| /* |
| * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
| * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
| * Copyright 2005 Nokia. All rights reserved. |
| * |
| * Licensed under the Apache License 2.0 (the "License"). You may not use |
| * this file except in compliance with the License. You can obtain a copy |
| * in the file LICENSE in the source distribution or at |
| * https://www.openssl.org/source/license.html |
| */ |
| |
| #include <stdio.h> |
| #include <openssl/objects.h> |
| #include "internal/nelem.h" |
| #include "ssl_local.h" |
| #include <openssl/md5.h> |
| #include <openssl/dh.h> |
| #include <openssl/rand.h> |
| #include <openssl/trace.h> |
| #include <openssl/x509v3.h> |
| #include <openssl/core_names.h> |
| #include "internal/cryptlib.h" |
| |
| #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) |
| #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) |
| #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) |
| |
| /* TLSv1.3 downgrade protection sentinel values */ |
| const unsigned char tls11downgrade[] = { |
| 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 |
| }; |
| const unsigned char tls12downgrade[] = { |
| 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 |
| }; |
| |
| /* The list of available TLSv1.3 ciphers */ |
| static SSL_CIPHER tls13_ciphers[] = { |
| { |
| 1, |
| TLS1_3_RFC_AES_128_GCM_SHA256, |
| TLS1_3_RFC_AES_128_GCM_SHA256, |
| TLS1_3_CK_AES_128_GCM_SHA256, |
| SSL_kANY, |
| SSL_aANY, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_3_VERSION, TLS1_3_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256, |
| 128, |
| 128, |
| }, { |
| 1, |
| TLS1_3_RFC_AES_256_GCM_SHA384, |
| TLS1_3_RFC_AES_256_GCM_SHA384, |
| TLS1_3_CK_AES_256_GCM_SHA384, |
| SSL_kANY, |
| SSL_aANY, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_3_VERSION, TLS1_3_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_3_RFC_CHACHA20_POLY1305_SHA256, |
| TLS1_3_RFC_CHACHA20_POLY1305_SHA256, |
| TLS1_3_CK_CHACHA20_POLY1305_SHA256, |
| SSL_kANY, |
| SSL_aANY, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_3_VERSION, TLS1_3_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_3_RFC_AES_128_CCM_SHA256, |
| TLS1_3_RFC_AES_128_CCM_SHA256, |
| TLS1_3_CK_AES_128_CCM_SHA256, |
| SSL_kANY, |
| SSL_aANY, |
| SSL_AES128CCM, |
| SSL_AEAD, |
| TLS1_3_VERSION, TLS1_3_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256, |
| 128, |
| 128, |
| }, { |
| 1, |
| TLS1_3_RFC_AES_128_CCM_8_SHA256, |
| TLS1_3_RFC_AES_128_CCM_8_SHA256, |
| TLS1_3_CK_AES_128_CCM_8_SHA256, |
| SSL_kANY, |
| SSL_aANY, |
| SSL_AES128CCM8, |
| SSL_AEAD, |
| TLS1_3_VERSION, TLS1_3_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 128, |
| } |
| }; |
| |
| /* |
| * The list of available ciphers, mostly organized into the following |
| * groups: |
| * Always there |
| * EC |
| * PSK |
| * SRP (within that: RSA EC PSK) |
| * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED |
| * Weak ciphers |
| */ |
| static SSL_CIPHER ssl3_ciphers[] = { |
| { |
| 1, |
| SSL3_TXT_RSA_NULL_MD5, |
| SSL3_RFC_RSA_NULL_MD5, |
| SSL3_CK_RSA_NULL_MD5, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_MD5, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| SSL3_TXT_RSA_NULL_SHA, |
| SSL3_RFC_RSA_NULL_SHA, |
| SSL3_CK_RSA_NULL_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| SSL3_TXT_RSA_DES_192_CBC3_SHA, |
| SSL3_RFC_RSA_DES_192_CBC3_SHA, |
| SSL3_CK_RSA_DES_192_CBC3_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| { |
| 1, |
| SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, |
| SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, |
| SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| { |
| 1, |
| SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, |
| SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, |
| SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| { |
| 1, |
| SSL3_TXT_ADH_DES_192_CBC_SHA, |
| SSL3_RFC_ADH_DES_192_CBC_SHA, |
| SSL3_CK_ADH_DES_192_CBC_SHA, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| #endif |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_128_SHA, |
| TLS1_RFC_RSA_WITH_AES_128_SHA, |
| TLS1_CK_RSA_WITH_AES_128_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, |
| TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, |
| TLS1_CK_DHE_DSS_WITH_AES_128_SHA, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, |
| TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, |
| TLS1_CK_DHE_RSA_WITH_AES_128_SHA, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_AES_128_SHA, |
| TLS1_RFC_ADH_WITH_AES_128_SHA, |
| TLS1_CK_ADH_WITH_AES_128_SHA, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_256_SHA, |
| TLS1_RFC_RSA_WITH_AES_256_SHA, |
| TLS1_CK_RSA_WITH_AES_256_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, |
| TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, |
| TLS1_CK_DHE_DSS_WITH_AES_256_SHA, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, |
| TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, |
| TLS1_CK_DHE_RSA_WITH_AES_256_SHA, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_AES_256_SHA, |
| TLS1_RFC_ADH_WITH_AES_256_SHA, |
| TLS1_CK_ADH_WITH_AES_256_SHA, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_NULL_SHA256, |
| TLS1_RFC_RSA_WITH_NULL_SHA256, |
| TLS1_CK_RSA_WITH_NULL_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_128_SHA256, |
| TLS1_RFC_RSA_WITH_AES_128_SHA256, |
| TLS1_CK_RSA_WITH_AES_128_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_256_SHA256, |
| TLS1_RFC_RSA_WITH_AES_256_SHA256, |
| TLS1_CK_RSA_WITH_AES_256_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, |
| TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, |
| TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, |
| TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, |
| TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, |
| TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, |
| TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_AES256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, |
| TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, |
| TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_AES_128_SHA256, |
| TLS1_RFC_ADH_WITH_AES_128_SHA256, |
| TLS1_CK_ADH_WITH_AES_128_SHA256, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_AES_256_SHA256, |
| TLS1_RFC_ADH_WITH_AES_256_SHA256, |
| TLS1_CK_ADH_WITH_AES_256_SHA256, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_AES256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_128_CCM, |
| TLS1_RFC_RSA_WITH_AES_128_CCM, |
| TLS1_CK_RSA_WITH_AES_128_CCM, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES128CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_256_CCM, |
| TLS1_RFC_RSA_WITH_AES_256_CCM, |
| TLS1_CK_RSA_WITH_AES_256_CCM, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES256CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, |
| TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, |
| TLS1_CK_DHE_RSA_WITH_AES_128_CCM, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES128CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, |
| TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, |
| TLS1_CK_DHE_RSA_WITH_AES_256_CCM, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES256CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_128_CCM_8, |
| TLS1_RFC_RSA_WITH_AES_128_CCM_8, |
| TLS1_CK_RSA_WITH_AES_128_CCM_8, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES128CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_AES_256_CCM_8, |
| TLS1_RFC_RSA_WITH_AES_256_CCM_8, |
| TLS1_CK_RSA_WITH_AES_256_CCM_8, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_AES256CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, |
| TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, |
| TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES128CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, |
| TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, |
| TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_AES256CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_128_CCM, |
| TLS1_RFC_PSK_WITH_AES_128_CCM, |
| TLS1_CK_PSK_WITH_AES_128_CCM, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES128CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_256_CCM, |
| TLS1_RFC_PSK_WITH_AES_256_CCM, |
| TLS1_CK_PSK_WITH_AES_256_CCM, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES256CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, |
| TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, |
| TLS1_CK_DHE_PSK_WITH_AES_128_CCM, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES128CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, |
| TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, |
| TLS1_CK_DHE_PSK_WITH_AES_256_CCM, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES256CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_128_CCM_8, |
| TLS1_RFC_PSK_WITH_AES_128_CCM_8, |
| TLS1_CK_PSK_WITH_AES_128_CCM_8, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES128CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_256_CCM_8, |
| TLS1_RFC_PSK_WITH_AES_256_CCM_8, |
| TLS1_CK_PSK_WITH_AES_256_CCM_8, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES256CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, |
| TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, |
| TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES128CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, |
| TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, |
| TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES256CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES128CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES256CCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES128CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES256CCM8, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 64, /* CCM8 uses a short tag, so we have a low security strength */ |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
| TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, |
| TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_eNULL, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_3DES, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES128, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES256, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, |
| TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, |
| TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_3DES, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDH_anon_WITH_NULL_SHA, |
| TLS1_RFC_ECDH_anon_WITH_NULL_SHA, |
| TLS1_CK_ECDH_anon_WITH_NULL_SHA, |
| SSL_kECDHE, |
| SSL_aNULL, |
| SSL_eNULL, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, |
| SSL_kECDHE, |
| SSL_aNULL, |
| SSL_3DES, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, |
| TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, |
| SSL_kECDHE, |
| SSL_aNULL, |
| SSL_AES128, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, |
| TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, |
| SSL_kECDHE, |
| SSL_aNULL, |
| SSL_AES256, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES256, |
| SSL_SHA384, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, |
| TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, |
| TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, |
| TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, |
| TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA384, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_NULL_SHA, |
| TLS1_RFC_PSK_WITH_NULL_SHA, |
| TLS1_CK_PSK_WITH_NULL_SHA, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_NULL_SHA, |
| TLS1_RFC_DHE_PSK_WITH_NULL_SHA, |
| TLS1_CK_DHE_PSK_WITH_NULL_SHA, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_NULL_SHA, |
| TLS1_RFC_RSA_PSK_WITH_NULL_SHA, |
| TLS1_CK_RSA_PSK_WITH_NULL_SHA, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_CK_PSK_WITH_AES_128_CBC_SHA, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_CK_PSK_WITH_AES_256_CBC_SHA, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, |
| TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, |
| TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_AES128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, |
| TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, |
| TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_AES256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_AES256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_NULL_SHA256, |
| TLS1_RFC_PSK_WITH_NULL_SHA256, |
| TLS1_CK_PSK_WITH_NULL_SHA256, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_NULL_SHA384, |
| TLS1_RFC_PSK_WITH_NULL_SHA384, |
| TLS1_CK_PSK_WITH_NULL_SHA384, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_AES256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, |
| TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, |
| TLS1_CK_DHE_PSK_WITH_NULL_SHA256, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, |
| TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, |
| TLS1_CK_DHE_PSK_WITH_NULL_SHA384, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, |
| TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, |
| TLS1_CK_RSA_PSK_WITH_NULL_SHA256, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, |
| TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, |
| TLS1_CK_RSA_PSK_WITH_NULL_SHA384, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_eNULL, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 0, |
| 0, |
| }, |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_3DES, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, |
| TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_AES128, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, |
| TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_AES256, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, |
| TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_AES128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, |
| TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_AES256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, |
| TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, |
| TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, |
| TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, |
| TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, |
| TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, |
| TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_eNULL, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_STRONG_NONE | SSL_FIPS, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 0, |
| 0, |
| }, |
| |
| # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, |
| SSL_kSRP, |
| SSL_aSRP, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, |
| SSL_kSRP, |
| SSL_aRSA, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, |
| TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, |
| TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, |
| SSL_kSRP, |
| SSL_aDSS, |
| SSL_3DES, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 112, |
| 168, |
| }, |
| # endif |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, |
| TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, |
| SSL_kSRP, |
| SSL_aSRP, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, |
| TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, |
| SSL_kSRP, |
| SSL_aRSA, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, |
| TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, |
| TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, |
| SSL_kSRP, |
| SSL_aDSS, |
| SSL_AES128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, |
| TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, |
| SSL_kSRP, |
| SSL_aSRP, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, |
| TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, |
| SSL_kSRP, |
| SSL_aRSA, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, |
| TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, |
| TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, |
| SSL_kSRP, |
| SSL_aDSS, |
| SSL_AES256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, |
| TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, |
| TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, |
| TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_CK_PSK_WITH_CHACHA20_POLY1305, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, |
| TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_CHACHA20POLY1305, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_CAMELLIA256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_CAMELLIA256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_CAMELLIA256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, |
| TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_CAMELLIA256, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_CAMELLIA256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_CAMELLIA256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_CAMELLIA256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_CAMELLIA256, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_CAMELLIA128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_CAMELLIA128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_CAMELLIA128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_CAMELLIA128, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_CAMELLIA256, |
| SSL_SHA384, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_CAMELLIA256, |
| SSL_SHA384, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_CAMELLIA256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_CAMELLIA256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_CAMELLIA256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_CAMELLIA128, |
| SSL_SHA256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_CAMELLIA256, |
| SSL_SHA384, |
| TLS1_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| |
| #ifndef OPENSSL_NO_GOST |
| { |
| 1, |
| "GOST2001-GOST89-GOST89", |
| "TLS_GOSTR341001_WITH_28147_CNT_IMIT", |
| 0x3000081, |
| SSL_kGOST, |
| SSL_aGOST01, |
| SSL_eGOST2814789CNT, |
| SSL_GOST89MAC, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| "GOST2001-NULL-GOST94", |
| "TLS_GOSTR341001_WITH_NULL_GOSTR3411", |
| 0x3000083, |
| SSL_kGOST, |
| SSL_aGOST01, |
| SSL_eNULL, |
| SSL_GOST94, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_STRONG_NONE, |
| SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| "IANA-GOST2012-GOST8912-GOST8912", |
| NULL, |
| 0x0300c102, |
| SSL_kGOST, |
| SSL_aGOST12 | SSL_aGOST01, |
| SSL_eGOST2814789CNT12, |
| SSL_GOST89MAC12, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| "LEGACY-GOST2012-GOST8912-GOST8912", |
| NULL, |
| 0x0300ff85, |
| SSL_kGOST, |
| SSL_aGOST12 | SSL_aGOST01, |
| SSL_eGOST2814789CNT12, |
| SSL_GOST89MAC12, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| "GOST2012-NULL-GOST12", |
| NULL, |
| 0x0300ff87, |
| SSL_kGOST, |
| SSL_aGOST12 | SSL_aGOST01, |
| SSL_eNULL, |
| SSL_GOST12_256, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_STRONG_NONE, |
| SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, |
| 0, |
| 0, |
| }, |
| { |
| 1, |
| "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", |
| NULL, |
| 0x0300C100, |
| SSL_kGOST18, |
| SSL_aGOST12, |
| SSL_KUZNYECHIK, |
| SSL_KUZNYECHIKOMAC, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| "GOST2012-MAGMA-MAGMAOMAC", |
| NULL, |
| 0x0300C101, |
| SSL_kGOST18, |
| SSL_aGOST12, |
| SSL_MAGMA, |
| SSL_MAGMAOMAC, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_HIGH, |
| SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, |
| 256, |
| 256, |
| }, |
| #endif /* OPENSSL_NO_GOST */ |
| |
| { |
| 1, |
| SSL3_TXT_RSA_IDEA_128_SHA, |
| SSL3_RFC_RSA_IDEA_128_SHA, |
| SSL3_CK_RSA_IDEA_128_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_IDEA, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_1_VERSION, |
| DTLS1_BAD_VER, DTLS1_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_SEED_SHA, |
| TLS1_RFC_RSA_WITH_SEED_SHA, |
| TLS1_CK_RSA_WITH_SEED_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_SEED, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_SEED_SHA, |
| TLS1_RFC_DHE_DSS_WITH_SEED_SHA, |
| TLS1_CK_DHE_DSS_WITH_SEED_SHA, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_SEED, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_SEED_SHA, |
| TLS1_RFC_DHE_RSA_WITH_SEED_SHA, |
| TLS1_CK_DHE_RSA_WITH_SEED_SHA, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_SEED, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ADH_WITH_SEED_SHA, |
| TLS1_RFC_ADH_WITH_SEED_SHA, |
| TLS1_CK_ADH_WITH_SEED_SHA, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_SEED, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| DTLS1_BAD_VER, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 128, |
| 128, |
| }, |
| |
| #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
| { |
| 1, |
| SSL3_TXT_RSA_RC4_128_MD5, |
| SSL3_RFC_RSA_RC4_128_MD5, |
| SSL3_CK_RSA_RC4_128_MD5, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_RC4, |
| SSL_MD5, |
| SSL3_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| SSL3_TXT_RSA_RC4_128_SHA, |
| SSL3_RFC_RSA_RC4_128_SHA, |
| SSL3_CK_RSA_RC4_128_SHA, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_RC4, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| SSL3_TXT_ADH_RC4_128_MD5, |
| SSL3_RFC_ADH_RC4_128_MD5, |
| SSL3_CK_ADH_RC4_128_MD5, |
| SSL_kDHE, |
| SSL_aNULL, |
| SSL_RC4, |
| SSL_MD5, |
| SSL3_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, |
| TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, |
| TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, |
| SSL_kECDHEPSK, |
| SSL_aPSK, |
| SSL_RC4, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, |
| TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, |
| TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, |
| SSL_kECDHE, |
| SSL_aNULL, |
| SSL_RC4, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_RC4, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, |
| TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, |
| TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_RC4, |
| SSL_SHA1, |
| TLS1_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_RC4_128_SHA, |
| TLS1_RFC_PSK_WITH_RC4_128_SHA, |
| TLS1_CK_PSK_WITH_RC4_128_SHA, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_RC4, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, |
| TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, |
| TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_RC4, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, |
| TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, |
| TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_RC4, |
| SSL_SHA1, |
| SSL3_VERSION, TLS1_2_VERSION, |
| 0, 0, |
| SSL_NOT_DEFAULT | SSL_MEDIUM, |
| SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, |
| 80, |
| 128, |
| }, |
| #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ |
| |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, |
| SSL_kRSA, |
| SSL_aRSA, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, |
| SSL_kDHE, |
| SSL_aRSA, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, |
| SSL_kDHE, |
| SSL_aDSS, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, |
| SSL_kECDHE, |
| SSL_aECDSA, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, |
| SSL_kECDHE, |
| SSL_aRSA, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, |
| SSL_kPSK, |
| SSL_aPSK, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, |
| SSL_kDHEPSK, |
| SSL_aPSK, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, |
| TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, |
| TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_ARIA128GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, |
| 128, |
| 128, |
| }, |
| { |
| 1, |
| TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, |
| TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, |
| TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, |
| SSL_kRSAPSK, |
| SSL_aRSA, |
| SSL_ARIA256GCM, |
| SSL_AEAD, |
| TLS1_2_VERSION, TLS1_2_VERSION, |
| DTLS1_2_VERSION, DTLS1_2_VERSION, |
| SSL_NOT_DEFAULT | SSL_HIGH, |
| SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, |
| 256, |
| 256, |
| }, |
| }; |
| |
| /* |
| * The list of known Signalling Cipher-Suite Value "ciphers", non-valid |
| * values stuffed into the ciphers field of the wire protocol for signalling |
| * purposes. |
| */ |
| static SSL_CIPHER ssl3_scsvs[] = { |
| { |
| 0, |
| "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", |
| "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", |
| SSL3_CK_SCSV, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| }, |
| { |
| 0, |
| "TLS_FALLBACK_SCSV", |
| "TLS_FALLBACK_SCSV", |
| SSL3_CK_FALLBACK_SCSV, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| }, |
| }; |
| |
| static int cipher_compare(const void *a, const void *b) |
| { |
| const SSL_CIPHER *ap = (const SSL_CIPHER *)a; |
| const SSL_CIPHER *bp = (const SSL_CIPHER *)b; |
| |
| if (ap->id == bp->id) |
| return 0; |
| return ap->id < bp->id ? -1 : 1; |
| } |
| |
| void ssl_sort_cipher_list(void) |
| { |
| qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]), |
| cipher_compare); |
| qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]), |
| cipher_compare); |
| qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); |
| } |
| |
| static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, |
| const char * t, size_t u, |
| const unsigned char * v, size_t w, int x) |
| { |
| (void)r; |
| (void)s; |
| (void)t; |
| (void)u; |
| (void)v; |
| (void)w; |
| (void)x; |
| return ssl_undefined_function(ssl); |
| } |
| |
| const SSL3_ENC_METHOD SSLv3_enc_data = { |
| ssl3_enc, |
| n_ssl3_mac, |
| ssl3_setup_key_block, |
| ssl3_generate_master_secret, |
| ssl3_change_cipher_state, |
| ssl3_final_finish_mac, |
| SSL3_MD_CLIENT_FINISHED_CONST, 4, |
| SSL3_MD_SERVER_FINISHED_CONST, 4, |
| ssl3_alert_code, |
| ssl_undefined_function_1, |
| 0, |
| ssl3_set_handshake_header, |
| tls_close_construct_packet, |
| ssl3_handshake_write |
| }; |
| |
| long ssl3_default_timeout(void) |
| { |
| /* |
| * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for |
| * http, the cache would over fill |
| */ |
| return (60 * 60 * 2); |
| } |
| |
| int ssl3_num_ciphers(void) |
| { |
| return SSL3_NUM_CIPHERS; |
| } |
| |
| const SSL_CIPHER *ssl3_get_cipher(unsigned int u) |
| { |
| if (u < SSL3_NUM_CIPHERS) |
| return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]); |
| else |
| return NULL; |
| } |
| |
| int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) |
| { |
| /* No header in the event of a CCS */ |
| if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) |
| return 1; |
| |
| /* Set the content type and 3 bytes for the message len */ |
| if (!WPACKET_put_bytes_u8(pkt, htype) |
| || !WPACKET_start_sub_packet_u24(pkt)) |
| return 0; |
| |
| return 1; |
| } |
| |
| int ssl3_handshake_write(SSL *s) |
| { |
| return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
| } |
| |
| int ssl3_new(SSL *s) |
| { |
| #ifndef OPENSSL_NO_SRP |
| if (!ssl_srp_ctx_init_intern(s)) |
| return 0; |
| #endif |
| |
| if (!s->method->ssl_clear(s)) |
| return 0; |
| |
| return 1; |
| } |
| |
| void ssl3_free(SSL *s) |
| { |
| if (s == NULL) |
| return; |
| |
| ssl3_cleanup_key_block(s); |
| |
| EVP_PKEY_free(s->s3.peer_tmp); |
| s->s3.peer_tmp = NULL; |
| EVP_PKEY_free(s->s3.tmp.pkey); |
| s->s3.tmp.pkey = NULL; |
| |
| ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); |
| ssl_evp_md_free(s->s3.tmp.new_hash); |
| |
| OPENSSL_free(s->s3.tmp.ctype); |
| sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); |
| OPENSSL_free(s->s3.tmp.ciphers_raw); |
| OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); |
| OPENSSL_free(s->s3.tmp.peer_sigalgs); |
| OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); |
| ssl3_free_digest_list(s); |
| OPENSSL_free(s->s3.alpn_selected); |
| OPENSSL_free(s->s3.alpn_proposed); |
| |
| #ifndef OPENSSL_NO_SRP |
| ssl_srp_ctx_free_intern(s); |
| #endif |
| memset(&s->s3, 0, sizeof(s->s3)); |
| } |
| |
| int ssl3_clear(SSL *s) |
| { |
| ssl3_cleanup_key_block(s); |
| OPENSSL_free(s->s3.tmp.ctype); |
| sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); |
| OPENSSL_free(s->s3.tmp.ciphers_raw); |
| OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); |
| OPENSSL_free(s->s3.tmp.peer_sigalgs); |
| OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); |
| |
| EVP_PKEY_free(s->s3.tmp.pkey); |
| EVP_PKEY_free(s->s3.peer_tmp); |
| |
| ssl3_free_digest_list(s); |
| |
| OPENSSL_free(s->s3.alpn_selected); |
| OPENSSL_free(s->s3.alpn_proposed); |
| |
| /* NULL/zero-out everything in the s3 struct */ |
| memset(&s->s3, 0, sizeof(s->s3)); |
| |
| if (!ssl_free_wbio_buffer(s)) |
| return 0; |
| |
| s->version = SSL3_VERSION; |
| |
| #if !defined(OPENSSL_NO_NEXTPROTONEG) |
| OPENSSL_free(s->ext.npn); |
| s->ext.npn = NULL; |
| s->ext.npn_len = 0; |
| #endif |
| |
| return 1; |
| } |
| |
| #ifndef OPENSSL_NO_SRP |
| static char *srp_password_from_info_cb(SSL *s, void *arg) |
| { |
| return OPENSSL_strdup(s->srp_ctx.info); |
| } |
| #endif |
| |
| static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); |
| |
| long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) |
| { |
| int ret = 0; |
| |
| switch (cmd) { |
| case SSL_CTRL_GET_CLIENT_CERT_REQUEST: |
| break; |
| case SSL_CTRL_GET_NUM_RENEGOTIATIONS: |
| ret = s->s3.num_renegotiations; |
| break; |
| case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: |
| ret = s->s3.num_renegotiations; |
| s->s3.num_renegotiations = 0; |
| break; |
| case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: |
| ret = s->s3.total_renegotiations; |
| break; |
| case SSL_CTRL_GET_FLAGS: |
| ret = (int)(s->s3.flags); |
| break; |
| #if !defined(OPENSSL_NO_DEPRECATED_3_0) |
| case SSL_CTRL_SET_TMP_DH: |
| { |
| EVP_PKEY *pkdh = NULL; |
| if (parg == NULL) { |
| ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); |
| return 0; |
| } |
| pkdh = ssl_dh_to_pkey(parg); |
| if (pkdh == NULL) { |
| ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); |
| return 0; |
| } |
| if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { |
| EVP_PKEY_free(pkdh); |
| return 0; |
| } |
| return 1; |
| } |
| break; |
| case SSL_CTRL_SET_TMP_DH_CB: |
| { |
| ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| return ret; |
| } |
| #endif |
| case SSL_CTRL_SET_DH_AUTO: |
| s->cert->dh_tmp_auto = larg; |
| return 1; |
| #if !defined(OPENSSL_NO_DEPRECATED_3_0) |
| case SSL_CTRL_SET_TMP_ECDH: |
| { |
| if (parg == NULL) { |
| ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); |
| return 0; |
| } |
| return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, |
| &s->ext.supportedgroups_len, |
| parg); |
| } |
| #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ |
| case SSL_CTRL_SET_TLSEXT_HOSTNAME: |
| /* |
| * This API is only used for a client to set what SNI it will request |
| * from the server, but we currently allow it to be used on servers |
| * as well, which is a programming error. Currently we just clear |
| * the field in SSL_do_handshake() for server SSLs, but when we can |
| * make ABI-breaking changes, we may want to make use of this API |
| * an error on server SSLs. |
| */ |
| if (larg == TLSEXT_NAMETYPE_host_name) { |
| size_t len; |
| |
| OPENSSL_free(s->ext.hostname); |
| s->ext.hostname = NULL; |
| |
| ret = 1; |
| if (parg == NULL) |
| break; |
| len = strlen((char *)parg); |
| if (len == 0 || len > TLSEXT_MAXLEN_host_name) { |
| ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); |
| return 0; |
| } |
| if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { |
| ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); |
| return 0; |
| } |
| } else { |
| ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); |
| return 0; |
| } |
| break; |
| case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: |
| s->ext.debug_arg = parg; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: |
| ret = s->ext.status_type; |
| break; |
| |
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: |
| s->ext.status_type = larg; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: |
| *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: |
| s->ext.ocsp.exts = parg; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: |
| *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: |
| s->ext.ocsp.ids = parg; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: |
| *(unsigned char **)parg = s->ext.ocsp.resp; |
| if (s->ext.ocsp.resp_len == 0 |
| || s->ext.ocsp.resp_len > LONG_MAX) |
| return -1; |
| return (long)s->ext.ocsp.resp_len; |
| |
| case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: |
| OPENSSL_free(s->ext.ocsp.resp); |
| s->ext.ocsp.resp = parg; |
| s->ext.ocsp.resp_len = larg; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_CHAIN: |
| if (larg) |
| return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); |
| else |
| return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg); |
| |
| case SSL_CTRL_CHAIN_CERT: |
| if (larg) |
| return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg); |
| else |
| return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg); |
| |
| case SSL_CTRL_GET_CHAIN_CERTS: |
| *(STACK_OF(X509) **)parg = s->cert->key->chain; |
| ret = 1; |
| break; |
| |
| case SSL_CTRL_SELECT_CURRENT_CERT: |
| return ssl_cert_select_current(s->cert, (X509 *)parg); |
| |
| case SSL_CTRL_SET_CURRENT_CERT: |
| if (larg == SSL_CERT_SET_SERVER) { |
| const SSL_CIPHER *cipher; |
| if (!s->server) |
| return 0; |
| cipher = s->s3.tmp.new_cipher; |
| if (cipher == NULL) |
| return 0; |
| /* |
| * No certificate for unauthenticated ciphersuites or using SRP |
| * authentication |
| */ |
| if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) |
| return 2; |
| if (s->s3.tmp.cert == NULL) |
| return 0; |
| s->cert->key = s->s3.tmp.cert; |
| return 1; |
| } |
| return ssl_cert_set_current(s->cert, larg); |
| |
| case SSL_CTRL_GET_GROUPS: |
| { |
| uint16_t *clist; |
| size_t clistlen; |
| |
| if (!s->session) |
| return 0; |
| clist = s->ext.peer_supportedgroups; |
| clistlen = s->ext.peer_supportedgroups_len; |
| if (parg) { |
| size_t i; |
| int *cptr = parg; |
| |
| for (i = 0; i < clistlen; i++) { |
| uint16_t cid = SSL_IS_TLS13(s) |
| ? ssl_group_id_tls13_to_internal(clist[i]) |
| : clist[i]; |
| const TLS_GROUP_INFO *cinf |
| = tls1_group_id_lookup(s->ctx, cid); |
| |
| if (cinf != NULL) |
| cptr[i] = tls1_group_id2nid(cinf->group_id, 1); |
| else |
| cptr[i] = TLSEXT_nid_unknown | clist[i]; |
| } |
| } |
| return (int)clistlen; |
| } |
| |
| case SSL_CTRL_SET_GROUPS: |
| return tls1_set_groups(&s->ext.supportedgroups, |
| &s->ext.supportedgroups_len, parg, larg); |
| |
| case SSL_CTRL_SET_GROUPS_LIST: |
| return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups, |
| &s->ext.supportedgroups_len, parg); |
| |
| case SSL_CTRL_GET_SHARED_GROUP: |
|