2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
24 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
25 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
26 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
28 /* TLSv1.3 downgrade protection sentinel values */
29 const unsigned char tls11downgrade
[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
32 const unsigned char tls12downgrade
[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36 /* The list of available TLSv1.3 ciphers */
37 static SSL_CIPHER tls13_ciphers
[] = {
40 TLS1_3_RFC_AES_128_GCM_SHA256
,
41 TLS1_3_RFC_AES_128_GCM_SHA256
,
42 TLS1_3_CK_AES_128_GCM_SHA256
,
47 TLS1_3_VERSION
, TLS1_3_VERSION
,
50 SSL_HANDSHAKE_MAC_SHA256
,
55 TLS1_3_RFC_AES_256_GCM_SHA384
,
56 TLS1_3_RFC_AES_256_GCM_SHA384
,
57 TLS1_3_CK_AES_256_GCM_SHA384
,
62 TLS1_3_VERSION
, TLS1_3_VERSION
,
65 SSL_HANDSHAKE_MAC_SHA384
,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
73 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
78 TLS1_3_VERSION
, TLS1_3_VERSION
,
81 SSL_HANDSHAKE_MAC_SHA256
,
87 TLS1_3_RFC_AES_128_CCM_SHA256
,
88 TLS1_3_RFC_AES_128_CCM_SHA256
,
89 TLS1_3_CK_AES_128_CCM_SHA256
,
94 TLS1_3_VERSION
, TLS1_3_VERSION
,
96 SSL_NOT_DEFAULT
| SSL_HIGH
,
97 SSL_HANDSHAKE_MAC_SHA256
,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256
,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256
,
104 TLS1_3_CK_AES_128_CCM_8_SHA256
,
109 TLS1_3_VERSION
, TLS1_3_VERSION
,
111 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
112 SSL_HANDSHAKE_MAC_SHA256
,
113 64, /* CCM8 uses a short tag, so we have a low security strength */
119 * The list of available ciphers, mostly organized into the following
124 * SRP (within that: RSA EC PSK)
125 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
128 static SSL_CIPHER ssl3_ciphers
[] = {
131 SSL3_TXT_RSA_NULL_MD5
,
132 SSL3_RFC_RSA_NULL_MD5
,
133 SSL3_CK_RSA_NULL_MD5
,
138 SSL3_VERSION
, TLS1_2_VERSION
,
139 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
141 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
147 SSL3_TXT_RSA_NULL_SHA
,
148 SSL3_RFC_RSA_NULL_SHA
,
149 SSL3_CK_RSA_NULL_SHA
,
154 SSL3_VERSION
, TLS1_2_VERSION
,
155 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
156 SSL_STRONG_NONE
| SSL_FIPS
,
157 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
161 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
164 SSL3_TXT_RSA_DES_192_CBC3_SHA
,
165 SSL3_RFC_RSA_DES_192_CBC3_SHA
,
166 SSL3_CK_RSA_DES_192_CBC3_SHA
,
171 SSL3_VERSION
, TLS1_2_VERSION
,
172 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
173 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
174 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
180 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA
,
181 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA
,
182 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
,
187 SSL3_VERSION
, TLS1_2_VERSION
,
188 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
189 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
190 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
196 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA
,
197 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA
,
198 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
,
203 SSL3_VERSION
, TLS1_2_VERSION
,
204 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
205 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
206 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
212 SSL3_TXT_ADH_DES_192_CBC_SHA
,
213 SSL3_RFC_ADH_DES_192_CBC_SHA
,
214 SSL3_CK_ADH_DES_192_CBC_SHA
,
219 SSL3_VERSION
, TLS1_2_VERSION
,
220 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
221 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
222 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
229 TLS1_TXT_RSA_WITH_AES_128_SHA
,
230 TLS1_RFC_RSA_WITH_AES_128_SHA
,
231 TLS1_CK_RSA_WITH_AES_128_SHA
,
236 SSL3_VERSION
, TLS1_2_VERSION
,
237 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
239 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
245 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA
,
246 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA
,
247 TLS1_CK_DHE_DSS_WITH_AES_128_SHA
,
252 SSL3_VERSION
, TLS1_2_VERSION
,
253 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
254 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
255 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
261 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
262 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA
,
263 TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
268 SSL3_VERSION
, TLS1_2_VERSION
,
269 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
271 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
277 TLS1_TXT_ADH_WITH_AES_128_SHA
,
278 TLS1_RFC_ADH_WITH_AES_128_SHA
,
279 TLS1_CK_ADH_WITH_AES_128_SHA
,
284 SSL3_VERSION
, TLS1_2_VERSION
,
285 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
286 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
287 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
293 TLS1_TXT_RSA_WITH_AES_256_SHA
,
294 TLS1_RFC_RSA_WITH_AES_256_SHA
,
295 TLS1_CK_RSA_WITH_AES_256_SHA
,
300 SSL3_VERSION
, TLS1_2_VERSION
,
301 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
303 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
309 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA
,
310 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA
,
311 TLS1_CK_DHE_DSS_WITH_AES_256_SHA
,
316 SSL3_VERSION
, TLS1_2_VERSION
,
317 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
318 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
319 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
325 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
326 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA
,
327 TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
332 SSL3_VERSION
, TLS1_2_VERSION
,
333 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
335 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
341 TLS1_TXT_ADH_WITH_AES_256_SHA
,
342 TLS1_RFC_ADH_WITH_AES_256_SHA
,
343 TLS1_CK_ADH_WITH_AES_256_SHA
,
348 SSL3_VERSION
, TLS1_2_VERSION
,
349 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
350 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
351 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
357 TLS1_TXT_RSA_WITH_NULL_SHA256
,
358 TLS1_RFC_RSA_WITH_NULL_SHA256
,
359 TLS1_CK_RSA_WITH_NULL_SHA256
,
364 TLS1_2_VERSION
, TLS1_2_VERSION
,
365 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
366 SSL_STRONG_NONE
| SSL_FIPS
,
367 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
373 TLS1_TXT_RSA_WITH_AES_128_SHA256
,
374 TLS1_RFC_RSA_WITH_AES_128_SHA256
,
375 TLS1_CK_RSA_WITH_AES_128_SHA256
,
380 TLS1_2_VERSION
, TLS1_2_VERSION
,
381 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
383 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
389 TLS1_TXT_RSA_WITH_AES_256_SHA256
,
390 TLS1_RFC_RSA_WITH_AES_256_SHA256
,
391 TLS1_CK_RSA_WITH_AES_256_SHA256
,
396 TLS1_2_VERSION
, TLS1_2_VERSION
,
397 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
399 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
405 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256
,
406 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256
,
407 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256
,
412 TLS1_2_VERSION
, TLS1_2_VERSION
,
413 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
414 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
415 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
421 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
422 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256
,
423 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
428 TLS1_2_VERSION
, TLS1_2_VERSION
,
429 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
431 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
437 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256
,
438 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256
,
439 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256
,
444 TLS1_2_VERSION
, TLS1_2_VERSION
,
445 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
446 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
447 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
453 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
454 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256
,
455 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
460 TLS1_2_VERSION
, TLS1_2_VERSION
,
461 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
463 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
469 TLS1_TXT_ADH_WITH_AES_128_SHA256
,
470 TLS1_RFC_ADH_WITH_AES_128_SHA256
,
471 TLS1_CK_ADH_WITH_AES_128_SHA256
,
476 TLS1_2_VERSION
, TLS1_2_VERSION
,
477 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
478 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
479 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
485 TLS1_TXT_ADH_WITH_AES_256_SHA256
,
486 TLS1_RFC_ADH_WITH_AES_256_SHA256
,
487 TLS1_CK_ADH_WITH_AES_256_SHA256
,
492 TLS1_2_VERSION
, TLS1_2_VERSION
,
493 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
494 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
495 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
501 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
502 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256
,
503 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
508 TLS1_2_VERSION
, TLS1_2_VERSION
,
509 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
511 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
517 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
518 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384
,
519 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
524 TLS1_2_VERSION
, TLS1_2_VERSION
,
525 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
527 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
533 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
534 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256
,
535 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
540 TLS1_2_VERSION
, TLS1_2_VERSION
,
541 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
543 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
549 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
550 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384
,
551 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
556 TLS1_2_VERSION
, TLS1_2_VERSION
,
557 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
559 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
565 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256
,
566 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256
,
567 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256
,
572 TLS1_2_VERSION
, TLS1_2_VERSION
,
573 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
574 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
575 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
581 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384
,
582 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384
,
583 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384
,
588 TLS1_2_VERSION
, TLS1_2_VERSION
,
589 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
590 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
591 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
597 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
598 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256
,
599 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
604 TLS1_2_VERSION
, TLS1_2_VERSION
,
605 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
606 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
607 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
613 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
614 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384
,
615 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
620 TLS1_2_VERSION
, TLS1_2_VERSION
,
621 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
622 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
623 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
629 TLS1_TXT_RSA_WITH_AES_128_CCM
,
630 TLS1_RFC_RSA_WITH_AES_128_CCM
,
631 TLS1_CK_RSA_WITH_AES_128_CCM
,
636 TLS1_2_VERSION
, TLS1_2_VERSION
,
637 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
638 SSL_NOT_DEFAULT
| SSL_HIGH
,
639 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
645 TLS1_TXT_RSA_WITH_AES_256_CCM
,
646 TLS1_RFC_RSA_WITH_AES_256_CCM
,
647 TLS1_CK_RSA_WITH_AES_256_CCM
,
652 TLS1_2_VERSION
, TLS1_2_VERSION
,
653 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
654 SSL_NOT_DEFAULT
| SSL_HIGH
,
655 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
661 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM
,
662 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM
,
663 TLS1_CK_DHE_RSA_WITH_AES_128_CCM
,
668 TLS1_2_VERSION
, TLS1_2_VERSION
,
669 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
670 SSL_NOT_DEFAULT
| SSL_HIGH
,
671 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
677 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM
,
678 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM
,
679 TLS1_CK_DHE_RSA_WITH_AES_256_CCM
,
684 TLS1_2_VERSION
, TLS1_2_VERSION
,
685 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
686 SSL_NOT_DEFAULT
| SSL_HIGH
,
687 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
693 TLS1_TXT_RSA_WITH_AES_128_CCM_8
,
694 TLS1_RFC_RSA_WITH_AES_128_CCM_8
,
695 TLS1_CK_RSA_WITH_AES_128_CCM_8
,
700 TLS1_2_VERSION
, TLS1_2_VERSION
,
701 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
702 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
703 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
704 64, /* CCM8 uses a short tag, so we have a low security strength */
709 TLS1_TXT_RSA_WITH_AES_256_CCM_8
,
710 TLS1_RFC_RSA_WITH_AES_256_CCM_8
,
711 TLS1_CK_RSA_WITH_AES_256_CCM_8
,
716 TLS1_2_VERSION
, TLS1_2_VERSION
,
717 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
718 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
719 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
720 64, /* CCM8 uses a short tag, so we have a low security strength */
725 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8
,
726 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8
,
727 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8
,
732 TLS1_2_VERSION
, TLS1_2_VERSION
,
733 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
734 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
735 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
736 64, /* CCM8 uses a short tag, so we have a low security strength */
741 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8
,
742 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8
,
743 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8
,
748 TLS1_2_VERSION
, TLS1_2_VERSION
,
749 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
750 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
751 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
752 64, /* CCM8 uses a short tag, so we have a low security strength */
757 TLS1_TXT_PSK_WITH_AES_128_CCM
,
758 TLS1_RFC_PSK_WITH_AES_128_CCM
,
759 TLS1_CK_PSK_WITH_AES_128_CCM
,
764 TLS1_2_VERSION
, TLS1_2_VERSION
,
765 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
766 SSL_NOT_DEFAULT
| SSL_HIGH
,
767 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
773 TLS1_TXT_PSK_WITH_AES_256_CCM
,
774 TLS1_RFC_PSK_WITH_AES_256_CCM
,
775 TLS1_CK_PSK_WITH_AES_256_CCM
,
780 TLS1_2_VERSION
, TLS1_2_VERSION
,
781 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
782 SSL_NOT_DEFAULT
| SSL_HIGH
,
783 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
789 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM
,
790 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM
,
791 TLS1_CK_DHE_PSK_WITH_AES_128_CCM
,
796 TLS1_2_VERSION
, TLS1_2_VERSION
,
797 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
798 SSL_NOT_DEFAULT
| SSL_HIGH
,
799 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
805 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM
,
806 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM
,
807 TLS1_CK_DHE_PSK_WITH_AES_256_CCM
,
812 TLS1_2_VERSION
, TLS1_2_VERSION
,
813 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
814 SSL_NOT_DEFAULT
| SSL_HIGH
,
815 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
821 TLS1_TXT_PSK_WITH_AES_128_CCM_8
,
822 TLS1_RFC_PSK_WITH_AES_128_CCM_8
,
823 TLS1_CK_PSK_WITH_AES_128_CCM_8
,
828 TLS1_2_VERSION
, TLS1_2_VERSION
,
829 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
830 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
831 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
832 64, /* CCM8 uses a short tag, so we have a low security strength */
837 TLS1_TXT_PSK_WITH_AES_256_CCM_8
,
838 TLS1_RFC_PSK_WITH_AES_256_CCM_8
,
839 TLS1_CK_PSK_WITH_AES_256_CCM_8
,
844 TLS1_2_VERSION
, TLS1_2_VERSION
,
845 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
846 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
847 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
848 64, /* CCM8 uses a short tag, so we have a low security strength */
853 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8
,
854 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8
,
855 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8
,
860 TLS1_2_VERSION
, TLS1_2_VERSION
,
861 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
862 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
863 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
864 64, /* CCM8 uses a short tag, so we have a low security strength */
869 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8
,
870 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8
,
871 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8
,
876 TLS1_2_VERSION
, TLS1_2_VERSION
,
877 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
878 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
879 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
880 64, /* CCM8 uses a short tag, so we have a low security strength */
885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM
,
886 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM
,
887 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM
,
892 TLS1_2_VERSION
, TLS1_2_VERSION
,
893 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
894 SSL_NOT_DEFAULT
| SSL_HIGH
,
895 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
901 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM
,
902 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM
,
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM
,
908 TLS1_2_VERSION
, TLS1_2_VERSION
,
909 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
910 SSL_NOT_DEFAULT
| SSL_HIGH
,
911 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
917 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
918 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
919 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
924 TLS1_2_VERSION
, TLS1_2_VERSION
,
925 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
926 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
927 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
928 64, /* CCM8 uses a short tag, so we have a low security strength */
933 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
934 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
935 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
940 TLS1_2_VERSION
, TLS1_2_VERSION
,
941 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
942 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
943 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
944 64, /* CCM8 uses a short tag, so we have a low security strength */
949 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
950 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA
,
951 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
956 TLS1_VERSION
, TLS1_2_VERSION
,
957 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
958 SSL_STRONG_NONE
| SSL_FIPS
,
959 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
963 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
966 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
967 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
968 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
973 TLS1_VERSION
, TLS1_2_VERSION
,
974 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
975 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
976 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
983 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
984 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
985 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
990 TLS1_VERSION
, TLS1_2_VERSION
,
991 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
993 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
999 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1000 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1001 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1006 TLS1_VERSION
, TLS1_2_VERSION
,
1007 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1008 SSL_HIGH
| SSL_FIPS
,
1009 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1015 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
1016 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA
,
1017 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
1022 TLS1_VERSION
, TLS1_2_VERSION
,
1023 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1024 SSL_STRONG_NONE
| SSL_FIPS
,
1025 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1029 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1032 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1033 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1034 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1039 TLS1_VERSION
, TLS1_2_VERSION
,
1040 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1041 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1042 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1049 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1050 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1056 TLS1_VERSION
, TLS1_2_VERSION
,
1057 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1058 SSL_HIGH
| SSL_FIPS
,
1059 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1066 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1067 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1072 TLS1_VERSION
, TLS1_2_VERSION
,
1073 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1074 SSL_HIGH
| SSL_FIPS
,
1075 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1081 TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1082 TLS1_RFC_ECDH_anon_WITH_NULL_SHA
,
1083 TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1088 TLS1_VERSION
, TLS1_2_VERSION
,
1089 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1090 SSL_STRONG_NONE
| SSL_FIPS
,
1091 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1095 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1098 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1099 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1100 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1105 TLS1_VERSION
, TLS1_2_VERSION
,
1106 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1107 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1108 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1115 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1116 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA
,
1117 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1122 TLS1_VERSION
, TLS1_2_VERSION
,
1123 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1124 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1125 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1131 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1132 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA
,
1133 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1138 TLS1_VERSION
, TLS1_2_VERSION
,
1139 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1140 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1141 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1147 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1148 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1149 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1154 TLS1_2_VERSION
, TLS1_2_VERSION
,
1155 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1156 SSL_HIGH
| SSL_FIPS
,
1157 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1163 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1164 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1165 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1170 TLS1_2_VERSION
, TLS1_2_VERSION
,
1171 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1172 SSL_HIGH
| SSL_FIPS
,
1173 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1179 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1180 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256
,
1181 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1186 TLS1_2_VERSION
, TLS1_2_VERSION
,
1187 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1188 SSL_HIGH
| SSL_FIPS
,
1189 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1195 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1196 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384
,
1197 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1202 TLS1_2_VERSION
, TLS1_2_VERSION
,
1203 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1204 SSL_HIGH
| SSL_FIPS
,
1205 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1211 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1212 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1213 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1218 TLS1_2_VERSION
, TLS1_2_VERSION
,
1219 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1220 SSL_HIGH
| SSL_FIPS
,
1221 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1227 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1228 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1229 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1234 TLS1_2_VERSION
, TLS1_2_VERSION
,
1235 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1236 SSL_HIGH
| SSL_FIPS
,
1237 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1243 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1244 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1245 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1250 TLS1_2_VERSION
, TLS1_2_VERSION
,
1251 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1252 SSL_HIGH
| SSL_FIPS
,
1253 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1259 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1260 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1261 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1266 TLS1_2_VERSION
, TLS1_2_VERSION
,
1267 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1268 SSL_HIGH
| SSL_FIPS
,
1269 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1275 TLS1_TXT_PSK_WITH_NULL_SHA
,
1276 TLS1_RFC_PSK_WITH_NULL_SHA
,
1277 TLS1_CK_PSK_WITH_NULL_SHA
,
1282 SSL3_VERSION
, TLS1_2_VERSION
,
1283 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1284 SSL_STRONG_NONE
| SSL_FIPS
,
1285 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1291 TLS1_TXT_DHE_PSK_WITH_NULL_SHA
,
1292 TLS1_RFC_DHE_PSK_WITH_NULL_SHA
,
1293 TLS1_CK_DHE_PSK_WITH_NULL_SHA
,
1298 SSL3_VERSION
, TLS1_2_VERSION
,
1299 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1300 SSL_STRONG_NONE
| SSL_FIPS
,
1301 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1307 TLS1_TXT_RSA_PSK_WITH_NULL_SHA
,
1308 TLS1_RFC_RSA_PSK_WITH_NULL_SHA
,
1309 TLS1_CK_RSA_PSK_WITH_NULL_SHA
,
1314 SSL3_VERSION
, TLS1_2_VERSION
,
1315 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1316 SSL_STRONG_NONE
| SSL_FIPS
,
1317 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1321 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1324 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA
,
1325 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA
,
1326 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA
,
1331 SSL3_VERSION
, TLS1_2_VERSION
,
1332 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1333 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1334 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1341 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA
,
1342 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA
,
1343 TLS1_CK_PSK_WITH_AES_128_CBC_SHA
,
1348 SSL3_VERSION
, TLS1_2_VERSION
,
1349 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1350 SSL_HIGH
| SSL_FIPS
,
1351 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1357 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA
,
1358 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA
,
1359 TLS1_CK_PSK_WITH_AES_256_CBC_SHA
,
1364 SSL3_VERSION
, TLS1_2_VERSION
,
1365 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1366 SSL_HIGH
| SSL_FIPS
,
1367 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1371 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1374 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1375 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1376 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1381 SSL3_VERSION
, TLS1_2_VERSION
,
1382 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1383 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1384 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1391 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA
,
1392 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA
,
1393 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA
,
1398 SSL3_VERSION
, TLS1_2_VERSION
,
1399 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1400 SSL_HIGH
| SSL_FIPS
,
1401 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1407 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA
,
1408 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA
,
1409 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA
,
1414 SSL3_VERSION
, TLS1_2_VERSION
,
1415 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1416 SSL_HIGH
| SSL_FIPS
,
1417 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1421 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1424 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1425 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1426 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1431 SSL3_VERSION
, TLS1_2_VERSION
,
1432 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1433 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1434 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1441 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA
,
1442 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA
,
1443 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA
,
1448 SSL3_VERSION
, TLS1_2_VERSION
,
1449 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1450 SSL_HIGH
| SSL_FIPS
,
1451 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1457 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA
,
1458 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA
,
1459 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA
,
1464 SSL3_VERSION
, TLS1_2_VERSION
,
1465 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1466 SSL_HIGH
| SSL_FIPS
,
1467 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1473 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256
,
1474 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256
,
1475 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256
,
1480 TLS1_2_VERSION
, TLS1_2_VERSION
,
1481 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1482 SSL_HIGH
| SSL_FIPS
,
1483 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1489 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384
,
1490 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384
,
1491 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384
,
1496 TLS1_2_VERSION
, TLS1_2_VERSION
,
1497 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1498 SSL_HIGH
| SSL_FIPS
,
1499 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1505 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1506 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1507 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1512 TLS1_2_VERSION
, TLS1_2_VERSION
,
1513 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1514 SSL_HIGH
| SSL_FIPS
,
1515 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1521 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1522 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1523 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1528 TLS1_2_VERSION
, TLS1_2_VERSION
,
1529 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1530 SSL_HIGH
| SSL_FIPS
,
1531 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1537 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1538 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1539 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1544 TLS1_2_VERSION
, TLS1_2_VERSION
,
1545 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1546 SSL_HIGH
| SSL_FIPS
,
1547 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1553 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1554 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1555 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1560 TLS1_2_VERSION
, TLS1_2_VERSION
,
1561 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1562 SSL_HIGH
| SSL_FIPS
,
1563 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1569 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256
,
1570 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256
,
1571 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256
,
1576 TLS1_VERSION
, TLS1_2_VERSION
,
1577 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1578 SSL_HIGH
| SSL_FIPS
,
1579 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1585 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384
,
1586 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384
,
1587 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384
,
1592 TLS1_VERSION
, TLS1_2_VERSION
,
1593 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1594 SSL_HIGH
| SSL_FIPS
,
1595 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1601 TLS1_TXT_PSK_WITH_NULL_SHA256
,
1602 TLS1_RFC_PSK_WITH_NULL_SHA256
,
1603 TLS1_CK_PSK_WITH_NULL_SHA256
,
1608 TLS1_VERSION
, TLS1_2_VERSION
,
1609 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1610 SSL_STRONG_NONE
| SSL_FIPS
,
1611 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1617 TLS1_TXT_PSK_WITH_NULL_SHA384
,
1618 TLS1_RFC_PSK_WITH_NULL_SHA384
,
1619 TLS1_CK_PSK_WITH_NULL_SHA384
,
1624 TLS1_VERSION
, TLS1_2_VERSION
,
1625 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1626 SSL_STRONG_NONE
| SSL_FIPS
,
1627 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1633 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1634 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1635 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1640 TLS1_VERSION
, TLS1_2_VERSION
,
1641 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1642 SSL_HIGH
| SSL_FIPS
,
1643 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1649 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1650 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1651 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1656 TLS1_VERSION
, TLS1_2_VERSION
,
1657 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1658 SSL_HIGH
| SSL_FIPS
,
1659 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1665 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256
,
1666 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256
,
1667 TLS1_CK_DHE_PSK_WITH_NULL_SHA256
,
1672 TLS1_VERSION
, TLS1_2_VERSION
,
1673 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1674 SSL_STRONG_NONE
| SSL_FIPS
,
1675 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1681 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384
,
1682 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384
,
1683 TLS1_CK_DHE_PSK_WITH_NULL_SHA384
,
1688 TLS1_VERSION
, TLS1_2_VERSION
,
1689 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1690 SSL_STRONG_NONE
| SSL_FIPS
,
1691 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1697 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1698 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1699 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1704 TLS1_VERSION
, TLS1_2_VERSION
,
1705 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1706 SSL_HIGH
| SSL_FIPS
,
1707 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1713 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1714 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1715 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1720 TLS1_VERSION
, TLS1_2_VERSION
,
1721 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1722 SSL_HIGH
| SSL_FIPS
,
1723 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1729 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256
,
1730 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256
,
1731 TLS1_CK_RSA_PSK_WITH_NULL_SHA256
,
1736 TLS1_VERSION
, TLS1_2_VERSION
,
1737 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1738 SSL_STRONG_NONE
| SSL_FIPS
,
1739 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1745 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384
,
1746 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384
,
1747 TLS1_CK_RSA_PSK_WITH_NULL_SHA384
,
1752 TLS1_VERSION
, TLS1_2_VERSION
,
1753 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1754 SSL_STRONG_NONE
| SSL_FIPS
,
1755 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1759 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1762 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1763 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1764 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1769 TLS1_VERSION
, TLS1_2_VERSION
,
1770 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1771 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1772 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1779 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1780 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1781 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1786 TLS1_VERSION
, TLS1_2_VERSION
,
1787 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1788 SSL_HIGH
| SSL_FIPS
,
1789 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1795 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1796 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1797 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1802 TLS1_VERSION
, TLS1_2_VERSION
,
1803 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1804 SSL_HIGH
| SSL_FIPS
,
1805 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1811 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1812 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1813 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1818 TLS1_VERSION
, TLS1_2_VERSION
,
1819 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1820 SSL_HIGH
| SSL_FIPS
,
1821 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1827 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1828 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1829 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1834 TLS1_VERSION
, TLS1_2_VERSION
,
1835 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1836 SSL_HIGH
| SSL_FIPS
,
1837 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1843 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA
,
1844 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA
,
1845 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA
,
1850 TLS1_VERSION
, TLS1_2_VERSION
,
1851 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1852 SSL_STRONG_NONE
| SSL_FIPS
,
1853 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1859 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256
,
1860 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256
,
1861 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256
,
1866 TLS1_VERSION
, TLS1_2_VERSION
,
1867 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1868 SSL_STRONG_NONE
| SSL_FIPS
,
1869 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1875 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384
,
1876 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384
,
1877 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384
,
1882 TLS1_VERSION
, TLS1_2_VERSION
,
1883 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1884 SSL_STRONG_NONE
| SSL_FIPS
,
1885 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1890 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1893 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1894 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1895 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1900 SSL3_VERSION
, TLS1_2_VERSION
,
1901 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1902 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1903 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1909 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1910 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1911 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1916 SSL3_VERSION
, TLS1_2_VERSION
,
1917 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1918 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1919 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1925 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1926 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1927 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1932 SSL3_VERSION
, TLS1_2_VERSION
,
1933 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1934 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1935 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1942 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA
,
1943 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA
,
1944 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA
,
1949 SSL3_VERSION
, TLS1_2_VERSION
,
1950 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1952 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1958 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1959 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1960 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1965 SSL3_VERSION
, TLS1_2_VERSION
,
1966 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1968 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1974 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1975 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1976 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1981 SSL3_VERSION
, TLS1_2_VERSION
,
1982 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1983 SSL_NOT_DEFAULT
| SSL_HIGH
,
1984 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1990 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA
,
1991 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA
,
1992 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA
,
1997 SSL3_VERSION
, TLS1_2_VERSION
,
1998 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2000 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2006 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2007 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2008 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2013 SSL3_VERSION
, TLS1_2_VERSION
,
2014 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2016 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2022 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2023 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2024 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2029 SSL3_VERSION
, TLS1_2_VERSION
,
2030 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2031 SSL_NOT_DEFAULT
| SSL_HIGH
,
2032 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2039 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
2040 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305
,
2041 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305
,
2044 SSL_CHACHA20POLY1305
,
2046 TLS1_2_VERSION
, TLS1_2_VERSION
,
2047 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2049 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2055 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2056 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2057 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2060 SSL_CHACHA20POLY1305
,
2062 TLS1_2_VERSION
, TLS1_2_VERSION
,
2063 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2065 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2071 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2072 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2073 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2076 SSL_CHACHA20POLY1305
,
2078 TLS1_2_VERSION
, TLS1_2_VERSION
,
2079 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2081 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2087 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305
,
2088 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305
,
2089 TLS1_CK_PSK_WITH_CHACHA20_POLY1305
,
2092 SSL_CHACHA20POLY1305
,
2094 TLS1_2_VERSION
, TLS1_2_VERSION
,
2095 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2097 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2103 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2104 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2105 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2108 SSL_CHACHA20POLY1305
,
2110 TLS1_2_VERSION
, TLS1_2_VERSION
,
2111 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2113 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2119 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305
,
2120 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305
,
2121 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305
,
2124 SSL_CHACHA20POLY1305
,
2126 TLS1_2_VERSION
, TLS1_2_VERSION
,
2127 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2129 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2135 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305
,
2136 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305
,
2137 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305
,
2140 SSL_CHACHA20POLY1305
,
2142 TLS1_2_VERSION
, TLS1_2_VERSION
,
2143 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2145 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2153 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2154 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2159 TLS1_2_VERSION
, TLS1_2_VERSION
,
2160 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2161 SSL_NOT_DEFAULT
| SSL_HIGH
,
2162 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2168 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2169 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2170 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2175 TLS1_2_VERSION
, TLS1_2_VERSION
,
2176 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2177 SSL_NOT_DEFAULT
| SSL_HIGH
,
2178 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2184 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2185 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2186 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2191 TLS1_2_VERSION
, TLS1_2_VERSION
,
2192 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2193 SSL_NOT_DEFAULT
| SSL_HIGH
,
2194 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2200 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2201 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2202 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2207 TLS1_2_VERSION
, TLS1_2_VERSION
,
2208 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2209 SSL_NOT_DEFAULT
| SSL_HIGH
,
2210 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2216 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2217 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2218 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2223 TLS1_2_VERSION
, TLS1_2_VERSION
,
2224 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2225 SSL_NOT_DEFAULT
| SSL_HIGH
,
2226 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2232 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2233 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2234 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2239 TLS1_2_VERSION
, TLS1_2_VERSION
,
2240 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2241 SSL_NOT_DEFAULT
| SSL_HIGH
,
2242 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2248 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2249 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2250 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2255 TLS1_2_VERSION
, TLS1_2_VERSION
,
2256 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2257 SSL_NOT_DEFAULT
| SSL_HIGH
,
2258 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2264 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2265 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2266 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2271 TLS1_2_VERSION
, TLS1_2_VERSION
,
2272 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2273 SSL_NOT_DEFAULT
| SSL_HIGH
,
2274 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2280 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2281 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2282 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2287 SSL3_VERSION
, TLS1_2_VERSION
,
2288 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2289 SSL_NOT_DEFAULT
| SSL_HIGH
,
2290 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2296 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2297 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2298 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2303 SSL3_VERSION
, TLS1_2_VERSION
,
2304 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2305 SSL_NOT_DEFAULT
| SSL_HIGH
,
2306 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2312 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2313 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2314 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2319 SSL3_VERSION
, TLS1_2_VERSION
,
2320 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2321 SSL_NOT_DEFAULT
| SSL_HIGH
,
2322 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2328 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2329 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2330 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2335 SSL3_VERSION
, TLS1_2_VERSION
,
2336 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2337 SSL_NOT_DEFAULT
| SSL_HIGH
,
2338 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2344 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2345 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2346 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2351 SSL3_VERSION
, TLS1_2_VERSION
,
2352 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2353 SSL_NOT_DEFAULT
| SSL_HIGH
,
2354 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2360 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2361 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2362 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2367 SSL3_VERSION
, TLS1_2_VERSION
,
2368 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2369 SSL_NOT_DEFAULT
| SSL_HIGH
,
2370 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2376 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2377 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2378 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2383 SSL3_VERSION
, TLS1_2_VERSION
,
2384 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2385 SSL_NOT_DEFAULT
| SSL_HIGH
,
2386 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2392 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2393 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2394 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2399 SSL3_VERSION
, TLS1_2_VERSION
,
2400 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2401 SSL_NOT_DEFAULT
| SSL_HIGH
,
2402 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2408 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2409 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2410 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2415 TLS1_2_VERSION
, TLS1_2_VERSION
,
2416 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2417 SSL_NOT_DEFAULT
| SSL_HIGH
,
2418 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2424 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2425 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2426 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2431 TLS1_2_VERSION
, TLS1_2_VERSION
,
2432 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2433 SSL_NOT_DEFAULT
| SSL_HIGH
,
2434 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2440 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2441 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2442 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2447 TLS1_2_VERSION
, TLS1_2_VERSION
,
2448 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2449 SSL_NOT_DEFAULT
| SSL_HIGH
,
2450 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2456 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2457 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2458 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2463 TLS1_2_VERSION
, TLS1_2_VERSION
,
2464 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2465 SSL_NOT_DEFAULT
| SSL_HIGH
,
2466 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2472 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2473 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2474 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2479 TLS1_VERSION
, TLS1_2_VERSION
,
2480 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2481 SSL_NOT_DEFAULT
| SSL_HIGH
,
2482 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2488 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2489 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2490 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2495 TLS1_VERSION
, TLS1_2_VERSION
,
2496 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2497 SSL_NOT_DEFAULT
| SSL_HIGH
,
2498 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2504 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2505 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2506 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2511 TLS1_VERSION
, TLS1_2_VERSION
,
2512 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2513 SSL_NOT_DEFAULT
| SSL_HIGH
,
2514 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2520 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2521 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2522 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2527 TLS1_VERSION
, TLS1_2_VERSION
,
2528 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2529 SSL_NOT_DEFAULT
| SSL_HIGH
,
2530 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2536 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2537 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2538 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2543 TLS1_VERSION
, TLS1_2_VERSION
,
2544 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2545 SSL_NOT_DEFAULT
| SSL_HIGH
,
2546 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2552 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2553 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2554 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2559 TLS1_VERSION
, TLS1_2_VERSION
,
2560 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2561 SSL_NOT_DEFAULT
| SSL_HIGH
,
2562 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2568 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2569 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2570 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2575 TLS1_VERSION
, TLS1_2_VERSION
,
2576 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2577 SSL_NOT_DEFAULT
| SSL_HIGH
,
2578 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2584 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2585 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2586 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2591 TLS1_VERSION
, TLS1_2_VERSION
,
2592 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2593 SSL_NOT_DEFAULT
| SSL_HIGH
,
2594 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2599 #ifndef OPENSSL_NO_GOST
2602 "GOST2001-GOST89-GOST89",
2603 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2607 SSL_eGOST2814789CNT
,
2609 TLS1_VERSION
, TLS1_2_VERSION
,
2612 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
| TLS1_STREAM_MAC
,
2618 "GOST2001-NULL-GOST94",
2619 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2625 TLS1_VERSION
, TLS1_2_VERSION
,
2628 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
,
2634 "IANA-GOST2012-GOST8912-GOST8912",
2638 SSL_aGOST12
| SSL_aGOST01
,
2639 SSL_eGOST2814789CNT12
,
2641 TLS1_VERSION
, TLS1_2_VERSION
,
2644 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2650 "LEGACY-GOST2012-GOST8912-GOST8912",
2654 SSL_aGOST12
| SSL_aGOST01
,
2655 SSL_eGOST2814789CNT12
,
2657 TLS1_VERSION
, TLS1_2_VERSION
,
2660 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2666 "GOST2012-NULL-GOST12",
2670 SSL_aGOST12
| SSL_aGOST01
,
2673 TLS1_VERSION
, TLS1_2_VERSION
,
2676 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2682 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2689 TLS1_2_VERSION
, TLS1_2_VERSION
,
2692 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_TLSTREE
,
2698 "GOST2012-MAGMA-MAGMAOMAC",
2705 TLS1_2_VERSION
, TLS1_2_VERSION
,
2708 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_TLSTREE
,
2712 #endif /* OPENSSL_NO_GOST */
2716 SSL3_TXT_RSA_IDEA_128_SHA
,
2717 SSL3_RFC_RSA_IDEA_128_SHA
,
2718 SSL3_CK_RSA_IDEA_128_SHA
,
2723 SSL3_VERSION
, TLS1_1_VERSION
,
2724 DTLS1_BAD_VER
, DTLS1_VERSION
,
2725 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2726 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2733 TLS1_TXT_RSA_WITH_SEED_SHA
,
2734 TLS1_RFC_RSA_WITH_SEED_SHA
,
2735 TLS1_CK_RSA_WITH_SEED_SHA
,
2740 SSL3_VERSION
, TLS1_2_VERSION
,
2741 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2742 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2743 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2749 TLS1_TXT_DHE_DSS_WITH_SEED_SHA
,
2750 TLS1_RFC_DHE_DSS_WITH_SEED_SHA
,
2751 TLS1_CK_DHE_DSS_WITH_SEED_SHA
,
2756 SSL3_VERSION
, TLS1_2_VERSION
,
2757 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2758 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2759 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2765 TLS1_TXT_DHE_RSA_WITH_SEED_SHA
,
2766 TLS1_RFC_DHE_RSA_WITH_SEED_SHA
,
2767 TLS1_CK_DHE_RSA_WITH_SEED_SHA
,
2772 SSL3_VERSION
, TLS1_2_VERSION
,
2773 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2774 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2775 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2781 TLS1_TXT_ADH_WITH_SEED_SHA
,
2782 TLS1_RFC_ADH_WITH_SEED_SHA
,
2783 TLS1_CK_ADH_WITH_SEED_SHA
,
2788 SSL3_VERSION
, TLS1_2_VERSION
,
2789 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2790 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2791 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2796 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2799 SSL3_TXT_RSA_RC4_128_MD5
,
2800 SSL3_RFC_RSA_RC4_128_MD5
,
2801 SSL3_CK_RSA_RC4_128_MD5
,
2806 SSL3_VERSION
, TLS1_2_VERSION
,
2808 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2809 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2815 SSL3_TXT_RSA_RC4_128_SHA
,
2816 SSL3_RFC_RSA_RC4_128_SHA
,
2817 SSL3_CK_RSA_RC4_128_SHA
,
2822 SSL3_VERSION
, TLS1_2_VERSION
,
2824 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2825 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2831 SSL3_TXT_ADH_RC4_128_MD5
,
2832 SSL3_RFC_ADH_RC4_128_MD5
,
2833 SSL3_CK_ADH_RC4_128_MD5
,
2838 SSL3_VERSION
, TLS1_2_VERSION
,
2840 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2841 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2847 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA
,
2848 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA
,
2849 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA
,
2854 TLS1_VERSION
, TLS1_2_VERSION
,
2856 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2857 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2863 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
2864 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA
,
2865 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
2870 TLS1_VERSION
, TLS1_2_VERSION
,
2872 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2873 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2879 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2880 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2881 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2886 TLS1_VERSION
, TLS1_2_VERSION
,
2888 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2889 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2895 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
2896 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA
,
2897 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
2902 TLS1_VERSION
, TLS1_2_VERSION
,
2904 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2905 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2911 TLS1_TXT_PSK_WITH_RC4_128_SHA
,
2912 TLS1_RFC_PSK_WITH_RC4_128_SHA
,
2913 TLS1_CK_PSK_WITH_RC4_128_SHA
,
2918 SSL3_VERSION
, TLS1_2_VERSION
,
2920 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2921 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2927 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA
,
2928 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA
,
2929 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA
,
2934 SSL3_VERSION
, TLS1_2_VERSION
,
2936 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2937 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2943 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA
,
2944 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA
,
2945 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA
,
2950 SSL3_VERSION
, TLS1_2_VERSION
,
2952 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2953 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2957 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2961 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256
,
2962 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256
,
2963 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256
,
2968 TLS1_2_VERSION
, TLS1_2_VERSION
,
2969 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2970 SSL_NOT_DEFAULT
| SSL_HIGH
,
2971 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2977 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384
,
2978 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384
,
2979 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384
,
2984 TLS1_2_VERSION
, TLS1_2_VERSION
,
2985 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2986 SSL_NOT_DEFAULT
| SSL_HIGH
,
2987 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2993 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
2994 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
2995 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3000 TLS1_2_VERSION
, TLS1_2_VERSION
,
3001 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3002 SSL_NOT_DEFAULT
| SSL_HIGH
,
3003 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3009 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3010 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3011 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3016 TLS1_2_VERSION
, TLS1_2_VERSION
,
3017 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3018 SSL_NOT_DEFAULT
| SSL_HIGH
,
3019 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3025 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3026 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3027 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3032 TLS1_2_VERSION
, TLS1_2_VERSION
,
3033 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3034 SSL_NOT_DEFAULT
| SSL_HIGH
,
3035 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3041 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3042 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3043 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3048 TLS1_2_VERSION
, TLS1_2_VERSION
,
3049 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3050 SSL_NOT_DEFAULT
| SSL_HIGH
,
3051 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3057 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3058 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3059 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3064 TLS1_2_VERSION
, TLS1_2_VERSION
,
3065 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3066 SSL_NOT_DEFAULT
| SSL_HIGH
,
3067 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3073 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3074 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3075 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3080 TLS1_2_VERSION
, TLS1_2_VERSION
,
3081 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3082 SSL_NOT_DEFAULT
| SSL_HIGH
,
3083 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3089 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3090 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3091 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3096 TLS1_2_VERSION
, TLS1_2_VERSION
,
3097 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3098 SSL_NOT_DEFAULT
| SSL_HIGH
,
3099 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3105 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3106 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3107 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3112 TLS1_2_VERSION
, TLS1_2_VERSION
,
3113 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3114 SSL_NOT_DEFAULT
| SSL_HIGH
,
3115 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3121 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256
,
3122 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256
,
3123 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256
,
3128 TLS1_2_VERSION
, TLS1_2_VERSION
,
3129 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3130 SSL_NOT_DEFAULT
| SSL_HIGH
,
3131 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3137 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384
,
3138 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384
,
3139 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384
,
3144 TLS1_2_VERSION
, TLS1_2_VERSION
,
3145 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3146 SSL_NOT_DEFAULT
| SSL_HIGH
,
3147 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3153 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3154 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3155 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3160 TLS1_2_VERSION
, TLS1_2_VERSION
,
3161 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3162 SSL_NOT_DEFAULT
| SSL_HIGH
,
3163 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3169 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3170 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3171 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3176 TLS1_2_VERSION
, TLS1_2_VERSION
,
3177 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3178 SSL_NOT_DEFAULT
| SSL_HIGH
,
3179 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3185 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3186 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3187 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3192 TLS1_2_VERSION
, TLS1_2_VERSION
,
3193 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3194 SSL_NOT_DEFAULT
| SSL_HIGH
,
3195 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3201 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3202 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3203 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3208 TLS1_2_VERSION
, TLS1_2_VERSION
,
3209 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3210 SSL_NOT_DEFAULT
| SSL_HIGH
,
3211 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3218 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3219 * values stuffed into the ciphers field of the wire protocol for signalling
3222 static SSL_CIPHER ssl3_scsvs
[] = {
3225 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3226 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3228 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3232 "TLS_FALLBACK_SCSV",
3233 "TLS_FALLBACK_SCSV",
3234 SSL3_CK_FALLBACK_SCSV
,
3235 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3239 static int cipher_compare(const void *a
, const void *b
)
3241 const SSL_CIPHER
*ap
= (const SSL_CIPHER
*)a
;
3242 const SSL_CIPHER
*bp
= (const SSL_CIPHER
*)b
;
3244 if (ap
->id
== bp
->id
)
3246 return ap
->id
< bp
->id
? -1 : 1;
3249 void ssl_sort_cipher_list(void)
3251 qsort(tls13_ciphers
, TLS13_NUM_CIPHERS
, sizeof(tls13_ciphers
[0]),
3253 qsort(ssl3_ciphers
, SSL3_NUM_CIPHERS
, sizeof(ssl3_ciphers
[0]),
3255 qsort(ssl3_scsvs
, SSL3_NUM_SCSVS
, sizeof(ssl3_scsvs
[0]), cipher_compare
);
3258 static int sslcon_undefined_function_1(SSL_CONNECTION
*sc
, unsigned char *r
,
3259 size_t s
, const char *t
, size_t u
,
3260 const unsigned char *v
, size_t w
, int x
)
3269 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc
));
3272 const SSL3_ENC_METHOD SSLv3_enc_data
= {
3273 ssl3_setup_key_block
,
3274 ssl3_generate_master_secret
,
3275 ssl3_change_cipher_state
,
3276 ssl3_final_finish_mac
,
3277 SSL3_MD_CLIENT_FINISHED_CONST
, 4,
3278 SSL3_MD_SERVER_FINISHED_CONST
, 4,
3280 sslcon_undefined_function_1
,
3282 ssl3_set_handshake_header
,
3283 tls_close_construct_packet
,
3284 ssl3_handshake_write
3287 OSSL_TIME
ssl3_default_timeout(void)
3290 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3291 * http, the cache would over fill
3293 return ossl_seconds2time(60 * 60 * 2);
3296 int ssl3_num_ciphers(void)
3298 return SSL3_NUM_CIPHERS
;
3301 const SSL_CIPHER
*ssl3_get_cipher(unsigned int u
)
3303 if (u
< SSL3_NUM_CIPHERS
)
3304 return &(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]);
3309 int ssl3_set_handshake_header(SSL_CONNECTION
*s
, WPACKET
*pkt
, int htype
)
3311 /* No header in the event of a CCS */
3312 if (htype
== SSL3_MT_CHANGE_CIPHER_SPEC
)
3315 /* Set the content type and 3 bytes for the message len */
3316 if (!WPACKET_put_bytes_u8(pkt
, htype
)
3317 || !WPACKET_start_sub_packet_u24(pkt
))
3323 int ssl3_handshake_write(SSL_CONNECTION
*s
)
3325 return ssl3_do_write(s
, SSL3_RT_HANDSHAKE
);
3328 int ssl3_new(SSL
*s
)
3330 #ifndef OPENSSL_NO_SRP
3331 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL(s
);
3336 if (!ssl_srp_ctx_init_intern(sc
))
3340 if (!s
->method
->ssl_clear(s
))
3346 void ssl3_free(SSL
*s
)
3348 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL(s
);
3353 ssl3_cleanup_key_block(sc
);
3355 EVP_PKEY_free(sc
->s3
.peer_tmp
);
3356 sc
->s3
.peer_tmp
= NULL
;
3357 EVP_PKEY_free(sc
->s3
.tmp
.pkey
);
3358 sc
->s3
.tmp
.pkey
= NULL
;
3360 ssl_evp_cipher_free(sc
->s3
.tmp
.new_sym_enc
);
3361 ssl_evp_md_free(sc
->s3
.tmp
.new_hash
);
3363 OPENSSL_free(sc
->s3
.tmp
.ctype
);
3364 sk_X509_NAME_pop_free(sc
->s3
.tmp
.peer_ca_names
, X509_NAME_free
);
3365 OPENSSL_free(sc
->s3
.tmp
.ciphers_raw
);
3366 OPENSSL_clear_free(sc
->s3
.tmp
.pms
, sc
->s3
.tmp
.pmslen
);
3367 OPENSSL_free(sc
->s3
.tmp
.peer_sigalgs
);
3368 OPENSSL_free(sc
->s3
.tmp
.peer_cert_sigalgs
);
3369 OPENSSL_free(sc
->s3
.tmp
.valid_flags
);
3370 ssl3_free_digest_list(sc
);
3371 OPENSSL_free(sc
->s3
.alpn_selected
);
3372 OPENSSL_free(sc
->s3
.alpn_proposed
);
3374 #ifndef OPENSSL_NO_SRP
3375 ssl_srp_ctx_free_intern(sc
);
3377 memset(&sc
->s3
, 0, sizeof(sc
->s3
));
3380 int ssl3_clear(SSL
*s
)
3382 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL(s
);
3387 ssl3_cleanup_key_block(sc
);
3388 OPENSSL_free(sc
->s3
.tmp
.ctype
);
3389 sk_X509_NAME_pop_free(sc
->s3
.tmp
.peer_ca_names
, X509_NAME_free
);
3390 OPENSSL_free(sc
->s3
.tmp
.ciphers_raw
);
3391 OPENSSL_clear_free(sc
->s3
.tmp
.pms
, sc
->s3
.tmp
.pmslen
);
3392 OPENSSL_free(sc
->s3
.tmp
.peer_sigalgs
);
3393 OPENSSL_free(sc
->s3
.tmp
.peer_cert_sigalgs
);
3394 OPENSSL_free(sc
->s3
.tmp
.valid_flags
);
3396 EVP_PKEY_free(sc
->s3
.tmp
.pkey
);
3397 EVP_PKEY_free(sc
->s3
.peer_tmp
);
3399 ssl3_free_digest_list(sc
);
3401 OPENSSL_free(sc
->s3
.alpn_selected
);
3402 OPENSSL_free(sc
->s3
.alpn_proposed
);
3404 /* NULL/zero-out everything in the s3 struct */
3405 memset(&sc
->s3
, 0, sizeof(sc
->s3
));
3407 if (!ssl_free_wbio_buffer(sc
))
3410 sc
->version
= SSL3_VERSION
;
3412 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3413 OPENSSL_free(sc
->ext
.npn
);
3415 sc
->ext
.npn_len
= 0;
3421 #ifndef OPENSSL_NO_SRP
3422 static char *srp_password_from_info_cb(SSL
*s
, void *arg
)
3424 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL(s
);
3429 return OPENSSL_strdup(sc
->srp_ctx
.info
);
3433 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
);
3435 long ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
3438 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL(s
);
3444 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
3446 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
3447 ret
= sc
->s3
.num_renegotiations
;
3449 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
3450 ret
= sc
->s3
.num_renegotiations
;
3451 sc
->s3
.num_renegotiations
= 0;
3453 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
3454 ret
= sc
->s3
.total_renegotiations
;
3456 case SSL_CTRL_GET_FLAGS
:
3457 ret
= (int)(sc
->s3
.flags
);
3459 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3460 case SSL_CTRL_SET_TMP_DH
:
3462 EVP_PKEY
*pkdh
= NULL
;
3464 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
3467 pkdh
= ssl_dh_to_pkey(parg
);
3469 ERR_raise(ERR_LIB_SSL
, ERR_R_DH_LIB
);
3472 if (!SSL_set0_tmp_dh_pkey(s
, pkdh
)) {
3473 EVP_PKEY_free(pkdh
);
3479 case SSL_CTRL_SET_TMP_DH_CB
:
3481 ERR_raise(ERR_LIB_SSL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3485 case SSL_CTRL_SET_DH_AUTO
:
3486 sc
->cert
->dh_tmp_auto
= larg
;
3488 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3489 case SSL_CTRL_SET_TMP_ECDH
:
3492 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
3495 return ssl_set_tmp_ecdh_groups(&sc
->ext
.supportedgroups
,
3496 &sc
->ext
.supportedgroups_len
,
3499 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3500 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
3502 * This API is only used for a client to set what SNI it will request
3503 * from the server, but we currently allow it to be used on servers
3504 * as well, which is a programming error. Currently we just clear
3505 * the field in SSL_do_handshake() for server SSLs, but when we can
3506 * make ABI-breaking changes, we may want to make use of this API
3507 * an error on server SSLs.
3509 if (larg
== TLSEXT_NAMETYPE_host_name
) {
3512 OPENSSL_free(sc
->ext
.hostname
);
3513 sc
->ext
.hostname
= NULL
;
3518 len
= strlen((char *)parg
);
3519 if (len
== 0 || len
> TLSEXT_MAXLEN_host_name
) {
3520 ERR_raise(ERR_LIB_SSL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
3523 if ((sc
->ext
.hostname
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3524 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
3528 ERR_raise(ERR_LIB_SSL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
3532 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
3533 sc
->ext
.debug_arg
= parg
;
3537 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3538 ret
= sc
->ext
.status_type
;
3541 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3542 sc
->ext
.status_type
= larg
;
3546 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
3547 *(STACK_OF(X509_EXTENSION
) **)parg
= sc
->ext
.ocsp
.exts
;
3551 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
3552 sc
->ext
.ocsp
.exts
= parg
;
3556 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
3557 *(STACK_OF(OCSP_RESPID
) **)parg
= sc
->ext
.ocsp
.ids
;
3561 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
3562 sc
->ext
.ocsp
.ids
= parg
;
3566 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3567 *(unsigned char **)parg
= sc
->ext
.ocsp
.resp
;
3568 if (sc
->ext
.ocsp
.resp_len
== 0
3569 || sc
->ext
.ocsp
.resp_len
> LONG_MAX
)
3571 return (long)sc
->ext
.ocsp
.resp_len
;
3573 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3574 OPENSSL_free(sc
->ext
.ocsp
.resp
);
3575 sc
->ext
.ocsp
.resp
= parg
;
3576 sc
->ext
.ocsp
.resp_len
= larg
;
3580 case SSL_CTRL_CHAIN
:
3582 return ssl_cert_set1_chain(sc
, NULL
, (STACK_OF(X509
) *)parg
);
3584 return ssl_cert_set0_chain(sc
, NULL
, (STACK_OF(X509
) *)parg
);
3586 case SSL_CTRL_CHAIN_CERT
:
3588 return ssl_cert_add1_chain_cert(sc
, NULL
, (X509
*)parg
);
3590 return ssl_cert_add0_chain_cert(sc
, NULL
, (X509
*)parg
);
3592 case SSL_CTRL_GET_CHAIN_CERTS
:
3593 *(STACK_OF(X509
) **)parg
= sc
->cert
->key
->chain
;
3597 case SSL_CTRL_SELECT_CURRENT_CERT
:
3598 return ssl_cert_select_current(sc
->cert
, (X509
*)parg
);
3600 case SSL_CTRL_SET_CURRENT_CERT
:
3601 if (larg
== SSL_CERT_SET_SERVER
) {
3602 const SSL_CIPHER
*cipher
;
3605 cipher
= sc
->s3
.tmp
.new_cipher
;
3609 * No certificate for unauthenticated ciphersuites or using SRP
3612 if (cipher
->algorithm_auth
& (SSL_aNULL
| SSL_aSRP
))
3614 if (sc
->s3
.tmp
.cert
== NULL
)
3616 sc
->cert
->key
= sc
->s3
.tmp
.cert
;
3619 return ssl_cert_set_current(sc
->cert
, larg
);
3621 case SSL_CTRL_GET_GROUPS
:
3628 clist
= sc
->ext
.peer_supportedgroups
;
3629 clistlen
= sc
->ext
.peer_supportedgroups_len
;
3634 for (i
= 0; i
< clistlen
; i
++) {
3635 const TLS_GROUP_INFO
*cinf
3636 = tls1_group_id_lookup(s
->ctx
, clist
[i
]);
3639 cptr
[i
] = tls1_group_id2nid(cinf
->group_id
, 1);
3641 cptr
[i
] = TLSEXT_nid_unknown
| clist
[i
];
3644 return (int)clistlen
;
3647 case SSL_CTRL_SET_GROUPS
:
3648 return tls1_set_groups(&sc
->ext
.supportedgroups
,
3649 &sc
->ext
.supportedgroups_len
, parg
, larg
);
3651 case SSL_CTRL_SET_GROUPS_LIST
:
3652 return tls1_set_groups_list(s
->ctx
, &sc
->ext
.supportedgroups
,
3653 &sc
->ext
.supportedgroups_len
, parg
);
3655 case SSL_CTRL_GET_SHARED_GROUP
:
3657 uint16_t id
= tls1_shared_group(sc
, larg
);
3660 return tls1_group_id2nid(id
, 1);
3663 case SSL_CTRL_GET_NEGOTIATED_GROUP
:
3667 if (SSL_CONNECTION_IS_TLS13(sc
) && sc
->s3
.did_kex
)
3668 id
= sc
->s3
.group_id
;
3670 id
= sc
->session
->kex_group
;
3671 ret
= tls1_group_id2nid(id
, 1);
3674 case SSL_CTRL_SET_SIGALGS
:
3675 return tls1_set_sigalgs(sc
->cert
, parg
, larg
, 0);
3677 case SSL_CTRL_SET_SIGALGS_LIST
:
3678 return tls1_set_sigalgs_list(sc
->cert
, parg
, 0);
3680 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3681 return tls1_set_sigalgs(sc
->cert
, parg
, larg
, 1);
3683 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3684 return tls1_set_sigalgs_list(sc
->cert
, parg
, 1);
3686 case SSL_CTRL_GET_CLIENT_CERT_TYPES
:
3688 const unsigned char **pctype
= parg
;
3689 if (sc
->server
|| !sc
->s3
.tmp
.cert_req
)
3692 *pctype
= sc
->s3
.tmp
.ctype
;
3693 return sc
->s3
.tmp
.ctype_len
;
3696 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3699 return ssl3_set_req_cert_type(sc
->cert
, parg
, larg
);
3701 case SSL_CTRL_BUILD_CERT_CHAIN
:
3702 return ssl_build_cert_chain(sc
, NULL
, larg
);
3704 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3705 return ssl_cert_set_cert_store(sc
->cert
, parg
, 0, larg
);
3707 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3708 return ssl_cert_set_cert_store(sc
->cert
, parg
, 1, larg
);
3710 case SSL_CTRL_GET_VERIFY_CERT_STORE
:
3711 return ssl_cert_get_cert_store(sc
->cert
, parg
, 0);
3713 case SSL_CTRL_GET_CHAIN_CERT_STORE
:
3714 return ssl_cert_get_cert_store(sc
->cert
, parg
, 1);
3716 case SSL_CTRL_GET_PEER_SIGNATURE_NID
:
3717 if (sc
->s3
.tmp
.peer_sigalg
== NULL
)
3719 *(int *)parg
= sc
->s3
.tmp
.peer_sigalg
->hash
;
3722 case SSL_CTRL_GET_SIGNATURE_NID
:
3723 if (sc
->s3
.tmp
.sigalg
== NULL
)
3725 *(int *)parg
= sc
->s3
.tmp
.sigalg
->hash
;
3728 case SSL_CTRL_GET_PEER_TMP_KEY
:
3729 if (sc
->session
== NULL
|| sc
->s3
.peer_tmp
== NULL
) {
3732 EVP_PKEY_up_ref(sc
->s3
.peer_tmp
);
3733 *(EVP_PKEY
**)parg
= sc
->s3
.peer_tmp
;
3737 case SSL_CTRL_GET_TMP_KEY
:
3738 if (sc
->session
== NULL
|| sc
->s3
.tmp
.pkey
== NULL
) {
3741 EVP_PKEY_up_ref(sc
->s3
.tmp
.pkey
);
3742 *(EVP_PKEY
**)parg
= sc
->s3
.tmp
.pkey
;
3746 case SSL_CTRL_GET_EC_POINT_FORMATS
:
3748 const unsigned char **pformat
= parg
;
3750 if (sc
->ext
.peer_ecpointformats
== NULL
)
3752 *pformat
= sc
->ext
.peer_ecpointformats
;
3753 return (int)sc
->ext
.peer_ecpointformats_len
;
3756 case SSL_CTRL_GET_IANA_GROUPS
:
3759 *(uint16_t **)parg
= (uint16_t *)sc
->ext
.peer_supportedgroups
;
3761 return (int)sc
->ext
.peer_supportedgroups_len
;
3770 long ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3773 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL(s
);
3779 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3780 case SSL_CTRL_SET_TMP_DH_CB
:
3781 sc
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3785 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
3786 sc
->ext
.debug_cb
= (void (*)(SSL
*, int, int,
3787 const unsigned char *, int, void *))fp
;
3791 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3792 sc
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3801 long ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3804 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3805 case SSL_CTRL_SET_TMP_DH
:
3807 EVP_PKEY
*pkdh
= NULL
;
3809 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
3812 pkdh
= ssl_dh_to_pkey(parg
);
3814 ERR_raise(ERR_LIB_SSL
, ERR_R_DH_LIB
);
3817 if (!SSL_CTX_set0_tmp_dh_pkey(ctx
, pkdh
)) {
3818 EVP_PKEY_free(pkdh
);
3823 case SSL_CTRL_SET_TMP_DH_CB
:
3825 ERR_raise(ERR_LIB_SSL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3829 case SSL_CTRL_SET_DH_AUTO
:
3830 ctx
->cert
->dh_tmp_auto
= larg
;
3832 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3833 case SSL_CTRL_SET_TMP_ECDH
:
3836 ERR_raise(ERR_LIB_SSL
, ERR_R_PASSED_NULL_PARAMETER
);
3839 return ssl_set_tmp_ecdh_groups(&ctx
->ext
.supportedgroups
,
3840 &ctx
->ext
.supportedgroups_len
,
3843 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3844 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
3845 ctx
->ext
.servername_arg
= parg
;
3847 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
3848 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
3850 unsigned char *keys
= parg
;
3851 long tick_keylen
= (sizeof(ctx
->ext
.tick_key_name
) +
3852 sizeof(ctx
->ext
.secure
->tick_hmac_key
) +
3853 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3856 if (larg
!= tick_keylen
) {
3857 ERR_raise(ERR_LIB_SSL
, SSL_R_INVALID_TICKET_KEYS_LENGTH
);
3860 if (cmd
== SSL_CTRL_SET_TLSEXT_TICKET_KEYS
) {
3861 memcpy(ctx
->ext
.tick_key_name
, keys
,
3862 sizeof(ctx
->ext
.tick_key_name
));
3863 memcpy(ctx
->ext
.secure
->tick_hmac_key
,
3864 keys
+ sizeof(ctx
->ext
.tick_key_name
),
3865 sizeof(ctx
->ext
.secure
->tick_hmac_key
));
3866 memcpy(ctx
->ext
.secure
->tick_aes_key
,
3867 keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3868 sizeof(ctx
->ext
.secure
->tick_hmac_key
),
3869 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3871 memcpy(keys
, ctx
->ext
.tick_key_name
,
3872 sizeof(ctx
->ext
.tick_key_name
));
3873 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
),
3874 ctx
->ext
.secure
->tick_hmac_key
,
3875 sizeof(ctx
->ext
.secure
->tick_hmac_key
));
3876 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3877 sizeof(ctx
->ext
.secure
->tick_hmac_key
),
3878 ctx
->ext
.secure
->tick_aes_key
,
3879 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3884 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3885 return ctx
->ext
.status_type
;
3887 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3888 ctx
->ext
.status_type
= larg
;
3891 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
3892 ctx
->ext
.status_arg
= parg
;
3895 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
3896 *(void**)parg
= ctx
->ext
.status_arg
;
3899 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
3900 *(int (**)(SSL
*, void*))parg
= ctx
->ext
.status_cb
;
3903 #ifndef OPENSSL_NO_SRP
3904 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME
:
3905 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3906 OPENSSL_free(ctx
->srp_ctx
.login
);
3907 ctx
->srp_ctx
.login
= NULL
;
3910 if (strlen((const char *)parg
) > 255 || strlen((const char *)parg
) < 1) {
3911 ERR_raise(ERR_LIB_SSL
, SSL_R_INVALID_SRP_USERNAME
);
3914 if ((ctx
->srp_ctx
.login
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3915 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
3919 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD
:
3920 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3921 srp_password_from_info_cb
;
3922 if (ctx
->srp_ctx
.info
!= NULL
)
3923 OPENSSL_free(ctx
->srp_ctx
.info
);
3924 if ((ctx
->srp_ctx
.info
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3925 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
3929 case SSL_CTRL_SET_SRP_ARG
:
3930 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3931 ctx
->srp_ctx
.SRP_cb_arg
= parg
;
3934 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH
:
3935 ctx
->srp_ctx
.strength
= larg
;
3939 case SSL_CTRL_SET_GROUPS
:
3940 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3941 &ctx
->ext
.supportedgroups_len
,
3944 case SSL_CTRL_SET_GROUPS_LIST
:
3945 return tls1_set_groups_list(ctx
, &ctx
->ext
.supportedgroups
,
3946 &ctx
->ext
.supportedgroups_len
,
3949 case SSL_CTRL_SET_SIGALGS
:
3950 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 0);
3952 case SSL_CTRL_SET_SIGALGS_LIST
:
3953 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 0);
3955 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3956 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 1);
3958 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3959 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 1);
3961 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3962 return ssl3_set_req_cert_type(ctx
->cert
, parg
, larg
);
3964 case SSL_CTRL_BUILD_CERT_CHAIN
:
3965 return ssl_build_cert_chain(NULL
, ctx
, larg
);
3967 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3968 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 0, larg
);
3970 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3971 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 1, larg
);
3973 case SSL_CTRL_GET_VERIFY_CERT_STORE
:
3974 return ssl_cert_get_cert_store(ctx
->cert
, parg
, 0);
3976 case SSL_CTRL_GET_CHAIN_CERT_STORE
:
3977 return ssl_cert_get_cert_store(ctx
->cert
, parg
, 1);
3979 /* A Thawte special :-) */
3980 case SSL_CTRL_EXTRA_CHAIN_CERT
:
3981 if (ctx
->extra_certs
== NULL
) {
3982 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
) {
3983 ERR_raise(ERR_LIB_SSL
, ERR_R_CRYPTO_LIB
);
3987 if (!sk_X509_push(ctx
->extra_certs
, (X509
*)parg
)) {
3988 ERR_raise(ERR_LIB_SSL
, ERR_R_CRYPTO_LIB
);
3993 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
3994 if (ctx
->extra_certs
== NULL
&& larg
== 0)
3995 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
3997 *(STACK_OF(X509
) **)parg
= ctx
->extra_certs
;
4000 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
4001 OSSL_STACK_OF_X509_free(ctx
->extra_certs
);
4002 ctx
->extra_certs
= NULL
;
4005 case SSL_CTRL_CHAIN
:
4007 return ssl_cert_set1_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
4009 return ssl_cert_set0_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
4011 case SSL_CTRL_CHAIN_CERT
:
4013 return ssl_cert_add1_chain_cert(NULL
, ctx
, (X509
*)parg
);
4015 return ssl_cert_add0_chain_cert(NULL
, ctx
, (X509
*)parg
);
4017 case SSL_CTRL_GET_CHAIN_CERTS
:
4018 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
4021 case SSL_CTRL_SELECT_CURRENT_CERT
:
4022 return ssl_cert_select_current(ctx
->cert
, (X509
*)parg
);
4024 case SSL_CTRL_SET_CURRENT_CERT
:
4025 return ssl_cert_set_current(ctx
->cert
, larg
);
4033 long ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
4036 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4037 case SSL_CTRL_SET_TMP_DH_CB
:
4039 ctx
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
4043 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
4044 ctx
->ext
.servername_cb
= (int (*)(SSL
*, int *, void *))fp
;
4047 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
4048 ctx
->ext
.status_cb
= (int (*)(SSL
*, void *))fp
;
4051 # ifndef OPENSSL_NO_DEPRECATED_3_0
4052 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
4053 ctx
->ext
.ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
4056 HMAC_CTX
*, int))fp
;
4060 #ifndef OPENSSL_NO_SRP
4061 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB
:
4062 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4063 ctx
->srp_ctx
.SRP_verify_param_callback
= (int (*)(SSL
*, void *))fp
;
4065 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
:
4066 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4067 ctx
->srp_ctx
.TLS_ext_srp_username_callback
=
4068 (int (*)(SSL
*, int *, void *))fp
;
4070 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB
:
4071 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4072 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
4073 (char *(*)(SSL
*, void *))fp
;
4076 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
4078 ctx
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
4087 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4088 (SSL_CTX
*ctx
, int (*fp
)(SSL
*, unsigned char *, unsigned char *,
4089 EVP_CIPHER_CTX
*, EVP_MAC_CTX
*, int))
4091 ctx
->ext
.ticket_key_evp_cb
= fp
;
4095 const SSL_CIPHER
*ssl3_get_cipher_by_id(uint32_t id
)
4098 const SSL_CIPHER
*cp
;
4101 cp
= OBJ_bsearch_ssl_cipher_id(&c
, tls13_ciphers
, TLS13_NUM_CIPHERS
);
4104 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
4107 return OBJ_bsearch_ssl_cipher_id(&c
, ssl3_scsvs
, SSL3_NUM_SCSVS
);
4110 const SSL_CIPHER
*ssl3_get_cipher_by_std_name(const char *stdname
)
4113 SSL_CIPHER
*alltabs
[] = {tls13_ciphers
, ssl3_ciphers
, ssl3_scsvs
};
4114 size_t i
, j
, tblsize
[] = {TLS13_NUM_CIPHERS
, SSL3_NUM_CIPHERS
,
4117 /* this is not efficient, necessary to optimize this? */
4118 for (j
= 0; j
< OSSL_NELEM(alltabs
); j
++) {
4119 for (i
= 0, tbl
= alltabs
[j
]; i
< tblsize
[j
]; i
++, tbl
++) {
4120 if (tbl
->stdname
== NULL
)
4122 if (strcmp(stdname
, tbl
->stdname
) == 0) {
4131 * This function needs to check if the ciphers required are actually
4134 const SSL_CIPHER
*ssl3_get_cipher_by_char(const unsigned char *p
)
4136 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4137 | ((uint32_t)p
[0] << 8L)
4141 int ssl3_put_cipher_by_char(const SSL_CIPHER
*c
, WPACKET
*pkt
, size_t *len
)
4143 if ((c
->id
& 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG
) {
4148 if (!WPACKET_put_bytes_u16(pkt
, c
->id
& 0xffff))
4156 * ssl3_choose_cipher - choose a cipher from those offered by the client
4157 * @s: SSL connection
4158 * @clnt: ciphers offered by the client
4159 * @srvr: ciphers enabled on the server?
4161 * Returns the selected cipher or NULL when no common ciphers.
4163 const SSL_CIPHER
*ssl3_choose_cipher(SSL_CONNECTION
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
4164 STACK_OF(SSL_CIPHER
) *srvr
)
4166 const SSL_CIPHER
*c
, *ret
= NULL
;
4167 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
4168 int i
, ii
, ok
, prefer_sha256
= 0;
4169 unsigned long alg_k
= 0, alg_a
= 0, mask_k
= 0, mask_a
= 0;
4170 STACK_OF(SSL_CIPHER
) *prio_chacha
= NULL
;
4172 /* Let's see which ciphers we can support */
4175 * Do not set the compare functions, because this may lead to a
4176 * reordering by "id". We want to keep the original ordering. We may pay
4177 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4178 * pay with the price of sk_SSL_CIPHER_dup().
4181 OSSL_TRACE_BEGIN(TLS_CIPHER
) {
4182 BIO_printf(trc_out
, "Server has %d from %p:\n",
4183 sk_SSL_CIPHER_num(srvr
), (void *)srvr
);
4184 for (i
= 0; i
< sk_SSL_CIPHER_num(srvr
); ++i
) {
4185 c
= sk_SSL_CIPHER_value(srvr
, i
);
4186 BIO_printf(trc_out
, "%p:%s\n", (void *)c
, c
->name
);
4188 BIO_printf(trc_out
, "Client sent %d from %p:\n",
4189 sk_SSL_CIPHER_num(clnt
), (void *)clnt
);
4190 for (i
= 0; i
< sk_SSL_CIPHER_num(clnt
); ++i
) {
4191 c
= sk_SSL_CIPHER_value(clnt
, i
);
4192 BIO_printf(trc_out
, "%p:%s\n", (void *)c
, c
->name
);
4194 } OSSL_TRACE_END(TLS_CIPHER
);
4196 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4197 if (tls1_suiteb(s
)) {
4200 } else if (s
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
) {
4204 /* If ChaCha20 is at the top of the client preference list,
4205 and there are ChaCha20 ciphers in the server list, then
4206 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4207 if (s
->options
& SSL_OP_PRIORITIZE_CHACHA
&& sk_SSL_CIPHER_num(clnt
) > 0) {
4208 c
= sk_SSL_CIPHER_value(clnt
, 0);
4209 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
) {
4210 /* ChaCha20 is client preferred, check server... */
4211 int num
= sk_SSL_CIPHER_num(srvr
);
4213 for (i
= 0; i
< num
; i
++) {
4214 c
= sk_SSL_CIPHER_value(srvr
, i
);
4215 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
) {
4221 prio_chacha
= sk_SSL_CIPHER_new_reserve(NULL
, num
);
4222 /* if reserve fails, then there's likely a memory issue */
4223 if (prio_chacha
!= NULL
) {
4224 /* Put all ChaCha20 at the top, starting with the one we just found */
4225 sk_SSL_CIPHER_push(prio_chacha
, c
);
4226 for (i
++; i
< num
; i
++) {
4227 c
= sk_SSL_CIPHER_value(srvr
, i
);
4228 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
)
4229 sk_SSL_CIPHER_push(prio_chacha
, c
);
4231 /* Pull in the rest */
4232 for (i
= 0; i
< num
; i
++) {
4233 c
= sk_SSL_CIPHER_value(srvr
, i
);
4234 if (c
->algorithm_enc
!= SSL_CHACHA20POLY1305
)
4235 sk_SSL_CIPHER_push(prio_chacha
, c
);
4247 if (SSL_CONNECTION_IS_TLS13(s
)) {
4248 #ifndef OPENSSL_NO_PSK
4252 * If we allow "old" style PSK callbacks, and we have no certificate (so
4253 * we're not going to succeed without a PSK anyway), and we're in
4254 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4255 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4258 if (s
->psk_server_callback
!= NULL
) {
4259 for (j
= 0; j
< s
->ssl_pkey_num
&& !ssl_has_cert(s
, j
); j
++);
4260 if (j
== s
->ssl_pkey_num
) {
4261 /* There are no certificates */
4267 tls1_set_cert_validity(s
);
4271 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
4272 c
= sk_SSL_CIPHER_value(prio
, i
);
4274 /* Skip ciphers not supported by the protocol version */
4275 if (!SSL_CONNECTION_IS_DTLS(s
) &&
4276 ((s
->version
< c
->min_tls
) || (s
->version
> c
->max_tls
)))
4278 if (SSL_CONNECTION_IS_DTLS(s
) &&
4279 (DTLS_VERSION_LT(s
->version
, c
->min_dtls
) ||
4280 DTLS_VERSION_GT(s
->version
, c
->max_dtls
)))
4284 * Since TLS 1.3 ciphersuites can be used with any auth or
4285 * key exchange scheme skip tests.
4287 if (!SSL_CONNECTION_IS_TLS13(s
)) {
4288 mask_k
= s
->s3
.tmp
.mask_k
;
4289 mask_a
= s
->s3
.tmp
.mask_a
;
4290 #ifndef OPENSSL_NO_SRP
4291 if (s
->srp_ctx
.srp_Mask
& SSL_kSRP
) {
4297 alg_k
= c
->algorithm_mkey
;
4298 alg_a
= c
->algorithm_auth
;
4300 #ifndef OPENSSL_NO_PSK
4301 /* with PSK there must be server callback set */
4302 if ((alg_k
& SSL_PSK
) && s
->psk_server_callback
== NULL
)
4304 #endif /* OPENSSL_NO_PSK */
4306 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
4307 OSSL_TRACE7(TLS_CIPHER
,
4308 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4309 ok
, alg_k
, alg_a
, mask_k
, mask_a
, (void *)c
, c
->name
);
4312 * if we are considering an ECC cipher suite that uses an ephemeral
4315 if (alg_k
& SSL_kECDHE
)
4316 ok
= ok
&& tls1_check_ec_tmp_key(s
, c
->id
);
4321 ii
= sk_SSL_CIPHER_find(allow
, c
);
4323 /* Check security callback permits this cipher */
4324 if (!ssl_security(s
, SSL_SECOP_CIPHER_SHARED
,
4325 c
->strength_bits
, 0, (void *)c
))
4328 if ((alg_k
& SSL_kECDHE
) && (alg_a
& SSL_aECDSA
)
4329 && s
->s3
.is_probably_safari
) {
4331 ret
= sk_SSL_CIPHER_value(allow
, ii
);
4335 if (prefer_sha256
) {
4336 const SSL_CIPHER
*tmp
= sk_SSL_CIPHER_value(allow
, ii
);
4337 const EVP_MD
*md
= ssl_md(SSL_CONNECTION_GET_CTX(s
),
4341 && EVP_MD_is_a(md
, OSSL_DIGEST_NAME_SHA2_256
)) {
4349 ret
= sk_SSL_CIPHER_value(allow
, ii
);
4354 sk_SSL_CIPHER_free(prio_chacha
);
4359 int ssl3_get_req_cert_type(SSL_CONNECTION
*s
, WPACKET
*pkt
)
4361 uint32_t alg_k
, alg_a
= 0;
4363 /* If we have custom certificate types set, use them */
4365 return WPACKET_memcpy(pkt
, s
->cert
->ctype
, s
->cert
->ctype_len
);
4366 /* Get mask of algorithms disabled by signature list */
4367 ssl_set_sig_mask(&alg_a
, s
, SSL_SECOP_SIGALG_MASK
);
4369 alg_k
= s
->s3
.tmp
.new_cipher
->algorithm_mkey
;
4371 #ifndef OPENSSL_NO_GOST
4372 if (s
->version
>= TLS1_VERSION
&& (alg_k
& SSL_kGOST
))
4373 if (!WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST01_SIGN
)
4374 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_SIGN
)
4375 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_512_SIGN
)
4376 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_LEGACY_SIGN
)
4377 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_LEGACY_512_SIGN
))
4380 if (s
->version
>= TLS1_2_VERSION
&& (alg_k
& SSL_kGOST18
))
4381 if (!WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_SIGN
)
4382 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_512_SIGN
))
4386 if ((s
->version
== SSL3_VERSION
) && (alg_k
& SSL_kDHE
)) {
4387 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_EPHEMERAL_DH
))
4389 if (!(alg_a
& SSL_aDSS
)
4390 && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_EPHEMERAL_DH
))
4393 if (!(alg_a
& SSL_aRSA
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_SIGN
))
4395 if (!(alg_a
& SSL_aDSS
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_SIGN
))
4399 * ECDSA certs can be used with RSA cipher suites too so we don't
4400 * need to check for SSL_kECDH or SSL_kECDHE
4402 if (s
->version
>= TLS1_VERSION
4403 && !(alg_a
& SSL_aECDSA
)
4404 && !WPACKET_put_bytes_u8(pkt
, TLS_CT_ECDSA_SIGN
))
4410 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
)
4412 OPENSSL_free(c
->ctype
);
4415 if (p
== NULL
|| len
== 0)
4419 c
->ctype
= OPENSSL_memdup(p
, len
);
4420 if (c
->ctype
== NULL
)
4426 int ssl3_shutdown(SSL
*s
)
4429 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL_ONLY(s
);
4435 * Don't do anything much if we have not done the handshake or we don't
4436 * want to send messages :-)
4438 if (sc
->quiet_shutdown
|| SSL_in_before(s
)) {
4439 sc
->shutdown
= (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
4443 if (!(sc
->shutdown
& SSL_SENT_SHUTDOWN
)) {
4444 sc
->shutdown
|= SSL_SENT_SHUTDOWN
;
4445 ssl3_send_alert(sc
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
4447 * our shutdown alert has been sent now, and if it still needs to be
4448 * written, s->s3.alert_dispatch will be > 0
4450 if (sc
->s3
.alert_dispatch
> 0)
4451 return -1; /* return WANT_WRITE */
4452 } else if (sc
->s3
.alert_dispatch
> 0) {
4453 /* resend it if not sent */
4454 ret
= s
->method
->ssl_dispatch_alert(s
);
4457 * we only get to return -1 here the 2nd/Nth invocation, we must
4458 * have already signalled return 0 upon a previous invocation,
4463 } else if (!(sc
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
4466 * If we are waiting for a close from our peer, we are closed
4468 s
->method
->ssl_read_bytes(s
, 0, NULL
, NULL
, 0, 0, &readbytes
);
4469 if (!(sc
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
4470 return -1; /* return WANT_READ */
4474 if ((sc
->shutdown
== (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
))
4475 && sc
->s3
.alert_dispatch
== SSL_ALERT_DISPATCH_NONE
)
4481 int ssl3_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
4483 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL_ONLY(s
);
4489 if (sc
->s3
.renegotiate
)
4490 ssl3_renegotiate_check(s
, 0);
4492 return s
->method
->ssl_write_bytes(s
, SSL3_RT_APPLICATION_DATA
, buf
, len
,
4496 static int ssl3_read_internal(SSL
*s
, void *buf
, size_t len
, int peek
,
4500 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL_ONLY(s
);
4506 if (sc
->s3
.renegotiate
)
4507 ssl3_renegotiate_check(s
, 0);
4508 sc
->s3
.in_read_app_data
= 1;
4510 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
, len
,
4512 if ((ret
== -1) && (sc
->s3
.in_read_app_data
== 2)) {
4514 * ssl3_read_bytes decided to call s->handshake_func, which called
4515 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4516 * actually found application data and thinks that application data
4517 * makes sense here; so disable handshake processing and try to read
4518 * application data again.
4520 ossl_statem_set_in_handshake(sc
, 1);
4522 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
,
4523 len
, peek
, readbytes
);
4524 ossl_statem_set_in_handshake(sc
, 0);
4526 sc
->s3
.in_read_app_data
= 0;
4531 int ssl3_read(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
4533 return ssl3_read_internal(s
, buf
, len
, 0, readbytes
);
4536 int ssl3_peek(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
4538 return ssl3_read_internal(s
, buf
, len
, 1, readbytes
);
4541 int ssl3_renegotiate(SSL
*s
)
4543 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL_ONLY(s
);
4548 if (sc
->handshake_func
== NULL
)
4551 sc
->s3
.renegotiate
= 1;
4556 * Check if we are waiting to do a renegotiation and if so whether now is a
4557 * good time to do it. If |initok| is true then we are being called from inside
4558 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4559 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4560 * should do a renegotiation now and sets up the state machine for it. Otherwise
4563 int ssl3_renegotiate_check(SSL
*s
, int initok
)
4566 SSL_CONNECTION
*sc
= SSL_CONNECTION_FROM_SSL_ONLY(s
);
4571 if (sc
->s3
.renegotiate
) {
4572 if (!RECORD_LAYER_read_pending(&sc
->rlayer
)
4573 && !RECORD_LAYER_write_pending(&sc
->rlayer
)
4574 && (initok
|| !SSL_in_init(s
))) {
4576 * if we are the server, and we have sent a 'RENEGOTIATE'
4577 * message, we need to set the state machine into the renegotiate
4580 ossl_statem_set_renegotiate(sc
);
4581 sc
->s3
.renegotiate
= 0;
4582 sc
->s3
.num_renegotiations
++;
4583 sc
->s3
.total_renegotiations
++;
4591 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4592 * handshake macs if required.
4594 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4596 long ssl_get_algorithm2(SSL_CONNECTION
*s
)
4599 SSL
*ssl
= SSL_CONNECTION_GET_SSL(s
);
4601 if (s
->s3
.tmp
.new_cipher
== NULL
)
4603 alg2
= s
->s3
.tmp
.new_cipher
->algorithm2
;
4604 if (ssl
->method
->ssl3_enc
->enc_flags
& SSL_ENC_FLAG_SHA256_PRF
) {
4605 if (alg2
== (SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
))
4606 return SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
;
4607 } else if (s
->s3
.tmp
.new_cipher
->algorithm_mkey
& SSL_PSK
) {
4608 if (alg2
== (SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
))
4609 return SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
;
4615 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4616 * failure, 1 on success.
4618 int ssl_fill_hello_random(SSL_CONNECTION
*s
, int server
,
4619 unsigned char *result
, size_t len
,
4622 int send_time
= 0, ret
;
4627 send_time
= (s
->mode
& SSL_MODE_SEND_SERVERHELLO_TIME
) != 0;
4629 send_time
= (s
->mode
& SSL_MODE_SEND_CLIENTHELLO_TIME
) != 0;
4631 unsigned long Time
= (unsigned long)time(NULL
);
4632 unsigned char *p
= result
;
4635 ret
= RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s
)->libctx
, p
, len
- 4, 0);
4637 ret
= RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s
)->libctx
, result
, len
, 0);
4641 if (!ossl_assert(sizeof(tls11downgrade
) < len
)
4642 || !ossl_assert(sizeof(tls12downgrade
) < len
))
4644 if (dgrd
== DOWNGRADE_TO_1_2
)
4645 memcpy(result
+ len
- sizeof(tls12downgrade
), tls12downgrade
,
4646 sizeof(tls12downgrade
));
4647 else if (dgrd
== DOWNGRADE_TO_1_1
)
4648 memcpy(result
+ len
- sizeof(tls11downgrade
), tls11downgrade
,
4649 sizeof(tls11downgrade
));
4655 int ssl_generate_master_secret(SSL_CONNECTION
*s
, unsigned char *pms
,
4656 size_t pmslen
, int free_pms
)
4658 unsigned long alg_k
= s
->s3
.tmp
.new_cipher
->algorithm_mkey
;
4660 SSL
*ssl
= SSL_CONNECTION_GET_SSL(s
);
4662 if (alg_k
& SSL_PSK
) {
4663 #ifndef OPENSSL_NO_PSK
4664 unsigned char *pskpms
, *t
;
4665 size_t psklen
= s
->s3
.tmp
.psklen
;
4668 /* create PSK premaster_secret */
4670 /* For plain PSK "other_secret" is psklen zeroes */
4671 if (alg_k
& SSL_kPSK
)
4674 pskpmslen
= 4 + pmslen
+ psklen
;
4675 pskpms
= OPENSSL_malloc(pskpmslen
);
4680 if (alg_k
& SSL_kPSK
)
4681 memset(t
, 0, pmslen
);
4683 memcpy(t
, pms
, pmslen
);
4686 memcpy(t
, s
->s3
.tmp
.psk
, psklen
);
4688 OPENSSL_clear_free(s
->s3
.tmp
.psk
, psklen
);
4689 s
->s3
.tmp
.psk
= NULL
;
4690 s
->s3
.tmp
.psklen
= 0;
4691 if (!ssl
->method
->ssl3_enc
->generate_master_secret(s
,
4692 s
->session
->master_key
, pskpms
, pskpmslen
,
4693 &s
->session
->master_key_length
)) {
4694 OPENSSL_clear_free(pskpms
, pskpmslen
);
4695 /* SSLfatal() already called */
4698 OPENSSL_clear_free(pskpms
, pskpmslen
);
4700 /* Should never happen */
4704 if (!ssl
->method
->ssl3_enc
->generate_master_secret(s
,
4705 s
->session
->master_key
, pms
, pmslen
,
4706 &s
->session
->master_key_length
)) {
4707 /* SSLfatal() already called */
4716 OPENSSL_clear_free(pms
, pmslen
);
4718 OPENSSL_cleanse(pms
, pmslen
);
4720 if (s
->server
== 0) {
4721 s
->s3
.tmp
.pms
= NULL
;
4722 s
->s3
.tmp
.pmslen
= 0;
4727 /* Generate a private key from parameters */
4728 EVP_PKEY
*ssl_generate_pkey(SSL_CONNECTION
*s
, EVP_PKEY
*pm
)
4730 EVP_PKEY_CTX
*pctx
= NULL
;
4731 EVP_PKEY
*pkey
= NULL
;
4732 SSL_CTX
*sctx
= SSL_CONNECTION_GET_CTX(s
);
4736 pctx
= EVP_PKEY_CTX_new_from_pkey(sctx
->libctx
, pm
, sctx
->propq
);
4739 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4741 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4742 EVP_PKEY_free(pkey
);
4747 EVP_PKEY_CTX_free(pctx
);
4751 /* Generate a private key from a group ID */
4752 EVP_PKEY
*ssl_generate_pkey_group(SSL_CONNECTION
*s
, uint16_t id
)
4754 SSL_CTX
*sctx
= SSL_CONNECTION_GET_CTX(s
);
4755 const TLS_GROUP_INFO
*ginf
= tls1_group_id_lookup(sctx
, id
);
4756 EVP_PKEY_CTX
*pctx
= NULL
;
4757 EVP_PKEY
*pkey
= NULL
;
4760 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4764 pctx
= EVP_PKEY_CTX_new_from_name(sctx
->libctx
, ginf
->algorithm
,
4768 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_EVP_LIB
);
4771 if (EVP_PKEY_keygen_init(pctx
) <= 0) {
4772 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_EVP_LIB
);
4775 if (EVP_PKEY_CTX_set_group_name(pctx
, ginf
->realname
) <= 0) {
4776 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_EVP_LIB
);
4779 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4780 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_EVP_LIB
);
4781 EVP_PKEY_free(pkey
);
4786 EVP_PKEY_CTX_free(pctx
);
4791 * Generate parameters from a group ID
4793 EVP_PKEY
*ssl_generate_param_group(SSL_CONNECTION
*s
, uint16_t id
)
4795 SSL_CTX
*sctx
= SSL_CONNECTION_GET_CTX(s
);
4796 EVP_PKEY_CTX
*pctx
= NULL
;
4797 EVP_PKEY
*pkey
= NULL
;
4798 const TLS_GROUP_INFO
*ginf
= tls1_group_id_lookup(sctx
, id
);
4803 pctx
= EVP_PKEY_CTX_new_from_name(sctx
->libctx
, ginf
->algorithm
,
4808 if (EVP_PKEY_paramgen_init(pctx
) <= 0)
4810 if (EVP_PKEY_CTX_set_group_name(pctx
, ginf
->realname
) <= 0) {
4811 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_EVP_LIB
);
4814 if (EVP_PKEY_paramgen(pctx
, &pkey
) <= 0) {
4815 EVP_PKEY_free(pkey
);
4820 EVP_PKEY_CTX_free(pctx
);
4824 /* Generate secrets from pms */
4825 int ssl_gensecret(SSL_CONNECTION
*s
, unsigned char *pms
, size_t pmslen
)
4829 /* SSLfatal() called as appropriate in the below functions */
4830 if (SSL_CONNECTION_IS_TLS13(s
)) {
4832 * If we are resuming then we already generated the early secret
4833 * when we created the ClientHello, so don't recreate it.
4836 rv
= tls13_generate_secret(s
, ssl_handshake_md(s
), NULL
, NULL
,
4838 (unsigned char *)&s
->early_secret
);
4842 rv
= rv
&& tls13_generate_handshake_secret(s
, pms
, pmslen
);
4844 rv
= ssl_generate_master_secret(s
, pms
, pmslen
, 0);
4850 /* Derive secrets for ECDH/DH */
4851 int ssl_derive(SSL_CONNECTION
*s
, EVP_PKEY
*privkey
, EVP_PKEY
*pubkey
, int gensecret
)
4854 unsigned char *pms
= NULL
;
4857 SSL_CTX
*sctx
= SSL_CONNECTION_GET_CTX(s
);
4859 if (privkey
== NULL
|| pubkey
== NULL
) {
4860 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4864 pctx
= EVP_PKEY_CTX_new_from_pkey(sctx
->libctx
, privkey
, sctx
->propq
);
4866 if (EVP_PKEY_derive_init(pctx
) <= 0
4867 || EVP_PKEY_derive_set_peer(pctx
, pubkey
) <= 0
4868 || EVP_PKEY_derive(pctx
, NULL
, &pmslen
) <= 0) {
4869 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4873 if (SSL_CONNECTION_IS_TLS13(s
) && EVP_PKEY_is_a(privkey
, "DH"))
4874 EVP_PKEY_CTX_set_dh_pad(pctx
, 1);
4876 pms
= OPENSSL_malloc(pmslen
);
4878 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_CRYPTO_LIB
);
4882 if (EVP_PKEY_derive(pctx
, pms
, &pmslen
) <= 0) {
4883 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4888 /* SSLfatal() called as appropriate in the below functions */
4889 rv
= ssl_gensecret(s
, pms
, pmslen
);
4891 /* Save premaster secret */
4892 s
->s3
.tmp
.pms
= pms
;
4893 s
->s3
.tmp
.pmslen
= pmslen
;
4899 OPENSSL_clear_free(pms
, pmslen
);
4900 EVP_PKEY_CTX_free(pctx
);
4904 /* Decapsulate secrets for KEM */
4905 int ssl_decapsulate(SSL_CONNECTION
*s
, EVP_PKEY
*privkey
,
4906 const unsigned char *ct
, size_t ctlen
,
4910 unsigned char *pms
= NULL
;
4913 SSL_CTX
*sctx
= SSL_CONNECTION_GET_CTX(s
);
4915 if (privkey
== NULL
) {
4916 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4920 pctx
= EVP_PKEY_CTX_new_from_pkey(sctx
->libctx
, privkey
, sctx
->propq
);
4922 if (EVP_PKEY_decapsulate_init(pctx
, NULL
) <= 0
4923 || EVP_PKEY_decapsulate(pctx
, NULL
, &pmslen
, ct
, ctlen
) <= 0) {
4924 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4928 pms
= OPENSSL_malloc(pmslen
);
4930 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_CRYPTO_LIB
);
4934 if (EVP_PKEY_decapsulate(pctx
, pms
, &pmslen
, ct
, ctlen
) <= 0) {
4935 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4940 /* SSLfatal() called as appropriate in the below functions */
4941 rv
= ssl_gensecret(s
, pms
, pmslen
);
4943 /* Save premaster secret */
4944 s
->s3
.tmp
.pms
= pms
;
4945 s
->s3
.tmp
.pmslen
= pmslen
;
4951 OPENSSL_clear_free(pms
, pmslen
);
4952 EVP_PKEY_CTX_free(pctx
);
4956 int ssl_encapsulate(SSL_CONNECTION
*s
, EVP_PKEY
*pubkey
,
4957 unsigned char **ctp
, size_t *ctlenp
,
4961 unsigned char *pms
= NULL
, *ct
= NULL
;
4962 size_t pmslen
= 0, ctlen
= 0;
4964 SSL_CTX
*sctx
= SSL_CONNECTION_GET_CTX(s
);
4966 if (pubkey
== NULL
) {
4967 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4971 pctx
= EVP_PKEY_CTX_new_from_pkey(sctx
->libctx
, pubkey
, sctx
->propq
);
4973 if (EVP_PKEY_encapsulate_init(pctx
, NULL
) <= 0
4974 || EVP_PKEY_encapsulate(pctx
, NULL
, &ctlen
, NULL
, &pmslen
) <= 0
4975 || pmslen
== 0 || ctlen
== 0) {
4976 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4980 pms
= OPENSSL_malloc(pmslen
);
4981 ct
= OPENSSL_malloc(ctlen
);
4982 if (pms
== NULL
|| ct
== NULL
) {
4983 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_CRYPTO_LIB
);
4987 if (EVP_PKEY_encapsulate(pctx
, ct
, &ctlen
, pms
, &pmslen
) <= 0) {
4988 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
4993 /* SSLfatal() called as appropriate in the below functions */
4994 rv
= ssl_gensecret(s
, pms
, pmslen
);
4996 /* Save premaster secret */
4997 s
->s3
.tmp
.pms
= pms
;
4998 s
->s3
.tmp
.pmslen
= pmslen
;
5004 /* Pass ownership of ct to caller */
5011 OPENSSL_clear_free(pms
, pmslen
);
5013 EVP_PKEY_CTX_free(pctx
);
5017 const char *SSL_group_to_name(SSL
*s
, int nid
) {
5019 const TLS_GROUP_INFO
*cinf
= NULL
;
5021 /* first convert to real group id for internal and external IDs */
5022 if (nid
& TLSEXT_nid_unknown
)
5023 group_id
= nid
& 0xFFFF;
5025 group_id
= tls1_nid2group_id(nid
);
5028 cinf
= tls1_group_id_lookup(s
->ctx
, group_id
);
5031 return cinf
->tlsname
;