2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include "internal/cryptlib.h"
23 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
24 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
25 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
27 /* TLSv1.3 downgrade protection sentinel values */
28 const unsigned char tls11downgrade
[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
31 const unsigned char tls12downgrade
[] = {
32 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
35 /* The list of available TLSv1.3 ciphers */
36 static SSL_CIPHER tls13_ciphers
[] = {
39 TLS1_3_RFC_AES_128_GCM_SHA256
,
40 TLS1_3_RFC_AES_128_GCM_SHA256
,
41 TLS1_3_CK_AES_128_GCM_SHA256
,
46 TLS1_3_VERSION
, TLS1_3_VERSION
,
49 SSL_HANDSHAKE_MAC_SHA256
,
54 TLS1_3_RFC_AES_256_GCM_SHA384
,
55 TLS1_3_RFC_AES_256_GCM_SHA384
,
56 TLS1_3_CK_AES_256_GCM_SHA384
,
61 TLS1_3_VERSION
, TLS1_3_VERSION
,
64 SSL_HANDSHAKE_MAC_SHA384
,
68 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
73 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
78 TLS1_3_VERSION
, TLS1_3_VERSION
,
81 SSL_HANDSHAKE_MAC_SHA256
,
88 TLS1_3_RFC_AES_128_CCM_SHA256
,
89 TLS1_3_RFC_AES_128_CCM_SHA256
,
90 TLS1_3_CK_AES_128_CCM_SHA256
,
95 TLS1_3_VERSION
, TLS1_3_VERSION
,
97 SSL_NOT_DEFAULT
| SSL_HIGH
,
98 SSL_HANDSHAKE_MAC_SHA256
,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256
,
104 TLS1_3_RFC_AES_128_CCM_8_SHA256
,
105 TLS1_3_CK_AES_128_CCM_8_SHA256
,
110 TLS1_3_VERSION
, TLS1_3_VERSION
,
112 SSL_NOT_DEFAULT
| SSL_HIGH
,
113 SSL_HANDSHAKE_MAC_SHA256
,
120 * The list of available ciphers, mostly organized into the following
125 * SRP (within that: RSA EC PSK)
126 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
129 static SSL_CIPHER ssl3_ciphers
[] = {
132 SSL3_TXT_RSA_NULL_MD5
,
133 SSL3_RFC_RSA_NULL_MD5
,
134 SSL3_CK_RSA_NULL_MD5
,
139 SSL3_VERSION
, TLS1_2_VERSION
,
140 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
142 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
148 SSL3_TXT_RSA_NULL_SHA
,
149 SSL3_RFC_RSA_NULL_SHA
,
150 SSL3_CK_RSA_NULL_SHA
,
155 SSL3_VERSION
, TLS1_2_VERSION
,
156 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
157 SSL_STRONG_NONE
| SSL_FIPS
,
158 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
162 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
165 SSL3_TXT_RSA_DES_192_CBC3_SHA
,
166 SSL3_RFC_RSA_DES_192_CBC3_SHA
,
167 SSL3_CK_RSA_DES_192_CBC3_SHA
,
172 SSL3_VERSION
, TLS1_2_VERSION
,
173 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
174 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
175 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
181 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA
,
182 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA
,
183 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
,
188 SSL3_VERSION
, TLS1_2_VERSION
,
189 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
190 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
191 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
197 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA
,
198 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA
,
199 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
,
204 SSL3_VERSION
, TLS1_2_VERSION
,
205 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
206 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
207 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
213 SSL3_TXT_ADH_DES_192_CBC_SHA
,
214 SSL3_RFC_ADH_DES_192_CBC_SHA
,
215 SSL3_CK_ADH_DES_192_CBC_SHA
,
220 SSL3_VERSION
, TLS1_2_VERSION
,
221 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
222 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
223 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
230 TLS1_TXT_RSA_WITH_AES_128_SHA
,
231 TLS1_RFC_RSA_WITH_AES_128_SHA
,
232 TLS1_CK_RSA_WITH_AES_128_SHA
,
237 SSL3_VERSION
, TLS1_2_VERSION
,
238 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
240 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
246 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA
,
247 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA
,
248 TLS1_CK_DHE_DSS_WITH_AES_128_SHA
,
253 SSL3_VERSION
, TLS1_2_VERSION
,
254 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
255 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
256 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
262 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
263 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA
,
264 TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
269 SSL3_VERSION
, TLS1_2_VERSION
,
270 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
272 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
278 TLS1_TXT_ADH_WITH_AES_128_SHA
,
279 TLS1_RFC_ADH_WITH_AES_128_SHA
,
280 TLS1_CK_ADH_WITH_AES_128_SHA
,
285 SSL3_VERSION
, TLS1_2_VERSION
,
286 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
287 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
288 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
294 TLS1_TXT_RSA_WITH_AES_256_SHA
,
295 TLS1_RFC_RSA_WITH_AES_256_SHA
,
296 TLS1_CK_RSA_WITH_AES_256_SHA
,
301 SSL3_VERSION
, TLS1_2_VERSION
,
302 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
304 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
310 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA
,
311 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA
,
312 TLS1_CK_DHE_DSS_WITH_AES_256_SHA
,
317 SSL3_VERSION
, TLS1_2_VERSION
,
318 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
319 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
320 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
326 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
327 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA
,
328 TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
333 SSL3_VERSION
, TLS1_2_VERSION
,
334 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
336 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
342 TLS1_TXT_ADH_WITH_AES_256_SHA
,
343 TLS1_RFC_ADH_WITH_AES_256_SHA
,
344 TLS1_CK_ADH_WITH_AES_256_SHA
,
349 SSL3_VERSION
, TLS1_2_VERSION
,
350 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
351 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
352 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
358 TLS1_TXT_RSA_WITH_NULL_SHA256
,
359 TLS1_RFC_RSA_WITH_NULL_SHA256
,
360 TLS1_CK_RSA_WITH_NULL_SHA256
,
365 TLS1_2_VERSION
, TLS1_2_VERSION
,
366 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
367 SSL_STRONG_NONE
| SSL_FIPS
,
368 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
374 TLS1_TXT_RSA_WITH_AES_128_SHA256
,
375 TLS1_RFC_RSA_WITH_AES_128_SHA256
,
376 TLS1_CK_RSA_WITH_AES_128_SHA256
,
381 TLS1_2_VERSION
, TLS1_2_VERSION
,
382 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
384 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
390 TLS1_TXT_RSA_WITH_AES_256_SHA256
,
391 TLS1_RFC_RSA_WITH_AES_256_SHA256
,
392 TLS1_CK_RSA_WITH_AES_256_SHA256
,
397 TLS1_2_VERSION
, TLS1_2_VERSION
,
398 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
400 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
406 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256
,
407 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256
,
408 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256
,
413 TLS1_2_VERSION
, TLS1_2_VERSION
,
414 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
415 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
416 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
422 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
423 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256
,
424 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
429 TLS1_2_VERSION
, TLS1_2_VERSION
,
430 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
432 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
438 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256
,
439 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256
,
440 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256
,
445 TLS1_2_VERSION
, TLS1_2_VERSION
,
446 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
447 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
448 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
454 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
455 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256
,
456 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
461 TLS1_2_VERSION
, TLS1_2_VERSION
,
462 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
464 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
470 TLS1_TXT_ADH_WITH_AES_128_SHA256
,
471 TLS1_RFC_ADH_WITH_AES_128_SHA256
,
472 TLS1_CK_ADH_WITH_AES_128_SHA256
,
477 TLS1_2_VERSION
, TLS1_2_VERSION
,
478 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
479 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
480 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
486 TLS1_TXT_ADH_WITH_AES_256_SHA256
,
487 TLS1_RFC_ADH_WITH_AES_256_SHA256
,
488 TLS1_CK_ADH_WITH_AES_256_SHA256
,
493 TLS1_2_VERSION
, TLS1_2_VERSION
,
494 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
495 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
496 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
502 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
503 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256
,
504 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
509 TLS1_2_VERSION
, TLS1_2_VERSION
,
510 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
512 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
518 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
519 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384
,
520 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
525 TLS1_2_VERSION
, TLS1_2_VERSION
,
526 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
528 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
534 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
535 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256
,
536 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
541 TLS1_2_VERSION
, TLS1_2_VERSION
,
542 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
544 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
550 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
551 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384
,
552 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
557 TLS1_2_VERSION
, TLS1_2_VERSION
,
558 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
560 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
566 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256
,
567 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256
,
568 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256
,
573 TLS1_2_VERSION
, TLS1_2_VERSION
,
574 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
575 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
576 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
582 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384
,
583 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384
,
584 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384
,
589 TLS1_2_VERSION
, TLS1_2_VERSION
,
590 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
591 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
592 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
598 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
599 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256
,
600 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
605 TLS1_2_VERSION
, TLS1_2_VERSION
,
606 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
607 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
608 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
614 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
615 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384
,
616 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
621 TLS1_2_VERSION
, TLS1_2_VERSION
,
622 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
623 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
624 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
630 TLS1_TXT_RSA_WITH_AES_128_CCM
,
631 TLS1_RFC_RSA_WITH_AES_128_CCM
,
632 TLS1_CK_RSA_WITH_AES_128_CCM
,
637 TLS1_2_VERSION
, TLS1_2_VERSION
,
638 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
639 SSL_NOT_DEFAULT
| SSL_HIGH
,
640 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
646 TLS1_TXT_RSA_WITH_AES_256_CCM
,
647 TLS1_RFC_RSA_WITH_AES_256_CCM
,
648 TLS1_CK_RSA_WITH_AES_256_CCM
,
653 TLS1_2_VERSION
, TLS1_2_VERSION
,
654 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
655 SSL_NOT_DEFAULT
| SSL_HIGH
,
656 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
662 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM
,
663 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM
,
664 TLS1_CK_DHE_RSA_WITH_AES_128_CCM
,
669 TLS1_2_VERSION
, TLS1_2_VERSION
,
670 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
671 SSL_NOT_DEFAULT
| SSL_HIGH
,
672 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
678 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM
,
679 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM
,
680 TLS1_CK_DHE_RSA_WITH_AES_256_CCM
,
685 TLS1_2_VERSION
, TLS1_2_VERSION
,
686 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
687 SSL_NOT_DEFAULT
| SSL_HIGH
,
688 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
694 TLS1_TXT_RSA_WITH_AES_128_CCM_8
,
695 TLS1_RFC_RSA_WITH_AES_128_CCM_8
,
696 TLS1_CK_RSA_WITH_AES_128_CCM_8
,
701 TLS1_2_VERSION
, TLS1_2_VERSION
,
702 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
703 SSL_NOT_DEFAULT
| SSL_HIGH
,
704 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
710 TLS1_TXT_RSA_WITH_AES_256_CCM_8
,
711 TLS1_RFC_RSA_WITH_AES_256_CCM_8
,
712 TLS1_CK_RSA_WITH_AES_256_CCM_8
,
717 TLS1_2_VERSION
, TLS1_2_VERSION
,
718 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
719 SSL_NOT_DEFAULT
| SSL_HIGH
,
720 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
726 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8
,
727 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8
,
728 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8
,
733 TLS1_2_VERSION
, TLS1_2_VERSION
,
734 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
735 SSL_NOT_DEFAULT
| SSL_HIGH
,
736 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
742 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8
,
743 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8
,
744 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8
,
749 TLS1_2_VERSION
, TLS1_2_VERSION
,
750 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
751 SSL_NOT_DEFAULT
| SSL_HIGH
,
752 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
758 TLS1_TXT_PSK_WITH_AES_128_CCM
,
759 TLS1_RFC_PSK_WITH_AES_128_CCM
,
760 TLS1_CK_PSK_WITH_AES_128_CCM
,
765 TLS1_2_VERSION
, TLS1_2_VERSION
,
766 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
767 SSL_NOT_DEFAULT
| SSL_HIGH
,
768 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
774 TLS1_TXT_PSK_WITH_AES_256_CCM
,
775 TLS1_RFC_PSK_WITH_AES_256_CCM
,
776 TLS1_CK_PSK_WITH_AES_256_CCM
,
781 TLS1_2_VERSION
, TLS1_2_VERSION
,
782 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
783 SSL_NOT_DEFAULT
| SSL_HIGH
,
784 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
790 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM
,
791 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM
,
792 TLS1_CK_DHE_PSK_WITH_AES_128_CCM
,
797 TLS1_2_VERSION
, TLS1_2_VERSION
,
798 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
799 SSL_NOT_DEFAULT
| SSL_HIGH
,
800 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
806 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM
,
807 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM
,
808 TLS1_CK_DHE_PSK_WITH_AES_256_CCM
,
813 TLS1_2_VERSION
, TLS1_2_VERSION
,
814 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
815 SSL_NOT_DEFAULT
| SSL_HIGH
,
816 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
822 TLS1_TXT_PSK_WITH_AES_128_CCM_8
,
823 TLS1_RFC_PSK_WITH_AES_128_CCM_8
,
824 TLS1_CK_PSK_WITH_AES_128_CCM_8
,
829 TLS1_2_VERSION
, TLS1_2_VERSION
,
830 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
831 SSL_NOT_DEFAULT
| SSL_HIGH
,
832 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
838 TLS1_TXT_PSK_WITH_AES_256_CCM_8
,
839 TLS1_RFC_PSK_WITH_AES_256_CCM_8
,
840 TLS1_CK_PSK_WITH_AES_256_CCM_8
,
845 TLS1_2_VERSION
, TLS1_2_VERSION
,
846 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
847 SSL_NOT_DEFAULT
| SSL_HIGH
,
848 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
854 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8
,
855 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8
,
856 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8
,
861 TLS1_2_VERSION
, TLS1_2_VERSION
,
862 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
863 SSL_NOT_DEFAULT
| SSL_HIGH
,
864 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
870 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8
,
871 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8
,
872 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8
,
877 TLS1_2_VERSION
, TLS1_2_VERSION
,
878 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
879 SSL_NOT_DEFAULT
| SSL_HIGH
,
880 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
886 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM
,
887 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM
,
888 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM
,
893 TLS1_2_VERSION
, TLS1_2_VERSION
,
894 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
895 SSL_NOT_DEFAULT
| SSL_HIGH
,
896 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
902 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM
,
903 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM
,
904 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM
,
909 TLS1_2_VERSION
, TLS1_2_VERSION
,
910 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
911 SSL_NOT_DEFAULT
| SSL_HIGH
,
912 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
918 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
919 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
920 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
925 TLS1_2_VERSION
, TLS1_2_VERSION
,
926 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
927 SSL_NOT_DEFAULT
| SSL_HIGH
,
928 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
934 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
935 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
936 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
941 TLS1_2_VERSION
, TLS1_2_VERSION
,
942 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
943 SSL_NOT_DEFAULT
| SSL_HIGH
,
944 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
950 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
951 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA
,
952 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
957 TLS1_VERSION
, TLS1_2_VERSION
,
958 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
959 SSL_STRONG_NONE
| SSL_FIPS
,
960 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
964 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
967 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
968 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
969 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
974 TLS1_VERSION
, TLS1_2_VERSION
,
975 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
976 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
977 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
984 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
985 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
986 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
991 TLS1_VERSION
, TLS1_2_VERSION
,
992 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
994 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1000 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1001 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1002 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1007 TLS1_VERSION
, TLS1_2_VERSION
,
1008 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1009 SSL_HIGH
| SSL_FIPS
,
1010 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1016 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
1017 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA
,
1018 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
1023 TLS1_VERSION
, TLS1_2_VERSION
,
1024 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1025 SSL_STRONG_NONE
| SSL_FIPS
,
1026 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1030 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1033 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1034 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1035 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1040 TLS1_VERSION
, TLS1_2_VERSION
,
1041 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1042 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1043 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1050 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1051 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1052 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1057 TLS1_VERSION
, TLS1_2_VERSION
,
1058 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1059 SSL_HIGH
| SSL_FIPS
,
1060 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1066 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1067 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1068 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1073 TLS1_VERSION
, TLS1_2_VERSION
,
1074 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1075 SSL_HIGH
| SSL_FIPS
,
1076 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1082 TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1083 TLS1_RFC_ECDH_anon_WITH_NULL_SHA
,
1084 TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1089 TLS1_VERSION
, TLS1_2_VERSION
,
1090 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1091 SSL_STRONG_NONE
| SSL_FIPS
,
1092 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1096 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1099 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1100 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1101 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1106 TLS1_VERSION
, TLS1_2_VERSION
,
1107 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1108 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1109 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1116 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1117 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA
,
1118 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1123 TLS1_VERSION
, TLS1_2_VERSION
,
1124 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1125 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1126 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1132 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1133 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA
,
1134 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1139 TLS1_VERSION
, TLS1_2_VERSION
,
1140 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1141 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1142 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1148 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1149 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1150 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1155 TLS1_2_VERSION
, TLS1_2_VERSION
,
1156 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1157 SSL_HIGH
| SSL_FIPS
,
1158 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1164 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1165 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1166 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1171 TLS1_2_VERSION
, TLS1_2_VERSION
,
1172 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1173 SSL_HIGH
| SSL_FIPS
,
1174 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1180 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1181 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256
,
1182 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1187 TLS1_2_VERSION
, TLS1_2_VERSION
,
1188 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1189 SSL_HIGH
| SSL_FIPS
,
1190 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1196 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1197 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384
,
1198 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1203 TLS1_2_VERSION
, TLS1_2_VERSION
,
1204 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1205 SSL_HIGH
| SSL_FIPS
,
1206 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1212 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1213 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1214 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1219 TLS1_2_VERSION
, TLS1_2_VERSION
,
1220 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1221 SSL_HIGH
| SSL_FIPS
,
1222 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1228 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1229 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1230 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1235 TLS1_2_VERSION
, TLS1_2_VERSION
,
1236 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1237 SSL_HIGH
| SSL_FIPS
,
1238 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1244 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1245 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1246 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1251 TLS1_2_VERSION
, TLS1_2_VERSION
,
1252 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1253 SSL_HIGH
| SSL_FIPS
,
1254 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1260 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1261 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1262 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1267 TLS1_2_VERSION
, TLS1_2_VERSION
,
1268 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1269 SSL_HIGH
| SSL_FIPS
,
1270 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1276 TLS1_TXT_PSK_WITH_NULL_SHA
,
1277 TLS1_RFC_PSK_WITH_NULL_SHA
,
1278 TLS1_CK_PSK_WITH_NULL_SHA
,
1283 SSL3_VERSION
, TLS1_2_VERSION
,
1284 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1285 SSL_STRONG_NONE
| SSL_FIPS
,
1286 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1292 TLS1_TXT_DHE_PSK_WITH_NULL_SHA
,
1293 TLS1_RFC_DHE_PSK_WITH_NULL_SHA
,
1294 TLS1_CK_DHE_PSK_WITH_NULL_SHA
,
1299 SSL3_VERSION
, TLS1_2_VERSION
,
1300 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1301 SSL_STRONG_NONE
| SSL_FIPS
,
1302 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1308 TLS1_TXT_RSA_PSK_WITH_NULL_SHA
,
1309 TLS1_RFC_RSA_PSK_WITH_NULL_SHA
,
1310 TLS1_CK_RSA_PSK_WITH_NULL_SHA
,
1315 SSL3_VERSION
, TLS1_2_VERSION
,
1316 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1317 SSL_STRONG_NONE
| SSL_FIPS
,
1318 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1322 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1325 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA
,
1326 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA
,
1327 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA
,
1332 SSL3_VERSION
, TLS1_2_VERSION
,
1333 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1334 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1335 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1342 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA
,
1343 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA
,
1344 TLS1_CK_PSK_WITH_AES_128_CBC_SHA
,
1349 SSL3_VERSION
, TLS1_2_VERSION
,
1350 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1351 SSL_HIGH
| SSL_FIPS
,
1352 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1358 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA
,
1359 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA
,
1360 TLS1_CK_PSK_WITH_AES_256_CBC_SHA
,
1365 SSL3_VERSION
, TLS1_2_VERSION
,
1366 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1367 SSL_HIGH
| SSL_FIPS
,
1368 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1372 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1375 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1376 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1377 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1382 SSL3_VERSION
, TLS1_2_VERSION
,
1383 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1384 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1385 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1392 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA
,
1393 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA
,
1394 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA
,
1399 SSL3_VERSION
, TLS1_2_VERSION
,
1400 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1401 SSL_HIGH
| SSL_FIPS
,
1402 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1408 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA
,
1409 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA
,
1410 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA
,
1415 SSL3_VERSION
, TLS1_2_VERSION
,
1416 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1417 SSL_HIGH
| SSL_FIPS
,
1418 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1422 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1425 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1426 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1427 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1432 SSL3_VERSION
, TLS1_2_VERSION
,
1433 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1434 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1435 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1442 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA
,
1443 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA
,
1444 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA
,
1449 SSL3_VERSION
, TLS1_2_VERSION
,
1450 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1451 SSL_HIGH
| SSL_FIPS
,
1452 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1458 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA
,
1459 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA
,
1460 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA
,
1465 SSL3_VERSION
, TLS1_2_VERSION
,
1466 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1467 SSL_HIGH
| SSL_FIPS
,
1468 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1474 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256
,
1475 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256
,
1476 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256
,
1481 TLS1_2_VERSION
, TLS1_2_VERSION
,
1482 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1483 SSL_HIGH
| SSL_FIPS
,
1484 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1490 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384
,
1491 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384
,
1492 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384
,
1497 TLS1_2_VERSION
, TLS1_2_VERSION
,
1498 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1499 SSL_HIGH
| SSL_FIPS
,
1500 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1506 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1507 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1508 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1513 TLS1_2_VERSION
, TLS1_2_VERSION
,
1514 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1515 SSL_HIGH
| SSL_FIPS
,
1516 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1522 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1523 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1524 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1529 TLS1_2_VERSION
, TLS1_2_VERSION
,
1530 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1531 SSL_HIGH
| SSL_FIPS
,
1532 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1538 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1539 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1540 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1545 TLS1_2_VERSION
, TLS1_2_VERSION
,
1546 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1547 SSL_HIGH
| SSL_FIPS
,
1548 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1554 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1555 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1556 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1561 TLS1_2_VERSION
, TLS1_2_VERSION
,
1562 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1563 SSL_HIGH
| SSL_FIPS
,
1564 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1570 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256
,
1571 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256
,
1572 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256
,
1577 TLS1_VERSION
, TLS1_2_VERSION
,
1578 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1579 SSL_HIGH
| SSL_FIPS
,
1580 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1586 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384
,
1587 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384
,
1588 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384
,
1593 TLS1_VERSION
, TLS1_2_VERSION
,
1594 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1595 SSL_HIGH
| SSL_FIPS
,
1596 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1602 TLS1_TXT_PSK_WITH_NULL_SHA256
,
1603 TLS1_RFC_PSK_WITH_NULL_SHA256
,
1604 TLS1_CK_PSK_WITH_NULL_SHA256
,
1609 TLS1_VERSION
, TLS1_2_VERSION
,
1610 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1611 SSL_STRONG_NONE
| SSL_FIPS
,
1612 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1618 TLS1_TXT_PSK_WITH_NULL_SHA384
,
1619 TLS1_RFC_PSK_WITH_NULL_SHA384
,
1620 TLS1_CK_PSK_WITH_NULL_SHA384
,
1625 TLS1_VERSION
, TLS1_2_VERSION
,
1626 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1627 SSL_STRONG_NONE
| SSL_FIPS
,
1628 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1634 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1635 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1636 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1641 TLS1_VERSION
, TLS1_2_VERSION
,
1642 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1643 SSL_HIGH
| SSL_FIPS
,
1644 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1650 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1651 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1652 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1657 TLS1_VERSION
, TLS1_2_VERSION
,
1658 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1659 SSL_HIGH
| SSL_FIPS
,
1660 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1666 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256
,
1667 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256
,
1668 TLS1_CK_DHE_PSK_WITH_NULL_SHA256
,
1673 TLS1_VERSION
, TLS1_2_VERSION
,
1674 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1675 SSL_STRONG_NONE
| SSL_FIPS
,
1676 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1682 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384
,
1683 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384
,
1684 TLS1_CK_DHE_PSK_WITH_NULL_SHA384
,
1689 TLS1_VERSION
, TLS1_2_VERSION
,
1690 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1691 SSL_STRONG_NONE
| SSL_FIPS
,
1692 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1698 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1699 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1700 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1705 TLS1_VERSION
, TLS1_2_VERSION
,
1706 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1707 SSL_HIGH
| SSL_FIPS
,
1708 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1714 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1715 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1716 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1721 TLS1_VERSION
, TLS1_2_VERSION
,
1722 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1723 SSL_HIGH
| SSL_FIPS
,
1724 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1730 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256
,
1731 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256
,
1732 TLS1_CK_RSA_PSK_WITH_NULL_SHA256
,
1737 TLS1_VERSION
, TLS1_2_VERSION
,
1738 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1739 SSL_STRONG_NONE
| SSL_FIPS
,
1740 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1746 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384
,
1747 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384
,
1748 TLS1_CK_RSA_PSK_WITH_NULL_SHA384
,
1753 TLS1_VERSION
, TLS1_2_VERSION
,
1754 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1755 SSL_STRONG_NONE
| SSL_FIPS
,
1756 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1760 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1763 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1764 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1765 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1770 TLS1_VERSION
, TLS1_2_VERSION
,
1771 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1772 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1773 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1780 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1781 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1782 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1787 TLS1_VERSION
, TLS1_2_VERSION
,
1788 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1789 SSL_HIGH
| SSL_FIPS
,
1790 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1796 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1797 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1798 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1803 TLS1_VERSION
, TLS1_2_VERSION
,
1804 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1805 SSL_HIGH
| SSL_FIPS
,
1806 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1812 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1813 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1814 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1819 TLS1_VERSION
, TLS1_2_VERSION
,
1820 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1821 SSL_HIGH
| SSL_FIPS
,
1822 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1828 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1829 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1830 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1835 TLS1_VERSION
, TLS1_2_VERSION
,
1836 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1837 SSL_HIGH
| SSL_FIPS
,
1838 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1844 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA
,
1845 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA
,
1846 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA
,
1851 TLS1_VERSION
, TLS1_2_VERSION
,
1852 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1853 SSL_STRONG_NONE
| SSL_FIPS
,
1854 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1860 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256
,
1861 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256
,
1862 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256
,
1867 TLS1_VERSION
, TLS1_2_VERSION
,
1868 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1869 SSL_STRONG_NONE
| SSL_FIPS
,
1870 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1876 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384
,
1877 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384
,
1878 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384
,
1883 TLS1_VERSION
, TLS1_2_VERSION
,
1884 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1885 SSL_STRONG_NONE
| SSL_FIPS
,
1886 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1891 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1894 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1895 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1896 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1901 SSL3_VERSION
, TLS1_2_VERSION
,
1902 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1903 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1904 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1910 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1911 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1912 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1917 SSL3_VERSION
, TLS1_2_VERSION
,
1918 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1919 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1920 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1926 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1927 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1928 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1933 SSL3_VERSION
, TLS1_2_VERSION
,
1934 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1935 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1936 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1943 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA
,
1944 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA
,
1945 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA
,
1950 SSL3_VERSION
, TLS1_2_VERSION
,
1951 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1953 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1959 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1960 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1961 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1966 SSL3_VERSION
, TLS1_2_VERSION
,
1967 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1969 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1975 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1976 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1977 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1982 SSL3_VERSION
, TLS1_2_VERSION
,
1983 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1984 SSL_NOT_DEFAULT
| SSL_HIGH
,
1985 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1991 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA
,
1992 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA
,
1993 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA
,
1998 SSL3_VERSION
, TLS1_2_VERSION
,
1999 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2001 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2007 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2008 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2009 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2014 SSL3_VERSION
, TLS1_2_VERSION
,
2015 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2017 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2023 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2024 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2025 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2030 SSL3_VERSION
, TLS1_2_VERSION
,
2031 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2032 SSL_NOT_DEFAULT
| SSL_HIGH
,
2033 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2038 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2041 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
2042 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305
,
2043 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305
,
2046 SSL_CHACHA20POLY1305
,
2048 TLS1_2_VERSION
, TLS1_2_VERSION
,
2049 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2051 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2057 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2058 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2059 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2062 SSL_CHACHA20POLY1305
,
2064 TLS1_2_VERSION
, TLS1_2_VERSION
,
2065 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2067 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2073 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2074 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2075 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2078 SSL_CHACHA20POLY1305
,
2080 TLS1_2_VERSION
, TLS1_2_VERSION
,
2081 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2083 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2089 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305
,
2090 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305
,
2091 TLS1_CK_PSK_WITH_CHACHA20_POLY1305
,
2094 SSL_CHACHA20POLY1305
,
2096 TLS1_2_VERSION
, TLS1_2_VERSION
,
2097 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2099 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2105 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2106 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2107 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2110 SSL_CHACHA20POLY1305
,
2112 TLS1_2_VERSION
, TLS1_2_VERSION
,
2113 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2115 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2121 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305
,
2122 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305
,
2123 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305
,
2126 SSL_CHACHA20POLY1305
,
2128 TLS1_2_VERSION
, TLS1_2_VERSION
,
2129 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2131 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2137 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305
,
2138 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305
,
2139 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305
,
2142 SSL_CHACHA20POLY1305
,
2144 TLS1_2_VERSION
, TLS1_2_VERSION
,
2145 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2147 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2151 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2152 * !defined(OPENSSL_NO_POLY1305) */
2154 #ifndef OPENSSL_NO_CAMELLIA
2157 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2158 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2159 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2164 TLS1_2_VERSION
, TLS1_2_VERSION
,
2165 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2166 SSL_NOT_DEFAULT
| SSL_HIGH
,
2167 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2173 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2174 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2175 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2180 TLS1_2_VERSION
, TLS1_2_VERSION
,
2181 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2182 SSL_NOT_DEFAULT
| SSL_HIGH
,
2183 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2189 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2190 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2191 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2196 TLS1_2_VERSION
, TLS1_2_VERSION
,
2197 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2198 SSL_NOT_DEFAULT
| SSL_HIGH
,
2199 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2205 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2206 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2207 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2212 TLS1_2_VERSION
, TLS1_2_VERSION
,
2213 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2214 SSL_NOT_DEFAULT
| SSL_HIGH
,
2215 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2221 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2222 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2223 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2228 TLS1_2_VERSION
, TLS1_2_VERSION
,
2229 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2230 SSL_NOT_DEFAULT
| SSL_HIGH
,
2231 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2237 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2238 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2239 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2244 TLS1_2_VERSION
, TLS1_2_VERSION
,
2245 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2246 SSL_NOT_DEFAULT
| SSL_HIGH
,
2247 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2253 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2254 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2255 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2260 TLS1_2_VERSION
, TLS1_2_VERSION
,
2261 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2262 SSL_NOT_DEFAULT
| SSL_HIGH
,
2263 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2269 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2270 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2271 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2276 TLS1_2_VERSION
, TLS1_2_VERSION
,
2277 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2278 SSL_NOT_DEFAULT
| SSL_HIGH
,
2279 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2285 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2286 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2287 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2292 SSL3_VERSION
, TLS1_2_VERSION
,
2293 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2294 SSL_NOT_DEFAULT
| SSL_HIGH
,
2295 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2301 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2302 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2303 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2308 SSL3_VERSION
, TLS1_2_VERSION
,
2309 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2310 SSL_NOT_DEFAULT
| SSL_HIGH
,
2311 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2317 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2318 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2319 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2324 SSL3_VERSION
, TLS1_2_VERSION
,
2325 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2326 SSL_NOT_DEFAULT
| SSL_HIGH
,
2327 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2333 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2334 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2335 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2340 SSL3_VERSION
, TLS1_2_VERSION
,
2341 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2342 SSL_NOT_DEFAULT
| SSL_HIGH
,
2343 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2349 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2350 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2351 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2356 SSL3_VERSION
, TLS1_2_VERSION
,
2357 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2358 SSL_NOT_DEFAULT
| SSL_HIGH
,
2359 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2365 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2366 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2367 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2372 SSL3_VERSION
, TLS1_2_VERSION
,
2373 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2374 SSL_NOT_DEFAULT
| SSL_HIGH
,
2375 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2381 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2382 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2383 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2388 SSL3_VERSION
, TLS1_2_VERSION
,
2389 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2390 SSL_NOT_DEFAULT
| SSL_HIGH
,
2391 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2397 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2398 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2399 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2404 SSL3_VERSION
, TLS1_2_VERSION
,
2405 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2406 SSL_NOT_DEFAULT
| SSL_HIGH
,
2407 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2413 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2414 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2415 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2420 TLS1_2_VERSION
, TLS1_2_VERSION
,
2421 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2422 SSL_NOT_DEFAULT
| SSL_HIGH
,
2423 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2429 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2430 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2431 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2436 TLS1_2_VERSION
, TLS1_2_VERSION
,
2437 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2438 SSL_NOT_DEFAULT
| SSL_HIGH
,
2439 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2445 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2446 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2447 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2452 TLS1_2_VERSION
, TLS1_2_VERSION
,
2453 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2454 SSL_NOT_DEFAULT
| SSL_HIGH
,
2455 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2461 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2462 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2463 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2468 TLS1_2_VERSION
, TLS1_2_VERSION
,
2469 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2470 SSL_NOT_DEFAULT
| SSL_HIGH
,
2471 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2477 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2478 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2479 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2484 TLS1_VERSION
, TLS1_2_VERSION
,
2485 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2486 SSL_NOT_DEFAULT
| SSL_HIGH
,
2487 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2493 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2494 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2495 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2500 TLS1_VERSION
, TLS1_2_VERSION
,
2501 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2502 SSL_NOT_DEFAULT
| SSL_HIGH
,
2503 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2509 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2510 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2511 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2516 TLS1_VERSION
, TLS1_2_VERSION
,
2517 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2518 SSL_NOT_DEFAULT
| SSL_HIGH
,
2519 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2525 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2526 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2527 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2532 TLS1_VERSION
, TLS1_2_VERSION
,
2533 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2534 SSL_NOT_DEFAULT
| SSL_HIGH
,
2535 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2541 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2542 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2543 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2548 TLS1_VERSION
, TLS1_2_VERSION
,
2549 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2550 SSL_NOT_DEFAULT
| SSL_HIGH
,
2551 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2557 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2558 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2559 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2564 TLS1_VERSION
, TLS1_2_VERSION
,
2565 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2566 SSL_NOT_DEFAULT
| SSL_HIGH
,
2567 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2573 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2574 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2575 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2580 TLS1_VERSION
, TLS1_2_VERSION
,
2581 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2582 SSL_NOT_DEFAULT
| SSL_HIGH
,
2583 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2589 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2590 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2591 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2596 TLS1_VERSION
, TLS1_2_VERSION
,
2597 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2598 SSL_NOT_DEFAULT
| SSL_HIGH
,
2599 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2603 #endif /* OPENSSL_NO_CAMELLIA */
2605 #ifndef OPENSSL_NO_GOST
2608 "GOST2001-GOST89-GOST89",
2609 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2613 SSL_eGOST2814789CNT
,
2615 TLS1_VERSION
, TLS1_2_VERSION
,
2618 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
| TLS1_STREAM_MAC
,
2624 "GOST2001-NULL-GOST94",
2625 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2631 TLS1_VERSION
, TLS1_2_VERSION
,
2634 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
,
2640 "IANA-GOST2012-GOST8912-GOST8912",
2644 SSL_aGOST12
| SSL_aGOST01
,
2645 SSL_eGOST2814789CNT12
,
2647 TLS1_VERSION
, TLS1_2_VERSION
,
2650 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2656 "LEGACY-GOST2012-GOST8912-GOST8912",
2660 SSL_aGOST12
| SSL_aGOST01
,
2661 SSL_eGOST2814789CNT12
,
2663 TLS1_VERSION
, TLS1_2_VERSION
,
2666 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2672 "GOST2012-NULL-GOST12",
2676 SSL_aGOST12
| SSL_aGOST01
,
2679 TLS1_VERSION
, TLS1_2_VERSION
,
2682 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2686 #endif /* OPENSSL_NO_GOST */
2688 #ifndef OPENSSL_NO_IDEA
2691 SSL3_TXT_RSA_IDEA_128_SHA
,
2692 SSL3_RFC_RSA_IDEA_128_SHA
,
2693 SSL3_CK_RSA_IDEA_128_SHA
,
2698 SSL3_VERSION
, TLS1_1_VERSION
,
2699 DTLS1_BAD_VER
, DTLS1_VERSION
,
2700 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2701 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2707 #ifndef OPENSSL_NO_SEED
2710 TLS1_TXT_RSA_WITH_SEED_SHA
,
2711 TLS1_RFC_RSA_WITH_SEED_SHA
,
2712 TLS1_CK_RSA_WITH_SEED_SHA
,
2717 SSL3_VERSION
, TLS1_2_VERSION
,
2718 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2719 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2720 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2726 TLS1_TXT_DHE_DSS_WITH_SEED_SHA
,
2727 TLS1_RFC_DHE_DSS_WITH_SEED_SHA
,
2728 TLS1_CK_DHE_DSS_WITH_SEED_SHA
,
2733 SSL3_VERSION
, TLS1_2_VERSION
,
2734 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2735 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2736 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2742 TLS1_TXT_DHE_RSA_WITH_SEED_SHA
,
2743 TLS1_RFC_DHE_RSA_WITH_SEED_SHA
,
2744 TLS1_CK_DHE_RSA_WITH_SEED_SHA
,
2749 SSL3_VERSION
, TLS1_2_VERSION
,
2750 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2751 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2752 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2758 TLS1_TXT_ADH_WITH_SEED_SHA
,
2759 TLS1_RFC_ADH_WITH_SEED_SHA
,
2760 TLS1_CK_ADH_WITH_SEED_SHA
,
2765 SSL3_VERSION
, TLS1_2_VERSION
,
2766 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2767 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2768 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2772 #endif /* OPENSSL_NO_SEED */
2774 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2777 SSL3_TXT_RSA_RC4_128_MD5
,
2778 SSL3_RFC_RSA_RC4_128_MD5
,
2779 SSL3_CK_RSA_RC4_128_MD5
,
2784 SSL3_VERSION
, TLS1_2_VERSION
,
2786 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2787 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2793 SSL3_TXT_RSA_RC4_128_SHA
,
2794 SSL3_RFC_RSA_RC4_128_SHA
,
2795 SSL3_CK_RSA_RC4_128_SHA
,
2800 SSL3_VERSION
, TLS1_2_VERSION
,
2802 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2803 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2809 SSL3_TXT_ADH_RC4_128_MD5
,
2810 SSL3_RFC_ADH_RC4_128_MD5
,
2811 SSL3_CK_ADH_RC4_128_MD5
,
2816 SSL3_VERSION
, TLS1_2_VERSION
,
2818 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2819 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2825 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA
,
2826 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA
,
2827 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA
,
2832 TLS1_VERSION
, TLS1_2_VERSION
,
2834 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2835 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2841 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
2842 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA
,
2843 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
2848 TLS1_VERSION
, TLS1_2_VERSION
,
2850 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2851 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2857 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2858 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2859 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2864 TLS1_VERSION
, TLS1_2_VERSION
,
2866 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2867 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2873 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
2874 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA
,
2875 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
2880 TLS1_VERSION
, TLS1_2_VERSION
,
2882 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2883 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2889 TLS1_TXT_PSK_WITH_RC4_128_SHA
,
2890 TLS1_RFC_PSK_WITH_RC4_128_SHA
,
2891 TLS1_CK_PSK_WITH_RC4_128_SHA
,
2896 SSL3_VERSION
, TLS1_2_VERSION
,
2898 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2899 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2905 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA
,
2906 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA
,
2907 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA
,
2912 SSL3_VERSION
, TLS1_2_VERSION
,
2914 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2915 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2921 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA
,
2922 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA
,
2923 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA
,
2928 SSL3_VERSION
, TLS1_2_VERSION
,
2930 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2931 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2935 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2937 #ifndef OPENSSL_NO_ARIA
2940 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256
,
2941 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256
,
2942 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256
,
2947 TLS1_2_VERSION
, TLS1_2_VERSION
,
2948 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2949 SSL_NOT_DEFAULT
| SSL_HIGH
,
2950 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2956 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384
,
2957 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384
,
2958 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384
,
2963 TLS1_2_VERSION
, TLS1_2_VERSION
,
2964 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2965 SSL_NOT_DEFAULT
| SSL_HIGH
,
2966 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2972 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
2973 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
2974 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
2979 TLS1_2_VERSION
, TLS1_2_VERSION
,
2980 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2981 SSL_NOT_DEFAULT
| SSL_HIGH
,
2982 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2988 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
2989 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
2990 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
2995 TLS1_2_VERSION
, TLS1_2_VERSION
,
2996 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2997 SSL_NOT_DEFAULT
| SSL_HIGH
,
2998 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3004 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3005 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3006 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3011 TLS1_2_VERSION
, TLS1_2_VERSION
,
3012 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3013 SSL_NOT_DEFAULT
| SSL_HIGH
,
3014 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3020 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3021 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3022 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3027 TLS1_2_VERSION
, TLS1_2_VERSION
,
3028 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3029 SSL_NOT_DEFAULT
| SSL_HIGH
,
3030 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3036 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3037 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3038 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3043 TLS1_2_VERSION
, TLS1_2_VERSION
,
3044 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3045 SSL_NOT_DEFAULT
| SSL_HIGH
,
3046 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3052 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3053 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3054 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3059 TLS1_2_VERSION
, TLS1_2_VERSION
,
3060 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3061 SSL_NOT_DEFAULT
| SSL_HIGH
,
3062 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3068 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3069 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3070 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3075 TLS1_2_VERSION
, TLS1_2_VERSION
,
3076 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3077 SSL_NOT_DEFAULT
| SSL_HIGH
,
3078 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3084 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3085 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3086 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3091 TLS1_2_VERSION
, TLS1_2_VERSION
,
3092 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3093 SSL_NOT_DEFAULT
| SSL_HIGH
,
3094 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3100 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256
,
3101 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256
,
3102 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256
,
3107 TLS1_2_VERSION
, TLS1_2_VERSION
,
3108 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3109 SSL_NOT_DEFAULT
| SSL_HIGH
,
3110 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3116 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384
,
3117 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384
,
3118 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384
,
3123 TLS1_2_VERSION
, TLS1_2_VERSION
,
3124 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3125 SSL_NOT_DEFAULT
| SSL_HIGH
,
3126 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3132 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3133 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3134 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3139 TLS1_2_VERSION
, TLS1_2_VERSION
,
3140 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3141 SSL_NOT_DEFAULT
| SSL_HIGH
,
3142 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3148 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3149 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3150 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3155 TLS1_2_VERSION
, TLS1_2_VERSION
,
3156 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3157 SSL_NOT_DEFAULT
| SSL_HIGH
,
3158 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3164 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3165 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3166 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3171 TLS1_2_VERSION
, TLS1_2_VERSION
,
3172 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3173 SSL_NOT_DEFAULT
| SSL_HIGH
,
3174 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3180 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3181 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3182 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3187 TLS1_2_VERSION
, TLS1_2_VERSION
,
3188 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3189 SSL_NOT_DEFAULT
| SSL_HIGH
,
3190 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3194 #endif /* OPENSSL_NO_ARIA */
3198 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3199 * values stuffed into the ciphers field of the wire protocol for signalling
3202 static SSL_CIPHER ssl3_scsvs
[] = {
3205 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3206 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3208 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3212 "TLS_FALLBACK_SCSV",
3213 "TLS_FALLBACK_SCSV",
3214 SSL3_CK_FALLBACK_SCSV
,
3215 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3219 static int cipher_compare(const void *a
, const void *b
)
3221 const SSL_CIPHER
*ap
= (const SSL_CIPHER
*)a
;
3222 const SSL_CIPHER
*bp
= (const SSL_CIPHER
*)b
;
3224 if (ap
->id
== bp
->id
)
3226 return ap
->id
< bp
->id
? -1 : 1;
3229 void ssl_sort_cipher_list(void)
3231 qsort(tls13_ciphers
, TLS13_NUM_CIPHERS
, sizeof(tls13_ciphers
[0]),
3233 qsort(ssl3_ciphers
, SSL3_NUM_CIPHERS
, sizeof(ssl3_ciphers
[0]),
3235 qsort(ssl3_scsvs
, SSL3_NUM_SCSVS
, sizeof(ssl3_scsvs
[0]), cipher_compare
);
3238 static int ssl_undefined_function_1(SSL
*ssl
, unsigned char *r
, size_t s
,
3239 const char * t
, size_t u
,
3240 const unsigned char * v
, size_t w
, int x
)
3249 return ssl_undefined_function(ssl
);
3252 const SSL3_ENC_METHOD SSLv3_enc_data
= {
3255 ssl3_setup_key_block
,
3256 ssl3_generate_master_secret
,
3257 ssl3_change_cipher_state
,
3258 ssl3_final_finish_mac
,
3259 SSL3_MD_CLIENT_FINISHED_CONST
, 4,
3260 SSL3_MD_SERVER_FINISHED_CONST
, 4,
3262 ssl_undefined_function_1
,
3264 ssl3_set_handshake_header
,
3265 tls_close_construct_packet
,
3266 ssl3_handshake_write
3269 long ssl3_default_timeout(void)
3272 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3273 * http, the cache would over fill
3275 return (60 * 60 * 2);
3278 int ssl3_num_ciphers(void)
3280 return SSL3_NUM_CIPHERS
;
3283 const SSL_CIPHER
*ssl3_get_cipher(unsigned int u
)
3285 if (u
< SSL3_NUM_CIPHERS
)
3286 return &(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]);
3291 int ssl3_set_handshake_header(SSL
*s
, WPACKET
*pkt
, int htype
)
3293 /* No header in the event of a CCS */
3294 if (htype
== SSL3_MT_CHANGE_CIPHER_SPEC
)
3297 /* Set the content type and 3 bytes for the message len */
3298 if (!WPACKET_put_bytes_u8(pkt
, htype
)
3299 || !WPACKET_start_sub_packet_u24(pkt
))
3305 int ssl3_handshake_write(SSL
*s
)
3307 return ssl3_do_write(s
, SSL3_RT_HANDSHAKE
);
3310 int ssl3_new(SSL
*s
)
3312 #ifndef OPENSSL_NO_SRP
3313 if (!SSL_SRP_CTX_init(s
))
3317 if (!s
->method
->ssl_clear(s
))
3323 void ssl3_free(SSL
*s
)
3328 ssl3_cleanup_key_block(s
);
3330 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3331 EVP_PKEY_free(s
->s3
.peer_tmp
);
3332 s
->s3
.peer_tmp
= NULL
;
3333 EVP_PKEY_free(s
->s3
.tmp
.pkey
);
3334 s
->s3
.tmp
.pkey
= NULL
;
3337 ssl_evp_cipher_free(s
->s3
.tmp
.new_sym_enc
);
3338 ssl_evp_md_free(s
->s3
.tmp
.new_hash
);
3340 OPENSSL_free(s
->s3
.tmp
.ctype
);
3341 sk_X509_NAME_pop_free(s
->s3
.tmp
.peer_ca_names
, X509_NAME_free
);
3342 OPENSSL_free(s
->s3
.tmp
.ciphers_raw
);
3343 OPENSSL_clear_free(s
->s3
.tmp
.pms
, s
->s3
.tmp
.pmslen
);
3344 OPENSSL_free(s
->s3
.tmp
.peer_sigalgs
);
3345 OPENSSL_free(s
->s3
.tmp
.peer_cert_sigalgs
);
3346 ssl3_free_digest_list(s
);
3347 OPENSSL_free(s
->s3
.alpn_selected
);
3348 OPENSSL_free(s
->s3
.alpn_proposed
);
3350 #ifndef OPENSSL_NO_SRP
3351 SSL_SRP_CTX_free(s
);
3353 memset(&s
->s3
, 0, sizeof(s
->s3
));
3356 int ssl3_clear(SSL
*s
)
3358 ssl3_cleanup_key_block(s
);
3359 OPENSSL_free(s
->s3
.tmp
.ctype
);
3360 sk_X509_NAME_pop_free(s
->s3
.tmp
.peer_ca_names
, X509_NAME_free
);
3361 OPENSSL_free(s
->s3
.tmp
.ciphers_raw
);
3362 OPENSSL_clear_free(s
->s3
.tmp
.pms
, s
->s3
.tmp
.pmslen
);
3363 OPENSSL_free(s
->s3
.tmp
.peer_sigalgs
);
3364 OPENSSL_free(s
->s3
.tmp
.peer_cert_sigalgs
);
3366 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3367 EVP_PKEY_free(s
->s3
.tmp
.pkey
);
3368 EVP_PKEY_free(s
->s3
.peer_tmp
);
3369 #endif /* !OPENSSL_NO_EC */
3371 ssl3_free_digest_list(s
);
3373 OPENSSL_free(s
->s3
.alpn_selected
);
3374 OPENSSL_free(s
->s3
.alpn_proposed
);
3376 /* NULL/zero-out everything in the s3 struct */
3377 memset(&s
->s3
, 0, sizeof(s
->s3
));
3379 if (!ssl_free_wbio_buffer(s
))
3382 s
->version
= SSL3_VERSION
;
3384 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3385 OPENSSL_free(s
->ext
.npn
);
3393 #ifndef OPENSSL_NO_SRP
3394 static char *srp_password_from_info_cb(SSL
*s
, void *arg
)
3396 return OPENSSL_strdup(s
->srp_ctx
.info
);
3400 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
);
3402 long ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
3407 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
3409 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
3410 ret
= s
->s3
.num_renegotiations
;
3412 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
3413 ret
= s
->s3
.num_renegotiations
;
3414 s
->s3
.num_renegotiations
= 0;
3416 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
3417 ret
= s
->s3
.total_renegotiations
;
3419 case SSL_CTRL_GET_FLAGS
:
3420 ret
= (int)(s
->s3
.flags
);
3422 #ifndef OPENSSL_NO_DH
3423 case SSL_CTRL_SET_TMP_DH
:
3425 DH
*dh
= (DH
*)parg
;
3426 EVP_PKEY
*pkdh
= NULL
;
3428 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3431 pkdh
= ssl_dh_to_pkey(dh
);
3433 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_MALLOC_FAILURE
);
3436 if (!ssl_security(s
, SSL_SECOP_TMP_DH
,
3437 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3438 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3439 EVP_PKEY_free(pkdh
);
3442 EVP_PKEY_free(s
->cert
->dh_tmp
);
3443 s
->cert
->dh_tmp
= pkdh
;
3447 case SSL_CTRL_SET_TMP_DH_CB
:
3449 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3452 case SSL_CTRL_SET_DH_AUTO
:
3453 s
->cert
->dh_tmp_auto
= larg
;
3456 #ifndef OPENSSL_NO_EC
3457 case SSL_CTRL_SET_TMP_ECDH
:
3459 const EC_GROUP
*group
= NULL
;
3463 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3466 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3467 if (group
== NULL
) {
3468 SSLerr(SSL_F_SSL3_CTRL
, EC_R_MISSING_PARAMETERS
);
3471 nid
= EC_GROUP_get_curve_name(group
);
3472 if (nid
== NID_undef
)
3474 return tls1_set_groups(&s
->ext
.supportedgroups
,
3475 &s
->ext
.supportedgroups_len
,
3479 #endif /* !OPENSSL_NO_EC */
3480 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
3483 * This API is only used for a client to set what SNI it will request
3484 * from the server, but we currently allow it to be used on servers
3485 * as well, which is a programming error. Currently we just clear
3486 * the field in SSL_do_handshake() for server SSLs, but when we can
3487 * make ABI-breaking changes, we may want to make use of this API
3488 * an error on server SSLs.
3490 if (larg
== TLSEXT_NAMETYPE_host_name
) {
3493 OPENSSL_free(s
->ext
.hostname
);
3494 s
->ext
.hostname
= NULL
;
3499 len
= strlen((char *)parg
);
3500 if (len
== 0 || len
> TLSEXT_MAXLEN_host_name
) {
3501 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
3504 if ((s
->ext
.hostname
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3505 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_INTERNAL_ERROR
);
3509 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
3513 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
3514 s
->ext
.debug_arg
= parg
;
3518 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3519 ret
= s
->ext
.status_type
;
3522 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3523 s
->ext
.status_type
= larg
;
3527 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
3528 *(STACK_OF(X509_EXTENSION
) **)parg
= s
->ext
.ocsp
.exts
;
3532 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
3533 s
->ext
.ocsp
.exts
= parg
;
3537 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
3538 *(STACK_OF(OCSP_RESPID
) **)parg
= s
->ext
.ocsp
.ids
;
3542 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
3543 s
->ext
.ocsp
.ids
= parg
;
3547 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3548 *(unsigned char **)parg
= s
->ext
.ocsp
.resp
;
3549 if (s
->ext
.ocsp
.resp_len
== 0
3550 || s
->ext
.ocsp
.resp_len
> LONG_MAX
)
3552 return (long)s
->ext
.ocsp
.resp_len
;
3554 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3555 OPENSSL_free(s
->ext
.ocsp
.resp
);
3556 s
->ext
.ocsp
.resp
= parg
;
3557 s
->ext
.ocsp
.resp_len
= larg
;
3561 case SSL_CTRL_CHAIN
:
3563 return ssl_cert_set1_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3565 return ssl_cert_set0_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3567 case SSL_CTRL_CHAIN_CERT
:
3569 return ssl_cert_add1_chain_cert(s
, NULL
, (X509
*)parg
);
3571 return ssl_cert_add0_chain_cert(s
, NULL
, (X509
*)parg
);
3573 case SSL_CTRL_GET_CHAIN_CERTS
:
3574 *(STACK_OF(X509
) **)parg
= s
->cert
->key
->chain
;
3578 case SSL_CTRL_SELECT_CURRENT_CERT
:
3579 return ssl_cert_select_current(s
->cert
, (X509
*)parg
);
3581 case SSL_CTRL_SET_CURRENT_CERT
:
3582 if (larg
== SSL_CERT_SET_SERVER
) {
3583 const SSL_CIPHER
*cipher
;
3586 cipher
= s
->s3
.tmp
.new_cipher
;
3590 * No certificate for unauthenticated ciphersuites or using SRP
3593 if (cipher
->algorithm_auth
& (SSL_aNULL
| SSL_aSRP
))
3595 if (s
->s3
.tmp
.cert
== NULL
)
3597 s
->cert
->key
= s
->s3
.tmp
.cert
;
3600 return ssl_cert_set_current(s
->cert
, larg
);
3602 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3603 case SSL_CTRL_GET_GROUPS
:
3610 clist
= s
->ext
.peer_supportedgroups
;
3611 clistlen
= s
->ext
.peer_supportedgroups_len
;
3616 for (i
= 0; i
< clistlen
; i
++) {
3617 const TLS_GROUP_INFO
*cinf
= tls1_group_id_lookup(clist
[i
]);
3620 cptr
[i
] = cinf
->nid
;
3622 cptr
[i
] = TLSEXT_nid_unknown
| clist
[i
];
3625 return (int)clistlen
;
3628 case SSL_CTRL_SET_GROUPS
:
3629 return tls1_set_groups(&s
->ext
.supportedgroups
,
3630 &s
->ext
.supportedgroups_len
, parg
, larg
);
3632 case SSL_CTRL_SET_GROUPS_LIST
:
3633 return tls1_set_groups_list(&s
->ext
.supportedgroups
,
3634 &s
->ext
.supportedgroups_len
, parg
);
3636 case SSL_CTRL_GET_SHARED_GROUP
:
3638 uint16_t id
= tls1_shared_group(s
, larg
);
3641 return tls1_group_id2nid(id
);
3644 case SSL_CTRL_GET_NEGOTIATED_GROUP
:
3645 ret
= tls1_group_id2nid(s
->s3
.group_id
);
3647 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3649 case SSL_CTRL_SET_SIGALGS
:
3650 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 0);
3652 case SSL_CTRL_SET_SIGALGS_LIST
:
3653 return tls1_set_sigalgs_list(s
->cert
, parg
, 0);
3655 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3656 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 1);
3658 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3659 return tls1_set_sigalgs_list(s
->cert
, parg
, 1);
3661 case SSL_CTRL_GET_CLIENT_CERT_TYPES
:
3663 const unsigned char **pctype
= parg
;
3664 if (s
->server
|| !s
->s3
.tmp
.cert_req
)
3667 *pctype
= s
->s3
.tmp
.ctype
;
3668 return s
->s3
.tmp
.ctype_len
;
3671 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3674 return ssl3_set_req_cert_type(s
->cert
, parg
, larg
);
3676 case SSL_CTRL_BUILD_CERT_CHAIN
:
3677 return ssl_build_cert_chain(s
, NULL
, larg
);
3679 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3680 return ssl_cert_set_cert_store(s
->cert
, parg
, 0, larg
);
3682 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3683 return ssl_cert_set_cert_store(s
->cert
, parg
, 1, larg
);
3685 case SSL_CTRL_GET_PEER_SIGNATURE_NID
:
3686 if (s
->s3
.tmp
.peer_sigalg
== NULL
)
3688 *(int *)parg
= s
->s3
.tmp
.peer_sigalg
->hash
;
3691 case SSL_CTRL_GET_SIGNATURE_NID
:
3692 if (s
->s3
.tmp
.sigalg
== NULL
)
3694 *(int *)parg
= s
->s3
.tmp
.sigalg
->hash
;
3697 case SSL_CTRL_GET_PEER_TMP_KEY
:
3698 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3699 if (s
->session
== NULL
|| s
->s3
.peer_tmp
== NULL
) {
3702 EVP_PKEY_up_ref(s
->s3
.peer_tmp
);
3703 *(EVP_PKEY
**)parg
= s
->s3
.peer_tmp
;
3710 case SSL_CTRL_GET_TMP_KEY
:
3711 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3712 if (s
->session
== NULL
|| s
->s3
.tmp
.pkey
== NULL
) {
3715 EVP_PKEY_up_ref(s
->s3
.tmp
.pkey
);
3716 *(EVP_PKEY
**)parg
= s
->s3
.tmp
.pkey
;
3723 #ifndef OPENSSL_NO_EC
3724 case SSL_CTRL_GET_EC_POINT_FORMATS
:
3726 const unsigned char **pformat
= parg
;
3728 if (s
->ext
.peer_ecpointformats
== NULL
)
3730 *pformat
= s
->ext
.peer_ecpointformats
;
3731 return (int)s
->ext
.peer_ecpointformats_len
;
3741 long ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3746 #ifndef OPENSSL_NO_DH
3747 case SSL_CTRL_SET_TMP_DH_CB
:
3749 s
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3753 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
3754 s
->ext
.debug_cb
= (void (*)(SSL
*, int, int,
3755 const unsigned char *, int, void *))fp
;
3758 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3760 s
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3769 long ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3772 #ifndef OPENSSL_NO_DH
3773 case SSL_CTRL_SET_TMP_DH
:
3775 DH
*dh
= (DH
*)parg
;
3776 EVP_PKEY
*pkdh
= NULL
;
3778 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3781 pkdh
= ssl_dh_to_pkey(dh
);
3783 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3786 if (!ssl_ctx_security(ctx
, SSL_SECOP_TMP_DH
,
3787 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3788 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3789 EVP_PKEY_free(pkdh
);
3792 EVP_PKEY_free(ctx
->cert
->dh_tmp
);
3793 ctx
->cert
->dh_tmp
= pkdh
;
3796 case SSL_CTRL_SET_TMP_DH_CB
:
3798 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3801 case SSL_CTRL_SET_DH_AUTO
:
3802 ctx
->cert
->dh_tmp_auto
= larg
;
3805 #ifndef OPENSSL_NO_EC
3806 case SSL_CTRL_SET_TMP_ECDH
:
3808 const EC_GROUP
*group
= NULL
;
3812 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3815 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3816 if (group
== NULL
) {
3817 SSLerr(SSL_F_SSL3_CTX_CTRL
, EC_R_MISSING_PARAMETERS
);
3820 nid
= EC_GROUP_get_curve_name(group
);
3821 if (nid
== NID_undef
)
3823 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3824 &ctx
->ext
.supportedgroups_len
,
3827 #endif /* !OPENSSL_NO_EC */
3828 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
3829 ctx
->ext
.servername_arg
= parg
;
3831 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
3832 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
3834 unsigned char *keys
= parg
;
3835 long tick_keylen
= (sizeof(ctx
->ext
.tick_key_name
) +
3836 sizeof(ctx
->ext
.secure
->tick_hmac_key
) +
3837 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3840 if (larg
!= tick_keylen
) {
3841 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_TICKET_KEYS_LENGTH
);
3844 if (cmd
== SSL_CTRL_SET_TLSEXT_TICKET_KEYS
) {
3845 memcpy(ctx
->ext
.tick_key_name
, keys
,
3846 sizeof(ctx
->ext
.tick_key_name
));
3847 memcpy(ctx
->ext
.secure
->tick_hmac_key
,
3848 keys
+ sizeof(ctx
->ext
.tick_key_name
),
3849 sizeof(ctx
->ext
.secure
->tick_hmac_key
));
3850 memcpy(ctx
->ext
.secure
->tick_aes_key
,
3851 keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3852 sizeof(ctx
->ext
.secure
->tick_hmac_key
),
3853 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3855 memcpy(keys
, ctx
->ext
.tick_key_name
,
3856 sizeof(ctx
->ext
.tick_key_name
));
3857 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
),
3858 ctx
->ext
.secure
->tick_hmac_key
,
3859 sizeof(ctx
->ext
.secure
->tick_hmac_key
));
3860 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3861 sizeof(ctx
->ext
.secure
->tick_hmac_key
),
3862 ctx
->ext
.secure
->tick_aes_key
,
3863 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3868 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3869 return ctx
->ext
.status_type
;
3871 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3872 ctx
->ext
.status_type
= larg
;
3875 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
3876 ctx
->ext
.status_arg
= parg
;
3879 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
3880 *(void**)parg
= ctx
->ext
.status_arg
;
3883 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
3884 *(int (**)(SSL
*, void*))parg
= ctx
->ext
.status_cb
;
3887 #ifndef OPENSSL_NO_SRP
3888 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME
:
3889 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3890 OPENSSL_free(ctx
->srp_ctx
.login
);
3891 ctx
->srp_ctx
.login
= NULL
;
3894 if (strlen((const char *)parg
) > 255 || strlen((const char *)parg
) < 1) {
3895 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_SRP_USERNAME
);
3898 if ((ctx
->srp_ctx
.login
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3899 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_INTERNAL_ERROR
);
3903 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD
:
3904 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3905 srp_password_from_info_cb
;
3906 if (ctx
->srp_ctx
.info
!= NULL
)
3907 OPENSSL_free(ctx
->srp_ctx
.info
);
3908 if ((ctx
->srp_ctx
.info
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3909 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_INTERNAL_ERROR
);
3913 case SSL_CTRL_SET_SRP_ARG
:
3914 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3915 ctx
->srp_ctx
.SRP_cb_arg
= parg
;
3918 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH
:
3919 ctx
->srp_ctx
.strength
= larg
;
3923 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3924 case SSL_CTRL_SET_GROUPS
:
3925 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3926 &ctx
->ext
.supportedgroups_len
,
3929 case SSL_CTRL_SET_GROUPS_LIST
:
3930 return tls1_set_groups_list(&ctx
->ext
.supportedgroups
,
3931 &ctx
->ext
.supportedgroups_len
,
3933 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3935 case SSL_CTRL_SET_SIGALGS
:
3936 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 0);
3938 case SSL_CTRL_SET_SIGALGS_LIST
:
3939 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 0);
3941 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3942 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 1);
3944 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3945 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 1);
3947 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3948 return ssl3_set_req_cert_type(ctx
->cert
, parg
, larg
);
3950 case SSL_CTRL_BUILD_CERT_CHAIN
:
3951 return ssl_build_cert_chain(NULL
, ctx
, larg
);
3953 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3954 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 0, larg
);
3956 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3957 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 1, larg
);
3959 /* A Thawte special :-) */
3960 case SSL_CTRL_EXTRA_CHAIN_CERT
:
3961 if (ctx
->extra_certs
== NULL
) {
3962 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
) {
3963 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3967 if (!X509v3_cache_extensions((X509
*)parg
, ctx
->libctx
, ctx
->propq
)) {
3968 SSLerr(0, ERR_LIB_X509
);
3971 if (!sk_X509_push(ctx
->extra_certs
, (X509
*)parg
)) {
3972 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3977 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
3978 if (ctx
->extra_certs
== NULL
&& larg
== 0)
3979 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
3981 *(STACK_OF(X509
) **)parg
= ctx
->extra_certs
;
3984 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
3985 sk_X509_pop_free(ctx
->extra_certs
, X509_free
);
3986 ctx
->extra_certs
= NULL
;
3989 case SSL_CTRL_CHAIN
:
3991 return ssl_cert_set1_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
3993 return ssl_cert_set0_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
3995 case SSL_CTRL_CHAIN_CERT
:
3997 return ssl_cert_add1_chain_cert(NULL
, ctx
, (X509
*)parg
);
3999 return ssl_cert_add0_chain_cert(NULL
, ctx
, (X509
*)parg
);
4001 case SSL_CTRL_GET_CHAIN_CERTS
:
4002 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
4005 case SSL_CTRL_SELECT_CURRENT_CERT
:
4006 return ssl_cert_select_current(ctx
->cert
, (X509
*)parg
);
4008 case SSL_CTRL_SET_CURRENT_CERT
:
4009 return ssl_cert_set_current(ctx
->cert
, larg
);
4017 long ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
4020 #ifndef OPENSSL_NO_DH
4021 case SSL_CTRL_SET_TMP_DH_CB
:
4023 ctx
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
4027 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
4028 ctx
->ext
.servername_cb
= (int (*)(SSL
*, int *, void *))fp
;
4031 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
4032 ctx
->ext
.status_cb
= (int (*)(SSL
*, void *))fp
;
4035 # ifndef OPENSSL_NO_DEPRECATED_3_0
4036 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
4037 ctx
->ext
.ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
4040 HMAC_CTX
*, int))fp
;
4044 #ifndef OPENSSL_NO_SRP
4045 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB
:
4046 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4047 ctx
->srp_ctx
.SRP_verify_param_callback
= (int (*)(SSL
*, void *))fp
;
4049 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
:
4050 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4051 ctx
->srp_ctx
.TLS_ext_srp_username_callback
=
4052 (int (*)(SSL
*, int *, void *))fp
;
4054 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB
:
4055 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4056 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
4057 (char *(*)(SSL
*, void *))fp
;
4060 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
4062 ctx
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
4071 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4072 (SSL_CTX
*ctx
, int (*fp
)(SSL
*, unsigned char *, unsigned char *,
4073 EVP_CIPHER_CTX
*, EVP_MAC_CTX
*, int))
4075 ctx
->ext
.ticket_key_evp_cb
= fp
;
4079 const SSL_CIPHER
*ssl3_get_cipher_by_id(uint32_t id
)
4082 const SSL_CIPHER
*cp
;
4085 cp
= OBJ_bsearch_ssl_cipher_id(&c
, tls13_ciphers
, TLS13_NUM_CIPHERS
);
4088 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
4091 return OBJ_bsearch_ssl_cipher_id(&c
, ssl3_scsvs
, SSL3_NUM_SCSVS
);
4094 const SSL_CIPHER
*ssl3_get_cipher_by_std_name(const char *stdname
)
4096 SSL_CIPHER
*c
= NULL
, *tbl
;
4097 SSL_CIPHER
*alltabs
[] = {tls13_ciphers
, ssl3_ciphers
};
4098 size_t i
, j
, tblsize
[] = {TLS13_NUM_CIPHERS
, SSL3_NUM_CIPHERS
};
4100 /* this is not efficient, necessary to optimize this? */
4101 for (j
= 0; j
< OSSL_NELEM(alltabs
); j
++) {
4102 for (i
= 0, tbl
= alltabs
[j
]; i
< tblsize
[j
]; i
++, tbl
++) {
4103 if (tbl
->stdname
== NULL
)
4105 if (strcmp(stdname
, tbl
->stdname
) == 0) {
4113 for (i
= 0; i
< SSL3_NUM_SCSVS
; i
++, tbl
++) {
4114 if (strcmp(stdname
, tbl
->stdname
) == 0) {
4124 * This function needs to check if the ciphers required are actually
4127 const SSL_CIPHER
*ssl3_get_cipher_by_char(const unsigned char *p
)
4129 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4130 | ((uint32_t)p
[0] << 8L)
4134 int ssl3_put_cipher_by_char(const SSL_CIPHER
*c
, WPACKET
*pkt
, size_t *len
)
4136 if ((c
->id
& 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG
) {
4141 if (!WPACKET_put_bytes_u16(pkt
, c
->id
& 0xffff))
4149 * ssl3_choose_cipher - choose a cipher from those offered by the client
4150 * @s: SSL connection
4151 * @clnt: ciphers offered by the client
4152 * @srvr: ciphers enabled on the server?
4154 * Returns the selected cipher or NULL when no common ciphers.
4156 const SSL_CIPHER
*ssl3_choose_cipher(SSL
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
4157 STACK_OF(SSL_CIPHER
) *srvr
)
4159 const SSL_CIPHER
*c
, *ret
= NULL
;
4160 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
4161 int i
, ii
, ok
, prefer_sha256
= 0;
4162 unsigned long alg_k
= 0, alg_a
= 0, mask_k
= 0, mask_a
= 0;
4163 #ifndef OPENSSL_NO_CHACHA
4164 STACK_OF(SSL_CIPHER
) *prio_chacha
= NULL
;
4167 /* Let's see which ciphers we can support */
4170 * Do not set the compare functions, because this may lead to a
4171 * reordering by "id". We want to keep the original ordering. We may pay
4172 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4173 * pay with the price of sk_SSL_CIPHER_dup().
4176 OSSL_TRACE_BEGIN(TLS_CIPHER
) {
4177 BIO_printf(trc_out
, "Server has %d from %p:\n",
4178 sk_SSL_CIPHER_num(srvr
), (void *)srvr
);
4179 for (i
= 0; i
< sk_SSL_CIPHER_num(srvr
); ++i
) {
4180 c
= sk_SSL_CIPHER_value(srvr
, i
);
4181 BIO_printf(trc_out
, "%p:%s\n", (void *)c
, c
->name
);
4183 BIO_printf(trc_out
, "Client sent %d from %p:\n",
4184 sk_SSL_CIPHER_num(clnt
), (void *)clnt
);
4185 for (i
= 0; i
< sk_SSL_CIPHER_num(clnt
); ++i
) {
4186 c
= sk_SSL_CIPHER_value(clnt
, i
);
4187 BIO_printf(trc_out
, "%p:%s\n", (void *)c
, c
->name
);
4189 } OSSL_TRACE_END(TLS_CIPHER
);
4191 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4192 if (tls1_suiteb(s
)) {
4195 } else if (s
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
) {
4198 #ifndef OPENSSL_NO_CHACHA
4199 /* If ChaCha20 is at the top of the client preference list,
4200 and there are ChaCha20 ciphers in the server list, then
4201 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4202 if (s
->options
& SSL_OP_PRIORITIZE_CHACHA
&& sk_SSL_CIPHER_num(clnt
) > 0) {
4203 c
= sk_SSL_CIPHER_value(clnt
, 0);
4204 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
) {
4205 /* ChaCha20 is client preferred, check server... */
4206 int num
= sk_SSL_CIPHER_num(srvr
);
4208 for (i
= 0; i
< num
; i
++) {
4209 c
= sk_SSL_CIPHER_value(srvr
, i
);
4210 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
) {
4216 prio_chacha
= sk_SSL_CIPHER_new_reserve(NULL
, num
);
4217 /* if reserve fails, then there's likely a memory issue */
4218 if (prio_chacha
!= NULL
) {
4219 /* Put all ChaCha20 at the top, starting with the one we just found */
4220 sk_SSL_CIPHER_push(prio_chacha
, c
);
4221 for (i
++; i
< num
; i
++) {
4222 c
= sk_SSL_CIPHER_value(srvr
, i
);
4223 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
)
4224 sk_SSL_CIPHER_push(prio_chacha
, c
);
4226 /* Pull in the rest */
4227 for (i
= 0; i
< num
; i
++) {
4228 c
= sk_SSL_CIPHER_value(srvr
, i
);
4229 if (c
->algorithm_enc
!= SSL_CHACHA20POLY1305
)
4230 sk_SSL_CIPHER_push(prio_chacha
, c
);
4243 if (SSL_IS_TLS13(s
)) {
4244 #ifndef OPENSSL_NO_PSK
4248 * If we allow "old" style PSK callbacks, and we have no certificate (so
4249 * we're not going to succeed without a PSK anyway), and we're in
4250 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4251 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4254 if (s
->psk_server_callback
!= NULL
) {
4255 for (j
= 0; j
< SSL_PKEY_NUM
&& !ssl_has_cert(s
, j
); j
++);
4256 if (j
== SSL_PKEY_NUM
) {
4257 /* There are no certificates */
4263 tls1_set_cert_validity(s
);
4267 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
4268 c
= sk_SSL_CIPHER_value(prio
, i
);
4270 /* Skip ciphers not supported by the protocol version */
4271 if (!SSL_IS_DTLS(s
) &&
4272 ((s
->version
< c
->min_tls
) || (s
->version
> c
->max_tls
)))
4274 if (SSL_IS_DTLS(s
) &&
4275 (DTLS_VERSION_LT(s
->version
, c
->min_dtls
) ||
4276 DTLS_VERSION_GT(s
->version
, c
->max_dtls
)))
4280 * Since TLS 1.3 ciphersuites can be used with any auth or
4281 * key exchange scheme skip tests.
4283 if (!SSL_IS_TLS13(s
)) {
4284 mask_k
= s
->s3
.tmp
.mask_k
;
4285 mask_a
= s
->s3
.tmp
.mask_a
;
4286 #ifndef OPENSSL_NO_SRP
4287 if (s
->srp_ctx
.srp_Mask
& SSL_kSRP
) {
4293 alg_k
= c
->algorithm_mkey
;
4294 alg_a
= c
->algorithm_auth
;
4296 #ifndef OPENSSL_NO_PSK
4297 /* with PSK there must be server callback set */
4298 if ((alg_k
& SSL_PSK
) && s
->psk_server_callback
== NULL
)
4300 #endif /* OPENSSL_NO_PSK */
4302 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
4303 OSSL_TRACE7(TLS_CIPHER
,
4304 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4305 ok
, alg_k
, alg_a
, mask_k
, mask_a
, (void *)c
, c
->name
);
4307 #ifndef OPENSSL_NO_EC
4309 * if we are considering an ECC cipher suite that uses an ephemeral
4312 if (alg_k
& SSL_kECDHE
)
4313 ok
= ok
&& tls1_check_ec_tmp_key(s
, c
->id
);
4314 #endif /* OPENSSL_NO_EC */
4319 ii
= sk_SSL_CIPHER_find(allow
, c
);
4321 /* Check security callback permits this cipher */
4322 if (!ssl_security(s
, SSL_SECOP_CIPHER_SHARED
,
4323 c
->strength_bits
, 0, (void *)c
))
4325 #if !defined(OPENSSL_NO_EC)
4326 if ((alg_k
& SSL_kECDHE
) && (alg_a
& SSL_aECDSA
)
4327 && s
->s3
.is_probably_safari
) {
4329 ret
= sk_SSL_CIPHER_value(allow
, ii
);
4333 if (prefer_sha256
) {
4334 const SSL_CIPHER
*tmp
= sk_SSL_CIPHER_value(allow
, ii
);
4337 * TODO: When there are no more legacy digests we can just use
4338 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4340 if (EVP_MD_is_a(ssl_md(s
->ctx
, tmp
->algorithm2
),
4341 OBJ_nid2sn(NID_sha256
))) {
4349 ret
= sk_SSL_CIPHER_value(allow
, ii
);
4353 #ifndef OPENSSL_NO_CHACHA
4354 sk_SSL_CIPHER_free(prio_chacha
);
4359 int ssl3_get_req_cert_type(SSL
*s
, WPACKET
*pkt
)
4361 uint32_t alg_k
, alg_a
= 0;
4363 /* If we have custom certificate types set, use them */
4365 return WPACKET_memcpy(pkt
, s
->cert
->ctype
, s
->cert
->ctype_len
);
4366 /* Get mask of algorithms disabled by signature list */
4367 ssl_set_sig_mask(&alg_a
, s
, SSL_SECOP_SIGALG_MASK
);
4369 alg_k
= s
->s3
.tmp
.new_cipher
->algorithm_mkey
;
4371 #ifndef OPENSSL_NO_GOST
4372 if (s
->version
>= TLS1_VERSION
&& (alg_k
& SSL_kGOST
))
4373 return WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST01_SIGN
)
4374 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_SIGN
)
4375 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_512_SIGN
)
4376 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_LEGACY_SIGN
)
4377 && WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_LEGACY_512_SIGN
);
4380 if ((s
->version
== SSL3_VERSION
) && (alg_k
& SSL_kDHE
)) {
4381 #ifndef OPENSSL_NO_DH
4382 # ifndef OPENSSL_NO_RSA
4383 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_EPHEMERAL_DH
))
4386 # ifndef OPENSSL_NO_DSA
4387 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_EPHEMERAL_DH
))
4390 #endif /* !OPENSSL_NO_DH */
4392 #ifndef OPENSSL_NO_RSA
4393 if (!(alg_a
& SSL_aRSA
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_SIGN
))
4396 #ifndef OPENSSL_NO_DSA
4397 if (!(alg_a
& SSL_aDSS
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_SIGN
))
4400 #ifndef OPENSSL_NO_EC
4402 * ECDSA certs can be used with RSA cipher suites too so we don't
4403 * need to check for SSL_kECDH or SSL_kECDHE
4405 if (s
->version
>= TLS1_VERSION
4406 && !(alg_a
& SSL_aECDSA
)
4407 && !WPACKET_put_bytes_u8(pkt
, TLS_CT_ECDSA_SIGN
))
4413 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
)
4415 OPENSSL_free(c
->ctype
);
4418 if (p
== NULL
|| len
== 0)
4422 c
->ctype
= OPENSSL_memdup(p
, len
);
4423 if (c
->ctype
== NULL
)
4429 int ssl3_shutdown(SSL
*s
)
4434 * Don't do anything much if we have not done the handshake or we don't
4435 * want to send messages :-)
4437 if (s
->quiet_shutdown
|| SSL_in_before(s
)) {
4438 s
->shutdown
= (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
4442 if (!(s
->shutdown
& SSL_SENT_SHUTDOWN
)) {
4443 s
->shutdown
|= SSL_SENT_SHUTDOWN
;
4444 ssl3_send_alert(s
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
4446 * our shutdown alert has been sent now, and if it still needs to be
4447 * written, s->s3.alert_dispatch will be true
4449 if (s
->s3
.alert_dispatch
)
4450 return -1; /* return WANT_WRITE */
4451 } else if (s
->s3
.alert_dispatch
) {
4452 /* resend it if not sent */
4453 ret
= s
->method
->ssl_dispatch_alert(s
);
4456 * we only get to return -1 here the 2nd/Nth invocation, we must
4457 * have already signalled return 0 upon a previous invocation,
4462 } else if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
4465 * If we are waiting for a close from our peer, we are closed
4467 s
->method
->ssl_read_bytes(s
, 0, NULL
, NULL
, 0, 0, &readbytes
);
4468 if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
4469 return -1; /* return WANT_READ */
4473 if ((s
->shutdown
== (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
)) &&
4474 !s
->s3
.alert_dispatch
)
4480 int ssl3_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
4483 if (s
->s3
.renegotiate
)
4484 ssl3_renegotiate_check(s
, 0);
4486 return s
->method
->ssl_write_bytes(s
, SSL3_RT_APPLICATION_DATA
, buf
, len
,
4490 static int ssl3_read_internal(SSL
*s
, void *buf
, size_t len
, int peek
,
4496 if (s
->s3
.renegotiate
)
4497 ssl3_renegotiate_check(s
, 0);
4498 s
->s3
.in_read_app_data
= 1;
4500 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
, len
,
4502 if ((ret
== -1) && (s
->s3
.in_read_app_data
== 2)) {
4504 * ssl3_read_bytes decided to call s->handshake_func, which called
4505 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4506 * actually found application data and thinks that application data
4507 * makes sense here; so disable handshake processing and try to read
4508 * application data again.
4510 ossl_statem_set_in_handshake(s
, 1);
4512 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
,
4513 len
, peek
, readbytes
);
4514 ossl_statem_set_in_handshake(s
, 0);
4516 s
->s3
.in_read_app_data
= 0;
4521 int ssl3_read(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
4523 return ssl3_read_internal(s
, buf
, len
, 0, readbytes
);
4526 int ssl3_peek(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
4528 return ssl3_read_internal(s
, buf
, len
, 1, readbytes
);
4531 int ssl3_renegotiate(SSL
*s
)
4533 if (s
->handshake_func
== NULL
)
4536 s
->s3
.renegotiate
= 1;
4541 * Check if we are waiting to do a renegotiation and if so whether now is a
4542 * good time to do it. If |initok| is true then we are being called from inside
4543 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4544 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4545 * should do a renegotiation now and sets up the state machine for it. Otherwise
4548 int ssl3_renegotiate_check(SSL
*s
, int initok
)
4552 if (s
->s3
.renegotiate
) {
4553 if (!RECORD_LAYER_read_pending(&s
->rlayer
)
4554 && !RECORD_LAYER_write_pending(&s
->rlayer
)
4555 && (initok
|| !SSL_in_init(s
))) {
4557 * if we are the server, and we have sent a 'RENEGOTIATE'
4558 * message, we need to set the state machine into the renegotiate
4561 ossl_statem_set_renegotiate(s
);
4562 s
->s3
.renegotiate
= 0;
4563 s
->s3
.num_renegotiations
++;
4564 s
->s3
.total_renegotiations
++;
4572 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4573 * handshake macs if required.
4575 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4577 long ssl_get_algorithm2(SSL
*s
)
4580 if (s
->s3
.tmp
.new_cipher
== NULL
)
4582 alg2
= s
->s3
.tmp
.new_cipher
->algorithm2
;
4583 if (s
->method
->ssl3_enc
->enc_flags
& SSL_ENC_FLAG_SHA256_PRF
) {
4584 if (alg2
== (SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
))
4585 return SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
;
4586 } else if (s
->s3
.tmp
.new_cipher
->algorithm_mkey
& SSL_PSK
) {
4587 if (alg2
== (SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
))
4588 return SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
;
4594 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4595 * failure, 1 on success.
4597 int ssl_fill_hello_random(SSL
*s
, int server
, unsigned char *result
, size_t len
,
4600 int send_time
= 0, ret
;
4605 send_time
= (s
->mode
& SSL_MODE_SEND_SERVERHELLO_TIME
) != 0;
4607 send_time
= (s
->mode
& SSL_MODE_SEND_CLIENTHELLO_TIME
) != 0;
4609 unsigned long Time
= (unsigned long)time(NULL
);
4610 unsigned char *p
= result
;
4613 ret
= RAND_bytes_ex(s
->ctx
->libctx
, p
, len
- 4);
4615 ret
= RAND_bytes_ex(s
->ctx
->libctx
, result
, len
);
4619 if (!ossl_assert(sizeof(tls11downgrade
) < len
)
4620 || !ossl_assert(sizeof(tls12downgrade
) < len
))
4622 if (dgrd
== DOWNGRADE_TO_1_2
)
4623 memcpy(result
+ len
- sizeof(tls12downgrade
), tls12downgrade
,
4624 sizeof(tls12downgrade
));
4625 else if (dgrd
== DOWNGRADE_TO_1_1
)
4626 memcpy(result
+ len
- sizeof(tls11downgrade
), tls11downgrade
,
4627 sizeof(tls11downgrade
));
4633 int ssl_generate_master_secret(SSL
*s
, unsigned char *pms
, size_t pmslen
,
4636 unsigned long alg_k
= s
->s3
.tmp
.new_cipher
->algorithm_mkey
;
4639 if (alg_k
& SSL_PSK
) {
4640 #ifndef OPENSSL_NO_PSK
4641 unsigned char *pskpms
, *t
;
4642 size_t psklen
= s
->s3
.tmp
.psklen
;
4645 /* create PSK premaster_secret */
4647 /* For plain PSK "other_secret" is psklen zeroes */
4648 if (alg_k
& SSL_kPSK
)
4651 pskpmslen
= 4 + pmslen
+ psklen
;
4652 pskpms
= OPENSSL_malloc(pskpmslen
);
4657 if (alg_k
& SSL_kPSK
)
4658 memset(t
, 0, pmslen
);
4660 memcpy(t
, pms
, pmslen
);
4663 memcpy(t
, s
->s3
.tmp
.psk
, psklen
);
4665 OPENSSL_clear_free(s
->s3
.tmp
.psk
, psklen
);
4666 s
->s3
.tmp
.psk
= NULL
;
4667 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4668 s
->session
->master_key
, pskpms
, pskpmslen
,
4669 &s
->session
->master_key_length
)) {
4670 OPENSSL_clear_free(pskpms
, pskpmslen
);
4671 /* SSLfatal() already called */
4674 OPENSSL_clear_free(pskpms
, pskpmslen
);
4676 /* Should never happen */
4680 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4681 s
->session
->master_key
, pms
, pmslen
,
4682 &s
->session
->master_key_length
)) {
4683 /* SSLfatal() already called */
4692 OPENSSL_clear_free(pms
, pmslen
);
4694 OPENSSL_cleanse(pms
, pmslen
);
4697 s
->s3
.tmp
.pms
= NULL
;
4701 /* Generate a private key from parameters */
4702 EVP_PKEY
*ssl_generate_pkey(SSL
*s
, EVP_PKEY
*pm
)
4704 EVP_PKEY_CTX
*pctx
= NULL
;
4705 EVP_PKEY
*pkey
= NULL
;
4709 pctx
= EVP_PKEY_CTX_new_from_pkey(s
->ctx
->libctx
, pm
, s
->ctx
->propq
);
4712 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4714 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4715 EVP_PKEY_free(pkey
);
4720 EVP_PKEY_CTX_free(pctx
);
4724 /* Generate a private key from a group ID */
4725 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
4726 EVP_PKEY
*ssl_generate_pkey_group(SSL
*s
, uint16_t id
)
4728 const TLS_GROUP_INFO
*ginf
= tls1_group_id_lookup(id
);
4729 EVP_PKEY_CTX
*pctx
= NULL
;
4730 EVP_PKEY
*pkey
= NULL
;
4732 # ifndef OPENSSL_NO_DH
4737 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4738 ERR_R_INTERNAL_ERROR
);
4741 gtype
= ginf
->flags
& TLS_GROUP_TYPE
;
4743 pctx
= EVP_PKEY_CTX_new_from_name(s
->ctx
->libctx
, ginf
->keytype
,
4747 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4748 ERR_R_MALLOC_FAILURE
);
4751 if (EVP_PKEY_keygen_init(pctx
) <= 0) {
4752 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4756 # ifndef OPENSSL_NO_DH
4757 if (gtype
== TLS_GROUP_FFDHE
) {
4758 if ((pkey
= EVP_PKEY_new()) == NULL
4759 || (dh
= DH_new_by_nid(ginf
->nid
)) == NULL
4760 || !EVP_PKEY_assign(pkey
, EVP_PKEY_DH
, dh
)) {
4761 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4764 EVP_PKEY_free(pkey
);
4768 if (EVP_PKEY_CTX_set_dh_nid(pctx
, ginf
->nid
) <= 0) {
4769 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4771 EVP_PKEY_free(pkey
);
4776 # ifndef OPENSSL_NO_EC
4780 # ifndef OPENSSL_NO_EC
4782 if (gtype
!= TLS_GROUP_CURVE_CUSTOM
4783 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, ginf
->nid
) <= 0) {
4784 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4790 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4791 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4793 EVP_PKEY_free(pkey
);
4798 EVP_PKEY_CTX_free(pctx
);
4804 * Generate parameters from a group ID
4806 EVP_PKEY
*ssl_generate_param_group(SSL
*s
, uint16_t id
)
4808 EVP_PKEY_CTX
*pctx
= NULL
;
4809 EVP_PKEY
*pkey
= NULL
;
4810 const TLS_GROUP_INFO
*ginf
= tls1_group_id_lookup(id
);
4811 const char *pkey_ctx_name
;
4816 if ((ginf
->flags
& TLS_GROUP_TYPE
) == TLS_GROUP_CURVE_CUSTOM
) {
4817 pkey
= EVP_PKEY_new();
4818 if (pkey
!= NULL
&& EVP_PKEY_set_type(pkey
, ginf
->nid
))
4820 EVP_PKEY_free(pkey
);
4824 pkey_ctx_name
= (ginf
->flags
& TLS_GROUP_FFDHE
) != 0 ? "DH" : "EC";
4825 pctx
= EVP_PKEY_CTX_new_from_name(s
->ctx
->libctx
, pkey_ctx_name
,
4830 if (EVP_PKEY_paramgen_init(pctx
) <= 0)
4832 # ifndef OPENSSL_NO_DH
4833 if (ginf
->flags
& TLS_GROUP_FFDHE
) {
4834 if (EVP_PKEY_CTX_set_dh_nid(pctx
, ginf
->nid
) <= 0)
4837 # ifndef OPENSSL_NO_EC
4841 # ifndef OPENSSL_NO_EC
4843 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, ginf
->nid
) <= 0)
4847 if (EVP_PKEY_paramgen(pctx
, &pkey
) <= 0) {
4848 EVP_PKEY_free(pkey
);
4853 EVP_PKEY_CTX_free(pctx
);
4857 /* Derive secrets for ECDH/DH */
4858 int ssl_derive(SSL
*s
, EVP_PKEY
*privkey
, EVP_PKEY
*pubkey
, int gensecret
)
4861 unsigned char *pms
= NULL
;
4865 if (privkey
== NULL
|| pubkey
== NULL
) {
4866 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4867 ERR_R_INTERNAL_ERROR
);
4871 pctx
= EVP_PKEY_CTX_new_from_pkey(s
->ctx
->libctx
, privkey
, s
->ctx
->propq
);
4873 if (EVP_PKEY_derive_init(pctx
) <= 0
4874 || EVP_PKEY_derive_set_peer(pctx
, pubkey
) <= 0
4875 || EVP_PKEY_derive(pctx
, NULL
, &pmslen
) <= 0) {
4876 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4877 ERR_R_INTERNAL_ERROR
);
4881 #ifndef OPENSSL_NO_DH
4882 if (SSL_IS_TLS13(s
) && EVP_PKEY_id(privkey
) == EVP_PKEY_DH
)
4883 EVP_PKEY_CTX_set_dh_pad(pctx
, 1);
4886 pms
= OPENSSL_malloc(pmslen
);
4888 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4889 ERR_R_MALLOC_FAILURE
);
4893 if (EVP_PKEY_derive(pctx
, pms
, &pmslen
) <= 0) {
4894 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4895 ERR_R_INTERNAL_ERROR
);
4900 /* SSLfatal() called as appropriate in the below functions */
4901 if (SSL_IS_TLS13(s
)) {
4903 * If we are resuming then we already generated the early secret
4904 * when we created the ClientHello, so don't recreate it.
4907 rv
= tls13_generate_secret(s
, ssl_handshake_md(s
), NULL
, NULL
,
4909 (unsigned char *)&s
->early_secret
);
4913 rv
= rv
&& tls13_generate_handshake_secret(s
, pms
, pmslen
);
4915 rv
= ssl_generate_master_secret(s
, pms
, pmslen
, 0);
4918 /* Save premaster secret */
4919 s
->s3
.tmp
.pms
= pms
;
4920 s
->s3
.tmp
.pmslen
= pmslen
;
4926 OPENSSL_clear_free(pms
, pmslen
);
4927 EVP_PKEY_CTX_free(pctx
);
4931 #ifndef OPENSSL_NO_DH
4932 EVP_PKEY
*ssl_dh_to_pkey(DH
*dh
)
4937 ret
= EVP_PKEY_new();
4938 if (EVP_PKEY_set1_DH(ret
, dh
) <= 0) {