2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
58 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
60 /* TLSv1.3 downgrade protection sentinel values */
61 const unsigned char tls11downgrade
[] = {
62 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
64 const unsigned char tls12downgrade
[] = {
65 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
69 * The list of available ciphers, mostly organized into the following
74 * SRP (within that: RSA EC PSK)
75 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
78 static SSL_CIPHER ssl3_ciphers
[] = {
81 SSL3_TXT_RSA_NULL_MD5
,
87 SSL3_VERSION
, TLS1_2_VERSION
,
88 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
90 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
96 SSL3_TXT_RSA_NULL_SHA
,
102 SSL3_VERSION
, TLS1_2_VERSION
,
103 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
104 SSL_STRONG_NONE
| SSL_FIPS
,
105 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
109 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
112 SSL3_TXT_RSA_DES_192_CBC3_SHA
,
113 SSL3_CK_RSA_DES_192_CBC3_SHA
,
118 SSL3_VERSION
, TLS1_2_VERSION
,
119 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
120 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
121 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
127 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA
,
128 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
,
133 SSL3_VERSION
, TLS1_2_VERSION
,
134 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
135 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
136 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
142 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA
,
143 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
,
148 SSL3_VERSION
, TLS1_2_VERSION
,
149 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
150 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
151 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
157 SSL3_TXT_ADH_DES_192_CBC_SHA
,
158 SSL3_CK_ADH_DES_192_CBC_SHA
,
163 SSL3_VERSION
, TLS1_2_VERSION
,
164 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
165 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
166 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
173 TLS1_TXT_RSA_WITH_AES_128_SHA
,
174 TLS1_CK_RSA_WITH_AES_128_SHA
,
179 SSL3_VERSION
, TLS1_2_VERSION
,
180 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
182 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
188 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA
,
189 TLS1_CK_DHE_DSS_WITH_AES_128_SHA
,
194 SSL3_VERSION
, TLS1_2_VERSION
,
195 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
196 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
197 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
203 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
204 TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
209 SSL3_VERSION
, TLS1_2_VERSION
,
210 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
212 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
218 TLS1_TXT_ADH_WITH_AES_128_SHA
,
219 TLS1_CK_ADH_WITH_AES_128_SHA
,
224 SSL3_VERSION
, TLS1_2_VERSION
,
225 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
226 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
227 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
233 TLS1_TXT_RSA_WITH_AES_256_SHA
,
234 TLS1_CK_RSA_WITH_AES_256_SHA
,
239 SSL3_VERSION
, TLS1_2_VERSION
,
240 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
242 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
248 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA
,
249 TLS1_CK_DHE_DSS_WITH_AES_256_SHA
,
254 SSL3_VERSION
, TLS1_2_VERSION
,
255 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
256 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
257 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
263 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
264 TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
269 SSL3_VERSION
, TLS1_2_VERSION
,
270 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
272 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
278 TLS1_TXT_ADH_WITH_AES_256_SHA
,
279 TLS1_CK_ADH_WITH_AES_256_SHA
,
284 SSL3_VERSION
, TLS1_2_VERSION
,
285 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
286 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
287 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
293 TLS1_TXT_RSA_WITH_NULL_SHA256
,
294 TLS1_CK_RSA_WITH_NULL_SHA256
,
299 TLS1_2_VERSION
, TLS1_2_VERSION
,
300 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
301 SSL_STRONG_NONE
| SSL_FIPS
,
302 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
308 TLS1_TXT_RSA_WITH_AES_128_SHA256
,
309 TLS1_CK_RSA_WITH_AES_128_SHA256
,
314 TLS1_2_VERSION
, TLS1_2_VERSION
,
315 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
317 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
323 TLS1_TXT_RSA_WITH_AES_256_SHA256
,
324 TLS1_CK_RSA_WITH_AES_256_SHA256
,
329 TLS1_2_VERSION
, TLS1_2_VERSION
,
330 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
332 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
338 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256
,
339 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256
,
344 TLS1_2_VERSION
, TLS1_2_VERSION
,
345 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
346 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
347 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
353 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
354 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
359 TLS1_2_VERSION
, TLS1_2_VERSION
,
360 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
362 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
368 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256
,
369 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256
,
374 TLS1_2_VERSION
, TLS1_2_VERSION
,
375 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
376 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
377 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
383 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
384 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
389 TLS1_2_VERSION
, TLS1_2_VERSION
,
390 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
392 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
398 TLS1_TXT_ADH_WITH_AES_128_SHA256
,
399 TLS1_CK_ADH_WITH_AES_128_SHA256
,
404 TLS1_2_VERSION
, TLS1_2_VERSION
,
405 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
406 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
407 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
413 TLS1_TXT_ADH_WITH_AES_256_SHA256
,
414 TLS1_CK_ADH_WITH_AES_256_SHA256
,
419 TLS1_2_VERSION
, TLS1_2_VERSION
,
420 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
421 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
422 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
428 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
429 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
434 TLS1_2_VERSION
, TLS1_2_VERSION
,
435 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
437 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
443 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
444 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
449 TLS1_2_VERSION
, TLS1_2_VERSION
,
450 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
452 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
458 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
459 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
464 TLS1_2_VERSION
, TLS1_2_VERSION
,
465 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
467 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
473 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
474 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
479 TLS1_2_VERSION
, TLS1_2_VERSION
,
480 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
482 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
488 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256
,
489 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256
,
494 TLS1_2_VERSION
, TLS1_2_VERSION
,
495 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
496 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
497 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
503 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384
,
504 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384
,
509 TLS1_2_VERSION
, TLS1_2_VERSION
,
510 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
511 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
512 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
518 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
519 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
524 TLS1_2_VERSION
, TLS1_2_VERSION
,
525 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
526 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
527 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
533 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
534 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
539 TLS1_2_VERSION
, TLS1_2_VERSION
,
540 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
541 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
542 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
548 TLS1_TXT_RSA_WITH_AES_128_CCM
,
549 TLS1_CK_RSA_WITH_AES_128_CCM
,
554 TLS1_2_VERSION
, TLS1_2_VERSION
,
555 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
556 SSL_NOT_DEFAULT
| SSL_HIGH
,
557 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
563 TLS1_TXT_RSA_WITH_AES_256_CCM
,
564 TLS1_CK_RSA_WITH_AES_256_CCM
,
569 TLS1_2_VERSION
, TLS1_2_VERSION
,
570 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
571 SSL_NOT_DEFAULT
| SSL_HIGH
,
572 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
578 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM
,
579 TLS1_CK_DHE_RSA_WITH_AES_128_CCM
,
584 TLS1_2_VERSION
, TLS1_2_VERSION
,
585 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
586 SSL_NOT_DEFAULT
| SSL_HIGH
,
587 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
593 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM
,
594 TLS1_CK_DHE_RSA_WITH_AES_256_CCM
,
599 TLS1_2_VERSION
, TLS1_2_VERSION
,
600 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
601 SSL_NOT_DEFAULT
| SSL_HIGH
,
602 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
608 TLS1_TXT_RSA_WITH_AES_128_CCM_8
,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8
,
614 TLS1_2_VERSION
, TLS1_2_VERSION
,
615 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
616 SSL_NOT_DEFAULT
| SSL_HIGH
,
617 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8
,
624 TLS1_CK_RSA_WITH_AES_256_CCM_8
,
629 TLS1_2_VERSION
, TLS1_2_VERSION
,
630 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
631 SSL_NOT_DEFAULT
| SSL_HIGH
,
632 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
638 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8
,
639 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8
,
644 TLS1_2_VERSION
, TLS1_2_VERSION
,
645 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
646 SSL_NOT_DEFAULT
| SSL_HIGH
,
647 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
653 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8
,
654 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8
,
659 TLS1_2_VERSION
, TLS1_2_VERSION
,
660 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
661 SSL_NOT_DEFAULT
| SSL_HIGH
,
662 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
668 TLS1_TXT_PSK_WITH_AES_128_CCM
,
669 TLS1_CK_PSK_WITH_AES_128_CCM
,
674 TLS1_2_VERSION
, TLS1_2_VERSION
,
675 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
676 SSL_NOT_DEFAULT
| SSL_HIGH
,
677 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
683 TLS1_TXT_PSK_WITH_AES_256_CCM
,
684 TLS1_CK_PSK_WITH_AES_256_CCM
,
689 TLS1_2_VERSION
, TLS1_2_VERSION
,
690 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
691 SSL_NOT_DEFAULT
| SSL_HIGH
,
692 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
698 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM
,
699 TLS1_CK_DHE_PSK_WITH_AES_128_CCM
,
704 TLS1_2_VERSION
, TLS1_2_VERSION
,
705 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
706 SSL_NOT_DEFAULT
| SSL_HIGH
,
707 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
713 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM
,
714 TLS1_CK_DHE_PSK_WITH_AES_256_CCM
,
719 TLS1_2_VERSION
, TLS1_2_VERSION
,
720 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
721 SSL_NOT_DEFAULT
| SSL_HIGH
,
722 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
728 TLS1_TXT_PSK_WITH_AES_128_CCM_8
,
729 TLS1_CK_PSK_WITH_AES_128_CCM_8
,
734 TLS1_2_VERSION
, TLS1_2_VERSION
,
735 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
736 SSL_NOT_DEFAULT
| SSL_HIGH
,
737 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
743 TLS1_TXT_PSK_WITH_AES_256_CCM_8
,
744 TLS1_CK_PSK_WITH_AES_256_CCM_8
,
749 TLS1_2_VERSION
, TLS1_2_VERSION
,
750 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
751 SSL_NOT_DEFAULT
| SSL_HIGH
,
752 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
758 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8
,
759 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8
,
764 TLS1_2_VERSION
, TLS1_2_VERSION
,
765 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
766 SSL_NOT_DEFAULT
| SSL_HIGH
,
767 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
773 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8
,
774 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8
,
779 TLS1_2_VERSION
, TLS1_2_VERSION
,
780 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
781 SSL_NOT_DEFAULT
| SSL_HIGH
,
782 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
788 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM
,
789 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM
,
794 TLS1_2_VERSION
, TLS1_2_VERSION
,
795 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
796 SSL_NOT_DEFAULT
| SSL_HIGH
,
797 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
803 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM
,
804 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM
,
809 TLS1_2_VERSION
, TLS1_2_VERSION
,
810 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
811 SSL_NOT_DEFAULT
| SSL_HIGH
,
812 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
818 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
819 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
824 TLS1_2_VERSION
, TLS1_2_VERSION
,
825 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
826 SSL_NOT_DEFAULT
| SSL_HIGH
,
827 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
833 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
834 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
839 TLS1_2_VERSION
, TLS1_2_VERSION
,
840 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
841 SSL_NOT_DEFAULT
| SSL_HIGH
,
842 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
848 TLS1_3_TXT_AES_128_GCM_SHA256
,
849 TLS1_3_CK_AES_128_GCM_SHA256
,
853 TLS1_3_VERSION
, TLS1_3_VERSION
,
857 SSL_HANDSHAKE_MAC_SHA256
,
863 TLS1_3_TXT_AES_256_GCM_SHA384
,
864 TLS1_3_CK_AES_256_GCM_SHA384
,
869 TLS1_3_VERSION
, TLS1_3_VERSION
,
872 SSL_HANDSHAKE_MAC_SHA384
,
876 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
879 TLS1_3_TXT_CHACHA20_POLY1305_SHA256
,
880 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
883 SSL_CHACHA20POLY1305
,
885 TLS1_3_VERSION
, TLS1_3_VERSION
,
888 SSL_HANDSHAKE_MAC_SHA256
,
895 TLS1_3_TXT_AES_128_CCM_SHA256
,
896 TLS1_3_CK_AES_128_CCM_SHA256
,
901 TLS1_3_VERSION
, TLS1_3_VERSION
,
903 SSL_NOT_DEFAULT
| SSL_HIGH
,
904 SSL_HANDSHAKE_MAC_SHA256
,
910 TLS1_3_TXT_AES_128_CCM_8_SHA256
,
911 TLS1_3_CK_AES_128_CCM_8_SHA256
,
916 TLS1_3_VERSION
, TLS1_3_VERSION
,
918 SSL_NOT_DEFAULT
| SSL_HIGH
,
919 SSL_HANDSHAKE_MAC_SHA256
,
924 #ifndef OPENSSL_NO_EC
927 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
928 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
933 TLS1_VERSION
, TLS1_2_VERSION
,
934 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
935 SSL_STRONG_NONE
| SSL_FIPS
,
936 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
940 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
943 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
944 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
949 TLS1_VERSION
, TLS1_2_VERSION
,
950 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
951 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
952 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
959 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
960 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
965 TLS1_VERSION
, TLS1_2_VERSION
,
966 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
968 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
974 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
975 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
980 TLS1_VERSION
, TLS1_2_VERSION
,
981 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
983 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
989 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
990 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
995 TLS1_VERSION
, TLS1_2_VERSION
,
996 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
997 SSL_STRONG_NONE
| SSL_FIPS
,
998 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1002 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1006 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1011 TLS1_VERSION
, TLS1_2_VERSION
,
1012 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1013 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1014 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1021 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1022 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1027 TLS1_VERSION
, TLS1_2_VERSION
,
1028 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1029 SSL_HIGH
| SSL_FIPS
,
1030 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1036 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1037 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1042 TLS1_VERSION
, TLS1_2_VERSION
,
1043 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1044 SSL_HIGH
| SSL_FIPS
,
1045 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1051 TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1052 TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1057 TLS1_VERSION
, TLS1_2_VERSION
,
1058 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1059 SSL_STRONG_NONE
| SSL_FIPS
,
1060 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1064 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1067 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1068 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1073 TLS1_VERSION
, TLS1_2_VERSION
,
1074 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1075 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1076 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1083 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1084 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1089 TLS1_VERSION
, TLS1_2_VERSION
,
1090 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1091 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1092 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1098 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1099 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1104 TLS1_VERSION
, TLS1_2_VERSION
,
1105 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1106 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1107 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1113 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1114 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1119 TLS1_2_VERSION
, TLS1_2_VERSION
,
1120 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1121 SSL_HIGH
| SSL_FIPS
,
1122 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1128 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1129 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1134 TLS1_2_VERSION
, TLS1_2_VERSION
,
1135 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1136 SSL_HIGH
| SSL_FIPS
,
1137 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1143 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1144 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1149 TLS1_2_VERSION
, TLS1_2_VERSION
,
1150 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1151 SSL_HIGH
| SSL_FIPS
,
1152 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1158 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1159 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1164 TLS1_2_VERSION
, TLS1_2_VERSION
,
1165 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1166 SSL_HIGH
| SSL_FIPS
,
1167 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1173 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1174 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1179 TLS1_2_VERSION
, TLS1_2_VERSION
,
1180 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1181 SSL_HIGH
| SSL_FIPS
,
1182 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1188 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1189 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1194 TLS1_2_VERSION
, TLS1_2_VERSION
,
1195 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1196 SSL_HIGH
| SSL_FIPS
,
1197 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1203 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1204 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1209 TLS1_2_VERSION
, TLS1_2_VERSION
,
1210 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1211 SSL_HIGH
| SSL_FIPS
,
1212 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1218 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1219 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1224 TLS1_2_VERSION
, TLS1_2_VERSION
,
1225 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1226 SSL_HIGH
| SSL_FIPS
,
1227 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1231 #endif /* OPENSSL_NO_EC */
1233 #ifndef OPENSSL_NO_PSK
1236 TLS1_TXT_PSK_WITH_NULL_SHA
,
1237 TLS1_CK_PSK_WITH_NULL_SHA
,
1242 SSL3_VERSION
, TLS1_2_VERSION
,
1243 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1244 SSL_STRONG_NONE
| SSL_FIPS
,
1245 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1251 TLS1_TXT_DHE_PSK_WITH_NULL_SHA
,
1252 TLS1_CK_DHE_PSK_WITH_NULL_SHA
,
1257 SSL3_VERSION
, TLS1_2_VERSION
,
1258 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1259 SSL_STRONG_NONE
| SSL_FIPS
,
1260 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1266 TLS1_TXT_RSA_PSK_WITH_NULL_SHA
,
1267 TLS1_CK_RSA_PSK_WITH_NULL_SHA
,
1272 SSL3_VERSION
, TLS1_2_VERSION
,
1273 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1274 SSL_STRONG_NONE
| SSL_FIPS
,
1275 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1279 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1282 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA
,
1283 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA
,
1288 SSL3_VERSION
, TLS1_2_VERSION
,
1289 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1290 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1291 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1298 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA
,
1299 TLS1_CK_PSK_WITH_AES_128_CBC_SHA
,
1304 SSL3_VERSION
, TLS1_2_VERSION
,
1305 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1306 SSL_HIGH
| SSL_FIPS
,
1307 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1313 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA
,
1314 TLS1_CK_PSK_WITH_AES_256_CBC_SHA
,
1319 SSL3_VERSION
, TLS1_2_VERSION
,
1320 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1321 SSL_HIGH
| SSL_FIPS
,
1322 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1326 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1329 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1330 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1335 SSL3_VERSION
, TLS1_2_VERSION
,
1336 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1337 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1338 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1345 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA
,
1346 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA
,
1351 SSL3_VERSION
, TLS1_2_VERSION
,
1352 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1353 SSL_HIGH
| SSL_FIPS
,
1354 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1360 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA
,
1361 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA
,
1366 SSL3_VERSION
, TLS1_2_VERSION
,
1367 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1368 SSL_HIGH
| SSL_FIPS
,
1369 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1373 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1376 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1377 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1382 SSL3_VERSION
, TLS1_2_VERSION
,
1383 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1384 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1385 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1392 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA
,
1393 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA
,
1398 SSL3_VERSION
, TLS1_2_VERSION
,
1399 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1400 SSL_HIGH
| SSL_FIPS
,
1401 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1407 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA
,
1408 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA
,
1413 SSL3_VERSION
, TLS1_2_VERSION
,
1414 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1415 SSL_HIGH
| SSL_FIPS
,
1416 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1422 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256
,
1423 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256
,
1428 TLS1_2_VERSION
, TLS1_2_VERSION
,
1429 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1430 SSL_HIGH
| SSL_FIPS
,
1431 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1437 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384
,
1438 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384
,
1443 TLS1_2_VERSION
, TLS1_2_VERSION
,
1444 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1445 SSL_HIGH
| SSL_FIPS
,
1446 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1452 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1453 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1458 TLS1_2_VERSION
, TLS1_2_VERSION
,
1459 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1460 SSL_HIGH
| SSL_FIPS
,
1461 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1467 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1468 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1473 TLS1_2_VERSION
, TLS1_2_VERSION
,
1474 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1475 SSL_HIGH
| SSL_FIPS
,
1476 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1482 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1483 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1488 TLS1_2_VERSION
, TLS1_2_VERSION
,
1489 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1490 SSL_HIGH
| SSL_FIPS
,
1491 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1497 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1498 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1503 TLS1_2_VERSION
, TLS1_2_VERSION
,
1504 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1505 SSL_HIGH
| SSL_FIPS
,
1506 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1512 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256
,
1513 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256
,
1518 TLS1_VERSION
, TLS1_2_VERSION
,
1519 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1520 SSL_HIGH
| SSL_FIPS
,
1521 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1527 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384
,
1528 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384
,
1533 TLS1_VERSION
, TLS1_2_VERSION
,
1534 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1535 SSL_HIGH
| SSL_FIPS
,
1536 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1542 TLS1_TXT_PSK_WITH_NULL_SHA256
,
1543 TLS1_CK_PSK_WITH_NULL_SHA256
,
1548 TLS1_VERSION
, TLS1_2_VERSION
,
1549 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1550 SSL_STRONG_NONE
| SSL_FIPS
,
1551 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1557 TLS1_TXT_PSK_WITH_NULL_SHA384
,
1558 TLS1_CK_PSK_WITH_NULL_SHA384
,
1563 TLS1_VERSION
, TLS1_2_VERSION
,
1564 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1565 SSL_STRONG_NONE
| SSL_FIPS
,
1566 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1572 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1573 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1578 TLS1_VERSION
, TLS1_2_VERSION
,
1579 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1580 SSL_HIGH
| SSL_FIPS
,
1581 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1587 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1588 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1593 TLS1_VERSION
, TLS1_2_VERSION
,
1594 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1595 SSL_HIGH
| SSL_FIPS
,
1596 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1602 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256
,
1603 TLS1_CK_DHE_PSK_WITH_NULL_SHA256
,
1608 TLS1_VERSION
, TLS1_2_VERSION
,
1609 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1610 SSL_STRONG_NONE
| SSL_FIPS
,
1611 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1617 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384
,
1618 TLS1_CK_DHE_PSK_WITH_NULL_SHA384
,
1623 TLS1_VERSION
, TLS1_2_VERSION
,
1624 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1625 SSL_STRONG_NONE
| SSL_FIPS
,
1626 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1632 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1633 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1638 TLS1_VERSION
, TLS1_2_VERSION
,
1639 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1640 SSL_HIGH
| SSL_FIPS
,
1641 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1647 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1648 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1653 TLS1_VERSION
, TLS1_2_VERSION
,
1654 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1655 SSL_HIGH
| SSL_FIPS
,
1656 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1662 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256
,
1663 TLS1_CK_RSA_PSK_WITH_NULL_SHA256
,
1668 TLS1_VERSION
, TLS1_2_VERSION
,
1669 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1670 SSL_STRONG_NONE
| SSL_FIPS
,
1671 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1677 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384
,
1678 TLS1_CK_RSA_PSK_WITH_NULL_SHA384
,
1683 TLS1_VERSION
, TLS1_2_VERSION
,
1684 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1685 SSL_STRONG_NONE
| SSL_FIPS
,
1686 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1690 # ifndef OPENSSL_NO_EC
1691 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1694 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1695 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1700 TLS1_VERSION
, TLS1_2_VERSION
,
1701 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1702 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1703 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1710 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1711 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1716 TLS1_VERSION
, TLS1_2_VERSION
,
1717 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1718 SSL_HIGH
| SSL_FIPS
,
1719 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1725 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1726 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1731 TLS1_VERSION
, TLS1_2_VERSION
,
1732 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1733 SSL_HIGH
| SSL_FIPS
,
1734 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1740 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1741 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1746 TLS1_VERSION
, TLS1_2_VERSION
,
1747 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1748 SSL_HIGH
| SSL_FIPS
,
1749 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1755 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1756 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1761 TLS1_VERSION
, TLS1_2_VERSION
,
1762 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1763 SSL_HIGH
| SSL_FIPS
,
1764 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1770 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA
,
1771 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA
,
1776 TLS1_VERSION
, TLS1_2_VERSION
,
1777 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1778 SSL_STRONG_NONE
| SSL_FIPS
,
1779 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1785 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256
,
1786 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256
,
1791 TLS1_VERSION
, TLS1_2_VERSION
,
1792 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1793 SSL_STRONG_NONE
| SSL_FIPS
,
1794 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1800 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384
,
1801 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384
,
1806 TLS1_VERSION
, TLS1_2_VERSION
,
1807 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1808 SSL_STRONG_NONE
| SSL_FIPS
,
1809 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1813 # endif /* OPENSSL_NO_EC */
1814 #endif /* OPENSSL_NO_PSK */
1816 #ifndef OPENSSL_NO_SRP
1817 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1820 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1821 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1826 SSL3_VERSION
, TLS1_2_VERSION
,
1827 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1828 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1829 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1835 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1836 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1841 SSL3_VERSION
, TLS1_2_VERSION
,
1842 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1843 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1844 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1850 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1851 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1856 SSL3_VERSION
, TLS1_2_VERSION
,
1857 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1858 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1859 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1866 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA
,
1867 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA
,
1872 SSL3_VERSION
, TLS1_2_VERSION
,
1873 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1875 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1881 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1882 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1887 SSL3_VERSION
, TLS1_2_VERSION
,
1888 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1890 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1896 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1897 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1902 SSL3_VERSION
, TLS1_2_VERSION
,
1903 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1904 SSL_NOT_DEFAULT
| SSL_HIGH
,
1905 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1911 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA
,
1912 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA
,
1917 SSL3_VERSION
, TLS1_2_VERSION
,
1918 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1920 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1926 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
1927 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
1932 SSL3_VERSION
, TLS1_2_VERSION
,
1933 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1935 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1941 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
1942 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
1947 SSL3_VERSION
, TLS1_2_VERSION
,
1948 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1949 SSL_NOT_DEFAULT
| SSL_HIGH
,
1950 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1954 #endif /* OPENSSL_NO_SRP */
1956 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1957 # ifndef OPENSSL_NO_RSA
1960 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
1961 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305
,
1964 SSL_CHACHA20POLY1305
,
1966 TLS1_2_VERSION
, TLS1_2_VERSION
,
1967 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1969 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1973 # endif /* OPENSSL_NO_RSA */
1975 # ifndef OPENSSL_NO_EC
1978 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
1979 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
1982 SSL_CHACHA20POLY1305
,
1984 TLS1_2_VERSION
, TLS1_2_VERSION
,
1985 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1987 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1993 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
1994 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
1997 SSL_CHACHA20POLY1305
,
1999 TLS1_2_VERSION
, TLS1_2_VERSION
,
2000 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2002 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2006 # endif /* OPENSSL_NO_EC */
2008 # ifndef OPENSSL_NO_PSK
2011 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305
,
2012 TLS1_CK_PSK_WITH_CHACHA20_POLY1305
,
2015 SSL_CHACHA20POLY1305
,
2017 TLS1_2_VERSION
, TLS1_2_VERSION
,
2018 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2020 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2026 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2027 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2030 SSL_CHACHA20POLY1305
,
2032 TLS1_2_VERSION
, TLS1_2_VERSION
,
2033 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2035 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2041 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305
,
2042 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305
,
2045 SSL_CHACHA20POLY1305
,
2047 TLS1_2_VERSION
, TLS1_2_VERSION
,
2048 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2050 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2056 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305
,
2057 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305
,
2060 SSL_CHACHA20POLY1305
,
2062 TLS1_2_VERSION
, TLS1_2_VERSION
,
2063 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2065 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2069 # endif /* OPENSSL_NO_PSK */
2070 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2071 * !defined(OPENSSL_NO_POLY1305) */
2073 #ifndef OPENSSL_NO_CAMELLIA
2076 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2077 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2082 TLS1_2_VERSION
, TLS1_2_VERSION
,
2083 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2084 SSL_NOT_DEFAULT
| SSL_HIGH
,
2085 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2091 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2092 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2097 TLS1_2_VERSION
, TLS1_2_VERSION
,
2098 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2099 SSL_NOT_DEFAULT
| SSL_HIGH
,
2100 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2106 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2107 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2112 TLS1_2_VERSION
, TLS1_2_VERSION
,
2113 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2114 SSL_NOT_DEFAULT
| SSL_HIGH
,
2115 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2121 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2122 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2127 TLS1_2_VERSION
, TLS1_2_VERSION
,
2128 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2129 SSL_NOT_DEFAULT
| SSL_HIGH
,
2130 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2136 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2137 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2142 TLS1_2_VERSION
, TLS1_2_VERSION
,
2143 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2144 SSL_NOT_DEFAULT
| SSL_HIGH
,
2145 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2151 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2152 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2157 TLS1_2_VERSION
, TLS1_2_VERSION
,
2158 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2159 SSL_NOT_DEFAULT
| SSL_HIGH
,
2160 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2166 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2167 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2172 TLS1_2_VERSION
, TLS1_2_VERSION
,
2173 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2174 SSL_NOT_DEFAULT
| SSL_HIGH
,
2175 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2181 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2182 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2187 TLS1_2_VERSION
, TLS1_2_VERSION
,
2188 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2189 SSL_NOT_DEFAULT
| SSL_HIGH
,
2190 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2196 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2197 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2202 SSL3_VERSION
, TLS1_2_VERSION
,
2203 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2204 SSL_NOT_DEFAULT
| SSL_HIGH
,
2205 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2211 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2212 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2217 SSL3_VERSION
, TLS1_2_VERSION
,
2218 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2219 SSL_NOT_DEFAULT
| SSL_HIGH
,
2220 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2226 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2227 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2232 SSL3_VERSION
, TLS1_2_VERSION
,
2233 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2234 SSL_NOT_DEFAULT
| SSL_HIGH
,
2235 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2241 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2242 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2247 SSL3_VERSION
, TLS1_2_VERSION
,
2248 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2249 SSL_NOT_DEFAULT
| SSL_HIGH
,
2250 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2256 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2257 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2262 SSL3_VERSION
, TLS1_2_VERSION
,
2263 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2264 SSL_NOT_DEFAULT
| SSL_HIGH
,
2265 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2271 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2272 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2277 SSL3_VERSION
, TLS1_2_VERSION
,
2278 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2279 SSL_NOT_DEFAULT
| SSL_HIGH
,
2280 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2286 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2287 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2292 SSL3_VERSION
, TLS1_2_VERSION
,
2293 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2294 SSL_NOT_DEFAULT
| SSL_HIGH
,
2295 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2301 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2302 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2307 SSL3_VERSION
, TLS1_2_VERSION
,
2308 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2309 SSL_NOT_DEFAULT
| SSL_HIGH
,
2310 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2315 # ifndef OPENSSL_NO_EC
2318 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2319 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2324 TLS1_2_VERSION
, TLS1_2_VERSION
,
2325 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2326 SSL_NOT_DEFAULT
| SSL_HIGH
,
2327 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2333 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2334 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2339 TLS1_2_VERSION
, TLS1_2_VERSION
,
2340 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2341 SSL_NOT_DEFAULT
| SSL_HIGH
,
2342 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2348 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2349 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2354 TLS1_2_VERSION
, TLS1_2_VERSION
,
2355 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2356 SSL_NOT_DEFAULT
| SSL_HIGH
,
2357 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2363 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2364 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2369 TLS1_2_VERSION
, TLS1_2_VERSION
,
2370 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2371 SSL_NOT_DEFAULT
| SSL_HIGH
,
2372 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2376 # endif /* OPENSSL_NO_EC */
2378 # ifndef OPENSSL_NO_PSK
2381 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2382 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2387 TLS1_VERSION
, TLS1_2_VERSION
,
2388 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2389 SSL_NOT_DEFAULT
| SSL_HIGH
,
2390 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2396 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2397 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2402 TLS1_VERSION
, TLS1_2_VERSION
,
2403 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2404 SSL_NOT_DEFAULT
| SSL_HIGH
,
2405 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2411 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2412 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2417 TLS1_VERSION
, TLS1_2_VERSION
,
2418 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2419 SSL_NOT_DEFAULT
| SSL_HIGH
,
2420 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2426 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2427 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2432 TLS1_VERSION
, TLS1_2_VERSION
,
2433 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2434 SSL_NOT_DEFAULT
| SSL_HIGH
,
2435 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2441 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2442 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2447 TLS1_VERSION
, TLS1_2_VERSION
,
2448 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2449 SSL_NOT_DEFAULT
| SSL_HIGH
,
2450 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2456 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2457 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2462 TLS1_VERSION
, TLS1_2_VERSION
,
2463 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2464 SSL_NOT_DEFAULT
| SSL_HIGH
,
2465 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2471 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2472 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2477 TLS1_VERSION
, TLS1_2_VERSION
,
2478 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2479 SSL_NOT_DEFAULT
| SSL_HIGH
,
2480 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2486 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2487 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2492 TLS1_VERSION
, TLS1_2_VERSION
,
2493 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2494 SSL_NOT_DEFAULT
| SSL_HIGH
,
2495 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2499 # endif /* OPENSSL_NO_PSK */
2501 #endif /* OPENSSL_NO_CAMELLIA */
2503 #ifndef OPENSSL_NO_GOST
2506 "GOST2001-GOST89-GOST89",
2510 SSL_eGOST2814789CNT
,
2512 TLS1_VERSION
, TLS1_2_VERSION
,
2515 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
| TLS1_STREAM_MAC
,
2521 "GOST2001-NULL-GOST94",
2527 TLS1_VERSION
, TLS1_2_VERSION
,
2530 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
,
2536 "GOST2012-GOST8912-GOST8912",
2539 SSL_aGOST12
| SSL_aGOST01
,
2540 SSL_eGOST2814789CNT12
,
2542 TLS1_VERSION
, TLS1_2_VERSION
,
2545 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2551 "GOST2012-NULL-GOST12",
2554 SSL_aGOST12
| SSL_aGOST01
,
2557 TLS1_VERSION
, TLS1_2_VERSION
,
2560 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2564 #endif /* OPENSSL_NO_GOST */
2566 #ifndef OPENSSL_NO_IDEA
2569 SSL3_TXT_RSA_IDEA_128_SHA
,
2570 SSL3_CK_RSA_IDEA_128_SHA
,
2575 SSL3_VERSION
, TLS1_1_VERSION
,
2576 DTLS1_BAD_VER
, DTLS1_VERSION
,
2577 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2578 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2584 #ifndef OPENSSL_NO_SEED
2587 TLS1_TXT_RSA_WITH_SEED_SHA
,
2588 TLS1_CK_RSA_WITH_SEED_SHA
,
2593 SSL3_VERSION
, TLS1_2_VERSION
,
2594 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2595 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2596 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2602 TLS1_TXT_DHE_DSS_WITH_SEED_SHA
,
2603 TLS1_CK_DHE_DSS_WITH_SEED_SHA
,
2608 SSL3_VERSION
, TLS1_2_VERSION
,
2609 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2610 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2611 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2617 TLS1_TXT_DHE_RSA_WITH_SEED_SHA
,
2618 TLS1_CK_DHE_RSA_WITH_SEED_SHA
,
2623 SSL3_VERSION
, TLS1_2_VERSION
,
2624 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2625 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2626 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2632 TLS1_TXT_ADH_WITH_SEED_SHA
,
2633 TLS1_CK_ADH_WITH_SEED_SHA
,
2638 SSL3_VERSION
, TLS1_2_VERSION
,
2639 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2640 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2641 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2645 #endif /* OPENSSL_NO_SEED */
2647 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2650 SSL3_TXT_RSA_RC4_128_MD5
,
2651 SSL3_CK_RSA_RC4_128_MD5
,
2656 SSL3_VERSION
, TLS1_2_VERSION
,
2658 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2659 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2665 SSL3_TXT_RSA_RC4_128_SHA
,
2666 SSL3_CK_RSA_RC4_128_SHA
,
2671 SSL3_VERSION
, TLS1_2_VERSION
,
2673 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2674 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2680 SSL3_TXT_ADH_RC4_128_MD5
,
2681 SSL3_CK_ADH_RC4_128_MD5
,
2686 SSL3_VERSION
, TLS1_2_VERSION
,
2688 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2689 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2694 # ifndef OPENSSL_NO_EC
2697 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA
,
2698 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA
,
2703 TLS1_VERSION
, TLS1_2_VERSION
,
2705 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2706 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2712 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
2713 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
2718 TLS1_VERSION
, TLS1_2_VERSION
,
2720 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2721 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2727 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2728 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2733 TLS1_VERSION
, TLS1_2_VERSION
,
2735 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2736 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2742 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
2743 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
2748 TLS1_VERSION
, TLS1_2_VERSION
,
2750 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2751 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2755 # endif /* OPENSSL_NO_EC */
2757 # ifndef OPENSSL_NO_PSK
2760 TLS1_TXT_PSK_WITH_RC4_128_SHA
,
2761 TLS1_CK_PSK_WITH_RC4_128_SHA
,
2766 SSL3_VERSION
, TLS1_2_VERSION
,
2768 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2769 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2775 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA
,
2776 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA
,
2781 SSL3_VERSION
, TLS1_2_VERSION
,
2783 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2784 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2790 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA
,
2791 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA
,
2796 SSL3_VERSION
, TLS1_2_VERSION
,
2798 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2799 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2803 # endif /* OPENSSL_NO_PSK */
2805 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2810 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2811 * values stuffed into the ciphers field of the wire protocol for signalling
2814 static SSL_CIPHER ssl3_scsvs
[] = {
2817 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2819 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2823 "TLS_FALLBACK_SCSV",
2824 SSL3_CK_FALLBACK_SCSV
,
2825 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2829 static int cipher_compare(const void *a
, const void *b
)
2831 const SSL_CIPHER
*ap
= (const SSL_CIPHER
*)a
;
2832 const SSL_CIPHER
*bp
= (const SSL_CIPHER
*)b
;
2834 return ap
->id
- bp
->id
;
2837 void ssl_sort_cipher_list(void)
2839 qsort(ssl3_ciphers
, SSL3_NUM_CIPHERS
, sizeof ssl3_ciphers
[0],
2841 qsort(ssl3_scsvs
, SSL3_NUM_SCSVS
, sizeof ssl3_scsvs
[0], cipher_compare
);
2844 const SSL3_ENC_METHOD SSLv3_enc_data
= {
2847 ssl3_setup_key_block
,
2848 ssl3_generate_master_secret
,
2849 ssl3_change_cipher_state
,
2850 ssl3_final_finish_mac
,
2851 SSL3_MD_CLIENT_FINISHED_CONST
, 4,
2852 SSL3_MD_SERVER_FINISHED_CONST
, 4,
2854 (int (*)(SSL
*, unsigned char *, size_t, const char *,
2855 size_t, const unsigned char *, size_t,
2856 int use_context
))ssl_undefined_function
,
2858 ssl3_set_handshake_header
,
2859 tls_close_construct_packet
,
2860 ssl3_handshake_write
2863 long ssl3_default_timeout(void)
2866 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2867 * http, the cache would over fill
2869 return (60 * 60 * 2);
2872 int ssl3_num_ciphers(void)
2874 return (SSL3_NUM_CIPHERS
);
2877 const SSL_CIPHER
*ssl3_get_cipher(unsigned int u
)
2879 if (u
< SSL3_NUM_CIPHERS
)
2880 return (&(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]));
2885 int ssl3_set_handshake_header(SSL
*s
, WPACKET
*pkt
, int htype
)
2887 /* No header in the event of a CCS */
2888 if (htype
== SSL3_MT_CHANGE_CIPHER_SPEC
)
2891 /* Set the content type and 3 bytes for the message len */
2892 if (!WPACKET_put_bytes_u8(pkt
, htype
)
2893 || !WPACKET_start_sub_packet_u24(pkt
))
2899 int ssl3_handshake_write(SSL
*s
)
2901 return ssl3_do_write(s
, SSL3_RT_HANDSHAKE
);
2904 int ssl3_new(SSL
*s
)
2908 if ((s3
= OPENSSL_zalloc(sizeof(*s3
))) == NULL
)
2912 #ifndef OPENSSL_NO_SRP
2913 if (!SSL_SRP_CTX_init(s
))
2917 if (!s
->method
->ssl_clear(s
))
2925 void ssl3_free(SSL
*s
)
2927 if (s
== NULL
|| s
->s3
== NULL
)
2930 ssl3_cleanup_key_block(s
);
2932 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2933 EVP_PKEY_free(s
->s3
->peer_tmp
);
2934 s
->s3
->peer_tmp
= NULL
;
2935 EVP_PKEY_free(s
->s3
->tmp
.pkey
);
2936 s
->s3
->tmp
.pkey
= NULL
;
2939 OPENSSL_free(s
->s3
->tmp
.ctype
);
2940 sk_X509_NAME_pop_free(s
->s3
->tmp
.peer_ca_names
, X509_NAME_free
);
2941 OPENSSL_free(s
->s3
->tmp
.ciphers_raw
);
2942 OPENSSL_clear_free(s
->s3
->tmp
.pms
, s
->s3
->tmp
.pmslen
);
2943 OPENSSL_free(s
->s3
->tmp
.peer_sigalgs
);
2944 ssl3_free_digest_list(s
);
2945 OPENSSL_free(s
->s3
->alpn_selected
);
2946 OPENSSL_free(s
->s3
->alpn_proposed
);
2948 #ifndef OPENSSL_NO_SRP
2949 SSL_SRP_CTX_free(s
);
2951 OPENSSL_clear_free(s
->s3
, sizeof(*s
->s3
));
2955 int ssl3_clear(SSL
*s
)
2957 ssl3_cleanup_key_block(s
);
2958 OPENSSL_free(s
->s3
->tmp
.ctype
);
2959 sk_X509_NAME_pop_free(s
->s3
->tmp
.peer_ca_names
, X509_NAME_free
);
2960 OPENSSL_free(s
->s3
->tmp
.ciphers_raw
);
2961 OPENSSL_clear_free(s
->s3
->tmp
.pms
, s
->s3
->tmp
.pmslen
);
2962 OPENSSL_free(s
->s3
->tmp
.peer_sigalgs
);
2964 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2965 EVP_PKEY_free(s
->s3
->tmp
.pkey
);
2966 EVP_PKEY_free(s
->s3
->peer_tmp
);
2967 #endif /* !OPENSSL_NO_EC */
2969 ssl3_free_digest_list(s
);
2971 OPENSSL_free(s
->s3
->alpn_selected
);
2972 OPENSSL_free(s
->s3
->alpn_proposed
);
2974 /* NULL/zero-out everything in the s3 struct */
2975 memset(s
->s3
, 0, sizeof(*s
->s3
));
2977 if (!ssl_free_wbio_buffer(s
))
2980 s
->version
= SSL3_VERSION
;
2982 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2983 OPENSSL_free(s
->ext
.npn
);
2991 #ifndef OPENSSL_NO_SRP
2992 static char *srp_password_from_info_cb(SSL
*s
, void *arg
)
2994 return OPENSSL_strdup(s
->srp_ctx
.info
);
2998 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
);
3000 long ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
3005 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
3007 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
3008 ret
= s
->s3
->num_renegotiations
;
3010 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
3011 ret
= s
->s3
->num_renegotiations
;
3012 s
->s3
->num_renegotiations
= 0;
3014 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
3015 ret
= s
->s3
->total_renegotiations
;
3017 case SSL_CTRL_GET_FLAGS
:
3018 ret
= (int)(s
->s3
->flags
);
3020 #ifndef OPENSSL_NO_DH
3021 case SSL_CTRL_SET_TMP_DH
:
3023 DH
*dh
= (DH
*)parg
;
3024 EVP_PKEY
*pkdh
= NULL
;
3026 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3029 pkdh
= ssl_dh_to_pkey(dh
);
3031 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_MALLOC_FAILURE
);
3034 if (!ssl_security(s
, SSL_SECOP_TMP_DH
,
3035 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3036 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3037 EVP_PKEY_free(pkdh
);
3040 EVP_PKEY_free(s
->cert
->dh_tmp
);
3041 s
->cert
->dh_tmp
= pkdh
;
3045 case SSL_CTRL_SET_TMP_DH_CB
:
3047 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3050 case SSL_CTRL_SET_DH_AUTO
:
3051 s
->cert
->dh_tmp_auto
= larg
;
3054 #ifndef OPENSSL_NO_EC
3055 case SSL_CTRL_SET_TMP_ECDH
:
3057 const EC_GROUP
*group
= NULL
;
3061 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3064 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3065 if (group
== NULL
) {
3066 SSLerr(SSL_F_SSL3_CTRL
, EC_R_MISSING_PARAMETERS
);
3069 nid
= EC_GROUP_get_curve_name(group
);
3070 if (nid
== NID_undef
)
3072 return tls1_set_groups(&s
->ext
.supportedgroups
,
3073 &s
->ext
.supportedgroups_len
,
3077 #endif /* !OPENSSL_NO_EC */
3078 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
3079 if (larg
== TLSEXT_NAMETYPE_host_name
) {
3082 OPENSSL_free(s
->ext
.hostname
);
3083 s
->ext
.hostname
= NULL
;
3088 len
= strlen((char *)parg
);
3089 if (len
== 0 || len
> TLSEXT_MAXLEN_host_name
) {
3090 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
3093 if ((s
->ext
.hostname
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3094 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_INTERNAL_ERROR
);
3098 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
3102 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
3103 s
->ext
.debug_arg
= parg
;
3107 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3108 ret
= s
->ext
.status_type
;
3111 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3112 s
->ext
.status_type
= larg
;
3116 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
3117 *(STACK_OF(X509_EXTENSION
) **)parg
= s
->ext
.ocsp
.exts
;
3121 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
3122 s
->ext
.ocsp
.exts
= parg
;
3126 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
3127 *(STACK_OF(OCSP_RESPID
) **)parg
= s
->ext
.ocsp
.ids
;
3131 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
3132 s
->ext
.ocsp
.ids
= parg
;
3136 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3137 *(unsigned char **)parg
= s
->ext
.ocsp
.resp
;
3138 if (s
->ext
.ocsp
.resp_len
== 0
3139 || s
->ext
.ocsp
.resp_len
> LONG_MAX
)
3141 return (long)s
->ext
.ocsp
.resp_len
;
3143 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3144 OPENSSL_free(s
->ext
.ocsp
.resp
);
3145 s
->ext
.ocsp
.resp
= parg
;
3146 s
->ext
.ocsp
.resp_len
= larg
;
3150 #ifndef OPENSSL_NO_HEARTBEATS
3151 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
:
3152 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
:
3153 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
:
3157 case SSL_CTRL_CHAIN
:
3159 return ssl_cert_set1_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3161 return ssl_cert_set0_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3163 case SSL_CTRL_CHAIN_CERT
:
3165 return ssl_cert_add1_chain_cert(s
, NULL
, (X509
*)parg
);
3167 return ssl_cert_add0_chain_cert(s
, NULL
, (X509
*)parg
);
3169 case SSL_CTRL_GET_CHAIN_CERTS
:
3170 *(STACK_OF(X509
) **)parg
= s
->cert
->key
->chain
;
3173 case SSL_CTRL_SELECT_CURRENT_CERT
:
3174 return ssl_cert_select_current(s
->cert
, (X509
*)parg
);
3176 case SSL_CTRL_SET_CURRENT_CERT
:
3177 if (larg
== SSL_CERT_SET_SERVER
) {
3178 const SSL_CIPHER
*cipher
;
3181 cipher
= s
->s3
->tmp
.new_cipher
;
3185 * No certificate for unauthenticated ciphersuites or using SRP
3188 if (cipher
->algorithm_auth
& (SSL_aNULL
| SSL_aSRP
))
3190 if (s
->s3
->tmp
.cert
== NULL
)
3192 s
->cert
->key
= s
->s3
->tmp
.cert
;
3195 return ssl_cert_set_current(s
->cert
, larg
);
3197 #ifndef OPENSSL_NO_EC
3198 case SSL_CTRL_GET_GROUPS
:
3200 unsigned char *clist
;
3205 clist
= s
->session
->ext
.supportedgroups
;
3206 clistlen
= s
->session
->ext
.supportedgroups_len
/ 2;
3210 unsigned int cid
, nid
;
3211 for (i
= 0; i
< clistlen
; i
++) {
3213 /* TODO(TLS1.3): Handle DH groups here */
3214 nid
= tls1_ec_curve_id2nid(cid
, NULL
);
3218 cptr
[i
] = TLSEXT_nid_unknown
| cid
;
3221 return (int)clistlen
;
3224 case SSL_CTRL_SET_GROUPS
:
3225 return tls1_set_groups(&s
->ext
.supportedgroups
,
3226 &s
->ext
.supportedgroups_len
, parg
, larg
);
3228 case SSL_CTRL_SET_GROUPS_LIST
:
3229 return tls1_set_groups_list(&s
->ext
.supportedgroups
,
3230 &s
->ext
.supportedgroups_len
, parg
);
3232 case SSL_CTRL_GET_SHARED_GROUP
:
3233 return tls1_shared_group(s
, larg
);
3236 case SSL_CTRL_SET_SIGALGS
:
3237 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 0);
3239 case SSL_CTRL_SET_SIGALGS_LIST
:
3240 return tls1_set_sigalgs_list(s
->cert
, parg
, 0);
3242 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3243 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 1);
3245 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3246 return tls1_set_sigalgs_list(s
->cert
, parg
, 1);
3248 case SSL_CTRL_GET_CLIENT_CERT_TYPES
:
3250 const unsigned char **pctype
= parg
;
3251 if (s
->server
|| !s
->s3
->tmp
.cert_req
)
3254 *pctype
= s
->s3
->tmp
.ctype
;
3255 return s
->s3
->tmp
.ctype_len
;
3258 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3261 return ssl3_set_req_cert_type(s
->cert
, parg
, larg
);
3263 case SSL_CTRL_BUILD_CERT_CHAIN
:
3264 return ssl_build_cert_chain(s
, NULL
, larg
);
3266 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3267 return ssl_cert_set_cert_store(s
->cert
, parg
, 0, larg
);
3269 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3270 return ssl_cert_set_cert_store(s
->cert
, parg
, 1, larg
);
3272 case SSL_CTRL_GET_PEER_SIGNATURE_NID
:
3273 if (s
->s3
->tmp
.peer_sigalg
== NULL
)
3275 *(int *)parg
= s
->s3
->tmp
.peer_sigalg
->hash
;
3278 case SSL_CTRL_GET_SERVER_TMP_KEY
:
3279 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3280 if (s
->server
|| s
->session
== NULL
|| s
->s3
->peer_tmp
== NULL
) {
3283 EVP_PKEY_up_ref(s
->s3
->peer_tmp
);
3284 *(EVP_PKEY
**)parg
= s
->s3
->peer_tmp
;
3290 #ifndef OPENSSL_NO_EC
3291 case SSL_CTRL_GET_EC_POINT_FORMATS
:
3293 SSL_SESSION
*sess
= s
->session
;
3294 const unsigned char **pformat
= parg
;
3296 if (sess
== NULL
|| sess
->ext
.ecpointformats
== NULL
)
3298 *pformat
= sess
->ext
.ecpointformats
;
3299 return (int)sess
->ext
.ecpointformats_len
;
3309 long ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3314 #ifndef OPENSSL_NO_DH
3315 case SSL_CTRL_SET_TMP_DH_CB
:
3317 s
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3321 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
3322 s
->ext
.debug_cb
= (void (*)(SSL
*, int, int,
3323 const unsigned char *, int, void *))fp
;
3326 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3328 s
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3337 long ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3340 #ifndef OPENSSL_NO_DH
3341 case SSL_CTRL_SET_TMP_DH
:
3343 DH
*dh
= (DH
*)parg
;
3344 EVP_PKEY
*pkdh
= NULL
;
3346 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3349 pkdh
= ssl_dh_to_pkey(dh
);
3351 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3354 if (!ssl_ctx_security(ctx
, SSL_SECOP_TMP_DH
,
3355 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3356 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3357 EVP_PKEY_free(pkdh
);
3360 EVP_PKEY_free(ctx
->cert
->dh_tmp
);
3361 ctx
->cert
->dh_tmp
= pkdh
;
3364 case SSL_CTRL_SET_TMP_DH_CB
:
3366 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3369 case SSL_CTRL_SET_DH_AUTO
:
3370 ctx
->cert
->dh_tmp_auto
= larg
;
3373 #ifndef OPENSSL_NO_EC
3374 case SSL_CTRL_SET_TMP_ECDH
:
3376 const EC_GROUP
*group
= NULL
;
3380 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3383 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3384 if (group
== NULL
) {
3385 SSLerr(SSL_F_SSL3_CTX_CTRL
, EC_R_MISSING_PARAMETERS
);
3388 nid
= EC_GROUP_get_curve_name(group
);
3389 if (nid
== NID_undef
)
3391 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3392 &ctx
->ext
.supportedgroups_len
,
3395 #endif /* !OPENSSL_NO_EC */
3396 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
3397 ctx
->ext
.servername_arg
= parg
;
3399 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
3400 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
3402 unsigned char *keys
= parg
;
3403 long tick_keylen
= (sizeof(ctx
->ext
.tick_key_name
) +
3404 sizeof(ctx
->ext
.tick_hmac_key
) +
3405 sizeof(ctx
->ext
.tick_aes_key
));
3408 if (larg
!= tick_keylen
) {
3409 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_TICKET_KEYS_LENGTH
);
3412 if (cmd
== SSL_CTRL_SET_TLSEXT_TICKET_KEYS
) {
3413 memcpy(ctx
->ext
.tick_key_name
, keys
,
3414 sizeof(ctx
->ext
.tick_key_name
));
3415 memcpy(ctx
->ext
.tick_hmac_key
,
3416 keys
+ sizeof(ctx
->ext
.tick_key_name
),
3417 sizeof(ctx
->ext
.tick_hmac_key
));
3418 memcpy(ctx
->ext
.tick_aes_key
,
3419 keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3420 sizeof(ctx
->ext
.tick_hmac_key
),
3421 sizeof(ctx
->ext
.tick_aes_key
));
3423 memcpy(keys
, ctx
->ext
.tick_key_name
,
3424 sizeof(ctx
->ext
.tick_key_name
));
3425 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
),
3426 ctx
->ext
.tick_hmac_key
,
3427 sizeof(ctx
->ext
.tick_hmac_key
));
3428 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3429 sizeof(ctx
->ext
.tick_hmac_key
),
3430 ctx
->ext
.tick_aes_key
,
3431 sizeof(ctx
->ext
.tick_aes_key
));
3436 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3437 return ctx
->ext
.status_type
;
3439 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3440 ctx
->ext
.status_type
= larg
;
3443 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
3444 ctx
->ext
.status_arg
= parg
;
3447 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
3448 *(void**)parg
= ctx
->ext
.status_arg
;
3451 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
3452 *(int (**)(SSL
*, void*))parg
= ctx
->ext
.status_cb
;
3455 #ifndef OPENSSL_NO_SRP
3456 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME
:
3457 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3458 OPENSSL_free(ctx
->srp_ctx
.login
);
3459 ctx
->srp_ctx
.login
= NULL
;
3462 if (strlen((const char *)parg
) > 255 || strlen((const char *)parg
) < 1) {
3463 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_SRP_USERNAME
);
3466 if ((ctx
->srp_ctx
.login
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3467 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_INTERNAL_ERROR
);
3471 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD
:
3472 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3473 srp_password_from_info_cb
;
3474 ctx
->srp_ctx
.info
= parg
;
3476 case SSL_CTRL_SET_SRP_ARG
:
3477 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3478 ctx
->srp_ctx
.SRP_cb_arg
= parg
;
3481 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH
:
3482 ctx
->srp_ctx
.strength
= larg
;
3486 #ifndef OPENSSL_NO_EC
3487 case SSL_CTRL_SET_GROUPS
:
3488 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3489 &ctx
->ext
.supportedgroups_len
,
3492 case SSL_CTRL_SET_GROUPS_LIST
:
3493 return tls1_set_groups_list(&ctx
->ext
.supportedgroups
,
3494 &ctx
->ext
.supportedgroups_len
,
3497 case SSL_CTRL_SET_SIGALGS
:
3498 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 0);
3500 case SSL_CTRL_SET_SIGALGS_LIST
:
3501 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 0);
3503 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3504 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 1);
3506 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3507 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 1);
3509 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3510 return ssl3_set_req_cert_type(ctx
->cert
, parg
, larg
);
3512 case SSL_CTRL_BUILD_CERT_CHAIN
:
3513 return ssl_build_cert_chain(NULL
, ctx
, larg
);
3515 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3516 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 0, larg
);
3518 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3519 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 1, larg
);
3521 /* A Thawte special :-) */
3522 case SSL_CTRL_EXTRA_CHAIN_CERT
:
3523 if (ctx
->extra_certs
== NULL
) {
3524 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
) {
3525 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3529 if (!sk_X509_push(ctx
->extra_certs
, (X509
*)parg
)) {
3530 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3535 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
3536 if (ctx
->extra_certs
== NULL
&& larg
== 0)
3537 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
3539 *(STACK_OF(X509
) **)parg
= ctx
->extra_certs
;
3542 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
3543 sk_X509_pop_free(ctx
->extra_certs
, X509_free
);
3544 ctx
->extra_certs
= NULL
;
3547 case SSL_CTRL_CHAIN
:
3549 return ssl_cert_set1_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
3551 return ssl_cert_set0_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
3553 case SSL_CTRL_CHAIN_CERT
:
3555 return ssl_cert_add1_chain_cert(NULL
, ctx
, (X509
*)parg
);
3557 return ssl_cert_add0_chain_cert(NULL
, ctx
, (X509
*)parg
);
3559 case SSL_CTRL_GET_CHAIN_CERTS
:
3560 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
3563 case SSL_CTRL_SELECT_CURRENT_CERT
:
3564 return ssl_cert_select_current(ctx
->cert
, (X509
*)parg
);
3566 case SSL_CTRL_SET_CURRENT_CERT
:
3567 return ssl_cert_set_current(ctx
->cert
, larg
);
3575 long ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
3578 #ifndef OPENSSL_NO_DH
3579 case SSL_CTRL_SET_TMP_DH_CB
:
3581 ctx
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3585 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
3586 ctx
->ext
.servername_cb
= (int (*)(SSL
*, int *, void *))fp
;
3589 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
3590 ctx
->ext
.status_cb
= (int (*)(SSL
*, void *))fp
;
3593 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
3594 ctx
->ext
.ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
3597 HMAC_CTX
*, int))fp
;
3600 #ifndef OPENSSL_NO_SRP
3601 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB
:
3602 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3603 ctx
->srp_ctx
.SRP_verify_param_callback
= (int (*)(SSL
*, void *))fp
;
3605 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
:
3606 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3607 ctx
->srp_ctx
.TLS_ext_srp_username_callback
=
3608 (int (*)(SSL
*, int *, void *))fp
;
3610 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB
:
3611 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3612 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3613 (char *(*)(SSL
*, void *))fp
;
3616 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3618 ctx
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3627 const SSL_CIPHER
*ssl3_get_cipher_by_id(uint32_t id
)
3630 const SSL_CIPHER
*cp
;
3633 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
3636 return OBJ_bsearch_ssl_cipher_id(&c
, ssl3_scsvs
, SSL3_NUM_SCSVS
);
3640 * This function needs to check if the ciphers required are actually
3643 const SSL_CIPHER
*ssl3_get_cipher_by_char(const unsigned char *p
)
3645 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3646 | ((uint32_t)p
[0] << 8L)
3650 int ssl3_put_cipher_by_char(const SSL_CIPHER
*c
, WPACKET
*pkt
, size_t *len
)
3652 if ((c
->id
& 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG
) {
3657 if (!WPACKET_put_bytes_u16(pkt
, c
->id
& 0xffff))
3665 * ssl3_choose_cipher - choose a cipher from those offered by the client
3666 * @s: SSL connection
3667 * @clnt: ciphers offered by the client
3668 * @srvr: ciphers enabled on the server?
3670 * Returns the selected cipher or NULL when no common ciphers.
3672 const SSL_CIPHER
*ssl3_choose_cipher(SSL
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
3673 STACK_OF(SSL_CIPHER
) *srvr
)
3675 const SSL_CIPHER
*c
, *ret
= NULL
;
3676 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
3678 unsigned long alg_k
= 0, alg_a
= 0, mask_k
, mask_a
;
3680 /* Let's see which ciphers we can support */
3683 * Do not set the compare functions, because this may lead to a
3684 * reordering by "id". We want to keep the original ordering. We may pay
3685 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3686 * pay with the price of sk_SSL_CIPHER_dup().
3690 fprintf(stderr
, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr
),
3692 for (i
= 0; i
< sk_SSL_CIPHER_num(srvr
); ++i
) {
3693 c
= sk_SSL_CIPHER_value(srvr
, i
);
3694 fprintf(stderr
, "%p:%s\n", (void *)c
, c
->name
);
3696 fprintf(stderr
, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt
),
3698 for (i
= 0; i
< sk_SSL_CIPHER_num(clnt
); ++i
) {
3699 c
= sk_SSL_CIPHER_value(clnt
, i
);
3700 fprintf(stderr
, "%p:%s\n", (void *)c
, c
->name
);
3704 if (s
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
|| tls1_suiteb(s
)) {
3712 tls1_set_cert_validity(s
);
3715 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
3716 c
= sk_SSL_CIPHER_value(prio
, i
);
3718 /* Skip ciphers not supported by the protocol version */
3719 if (!SSL_IS_DTLS(s
) &&
3720 ((s
->version
< c
->min_tls
) || (s
->version
> c
->max_tls
)))
3722 if (SSL_IS_DTLS(s
) &&
3723 (DTLS_VERSION_LT(s
->version
, c
->min_dtls
) ||
3724 DTLS_VERSION_GT(s
->version
, c
->max_dtls
)))
3727 * Since TLS 1.3 ciphersuites can be used with any auth or
3728 * key exchange scheme skip tests.
3730 if (!SSL_IS_TLS13(s
)) {
3731 mask_k
= s
->s3
->tmp
.mask_k
;
3732 mask_a
= s
->s3
->tmp
.mask_a
;
3733 #ifndef OPENSSL_NO_SRP
3734 if (s
->srp_ctx
.srp_Mask
& SSL_kSRP
) {
3740 alg_k
= c
->algorithm_mkey
;
3741 alg_a
= c
->algorithm_auth
;
3743 #ifndef OPENSSL_NO_PSK
3744 /* with PSK there must be server callback set */
3745 if ((alg_k
& SSL_PSK
) && s
->psk_server_callback
== NULL
)
3747 #endif /* OPENSSL_NO_PSK */
3749 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
3751 fprintf(stderr
, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok
, alg_k
,
3752 alg_a
, mask_k
, mask_a
, (void *)c
, c
->name
);
3755 #ifndef OPENSSL_NO_EC
3757 * if we are considering an ECC cipher suite that uses an ephemeral
3760 if (alg_k
& SSL_kECDHE
)
3761 ok
= ok
&& tls1_check_ec_tmp_key(s
, c
->id
);
3762 #endif /* OPENSSL_NO_EC */
3767 ii
= sk_SSL_CIPHER_find(allow
, c
);
3769 /* Check security callback permits this cipher */
3770 if (!ssl_security(s
, SSL_SECOP_CIPHER_SHARED
,
3771 c
->strength_bits
, 0, (void *)c
))
3773 #if !defined(OPENSSL_NO_EC)
3774 if ((alg_k
& SSL_kECDHE
) && (alg_a
& SSL_aECDSA
)
3775 && s
->s3
->is_probably_safari
) {
3777 ret
= sk_SSL_CIPHER_value(allow
, ii
);
3781 ret
= sk_SSL_CIPHER_value(allow
, ii
);
3788 int ssl3_get_req_cert_type(SSL
*s
, WPACKET
*pkt
)
3790 uint32_t alg_k
, alg_a
= 0;
3792 /* If we have custom certificate types set, use them */
3794 return WPACKET_memcpy(pkt
, s
->cert
->ctype
, s
->cert
->ctype_len
);
3795 /* Get mask of algorithms disabled by signature list */
3796 ssl_set_sig_mask(&alg_a
, s
, SSL_SECOP_SIGALG_MASK
);
3798 alg_k
= s
->s3
->tmp
.new_cipher
->algorithm_mkey
;
3800 #ifndef OPENSSL_NO_GOST
3801 if (s
->version
>= TLS1_VERSION
&& (alg_k
& SSL_kGOST
))
3802 return WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST01_SIGN
)
3803 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_SIGN
)
3804 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_512_SIGN
);
3807 if ((s
->version
== SSL3_VERSION
) && (alg_k
& SSL_kDHE
)) {
3808 #ifndef OPENSSL_NO_DH
3809 # ifndef OPENSSL_NO_RSA
3810 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_EPHEMERAL_DH
))
3813 # ifndef OPENSSL_NO_DSA
3814 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_EPHEMERAL_DH
))
3817 #endif /* !OPENSSL_NO_DH */
3819 #ifndef OPENSSL_NO_RSA
3820 if (!(alg_a
& SSL_aRSA
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_SIGN
))
3823 #ifndef OPENSSL_NO_DSA
3824 if (!(alg_a
& SSL_aDSS
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_SIGN
))
3827 #ifndef OPENSSL_NO_EC
3829 * ECDSA certs can be used with RSA cipher suites too so we don't
3830 * need to check for SSL_kECDH or SSL_kECDHE
3832 if (s
->version
>= TLS1_VERSION
3833 && !(alg_a
& SSL_aECDSA
)
3834 && !WPACKET_put_bytes_u8(pkt
, TLS_CT_ECDSA_SIGN
))
3840 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
)
3842 OPENSSL_free(c
->ctype
);
3845 if (p
== NULL
|| len
== 0)
3849 c
->ctype
= OPENSSL_memdup(p
, len
);
3850 if (c
->ctype
== NULL
)
3856 int ssl3_shutdown(SSL
*s
)
3861 * Don't do anything much if we have not done the handshake or we don't
3862 * want to send messages :-)
3864 if (s
->quiet_shutdown
|| SSL_in_before(s
)) {
3865 s
->shutdown
= (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
3869 if (!(s
->shutdown
& SSL_SENT_SHUTDOWN
)) {
3870 s
->shutdown
|= SSL_SENT_SHUTDOWN
;
3871 ssl3_send_alert(s
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
3873 * our shutdown alert has been sent now, and if it still needs to be
3874 * written, s->s3->alert_dispatch will be true
3876 if (s
->s3
->alert_dispatch
)
3877 return (-1); /* return WANT_WRITE */
3878 } else if (s
->s3
->alert_dispatch
) {
3879 /* resend it if not sent */
3880 ret
= s
->method
->ssl_dispatch_alert(s
);
3883 * we only get to return -1 here the 2nd/Nth invocation, we must
3884 * have already signalled return 0 upon a previous invocation,
3889 } else if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
3892 * If we are waiting for a close from our peer, we are closed
3894 s
->method
->ssl_read_bytes(s
, 0, NULL
, NULL
, 0, 0, &readbytes
);
3895 if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
3896 return -1; /* return WANT_READ */
3900 if ((s
->shutdown
== (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
)) &&
3901 !s
->s3
->alert_dispatch
)
3907 int ssl3_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
3910 if (s
->s3
->renegotiate
)
3911 ssl3_renegotiate_check(s
, 0);
3913 return s
->method
->ssl_write_bytes(s
, SSL3_RT_APPLICATION_DATA
, buf
, len
,
3917 static int ssl3_read_internal(SSL
*s
, void *buf
, size_t len
, int peek
,
3923 if (s
->s3
->renegotiate
)
3924 ssl3_renegotiate_check(s
, 0);
3925 s
->s3
->in_read_app_data
= 1;
3927 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
, len
,
3929 if ((ret
== -1) && (s
->s3
->in_read_app_data
== 2)) {
3931 * ssl3_read_bytes decided to call s->handshake_func, which called
3932 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3933 * actually found application data and thinks that application data
3934 * makes sense here; so disable handshake processing and try to read
3935 * application data again.
3937 ossl_statem_set_in_handshake(s
, 1);
3939 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
,
3940 len
, peek
, readbytes
);
3941 ossl_statem_set_in_handshake(s
, 0);
3943 s
->s3
->in_read_app_data
= 0;
3948 int ssl3_read(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
3950 return ssl3_read_internal(s
, buf
, len
, 0, readbytes
);
3953 int ssl3_peek(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
3955 return ssl3_read_internal(s
, buf
, len
, 1, readbytes
);
3958 int ssl3_renegotiate(SSL
*s
)
3960 if (s
->handshake_func
== NULL
)
3963 s
->s3
->renegotiate
= 1;
3968 * Check if we are waiting to do a renegotiation and if so whether now is a
3969 * good time to do it. If |initok| is true then we are being called from inside
3970 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3971 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3972 * should do a renegotiation now and sets up the state machine for it. Otherwise
3975 int ssl3_renegotiate_check(SSL
*s
, int initok
)
3979 if (s
->s3
->renegotiate
) {
3980 if (!RECORD_LAYER_read_pending(&s
->rlayer
)
3981 && !RECORD_LAYER_write_pending(&s
->rlayer
)
3982 && (initok
|| !SSL_in_init(s
))) {
3984 * if we are the server, and we have sent a 'RENEGOTIATE'
3985 * message, we need to set the state machine into the renegotiate
3988 ossl_statem_set_renegotiate(s
);
3989 s
->s3
->renegotiate
= 0;
3990 s
->s3
->num_renegotiations
++;
3991 s
->s3
->total_renegotiations
++;
3999 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4000 * handshake macs if required.
4002 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4004 long ssl_get_algorithm2(SSL
*s
)
4007 if (s
->s3
== NULL
|| s
->s3
->tmp
.new_cipher
== NULL
)
4009 alg2
= s
->s3
->tmp
.new_cipher
->algorithm2
;
4010 if (s
->method
->ssl3_enc
->enc_flags
& SSL_ENC_FLAG_SHA256_PRF
) {
4011 if (alg2
== (SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
))
4012 return SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
;
4013 } else if (s
->s3
->tmp
.new_cipher
->algorithm_mkey
& SSL_PSK
) {
4014 if (alg2
== (SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
))
4015 return SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
;
4021 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4022 * failure, 1 on success.
4024 int ssl_fill_hello_random(SSL
*s
, int server
, unsigned char *result
, size_t len
,
4027 int send_time
= 0, ret
;
4032 send_time
= (s
->mode
& SSL_MODE_SEND_SERVERHELLO_TIME
) != 0;
4034 send_time
= (s
->mode
& SSL_MODE_SEND_CLIENTHELLO_TIME
) != 0;
4036 unsigned long Time
= (unsigned long)time(NULL
);
4037 unsigned char *p
= result
;
4039 /* TODO(size_t): Convert this */
4040 ret
= RAND_bytes(p
, (int)(len
- 4));
4042 ret
= RAND_bytes(result
, (int)len
);
4044 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4046 if (!ossl_assert(sizeof(tls11downgrade
) < len
)
4047 || !ossl_assert(sizeof(tls12downgrade
) < len
))
4049 if (dgrd
== DOWNGRADE_TO_1_2
)
4050 memcpy(result
+ len
- sizeof(tls12downgrade
), tls12downgrade
,
4051 sizeof(tls12downgrade
));
4052 else if (dgrd
== DOWNGRADE_TO_1_1
)
4053 memcpy(result
+ len
- sizeof(tls11downgrade
), tls11downgrade
,
4054 sizeof(tls11downgrade
));
4060 int ssl_generate_master_secret(SSL
*s
, unsigned char *pms
, size_t pmslen
,
4063 unsigned long alg_k
= s
->s3
->tmp
.new_cipher
->algorithm_mkey
;
4066 if (alg_k
& SSL_PSK
) {
4067 #ifndef OPENSSL_NO_PSK
4068 unsigned char *pskpms
, *t
;
4069 size_t psklen
= s
->s3
->tmp
.psklen
;
4072 /* create PSK premaster_secret */
4074 /* For plain PSK "other_secret" is psklen zeroes */
4075 if (alg_k
& SSL_kPSK
)
4078 pskpmslen
= 4 + pmslen
+ psklen
;
4079 pskpms
= OPENSSL_malloc(pskpmslen
);
4084 if (alg_k
& SSL_kPSK
)
4085 memset(t
, 0, pmslen
);
4087 memcpy(t
, pms
, pmslen
);
4090 memcpy(t
, s
->s3
->tmp
.psk
, psklen
);
4092 OPENSSL_clear_free(s
->s3
->tmp
.psk
, psklen
);
4093 s
->s3
->tmp
.psk
= NULL
;
4094 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4095 s
->session
->master_key
,pskpms
, pskpmslen
,
4096 &s
->session
->master_key_length
))
4098 OPENSSL_clear_free(pskpms
, pskpmslen
);
4100 /* Should never happen */
4104 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4105 s
->session
->master_key
, pms
, pmslen
,
4106 &s
->session
->master_key_length
))
4114 OPENSSL_clear_free(pms
, pmslen
);
4116 OPENSSL_cleanse(pms
, pmslen
);
4119 s
->s3
->tmp
.pms
= NULL
;
4123 /* Generate a private key from parameters */
4124 EVP_PKEY
*ssl_generate_pkey(EVP_PKEY
*pm
)
4126 EVP_PKEY_CTX
*pctx
= NULL
;
4127 EVP_PKEY
*pkey
= NULL
;
4131 pctx
= EVP_PKEY_CTX_new(pm
, NULL
);
4134 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4136 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4137 EVP_PKEY_free(pkey
);
4142 EVP_PKEY_CTX_free(pctx
);
4145 #ifndef OPENSSL_NO_EC
4146 /* Generate a private key a curve ID */
4147 EVP_PKEY
*ssl_generate_pkey_curve(int id
)
4149 EVP_PKEY_CTX
*pctx
= NULL
;
4150 EVP_PKEY
*pkey
= NULL
;
4151 unsigned int curve_flags
;
4152 int nid
= tls1_ec_curve_id2nid(id
, &curve_flags
);
4156 if ((curve_flags
& TLS_CURVE_TYPE
) == TLS_CURVE_CUSTOM
) {
4157 pctx
= EVP_PKEY_CTX_new_id(nid
, NULL
);
4160 pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
4164 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4166 if (nid
!= 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, nid
) <= 0)
4168 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4169 EVP_PKEY_free(pkey
);
4174 EVP_PKEY_CTX_free(pctx
);
4179 /* Derive secrets for ECDH/DH */
4180 int ssl_derive(SSL
*s
, EVP_PKEY
*privkey
, EVP_PKEY
*pubkey
, int gensecret
)
4183 unsigned char *pms
= NULL
;
4187 if (privkey
== NULL
|| pubkey
== NULL
)
4190 pctx
= EVP_PKEY_CTX_new(privkey
, NULL
);
4192 if (EVP_PKEY_derive_init(pctx
) <= 0
4193 || EVP_PKEY_derive_set_peer(pctx
, pubkey
) <= 0
4194 || EVP_PKEY_derive(pctx
, NULL
, &pmslen
) <= 0) {
4198 pms
= OPENSSL_malloc(pmslen
);
4202 if (EVP_PKEY_derive(pctx
, pms
, &pmslen
) <= 0)
4206 if (SSL_IS_TLS13(s
)) {
4208 * If we are resuming then we already generated the early secret
4209 * when we created the ClientHello, so don't recreate it.
4212 rv
= tls13_generate_secret(s
, ssl_handshake_md(s
), NULL
, NULL
,
4214 (unsigned char *)&s
->early_secret
);
4218 rv
= rv
&& tls13_generate_handshake_secret(s
, pms
, pmslen
);
4220 rv
= ssl_generate_master_secret(s
, pms
, pmslen
, 0);
4223 /* Save premaster secret */
4224 s
->s3
->tmp
.pms
= pms
;
4225 s
->s3
->tmp
.pmslen
= pmslen
;
4231 OPENSSL_clear_free(pms
, pmslen
);
4232 EVP_PKEY_CTX_free(pctx
);
4236 #ifndef OPENSSL_NO_DH
4237 EVP_PKEY
*ssl_dh_to_pkey(DH
*dh
)
4242 ret
= EVP_PKEY_new();
4243 if (EVP_PKEY_set1_DH(ret
, dh
) <= 0) {