]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:


5ea2c2d029c696f64f669beaf91818a6e37be47c
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_locl.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include "internal/cryptlib.h"
21
22 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
23 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
24 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
25
26 /* TLSv1.3 downgrade protection sentinel values */
27 const unsigned char tls11downgrade[] = {
28 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
29 };
30 const unsigned char tls12downgrade[] = {
31 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
32 };
33
34 /* The list of available TLSv1.3 ciphers */
35 static SSL_CIPHER tls13_ciphers[] = {
36 {
37 1,
38 TLS1_3_RFC_AES_128_GCM_SHA256,
39 TLS1_3_RFC_AES_128_GCM_SHA256,
40 TLS1_3_CK_AES_128_GCM_SHA256,
41 SSL_kANY,
42 SSL_aANY,
43 SSL_AES128GCM,
44 SSL_AEAD,
45 TLS1_3_VERSION, TLS1_3_VERSION,
46 0, 0,
47 SSL_HIGH,
48 SSL_HANDSHAKE_MAC_SHA256,
49 128,
50 128,
51 }, {
52 1,
53 TLS1_3_RFC_AES_256_GCM_SHA384,
54 TLS1_3_RFC_AES_256_GCM_SHA384,
55 TLS1_3_CK_AES_256_GCM_SHA384,
56 SSL_kANY,
57 SSL_aANY,
58 SSL_AES256GCM,
59 SSL_AEAD,
60 TLS1_3_VERSION, TLS1_3_VERSION,
61 0, 0,
62 SSL_HIGH,
63 SSL_HANDSHAKE_MAC_SHA384,
64 256,
65 256,
66 },
67 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
68 {
69 1,
70 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
73 SSL_kANY,
74 SSL_aANY,
75 SSL_CHACHA20POLY1305,
76 SSL_AEAD,
77 TLS1_3_VERSION, TLS1_3_VERSION,
78 0, 0,
79 SSL_HIGH,
80 SSL_HANDSHAKE_MAC_SHA256,
81 256,
82 256,
83 },
84 #endif
85 {
86 1,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_CK_AES_128_CCM_SHA256,
90 SSL_kANY,
91 SSL_aANY,
92 SSL_AES128CCM,
93 SSL_AEAD,
94 TLS1_3_VERSION, TLS1_3_VERSION,
95 0, 0,
96 SSL_NOT_DEFAULT | SSL_HIGH,
97 SSL_HANDSHAKE_MAC_SHA256,
98 128,
99 128,
100 }, {
101 1,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_CK_AES_128_CCM_8_SHA256,
105 SSL_kANY,
106 SSL_aANY,
107 SSL_AES128CCM8,
108 SSL_AEAD,
109 TLS1_3_VERSION, TLS1_3_VERSION,
110 0, 0,
111 SSL_NOT_DEFAULT | SSL_HIGH,
112 SSL_HANDSHAKE_MAC_SHA256,
113 128,
114 128,
115 }
116 };
117
118 /*
119 * The list of available ciphers, mostly organized into the following
120 * groups:
121 * Always there
122 * EC
123 * PSK
124 * SRP (within that: RSA EC PSK)
125 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
126 * Weak ciphers
127 */
128 static SSL_CIPHER ssl3_ciphers[] = {
129 {
130 1,
131 SSL3_TXT_RSA_NULL_MD5,
132 SSL3_RFC_RSA_NULL_MD5,
133 SSL3_CK_RSA_NULL_MD5,
134 SSL_kRSA,
135 SSL_aRSA,
136 SSL_eNULL,
137 SSL_MD5,
138 SSL3_VERSION, TLS1_2_VERSION,
139 DTLS1_BAD_VER, DTLS1_2_VERSION,
140 SSL_STRONG_NONE,
141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
142 0,
143 0,
144 },
145 {
146 1,
147 SSL3_TXT_RSA_NULL_SHA,
148 SSL3_RFC_RSA_NULL_SHA,
149 SSL3_CK_RSA_NULL_SHA,
150 SSL_kRSA,
151 SSL_aRSA,
152 SSL_eNULL,
153 SSL_SHA1,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_BAD_VER, DTLS1_2_VERSION,
156 SSL_STRONG_NONE | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
158 0,
159 0,
160 },
161 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
162 {
163 1,
164 SSL3_TXT_RSA_DES_192_CBC3_SHA,
165 SSL3_RFC_RSA_DES_192_CBC3_SHA,
166 SSL3_CK_RSA_DES_192_CBC3_SHA,
167 SSL_kRSA,
168 SSL_aRSA,
169 SSL_3DES,
170 SSL_SHA1,
171 SSL3_VERSION, TLS1_2_VERSION,
172 DTLS1_BAD_VER, DTLS1_2_VERSION,
173 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
174 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 112,
176 168,
177 },
178 {
179 1,
180 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
181 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
182 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
183 SSL_kDHE,
184 SSL_aDSS,
185 SSL_3DES,
186 SSL_SHA1,
187 SSL3_VERSION, TLS1_2_VERSION,
188 DTLS1_BAD_VER, DTLS1_2_VERSION,
189 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
190 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 112,
192 168,
193 },
194 {
195 1,
196 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
197 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
198 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
199 SSL_kDHE,
200 SSL_aRSA,
201 SSL_3DES,
202 SSL_SHA1,
203 SSL3_VERSION, TLS1_2_VERSION,
204 DTLS1_BAD_VER, DTLS1_2_VERSION,
205 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 112,
208 168,
209 },
210 {
211 1,
212 SSL3_TXT_ADH_DES_192_CBC_SHA,
213 SSL3_RFC_ADH_DES_192_CBC_SHA,
214 SSL3_CK_ADH_DES_192_CBC_SHA,
215 SSL_kDHE,
216 SSL_aNULL,
217 SSL_3DES,
218 SSL_SHA1,
219 SSL3_VERSION, TLS1_2_VERSION,
220 DTLS1_BAD_VER, DTLS1_2_VERSION,
221 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
222 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 112,
224 168,
225 },
226 #endif
227 {
228 1,
229 TLS1_TXT_RSA_WITH_AES_128_SHA,
230 TLS1_RFC_RSA_WITH_AES_128_SHA,
231 TLS1_CK_RSA_WITH_AES_128_SHA,
232 SSL_kRSA,
233 SSL_aRSA,
234 SSL_AES128,
235 SSL_SHA1,
236 SSL3_VERSION, TLS1_2_VERSION,
237 DTLS1_BAD_VER, DTLS1_2_VERSION,
238 SSL_HIGH | SSL_FIPS,
239 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
240 128,
241 128,
242 },
243 {
244 1,
245 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
246 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
247 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
248 SSL_kDHE,
249 SSL_aDSS,
250 SSL_AES128,
251 SSL_SHA1,
252 SSL3_VERSION, TLS1_2_VERSION,
253 DTLS1_BAD_VER, DTLS1_2_VERSION,
254 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
255 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256 128,
257 128,
258 },
259 {
260 1,
261 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
262 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
263 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
264 SSL_kDHE,
265 SSL_aRSA,
266 SSL_AES128,
267 SSL_SHA1,
268 SSL3_VERSION, TLS1_2_VERSION,
269 DTLS1_BAD_VER, DTLS1_2_VERSION,
270 SSL_HIGH | SSL_FIPS,
271 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
272 128,
273 128,
274 },
275 {
276 1,
277 TLS1_TXT_ADH_WITH_AES_128_SHA,
278 TLS1_RFC_ADH_WITH_AES_128_SHA,
279 TLS1_CK_ADH_WITH_AES_128_SHA,
280 SSL_kDHE,
281 SSL_aNULL,
282 SSL_AES128,
283 SSL_SHA1,
284 SSL3_VERSION, TLS1_2_VERSION,
285 DTLS1_BAD_VER, DTLS1_2_VERSION,
286 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
288 128,
289 128,
290 },
291 {
292 1,
293 TLS1_TXT_RSA_WITH_AES_256_SHA,
294 TLS1_RFC_RSA_WITH_AES_256_SHA,
295 TLS1_CK_RSA_WITH_AES_256_SHA,
296 SSL_kRSA,
297 SSL_aRSA,
298 SSL_AES256,
299 SSL_SHA1,
300 SSL3_VERSION, TLS1_2_VERSION,
301 DTLS1_BAD_VER, DTLS1_2_VERSION,
302 SSL_HIGH | SSL_FIPS,
303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
304 256,
305 256,
306 },
307 {
308 1,
309 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
310 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
311 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
312 SSL_kDHE,
313 SSL_aDSS,
314 SSL_AES256,
315 SSL_SHA1,
316 SSL3_VERSION, TLS1_2_VERSION,
317 DTLS1_BAD_VER, DTLS1_2_VERSION,
318 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
320 256,
321 256,
322 },
323 {
324 1,
325 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
326 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
327 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
328 SSL_kDHE,
329 SSL_aRSA,
330 SSL_AES256,
331 SSL_SHA1,
332 SSL3_VERSION, TLS1_2_VERSION,
333 DTLS1_BAD_VER, DTLS1_2_VERSION,
334 SSL_HIGH | SSL_FIPS,
335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
336 256,
337 256,
338 },
339 {
340 1,
341 TLS1_TXT_ADH_WITH_AES_256_SHA,
342 TLS1_RFC_ADH_WITH_AES_256_SHA,
343 TLS1_CK_ADH_WITH_AES_256_SHA,
344 SSL_kDHE,
345 SSL_aNULL,
346 SSL_AES256,
347 SSL_SHA1,
348 SSL3_VERSION, TLS1_2_VERSION,
349 DTLS1_BAD_VER, DTLS1_2_VERSION,
350 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
352 256,
353 256,
354 },
355 {
356 1,
357 TLS1_TXT_RSA_WITH_NULL_SHA256,
358 TLS1_RFC_RSA_WITH_NULL_SHA256,
359 TLS1_CK_RSA_WITH_NULL_SHA256,
360 SSL_kRSA,
361 SSL_aRSA,
362 SSL_eNULL,
363 SSL_SHA256,
364 TLS1_2_VERSION, TLS1_2_VERSION,
365 DTLS1_2_VERSION, DTLS1_2_VERSION,
366 SSL_STRONG_NONE | SSL_FIPS,
367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 0,
369 0,
370 },
371 {
372 1,
373 TLS1_TXT_RSA_WITH_AES_128_SHA256,
374 TLS1_RFC_RSA_WITH_AES_128_SHA256,
375 TLS1_CK_RSA_WITH_AES_128_SHA256,
376 SSL_kRSA,
377 SSL_aRSA,
378 SSL_AES128,
379 SSL_SHA256,
380 TLS1_2_VERSION, TLS1_2_VERSION,
381 DTLS1_2_VERSION, DTLS1_2_VERSION,
382 SSL_HIGH | SSL_FIPS,
383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
384 128,
385 128,
386 },
387 {
388 1,
389 TLS1_TXT_RSA_WITH_AES_256_SHA256,
390 TLS1_RFC_RSA_WITH_AES_256_SHA256,
391 TLS1_CK_RSA_WITH_AES_256_SHA256,
392 SSL_kRSA,
393 SSL_aRSA,
394 SSL_AES256,
395 SSL_SHA256,
396 TLS1_2_VERSION, TLS1_2_VERSION,
397 DTLS1_2_VERSION, DTLS1_2_VERSION,
398 SSL_HIGH | SSL_FIPS,
399 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
400 256,
401 256,
402 },
403 {
404 1,
405 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
406 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
407 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
408 SSL_kDHE,
409 SSL_aDSS,
410 SSL_AES128,
411 SSL_SHA256,
412 TLS1_2_VERSION, TLS1_2_VERSION,
413 DTLS1_2_VERSION, DTLS1_2_VERSION,
414 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
415 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416 128,
417 128,
418 },
419 {
420 1,
421 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
422 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
423 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
424 SSL_kDHE,
425 SSL_aRSA,
426 SSL_AES128,
427 SSL_SHA256,
428 TLS1_2_VERSION, TLS1_2_VERSION,
429 DTLS1_2_VERSION, DTLS1_2_VERSION,
430 SSL_HIGH | SSL_FIPS,
431 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
432 128,
433 128,
434 },
435 {
436 1,
437 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
438 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
439 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
440 SSL_kDHE,
441 SSL_aDSS,
442 SSL_AES256,
443 SSL_SHA256,
444 TLS1_2_VERSION, TLS1_2_VERSION,
445 DTLS1_2_VERSION, DTLS1_2_VERSION,
446 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
448 256,
449 256,
450 },
451 {
452 1,
453 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
454 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
455 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
456 SSL_kDHE,
457 SSL_aRSA,
458 SSL_AES256,
459 SSL_SHA256,
460 TLS1_2_VERSION, TLS1_2_VERSION,
461 DTLS1_2_VERSION, DTLS1_2_VERSION,
462 SSL_HIGH | SSL_FIPS,
463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
464 256,
465 256,
466 },
467 {
468 1,
469 TLS1_TXT_ADH_WITH_AES_128_SHA256,
470 TLS1_RFC_ADH_WITH_AES_128_SHA256,
471 TLS1_CK_ADH_WITH_AES_128_SHA256,
472 SSL_kDHE,
473 SSL_aNULL,
474 SSL_AES128,
475 SSL_SHA256,
476 TLS1_2_VERSION, TLS1_2_VERSION,
477 DTLS1_2_VERSION, DTLS1_2_VERSION,
478 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
479 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
480 128,
481 128,
482 },
483 {
484 1,
485 TLS1_TXT_ADH_WITH_AES_256_SHA256,
486 TLS1_RFC_ADH_WITH_AES_256_SHA256,
487 TLS1_CK_ADH_WITH_AES_256_SHA256,
488 SSL_kDHE,
489 SSL_aNULL,
490 SSL_AES256,
491 SSL_SHA256,
492 TLS1_2_VERSION, TLS1_2_VERSION,
493 DTLS1_2_VERSION, DTLS1_2_VERSION,
494 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
495 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
496 256,
497 256,
498 },
499 {
500 1,
501 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
502 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
503 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
504 SSL_kRSA,
505 SSL_aRSA,
506 SSL_AES128GCM,
507 SSL_AEAD,
508 TLS1_2_VERSION, TLS1_2_VERSION,
509 DTLS1_2_VERSION, DTLS1_2_VERSION,
510 SSL_HIGH | SSL_FIPS,
511 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
512 128,
513 128,
514 },
515 {
516 1,
517 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
518 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
519 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
520 SSL_kRSA,
521 SSL_aRSA,
522 SSL_AES256GCM,
523 SSL_AEAD,
524 TLS1_2_VERSION, TLS1_2_VERSION,
525 DTLS1_2_VERSION, DTLS1_2_VERSION,
526 SSL_HIGH | SSL_FIPS,
527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
528 256,
529 256,
530 },
531 {
532 1,
533 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
534 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
535 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
536 SSL_kDHE,
537 SSL_aRSA,
538 SSL_AES128GCM,
539 SSL_AEAD,
540 TLS1_2_VERSION, TLS1_2_VERSION,
541 DTLS1_2_VERSION, DTLS1_2_VERSION,
542 SSL_HIGH | SSL_FIPS,
543 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
544 128,
545 128,
546 },
547 {
548 1,
549 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
550 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
551 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
552 SSL_kDHE,
553 SSL_aRSA,
554 SSL_AES256GCM,
555 SSL_AEAD,
556 TLS1_2_VERSION, TLS1_2_VERSION,
557 DTLS1_2_VERSION, DTLS1_2_VERSION,
558 SSL_HIGH | SSL_FIPS,
559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
560 256,
561 256,
562 },
563 {
564 1,
565 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
566 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
567 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
568 SSL_kDHE,
569 SSL_aDSS,
570 SSL_AES128GCM,
571 SSL_AEAD,
572 TLS1_2_VERSION, TLS1_2_VERSION,
573 DTLS1_2_VERSION, DTLS1_2_VERSION,
574 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
575 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
576 128,
577 128,
578 },
579 {
580 1,
581 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
582 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
583 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
584 SSL_kDHE,
585 SSL_aDSS,
586 SSL_AES256GCM,
587 SSL_AEAD,
588 TLS1_2_VERSION, TLS1_2_VERSION,
589 DTLS1_2_VERSION, DTLS1_2_VERSION,
590 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
591 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
592 256,
593 256,
594 },
595 {
596 1,
597 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
598 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
599 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
600 SSL_kDHE,
601 SSL_aNULL,
602 SSL_AES128GCM,
603 SSL_AEAD,
604 TLS1_2_VERSION, TLS1_2_VERSION,
605 DTLS1_2_VERSION, DTLS1_2_VERSION,
606 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
607 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608 128,
609 128,
610 },
611 {
612 1,
613 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
614 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
615 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
616 SSL_kDHE,
617 SSL_aNULL,
618 SSL_AES256GCM,
619 SSL_AEAD,
620 TLS1_2_VERSION, TLS1_2_VERSION,
621 DTLS1_2_VERSION, DTLS1_2_VERSION,
622 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
623 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
624 256,
625 256,
626 },
627 {
628 1,
629 TLS1_TXT_RSA_WITH_AES_128_CCM,
630 TLS1_RFC_RSA_WITH_AES_128_CCM,
631 TLS1_CK_RSA_WITH_AES_128_CCM,
632 SSL_kRSA,
633 SSL_aRSA,
634 SSL_AES128CCM,
635 SSL_AEAD,
636 TLS1_2_VERSION, TLS1_2_VERSION,
637 DTLS1_2_VERSION, DTLS1_2_VERSION,
638 SSL_NOT_DEFAULT | SSL_HIGH,
639 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
640 128,
641 128,
642 },
643 {
644 1,
645 TLS1_TXT_RSA_WITH_AES_256_CCM,
646 TLS1_RFC_RSA_WITH_AES_256_CCM,
647 TLS1_CK_RSA_WITH_AES_256_CCM,
648 SSL_kRSA,
649 SSL_aRSA,
650 SSL_AES256CCM,
651 SSL_AEAD,
652 TLS1_2_VERSION, TLS1_2_VERSION,
653 DTLS1_2_VERSION, DTLS1_2_VERSION,
654 SSL_NOT_DEFAULT | SSL_HIGH,
655 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
656 256,
657 256,
658 },
659 {
660 1,
661 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
662 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
663 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
664 SSL_kDHE,
665 SSL_aRSA,
666 SSL_AES128CCM,
667 SSL_AEAD,
668 TLS1_2_VERSION, TLS1_2_VERSION,
669 DTLS1_2_VERSION, DTLS1_2_VERSION,
670 SSL_NOT_DEFAULT | SSL_HIGH,
671 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
672 128,
673 128,
674 },
675 {
676 1,
677 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
678 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
679 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
680 SSL_kDHE,
681 SSL_aRSA,
682 SSL_AES256CCM,
683 SSL_AEAD,
684 TLS1_2_VERSION, TLS1_2_VERSION,
685 DTLS1_2_VERSION, DTLS1_2_VERSION,
686 SSL_NOT_DEFAULT | SSL_HIGH,
687 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688 256,
689 256,
690 },
691 {
692 1,
693 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
694 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
695 TLS1_CK_RSA_WITH_AES_128_CCM_8,
696 SSL_kRSA,
697 SSL_aRSA,
698 SSL_AES128CCM8,
699 SSL_AEAD,
700 TLS1_2_VERSION, TLS1_2_VERSION,
701 DTLS1_2_VERSION, DTLS1_2_VERSION,
702 SSL_NOT_DEFAULT | SSL_HIGH,
703 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
704 128,
705 128,
706 },
707 {
708 1,
709 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
710 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
711 TLS1_CK_RSA_WITH_AES_256_CCM_8,
712 SSL_kRSA,
713 SSL_aRSA,
714 SSL_AES256CCM8,
715 SSL_AEAD,
716 TLS1_2_VERSION, TLS1_2_VERSION,
717 DTLS1_2_VERSION, DTLS1_2_VERSION,
718 SSL_NOT_DEFAULT | SSL_HIGH,
719 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
720 256,
721 256,
722 },
723 {
724 1,
725 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
726 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
727 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
728 SSL_kDHE,
729 SSL_aRSA,
730 SSL_AES128CCM8,
731 SSL_AEAD,
732 TLS1_2_VERSION, TLS1_2_VERSION,
733 DTLS1_2_VERSION, DTLS1_2_VERSION,
734 SSL_NOT_DEFAULT | SSL_HIGH,
735 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
736 128,
737 128,
738 },
739 {
740 1,
741 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
742 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
743 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
744 SSL_kDHE,
745 SSL_aRSA,
746 SSL_AES256CCM8,
747 SSL_AEAD,
748 TLS1_2_VERSION, TLS1_2_VERSION,
749 DTLS1_2_VERSION, DTLS1_2_VERSION,
750 SSL_NOT_DEFAULT | SSL_HIGH,
751 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
752 256,
753 256,
754 },
755 {
756 1,
757 TLS1_TXT_PSK_WITH_AES_128_CCM,
758 TLS1_RFC_PSK_WITH_AES_128_CCM,
759 TLS1_CK_PSK_WITH_AES_128_CCM,
760 SSL_kPSK,
761 SSL_aPSK,
762 SSL_AES128CCM,
763 SSL_AEAD,
764 TLS1_2_VERSION, TLS1_2_VERSION,
765 DTLS1_2_VERSION, DTLS1_2_VERSION,
766 SSL_NOT_DEFAULT | SSL_HIGH,
767 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
768 128,
769 128,
770 },
771 {
772 1,
773 TLS1_TXT_PSK_WITH_AES_256_CCM,
774 TLS1_RFC_PSK_WITH_AES_256_CCM,
775 TLS1_CK_PSK_WITH_AES_256_CCM,
776 SSL_kPSK,
777 SSL_aPSK,
778 SSL_AES256CCM,
779 SSL_AEAD,
780 TLS1_2_VERSION, TLS1_2_VERSION,
781 DTLS1_2_VERSION, DTLS1_2_VERSION,
782 SSL_NOT_DEFAULT | SSL_HIGH,
783 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
784 256,
785 256,
786 },
787 {
788 1,
789 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
790 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
791 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
792 SSL_kDHEPSK,
793 SSL_aPSK,
794 SSL_AES128CCM,
795 SSL_AEAD,
796 TLS1_2_VERSION, TLS1_2_VERSION,
797 DTLS1_2_VERSION, DTLS1_2_VERSION,
798 SSL_NOT_DEFAULT | SSL_HIGH,
799 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
800 128,
801 128,
802 },
803 {
804 1,
805 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
807 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
808 SSL_kDHEPSK,
809 SSL_aPSK,
810 SSL_AES256CCM,
811 SSL_AEAD,
812 TLS1_2_VERSION, TLS1_2_VERSION,
813 DTLS1_2_VERSION, DTLS1_2_VERSION,
814 SSL_NOT_DEFAULT | SSL_HIGH,
815 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
816 256,
817 256,
818 },
819 {
820 1,
821 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
822 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
823 TLS1_CK_PSK_WITH_AES_128_CCM_8,
824 SSL_kPSK,
825 SSL_aPSK,
826 SSL_AES128CCM8,
827 SSL_AEAD,
828 TLS1_2_VERSION, TLS1_2_VERSION,
829 DTLS1_2_VERSION, DTLS1_2_VERSION,
830 SSL_NOT_DEFAULT | SSL_HIGH,
831 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
832 128,
833 128,
834 },
835 {
836 1,
837 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
838 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
839 TLS1_CK_PSK_WITH_AES_256_CCM_8,
840 SSL_kPSK,
841 SSL_aPSK,
842 SSL_AES256CCM8,
843 SSL_AEAD,
844 TLS1_2_VERSION, TLS1_2_VERSION,
845 DTLS1_2_VERSION, DTLS1_2_VERSION,
846 SSL_NOT_DEFAULT | SSL_HIGH,
847 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
848 256,
849 256,
850 },
851 {
852 1,
853 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
855 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
856 SSL_kDHEPSK,
857 SSL_aPSK,
858 SSL_AES128CCM8,
859 SSL_AEAD,
860 TLS1_2_VERSION, TLS1_2_VERSION,
861 DTLS1_2_VERSION, DTLS1_2_VERSION,
862 SSL_NOT_DEFAULT | SSL_HIGH,
863 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
864 128,
865 128,
866 },
867 {
868 1,
869 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
870 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
871 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
872 SSL_kDHEPSK,
873 SSL_aPSK,
874 SSL_AES256CCM8,
875 SSL_AEAD,
876 TLS1_2_VERSION, TLS1_2_VERSION,
877 DTLS1_2_VERSION, DTLS1_2_VERSION,
878 SSL_NOT_DEFAULT | SSL_HIGH,
879 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
880 256,
881 256,
882 },
883 {
884 1,
885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
887 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
888 SSL_kECDHE,
889 SSL_aECDSA,
890 SSL_AES128CCM,
891 SSL_AEAD,
892 TLS1_2_VERSION, TLS1_2_VERSION,
893 DTLS1_2_VERSION, DTLS1_2_VERSION,
894 SSL_NOT_DEFAULT | SSL_HIGH,
895 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
896 128,
897 128,
898 },
899 {
900 1,
901 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
902 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
904 SSL_kECDHE,
905 SSL_aECDSA,
906 SSL_AES256CCM,
907 SSL_AEAD,
908 TLS1_2_VERSION, TLS1_2_VERSION,
909 DTLS1_2_VERSION, DTLS1_2_VERSION,
910 SSL_NOT_DEFAULT | SSL_HIGH,
911 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
912 256,
913 256,
914 },
915 {
916 1,
917 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
920 SSL_kECDHE,
921 SSL_aECDSA,
922 SSL_AES128CCM8,
923 SSL_AEAD,
924 TLS1_2_VERSION, TLS1_2_VERSION,
925 DTLS1_2_VERSION, DTLS1_2_VERSION,
926 SSL_NOT_DEFAULT | SSL_HIGH,
927 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
928 128,
929 128,
930 },
931 {
932 1,
933 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
936 SSL_kECDHE,
937 SSL_aECDSA,
938 SSL_AES256CCM8,
939 SSL_AEAD,
940 TLS1_2_VERSION, TLS1_2_VERSION,
941 DTLS1_2_VERSION, DTLS1_2_VERSION,
942 SSL_NOT_DEFAULT | SSL_HIGH,
943 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
944 256,
945 256,
946 },
947 {
948 1,
949 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
951 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
952 SSL_kECDHE,
953 SSL_aECDSA,
954 SSL_eNULL,
955 SSL_SHA1,
956 TLS1_VERSION, TLS1_2_VERSION,
957 DTLS1_BAD_VER, DTLS1_2_VERSION,
958 SSL_STRONG_NONE | SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960 0,
961 0,
962 },
963 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
964 {
965 1,
966 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 SSL_kECDHE,
970 SSL_aECDSA,
971 SSL_3DES,
972 SSL_SHA1,
973 TLS1_VERSION, TLS1_2_VERSION,
974 DTLS1_BAD_VER, DTLS1_2_VERSION,
975 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
976 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
977 112,
978 168,
979 },
980 # endif
981 {
982 1,
983 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 SSL_kECDHE,
987 SSL_aECDSA,
988 SSL_AES128,
989 SSL_SHA1,
990 TLS1_VERSION, TLS1_2_VERSION,
991 DTLS1_BAD_VER, DTLS1_2_VERSION,
992 SSL_HIGH | SSL_FIPS,
993 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
994 128,
995 128,
996 },
997 {
998 1,
999 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 SSL_kECDHE,
1003 SSL_aECDSA,
1004 SSL_AES256,
1005 SSL_SHA1,
1006 TLS1_VERSION, TLS1_2_VERSION,
1007 DTLS1_BAD_VER, DTLS1_2_VERSION,
1008 SSL_HIGH | SSL_FIPS,
1009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1010 256,
1011 256,
1012 },
1013 {
1014 1,
1015 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1017 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1018 SSL_kECDHE,
1019 SSL_aRSA,
1020 SSL_eNULL,
1021 SSL_SHA1,
1022 TLS1_VERSION, TLS1_2_VERSION,
1023 DTLS1_BAD_VER, DTLS1_2_VERSION,
1024 SSL_STRONG_NONE | SSL_FIPS,
1025 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1026 0,
1027 0,
1028 },
1029 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1030 {
1031 1,
1032 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 SSL_kECDHE,
1036 SSL_aRSA,
1037 SSL_3DES,
1038 SSL_SHA1,
1039 TLS1_VERSION, TLS1_2_VERSION,
1040 DTLS1_BAD_VER, DTLS1_2_VERSION,
1041 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1042 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1043 112,
1044 168,
1045 },
1046 # endif
1047 {
1048 1,
1049 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 SSL_kECDHE,
1053 SSL_aRSA,
1054 SSL_AES128,
1055 SSL_SHA1,
1056 TLS1_VERSION, TLS1_2_VERSION,
1057 DTLS1_BAD_VER, DTLS1_2_VERSION,
1058 SSL_HIGH | SSL_FIPS,
1059 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1060 128,
1061 128,
1062 },
1063 {
1064 1,
1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 SSL_kECDHE,
1069 SSL_aRSA,
1070 SSL_AES256,
1071 SSL_SHA1,
1072 TLS1_VERSION, TLS1_2_VERSION,
1073 DTLS1_BAD_VER, DTLS1_2_VERSION,
1074 SSL_HIGH | SSL_FIPS,
1075 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1076 256,
1077 256,
1078 },
1079 {
1080 1,
1081 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1083 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1084 SSL_kECDHE,
1085 SSL_aNULL,
1086 SSL_eNULL,
1087 SSL_SHA1,
1088 TLS1_VERSION, TLS1_2_VERSION,
1089 DTLS1_BAD_VER, DTLS1_2_VERSION,
1090 SSL_STRONG_NONE | SSL_FIPS,
1091 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1092 0,
1093 0,
1094 },
1095 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1096 {
1097 1,
1098 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 SSL_kECDHE,
1102 SSL_aNULL,
1103 SSL_3DES,
1104 SSL_SHA1,
1105 TLS1_VERSION, TLS1_2_VERSION,
1106 DTLS1_BAD_VER, DTLS1_2_VERSION,
1107 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1108 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1109 112,
1110 168,
1111 },
1112 # endif
1113 {
1114 1,
1115 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1117 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 SSL_kECDHE,
1119 SSL_aNULL,
1120 SSL_AES128,
1121 SSL_SHA1,
1122 TLS1_VERSION, TLS1_2_VERSION,
1123 DTLS1_BAD_VER, DTLS1_2_VERSION,
1124 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1125 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1126 128,
1127 128,
1128 },
1129 {
1130 1,
1131 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1133 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 SSL_kECDHE,
1135 SSL_aNULL,
1136 SSL_AES256,
1137 SSL_SHA1,
1138 TLS1_VERSION, TLS1_2_VERSION,
1139 DTLS1_BAD_VER, DTLS1_2_VERSION,
1140 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1142 256,
1143 256,
1144 },
1145 {
1146 1,
1147 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 SSL_kECDHE,
1151 SSL_aECDSA,
1152 SSL_AES128,
1153 SSL_SHA256,
1154 TLS1_2_VERSION, TLS1_2_VERSION,
1155 DTLS1_2_VERSION, DTLS1_2_VERSION,
1156 SSL_HIGH | SSL_FIPS,
1157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1158 128,
1159 128,
1160 },
1161 {
1162 1,
1163 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 SSL_kECDHE,
1167 SSL_aECDSA,
1168 SSL_AES256,
1169 SSL_SHA384,
1170 TLS1_2_VERSION, TLS1_2_VERSION,
1171 DTLS1_2_VERSION, DTLS1_2_VERSION,
1172 SSL_HIGH | SSL_FIPS,
1173 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1174 256,
1175 256,
1176 },
1177 {
1178 1,
1179 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1181 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1182 SSL_kECDHE,
1183 SSL_aRSA,
1184 SSL_AES128,
1185 SSL_SHA256,
1186 TLS1_2_VERSION, TLS1_2_VERSION,
1187 DTLS1_2_VERSION, DTLS1_2_VERSION,
1188 SSL_HIGH | SSL_FIPS,
1189 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1190 128,
1191 128,
1192 },
1193 {
1194 1,
1195 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1197 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1198 SSL_kECDHE,
1199 SSL_aRSA,
1200 SSL_AES256,
1201 SSL_SHA384,
1202 TLS1_2_VERSION, TLS1_2_VERSION,
1203 DTLS1_2_VERSION, DTLS1_2_VERSION,
1204 SSL_HIGH | SSL_FIPS,
1205 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1206 256,
1207 256,
1208 },
1209 {
1210 1,
1211 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 SSL_kECDHE,
1215 SSL_aECDSA,
1216 SSL_AES128GCM,
1217 SSL_AEAD,
1218 TLS1_2_VERSION, TLS1_2_VERSION,
1219 DTLS1_2_VERSION, DTLS1_2_VERSION,
1220 SSL_HIGH | SSL_FIPS,
1221 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1222 128,
1223 128,
1224 },
1225 {
1226 1,
1227 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 SSL_kECDHE,
1231 SSL_aECDSA,
1232 SSL_AES256GCM,
1233 SSL_AEAD,
1234 TLS1_2_VERSION, TLS1_2_VERSION,
1235 DTLS1_2_VERSION, DTLS1_2_VERSION,
1236 SSL_HIGH | SSL_FIPS,
1237 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1238 256,
1239 256,
1240 },
1241 {
1242 1,
1243 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 SSL_kECDHE,
1247 SSL_aRSA,
1248 SSL_AES128GCM,
1249 SSL_AEAD,
1250 TLS1_2_VERSION, TLS1_2_VERSION,
1251 DTLS1_2_VERSION, DTLS1_2_VERSION,
1252 SSL_HIGH | SSL_FIPS,
1253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1254 128,
1255 128,
1256 },
1257 {
1258 1,
1259 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 SSL_kECDHE,
1263 SSL_aRSA,
1264 SSL_AES256GCM,
1265 SSL_AEAD,
1266 TLS1_2_VERSION, TLS1_2_VERSION,
1267 DTLS1_2_VERSION, DTLS1_2_VERSION,
1268 SSL_HIGH | SSL_FIPS,
1269 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1270 256,
1271 256,
1272 },
1273 {
1274 1,
1275 TLS1_TXT_PSK_WITH_NULL_SHA,
1276 TLS1_RFC_PSK_WITH_NULL_SHA,
1277 TLS1_CK_PSK_WITH_NULL_SHA,
1278 SSL_kPSK,
1279 SSL_aPSK,
1280 SSL_eNULL,
1281 SSL_SHA1,
1282 SSL3_VERSION, TLS1_2_VERSION,
1283 DTLS1_BAD_VER, DTLS1_2_VERSION,
1284 SSL_STRONG_NONE | SSL_FIPS,
1285 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1286 0,
1287 0,
1288 },
1289 {
1290 1,
1291 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1294 SSL_kDHEPSK,
1295 SSL_aPSK,
1296 SSL_eNULL,
1297 SSL_SHA1,
1298 SSL3_VERSION, TLS1_2_VERSION,
1299 DTLS1_BAD_VER, DTLS1_2_VERSION,
1300 SSL_STRONG_NONE | SSL_FIPS,
1301 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1302 0,
1303 0,
1304 },
1305 {
1306 1,
1307 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1310 SSL_kRSAPSK,
1311 SSL_aRSA,
1312 SSL_eNULL,
1313 SSL_SHA1,
1314 SSL3_VERSION, TLS1_2_VERSION,
1315 DTLS1_BAD_VER, DTLS1_2_VERSION,
1316 SSL_STRONG_NONE | SSL_FIPS,
1317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1318 0,
1319 0,
1320 },
1321 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1322 {
1323 1,
1324 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1327 SSL_kPSK,
1328 SSL_aPSK,
1329 SSL_3DES,
1330 SSL_SHA1,
1331 SSL3_VERSION, TLS1_2_VERSION,
1332 DTLS1_BAD_VER, DTLS1_2_VERSION,
1333 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335 112,
1336 168,
1337 },
1338 # endif
1339 {
1340 1,
1341 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1344 SSL_kPSK,
1345 SSL_aPSK,
1346 SSL_AES128,
1347 SSL_SHA1,
1348 SSL3_VERSION, TLS1_2_VERSION,
1349 DTLS1_BAD_VER, DTLS1_2_VERSION,
1350 SSL_HIGH | SSL_FIPS,
1351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1352 128,
1353 128,
1354 },
1355 {
1356 1,
1357 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1360 SSL_kPSK,
1361 SSL_aPSK,
1362 SSL_AES256,
1363 SSL_SHA1,
1364 SSL3_VERSION, TLS1_2_VERSION,
1365 DTLS1_BAD_VER, DTLS1_2_VERSION,
1366 SSL_HIGH | SSL_FIPS,
1367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1368 256,
1369 256,
1370 },
1371 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1372 {
1373 1,
1374 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 SSL_kDHEPSK,
1378 SSL_aPSK,
1379 SSL_3DES,
1380 SSL_SHA1,
1381 SSL3_VERSION, TLS1_2_VERSION,
1382 DTLS1_BAD_VER, DTLS1_2_VERSION,
1383 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1384 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1385 112,
1386 168,
1387 },
1388 # endif
1389 {
1390 1,
1391 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 SSL_kDHEPSK,
1395 SSL_aPSK,
1396 SSL_AES128,
1397 SSL_SHA1,
1398 SSL3_VERSION, TLS1_2_VERSION,
1399 DTLS1_BAD_VER, DTLS1_2_VERSION,
1400 SSL_HIGH | SSL_FIPS,
1401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1402 128,
1403 128,
1404 },
1405 {
1406 1,
1407 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 SSL_kDHEPSK,
1411 SSL_aPSK,
1412 SSL_AES256,
1413 SSL_SHA1,
1414 SSL3_VERSION, TLS1_2_VERSION,
1415 DTLS1_BAD_VER, DTLS1_2_VERSION,
1416 SSL_HIGH | SSL_FIPS,
1417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1418 256,
1419 256,
1420 },
1421 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1422 {
1423 1,
1424 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 SSL_kRSAPSK,
1428 SSL_aRSA,
1429 SSL_3DES,
1430 SSL_SHA1,
1431 SSL3_VERSION, TLS1_2_VERSION,
1432 DTLS1_BAD_VER, DTLS1_2_VERSION,
1433 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1434 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1435 112,
1436 168,
1437 },
1438 # endif
1439 {
1440 1,
1441 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 SSL_kRSAPSK,
1445 SSL_aRSA,
1446 SSL_AES128,
1447 SSL_SHA1,
1448 SSL3_VERSION, TLS1_2_VERSION,
1449 DTLS1_BAD_VER, DTLS1_2_VERSION,
1450 SSL_HIGH | SSL_FIPS,
1451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1452 128,
1453 128,
1454 },
1455 {
1456 1,
1457 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 SSL_kRSAPSK,
1461 SSL_aRSA,
1462 SSL_AES256,
1463 SSL_SHA1,
1464 SSL3_VERSION, TLS1_2_VERSION,
1465 DTLS1_BAD_VER, DTLS1_2_VERSION,
1466 SSL_HIGH | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1468 256,
1469 256,
1470 },
1471 {
1472 1,
1473 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1476 SSL_kPSK,
1477 SSL_aPSK,
1478 SSL_AES128GCM,
1479 SSL_AEAD,
1480 TLS1_2_VERSION, TLS1_2_VERSION,
1481 DTLS1_2_VERSION, DTLS1_2_VERSION,
1482 SSL_HIGH | SSL_FIPS,
1483 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1484 128,
1485 128,
1486 },
1487 {
1488 1,
1489 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1492 SSL_kPSK,
1493 SSL_aPSK,
1494 SSL_AES256GCM,
1495 SSL_AEAD,
1496 TLS1_2_VERSION, TLS1_2_VERSION,
1497 DTLS1_2_VERSION, DTLS1_2_VERSION,
1498 SSL_HIGH | SSL_FIPS,
1499 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1500 256,
1501 256,
1502 },
1503 {
1504 1,
1505 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 SSL_kDHEPSK,
1509 SSL_aPSK,
1510 SSL_AES128GCM,
1511 SSL_AEAD,
1512 TLS1_2_VERSION, TLS1_2_VERSION,
1513 DTLS1_2_VERSION, DTLS1_2_VERSION,
1514 SSL_HIGH | SSL_FIPS,
1515 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1516 128,
1517 128,
1518 },
1519 {
1520 1,
1521 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 SSL_kDHEPSK,
1525 SSL_aPSK,
1526 SSL_AES256GCM,
1527 SSL_AEAD,
1528 TLS1_2_VERSION, TLS1_2_VERSION,
1529 DTLS1_2_VERSION, DTLS1_2_VERSION,
1530 SSL_HIGH | SSL_FIPS,
1531 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1532 256,
1533 256,
1534 },
1535 {
1536 1,
1537 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 SSL_kRSAPSK,
1541 SSL_aRSA,
1542 SSL_AES128GCM,
1543 SSL_AEAD,
1544 TLS1_2_VERSION, TLS1_2_VERSION,
1545 DTLS1_2_VERSION, DTLS1_2_VERSION,
1546 SSL_HIGH | SSL_FIPS,
1547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1548 128,
1549 128,
1550 },
1551 {
1552 1,
1553 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 SSL_kRSAPSK,
1557 SSL_aRSA,
1558 SSL_AES256GCM,
1559 SSL_AEAD,
1560 TLS1_2_VERSION, TLS1_2_VERSION,
1561 DTLS1_2_VERSION, DTLS1_2_VERSION,
1562 SSL_HIGH | SSL_FIPS,
1563 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1564 256,
1565 256,
1566 },
1567 {
1568 1,
1569 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1572 SSL_kPSK,
1573 SSL_aPSK,
1574 SSL_AES128,
1575 SSL_SHA256,
1576 TLS1_VERSION, TLS1_2_VERSION,
1577 DTLS1_BAD_VER, DTLS1_2_VERSION,
1578 SSL_HIGH | SSL_FIPS,
1579 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1580 128,
1581 128,
1582 },
1583 {
1584 1,
1585 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1588 SSL_kPSK,
1589 SSL_aPSK,
1590 SSL_AES256,
1591 SSL_SHA384,
1592 TLS1_VERSION, TLS1_2_VERSION,
1593 DTLS1_BAD_VER, DTLS1_2_VERSION,
1594 SSL_HIGH | SSL_FIPS,
1595 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1596 256,
1597 256,
1598 },
1599 {
1600 1,
1601 TLS1_TXT_PSK_WITH_NULL_SHA256,
1602 TLS1_RFC_PSK_WITH_NULL_SHA256,
1603 TLS1_CK_PSK_WITH_NULL_SHA256,
1604 SSL_kPSK,
1605 SSL_aPSK,
1606 SSL_eNULL,
1607 SSL_SHA256,
1608 TLS1_VERSION, TLS1_2_VERSION,
1609 DTLS1_BAD_VER, DTLS1_2_VERSION,
1610 SSL_STRONG_NONE | SSL_FIPS,
1611 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1612 0,
1613 0,
1614 },
1615 {
1616 1,
1617 TLS1_TXT_PSK_WITH_NULL_SHA384,
1618 TLS1_RFC_PSK_WITH_NULL_SHA384,
1619 TLS1_CK_PSK_WITH_NULL_SHA384,
1620 SSL_kPSK,
1621 SSL_aPSK,
1622 SSL_eNULL,
1623 SSL_SHA384,
1624 TLS1_VERSION, TLS1_2_VERSION,
1625 DTLS1_BAD_VER, DTLS1_2_VERSION,
1626 SSL_STRONG_NONE | SSL_FIPS,
1627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1628 0,
1629 0,
1630 },
1631 {
1632 1,
1633 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 SSL_kDHEPSK,
1637 SSL_aPSK,
1638 SSL_AES128,
1639 SSL_SHA256,
1640 TLS1_VERSION, TLS1_2_VERSION,
1641 DTLS1_BAD_VER, DTLS1_2_VERSION,
1642 SSL_HIGH | SSL_FIPS,
1643 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1644 128,
1645 128,
1646 },
1647 {
1648 1,
1649 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 SSL_kDHEPSK,
1653 SSL_aPSK,
1654 SSL_AES256,
1655 SSL_SHA384,
1656 TLS1_VERSION, TLS1_2_VERSION,
1657 DTLS1_BAD_VER, DTLS1_2_VERSION,
1658 SSL_HIGH | SSL_FIPS,
1659 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1660 256,
1661 256,
1662 },
1663 {
1664 1,
1665 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1668 SSL_kDHEPSK,
1669 SSL_aPSK,
1670 SSL_eNULL,
1671 SSL_SHA256,
1672 TLS1_VERSION, TLS1_2_VERSION,
1673 DTLS1_BAD_VER, DTLS1_2_VERSION,
1674 SSL_STRONG_NONE | SSL_FIPS,
1675 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1676 0,
1677 0,
1678 },
1679 {
1680 1,
1681 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1684 SSL_kDHEPSK,
1685 SSL_aPSK,
1686 SSL_eNULL,
1687 SSL_SHA384,
1688 TLS1_VERSION, TLS1_2_VERSION,
1689 DTLS1_BAD_VER, DTLS1_2_VERSION,
1690 SSL_STRONG_NONE | SSL_FIPS,
1691 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1692 0,
1693 0,
1694 },
1695 {
1696 1,
1697 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 SSL_kRSAPSK,
1701 SSL_aRSA,
1702 SSL_AES128,
1703 SSL_SHA256,
1704 TLS1_VERSION, TLS1_2_VERSION,
1705 DTLS1_BAD_VER, DTLS1_2_VERSION,
1706 SSL_HIGH | SSL_FIPS,
1707 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1708 128,
1709 128,
1710 },
1711 {
1712 1,
1713 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 SSL_kRSAPSK,
1717 SSL_aRSA,
1718 SSL_AES256,
1719 SSL_SHA384,
1720 TLS1_VERSION, TLS1_2_VERSION,
1721 DTLS1_BAD_VER, DTLS1_2_VERSION,
1722 SSL_HIGH | SSL_FIPS,
1723 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1724 256,
1725 256,
1726 },
1727 {
1728 1,
1729 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1732 SSL_kRSAPSK,
1733 SSL_aRSA,
1734 SSL_eNULL,
1735 SSL_SHA256,
1736 TLS1_VERSION, TLS1_2_VERSION,
1737 DTLS1_BAD_VER, DTLS1_2_VERSION,
1738 SSL_STRONG_NONE | SSL_FIPS,
1739 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1740 0,
1741 0,
1742 },
1743 {
1744 1,
1745 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1748 SSL_kRSAPSK,
1749 SSL_aRSA,
1750 SSL_eNULL,
1751 SSL_SHA384,
1752 TLS1_VERSION, TLS1_2_VERSION,
1753 DTLS1_BAD_VER, DTLS1_2_VERSION,
1754 SSL_STRONG_NONE | SSL_FIPS,
1755 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1756 0,
1757 0,
1758 },
1759 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1760 {
1761 1,
1762 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 SSL_kECDHEPSK,
1766 SSL_aPSK,
1767 SSL_3DES,
1768 SSL_SHA1,
1769 TLS1_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1773 112,
1774 168,
1775 },
1776 # endif
1777 {
1778 1,
1779 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 SSL_kECDHEPSK,
1783 SSL_aPSK,
1784 SSL_AES128,
1785 SSL_SHA1,
1786 TLS1_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1788 SSL_HIGH | SSL_FIPS,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1790 128,
1791 128,
1792 },
1793 {
1794 1,
1795 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 SSL_kECDHEPSK,
1799 SSL_aPSK,
1800 SSL_AES256,
1801 SSL_SHA1,
1802 TLS1_VERSION, TLS1_2_VERSION,
1803 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_HIGH | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1806 256,
1807 256,
1808 },
1809 {
1810 1,
1811 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 SSL_kECDHEPSK,
1815 SSL_aPSK,
1816 SSL_AES128,
1817 SSL_SHA256,
1818 TLS1_VERSION, TLS1_2_VERSION,
1819 DTLS1_BAD_VER, DTLS1_2_VERSION,
1820 SSL_HIGH | SSL_FIPS,
1821 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1822 128,
1823 128,
1824 },
1825 {
1826 1,
1827 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 SSL_kECDHEPSK,
1831 SSL_aPSK,
1832 SSL_AES256,
1833 SSL_SHA384,
1834 TLS1_VERSION, TLS1_2_VERSION,
1835 DTLS1_BAD_VER, DTLS1_2_VERSION,
1836 SSL_HIGH | SSL_FIPS,
1837 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1838 256,
1839 256,
1840 },
1841 {
1842 1,
1843 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1845 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1846 SSL_kECDHEPSK,
1847 SSL_aPSK,
1848 SSL_eNULL,
1849 SSL_SHA1,
1850 TLS1_VERSION, TLS1_2_VERSION,
1851 DTLS1_BAD_VER, DTLS1_2_VERSION,
1852 SSL_STRONG_NONE | SSL_FIPS,
1853 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1854 0,
1855 0,
1856 },
1857 {
1858 1,
1859 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1861 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1862 SSL_kECDHEPSK,
1863 SSL_aPSK,
1864 SSL_eNULL,
1865 SSL_SHA256,
1866 TLS1_VERSION, TLS1_2_VERSION,
1867 DTLS1_BAD_VER, DTLS1_2_VERSION,
1868 SSL_STRONG_NONE | SSL_FIPS,
1869 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1870 0,
1871 0,
1872 },
1873 {
1874 1,
1875 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1877 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1878 SSL_kECDHEPSK,
1879 SSL_aPSK,
1880 SSL_eNULL,
1881 SSL_SHA384,
1882 TLS1_VERSION, TLS1_2_VERSION,
1883 DTLS1_BAD_VER, DTLS1_2_VERSION,
1884 SSL_STRONG_NONE | SSL_FIPS,
1885 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1886 0,
1887 0,
1888 },
1889
1890 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1891 {
1892 1,
1893 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896 SSL_kSRP,
1897 SSL_aSRP,
1898 SSL_3DES,
1899 SSL_SHA1,
1900 SSL3_VERSION, TLS1_2_VERSION,
1901 DTLS1_BAD_VER, DTLS1_2_VERSION,
1902 SSL_NOT_DEFAULT | SSL_MEDIUM,
1903 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1904 112,
1905 168,
1906 },
1907 {
1908 1,
1909 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912 SSL_kSRP,
1913 SSL_aRSA,
1914 SSL_3DES,
1915 SSL_SHA1,
1916 SSL3_VERSION, TLS1_2_VERSION,
1917 DTLS1_BAD_VER, DTLS1_2_VERSION,
1918 SSL_NOT_DEFAULT | SSL_MEDIUM,
1919 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1920 112,
1921 168,
1922 },
1923 {
1924 1,
1925 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928 SSL_kSRP,
1929 SSL_aDSS,
1930 SSL_3DES,
1931 SSL_SHA1,
1932 SSL3_VERSION, TLS1_2_VERSION,
1933 DTLS1_BAD_VER, DTLS1_2_VERSION,
1934 SSL_NOT_DEFAULT | SSL_MEDIUM,
1935 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1936 112,
1937 168,
1938 },
1939 # endif
1940 {
1941 1,
1942 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1943 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1944 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1945 SSL_kSRP,
1946 SSL_aSRP,
1947 SSL_AES128,
1948 SSL_SHA1,
1949 SSL3_VERSION, TLS1_2_VERSION,
1950 DTLS1_BAD_VER, DTLS1_2_VERSION,
1951 SSL_HIGH,
1952 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1953 128,
1954 128,
1955 },
1956 {
1957 1,
1958 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961 SSL_kSRP,
1962 SSL_aRSA,
1963 SSL_AES128,
1964 SSL_SHA1,
1965 SSL3_VERSION, TLS1_2_VERSION,
1966 DTLS1_BAD_VER, DTLS1_2_VERSION,
1967 SSL_HIGH,
1968 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1969 128,
1970 128,
1971 },
1972 {
1973 1,
1974 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977 SSL_kSRP,
1978 SSL_aDSS,
1979 SSL_AES128,
1980 SSL_SHA1,
1981 SSL3_VERSION, TLS1_2_VERSION,
1982 DTLS1_BAD_VER, DTLS1_2_VERSION,
1983 SSL_NOT_DEFAULT | SSL_HIGH,
1984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1985 128,
1986 128,
1987 },
1988 {
1989 1,
1990 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1991 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1992 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1993 SSL_kSRP,
1994 SSL_aSRP,
1995 SSL_AES256,
1996 SSL_SHA1,
1997 SSL3_VERSION, TLS1_2_VERSION,
1998 DTLS1_BAD_VER, DTLS1_2_VERSION,
1999 SSL_HIGH,
2000 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2001 256,
2002 256,
2003 },
2004 {
2005 1,
2006 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009 SSL_kSRP,
2010 SSL_aRSA,
2011 SSL_AES256,
2012 SSL_SHA1,
2013 SSL3_VERSION, TLS1_2_VERSION,
2014 DTLS1_BAD_VER, DTLS1_2_VERSION,
2015 SSL_HIGH,
2016 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2017 256,
2018 256,
2019 },
2020 {
2021 1,
2022 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025 SSL_kSRP,
2026 SSL_aDSS,
2027 SSL_AES256,
2028 SSL_SHA1,
2029 SSL3_VERSION, TLS1_2_VERSION,
2030 DTLS1_BAD_VER, DTLS1_2_VERSION,
2031 SSL_NOT_DEFAULT | SSL_HIGH,
2032 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2033 256,
2034 256,
2035 },
2036
2037 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2038 {
2039 1,
2040 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2042 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2043 SSL_kDHE,
2044 SSL_aRSA,
2045 SSL_CHACHA20POLY1305,
2046 SSL_AEAD,
2047 TLS1_2_VERSION, TLS1_2_VERSION,
2048 DTLS1_2_VERSION, DTLS1_2_VERSION,
2049 SSL_HIGH,
2050 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2051 256,
2052 256,
2053 },
2054 {
2055 1,
2056 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2059 SSL_kECDHE,
2060 SSL_aRSA,
2061 SSL_CHACHA20POLY1305,
2062 SSL_AEAD,
2063 TLS1_2_VERSION, TLS1_2_VERSION,
2064 DTLS1_2_VERSION, DTLS1_2_VERSION,
2065 SSL_HIGH,
2066 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2067 256,
2068 256,
2069 },
2070 {
2071 1,
2072 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2075 SSL_kECDHE,
2076 SSL_aECDSA,
2077 SSL_CHACHA20POLY1305,
2078 SSL_AEAD,
2079 TLS1_2_VERSION, TLS1_2_VERSION,
2080 DTLS1_2_VERSION, DTLS1_2_VERSION,
2081 SSL_HIGH,
2082 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2083 256,
2084 256,
2085 },
2086 {
2087 1,
2088 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2089 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2090 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2091 SSL_kPSK,
2092 SSL_aPSK,
2093 SSL_CHACHA20POLY1305,
2094 SSL_AEAD,
2095 TLS1_2_VERSION, TLS1_2_VERSION,
2096 DTLS1_2_VERSION, DTLS1_2_VERSION,
2097 SSL_HIGH,
2098 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2099 256,
2100 256,
2101 },
2102 {
2103 1,
2104 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2107 SSL_kECDHEPSK,
2108 SSL_aPSK,
2109 SSL_CHACHA20POLY1305,
2110 SSL_AEAD,
2111 TLS1_2_VERSION, TLS1_2_VERSION,
2112 DTLS1_2_VERSION, DTLS1_2_VERSION,
2113 SSL_HIGH,
2114 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2115 256,
2116 256,
2117 },
2118 {
2119 1,
2120 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2122 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2123 SSL_kDHEPSK,
2124 SSL_aPSK,
2125 SSL_CHACHA20POLY1305,
2126 SSL_AEAD,
2127 TLS1_2_VERSION, TLS1_2_VERSION,
2128 DTLS1_2_VERSION, DTLS1_2_VERSION,
2129 SSL_HIGH,
2130 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2131 256,
2132 256,
2133 },
2134 {
2135 1,
2136 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2138 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2139 SSL_kRSAPSK,
2140 SSL_aRSA,
2141 SSL_CHACHA20POLY1305,
2142 SSL_AEAD,
2143 TLS1_2_VERSION, TLS1_2_VERSION,
2144 DTLS1_2_VERSION, DTLS1_2_VERSION,
2145 SSL_HIGH,
2146 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2147 256,
2148 256,
2149 },
2150 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2151 * !defined(OPENSSL_NO_POLY1305) */
2152
2153 #ifndef OPENSSL_NO_CAMELLIA
2154 {
2155 1,
2156 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2157 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2158 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2159 SSL_kRSA,
2160 SSL_aRSA,
2161 SSL_CAMELLIA128,
2162 SSL_SHA256,
2163 TLS1_2_VERSION, TLS1_2_VERSION,
2164 DTLS1_2_VERSION, DTLS1_2_VERSION,
2165 SSL_NOT_DEFAULT | SSL_HIGH,
2166 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2167 128,
2168 128,
2169 },
2170 {
2171 1,
2172 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2173 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2174 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2175 SSL_kEDH,
2176 SSL_aDSS,
2177 SSL_CAMELLIA128,
2178 SSL_SHA256,
2179 TLS1_2_VERSION, TLS1_2_VERSION,
2180 DTLS1_2_VERSION, DTLS1_2_VERSION,
2181 SSL_NOT_DEFAULT | SSL_HIGH,
2182 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2183 128,
2184 128,
2185 },
2186 {
2187 1,
2188 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2189 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2190 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2191 SSL_kEDH,
2192 SSL_aRSA,
2193 SSL_CAMELLIA128,
2194 SSL_SHA256,
2195 TLS1_2_VERSION, TLS1_2_VERSION,
2196 DTLS1_2_VERSION, DTLS1_2_VERSION,
2197 SSL_NOT_DEFAULT | SSL_HIGH,
2198 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2199 128,
2200 128,
2201 },
2202 {
2203 1,
2204 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2206 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2207 SSL_kEDH,
2208 SSL_aNULL,
2209 SSL_CAMELLIA128,
2210 SSL_SHA256,
2211 TLS1_2_VERSION, TLS1_2_VERSION,
2212 DTLS1_2_VERSION, DTLS1_2_VERSION,
2213 SSL_NOT_DEFAULT | SSL_HIGH,
2214 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2215 128,
2216 128,
2217 },
2218 {
2219 1,
2220 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2221 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2222 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2223 SSL_kRSA,
2224 SSL_aRSA,
2225 SSL_CAMELLIA256,
2226 SSL_SHA256,
2227 TLS1_2_VERSION, TLS1_2_VERSION,
2228 DTLS1_2_VERSION, DTLS1_2_VERSION,
2229 SSL_NOT_DEFAULT | SSL_HIGH,
2230 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2231 256,
2232 256,
2233 },
2234 {
2235 1,
2236 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2237 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2238 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2239 SSL_kEDH,
2240 SSL_aDSS,
2241 SSL_CAMELLIA256,
2242 SSL_SHA256,
2243 TLS1_2_VERSION, TLS1_2_VERSION,
2244 DTLS1_2_VERSION, DTLS1_2_VERSION,
2245 SSL_NOT_DEFAULT | SSL_HIGH,
2246 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2247 256,
2248 256,
2249 },
2250 {
2251 1,
2252 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2253 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2254 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2255 SSL_kEDH,
2256 SSL_aRSA,
2257 SSL_CAMELLIA256,
2258 SSL_SHA256,
2259 TLS1_2_VERSION, TLS1_2_VERSION,
2260 DTLS1_2_VERSION, DTLS1_2_VERSION,
2261 SSL_NOT_DEFAULT | SSL_HIGH,
2262 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2263 256,
2264 256,
2265 },
2266 {
2267 1,
2268 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2270 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2271 SSL_kEDH,
2272 SSL_aNULL,
2273 SSL_CAMELLIA256,
2274 SSL_SHA256,
2275 TLS1_2_VERSION, TLS1_2_VERSION,
2276 DTLS1_2_VERSION, DTLS1_2_VERSION,
2277 SSL_NOT_DEFAULT | SSL_HIGH,
2278 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2279 256,
2280 256,
2281 },
2282 {
2283 1,
2284 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2285 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2286 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2287 SSL_kRSA,
2288 SSL_aRSA,
2289 SSL_CAMELLIA256,
2290 SSL_SHA1,
2291 SSL3_VERSION, TLS1_2_VERSION,
2292 DTLS1_BAD_VER, DTLS1_2_VERSION,
2293 SSL_NOT_DEFAULT | SSL_HIGH,
2294 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2295 256,
2296 256,
2297 },
2298 {
2299 1,
2300 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2301 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2302 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2303 SSL_kDHE,
2304 SSL_aDSS,
2305 SSL_CAMELLIA256,
2306 SSL_SHA1,
2307 SSL3_VERSION, TLS1_2_VERSION,
2308 DTLS1_BAD_VER, DTLS1_2_VERSION,
2309 SSL_NOT_DEFAULT | SSL_HIGH,
2310 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2311 256,
2312 256,
2313 },
2314 {
2315 1,
2316 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2317 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2318 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2319 SSL_kDHE,
2320 SSL_aRSA,
2321 SSL_CAMELLIA256,
2322 SSL_SHA1,
2323 SSL3_VERSION, TLS1_2_VERSION,
2324 DTLS1_BAD_VER, DTLS1_2_VERSION,
2325 SSL_NOT_DEFAULT | SSL_HIGH,
2326 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2327 256,
2328 256,
2329 },
2330 {
2331 1,
2332 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2334 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2335 SSL_kDHE,
2336 SSL_aNULL,
2337 SSL_CAMELLIA256,
2338 SSL_SHA1,
2339 SSL3_VERSION, TLS1_2_VERSION,
2340 DTLS1_BAD_VER, DTLS1_2_VERSION,
2341 SSL_NOT_DEFAULT | SSL_HIGH,
2342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2343 256,
2344 256,
2345 },
2346 {
2347 1,
2348 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2349 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2350 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2351 SSL_kRSA,
2352 SSL_aRSA,
2353 SSL_CAMELLIA128,
2354 SSL_SHA1,
2355 SSL3_VERSION, TLS1_2_VERSION,
2356 DTLS1_BAD_VER, DTLS1_2_VERSION,
2357 SSL_NOT_DEFAULT | SSL_HIGH,
2358 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2359 128,
2360 128,
2361 },
2362 {
2363 1,
2364 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2365 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2366 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2367 SSL_kDHE,
2368 SSL_aDSS,
2369 SSL_CAMELLIA128,
2370 SSL_SHA1,
2371 SSL3_VERSION, TLS1_2_VERSION,
2372 DTLS1_BAD_VER, DTLS1_2_VERSION,
2373 SSL_NOT_DEFAULT | SSL_HIGH,
2374 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2375 128,
2376 128,
2377 },
2378 {
2379 1,
2380 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2381 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2382 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2383 SSL_kDHE,
2384 SSL_aRSA,
2385 SSL_CAMELLIA128,
2386 SSL_SHA1,
2387 SSL3_VERSION, TLS1_2_VERSION,
2388 DTLS1_BAD_VER, DTLS1_2_VERSION,
2389 SSL_NOT_DEFAULT | SSL_HIGH,
2390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2391 128,
2392 128,
2393 },
2394 {
2395 1,
2396 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2398 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2399 SSL_kDHE,
2400 SSL_aNULL,
2401 SSL_CAMELLIA128,
2402 SSL_SHA1,
2403 SSL3_VERSION, TLS1_2_VERSION,
2404 DTLS1_BAD_VER, DTLS1_2_VERSION,
2405 SSL_NOT_DEFAULT | SSL_HIGH,
2406 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2407 128,
2408 128,
2409 },
2410 {
2411 1,
2412 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2414 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2415 SSL_kECDHE,
2416 SSL_aECDSA,
2417 SSL_CAMELLIA128,
2418 SSL_SHA256,
2419 TLS1_2_VERSION, TLS1_2_VERSION,
2420 DTLS1_2_VERSION, DTLS1_2_VERSION,
2421 SSL_NOT_DEFAULT | SSL_HIGH,
2422 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2423 128,
2424 128,
2425 },
2426 {
2427 1,
2428 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2429 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2430 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2431 SSL_kECDHE,
2432 SSL_aECDSA,
2433 SSL_CAMELLIA256,
2434 SSL_SHA384,
2435 TLS1_2_VERSION, TLS1_2_VERSION,
2436 DTLS1_2_VERSION, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2439 256,
2440 256,
2441 },
2442 {
2443 1,
2444 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2445 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2446 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2447 SSL_kECDHE,
2448 SSL_aRSA,
2449 SSL_CAMELLIA128,
2450 SSL_SHA256,
2451 TLS1_2_VERSION, TLS1_2_VERSION,
2452 DTLS1_2_VERSION, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2455 128,
2456 128,
2457 },
2458 {
2459 1,
2460 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2461 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2462 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2463 SSL_kECDHE,
2464 SSL_aRSA,
2465 SSL_CAMELLIA256,
2466 SSL_SHA384,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2471 256,
2472 256,
2473 },
2474 {
2475 1,
2476 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2478 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2479 SSL_kPSK,
2480 SSL_aPSK,
2481 SSL_CAMELLIA128,
2482 SSL_SHA256,
2483 TLS1_VERSION, TLS1_2_VERSION,
2484 DTLS1_BAD_VER, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2487 128,
2488 128,
2489 },
2490 {
2491 1,
2492 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2494 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2495 SSL_kPSK,
2496 SSL_aPSK,
2497 SSL_CAMELLIA256,
2498 SSL_SHA384,
2499 TLS1_VERSION, TLS1_2_VERSION,
2500 DTLS1_BAD_VER, DTLS1_2_VERSION,
2501 SSL_NOT_DEFAULT | SSL_HIGH,
2502 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2503 256,
2504 256,
2505 },
2506 {
2507 1,
2508 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2509 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2510 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2511 SSL_kDHEPSK,
2512 SSL_aPSK,
2513 SSL_CAMELLIA128,
2514 SSL_SHA256,
2515 TLS1_VERSION, TLS1_2_VERSION,
2516 DTLS1_BAD_VER, DTLS1_2_VERSION,
2517 SSL_NOT_DEFAULT | SSL_HIGH,
2518 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2519 128,
2520 128,
2521 },
2522 {
2523 1,
2524 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2525 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2526 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2527 SSL_kDHEPSK,
2528 SSL_aPSK,
2529 SSL_CAMELLIA256,
2530 SSL_SHA384,
2531 TLS1_VERSION, TLS1_2_VERSION,
2532 DTLS1_BAD_VER, DTLS1_2_VERSION,
2533 SSL_NOT_DEFAULT | SSL_HIGH,
2534 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2535 256,
2536 256,
2537 },
2538 {
2539 1,
2540 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2541 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2542 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2543 SSL_kRSAPSK,
2544 SSL_aRSA,
2545 SSL_CAMELLIA128,
2546 SSL_SHA256,
2547 TLS1_VERSION, TLS1_2_VERSION,
2548 DTLS1_BAD_VER, DTLS1_2_VERSION,
2549 SSL_NOT_DEFAULT | SSL_HIGH,
2550 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2551 128,
2552 128,
2553 },
2554 {
2555 1,
2556 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2557 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2558 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2559 SSL_kRSAPSK,
2560 SSL_aRSA,
2561 SSL_CAMELLIA256,
2562 SSL_SHA384,
2563 TLS1_VERSION, TLS1_2_VERSION,
2564 DTLS1_BAD_VER, DTLS1_2_VERSION,
2565 SSL_NOT_DEFAULT | SSL_HIGH,
2566 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2567 256,
2568 256,
2569 },
2570 {
2571 1,
2572 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2573 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2574 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2575 SSL_kECDHEPSK,
2576 SSL_aPSK,
2577 SSL_CAMELLIA128,
2578 SSL_SHA256,
2579 TLS1_VERSION, TLS1_2_VERSION,
2580 DTLS1_BAD_VER, DTLS1_2_VERSION,
2581 SSL_NOT_DEFAULT | SSL_HIGH,
2582 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2583 128,
2584 128,
2585 },
2586 {
2587 1,
2588 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2589 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2590 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2591 SSL_kECDHEPSK,
2592 SSL_aPSK,
2593 SSL_CAMELLIA256,
2594 SSL_SHA384,
2595 TLS1_VERSION, TLS1_2_VERSION,
2596 DTLS1_BAD_VER, DTLS1_2_VERSION,
2597 SSL_NOT_DEFAULT | SSL_HIGH,
2598 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2599 256,
2600 256,
2601 },
2602 #endif /* OPENSSL_NO_CAMELLIA */
2603
2604 #ifndef OPENSSL_NO_GOST
2605 {
2606 1,
2607 "GOST2001-GOST89-GOST89",
2608 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2609 0x3000081,
2610 SSL_kGOST,
2611 SSL_aGOST01,
2612 SSL_eGOST2814789CNT,
2613 SSL_GOST89MAC,
2614 TLS1_VERSION, TLS1_2_VERSION,
2615 0, 0,
2616 SSL_HIGH,
2617 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2618 256,
2619 256,
2620 },
2621 {
2622 1,
2623 "GOST2001-NULL-GOST94",
2624 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2625 0x3000083,
2626 SSL_kGOST,
2627 SSL_aGOST01,
2628 SSL_eNULL,
2629 SSL_GOST94,
2630 TLS1_VERSION, TLS1_2_VERSION,
2631 0, 0,
2632 SSL_STRONG_NONE,
2633 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2634 0,
2635 0,
2636 },
2637 {
2638 1,
2639 "GOST2012-GOST8912-GOST8912",
2640 NULL,
2641 0x0300ff85,
2642 SSL_kGOST,
2643 SSL_aGOST12 | SSL_aGOST01,
2644 SSL_eGOST2814789CNT12,
2645 SSL_GOST89MAC12,
2646 TLS1_VERSION, TLS1_2_VERSION,
2647 0, 0,
2648 SSL_HIGH,
2649 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2650 256,
2651 256,
2652 },
2653 {
2654 1,
2655 "GOST2012-NULL-GOST12",
2656 NULL,
2657 0x0300ff87,
2658 SSL_kGOST,
2659 SSL_aGOST12 | SSL_aGOST01,
2660 SSL_eNULL,
2661 SSL_GOST12_256,
2662 TLS1_VERSION, TLS1_2_VERSION,
2663 0, 0,
2664 SSL_STRONG_NONE,
2665 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2666 0,
2667 0,
2668 },
2669 #endif /* OPENSSL_NO_GOST */
2670
2671 #ifndef OPENSSL_NO_IDEA
2672 {
2673 1,
2674 SSL3_TXT_RSA_IDEA_128_SHA,
2675 SSL3_RFC_RSA_IDEA_128_SHA,
2676 SSL3_CK_RSA_IDEA_128_SHA,
2677 SSL_kRSA,
2678 SSL_aRSA,
2679 SSL_IDEA,
2680 SSL_SHA1,
2681 SSL3_VERSION, TLS1_1_VERSION,
2682 DTLS1_BAD_VER, DTLS1_VERSION,
2683 SSL_NOT_DEFAULT | SSL_MEDIUM,
2684 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2685 128,
2686 128,
2687 },
2688 #endif
2689
2690 #ifndef OPENSSL_NO_SEED
2691 {
2692 1,
2693 TLS1_TXT_RSA_WITH_SEED_SHA,
2694 TLS1_RFC_RSA_WITH_SEED_SHA,
2695 TLS1_CK_RSA_WITH_SEED_SHA,
2696 SSL_kRSA,
2697 SSL_aRSA,
2698 SSL_SEED,
2699 SSL_SHA1,
2700 SSL3_VERSION, TLS1_2_VERSION,
2701 DTLS1_BAD_VER, DTLS1_2_VERSION,
2702 SSL_NOT_DEFAULT | SSL_MEDIUM,
2703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2704 128,
2705 128,
2706 },
2707 {
2708 1,
2709 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2710 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2711 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2712 SSL_kDHE,
2713 SSL_aDSS,
2714 SSL_SEED,
2715 SSL_SHA1,
2716 SSL3_VERSION, TLS1_2_VERSION,
2717 DTLS1_BAD_VER, DTLS1_2_VERSION,
2718 SSL_NOT_DEFAULT | SSL_MEDIUM,
2719 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2720 128,
2721 128,
2722 },
2723 {
2724 1,
2725 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2726 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2727 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2728 SSL_kDHE,
2729 SSL_aRSA,
2730 SSL_SEED,
2731 SSL_SHA1,
2732 SSL3_VERSION, TLS1_2_VERSION,
2733 DTLS1_BAD_VER, DTLS1_2_VERSION,
2734 SSL_NOT_DEFAULT | SSL_MEDIUM,
2735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2736 128,
2737 128,
2738 },
2739 {
2740 1,
2741 TLS1_TXT_ADH_WITH_SEED_SHA,
2742 TLS1_RFC_ADH_WITH_SEED_SHA,
2743 TLS1_CK_ADH_WITH_SEED_SHA,
2744 SSL_kDHE,
2745 SSL_aNULL,
2746 SSL_SEED,
2747 SSL_SHA1,
2748 SSL3_VERSION, TLS1_2_VERSION,
2749 DTLS1_BAD_VER, DTLS1_2_VERSION,
2750 SSL_NOT_DEFAULT | SSL_MEDIUM,
2751 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2752 128,
2753 128,
2754 },
2755 #endif /* OPENSSL_NO_SEED */
2756
2757 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2758 {
2759 1,
2760 SSL3_TXT_RSA_RC4_128_MD5,
2761 SSL3_RFC_RSA_RC4_128_MD5,
2762 SSL3_CK_RSA_RC4_128_MD5,
2763 SSL_kRSA,
2764 SSL_aRSA,
2765 SSL_RC4,
2766 SSL_MD5,
2767 SSL3_VERSION, TLS1_2_VERSION,
2768 0, 0,
2769 SSL_NOT_DEFAULT | SSL_MEDIUM,
2770 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2771 128,
2772 128,
2773 },
2774 {
2775 1,
2776 SSL3_TXT_RSA_RC4_128_SHA,
2777 SSL3_RFC_RSA_RC4_128_SHA,
2778 SSL3_CK_RSA_RC4_128_SHA,
2779 SSL_kRSA,
2780 SSL_aRSA,
2781 SSL_RC4,
2782 SSL_SHA1,
2783 SSL3_VERSION, TLS1_2_VERSION,
2784 0, 0,
2785 SSL_NOT_DEFAULT | SSL_MEDIUM,
2786 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2787 128,
2788 128,
2789 },
2790 {
2791 1,
2792 SSL3_TXT_ADH_RC4_128_MD5,
2793 SSL3_RFC_ADH_RC4_128_MD5,
2794 SSL3_CK_ADH_RC4_128_MD5,
2795 SSL_kDHE,
2796 SSL_aNULL,
2797 SSL_RC4,
2798 SSL_MD5,
2799 SSL3_VERSION, TLS1_2_VERSION,
2800 0, 0,
2801 SSL_NOT_DEFAULT | SSL_MEDIUM,
2802 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2803 128,
2804 128,
2805 },
2806 {
2807 1,
2808 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2809 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2810 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2811 SSL_kECDHEPSK,
2812 SSL_aPSK,
2813 SSL_RC4,
2814 SSL_SHA1,
2815 TLS1_VERSION, TLS1_2_VERSION,
2816 0, 0,
2817 SSL_NOT_DEFAULT | SSL_MEDIUM,
2818 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2819 128,
2820 128,
2821 },
2822 {
2823 1,
2824 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2825 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2826 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2827 SSL_kECDHE,
2828 SSL_aNULL,
2829 SSL_RC4,
2830 SSL_SHA1,
2831 TLS1_VERSION, TLS1_2_VERSION,
2832 0, 0,
2833 SSL_NOT_DEFAULT | SSL_MEDIUM,
2834 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2835 128,
2836 128,
2837 },
2838 {
2839 1,
2840 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2841 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2842 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2843 SSL_kECDHE,
2844 SSL_aECDSA,
2845 SSL_RC4,
2846 SSL_SHA1,
2847 TLS1_VERSION, TLS1_2_VERSION,
2848 0, 0,
2849 SSL_NOT_DEFAULT | SSL_MEDIUM,
2850 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2851 128,
2852 128,
2853 },
2854 {
2855 1,
2856 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2857 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2858 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2859 SSL_kECDHE,
2860 SSL_aRSA,
2861 SSL_RC4,
2862 SSL_SHA1,
2863 TLS1_VERSION, TLS1_2_VERSION,
2864 0, 0,
2865 SSL_NOT_DEFAULT | SSL_MEDIUM,
2866 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2867 128,
2868 128,
2869 },
2870 {
2871 1,
2872 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2873 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2874 TLS1_CK_PSK_WITH_RC4_128_SHA,
2875 SSL_kPSK,
2876 SSL_aPSK,
2877 SSL_RC4,
2878 SSL_SHA1,
2879 SSL3_VERSION, TLS1_2_VERSION,
2880 0, 0,
2881 SSL_NOT_DEFAULT | SSL_MEDIUM,
2882 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2883 128,
2884 128,
2885 },
2886 {
2887 1,
2888 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2889 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2890 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2891 SSL_kRSAPSK,
2892 SSL_aRSA,
2893 SSL_RC4,
2894 SSL_SHA1,
2895 SSL3_VERSION, TLS1_2_VERSION,
2896 0, 0,
2897 SSL_NOT_DEFAULT | SSL_MEDIUM,
2898 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2899 128,
2900 128,
2901 },
2902 {
2903 1,
2904 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2906 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2907 SSL_kDHEPSK,
2908 SSL_aPSK,
2909 SSL_RC4,
2910 SSL_SHA1,
2911 SSL3_VERSION, TLS1_2_VERSION,
2912 0, 0,
2913 SSL_NOT_DEFAULT | SSL_MEDIUM,
2914 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2915 128,
2916 128,
2917 },
2918 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2919
2920 #ifndef OPENSSL_NO_ARIA
2921 {
2922 1,
2923 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2924 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2925 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2926 SSL_kRSA,
2927 SSL_aRSA,
2928 SSL_ARIA128GCM,
2929 SSL_AEAD,
2930 TLS1_2_VERSION, TLS1_2_VERSION,
2931 DTLS1_2_VERSION, DTLS1_2_VERSION,
2932 SSL_NOT_DEFAULT | SSL_HIGH,
2933 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2934 128,
2935 128,
2936 },
2937 {
2938 1,
2939 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2940 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2941 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2942 SSL_kRSA,
2943 SSL_aRSA,
2944 SSL_ARIA256GCM,
2945 SSL_AEAD,
2946 TLS1_2_VERSION, TLS1_2_VERSION,
2947 DTLS1_2_VERSION, DTLS1_2_VERSION,
2948 SSL_NOT_DEFAULT | SSL_HIGH,
2949 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2950 256,
2951 256,
2952 },
2953 {
2954 1,
2955 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2956 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2957 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2958 SSL_kDHE,
2959 SSL_aRSA,
2960 SSL_ARIA128GCM,
2961 SSL_AEAD,
2962 TLS1_2_VERSION, TLS1_2_VERSION,
2963 DTLS1_2_VERSION, DTLS1_2_VERSION,
2964 SSL_NOT_DEFAULT | SSL_HIGH,
2965 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2966 128,
2967 128,
2968 },
2969 {
2970 1,
2971 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2972 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2973 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2974 SSL_kDHE,
2975 SSL_aRSA,
2976 SSL_ARIA256GCM,
2977 SSL_AEAD,
2978 TLS1_2_VERSION, TLS1_2_VERSION,
2979 DTLS1_2_VERSION, DTLS1_2_VERSION,
2980 SSL_NOT_DEFAULT | SSL_HIGH,
2981 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2982 256,
2983 256,
2984 },
2985 {
2986 1,
2987 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2988 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2989 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2990 SSL_kDHE,
2991 SSL_aDSS,
2992 SSL_ARIA128GCM,
2993 SSL_AEAD,
2994 TLS1_2_VERSION, TLS1_2_VERSION,
2995 DTLS1_2_VERSION, DTLS1_2_VERSION,
2996 SSL_NOT_DEFAULT | SSL_HIGH,
2997 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2998 128,
2999 128,
3000 },
3001 {
3002 1,
3003 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3004 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3005 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3006 SSL_kDHE,
3007 SSL_aDSS,
3008 SSL_ARIA256GCM,
3009 SSL_AEAD,
3010 TLS1_2_VERSION, TLS1_2_VERSION,
3011 DTLS1_2_VERSION, DTLS1_2_VERSION,
3012 SSL_NOT_DEFAULT | SSL_HIGH,
3013 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3014 256,
3015 256,
3016 },
3017 {
3018 1,
3019 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3021 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3022 SSL_kECDHE,
3023 SSL_aECDSA,
3024 SSL_ARIA128GCM,
3025 SSL_AEAD,
3026 TLS1_2_VERSION, TLS1_2_VERSION,
3027 DTLS1_2_VERSION, DTLS1_2_VERSION,
3028 SSL_NOT_DEFAULT | SSL_HIGH,
3029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3030 128,
3031 128,
3032 },
3033 {
3034 1,
3035 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3037 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3038 SSL_kECDHE,
3039 SSL_aECDSA,
3040 SSL_ARIA256GCM,
3041 SSL_AEAD,
3042 TLS1_2_VERSION, TLS1_2_VERSION,
3043 DTLS1_2_VERSION, DTLS1_2_VERSION,
3044 SSL_NOT_DEFAULT | SSL_HIGH,
3045 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3046 256,
3047 256,
3048 },
3049 {
3050 1,
3051 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054 SSL_kECDHE,
3055 SSL_aRSA,
3056 SSL_ARIA128GCM,
3057 SSL_AEAD,
3058 TLS1_2_VERSION, TLS1_2_VERSION,
3059 DTLS1_2_VERSION, DTLS1_2_VERSION,
3060 SSL_NOT_DEFAULT | SSL_HIGH,
3061 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3062 128,
3063 128,
3064 },
3065 {
3066 1,
3067 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070 SSL_kECDHE,
3071 SSL_aRSA,
3072 SSL_ARIA256GCM,
3073 SSL_AEAD,
3074 TLS1_2_VERSION, TLS1_2_VERSION,
3075 DTLS1_2_VERSION, DTLS1_2_VERSION,
3076 SSL_NOT_DEFAULT | SSL_HIGH,
3077 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3078 256,
3079 256,
3080 },
3081 {
3082 1,
3083 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3085 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3086 SSL_kPSK,
3087 SSL_aPSK,
3088 SSL_ARIA128GCM,
3089 SSL_AEAD,
3090 TLS1_2_VERSION, TLS1_2_VERSION,
3091 DTLS1_2_VERSION, DTLS1_2_VERSION,
3092 SSL_NOT_DEFAULT | SSL_HIGH,
3093 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3094 128,
3095 128,
3096 },
3097 {
3098 1,
3099 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3101 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3102 SSL_kPSK,
3103 SSL_aPSK,
3104 SSL_ARIA256GCM,
3105 SSL_AEAD,
3106 TLS1_2_VERSION, TLS1_2_VERSION,
3107 DTLS1_2_VERSION, DTLS1_2_VERSION,
3108 SSL_NOT_DEFAULT | SSL_HIGH,
3109 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3110 256,
3111 256,
3112 },
3113 {
3114 1,
3115 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3117 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3118 SSL_kDHEPSK,
3119 SSL_aPSK,
3120 SSL_ARIA128GCM,
3121 SSL_AEAD,
3122 TLS1_2_VERSION, TLS1_2_VERSION,
3123 DTLS1_2_VERSION, DTLS1_2_VERSION,
3124 SSL_NOT_DEFAULT | SSL_HIGH,
3125 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3126 128,
3127 128,
3128 },
3129 {
3130 1,
3131 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3133 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3134 SSL_kDHEPSK,
3135 SSL_aPSK,
3136 SSL_ARIA256GCM,
3137 SSL_AEAD,
3138 TLS1_2_VERSION, TLS1_2_VERSION,
3139 DTLS1_2_VERSION, DTLS1_2_VERSION,
3140 SSL_NOT_DEFAULT | SSL_HIGH,
3141 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3142 256,
3143 256,
3144 },
3145 {
3146 1,
3147 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3149 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3150 SSL_kRSAPSK,
3151 SSL_aRSA,
3152 SSL_ARIA128GCM,
3153 SSL_AEAD,
3154 TLS1_2_VERSION, TLS1_2_VERSION,
3155 DTLS1_2_VERSION, DTLS1_2_VERSION,
3156 SSL_NOT_DEFAULT | SSL_HIGH,
3157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3158 128,
3159 128,
3160 },
3161 {
3162 1,
3163 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3165 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3166 SSL_kRSAPSK,
3167 SSL_aRSA,
3168 SSL_ARIA256GCM,
3169 SSL_AEAD,
3170 TLS1_2_VERSION, TLS1_2_VERSION,
3171 DTLS1_2_VERSION, DTLS1_2_VERSION,
3172 SSL_NOT_DEFAULT | SSL_HIGH,
3173 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3174 256,
3175 256,
3176 },
3177 #endif /* OPENSSL_NO_ARIA */
3178 };
3179
3180 /*
3181 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3182 * values stuffed into the ciphers field of the wire protocol for signalling
3183 * purposes.
3184 */
3185 static SSL_CIPHER ssl3_scsvs[] = {
3186 {
3187 0,
3188 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3189 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3190 SSL3_CK_SCSV,
3191 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3192 },
3193 {
3194 0,
3195 "TLS_FALLBACK_SCSV",
3196 "TLS_FALLBACK_SCSV",
3197 SSL3_CK_FALLBACK_SCSV,
3198 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3199 },
3200 };
3201
3202 static int cipher_compare(const void *a, const void *b)
3203 {
3204 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3205 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3206
3207 if (ap->id == bp->id)
3208 return 0;
3209 return ap->id < bp->id ? -1 : 1;
3210 }
3211
3212 void ssl_sort_cipher_list(void)
3213 {
3214 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3215 cipher_compare);
3216 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3217 cipher_compare);
3218 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3219 }
3220
3221 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3222 const char * t, size_t u,
3223 const unsigned char * v, size_t w, int x)
3224 {
3225 (void)r;
3226 (void)s;
3227 (void)t;
3228 (void)u;
3229 (void)v;
3230 (void)w;
3231 (void)x;
3232 return ssl_undefined_function(ssl);
3233 }
3234
3235 const SSL3_ENC_METHOD SSLv3_enc_data = {
3236 ssl3_enc,
3237 n_ssl3_mac,
3238 ssl3_setup_key_block,
3239 ssl3_generate_master_secret,
3240 ssl3_change_cipher_state,
3241 ssl3_final_finish_mac,
3242 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3243 SSL3_MD_SERVER_FINISHED_CONST, 4,
3244 ssl3_alert_code,
3245 ssl_undefined_function_1,
3246 0,
3247 ssl3_set_handshake_header,
3248 tls_close_construct_packet,
3249 ssl3_handshake_write
3250 };
3251
3252 long ssl3_default_timeout(void)
3253 {
3254 /*
3255 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3256 * http, the cache would over fill
3257 */
3258 return (60 * 60 * 2);
3259 }
3260
3261 int ssl3_num_ciphers(void)
3262 {
3263 return SSL3_NUM_CIPHERS;
3264 }
3265
3266 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3267 {
3268 if (u < SSL3_NUM_CIPHERS)
3269 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3270 else
3271 return NULL;
3272 }
3273
3274 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3275 {
3276 /* No header in the event of a CCS */
3277 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3278 return 1;
3279
3280 /* Set the content type and 3 bytes for the message len */
3281 if (!WPACKET_put_bytes_u8(pkt, htype)
3282 || !WPACKET_start_sub_packet_u24(pkt))
3283 return 0;
3284
3285 return 1;
3286 }
3287
3288 int ssl3_handshake_write(SSL *s)
3289 {
3290 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3291 }
3292
3293 int ssl3_new(SSL *s)
3294 {
3295 #ifndef OPENSSL_NO_SRP
3296 if (!SSL_SRP_CTX_init(s))
3297 return 0;
3298 #endif
3299
3300 if (!s->method->ssl_clear(s))
3301 return 0;
3302
3303 return 1;
3304 }
3305
3306 void ssl3_free(SSL *s)
3307 {
3308 if (s == NULL)
3309 return;
3310
3311 ssl3_cleanup_key_block(s);
3312
3313 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3314 EVP_PKEY_free(s->s3.peer_tmp);
3315 s->s3.peer_tmp = NULL;
3316 EVP_PKEY_free(s->s3.tmp.pkey);
3317 s->s3.tmp.pkey = NULL;
3318 #endif
3319
3320 OPENSSL_free(s->s3.tmp.ctype);
3321 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3322 OPENSSL_free(s->s3.tmp.ciphers_raw);
3323 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3324 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3325 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3326 ssl3_free_digest_list(s);
3327 OPENSSL_free(s->s3.alpn_selected);
3328 OPENSSL_free(s->s3.alpn_proposed);
3329
3330 #ifndef OPENSSL_NO_SRP
3331 SSL_SRP_CTX_free(s);
3332 #endif
3333 memset(&s->s3, 0, sizeof(s->s3));
3334 }
3335
3336 int ssl3_clear(SSL *s)
3337 {
3338 ssl3_cleanup_key_block(s);
3339 OPENSSL_free(s->s3.tmp.ctype);
3340 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3341 OPENSSL_free(s->s3.tmp.ciphers_raw);
3342 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3343 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3344 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3345
3346 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3347 EVP_PKEY_free(s->s3.tmp.pkey);
3348 EVP_PKEY_free(s->s3.peer_tmp);
3349 #endif /* !OPENSSL_NO_EC */
3350
3351 ssl3_free_digest_list(s);
3352
3353 OPENSSL_free(s->s3.alpn_selected);
3354 OPENSSL_free(s->s3.alpn_proposed);
3355
3356 /* NULL/zero-out everything in the s3 struct */
3357 memset(&s->s3, 0, sizeof(s->s3));
3358
3359 if (!ssl_free_wbio_buffer(s))
3360 return 0;
3361
3362 s->version = SSL3_VERSION;
3363
3364 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3365 OPENSSL_free(s->ext.npn);
3366 s->ext.npn = NULL;
3367 s->ext.npn_len = 0;
3368 #endif
3369
3370 return 1;
3371 }
3372
3373 #ifndef OPENSSL_NO_SRP
3374 static char *srp_password_from_info_cb(SSL *s, void *arg)
3375 {
3376 return OPENSSL_strdup(s->srp_ctx.info);
3377 }
3378 #endif
3379
3380 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3381
3382 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3383 {
3384 int ret = 0;
3385
3386 switch (cmd) {
3387 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3388 break;
3389 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3390 ret = s->s3.num_renegotiations;
3391 break;
3392 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3393 ret = s->s3.num_renegotiations;
3394 s->s3.num_renegotiations = 0;
3395 break;
3396 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3397 ret = s->s3.total_renegotiations;
3398 break;
3399 case SSL_CTRL_GET_FLAGS:
3400 ret = (int)(s->s3.flags);
3401 break;
3402 #ifndef OPENSSL_NO_DH
3403 case SSL_CTRL_SET_TMP_DH:
3404 {
3405 DH *dh = (DH *)parg;
3406 EVP_PKEY *pkdh = NULL;
3407 if (dh == NULL) {
3408 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3409 return 0;
3410 }
3411 pkdh = ssl_dh_to_pkey(dh);
3412 if (pkdh == NULL) {
3413 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3414 return 0;
3415 }
3416 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3417 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3418 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3419 EVP_PKEY_free(pkdh);
3420 return 0;
3421 }
3422 EVP_PKEY_free(s->cert->dh_tmp);
3423 s->cert->dh_tmp = pkdh;
3424 return 1;
3425 }
3426 break;
3427 case SSL_CTRL_SET_TMP_DH_CB:
3428 {
3429 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3430 return ret;
3431 }
3432 case SSL_CTRL_SET_DH_AUTO:
3433 s->cert->dh_tmp_auto = larg;
3434 return 1;
3435 #endif
3436 #ifndef OPENSSL_NO_EC
3437 case SSL_CTRL_SET_TMP_ECDH:
3438 {
3439 const EC_GROUP *group = NULL;
3440 int nid;
3441
3442 if (parg == NULL) {
3443 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3444 return 0;
3445 }
3446 group = EC_KEY_get0_group((const EC_KEY *)parg);
3447 if (group == NULL) {
3448 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3449 return 0;
3450 }
3451 nid = EC_GROUP_get_curve_name(group);
3452 if (nid == NID_undef)
3453 return 0;
3454 return tls1_set_groups(&s->ext.supportedgroups,
3455 &s->ext.supportedgroups_len,
3456 &nid, 1);
3457 }
3458 break;
3459 #endif /* !OPENSSL_NO_EC */
3460 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3461 /*
3462 * TODO(OpenSSL1.2)
3463 * This API is only used for a client to set what SNI it will request
3464 * from the server, but we currently allow it to be used on servers
3465 * as well, which is a programming error. Currently we just clear
3466 * the field in SSL_do_handshake() for server SSLs, but when we can
3467 * make ABI-breaking changes, we may want to make use of this API
3468 * an error on server SSLs.
3469 */
3470 if (larg == TLSEXT_NAMETYPE_host_name) {
3471 size_t len;
3472
3473 OPENSSL_free(s->ext.hostname);
3474 s->ext.hostname = NULL;
3475
3476 ret = 1;
3477 if (parg == NULL)
3478 break;
3479 len = strlen((char *)parg);
3480 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3481 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3482 return 0;
3483 }
3484 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3485 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3486 return 0;
3487 }
3488 } else {
3489 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3490 return 0;
3491 }
3492 break;
3493 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3494 s->ext.debug_arg = parg;
3495 ret = 1;
3496 break;
3497
3498 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3499 ret = s->ext.status_type;
3500 break;
3501
3502 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3503 s->ext.status_type = larg;
3504 ret = 1;
3505 break;
3506
3507 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3508 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3509 ret = 1;
3510 break;
3511
3512 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3513 s->ext.ocsp.exts = parg;
3514 ret = 1;
3515 break;
3516
3517 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3518 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3519 ret = 1;
3520 break;
3521
3522 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3523 s->ext.ocsp.ids = parg;
3524 ret = 1;
3525 break;
3526
3527 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3528 *(unsigned char **)parg = s->ext.ocsp.resp;
3529 if (s->ext.ocsp.resp_len == 0
3530 || s->ext.ocsp.resp_len > LONG_MAX)
3531 return -1;
3532 return (long)s->ext.ocsp.resp_len;
3533
3534 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3535 OPENSSL_free(s->ext.ocsp.resp);
3536 s->ext.ocsp.resp = parg;
3537 s->ext.ocsp.resp_len = larg;
3538 ret = 1;
3539 break;
3540
3541 case SSL_CTRL_CHAIN:
3542 if (larg)
3543 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3544 else
3545 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3546
3547 case SSL_CTRL_CHAIN_CERT:
3548 if (larg)
3549 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3550 else
3551 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3552
3553 case SSL_CTRL_GET_CHAIN_CERTS:
3554 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3555 break;
3556
3557 case SSL_CTRL_SELECT_CURRENT_CERT:
3558 return ssl_cert_select_current(s->cert, (X509 *)parg);
3559
3560 case SSL_CTRL_SET_CURRENT_CERT:
3561 if (larg == SSL_CERT_SET_SERVER) {
3562 const SSL_CIPHER *cipher;
3563 if (!s->server)
3564 return 0;
3565 cipher = s->s3.tmp.new_cipher;
3566 if (cipher == NULL)
3567 return 0;
3568 /*
3569 * No certificate for unauthenticated ciphersuites or using SRP
3570 * authentication
3571 */
3572 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3573 return 2;
3574 if (s->s3.tmp.cert == NULL)
3575 return 0;
3576 s->cert->key = s->s3.tmp.cert;
3577 return 1;
3578 }
3579 return ssl_cert_set_current(s->cert, larg);
3580
3581 #ifndef OPENSSL_NO_EC
3582 case SSL_CTRL_GET_GROUPS:
3583 {
3584 uint16_t *clist;
3585 size_t clistlen;
3586
3587 if (!s->session)
3588 return 0;
3589 clist = s->session->ext.supportedgroups;
3590 clistlen = s->session->ext.supportedgroups_len;
3591 if (parg) {
3592 size_t i;
3593 int *cptr = parg;
3594
3595 for (i = 0; i < clistlen; i++) {
3596 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3597
3598 if (cinf != NULL)
3599 cptr[i] = cinf->nid;
3600 else
3601 cptr[i] = TLSEXT_nid_unknown | clist[i];
3602 }
3603 }
3604 return (int)clistlen;
3605 }
3606
3607 case SSL_CTRL_SET_GROUPS:
3608 return tls1_set_groups(&s->ext.supportedgroups,
3609 &s->ext.supportedgroups_len, parg, larg);
3610
3611 case SSL_CTRL_SET_GROUPS_LIST:
3612 return tls1_set_groups_list(&s->ext.supportedgroups,
3613 &s->ext.supportedgroups_len, parg);
3614
3615 case SSL_CTRL_GET_SHARED_GROUP:
3616 {
3617 uint16_t id = tls1_shared_group(s, larg);
3618
3619 if (larg != -1) {
3620 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3621
3622 return ginf == NULL ? 0 : ginf->nid;
3623 }
3624 return id;
3625 }
3626 #endif
3627 case SSL_CTRL_SET_SIGALGS:
3628 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3629
3630 case SSL_CTRL_SET_SIGALGS_LIST:
3631 return tls1_set_sigalgs_list(s->cert, parg, 0);
3632
3633 case SSL_CTRL_SET_CLIENT_SIGALGS:
3634 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3635
3636 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3637 return tls1_set_sigalgs_list(s->cert, parg, 1);
3638
3639 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3640 {
3641 const unsigned char **pctype = parg;
3642 if (s->server || !s->s3.tmp.cert_req)
3643 return 0;
3644 if (pctype)
3645 *pctype = s->s3.tmp.ctype;
3646 return s->s3.tmp.ctype_len;
3647 }
3648
3649 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3650 if (!s->server)
3651 return 0;
3652 return ssl3_set_req_cert_type(s->cert, parg, larg);
3653
3654 case SSL_CTRL_BUILD_CERT_CHAIN:
3655 return ssl_build_cert_chain(s, NULL, larg);
3656
3657 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3658 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3659
3660 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3661 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3662
3663 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3664 if (s->s3.tmp.peer_sigalg == NULL)
3665 return 0;
3666 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3667 return 1;
3668
3669 case SSL_CTRL_GET_SIGNATURE_NID:
3670 if (s->s3.tmp.sigalg == NULL)
3671 return 0;
3672 *(int *)parg = s->s3.tmp.sigalg->hash;
3673 return 1;
3674
3675 case SSL_CTRL_GET_PEER_TMP_KEY:
3676 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3677 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3678 return 0;
3679 } else {
3680 EVP_PKEY_up_ref(s->s3.peer_tmp);
3681 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3682 return 1;
3683 }
3684 #else
3685 return 0;
3686 #endif
3687
3688 case SSL_CTRL_GET_TMP_KEY:
3689 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3690 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3691 return 0;
3692 } else {
3693 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3694 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3695 return 1;
3696 }
3697 #else
3698 return 0;
3699 #endif
3700
3701 #ifndef OPENSSL_NO_EC
3702 case SSL_CTRL_GET_EC_POINT_FORMATS:
3703 {
3704 SSL_SESSION *sess = s->session;
3705 const unsigned char **pformat = parg;
3706
3707 if (sess == NULL || sess->ext.ecpointformats == NULL)
3708 return 0;
3709 *pformat = sess->ext.ecpointformats;
3710 return (int)sess->ext.ecpointformats_len;
3711 }
3712 #endif
3713
3714 default:
3715 break;
3716 }
3717 return ret;
3718 }
3719
3720 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3721 {
3722 int ret = 0;
3723
3724 switch (cmd) {
3725 #ifndef OPENSSL_NO_DH
3726 case SSL_CTRL_SET_TMP_DH_CB:
3727 {
3728 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3729 }
3730 break;
3731 #endif
3732 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3733 s->ext.debug_cb = (void (*)(SSL *, int, int,
3734 const unsigned char *, int, void *))fp;
3735 break;
3736
3737 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3738 {
3739 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3740 }
3741 break;
3742 default:
3743 break;
3744 }
3745 return ret;
3746 }
3747
3748 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3749 {
3750 switch (cmd) {
3751 #ifndef OPENSSL_NO_DH
3752 case SSL_CTRL_SET_TMP_DH:
3753 {
3754 DH *dh = (DH *)parg;
3755 EVP_PKEY *pkdh = NULL;
3756 if (dh == NULL) {
3757 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3758 return 0;
3759 }
3760 pkdh = ssl_dh_to_pkey(dh);
3761 if (pkdh == NULL) {
3762 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3763 return 0;
3764 }
3765 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3766 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3767 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3768 EVP_PKEY_free(pkdh);
3769 return 0;
3770 }
3771 EVP_PKEY_free(ctx->cert->dh_tmp);
3772 ctx->cert->dh_tmp = pkdh;
3773 return 1;
3774 }
3775 case SSL_CTRL_SET_TMP_DH_CB:
3776 {
3777 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3778 return 0;
3779 }
3780 case SSL_CTRL_SET_DH_AUTO:
3781 ctx->cert->dh_tmp_auto = larg;
3782 return 1;
3783 #endif
3784 #ifndef OPENSSL_NO_EC
3785 case SSL_CTRL_SET_TMP_ECDH:
3786 {
3787 const EC_GROUP *group = NULL;
3788 int nid;
3789
3790 if (parg == NULL) {
3791 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3792 return 0;
3793 }
3794 group = EC_KEY_get0_group((const EC_KEY *)parg);
3795 if (group == NULL) {
3796 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3797 return 0;
3798 }
3799 nid = EC_GROUP_get_curve_name(group);
3800 if (nid == NID_undef)
3801 return 0;
3802 return tls1_set_groups(&ctx->ext.supportedgroups,
3803 &ctx->ext.supportedgroups_len,
3804 &nid, 1);
3805 }
3806 #endif /* !OPENSSL_NO_EC */
3807 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3808 ctx->ext.servername_arg = parg;
3809 break;
3810 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3811 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3812 {
3813 unsigned char *keys = parg;
3814 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3815 sizeof(ctx->ext.secure->tick_hmac_key) +
3816 sizeof(ctx->ext.secure->tick_aes_key));
3817 if (keys == NULL)
3818 return tick_keylen;
3819 if (larg != tick_keylen) {
3820 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3821 return 0;
3822 }
3823 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3824 memcpy(ctx->ext.tick_key_name, keys,
3825 sizeof(ctx->ext.tick_key_name));
3826 memcpy(ctx->ext.secure->tick_hmac_key,
3827 keys + sizeof(ctx->ext.tick_key_name),
3828 sizeof(ctx->ext.secure->tick_hmac_key));
3829 memcpy(ctx->ext.secure->tick_aes_key,
3830 keys + sizeof(ctx->ext.tick_key_name) +
3831 sizeof(ctx->ext.secure->tick_hmac_key),
3832 sizeof(ctx->ext.secure->tick_aes_key));
3833 } else {
3834 memcpy(keys, ctx->ext.tick_key_name,
3835 sizeof(ctx->ext.tick_key_name));
3836 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3837 ctx->ext.secure->tick_hmac_key,
3838 sizeof(ctx->ext.secure->tick_hmac_key));
3839 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3840 sizeof(ctx->ext.secure->tick_hmac_key),
3841 ctx->ext.secure->tick_aes_key,
3842 sizeof(ctx->ext.secure->tick_aes_key));
3843 }
3844 return 1;
3845 }
3846
3847 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3848 return ctx->ext.status_type;
3849
3850 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3851 ctx->ext.status_type = larg;
3852 break;
3853
3854 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3855 ctx->ext.status_arg = parg;
3856 return 1;
3857
3858 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3859 *(void**)parg = ctx->ext.status_arg;
3860 break;
3861
3862 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3863 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3864 break;
3865
3866 #ifndef OPENSSL_NO_SRP
3867 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3868 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3869 OPENSSL_free(ctx->srp_ctx.login);
3870 ctx->srp_ctx.login = NULL;
3871 if (parg == NULL)
3872 break;
3873 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3874 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3875 return 0;
3876 }
3877 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3878 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3879 return 0;
3880 }
3881 break;
3882 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3883 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3884 srp_password_from_info_cb;
3885 if (ctx->srp_ctx.info != NULL)
3886 OPENSSL_free(ctx->srp_ctx.info);
3887 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3888 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3889 return 0;
3890 }
3891 break;
3892 case SSL_CTRL_SET_SRP_ARG:
3893 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3894 ctx->srp_ctx.SRP_cb_arg = parg;
3895 break;
3896
3897 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3898 ctx->srp_ctx.strength = larg;
3899 break;
3900 #endif
3901
3902 #ifndef OPENSSL_NO_EC
3903 case SSL_CTRL_SET_GROUPS:
3904 return tls1_set_groups(&ctx->ext.supportedgroups,
3905 &ctx->ext.supportedgroups_len,
3906 parg, larg);
3907
3908 case SSL_CTRL_SET_GROUPS_LIST:
3909 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3910 &ctx->ext.supportedgroups_len,
3911 parg);
3912 #endif
3913 case SSL_CTRL_SET_SIGALGS:
3914 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3915
3916 case SSL_CTRL_SET_SIGALGS_LIST:
3917 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3918
3919 case SSL_CTRL_SET_CLIENT_SIGALGS:
3920 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3921
3922 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3923 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3924
3925 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3926 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3927
3928 case SSL_CTRL_BUILD_CERT_CHAIN:
3929 return ssl_build_cert_chain(NULL, ctx, larg);
3930
3931 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3932 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3933
3934 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3935 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3936
3937 /* A Thawte special :-) */
3938 case SSL_CTRL_EXTRA_CHAIN_CERT:
3939 if (ctx->extra_certs == NULL) {
3940 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3941 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3942 return 0;
3943 }
3944 }
3945 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3946 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3947 return 0;
3948 }
3949 break;
3950
3951 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3952 if (ctx->extra_certs == NULL && larg == 0)
3953 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3954 else
3955 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3956 break;
3957
3958 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3959 sk_X509_pop_free(ctx->extra_certs, X509_free);
3960 ctx->extra_certs = NULL;
3961 break;
3962
3963 case SSL_CTRL_CHAIN:
3964 if (larg)
3965 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3966 else
3967 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3968
3969 case SSL_CTRL_CHAIN_CERT:
3970 if (larg)
3971 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3972 else
3973 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3974
3975 case SSL_CTRL_GET_CHAIN_CERTS:
3976 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3977 break;
3978
3979 case SSL_CTRL_SELECT_CURRENT_CERT:
3980 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3981
3982 case SSL_CTRL_SET_CURRENT_CERT:
3983 return ssl_cert_set_current(ctx->cert, larg);
3984
3985 default:
3986 return 0;
3987 }
3988 return 1;
3989 }
3990
3991 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3992 {
3993 switch (cmd) {
3994 #ifndef OPENSSL_NO_DH
3995 case SSL_CTRL_SET_TMP_DH_CB:
3996 {
3997 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3998 }
3999 break;
4000 #endif
4001 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4002 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4003 break;
4004
4005 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4006 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4007 break;
4008
4009 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4010 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4011 unsigned char *,
4012 EVP_CIPHER_CTX *,
4013 HMAC_CTX *, int))fp;
4014 break;
4015
4016 #ifndef OPENSSL_NO_SRP
4017 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4018 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4019 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4020 break;
4021 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4022 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4023 ctx->srp_ctx.TLS_ext_srp_username_callback =
4024 (int (*)(SSL *, int *, void *))fp;
4025 break;
4026 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4027 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4028 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4029 (char *(*)(SSL *, void *))fp;
4030 break;
4031 #endif
4032 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4033 {
4034 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4035 }
4036 break;
4037 default:
4038 return 0;
4039 }
4040 return 1;
4041 }
4042
4043 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4044 {
4045 SSL_CIPHER c;
4046 const SSL_CIPHER *cp;
4047
4048 c.id = id;
4049 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4050 if (cp != NULL)
4051 return cp;
4052 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4053 if (cp != NULL)
4054 return cp;
4055 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4056 }
4057
4058 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4059 {
4060 SSL_CIPHER *c = NULL, *tbl;
4061 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
4062 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
4063
4064 /* this is not efficient, necessary to optimize this? */
4065 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4066 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4067 if (tbl->stdname == NULL)
4068 continue;
4069 if (strcmp(stdname, tbl->stdname) == 0) {
4070 c = tbl;
4071 break;
4072 }
4073 }
4074 }
4075 if (c == NULL) {
4076 tbl = ssl3_scsvs;
4077 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4078 if (strcmp(stdname, tbl->stdname) == 0) {
4079 c = tbl;
4080 break;
4081 }
4082 }
4083 }
4084 return c;
4085 }
4086
4087 /*
4088 * This function needs to check if the ciphers required are actually
4089 * available
4090 */
4091 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4092 {
4093 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4094 | ((uint32_t)p[0] << 8L)
4095 | (uint32_t)p[1]);
4096 }
4097
4098 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4099 {
4100 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4101 *len = 0;
4102 return 1;
4103 }
4104
4105 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4106 return 0;
4107
4108 *len = 2;
4109 return 1;
4110 }
4111
4112 /*
4113 * ssl3_choose_cipher - choose a cipher from those offered by the client
4114 * @s: SSL connection
4115 * @clnt: ciphers offered by the client
4116 * @srvr: ciphers enabled on the server?
4117 *
4118 * Returns the selected cipher or NULL when no common ciphers.
4119 */
4120 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4121 STACK_OF(SSL_CIPHER) *srvr)
4122 {
4123 const SSL_CIPHER *c, *ret = NULL;
4124 STACK_OF(SSL_CIPHER) *prio, *allow;
4125 int i, ii, ok, prefer_sha256 = 0;
4126 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4127 const EVP_MD *mdsha256 = EVP_sha256();
4128 #ifndef OPENSSL_NO_CHACHA
4129 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4130 #endif
4131
4132 /* Let's see which ciphers we can support */
4133
4134 /*
4135 * Do not set the compare functions, because this may lead to a
4136 * reordering by "id". We want to keep the original ordering. We may pay
4137 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4138 * pay with the price of sk_SSL_CIPHER_dup().
4139 */
4140
4141 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4142 BIO_printf(trc_out, "Server has %d from %p:\n",
4143 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4144 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4145 c = sk_SSL_CIPHER_value(srvr, i);
4146 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4147 }
4148 BIO_printf(trc_out, "Client sent %d from %p:\n",
4149 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4150 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4151 c = sk_SSL_CIPHER_value(clnt, i);
4152 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4153 }
4154 } OSSL_TRACE_END(TLS_CIPHER);
4155
4156 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4157 if (tls1_suiteb(s)) {
4158 prio = srvr;
4159 allow = clnt;
4160 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4161 prio = srvr;
4162 allow = clnt;
4163 #ifndef OPENSSL_NO_CHACHA
4164 /* If ChaCha20 is at the top of the client preference list,
4165 and there are ChaCha20 ciphers in the server list, then
4166 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4167 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4168 c = sk_SSL_CIPHER_value(clnt, 0);
4169 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4170 /* ChaCha20 is client preferred, check server... */
4171 int num = sk_SSL_CIPHER_num(srvr);
4172 int found = 0;
4173 for (i = 0; i < num; i++) {
4174 c = sk_SSL_CIPHER_value(srvr, i);
4175 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4176 found = 1;
4177 break;
4178 }
4179 }
4180 if (found) {
4181 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4182 /* if reserve fails, then there's likely a memory issue */
4183 if (prio_chacha != NULL) {
4184 /* Put all ChaCha20 at the top, starting with the one we just found */
4185 sk_SSL_CIPHER_push(prio_chacha, c);
4186 for (i++; i < num; i++) {
4187 c = sk_SSL_CIPHER_value(srvr, i);
4188 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4189 sk_SSL_CIPHER_push(prio_chacha, c);
4190 }
4191 /* Pull in the rest */
4192 for (i = 0; i < num; i++) {
4193 c = sk_SSL_CIPHER_value(srvr, i);
4194 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4195 sk_SSL_CIPHER_push(prio_chacha, c);
4196 }
4197 prio = prio_chacha;
4198 }
4199 }
4200 }
4201 }
4202 # endif
4203 } else {
4204 prio = clnt;
4205 allow = srvr;
4206 }
4207
4208 if (SSL_IS_TLS13(s)) {
4209 #ifndef OPENSSL_NO_PSK
4210 int j;
4211
4212 /*
4213 * If we allow "old" style PSK callbacks, and we have no certificate (so
4214 * we're not going to succeed without a PSK anyway), and we're in
4215 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4216 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4217 * that.
4218 */
4219 if (s->psk_server_callback != NULL) {
4220 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4221 if (j == SSL_PKEY_NUM) {
4222 /* There are no certificates */
4223 prefer_sha256 = 1;
4224 }
4225 }
4226 #endif
4227 } else {
4228 tls1_set_cert_validity(s);
4229 ssl_set_masks(s);
4230 }
4231
4232 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4233 c = sk_SSL_CIPHER_value(prio, i);
4234
4235 /* Skip ciphers not supported by the protocol version */
4236 if (!SSL_IS_DTLS(s) &&
4237 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4238 continue;
4239 if (SSL_IS_DTLS(s) &&
4240 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4241 DTLS_VERSION_GT(s->version, c->max_dtls)))
4242 continue;
4243
4244 /*
4245 * Since TLS 1.3 ciphersuites can be used with any auth or
4246 * key exchange scheme skip tests.
4247 */
4248 if (!SSL_IS_TLS13(s)) {
4249 mask_k = s->s3.tmp.mask_k;
4250 mask_a = s->s3.tmp.mask_a;
4251 #ifndef OPENSSL_NO_SRP
4252 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4253 mask_k |= SSL_kSRP;
4254 mask_a |= SSL_aSRP;
4255 }
4256 #endif
4257
4258 alg_k = c->algorithm_mkey;
4259 alg_a = c->algorithm_auth;
4260
4261 #ifndef OPENSSL_NO_PSK
4262 /* with PSK there must be server callback set */
4263 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4264 continue;
4265 #endif /* OPENSSL_NO_PSK */
4266
4267 ok = (alg_k & mask_k) && (alg_a & mask_a);
4268 OSSL_TRACE7(TLS_CIPHER,
4269 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4270 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4271
4272 #ifndef OPENSSL_NO_EC
4273 /*
4274 * if we are considering an ECC cipher suite that uses an ephemeral
4275 * EC key check it
4276 */
4277 if (alg_k & SSL_kECDHE)
4278 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4279 #endif /* OPENSSL_NO_EC */
4280
4281 if (!ok)
4282 continue;
4283 }
4284 ii = sk_SSL_CIPHER_find(allow, c);
4285 if (ii >= 0) {
4286 /* Check security callback permits this cipher */
4287 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4288 c->strength_bits, 0, (void *)c))
4289 continue;
4290 #if !defined(OPENSSL_NO_EC)
4291 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4292 && s->s3.is_probably_safari) {
4293 if (!ret)
4294 ret = sk_SSL_CIPHER_value(allow, ii);
4295 continue;
4296 }
4297 #endif
4298 if (prefer_sha256) {
4299 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4300
4301 if (ssl_md(tmp->algorithm2) == mdsha256) {
4302 ret = tmp;
4303 break;
4304 }
4305 if (ret == NULL)
4306 ret = tmp;
4307 continue;
4308 }
4309 ret = sk_SSL_CIPHER_value(allow, ii);
4310 break;
4311 }
4312 }
4313 #ifndef OPENSSL_NO_CHACHA
4314 sk_SSL_CIPHER_free(prio_chacha);
4315 #endif
4316 return ret;
4317 }
4318
4319 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4320 {
4321 uint32_t alg_k, alg_a = 0;
4322
4323 /* If we have custom certificate types set, use them */
4324 if (s->cert->ctype)
4325 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4326 /* Get mask of algorithms disabled by signature list */
4327 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4328
4329 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4330
4331 #ifndef OPENSSL_NO_GOST
4332 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4333 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4334 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4335 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4336 #endif
4337
4338 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4339 #ifndef OPENSSL_NO_DH
4340 # ifndef OPENSSL_NO_RSA
4341 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4342 return 0;
4343 # endif
4344 # ifndef OPENSSL_NO_DSA
4345 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4346 return 0;
4347 # endif
4348 #endif /* !OPENSSL_NO_DH */
4349 }
4350 #ifndef OPENSSL_NO_RSA
4351 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4352 return 0;
4353 #endif
4354 #ifndef OPENSSL_NO_DSA
4355 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4356 return 0;
4357 #endif
4358 #ifndef OPENSSL_NO_EC
4359 /*
4360 * ECDSA certs can be used with RSA cipher suites too so we don't
4361 * need to check for SSL_kECDH or SSL_kECDHE
4362 */
4363 if (s->version >= TLS1_VERSION
4364 && !(alg_a & SSL_aECDSA)
4365 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4366 return 0;
4367 #endif
4368 return 1;
4369 }
4370
4371 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4372 {
4373 OPENSSL_free(c->ctype);
4374 c->ctype = NULL;
4375 c->ctype_len = 0;
4376 if (p == NULL || len == 0)
4377 return 1;
4378 if (len > 0xff)
4379 return 0;
4380 c->ctype = OPENSSL_memdup(p, len);
4381 if (c->ctype == NULL)
4382 return 0;
4383 c->ctype_len = len;
4384 return 1;
4385 }
4386
4387 int ssl3_shutdown(SSL *s)
4388 {
4389 int ret;
4390
4391 /*
4392 * Don't do anything much if we have not done the handshake or we don't
4393 * want to send messages :-)
4394 */
4395 if (s->quiet_shutdown || SSL_in_before(s)) {
4396 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4397 return 1;
4398 }
4399
4400 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4401 s->shutdown |= SSL_SENT_SHUTDOWN;
4402 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4403 /*
4404 * our shutdown alert has been sent now, and if it still needs to be
4405 * written, s->s3.alert_dispatch will be true
4406 */
4407 if (s->s3.alert_dispatch)
4408 return -1; /* return WANT_WRITE */
4409 } else if (s->s3.alert_dispatch) {
4410 /* resend it if not sent */
4411 ret = s->method->ssl_dispatch_alert(s);
4412 if (ret == -1) {
4413 /*
4414 * we only get to return -1 here the 2nd/Nth invocation, we must
4415 * have already signalled return 0 upon a previous invocation,
4416 * return WANT_WRITE
4417 */
4418 return ret;
4419 }
4420 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4421 size_t readbytes;
4422 /*
4423 * If we are waiting for a close from our peer, we are closed
4424 */
4425 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4426 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4427 return -1; /* return WANT_READ */
4428 }
4429 }
4430
4431 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4432 !s->s3.alert_dispatch)
4433 return 1;
4434 else
4435 return 0;
4436 }
4437
4438 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4439 {
4440 clear_sys_error();
4441 if (s->s3.renegotiate)
4442 ssl3_renegotiate_check(s, 0);
4443
4444 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4445 written);
4446 }
4447
4448 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4449 size_t *readbytes)
4450 {
4451 int ret;
4452
4453 clear_sys_error();
4454 if (s->s3.renegotiate)
4455 ssl3_renegotiate_check(s, 0);
4456 s->s3.in_read_app_data = 1;
4457 ret =
4458 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4459 peek, readbytes);
4460 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4461 /*
4462 * ssl3_read_bytes decided to call s->handshake_func, which called
4463 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4464 * actually found application data and thinks that application data
4465 * makes sense here; so disable handshake processing and try to read
4466 * application data again.
4467 */
4468 ossl_statem_set_in_handshake(s, 1);
4469 ret =
4470 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4471 len, peek, readbytes);
4472 ossl_statem_set_in_handshake(s, 0);
4473 } else
4474 s->s3.in_read_app_data = 0;
4475
4476 return ret;
4477 }
4478
4479 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4480 {
4481 return ssl3_read_internal(s, buf, len, 0, readbytes);
4482 }
4483
4484 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4485 {
4486 return ssl3_read_internal(s, buf, len, 1, readbytes);
4487 }
4488
4489 int ssl3_renegotiate(SSL *s)
4490 {
4491 if (s->handshake_func == NULL)
4492 return 1;
4493
4494 s->s3.renegotiate = 1;
4495 return 1;
4496 }
4497
4498 /*
4499 * Check if we are waiting to do a renegotiation and if so whether now is a
4500 * good time to do it. If |initok| is true then we are being called from inside
4501 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4502 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4503 * should do a renegotiation now and sets up the state machine for it. Otherwise
4504 * returns 0.
4505 */
4506 int ssl3_renegotiate_check(SSL *s, int initok)
4507 {
4508 int ret = 0;
4509
4510 if (s->s3.renegotiate) {
4511 if (!RECORD_LAYER_read_pending(&s->rlayer)
4512 && !RECORD_LAYER_write_pending(&s->rlayer)
4513 && (initok || !SSL_in_init(s))) {
4514 /*
4515 * if we are the server, and we have sent a 'RENEGOTIATE'
4516 * message, we need to set the state machine into the renegotiate
4517 * state.
4518 */
4519 ossl_statem_set_renegotiate(s);
4520 s->s3.renegotiate = 0;
4521 s->s3.num_renegotiations++;
4522 s->s3.total_renegotiations++;
4523 ret = 1;
4524 }
4525 }
4526 return ret;
4527 }
4528
4529 /*
4530 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4531 * handshake macs if required.
4532 *
4533 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4534 */
4535 long ssl_get_algorithm2(SSL *s)
4536 {
4537 long alg2;
4538 if (s->s3.tmp.new_cipher == NULL)
4539 return -1;
4540 alg2 = s->s3.tmp.new_cipher->algorithm2;
4541 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4542 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4543 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4544 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4545 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4546 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4547 }
4548 return alg2;
4549 }
4550
4551 /*
4552 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4553 * failure, 1 on success.
4554 */
4555 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4556 DOWNGRADE dgrd)
4557 {
4558 int send_time = 0, ret;
4559
4560 if (len < 4)
4561 return 0;
4562 if (server)
4563 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4564 else
4565 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4566 if (send_time) {
4567 unsigned long Time = (unsigned long)time(NULL);
4568 unsigned char *p = result;
4569
4570 l2n(Time, p);
4571 ret = RAND_bytes(p, len - 4);
4572 } else {
4573 ret = RAND_bytes(result, len);
4574 }
4575
4576 if (ret > 0) {
4577 if (!ossl_assert(sizeof(tls11downgrade) < len)
4578 || !ossl_assert(sizeof(tls12downgrade) < len))
4579 return 0;
4580 if (dgrd == DOWNGRADE_TO_1_2)
4581 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4582 sizeof(tls12downgrade));
4583 else if (dgrd == DOWNGRADE_TO_1_1)
4584 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4585 sizeof(tls11downgrade));
4586 }
4587
4588 return ret;
4589 }
4590
4591 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4592 int free_pms)
4593 {
4594 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4595 int ret = 0;
4596
4597 if (alg_k & SSL_PSK) {
4598 #ifndef OPENSSL_NO_PSK
4599 unsigned char *pskpms, *t;
4600 size_t psklen = s->s3.tmp.psklen;
4601 size_t pskpmslen;
4602
4603 /* create PSK premaster_secret */
4604
4605 /* For plain PSK "other_secret" is psklen zeroes */
4606 if (alg_k & SSL_kPSK)
4607 pmslen = psklen;
4608
4609 pskpmslen = 4 + pmslen + psklen;
4610 pskpms = OPENSSL_malloc(pskpmslen);
4611 if (pskpms == NULL)
4612 goto err;
4613 t = pskpms;
4614 s2n(pmslen, t);
4615 if (alg_k & SSL_kPSK)
4616 memset(t, 0, pmslen);
4617 else
4618 memcpy(t, pms, pmslen);
4619 t += pmslen;
4620 s2n(psklen, t);
4621 memcpy(t, s->s3.tmp.psk, psklen);
4622
4623 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4624 s->s3.tmp.psk = NULL;
4625 if (!s->method->ssl3_enc->generate_master_secret(s,
4626 s->session->master_key,pskpms, pskpmslen,
4627 &s->session->master_key_length)) {
4628 OPENSSL_clear_free(pskpms, pskpmslen);
4629 /* SSLfatal() already called */
4630 goto err;
4631 }
4632 OPENSSL_clear_free(pskpms, pskpmslen);
4633 #else
4634 /* Should never happen */
4635 goto err;
4636 #endif
4637 } else {
4638 if (!s->method->ssl3_enc->generate_master_secret(s,
4639 s->session->master_key, pms, pmslen,
4640 &s->session->master_key_length)) {
4641 /* SSLfatal() already called */
4642 goto err;
4643 }
4644 }
4645
4646 ret = 1;
4647 err:
4648 if (pms) {
4649 if (free_pms)
4650 OPENSSL_clear_free(pms, pmslen);
4651 else
4652 OPENSSL_cleanse(pms, pmslen);
4653 }
4654 if (s->server == 0)
4655 s->s3.tmp.pms = NULL;
4656 return ret;
4657 }
4658
4659 /* Generate a private key from parameters */
4660 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4661 {
4662 EVP_PKEY_CTX *pctx = NULL;
4663 EVP_PKEY *pkey = NULL;
4664
4665 if (pm == NULL)
4666 return NULL;
4667 pctx = EVP_PKEY_CTX_new(pm, NULL);
4668 if (pctx == NULL)
4669 goto err;
4670 if (EVP_PKEY_keygen_init(pctx) <= 0)
4671 goto err;
4672 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4673 EVP_PKEY_free(pkey);
4674 pkey = NULL;
4675 }
4676
4677 err:
4678 EVP_PKEY_CTX_free(pctx);
4679 return pkey;
4680 }
4681 #ifndef OPENSSL_NO_EC
4682 /* Generate a private key from a group ID */
4683 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4684 {
4685 EVP_PKEY_CTX *pctx = NULL;
4686 EVP_PKEY *pkey = NULL;
4687 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4688 uint16_t gtype;
4689
4690 if (ginf == NULL) {
4691 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4692 ERR_R_INTERNAL_ERROR);
4693 goto err;
4694 }
4695 gtype = ginf->flags & TLS_CURVE_TYPE;
4696 if (gtype == TLS_CURVE_CUSTOM)
4697 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4698 else
4699 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4700 if (pctx == NULL) {
4701 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4702 ERR_R_MALLOC_FAILURE);
4703 goto err;
4704 }
4705 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4706 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4707 ERR_R_EVP_LIB);
4708 goto err;
4709 }
4710 if (gtype != TLS_CURVE_CUSTOM
4711 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4712 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4713 ERR_R_EVP_LIB);
4714 goto err;
4715 }
4716 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4717 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4718 ERR_R_EVP_LIB);
4719 EVP_PKEY_free(pkey);
4720 pkey = NULL;
4721 }
4722
4723 err:
4724 EVP_PKEY_CTX_free(pctx);
4725 return pkey;
4726 }
4727
4728 /*
4729 * Generate parameters from a group ID
4730 */
4731 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4732 {
4733 EVP_PKEY_CTX *pctx = NULL;
4734 EVP_PKEY *pkey = NULL;
4735 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4736
4737 if (ginf == NULL)
4738 goto err;
4739
4740 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4741 pkey = EVP_PKEY_new();
4742 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4743 return pkey;
4744 EVP_PKEY_free(pkey);
4745 return NULL;
4746 }
4747
4748 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4749 if (pctx == NULL)
4750 goto err;
4751 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4752 goto err;
4753 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4754 goto err;
4755 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4756 EVP_PKEY_free(pkey);
4757 pkey = NULL;
4758 }
4759
4760 err:
4761 EVP_PKEY_CTX_free(pctx);
4762 return pkey;
4763 }
4764 #endif
4765
4766 /* Derive secrets for ECDH/DH */
4767 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4768 {
4769 int rv = 0;
4770 unsigned char *pms = NULL;
4771 size_t pmslen = 0;
4772 EVP_PKEY_CTX *pctx;
4773
4774 if (privkey == NULL || pubkey == NULL) {
4775 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4776 ERR_R_INTERNAL_ERROR);
4777 return 0;
4778 }
4779
4780 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4781
4782 if (EVP_PKEY_derive_init(pctx) <= 0
4783 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4784 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4785 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4786 ERR_R_INTERNAL_ERROR);
4787 goto err;
4788 }
4789
4790 pms = OPENSSL_malloc(pmslen);
4791 if (pms == NULL) {
4792 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4793 ERR_R_MALLOC_FAILURE);
4794 goto err;
4795 }
4796
4797 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4798 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4799 ERR_R_INTERNAL_ERROR);
4800 goto err;
4801 }
4802
4803 if (gensecret) {
4804 /* SSLfatal() called as appropriate in the below functions */
4805 if (SSL_IS_TLS13(s)) {
4806 /*
4807 * If we are resuming then we already generated the early secret
4808 * when we created the ClientHello, so don't recreate it.
4809 */
4810 if (!s->hit)
4811 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4812 0,
4813 (unsigned char *)&s->early_secret);
4814 else
4815 rv = 1;
4816
4817 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4818 } else {
4819 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4820 }
4821 } else {
4822 /* Save premaster secret */
4823 s->s3.tmp.pms = pms;
4824 s->s3.tmp.pmslen = pmslen;
4825 pms = NULL;
4826 rv = 1;
4827 }
4828
4829 err:
4830 OPENSSL_clear_free(pms, pmslen);
4831 EVP_PKEY_CTX_free(pctx);
4832 return rv;
4833 }
4834
4835 #ifndef OPENSSL_NO_DH
4836 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4837 {
4838 EVP_PKEY *ret;
4839 if (dh == NULL)
4840 return NULL;
4841 ret = EVP_PKEY_new();
4842 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4843 EVP_PKEY_free(ret);
4844 return NULL;
4845 }
4846 return ret;
4847 }
4848 #endif
A mirror of the official openssl repository