Allow all ciphersuites in SSL3.0 when they are available in TLS1.0

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 28 Feb 2014 18:52:52 +0000 (19:52 +0100)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 28 Feb 2014 18:52:52 +0000 (19:52 +0100)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 28 Feb 2014 18:52:52 +0000 (19:52 +0100)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 28 Feb 2014 18:52:52 +0000 (19:52 +0100)
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c

index dc8e76c87bb8b5cfd9d84ba0dcdbf436d3c3a5e5..dbc708f5843748ee5f4ffaa35442ea2ed293ec3a 100644 (file)
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -231,7 +231,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_RSA_NULL_SHA256,
                               GNUTLS_CIPHER_NULL,
-                             GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    /* RSA */
@@ -257,19 +257,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  /* GCM */
    ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256,
@@ -281,7 +281,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
  #ifdef ENABLE_DHE
    ENTRY (GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
                               GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 0),
    ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
                               GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
@@ -298,20 +298,20 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
    ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_128_CBC,
                               GNUTLS_KX_DHE_DSS,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_256_CBC,
                               GNUTLS_KX_DHE_DSS,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    /* DHE_RSA */
    ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
@@ -329,20 +329,20 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
    ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_128_CBC,
                               GNUTLS_KX_DHE_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_256_CBC,
                               GNUTLS_KX_DHE_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
                               GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
@@ -392,11 +392,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
  
    ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
                               GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
@@ -416,7 +416,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                                  GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
    ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
                                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                                GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+                                GNUTLS_MAC_SHA384, GNUTLS_SSL3,
                                  GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
  #endif
  #ifdef ENABLE_PSK
@@ -453,23 +453,23 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
    /* PSK */
    ENTRY (GNUTLS_PSK_ARCFOUR_128_SHA1,
                               GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 0),
    ENTRY (GNUTLS_PSK_3DES_EDE_CBC_SHA1,
                               GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_PSK_AES_128_CBC_SHA1,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_PSK_AES_256_CBC_SHA1,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
                               GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
@@ -477,29 +477,29 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_PSK_NULL_SHA256,
                               GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    /* DHE-PSK */
    ENTRY (GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
                               GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 0),
    ENTRY (GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
                               GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
                               GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
@@ -507,7 +507,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
                               GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY_PRF(GNUTLS_PSK_WITH_AES_256_GCM_SHA384,
@@ -540,20 +540,20 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
    ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_128_CBC,
                               GNUTLS_KX_ANON_DH,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
                               GNUTLS_CIPHER_CAMELLIA_256_CBC,
                               GNUTLS_KX_ANON_DH,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
-                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA256, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
                               GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
@@ -581,45 +581,45 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
    /* SRP */
    ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
                               GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
    ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
                               GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
                               GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
                               GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  
    ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
                               GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                               GNUTLS_VERSION_MAX, 1),
  #endif
  #ifdef ENABLE_RSA_EXPORT
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 28 Feb 2014 18:52:52 +0000 (19:52 +0100)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 28 Feb 2014 18:52:52 +0000 (19:52 +0100)