 TLS1_2_VERSION
, TLS1_2_VERSION
,
1496 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1497 SSL_HIGH
| SSL_FIPS
,
1498 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1504 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256
,
1505 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256
,
1510 TLS1_VERSION
, TLS1_2_VERSION
,
1511 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1512 SSL_HIGH
| SSL_FIPS
,
1513 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1519 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384
,
1520 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384
,
1525 TLS1_VERSION
, TLS1_2_VERSION
,
1526 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1527 SSL_HIGH
| SSL_FIPS
,
1528 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1534 TLS1_TXT_PSK_WITH_NULL_SHA256
,
1535 TLS1_CK_PSK_WITH_NULL_SHA256
,
1540 TLS1_VERSION
, TLS1_2_VERSION
,
1541 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1542 SSL_STRONG_NONE
| SSL_FIPS
,
1543 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1549 TLS1_TXT_PSK_WITH_NULL_SHA384
,
1550 TLS1_CK_PSK_WITH_NULL_SHA384
,
1555 TLS1_VERSION
, TLS1_2_VERSION
,
1556 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1557 SSL_STRONG_NONE
| SSL_FIPS
,
1558 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1564 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1565 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1570 TLS1_VERSION
, TLS1_2_VERSION
,
1571 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1572 SSL_HIGH
| SSL_FIPS
,
1573 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1579 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1580 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1585 TLS1_VERSION
, TLS1_2_VERSION
,
1586 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1587 SSL_HIGH
| SSL_FIPS
,
1588 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1594 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256
,
1595 TLS1_CK_DHE_PSK_WITH_NULL_SHA256
,
1600 TLS1_VERSION
, TLS1_2_VERSION
,
1601 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1602 SSL_STRONG_NONE
| SSL_FIPS
,
1603 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1609 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384
,
1610 TLS1_CK_DHE_PSK_WITH_NULL_SHA384
,
1615 TLS1_VERSION
, TLS1_2_VERSION
,
1616 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1617 SSL_STRONG_NONE
| SSL_FIPS
,
1618 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1624 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1625 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1630 TLS1_VERSION
, TLS1_2_VERSION
,
1631 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1632 SSL_HIGH
| SSL_FIPS
,
1633 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1639 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1640 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1645 TLS1_VERSION
, TLS1_2_VERSION
,
1646 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1647 SSL_HIGH
| SSL_FIPS
,
1648 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1654 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256
,
1655 TLS1_CK_RSA_PSK_WITH_NULL_SHA256
,
1660 TLS1_VERSION
, TLS1_2_VERSION
,
1661 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1662 SSL_STRONG_NONE
| SSL_FIPS
,
1663 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1669 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384
,
1670 TLS1_CK_RSA_PSK_WITH_NULL_SHA384
,
1675 TLS1_VERSION
, TLS1_2_VERSION
,
1676 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1677 SSL_STRONG_NONE
| SSL_FIPS
,
1678 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1682 # ifndef OPENSSL_NO_EC
1683 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1686 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1687 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1692 SSL3_VERSION
, TLS1_2_VERSION
,
1693 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1694 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1695 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1702 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1703 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1708 SSL3_VERSION
, TLS1_2_VERSION
,
1709 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1710 SSL_HIGH
| SSL_FIPS
,
1711 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1717 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1718 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1723 SSL3_VERSION
, TLS1_2_VERSION
,
1724 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1725 SSL_HIGH
| SSL_FIPS
,
1726 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1732 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1733 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1738 TLS1_VERSION
, TLS1_2_VERSION
,
1739 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1740 SSL_HIGH
| SSL_FIPS
,
1741 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1747 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1748 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1753 TLS1_VERSION
, TLS1_2_VERSION
,
1754 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1755 SSL_HIGH
| SSL_FIPS
,
1756 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1762 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA
,
1763 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA
,
1768 SSL3_VERSION
, TLS1_2_VERSION
,
1769 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1770 SSL_STRONG_NONE
| SSL_FIPS
,
1771 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1777 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256
,
1778 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256
,
1783 TLS1_VERSION
, TLS1_2_VERSION
,
1784 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1785 SSL_STRONG_NONE
| SSL_FIPS
,
1786 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1792 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384
,
1793 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384
,
1798 TLS1_VERSION
, TLS1_2_VERSION
,
1799 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1800 SSL_STRONG_NONE
| SSL_FIPS
,
1801 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1805 # endif /* OPENSSL_NO_EC */
1806 #endif /* OPENSSL_NO_PSK */
1808 #ifndef OPENSSL_NO_SRP
1809 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1812 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1813 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1818 SSL3_VERSION
, TLS1_2_VERSION
,
1819 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1820 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1821 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1827 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1828 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1833 SSL3_VERSION
, TLS1_2_VERSION
,
1834 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1835 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1836 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1842 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1843 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1848 SSL3_VERSION
, TLS1_2_VERSION
,
1849 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1850 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1851 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1858 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA
,
1859 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA
,
1864 SSL3_VERSION
, TLS1_2_VERSION
,
1865 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1867 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1873 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1874 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1879 SSL3_VERSION
, TLS1_2_VERSION
,
1880 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1882 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1888 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1889 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1894 SSL3_VERSION
, TLS1_2_VERSION
,
1895 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1896 SSL_NOT_DEFAULT
| SSL_HIGH
,
1897 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1903 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA
,
1904 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA
,
1909 SSL3_VERSION
, TLS1_2_VERSION
,
1910 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1912 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1918 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
1919 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
1924 SSL3_VERSION
, TLS1_2_VERSION
,
1925 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1927 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1933 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
1934 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
1939 SSL3_VERSION
, TLS1_2_VERSION
,
1940 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1941 SSL_NOT_DEFAULT
| SSL_HIGH
,
1942 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1946 #endif /* OPENSSL_NO_SRP */
1948 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1949 # ifndef OPENSSL_NO_RSA
1952 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
1953 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305
,
1956 SSL_CHACHA20POLY1305
,
1958 TLS1_2_VERSION
, TLS1_2_VERSION
,
1959 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1961 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1965 # endif /* OPENSSL_NO_RSA */
1967 # ifndef OPENSSL_NO_EC
1970 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
1971 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
1974 SSL_CHACHA20POLY1305
,
1976 TLS1_2_VERSION
, TLS1_2_VERSION
,
1977 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1979 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1985 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
1986 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
1989 SSL_CHACHA20POLY1305
,
1991 TLS1_2_VERSION
, TLS1_2_VERSION
,
1992 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1994 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1998 # endif /* OPENSSL_NO_EC */
2000 # ifndef OPENSSL_NO_PSK
2003 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305
,
2004 TLS1_CK_PSK_WITH_CHACHA20_POLY1305
,
2007 SSL_CHACHA20POLY1305
,
2009 TLS1_2_VERSION
, TLS1_2_VERSION
,
2010 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2012 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2018 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2019 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2022 SSL_CHACHA20POLY1305
,
2024 TLS1_2_VERSION
, TLS1_2_VERSION
,
2025 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2027 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2033 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305
,
2034 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305
,
2037 SSL_CHACHA20POLY1305
,
2039 TLS1_2_VERSION
, TLS1_2_VERSION
,
2040 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2042 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2048 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305
,
2049 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305
,
2052 SSL_CHACHA20POLY1305
,
2054 TLS1_2_VERSION
, TLS1_2_VERSION
,
2055 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2057 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2061 # endif /* OPENSSL_NO_PSK */
2062 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2063 * !defined(OPENSSL_NO_POLY1305) */
2065 #ifndef OPENSSL_NO_CAMELLIA
2068 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2069 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2074 TLS1_2_VERSION
, TLS1_2_VERSION
,
2075 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2076 SSL_NOT_DEFAULT
| SSL_HIGH
,
2077 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2083 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2084 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2089 TLS1_2_VERSION
, TLS1_2_VERSION
,
2090 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2091 SSL_NOT_DEFAULT
| SSL_HIGH
,
2092 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2098 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2099 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2104 TLS1_2_VERSION
, TLS1_2_VERSION
,
2105 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2106 SSL_NOT_DEFAULT
| SSL_HIGH
,
2107 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2113 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2114 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2119 TLS1_2_VERSION
, TLS1_2_VERSION
,
2120 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2121 SSL_NOT_DEFAULT
| SSL_HIGH
,
2122 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2128 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2129 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2134 TLS1_2_VERSION
, TLS1_2_VERSION
,
2135 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2136 SSL_NOT_DEFAULT
| SSL_HIGH
,
2137 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2143 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2144 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2149 TLS1_2_VERSION
, TLS1_2_VERSION
,
2150 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2151 SSL_NOT_DEFAULT
| SSL_HIGH
,
2152 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2158 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2159 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2164 TLS1_2_VERSION
, TLS1_2_VERSION
,
2165 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2166 SSL_NOT_DEFAULT
| SSL_HIGH
,
2167 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2173 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2174 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2179 TLS1_2_VERSION
, TLS1_2_VERSION
,
2180 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2181 SSL_NOT_DEFAULT
| SSL_HIGH
,
2182 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2188 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2189 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2194 SSL3_VERSION
, TLS1_2_VERSION
,
2195 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2196 SSL_NOT_DEFAULT
| SSL_HIGH
,
2197 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2203 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2204 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2209 SSL3_VERSION
, TLS1_2_VERSION
,
2210 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2211 SSL_NOT_DEFAULT
| SSL_HIGH
,
2212 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2218 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2219 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2224 SSL3_VERSION
, TLS1_2_VERSION
,
2225 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2226 SSL_NOT_DEFAULT
| SSL_HIGH
,
2227 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2233 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2234 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2239 SSL3_VERSION
, TLS1_2_VERSION
,
2240 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2241 SSL_NOT_DEFAULT
| SSL_HIGH
,
2242 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2248 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2249 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2254 SSL3_VERSION
, TLS1_2_VERSION
,
2255 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2256 SSL_NOT_DEFAULT
| SSL_HIGH
,
2257 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2263 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2264 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2269 SSL3_VERSION
, TLS1_2_VERSION
,
2270 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2271 SSL_NOT_DEFAULT
| SSL_HIGH
,
2272 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2278 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2279 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2284 SSL3_VERSION
, TLS1_2_VERSION
,
2285 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2286 SSL_NOT_DEFAULT
| SSL_HIGH
,
2287 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2293 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2294 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2299 SSL3_VERSION
, TLS1_2_VERSION
,
2300 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2301 SSL_NOT_DEFAULT
| SSL_HIGH
,
2302 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2307 # ifndef OPENSSL_NO_EC
2310 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2311 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2316 TLS1_2_VERSION
, TLS1_2_VERSION
,
2317 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2318 SSL_NOT_DEFAULT
| SSL_HIGH
,
2319 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2325 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2326 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2331 TLS1_2_VERSION
, TLS1_2_VERSION
,
2332 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2333 SSL_NOT_DEFAULT
| SSL_HIGH
,
2334 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2340 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2341 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2346 TLS1_2_VERSION
, TLS1_2_VERSION
,
2347 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2348 SSL_NOT_DEFAULT
| SSL_HIGH
,
2349 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2355 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2356 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2361 TLS1_2_VERSION
, TLS1_2_VERSION
,
2362 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2363 SSL_NOT_DEFAULT
| SSL_HIGH
,
2364 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2368 # endif /* OPENSSL_NO_EC */
2370 # ifndef OPENSSL_NO_PSK
2373 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2374 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2379 TLS1_VERSION
, TLS1_2_VERSION
,
2380 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2381 SSL_NOT_DEFAULT
| SSL_HIGH
,
2382 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2388 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2389 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2394 TLS1_VERSION
, TLS1_2_VERSION
,
2395 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2396 SSL_NOT_DEFAULT
| SSL_HIGH
,
2397 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2403 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2404 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2409 TLS1_VERSION
, TLS1_2_VERSION
,
2410 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2411 SSL_NOT_DEFAULT
| SSL_HIGH
,
2412 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2418 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2419 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2424 TLS1_VERSION
, TLS1_2_VERSION
,
2425 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2426 SSL_NOT_DEFAULT
| SSL_HIGH
,
2427 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2433 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2434 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2439 TLS1_VERSION
, TLS1_2_VERSION
,
2440 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2441 SSL_NOT_DEFAULT
| SSL_HIGH
,
2442 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2448 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2449 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2454 TLS1_VERSION
, TLS1_2_VERSION
,
2455 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2456 SSL_NOT_DEFAULT
| SSL_HIGH
,
2457 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2463 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2464 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2469 TLS1_VERSION
, TLS1_2_VERSION
,
2470 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2471 SSL_NOT_DEFAULT
| SSL_HIGH
,
2472 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2478 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2479 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2484 TLS1_VERSION
, TLS1_2_VERSION
,
2485 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2486 SSL_NOT_DEFAULT
| SSL_HIGH
,
2487 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2491 # endif /* OPENSSL_NO_PSK */
2493 #endif /* OPENSSL_NO_CAMELLIA */
2495 #ifndef OPENSSL_NO_GOST
2498 "GOST2001-GOST89-GOST89",
2502 SSL_eGOST2814789CNT
,
2504 TLS1_VERSION
, TLS1_2_VERSION
,
2507 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
| TLS1_STREAM_MAC
,
2513 "GOST2001-NULL-GOST94",
2519 TLS1_VERSION
, TLS1_2_VERSION
,
2522 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
,
2528 "GOST2012-GOST8912-GOST8912",
2531 SSL_aGOST12
| SSL_aGOST01
,
2532 SSL_eGOST2814789CNT12
,
2534 TLS1_VERSION
, TLS1_2_VERSION
,
2537 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2543 "GOST2012-NULL-GOST12",
2546 SSL_aGOST12
| SSL_aGOST01
,
2549 TLS1_VERSION
, TLS1_2_VERSION
,
2552 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2556 #endif /* OPENSSL_NO_GOST */
2558 #ifndef OPENSSL_NO_IDEA
2561 SSL3_TXT_RSA_IDEA_128_SHA
,
2562 SSL3_CK_RSA_IDEA_128_SHA
,
2567 SSL3_VERSION
, TLS1_1_VERSION
,
2568 DTLS1_BAD_VER
, DTLS1_VERSION
,
2569 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2570 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2576 #ifndef OPENSSL_NO_SEED
2579 TLS1_TXT_RSA_WITH_SEED_SHA
,
2580 TLS1_CK_RSA_WITH_SEED_SHA
,
2585 SSL3_VERSION
, TLS1_2_VERSION
,
2586 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2587 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2588 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2594 TLS1_TXT_DHE_DSS_WITH_SEED_SHA
,
2595 TLS1_CK_DHE_DSS_WITH_SEED_SHA
,
2600 SSL3_VERSION
, TLS1_2_VERSION
,
2601 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2602 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2603 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2609 TLS1_TXT_DHE_RSA_WITH_SEED_SHA
,
2610 TLS1_CK_DHE_RSA_WITH_SEED_SHA
,
2615 SSL3_VERSION
, TLS1_2_VERSION
,
2616 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2617 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2618 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2624 TLS1_TXT_ADH_WITH_SEED_SHA
,
2625 TLS1_CK_ADH_WITH_SEED_SHA
,
2630 SSL3_VERSION
, TLS1_2_VERSION
,
2631 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2632 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2633 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2637 #endif /* OPENSSL_NO_SEED */
2639 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2642 SSL3_TXT_RSA_RC4_128_MD5
,
2643 SSL3_CK_RSA_RC4_128_MD5
,
2648 SSL3_VERSION
, TLS1_2_VERSION
,
2650 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2651 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2657 SSL3_TXT_RSA_RC4_128_SHA
,
2658 SSL3_CK_RSA_RC4_128_SHA
,
2663 SSL3_VERSION
, TLS1_2_VERSION
,
2665 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2666 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2672 SSL3_TXT_ADH_RC4_128_MD5
,
2673 SSL3_CK_ADH_RC4_128_MD5
,
2678 SSL3_VERSION
, TLS1_2_VERSION
,
2680 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2681 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2686 # ifndef OPENSSL_NO_EC
2689 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA
,
2690 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA
,
2695 SSL3_VERSION
, TLS1_2_VERSION
,
2697 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2698 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2704 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
2705 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
2710 SSL3_VERSION
, TLS1_2_VERSION
,
2712 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2713 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2719 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2720 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2725 SSL3_VERSION
, TLS1_2_VERSION
,
2727 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2728 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2734 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
2735 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
2740 SSL3_VERSION
, TLS1_2_VERSION
,
2742 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2743 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2747 # endif /* OPENSSL_NO_EC */
2749 # ifndef OPENSSL_NO_PSK
2752 TLS1_TXT_PSK_WITH_RC4_128_SHA
,
2753 TLS1_CK_PSK_WITH_RC4_128_SHA
,
2758 SSL3_VERSION
, TLS1_2_VERSION
,
2760 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2761 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2767 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA
,
2768 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA
,
2773 SSL3_VERSION
, TLS1_2_VERSION
,
2775 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2776 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2782 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA
,
2783 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA
,
2788 SSL3_VERSION
, TLS1_2_VERSION
,
2790 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2791 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2795 # endif /* OPENSSL_NO_PSK */
2797 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2802 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2803 * values stuffed into the ciphers field of the wire protocol for signalling
2806 static SSL_CIPHER ssl3_scsvs
[] = {
2809 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2811 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2815 "TLS_FALLBACK_SCSV",
2816 SSL3_CK_FALLBACK_SCSV
,
2817 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2821 static int cipher_compare(const void *a
, const void *b
)
2823 const SSL_CIPHER
*ap
= (const SSL_CIPHER
*)a
;
2824 const SSL_CIPHER
*bp
= (const SSL_CIPHER
*)b
;
2826 return ap
->id
- bp
->id
;
2829 void ssl_sort_cipher_list(void)
2831 qsort(ssl3_ciphers
, SSL3_NUM_CIPHERS
, sizeof ssl3_ciphers
[0],
2833 qsort(ssl3_scsvs
, SSL3_NUM_SCSVS
, sizeof ssl3_scsvs
[0], cipher_compare
);
2836 const SSL3_ENC_METHOD SSLv3_enc_data
= {
2839 ssl3_setup_key_block
,
2840 ssl3_generate_master_secret
,
2841 ssl3_change_cipher_state
,
2842 ssl3_final_finish_mac
,
2843 SSL3_MD_CLIENT_FINISHED_CONST
, 4,
2844 SSL3_MD_SERVER_FINISHED_CONST
, 4,
2846 (int (*)(SSL
*, unsigned char *, size_t, const char *,
2847 size_t, const unsigned char *, size_t,
2848 int use_context
))ssl_undefined_function
,
2850 ssl3_set_handshake_header
,
2851 tls_close_construct_packet
,
2852 ssl3_handshake_write
2855 long ssl3_default_timeout(void)
2858 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2859 * http, the cache would over fill
2861 return (60 * 60 * 2);
2864 int ssl3_num_ciphers(void)
2866 return (SSL3_NUM_CIPHERS
);
2869 const SSL_CIPHER
*ssl3_get_cipher(unsigned int u
)
2871 if (u
< SSL3_NUM_CIPHERS
)
2872 return (&(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]));
2877 int ssl3_set_handshake_header(SSL
*s
, WPACKET
*pkt
, int htype
)
2879 /* No header in the event of a CCS */
2880 if (htype
== SSL3_MT_CHANGE_CIPHER_SPEC
)
2883 /* Set the content type and 3 bytes for the message len */
2884 if (!WPACKET_put_bytes_u8(pkt
, htype
)
2885 || !WPACKET_start_sub_packet_u24(pkt
))
2891 int ssl3_handshake_write(SSL
*s
)
2893 return ssl3_do_write(s
, SSL3_RT_HANDSHAKE
);
2896 int ssl3_new(SSL
*s
)
2900 if ((s3
= OPENSSL_zalloc(sizeof(*s3
))) == NULL
)
2904 #ifndef OPENSSL_NO_SRP
2905 if (!SSL_SRP_CTX_init(s
))
2908 s
->method
->ssl_clear(s
);
2914 void ssl3_free(SSL
*s
)
2916 if (s
== NULL
|| s
->s3
== NULL
)
2919 ssl3_cleanup_key_block(s
);
2921 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2922 EVP_PKEY_free(s
->s3
->peer_tmp
);
2923 s
->s3
->peer_tmp
= NULL
;
2924 EVP_PKEY_free(s
->s3
->tmp
.pkey
);
2925 s
->s3
->tmp
.pkey
= NULL
;
2928 OPENSSL_free(s
->s3
->tmp
.ctype
);
2929 sk_X509_NAME_pop_free(s
->s3
->tmp
.ca_names
, X509_NAME_free
);
2930 OPENSSL_free(s
->s3
->tmp
.ciphers_raw
);
2931 OPENSSL_clear_free(s
->s3
->tmp
.pms
, s
->s3
->tmp
.pmslen
);
2932 OPENSSL_free(s
->s3
->tmp
.peer_sigalgs
);
2933 ssl3_free_digest_list(s
);
2934 OPENSSL_free(s
->s3
->alpn_selected
);
2935 OPENSSL_free(s
->s3
->alpn_proposed
);
2937 #ifndef OPENSSL_NO_SRP
2938 SSL_SRP_CTX_free(s
);
2940 OPENSSL_clear_free(s
->s3
, sizeof(*s
->s3
));
2944 void ssl3_clear(SSL
*s
)
2946 ssl3_cleanup_key_block(s
);
2947 OPENSSL_free(s
->s3
->tmp
.ctype
);
2948 sk_X509_NAME_pop_free(s
->s3
->tmp
.ca_names
, X509_NAME_free
);
2949 OPENSSL_free(s
->s3
->tmp
.ciphers_raw
);
2950 OPENSSL_clear_free(s
->s3
->tmp
.pms
, s
->s3
->tmp
.pmslen
);
2951 OPENSSL_free(s
->s3
->tmp
.peer_sigalgs
);
2953 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2954 EVP_PKEY_free(s
->s3
->tmp
.pkey
);
2955 EVP_PKEY_free(s
->s3
->peer_tmp
);
2956 #endif /* !OPENSSL_NO_EC */
2958 ssl3_free_digest_list(s
);
2960 OPENSSL_free(s
->s3
->alpn_selected
);
2961 OPENSSL_free(s
->s3
->alpn_proposed
);
2963 /* NULL/zero-out everything in the s3 struct */
2964 memset(s
->s3
, 0, sizeof(*s
->s3
));
2966 ssl_free_wbio_buffer(s
);
2968 s
->version
= SSL3_VERSION
;
2970 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2971 OPENSSL_free(s
->ext
.npn
);
2977 #ifndef OPENSSL_NO_SRP
2978 static char *srp_password_from_info_cb(SSL
*s
, void *arg
)
2980 return OPENSSL_strdup(s
->srp_ctx
.info
);
2984 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
);
2986 long ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
2991 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
2993 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
2994 ret
= s
->s3
->num_renegotiations
;
2996 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
2997 ret
= s
->s3
->num_renegotiations
;
2998 s
->s3
->num_renegotiations
= 0;
3000 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
3001 ret
= s
->s3
->total_renegotiations
;
3003 case SSL_CTRL_GET_FLAGS
:
3004 ret
= (int)(s
->s3
->flags
);
3006 #ifndef OPENSSL_NO_DH
3007 case SSL_CTRL_SET_TMP_DH
:
3009 DH
*dh
= (DH
*)parg
;
3010 EVP_PKEY
*pkdh
= NULL
;
3012 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3015 pkdh
= ssl_dh_to_pkey(dh
);
3017 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_MALLOC_FAILURE
);
3020 if (!ssl_security(s
, SSL_SECOP_TMP_DH
,
3021 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3022 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3023 EVP_PKEY_free(pkdh
);
3026 EVP_PKEY_free(s
->cert
->dh_tmp
);
3027 s
->cert
->dh_tmp
= pkdh
;
3031 case SSL_CTRL_SET_TMP_DH_CB
:
3033 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3036 case SSL_CTRL_SET_DH_AUTO
:
3037 s
->cert
->dh_tmp_auto
= larg
;
3040 #ifndef OPENSSL_NO_EC
3041 case SSL_CTRL_SET_TMP_ECDH
:
3043 const EC_GROUP
*group
= NULL
;
3047 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3050 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3051 if (group
== NULL
) {
3052 SSLerr(SSL_F_SSL3_CTRL
, EC_R_MISSING_PARAMETERS
);
3055 nid
= EC_GROUP_get_curve_name(group
);
3056 if (nid
== NID_undef
)
3058 return tls1_set_groups(&s
->ext
.supportedgroups
,
3059 &s
->ext
.supportedgroups_len
,
3063 #endif /* !OPENSSL_NO_EC */
3064 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
3065 if (larg
== TLSEXT_NAMETYPE_host_name
) {
3068 OPENSSL_free(s
->ext
.hostname
);
3069 s
->ext
.hostname
= NULL
;
3074 len
= strlen((char *)parg
);
3075 if (len
== 0 || len
> TLSEXT_MAXLEN_host_name
) {
3076 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
3079 if ((s
->ext
.hostname
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3080 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_INTERNAL_ERROR
);
3084 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
3088 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
3089 s
->ext
.debug_arg
= parg
;
3093 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3094 ret
= s
->ext
.status_type
;
3097 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3098 s
->ext
.status_type
= larg
;
3102 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
3103 *(STACK_OF(X509_EXTENSION
) **)parg
= s
->ext
.ocsp
.exts
;
3107 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
3108 s
->ext
.ocsp
.exts
= parg
;
3112 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
3113 *(STACK_OF(OCSP_RESPID
) **)parg
= s
->ext
.ocsp
.ids
;
3117 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
3118 s
->ext
.ocsp
.ids
= parg
;
3122 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3123 *(unsigned char **)parg
= s
->ext
.ocsp
.resp
;
3124 if (s
->ext
.ocsp
.resp_len
== 0
3125 || s
->ext
.ocsp
.resp_len
> LONG_MAX
)
3127 return (long)s
->ext
.ocsp
.resp_len
;
3129 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3130 OPENSSL_free(s
->ext
.ocsp
.resp
);
3131 s
->ext
.ocsp
.resp
= parg
;
3132 s
->ext
.ocsp
.resp_len
= larg
;
3136 #ifndef OPENSSL_NO_HEARTBEATS
3137 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
:
3138 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
:
3139 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
:
3143 case SSL_CTRL_CHAIN
:
3145 return ssl_cert_set1_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3147 return ssl_cert_set0_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3149 case SSL_CTRL_CHAIN_CERT
:
3151 return ssl_cert_add1_chain_cert(s
, NULL
, (X509
*)parg
);
3153 return ssl_cert_add0_chain_cert(s
, NULL
, (X509
*)parg
);
3155 case SSL_CTRL_GET_CHAIN_CERTS
:
3156 *(STACK_OF(X509
) **)parg
= s
->cert
->key
->chain
;
3159 case SSL_CTRL_SELECT_CURRENT_CERT
:
3160 return ssl_cert_select_current(s
->cert
, (X509
*)parg
);
3162 case SSL_CTRL_SET_CURRENT_CERT
:
3163 if (larg
== SSL_CERT_SET_SERVER
) {
3164 const SSL_CIPHER
*cipher
;
3167 cipher
= s
->s3
->tmp
.new_cipher
;
3171 * No certificate for unauthenticated ciphersuites or using SRP
3174 if (cipher
->algorithm_auth
& (SSL_aNULL
| SSL_aSRP
))
3176 if (s
->s3
->tmp
.cert
== NULL
)
3178 s
->cert
->key
= s
->s3
->tmp
.cert
;
3181 return ssl_cert_set_current(s
->cert
, larg
);
3183 #ifndef OPENSSL_NO_EC
3184 case SSL_CTRL_GET_GROUPS
:
3186 unsigned char *clist
;
3191 clist
= s
->session
->ext
.supportedgroups
;
3192 clistlen
= s
->session
->ext
.supportedgroups_len
/ 2;
3196 unsigned int cid
, nid
;
3197 for (i
= 0; i
< clistlen
; i
++) {
3199 /* TODO(TLS1.3): Handle DH groups here */
3200 nid
= tls1_ec_curve_id2nid(cid
, NULL
);
3204 cptr
[i
] = TLSEXT_nid_unknown
| cid
;
3207 return (int)clistlen
;
3210 case SSL_CTRL_SET_GROUPS
:
3211 return tls1_set_groups(&s
->ext
.supportedgroups
,
3212 &s
->ext
.supportedgroups_len
, parg
, larg
);
3214 case SSL_CTRL_SET_GROUPS_LIST
:
3215 return tls1_set_groups_list(&s
->ext
.supportedgroups
,
3216 &s
->ext
.supportedgroups_len
, parg
);
3218 case SSL_CTRL_GET_SHARED_GROUP
:
3219 return tls1_shared_group(s
, larg
);
3222 case SSL_CTRL_SET_SIGALGS
:
3223 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 0);
3225 case SSL_CTRL_SET_SIGALGS_LIST
:
3226 return tls1_set_sigalgs_list(s
->cert
, parg
, 0);
3228 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3229 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 1);
3231 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3232 return tls1_set_sigalgs_list(s
->cert
, parg
, 1);
3234 case SSL_CTRL_GET_CLIENT_CERT_TYPES
:
3236 const unsigned char **pctype
= parg
;
3237 if (s
->server
|| !s
->s3
->tmp
.cert_req
)
3240 *pctype
= s
->s3
->tmp
.ctype
;
3241 return s
->s3
->tmp
.ctype_len
;
3244 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3247 return ssl3_set_req_cert_type(s
->cert
, parg
, larg
);
3249 case SSL_CTRL_BUILD_CERT_CHAIN
:
3250 return ssl_build_cert_chain(s
, NULL
, larg
);
3252 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3253 return ssl_cert_set_cert_store(s
->cert
, parg
, 0, larg
);
3255 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3256 return ssl_cert_set_cert_store(s
->cert
, parg
, 1, larg
);
3258 case SSL_CTRL_GET_PEER_SIGNATURE_NID
:
3259 if (s
->s3
->tmp
.peer_sigalg
== NULL
)
3261 *(int *)parg
= s
->s3
->tmp
.peer_sigalg
->hash
;
3264 case SSL_CTRL_GET_SERVER_TMP_KEY
:
3265 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3266 if (s
->server
|| s
->session
== NULL
|| s
->s3
->peer_tmp
== NULL
) {
3269 EVP_PKEY_up_ref(s
->s3
->peer_tmp
);
3270 *(EVP_PKEY
**)parg
= s
->s3
->peer_tmp
;
3276 #ifndef OPENSSL_NO_EC
3277 case SSL_CTRL_GET_EC_POINT_FORMATS
:
3279 SSL_SESSION
*sess
= s
->session
;
3280 const unsigned char **pformat
= parg
;
3282 if (sess
== NULL
|| sess
->ext
.ecpointformats
== NULL
)
3284 *pformat
= sess
->ext
.ecpointformats
;
3285 return (int)sess
->ext
.ecpointformats_len
;
3295 long ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3300 #ifndef OPENSSL_NO_DH
3301 case SSL_CTRL_SET_TMP_DH_CB
:
3303 s
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3307 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
3308 s
->ext
.debug_cb
= (void (*)(SSL
*, int, int,
3309 const unsigned char *, int, void *))fp
;
3312 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3314 s
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3323 long ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3326 #ifndef OPENSSL_NO_DH
3327 case SSL_CTRL_SET_TMP_DH
:
3329 DH
*dh
= (DH
*)parg
;
3330 EVP_PKEY
*pkdh
= NULL
;
3332 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3335 pkdh
= ssl_dh_to_pkey(dh
);
3337 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3340 if (!ssl_ctx_security(ctx
, SSL_SECOP_TMP_DH
,
3341 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3342 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3343 EVP_PKEY_free(pkdh
);
3346 EVP_PKEY_free(ctx
->cert
->dh_tmp
);
3347 ctx
->cert
->dh_tmp
= pkdh
;
3350 case SSL_CTRL_SET_TMP_DH_CB
:
3352 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3355 case SSL_CTRL_SET_DH_AUTO
:
3356 ctx
->cert
->dh_tmp_auto
= larg
;
3359 #ifndef OPENSSL_NO_EC
3360 case SSL_CTRL_SET_TMP_ECDH
:
3362 const EC_GROUP
*group
= NULL
;
3366 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3369 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3370 if (group
== NULL
) {
3371 SSLerr(SSL_F_SSL3_CTX_CTRL
, EC_R_MISSING_PARAMETERS
);
3374 nid
= EC_GROUP_get_curve_name(group
);
3375 if (nid
== NID_undef
)
3377 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3378 &ctx
->ext
.supportedgroups_len
,
3381 #endif /* !OPENSSL_NO_EC */
3382 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
3383 ctx
->ext
.servername_arg
= parg
;
3385 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
3386 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
3388 unsigned char *keys
= parg
;
3389 long tick_keylen
= (sizeof(ctx
->ext
.tick_key_name
) +
3390 sizeof(ctx
->ext
.tick_hmac_key
) +
3391 sizeof(ctx
->ext
.tick_aes_key
));
3394 if (larg
!= tick_keylen
) {
3395 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_TICKET_KEYS_LENGTH
);
3398 if (cmd
== SSL_CTRL_SET_TLSEXT_TICKET_KEYS
) {
3399 memcpy(ctx
->ext
.tick_key_name
, keys
,
3400 sizeof(ctx
->ext
.tick_key_name
));
3401 memcpy(ctx
->ext
.tick_hmac_key
,
3402 keys
+ sizeof(ctx
->ext
.tick_key_name
),
3403 sizeof(ctx
->ext
.tick_hmac_key
));
3404 memcpy(ctx
->ext
.tick_aes_key
,
3405 keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3406 sizeof(ctx
->ext
.tick_hmac_key
),
3407 sizeof(ctx
->ext
.tick_aes_key
));
3409 memcpy(keys
, ctx
->ext
.tick_key_name
,
3410 sizeof(ctx
->ext
.tick_key_name
));
3411 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
),
3412 ctx
->ext
.tick_hmac_key
,
3413 sizeof(ctx
->ext
.tick_hmac_key
));
3414 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3415 sizeof(ctx
->ext
.tick_hmac_key
),
3416 ctx
->ext
.tick_aes_key
,
3417 sizeof(ctx
->ext
.tick_aes_key
));
3422 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3423 return ctx
->ext
.status_type
;
3425 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3426 ctx
->ext
.status_type
= larg
;
3429 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
3430 ctx
->ext
.status_arg
= parg
;
3433 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
3434 *(void**)parg
= ctx
->ext
.status_arg
;
3437 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
3438 *(int (**)(SSL
*, void*))parg
= ctx
->ext
.status_cb
;
3441 #ifndef OPENSSL_NO_SRP
3442 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME
:
3443 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3444 OPENSSL_free(ctx
->srp_ctx
.login
);
3445 ctx
->srp_ctx
.login
= NULL
;
3448 if (strlen((const char *)parg
) > 255 || strlen((const char *)parg
) < 1) {
3449 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_SRP_USERNAME
);
3452 if ((ctx
->srp_ctx
.login
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3453 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_INTERNAL_ERROR
);
3457 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD
:
3458 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3459 srp_password_from_info_cb
;
3460 ctx
->srp_ctx
.info
= parg
;
3462 case SSL_CTRL_SET_SRP_ARG
:
3463 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3464 ctx
->srp_ctx
.SRP_cb_arg
= parg
;
3467 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH
:
3468 ctx
->srp_ctx
.strength
= larg
;
3472 #ifndef OPENSSL_NO_EC
3473 case SSL_CTRL_SET_GROUPS
:
3474 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3475 &ctx
->ext
.supportedgroups_len
,
3478 case SSL_CTRL_SET_GROUPS_LIST
:
3479 return tls1_set_groups_list(&ctx
->ext
.supportedgroups
,
3480 &ctx
->ext
.supportedgroups_len
,
3483 case SSL_CTRL_SET_SIGALGS
:
3484 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 0);
3486 case SSL_CTRL_SET_SIGALGS_LIST
:
3487 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 0);
3489 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3490 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 1);
3492 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3493 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 1);
3495 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3496 return ssl3_set_req_cert_type(ctx
->cert
, parg
, larg
);
3498 case SSL_CTRL_BUILD_CERT_CHAIN
:
3499 return ssl_build_cert_chain(NULL
, ctx
, larg
);
3501 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3502 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 0, larg
);
3504 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3505 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 1, larg
);
3507 /* A Thawte special :-) */
3508 case SSL_CTRL_EXTRA_CHAIN_CERT
:
3509 if (ctx
->extra_certs
== NULL
) {
3510 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
) {
3511 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3515 if (!sk_X509_push(ctx
->extra_certs
, (X509
*)parg
)) {
3516 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3521 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
3522 if (ctx
->extra_certs
== NULL
&& larg
== 0)
3523 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
3525 *(STACK_OF(X509
) **)parg
= ctx
->extra_certs
;
3528 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
3529 sk_X509_pop_free(ctx
->extra_certs
, X509_free
);
3530 ctx
->extra_certs
= NULL
;
3533 case SSL_CTRL_CHAIN
:
3535 return ssl_cert_set1_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
3537 return ssl_cert_set0_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
3539 case SSL_CTRL_CHAIN_CERT
:
3541 return ssl_cert_add1_chain_cert(NULL
, ctx
, (X509
*)parg
);
3543 return ssl_cert_add0_chain_cert(NULL
, ctx
, (X509
*)parg
);
3545 case SSL_CTRL_GET_CHAIN_CERTS
:
3546 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
3549 case SSL_CTRL_SELECT_CURRENT_CERT
:
3550 return ssl_cert_select_current(ctx
->cert
, (X509
*)parg
);
3552 case SSL_CTRL_SET_CURRENT_CERT
:
3553 return ssl_cert_set_current(ctx
->cert
, larg
);
3561 long ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
3564 #ifndef OPENSSL_NO_DH
3565 case SSL_CTRL_SET_TMP_DH_CB
:
3567 ctx
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3571 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
3572 ctx
->ext
.servername_cb
= (int (*)(SSL
*, int *, void *))fp
;
3575 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
3576 ctx
->ext
.status_cb
= (int (*)(SSL
*, void *))fp
;
3579 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
3580 ctx
->ext
.ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
3583 HMAC_CTX
*, int))fp
;
3586 #ifndef OPENSSL_NO_SRP
3587 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB
:
3588 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3589 ctx
->srp_ctx
.SRP_verify_param_callback
= (int (*)(SSL
*, void *))fp
;
3591 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
:
3592 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3593 ctx
->srp_ctx
.TLS_ext_srp_username_callback
=
3594 (int (*)(SSL
*, int *, void *))fp
;
3596 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB
:
3597 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3598 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3599 (char *(*)(SSL
*, void *))fp
;
3602 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3604 ctx
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3613 const SSL_CIPHER
*ssl3_get_cipher_by_id(uint32_t id
)
3616 const SSL_CIPHER
*cp
;
3619 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
3622 return OBJ_bsearch_ssl_cipher_id(&c
, ssl3_scsvs
, SSL3_NUM_SCSVS
);
3626 * This function needs to check if the ciphers required are actually
3629 const SSL_CIPHER
*ssl3_get_cipher_by_char(const unsigned char *p
)
3631 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3632 | ((uint32_t)p
[0] << 8L)
3636 int ssl3_put_cipher_by_char(const SSL_CIPHER
*c
, WPACKET
*pkt
, size_t *len
)
3638 if ((c
->id
& 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG
) {
3643 if (!WPACKET_put_bytes_u16(pkt
, c
->id
& 0xffff))
3651 * ssl3_choose_cipher - choose a cipher from those offered by the client
3652 * @s: SSL connection
3653 * @clnt: ciphers offered by the client
3654 * @srvr: ciphers enabled on the server?
3656 * Returns the selected cipher or NULL when no common ciphers.
3658 const SSL_CIPHER
*ssl3_choose_cipher(SSL
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
3659 STACK_OF(SSL_CIPHER
) *srvr
)
3661 const SSL_CIPHER
*c
, *ret
= NULL
;
3662 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
3664 unsigned long alg_k
= 0, alg_a
= 0, mask_k
, mask_a
;
3666 /* Let's see which ciphers we can support */
3669 * Do not set the compare functions, because this may lead to a
3670 * reordering by "id". We want to keep the original ordering. We may pay
3671 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3672 * pay with the price of sk_SSL_CIPHER_dup().
3676 fprintf(stderr
, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr
),
3678 for (i
= 0; i
< sk_SSL_CIPHER_num(srvr
); ++i
) {
3679 c
= sk_SSL_CIPHER_value(srvr
, i
);
3680 fprintf(stderr
, "%p:%s\n", (void *)c
, c
->name
);
3682 fprintf(stderr
, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt
),
3684 for (i
= 0; i
< sk_SSL_CIPHER_num(clnt
); ++i
) {
3685 c
= sk_SSL_CIPHER_value(clnt
, i
);
3686 fprintf(stderr
, "%p:%s\n", (void *)c
, c
->name
);
3690 if (s
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
|| tls1_suiteb(s
)) {
3698 tls1_set_cert_validity(s
);
3701 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
3702 c
= sk_SSL_CIPHER_value(prio
, i
);
3704 /* Skip ciphers not supported by the protocol version */
3705 if (!SSL_IS_DTLS(s
) &&
3706 ((s
->version
< c
->min_tls
) || (s
->version
> c
->max_tls
)))
3708 if (SSL_IS_DTLS(s
) &&
3709 (DTLS_VERSION_LT(s
->version
, c
->min_dtls
) ||
3710 DTLS_VERSION_GT(s
->version
, c
->max_dtls
)))
3713 * Since TLS 1.3 ciphersuites can be used with any auth or
3714 * key exchange scheme skip tests.
3716 if (!SSL_IS_TLS13(s
)) {
3717 mask_k
= s
->s3
->tmp
.mask_k
;
3718 mask_a
= s
->s3
->tmp
.mask_a
;
3719 #ifndef OPENSSL_NO_SRP
3720 if (s
->srp_ctx
.srp_Mask
& SSL_kSRP
) {
3726 alg_k
= c
->algorithm_mkey
;
3727 alg_a
= c
->algorithm_auth
;
3729 #ifndef OPENSSL_NO_PSK
3730 /* with PSK there must be server callback set */
3731 if ((alg_k
& SSL_PSK
) && s
->psk_server_callback
== NULL
)
3733 #endif /* OPENSSL_NO_PSK */
3735 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
3737 fprintf(stderr
, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok
, alg_k
,
3738 alg_a
, mask_k
, mask_a
, (void *)c
, c
->name
);
3741 #ifndef OPENSSL_NO_EC
3743 * if we are considering an ECC cipher suite that uses an ephemeral
3746 if (alg_k
& SSL_kECDHE
)
3747 ok
= ok
&& tls1_check_ec_tmp_key(s
, c
->id
);
3748 #endif /* OPENSSL_NO_EC */
3753 ii
= sk_SSL_CIPHER_find(allow
, c
);
3755 /* Check security callback permits this cipher */
3756 if (!ssl_security(s
, SSL_SECOP_CIPHER_SHARED
,
3757 c
->strength_bits
, 0, (void *)c
))
3759 #if !defined(OPENSSL_NO_EC)
3760 if ((alg_k
& SSL_kECDHE
) && (alg_a
& SSL_aECDSA
)
3761 && s
->s3
->is_probably_safari
) {
3763 ret
= sk_SSL_CIPHER_value(allow
, ii
);
3767 ret
= sk_SSL_CIPHER_value(allow
, ii
);
3774 int ssl3_get_req_cert_type(SSL
*s
, WPACKET
*pkt
)
3776 uint32_t alg_k
, alg_a
= 0;
3778 /* If we have custom certificate types set, use them */
3780 return WPACKET_memcpy(pkt
, s
->cert
->ctype
, s
->cert
->ctype_len
);
3781 /* Get mask of algorithms disabled by signature list */
3782 ssl_set_sig_mask(&alg_a
, s
, SSL_SECOP_SIGALG_MASK
);
3784 alg_k
= s
->s3
->tmp
.new_cipher
->algorithm_mkey
;
3786 #ifndef OPENSSL_NO_GOST
3787 if (s
->version
>= TLS1_VERSION
&& (alg_k
& SSL_kGOST
))
3788 return WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST01_SIGN
)
3789 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_SIGN
)
3790 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_512_SIGN
);
3793 if ((s
->version
== SSL3_VERSION
) && (alg_k
& SSL_kDHE
)) {
3794 #ifndef OPENSSL_NO_DH
3795 # ifndef OPENSSL_NO_RSA
3796 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_EPHEMERAL_DH
))
3799 # ifndef OPENSSL_NO_DSA
3800 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_EPHEMERAL_DH
))
3803 #endif /* !OPENSSL_NO_DH */
3805 #ifndef OPENSSL_NO_RSA
3806 if (!(alg_a
& SSL_aRSA
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_SIGN
))
3809 #ifndef OPENSSL_NO_DSA
3810 if (!(alg_a
& SSL_aDSS
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_SIGN
))
3813 #ifndef OPENSSL_NO_EC
3815 * ECDSA certs can be used with RSA cipher suites too so we don't
3816 * need to check for SSL_kECDH or SSL_kECDHE
3818 if (s
->version
>= TLS1_VERSION
3819 && !(alg_a
& SSL_aECDSA
)
3820 && !WPACKET_put_bytes_u8(pkt
, TLS_CT_ECDSA_SIGN
))
3826 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
)
3828 OPENSSL_free(c
->ctype
);
3831 if (p
== NULL
|| len
== 0)
3835 c
->ctype
= OPENSSL_memdup(p
, len
);
3836 if (c
->ctype
== NULL
)
3842 int ssl3_shutdown(SSL
*s
)
3847 * Don't do anything much if we have not done the handshake or we don't
3848 * want to send messages :-)
3850 if (s
->quiet_shutdown
|| SSL_in_before(s
)) {
3851 s
->shutdown
= (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
3855 if (!(s
->shutdown
& SSL_SENT_SHUTDOWN
)) {
3856 s
->shutdown
|= SSL_SENT_SHUTDOWN
;
3857 ssl3_send_alert(s
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
3859 * our shutdown alert has been sent now, and if it still needs to be
3860 * written, s->s3->alert_dispatch will be true
3862 if (s
->s3
->alert_dispatch
)
3863 return (-1); /* return WANT_WRITE */
3864 } else if (s
->s3
->alert_dispatch
) {
3865 /* resend it if not sent */
3866 ret
= s
->method
->ssl_dispatch_alert(s
);
3869 * we only get to return -1 here the 2nd/Nth invocation, we must
3870 * have already signalled return 0 upon a previous invocation,
3875 } else if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
3878 * If we are waiting for a close from our peer, we are closed
3880 s
->method
->ssl_read_bytes(s
, 0, NULL
, NULL
, 0, 0, &readbytes
);
3881 if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
3882 return -1; /* return WANT_READ */
3886 if ((s
->shutdown
== (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
)) &&
3887 !s
->s3
->alert_dispatch
)
3893 int ssl3_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
3896 if (s
->s3
->renegotiate
)
3897 ssl3_renegotiate_check(s
, 0);
3899 return s
->method
->ssl_write_bytes(s
, SSL3_RT_APPLICATION_DATA
, buf
, len
,
3903 static int ssl3_read_internal(SSL
*s
, void *buf
, size_t len
, int peek
,
3909 if (s
->s3
->renegotiate
)
3910 ssl3_renegotiate_check(s
, 0);
3911 s
->s3
->in_read_app_data
= 1;
3913 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
, len
,
3915 if ((ret
== -1) && (s
->s3
->in_read_app_data
== 2)) {
3917 * ssl3_read_bytes decided to call s->handshake_func, which called
3918 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3919 * actually found application data and thinks that application data
3920 * makes sense here; so disable handshake processing and try to read
3921 * application data again.
3923 ossl_statem_set_in_handshake(s
, 1);
3925 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
,
3926 len
, peek
, readbytes
);
3927 ossl_statem_set_in_handshake(s
, 0);
3929 s
->s3
->in_read_app_data
= 0;
3934 int ssl3_read(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
3936 return ssl3_read_internal(s
, buf
, len
, 0, readbytes
);
3939 int ssl3_peek(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
3941 return ssl3_read_internal(s
, buf
, len
, 1, readbytes
);
3944 int ssl3_renegotiate(SSL
*s
)
3946 if (s
->handshake_func
== NULL
)
3949 s
->s3
->renegotiate
= 1;
3954 * Check if we are waiting to do a renegotiation and if so whether now is a
3955 * good time to do it. If |initok| is true then we are being called from inside
3956 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3957 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3958 * should do a renegotiation now and sets up the state machine for it. Otherwise
3961 int ssl3_renegotiate_check(SSL
*s
, int initok
)
3965 if (s
->s3
->renegotiate
) {
3966 if (!RECORD_LAYER_read_pending(&s
->rlayer
)
3967 && !RECORD_LAYER_write_pending(&s
->rlayer
)
3968 && (initok
|| !SSL_in_init(s
))) {
3970 * if we are the server, and we have sent a 'RENEGOTIATE'
3971 * message, we need to set the state machine into the renegotiate
3974 ossl_statem_set_renegotiate(s
);
3975 s
->s3
->renegotiate
= 0;
3976 s
->s3
->num_renegotiations
++;
3977 s
->s3
->total_renegotiations
++;
3985 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3986 * handshake macs if required.
3988 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3990 long ssl_get_algorithm2(SSL
*s
)
3993 if (s
->s3
== NULL
|| s
->s3
->tmp
.new_cipher
== NULL
)
3995 alg2
= s
->s3
->tmp
.new_cipher
->algorithm2
;
3996 if (s
->method
->ssl3_enc
->enc_flags
& SSL_ENC_FLAG_SHA256_PRF
) {
3997 if (alg2
== (SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
))
3998 return SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
;
3999 } else if (s
->s3
->tmp
.new_cipher
->algorithm_mkey
& SSL_PSK
) {
4000 if (alg2
== (SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
))
4001 return SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
;
4007 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4008 * failure, 1 on success.
4010 int ssl_fill_hello_random(SSL
*s
, int server
, unsigned char *result
, size_t len
)
4017 send_time
= (s
->mode
& SSL_MODE_SEND_SERVERHELLO_TIME
) != 0;
4019 send_time
= (s
->mode
& SSL_MODE_SEND_CLIENTHELLO_TIME
) != 0;
4021 unsigned long Time
= (unsigned long)time(NULL
);
4022 unsigned char *p
= result
;
4024 /* TODO(size_t): Convert this */
4025 return RAND_bytes(p
, (int)(len
- 4));
4027 return RAND_bytes(result
, (int)len
);
4030 int ssl_generate_master_secret(SSL
*s
, unsigned char *pms
, size_t pmslen
,
4033 unsigned long alg_k
= s
->s3
->tmp
.new_cipher
->algorithm_mkey
;
4036 if (alg_k
& SSL_PSK
) {
4037 #ifndef OPENSSL_NO_PSK
4038 unsigned char *pskpms
, *t
;
4039 size_t psklen
= s
->s3
->tmp
.psklen
;
4042 /* create PSK premaster_secret */
4044 /* For plain PSK "other_secret" is psklen zeroes */
4045 if (alg_k
& SSL_kPSK
)
4048 pskpmslen
= 4 + pmslen
+ psklen
;
4049 pskpms
= OPENSSL_malloc(pskpmslen
);
4054 if (alg_k
& SSL_kPSK
)
4055 memset(t
, 0, pmslen
);
4057 memcpy(t
, pms
, pmslen
);
4060 memcpy(t
, s
->s3
->tmp
.psk
, psklen
);
4062 OPENSSL_clear_free(s
->s3
->tmp
.psk
, psklen
);
4063 s
->s3
->tmp
.psk
= NULL
;
4064 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4065 s
->session
->master_key
,pskpms
, pskpmslen
,
4066 &s
->session
->master_key_length
))
4068 OPENSSL_clear_free(pskpms
, pskpmslen
);
4070 /* Should never happen */
4074 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4075 s
->session
->master_key
, pms
, pmslen
,
4076 &s
->session
->master_key_length
))
4084 OPENSSL_clear_free(pms
, pmslen
);
4086 OPENSSL_cleanse(pms
, pmslen
);
4089 s
->s3
->tmp
.pms
= NULL
;
4093 /* Generate a private key from parameters */
4094 EVP_PKEY
*ssl_generate_pkey(EVP_PKEY
*pm
)
4096 EVP_PKEY_CTX
*pctx
= NULL
;
4097 EVP_PKEY
*pkey
= NULL
;
4101 pctx
= EVP_PKEY_CTX_new(pm
, NULL
);
4104 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4106 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4107 EVP_PKEY_free(pkey
);
4112 EVP_PKEY_CTX_free(pctx
);
4115 #ifndef OPENSSL_NO_EC
4116 /* Generate a private key a curve ID */
4117 EVP_PKEY
*ssl_generate_pkey_curve(int id
)
4119 EVP_PKEY_CTX
*pctx
= NULL
;
4120 EVP_PKEY
*pkey
= NULL
;
4121 unsigned int curve_flags
;
4122 int nid
= tls1_ec_curve_id2nid(id
, &curve_flags
);
4126 if ((curve_flags
& TLS_CURVE_TYPE
) == TLS_CURVE_CUSTOM
) {
4127 pctx
= EVP_PKEY_CTX_new_id(nid
, NULL
);
4130 pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
4134 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4136 if (nid
!= 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, nid
) <= 0)
4138 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4139 EVP_PKEY_free(pkey
);
4144 EVP_PKEY_CTX_free(pctx
);
4149 /* Derive secrets for ECDH/DH */
4150 int ssl_derive(SSL
*s
, EVP_PKEY
*privkey
, EVP_PKEY
*pubkey
, int gensecret
)
4153 unsigned char *pms
= NULL
;
4157 if (privkey
== NULL
|| pubkey
== NULL
)
4160 pctx
= EVP_PKEY_CTX_new(privkey
, NULL
);
4162 if (EVP_PKEY_derive_init(pctx
) <= 0
4163 || EVP_PKEY_derive_set_peer(pctx
, pubkey
) <= 0
4164 || EVP_PKEY_derive(pctx
, NULL
, &pmslen
) <= 0) {
4168 pms
= OPENSSL_malloc(pmslen
);
4172 if (EVP_PKEY_derive(pctx
, pms
, &pmslen
) <= 0)
4176 if (SSL_IS_TLS13(s
)) {
4178 * If we are resuming then we already generated the early secret
4179 * when we created the ClientHello, so don't recreate it.
4182 rv
= tls13_generate_secret(s
, ssl_handshake_md(s
), NULL
, NULL
,
4184 (unsigned char *)&s
->early_secret
);
4188 rv
= rv
&& tls13_generate_handshake_secret(s
, pms
, pmslen
);
4190 rv
= ssl_generate_master_secret(s
, pms
, pmslen
, 0);
4193 /* Save premaster secret */
4194 s
->s3
->tmp
.pms
= pms
;
4195 s
->s3
->tmp
.pmslen
= pmslen
;
4201 OPENSSL_clear_free(pms
, pmslen
);
4202 EVP_PKEY_CTX_free(pctx
);
4206 #ifndef OPENSSL_NO_DH
4207 EVP_PKEY
*ssl_dh_to_pkey(DH
*dh
)
4212 ret
= EVP_PKEY_new();
4213 if (EVP_PKEY_set1_DH(ret
, dh
) <= 0) {