s3_lib.c revision 1.11
1 1.1 christos /* ssl/s3_lib.c */ 2 1.1 christos /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 3 1.1 christos * All rights reserved. 4 1.1 christos * 5 1.1 christos * This package is an SSL implementation written 6 1.1 christos * by Eric Young (eay (at) cryptsoft.com). 7 1.1 christos * The implementation was written so as to conform with Netscapes SSL. 8 1.1 christos * 9 1.1 christos * This library is free for commercial and non-commercial use as long as 10 1.1 christos * the following conditions are aheared to. The following conditions 11 1.1 christos * apply to all code found in this distribution, be it the RC4, RSA, 12 1.1 christos * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 1.1 christos * included with this distribution is covered by the same copyright terms 14 1.1 christos * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 15 1.1 christos * 16 1.1 christos * Copyright remains Eric Young's, and as such any Copyright notices in 17 1.1 christos * the code are not to be removed. 18 1.1 christos * If this package is used in a product, Eric Young should be given attribution 19 1.1 christos * as the author of the parts of the library used. 20 1.1 christos * This can be in the form of a textual message at program startup or 21 1.1 christos * in documentation (online or textual) provided with the package. 22 1.1 christos * 23 1.1 christos * Redistribution and use in source and binary forms, with or without 24 1.1 christos * modification, are permitted provided that the following conditions 25 1.1 christos * are met: 26 1.1 christos * 1. Redistributions of source code must retain the copyright 27 1.1 christos * notice, this list of conditions and the following disclaimer. 28 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 29 1.1 christos * notice, this list of conditions and the following disclaimer in the 30 1.1 christos * documentation and/or other materials provided with the distribution. 31 1.1 christos * 3. All advertising materials mentioning features or use of this software 32 1.1 christos * must display the following acknowledgement: 33 1.1 christos * "This product includes cryptographic software written by 34 1.1 christos * Eric Young (eay (at) cryptsoft.com)" 35 1.1 christos * The word 'cryptographic' can be left out if the rouines from the library 36 1.1 christos * being used are not cryptographic related :-). 37 1.1 christos * 4. If you include any Windows specific code (or a derivative thereof) from 38 1.1 christos * the apps directory (application code) you must include an acknowledgement: 39 1.1 christos * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 40 1.1 christos * 41 1.1 christos * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 1.1 christos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 1.1 christos * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 1.1 christos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 1.1 christos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 1.1 christos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 1.1 christos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 1.1 christos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 1.1 christos * SUCH DAMAGE. 52 1.1 christos * 53 1.1 christos * The licence and distribution terms for any publically available version or 54 1.1 christos * derivative of this code cannot be changed. i.e. this code cannot simply be 55 1.1 christos * copied and put under another distribution licence 56 1.1 christos * [including the GNU Public Licence.] 57 1.1 christos */ 58 1.1 christos /* ==================================================================== 59 1.1 christos * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 1.1 christos * 61 1.1 christos * Redistribution and use in source and binary forms, with or without 62 1.1 christos * modification, are permitted provided that the following conditions 63 1.1 christos * are met: 64 1.1 christos * 65 1.1 christos * 1. Redistributions of source code must retain the above copyright 66 1.1 christos * notice, this list of conditions and the following disclaimer. 67 1.1 christos * 68 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 69 1.1 christos * notice, this list of conditions and the following disclaimer in 70 1.1 christos * the documentation and/or other materials provided with the 71 1.1 christos * distribution. 72 1.1 christos * 73 1.1 christos * 3. All advertising materials mentioning features or use of this 74 1.1 christos * software must display the following acknowledgment: 75 1.1 christos * "This product includes software developed by the OpenSSL Project 76 1.1 christos * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 1.1 christos * 78 1.1 christos * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 1.1 christos * endorse or promote products derived from this software without 80 1.1 christos * prior written permission. For written permission, please contact 81 1.1 christos * openssl-core (at) openssl.org. 82 1.1 christos * 83 1.1 christos * 5. Products derived from this software may not be called "OpenSSL" 84 1.1 christos * nor may "OpenSSL" appear in their names without prior written 85 1.1 christos * permission of the OpenSSL Project. 86 1.1 christos * 87 1.1 christos * 6. Redistributions of any form whatsoever must retain the following 88 1.1 christos * acknowledgment: 89 1.1 christos * "This product includes software developed by the OpenSSL Project 90 1.1 christos * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 1.1 christos * 92 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 1.1 christos * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 1.1 christos * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 1.1 christos * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 1.1 christos * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 1.1 christos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 1.1 christos * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 1.1 christos * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 1.1 christos * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 1.1 christos * OF THE POSSIBILITY OF SUCH DAMAGE. 104 1.1 christos * ==================================================================== 105 1.1 christos * 106 1.1 christos * This product includes cryptographic software written by Eric Young 107 1.1 christos * (eay (at) cryptsoft.com). This product includes software written by Tim 108 1.1 christos * Hudson (tjh (at) cryptsoft.com). 109 1.1 christos * 110 1.1 christos */ 111 1.1 christos /* ==================================================================== 112 1.1 christos * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 1.1 christos * 114 1.1 christos * Portions of the attached software ("Contribution") are developed by 115 1.1 christos * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 1.1 christos * 117 1.1 christos * The Contribution is licensed pursuant to the OpenSSL open source 118 1.1 christos * license provided above. 119 1.1 christos * 120 1.1 christos * ECC cipher suite support in OpenSSL originally written by 121 1.1 christos * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 1.1 christos * 123 1.1 christos */ 124 1.1 christos /* ==================================================================== 125 1.1 christos * Copyright 2005 Nokia. All rights reserved. 126 1.1 christos * 127 1.1 christos * The portions of the attached software ("Contribution") is developed by 128 1.1 christos * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 1.1 christos * license. 130 1.1 christos * 131 1.1 christos * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 1.1 christos * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 1.1 christos * support (see RFC 4279) to OpenSSL. 134 1.1 christos * 135 1.1 christos * No patent licenses or other rights except those expressly stated in 136 1.1 christos * the OpenSSL open source license shall be deemed granted or received 137 1.1 christos * expressly, by implication, estoppel, or otherwise. 138 1.1 christos * 139 1.1 christos * No assurances are provided by Nokia that the Contribution does not 140 1.1 christos * infringe the patent or other intellectual property rights of any third 141 1.1 christos * party or that the license provides you with all the necessary rights 142 1.1 christos * to make use of the Contribution. 143 1.1 christos * 144 1.1 christos * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 1.1 christos * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 1.1 christos * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 1.1 christos * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 1.1 christos * OTHERWISE. 149 1.1 christos */ 150 1.1 christos 151 1.1 christos #include <stdio.h> 152 1.1 christos #include <openssl/objects.h> 153 1.1 christos #include "ssl_locl.h" 154 1.1 christos #include "kssl_lcl.h" 155 1.1 christos #ifndef OPENSSL_NO_TLSEXT 156 1.1 christos #ifndef OPENSSL_NO_EC 157 1.1 christos #include "../crypto/ec/ec_lcl.h" 158 1.1 christos #endif /* OPENSSL_NO_EC */ 159 1.1 christos #endif /* OPENSSL_NO_TLSEXT */ 160 1.1 christos #include <openssl/md5.h> 161 1.1 christos #ifndef OPENSSL_NO_DH 162 1.1 christos #include <openssl/dh.h> 163 1.1 christos #endif 164 1.1 christos 165 1.1 christos const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 166 1.1 christos 167 1.1 christos #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 168 1.1 christos 169 1.1 christos /* list of available SSLv3 ciphers (sorted by id) */ 170 1.1 christos OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 171 1.1 christos 172 1.1 christos /* The RSA ciphers */ 173 1.1 christos /* Cipher 01 */ 174 1.1 christos { 175 1.1 christos 1, 176 1.1 christos SSL3_TXT_RSA_NULL_MD5, 177 1.1 christos SSL3_CK_RSA_NULL_MD5, 178 1.1 christos SSL_kRSA, 179 1.1 christos SSL_aRSA, 180 1.1 christos SSL_eNULL, 181 1.1 christos SSL_MD5, 182 1.1 christos SSL_SSLV3, 183 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE, 184 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 185 1.1 christos 0, 186 1.1 christos 0, 187 1.1 christos }, 188 1.1 christos 189 1.1 christos /* Cipher 02 */ 190 1.1 christos { 191 1.1 christos 1, 192 1.1 christos SSL3_TXT_RSA_NULL_SHA, 193 1.1 christos SSL3_CK_RSA_NULL_SHA, 194 1.1 christos SSL_kRSA, 195 1.1 christos SSL_aRSA, 196 1.1 christos SSL_eNULL, 197 1.1 christos SSL_SHA1, 198 1.1 christos SSL_SSLV3, 199 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 200 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 201 1.1 christos 0, 202 1.1 christos 0, 203 1.1 christos }, 204 1.1 christos 205 1.1 christos /* Cipher 03 */ 206 1.1 christos { 207 1.1 christos 1, 208 1.1 christos SSL3_TXT_RSA_RC4_40_MD5, 209 1.1 christos SSL3_CK_RSA_RC4_40_MD5, 210 1.1 christos SSL_kRSA, 211 1.1 christos SSL_aRSA, 212 1.1 christos SSL_RC4, 213 1.1 christos SSL_MD5, 214 1.1 christos SSL_SSLV3, 215 1.1 christos SSL_EXPORT|SSL_EXP40, 216 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 217 1.1 christos 40, 218 1.1 christos 128, 219 1.1 christos }, 220 1.1 christos 221 1.1 christos /* Cipher 04 */ 222 1.1 christos { 223 1.1 christos 1, 224 1.1 christos SSL3_TXT_RSA_RC4_128_MD5, 225 1.1 christos SSL3_CK_RSA_RC4_128_MD5, 226 1.1 christos SSL_kRSA, 227 1.1 christos SSL_aRSA, 228 1.1 christos SSL_RC4, 229 1.1 christos SSL_MD5, 230 1.1 christos SSL_SSLV3, 231 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 232 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 233 1.1 christos 128, 234 1.1 christos 128, 235 1.1 christos }, 236 1.1 christos 237 1.1 christos /* Cipher 05 */ 238 1.1 christos { 239 1.1 christos 1, 240 1.1 christos SSL3_TXT_RSA_RC4_128_SHA, 241 1.1 christos SSL3_CK_RSA_RC4_128_SHA, 242 1.1 christos SSL_kRSA, 243 1.1 christos SSL_aRSA, 244 1.1 christos SSL_RC4, 245 1.1 christos SSL_SHA1, 246 1.1 christos SSL_SSLV3, 247 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 248 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 249 1.1 christos 128, 250 1.1 christos 128, 251 1.1 christos }, 252 1.1 christos 253 1.1 christos /* Cipher 06 */ 254 1.1 christos { 255 1.1 christos 1, 256 1.1 christos SSL3_TXT_RSA_RC2_40_MD5, 257 1.1 christos SSL3_CK_RSA_RC2_40_MD5, 258 1.1 christos SSL_kRSA, 259 1.1 christos SSL_aRSA, 260 1.1 christos SSL_RC2, 261 1.1 christos SSL_MD5, 262 1.1 christos SSL_SSLV3, 263 1.1 christos SSL_EXPORT|SSL_EXP40, 264 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 265 1.1 christos 40, 266 1.1 christos 128, 267 1.1 christos }, 268 1.1 christos 269 1.1 christos /* Cipher 07 */ 270 1.1 christos #ifndef OPENSSL_NO_IDEA 271 1.1 christos { 272 1.1 christos 1, 273 1.1 christos SSL3_TXT_RSA_IDEA_128_SHA, 274 1.1 christos SSL3_CK_RSA_IDEA_128_SHA, 275 1.1 christos SSL_kRSA, 276 1.1 christos SSL_aRSA, 277 1.1 christos SSL_IDEA, 278 1.1 christos SSL_SHA1, 279 1.1 christos SSL_SSLV3, 280 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 281 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 282 1.1 christos 128, 283 1.1 christos 128, 284 1.1 christos }, 285 1.1 christos #endif 286 1.1 christos 287 1.1 christos /* Cipher 08 */ 288 1.1 christos { 289 1.1 christos 1, 290 1.1 christos SSL3_TXT_RSA_DES_40_CBC_SHA, 291 1.1 christos SSL3_CK_RSA_DES_40_CBC_SHA, 292 1.1 christos SSL_kRSA, 293 1.1 christos SSL_aRSA, 294 1.1 christos SSL_DES, 295 1.1 christos SSL_SHA1, 296 1.1 christos SSL_SSLV3, 297 1.1 christos SSL_EXPORT|SSL_EXP40, 298 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 299 1.1 christos 40, 300 1.1 christos 56, 301 1.1 christos }, 302 1.1 christos 303 1.1 christos /* Cipher 09 */ 304 1.1 christos { 305 1.1 christos 1, 306 1.1 christos SSL3_TXT_RSA_DES_64_CBC_SHA, 307 1.1 christos SSL3_CK_RSA_DES_64_CBC_SHA, 308 1.1 christos SSL_kRSA, 309 1.1 christos SSL_aRSA, 310 1.1 christos SSL_DES, 311 1.1 christos SSL_SHA1, 312 1.1 christos SSL_SSLV3, 313 1.1 christos SSL_NOT_EXP|SSL_LOW, 314 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 315 1.1 christos 56, 316 1.1 christos 56, 317 1.1 christos }, 318 1.1 christos 319 1.1 christos /* Cipher 0A */ 320 1.1 christos { 321 1.1 christos 1, 322 1.1 christos SSL3_TXT_RSA_DES_192_CBC3_SHA, 323 1.1 christos SSL3_CK_RSA_DES_192_CBC3_SHA, 324 1.1 christos SSL_kRSA, 325 1.1 christos SSL_aRSA, 326 1.1 christos SSL_3DES, 327 1.1 christos SSL_SHA1, 328 1.1 christos SSL_SSLV3, 329 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 330 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 331 1.11 spz 112, 332 1.1 christos 168, 333 1.1 christos }, 334 1.1 christos 335 1.1 christos /* The DH ciphers */ 336 1.1 christos /* Cipher 0B */ 337 1.1 christos { 338 1.1 christos 0, 339 1.1 christos SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 340 1.1 christos SSL3_CK_DH_DSS_DES_40_CBC_SHA, 341 1.1 christos SSL_kDHd, 342 1.1 christos SSL_aDH, 343 1.1 christos SSL_DES, 344 1.1 christos SSL_SHA1, 345 1.1 christos SSL_SSLV3, 346 1.1 christos SSL_EXPORT|SSL_EXP40, 347 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 348 1.1 christos 40, 349 1.1 christos 56, 350 1.1 christos }, 351 1.1 christos 352 1.1 christos /* Cipher 0C */ 353 1.1 christos { 354 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 355 1.1 christos SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 356 1.1 christos SSL3_CK_DH_DSS_DES_64_CBC_SHA, 357 1.1 christos SSL_kDHd, 358 1.1 christos SSL_aDH, 359 1.1 christos SSL_DES, 360 1.1 christos SSL_SHA1, 361 1.1 christos SSL_SSLV3, 362 1.1 christos SSL_NOT_EXP|SSL_LOW, 363 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 364 1.1 christos 56, 365 1.1 christos 56, 366 1.1 christos }, 367 1.1 christos 368 1.1 christos /* Cipher 0D */ 369 1.1 christos { 370 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 371 1.1 christos SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 372 1.1 christos SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 373 1.1 christos SSL_kDHd, 374 1.1 christos SSL_aDH, 375 1.1 christos SSL_3DES, 376 1.1 christos SSL_SHA1, 377 1.1 christos SSL_SSLV3, 378 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 379 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 380 1.11 spz 112, 381 1.1 christos 168, 382 1.1 christos }, 383 1.1 christos 384 1.1 christos /* Cipher 0E */ 385 1.1 christos { 386 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 387 1.1 christos SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 388 1.1 christos SSL3_CK_DH_RSA_DES_40_CBC_SHA, 389 1.1 christos SSL_kDHr, 390 1.1 christos SSL_aDH, 391 1.1 christos SSL_DES, 392 1.1 christos SSL_SHA1, 393 1.1 christos SSL_SSLV3, 394 1.1 christos SSL_EXPORT|SSL_EXP40, 395 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 396 1.1 christos 40, 397 1.1 christos 56, 398 1.1 christos }, 399 1.1 christos 400 1.1 christos /* Cipher 0F */ 401 1.1 christos { 402 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 403 1.1 christos SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 404 1.1 christos SSL3_CK_DH_RSA_DES_64_CBC_SHA, 405 1.1 christos SSL_kDHr, 406 1.1 christos SSL_aDH, 407 1.1 christos SSL_DES, 408 1.1 christos SSL_SHA1, 409 1.1 christos SSL_SSLV3, 410 1.1 christos SSL_NOT_EXP|SSL_LOW, 411 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 412 1.1 christos 56, 413 1.1 christos 56, 414 1.1 christos }, 415 1.1 christos 416 1.1 christos /* Cipher 10 */ 417 1.1 christos { 418 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 419 1.1 christos SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 420 1.1 christos SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 421 1.1 christos SSL_kDHr, 422 1.1 christos SSL_aDH, 423 1.1 christos SSL_3DES, 424 1.1 christos SSL_SHA1, 425 1.1 christos SSL_SSLV3, 426 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 427 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 428 1.11 spz 112, 429 1.1 christos 168, 430 1.1 christos }, 431 1.1 christos 432 1.1 christos /* The Ephemeral DH ciphers */ 433 1.1 christos /* Cipher 11 */ 434 1.1 christos { 435 1.1 christos 1, 436 1.1 christos SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 437 1.1 christos SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 438 1.1 christos SSL_kEDH, 439 1.1 christos SSL_aDSS, 440 1.1 christos SSL_DES, 441 1.1 christos SSL_SHA1, 442 1.1 christos SSL_SSLV3, 443 1.1 christos SSL_EXPORT|SSL_EXP40, 444 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 445 1.1 christos 40, 446 1.1 christos 56, 447 1.1 christos }, 448 1.1 christos 449 1.1 christos /* Cipher 12 */ 450 1.1 christos { 451 1.1 christos 1, 452 1.1 christos SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 453 1.1 christos SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 454 1.1 christos SSL_kEDH, 455 1.1 christos SSL_aDSS, 456 1.1 christos SSL_DES, 457 1.1 christos SSL_SHA1, 458 1.1 christos SSL_SSLV3, 459 1.1 christos SSL_NOT_EXP|SSL_LOW, 460 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 461 1.1 christos 56, 462 1.1 christos 56, 463 1.1 christos }, 464 1.1 christos 465 1.1 christos /* Cipher 13 */ 466 1.1 christos { 467 1.1 christos 1, 468 1.1 christos SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 469 1.1 christos SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 470 1.1 christos SSL_kEDH, 471 1.1 christos SSL_aDSS, 472 1.1 christos SSL_3DES, 473 1.1 christos SSL_SHA1, 474 1.1 christos SSL_SSLV3, 475 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 476 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 477 1.11 spz 112, 478 1.1 christos 168, 479 1.1 christos }, 480 1.1 christos 481 1.1 christos /* Cipher 14 */ 482 1.1 christos { 483 1.1 christos 1, 484 1.1 christos SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 485 1.1 christos SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 486 1.1 christos SSL_kEDH, 487 1.1 christos SSL_aRSA, 488 1.1 christos SSL_DES, 489 1.1 christos SSL_SHA1, 490 1.1 christos SSL_SSLV3, 491 1.1 christos SSL_EXPORT|SSL_EXP40, 492 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 493 1.1 christos 40, 494 1.1 christos 56, 495 1.1 christos }, 496 1.1 christos 497 1.1 christos /* Cipher 15 */ 498 1.1 christos { 499 1.1 christos 1, 500 1.1 christos SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 501 1.1 christos SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 502 1.1 christos SSL_kEDH, 503 1.1 christos SSL_aRSA, 504 1.1 christos SSL_DES, 505 1.1 christos SSL_SHA1, 506 1.1 christos SSL_SSLV3, 507 1.1 christos SSL_NOT_EXP|SSL_LOW, 508 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 509 1.1 christos 56, 510 1.1 christos 56, 511 1.1 christos }, 512 1.1 christos 513 1.1 christos /* Cipher 16 */ 514 1.1 christos { 515 1.1 christos 1, 516 1.1 christos SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 517 1.1 christos SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 518 1.1 christos SSL_kEDH, 519 1.1 christos SSL_aRSA, 520 1.1 christos SSL_3DES, 521 1.1 christos SSL_SHA1, 522 1.1 christos SSL_SSLV3, 523 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 524 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 525 1.11 spz 112, 526 1.1 christos 168, 527 1.1 christos }, 528 1.1 christos 529 1.1 christos /* Cipher 17 */ 530 1.1 christos { 531 1.1 christos 1, 532 1.1 christos SSL3_TXT_ADH_RC4_40_MD5, 533 1.1 christos SSL3_CK_ADH_RC4_40_MD5, 534 1.1 christos SSL_kEDH, 535 1.1 christos SSL_aNULL, 536 1.1 christos SSL_RC4, 537 1.1 christos SSL_MD5, 538 1.1 christos SSL_SSLV3, 539 1.1 christos SSL_EXPORT|SSL_EXP40, 540 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 541 1.1 christos 40, 542 1.1 christos 128, 543 1.1 christos }, 544 1.1 christos 545 1.1 christos /* Cipher 18 */ 546 1.1 christos { 547 1.1 christos 1, 548 1.1 christos SSL3_TXT_ADH_RC4_128_MD5, 549 1.1 christos SSL3_CK_ADH_RC4_128_MD5, 550 1.1 christos SSL_kEDH, 551 1.1 christos SSL_aNULL, 552 1.1 christos SSL_RC4, 553 1.1 christos SSL_MD5, 554 1.1 christos SSL_SSLV3, 555 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 556 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 557 1.1 christos 128, 558 1.1 christos 128, 559 1.1 christos }, 560 1.1 christos 561 1.1 christos /* Cipher 19 */ 562 1.1 christos { 563 1.1 christos 1, 564 1.1 christos SSL3_TXT_ADH_DES_40_CBC_SHA, 565 1.1 christos SSL3_CK_ADH_DES_40_CBC_SHA, 566 1.1 christos SSL_kEDH, 567 1.1 christos SSL_aNULL, 568 1.1 christos SSL_DES, 569 1.1 christos SSL_SHA1, 570 1.1 christos SSL_SSLV3, 571 1.1 christos SSL_EXPORT|SSL_EXP40, 572 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 573 1.1 christos 40, 574 1.1 christos 128, 575 1.1 christos }, 576 1.1 christos 577 1.1 christos /* Cipher 1A */ 578 1.1 christos { 579 1.1 christos 1, 580 1.1 christos SSL3_TXT_ADH_DES_64_CBC_SHA, 581 1.1 christos SSL3_CK_ADH_DES_64_CBC_SHA, 582 1.1 christos SSL_kEDH, 583 1.1 christos SSL_aNULL, 584 1.1 christos SSL_DES, 585 1.1 christos SSL_SHA1, 586 1.1 christos SSL_SSLV3, 587 1.1 christos SSL_NOT_EXP|SSL_LOW, 588 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 589 1.1 christos 56, 590 1.1 christos 56, 591 1.1 christos }, 592 1.1 christos 593 1.1 christos /* Cipher 1B */ 594 1.1 christos { 595 1.1 christos 1, 596 1.1 christos SSL3_TXT_ADH_DES_192_CBC_SHA, 597 1.1 christos SSL3_CK_ADH_DES_192_CBC_SHA, 598 1.1 christos SSL_kEDH, 599 1.1 christos SSL_aNULL, 600 1.1 christos SSL_3DES, 601 1.1 christos SSL_SHA1, 602 1.1 christos SSL_SSLV3, 603 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 604 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 605 1.11 spz 112, 606 1.1 christos 168, 607 1.1 christos }, 608 1.1 christos 609 1.1 christos /* Fortezza ciphersuite from SSL 3.0 spec */ 610 1.1 christos #if 0 611 1.1 christos /* Cipher 1C */ 612 1.1 christos { 613 1.1 christos 0, 614 1.1 christos SSL3_TXT_FZA_DMS_NULL_SHA, 615 1.1 christos SSL3_CK_FZA_DMS_NULL_SHA, 616 1.1 christos SSL_kFZA, 617 1.1 christos SSL_aFZA, 618 1.1 christos SSL_eNULL, 619 1.1 christos SSL_SHA1, 620 1.1 christos SSL_SSLV3, 621 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE, 622 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 623 1.1 christos 0, 624 1.1 christos 0, 625 1.1 christos }, 626 1.1 christos 627 1.1 christos /* Cipher 1D */ 628 1.1 christos { 629 1.1 christos 0, 630 1.1 christos SSL3_TXT_FZA_DMS_FZA_SHA, 631 1.1 christos SSL3_CK_FZA_DMS_FZA_SHA, 632 1.1 christos SSL_kFZA, 633 1.1 christos SSL_aFZA, 634 1.1 christos SSL_eFZA, 635 1.1 christos SSL_SHA1, 636 1.1 christos SSL_SSLV3, 637 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE, 638 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 639 1.1 christos 0, 640 1.1 christos 0, 641 1.1 christos }, 642 1.1 christos 643 1.1 christos /* Cipher 1E */ 644 1.1 christos { 645 1.1 christos 0, 646 1.1 christos SSL3_TXT_FZA_DMS_RC4_SHA, 647 1.1 christos SSL3_CK_FZA_DMS_RC4_SHA, 648 1.1 christos SSL_kFZA, 649 1.1 christos SSL_aFZA, 650 1.1 christos SSL_RC4, 651 1.1 christos SSL_SHA1, 652 1.1 christos SSL_SSLV3, 653 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 654 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 655 1.1 christos 128, 656 1.1 christos 128, 657 1.1 christos }, 658 1.1 christos #endif 659 1.1 christos 660 1.1 christos #ifndef OPENSSL_NO_KRB5 661 1.1 christos /* The Kerberos ciphers*/ 662 1.1 christos /* Cipher 1E */ 663 1.1 christos { 664 1.1 christos 1, 665 1.1 christos SSL3_TXT_KRB5_DES_64_CBC_SHA, 666 1.1 christos SSL3_CK_KRB5_DES_64_CBC_SHA, 667 1.1 christos SSL_kKRB5, 668 1.1 christos SSL_aKRB5, 669 1.1 christos SSL_DES, 670 1.1 christos SSL_SHA1, 671 1.1 christos SSL_SSLV3, 672 1.1 christos SSL_NOT_EXP|SSL_LOW, 673 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 674 1.1 christos 56, 675 1.1 christos 56, 676 1.1 christos }, 677 1.1 christos 678 1.1 christos /* Cipher 1F */ 679 1.1 christos { 680 1.1 christos 1, 681 1.1 christos SSL3_TXT_KRB5_DES_192_CBC3_SHA, 682 1.1 christos SSL3_CK_KRB5_DES_192_CBC3_SHA, 683 1.1 christos SSL_kKRB5, 684 1.1 christos SSL_aKRB5, 685 1.1 christos SSL_3DES, 686 1.1 christos SSL_SHA1, 687 1.1 christos SSL_SSLV3, 688 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 689 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 690 1.11 spz 112, 691 1.1 christos 168, 692 1.1 christos }, 693 1.1 christos 694 1.1 christos /* Cipher 20 */ 695 1.1 christos { 696 1.1 christos 1, 697 1.1 christos SSL3_TXT_KRB5_RC4_128_SHA, 698 1.1 christos SSL3_CK_KRB5_RC4_128_SHA, 699 1.1 christos SSL_kKRB5, 700 1.1 christos SSL_aKRB5, 701 1.1 christos SSL_RC4, 702 1.1 christos SSL_SHA1, 703 1.1 christos SSL_SSLV3, 704 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 705 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 706 1.1 christos 128, 707 1.1 christos 128, 708 1.1 christos }, 709 1.1 christos 710 1.1 christos /* Cipher 21 */ 711 1.1 christos { 712 1.1 christos 1, 713 1.1 christos SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 714 1.1 christos SSL3_CK_KRB5_IDEA_128_CBC_SHA, 715 1.1 christos SSL_kKRB5, 716 1.1 christos SSL_aKRB5, 717 1.1 christos SSL_IDEA, 718 1.1 christos SSL_SHA1, 719 1.1 christos SSL_SSLV3, 720 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 721 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 722 1.1 christos 128, 723 1.1 christos 128, 724 1.1 christos }, 725 1.1 christos 726 1.1 christos /* Cipher 22 */ 727 1.1 christos { 728 1.1 christos 1, 729 1.1 christos SSL3_TXT_KRB5_DES_64_CBC_MD5, 730 1.1 christos SSL3_CK_KRB5_DES_64_CBC_MD5, 731 1.1 christos SSL_kKRB5, 732 1.1 christos SSL_aKRB5, 733 1.1 christos SSL_DES, 734 1.1 christos SSL_MD5, 735 1.1 christos SSL_SSLV3, 736 1.1 christos SSL_NOT_EXP|SSL_LOW, 737 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 738 1.1 christos 56, 739 1.1 christos 56, 740 1.1 christos }, 741 1.1 christos 742 1.1 christos /* Cipher 23 */ 743 1.1 christos { 744 1.1 christos 1, 745 1.1 christos SSL3_TXT_KRB5_DES_192_CBC3_MD5, 746 1.1 christos SSL3_CK_KRB5_DES_192_CBC3_MD5, 747 1.1 christos SSL_kKRB5, 748 1.1 christos SSL_aKRB5, 749 1.1 christos SSL_3DES, 750 1.1 christos SSL_MD5, 751 1.1 christos SSL_SSLV3, 752 1.1 christos SSL_NOT_EXP|SSL_HIGH, 753 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 754 1.11 spz 112, 755 1.1 christos 168, 756 1.1 christos }, 757 1.1 christos 758 1.1 christos /* Cipher 24 */ 759 1.1 christos { 760 1.1 christos 1, 761 1.1 christos SSL3_TXT_KRB5_RC4_128_MD5, 762 1.1 christos SSL3_CK_KRB5_RC4_128_MD5, 763 1.1 christos SSL_kKRB5, 764 1.1 christos SSL_aKRB5, 765 1.1 christos SSL_RC4, 766 1.1 christos SSL_MD5, 767 1.1 christos SSL_SSLV3, 768 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 769 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 770 1.1 christos 128, 771 1.1 christos 128, 772 1.1 christos }, 773 1.1 christos 774 1.1 christos /* Cipher 25 */ 775 1.1 christos { 776 1.1 christos 1, 777 1.1 christos SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 778 1.1 christos SSL3_CK_KRB5_IDEA_128_CBC_MD5, 779 1.1 christos SSL_kKRB5, 780 1.1 christos SSL_aKRB5, 781 1.1 christos SSL_IDEA, 782 1.1 christos SSL_MD5, 783 1.1 christos SSL_SSLV3, 784 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 785 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 786 1.1 christos 128, 787 1.1 christos 128, 788 1.1 christos }, 789 1.1 christos 790 1.1 christos /* Cipher 26 */ 791 1.1 christos { 792 1.1 christos 1, 793 1.1 christos SSL3_TXT_KRB5_DES_40_CBC_SHA, 794 1.1 christos SSL3_CK_KRB5_DES_40_CBC_SHA, 795 1.1 christos SSL_kKRB5, 796 1.1 christos SSL_aKRB5, 797 1.1 christos SSL_DES, 798 1.1 christos SSL_SHA1, 799 1.1 christos SSL_SSLV3, 800 1.1 christos SSL_EXPORT|SSL_EXP40, 801 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 802 1.1 christos 40, 803 1.1 christos 56, 804 1.1 christos }, 805 1.1 christos 806 1.1 christos /* Cipher 27 */ 807 1.1 christos { 808 1.1 christos 1, 809 1.1 christos SSL3_TXT_KRB5_RC2_40_CBC_SHA, 810 1.1 christos SSL3_CK_KRB5_RC2_40_CBC_SHA, 811 1.1 christos SSL_kKRB5, 812 1.1 christos SSL_aKRB5, 813 1.1 christos SSL_RC2, 814 1.1 christos SSL_SHA1, 815 1.1 christos SSL_SSLV3, 816 1.1 christos SSL_EXPORT|SSL_EXP40, 817 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 818 1.1 christos 40, 819 1.1 christos 128, 820 1.1 christos }, 821 1.1 christos 822 1.1 christos /* Cipher 28 */ 823 1.1 christos { 824 1.1 christos 1, 825 1.1 christos SSL3_TXT_KRB5_RC4_40_SHA, 826 1.1 christos SSL3_CK_KRB5_RC4_40_SHA, 827 1.1 christos SSL_kKRB5, 828 1.1 christos SSL_aKRB5, 829 1.1 christos SSL_RC4, 830 1.1 christos SSL_SHA1, 831 1.1 christos SSL_SSLV3, 832 1.1 christos SSL_EXPORT|SSL_EXP40, 833 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 834 1.1 christos 40, 835 1.1 christos 128, 836 1.1 christos }, 837 1.1 christos 838 1.1 christos /* Cipher 29 */ 839 1.1 christos { 840 1.1 christos 1, 841 1.1 christos SSL3_TXT_KRB5_DES_40_CBC_MD5, 842 1.1 christos SSL3_CK_KRB5_DES_40_CBC_MD5, 843 1.1 christos SSL_kKRB5, 844 1.1 christos SSL_aKRB5, 845 1.1 christos SSL_DES, 846 1.1 christos SSL_MD5, 847 1.1 christos SSL_SSLV3, 848 1.1 christos SSL_EXPORT|SSL_EXP40, 849 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 850 1.1 christos 40, 851 1.1 christos 56, 852 1.1 christos }, 853 1.1 christos 854 1.1 christos /* Cipher 2A */ 855 1.1 christos { 856 1.1 christos 1, 857 1.1 christos SSL3_TXT_KRB5_RC2_40_CBC_MD5, 858 1.1 christos SSL3_CK_KRB5_RC2_40_CBC_MD5, 859 1.1 christos SSL_kKRB5, 860 1.1 christos SSL_aKRB5, 861 1.1 christos SSL_RC2, 862 1.1 christos SSL_MD5, 863 1.1 christos SSL_SSLV3, 864 1.1 christos SSL_EXPORT|SSL_EXP40, 865 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 866 1.1 christos 40, 867 1.1 christos 128, 868 1.1 christos }, 869 1.1 christos 870 1.1 christos /* Cipher 2B */ 871 1.1 christos { 872 1.1 christos 1, 873 1.1 christos SSL3_TXT_KRB5_RC4_40_MD5, 874 1.1 christos SSL3_CK_KRB5_RC4_40_MD5, 875 1.1 christos SSL_kKRB5, 876 1.1 christos SSL_aKRB5, 877 1.1 christos SSL_RC4, 878 1.1 christos SSL_MD5, 879 1.1 christos SSL_SSLV3, 880 1.1 christos SSL_EXPORT|SSL_EXP40, 881 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 882 1.1 christos 40, 883 1.1 christos 128, 884 1.1 christos }, 885 1.1 christos #endif /* OPENSSL_NO_KRB5 */ 886 1.1 christos 887 1.1 christos /* New AES ciphersuites */ 888 1.1 christos /* Cipher 2F */ 889 1.1 christos { 890 1.1 christos 1, 891 1.1 christos TLS1_TXT_RSA_WITH_AES_128_SHA, 892 1.1 christos TLS1_CK_RSA_WITH_AES_128_SHA, 893 1.1 christos SSL_kRSA, 894 1.1 christos SSL_aRSA, 895 1.1 christos SSL_AES128, 896 1.1 christos SSL_SHA1, 897 1.1 christos SSL_TLSV1, 898 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 899 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 900 1.1 christos 128, 901 1.1 christos 128, 902 1.1 christos }, 903 1.1 christos /* Cipher 30 */ 904 1.1 christos { 905 1.1 christos 0, 906 1.1 christos TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 907 1.1 christos TLS1_CK_DH_DSS_WITH_AES_128_SHA, 908 1.1 christos SSL_kDHd, 909 1.1 christos SSL_aDH, 910 1.1 christos SSL_AES128, 911 1.1 christos SSL_SHA1, 912 1.1 christos SSL_TLSV1, 913 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 914 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 915 1.1 christos 128, 916 1.1 christos 128, 917 1.1 christos }, 918 1.1 christos /* Cipher 31 */ 919 1.1 christos { 920 1.1 christos 0, 921 1.1 christos TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 922 1.1 christos TLS1_CK_DH_RSA_WITH_AES_128_SHA, 923 1.1 christos SSL_kDHr, 924 1.1 christos SSL_aDH, 925 1.1 christos SSL_AES128, 926 1.1 christos SSL_SHA1, 927 1.1 christos SSL_TLSV1, 928 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 929 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 930 1.1 christos 128, 931 1.1 christos 128, 932 1.1 christos }, 933 1.1 christos /* Cipher 32 */ 934 1.1 christos { 935 1.1 christos 1, 936 1.1 christos TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 937 1.1 christos TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 938 1.1 christos SSL_kEDH, 939 1.1 christos SSL_aDSS, 940 1.1 christos SSL_AES128, 941 1.1 christos SSL_SHA1, 942 1.1 christos SSL_TLSV1, 943 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 944 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 945 1.1 christos 128, 946 1.1 christos 128, 947 1.1 christos }, 948 1.1 christos /* Cipher 33 */ 949 1.1 christos { 950 1.1 christos 1, 951 1.1 christos TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 952 1.1 christos TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 953 1.1 christos SSL_kEDH, 954 1.1 christos SSL_aRSA, 955 1.1 christos SSL_AES128, 956 1.1 christos SSL_SHA1, 957 1.1 christos SSL_TLSV1, 958 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 959 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 960 1.1 christos 128, 961 1.1 christos 128, 962 1.1 christos }, 963 1.1 christos /* Cipher 34 */ 964 1.1 christos { 965 1.1 christos 1, 966 1.1 christos TLS1_TXT_ADH_WITH_AES_128_SHA, 967 1.1 christos TLS1_CK_ADH_WITH_AES_128_SHA, 968 1.1 christos SSL_kEDH, 969 1.1 christos SSL_aNULL, 970 1.1 christos SSL_AES128, 971 1.1 christos SSL_SHA1, 972 1.1 christos SSL_TLSV1, 973 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 974 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 975 1.1 christos 128, 976 1.1 christos 128, 977 1.1 christos }, 978 1.1 christos 979 1.1 christos /* Cipher 35 */ 980 1.1 christos { 981 1.1 christos 1, 982 1.1 christos TLS1_TXT_RSA_WITH_AES_256_SHA, 983 1.1 christos TLS1_CK_RSA_WITH_AES_256_SHA, 984 1.1 christos SSL_kRSA, 985 1.1 christos SSL_aRSA, 986 1.1 christos SSL_AES256, 987 1.1 christos SSL_SHA1, 988 1.1 christos SSL_TLSV1, 989 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 990 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 991 1.1 christos 256, 992 1.1 christos 256, 993 1.1 christos }, 994 1.1 christos /* Cipher 36 */ 995 1.1 christos { 996 1.1 christos 0, 997 1.1 christos TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 998 1.1 christos TLS1_CK_DH_DSS_WITH_AES_256_SHA, 999 1.1 christos SSL_kDHd, 1000 1.1 christos SSL_aDH, 1001 1.1 christos SSL_AES256, 1002 1.1 christos SSL_SHA1, 1003 1.1 christos SSL_TLSV1, 1004 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1005 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1006 1.1 christos 256, 1007 1.1 christos 256, 1008 1.1 christos }, 1009 1.1 christos 1010 1.1 christos /* Cipher 37 */ 1011 1.1 christos { 1012 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1013 1.1 christos TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1014 1.1 christos TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1015 1.1 christos SSL_kDHr, 1016 1.1 christos SSL_aDH, 1017 1.1 christos SSL_AES256, 1018 1.1 christos SSL_SHA1, 1019 1.1 christos SSL_TLSV1, 1020 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1021 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1022 1.1 christos 256, 1023 1.1 christos 256, 1024 1.1 christos }, 1025 1.1 christos 1026 1.1 christos /* Cipher 38 */ 1027 1.1 christos { 1028 1.1 christos 1, 1029 1.1 christos TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1030 1.1 christos TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1031 1.1 christos SSL_kEDH, 1032 1.1 christos SSL_aDSS, 1033 1.1 christos SSL_AES256, 1034 1.1 christos SSL_SHA1, 1035 1.1 christos SSL_TLSV1, 1036 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1037 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1038 1.1 christos 256, 1039 1.1 christos 256, 1040 1.1 christos }, 1041 1.1 christos 1042 1.1 christos /* Cipher 39 */ 1043 1.1 christos { 1044 1.1 christos 1, 1045 1.1 christos TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1046 1.1 christos TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1047 1.1 christos SSL_kEDH, 1048 1.1 christos SSL_aRSA, 1049 1.1 christos SSL_AES256, 1050 1.1 christos SSL_SHA1, 1051 1.1 christos SSL_TLSV1, 1052 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1053 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1054 1.1 christos 256, 1055 1.1 christos 256, 1056 1.1 christos }, 1057 1.1 christos 1058 1.1 christos /* Cipher 3A */ 1059 1.1 christos { 1060 1.1 christos 1, 1061 1.1 christos TLS1_TXT_ADH_WITH_AES_256_SHA, 1062 1.1 christos TLS1_CK_ADH_WITH_AES_256_SHA, 1063 1.1 christos SSL_kEDH, 1064 1.1 christos SSL_aNULL, 1065 1.1 christos SSL_AES256, 1066 1.1 christos SSL_SHA1, 1067 1.1 christos SSL_TLSV1, 1068 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1069 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1070 1.1 christos 256, 1071 1.1 christos 256, 1072 1.1 christos }, 1073 1.1 christos 1074 1.5 spz /* TLS v1.2 ciphersuites */ 1075 1.5 spz /* Cipher 3B */ 1076 1.5 spz { 1077 1.5 spz 1, 1078 1.5 spz TLS1_TXT_RSA_WITH_NULL_SHA256, 1079 1.5 spz TLS1_CK_RSA_WITH_NULL_SHA256, 1080 1.5 spz SSL_kRSA, 1081 1.5 spz SSL_aRSA, 1082 1.5 spz SSL_eNULL, 1083 1.5 spz SSL_SHA256, 1084 1.8 christos SSL_TLSV1_2, 1085 1.5 spz SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1086 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1087 1.5 spz 0, 1088 1.5 spz 0, 1089 1.5 spz }, 1090 1.5 spz 1091 1.5 spz /* Cipher 3C */ 1092 1.5 spz { 1093 1.5 spz 1, 1094 1.5 spz TLS1_TXT_RSA_WITH_AES_128_SHA256, 1095 1.5 spz TLS1_CK_RSA_WITH_AES_128_SHA256, 1096 1.5 spz SSL_kRSA, 1097 1.5 spz SSL_aRSA, 1098 1.5 spz SSL_AES128, 1099 1.5 spz SSL_SHA256, 1100 1.8 christos SSL_TLSV1_2, 1101 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1102 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1103 1.5 spz 128, 1104 1.5 spz 128, 1105 1.5 spz }, 1106 1.5 spz 1107 1.5 spz /* Cipher 3D */ 1108 1.5 spz { 1109 1.5 spz 1, 1110 1.5 spz TLS1_TXT_RSA_WITH_AES_256_SHA256, 1111 1.5 spz TLS1_CK_RSA_WITH_AES_256_SHA256, 1112 1.5 spz SSL_kRSA, 1113 1.5 spz SSL_aRSA, 1114 1.5 spz SSL_AES256, 1115 1.5 spz SSL_SHA256, 1116 1.8 christos SSL_TLSV1_2, 1117 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1118 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1119 1.5 spz 256, 1120 1.5 spz 256, 1121 1.5 spz }, 1122 1.5 spz 1123 1.5 spz /* Cipher 3E */ 1124 1.5 spz { 1125 1.5 spz 0, /* not implemented (non-ephemeral DH) */ 1126 1.5 spz TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1127 1.5 spz TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1128 1.9 christos SSL_kDHd, 1129 1.5 spz SSL_aDH, 1130 1.5 spz SSL_AES128, 1131 1.5 spz SSL_SHA256, 1132 1.8 christos SSL_TLSV1_2, 1133 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1134 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1135 1.5 spz 128, 1136 1.5 spz 128, 1137 1.5 spz }, 1138 1.5 spz 1139 1.5 spz /* Cipher 3F */ 1140 1.5 spz { 1141 1.5 spz 0, /* not implemented (non-ephemeral DH) */ 1142 1.5 spz TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1143 1.5 spz TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1144 1.5 spz SSL_kDHr, 1145 1.5 spz SSL_aDH, 1146 1.5 spz SSL_AES128, 1147 1.5 spz SSL_SHA256, 1148 1.8 christos SSL_TLSV1_2, 1149 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1150 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1151 1.5 spz 128, 1152 1.5 spz 128, 1153 1.5 spz }, 1154 1.5 spz 1155 1.5 spz /* Cipher 40 */ 1156 1.5 spz { 1157 1.5 spz 1, 1158 1.5 spz TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1159 1.5 spz TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1160 1.5 spz SSL_kEDH, 1161 1.5 spz SSL_aDSS, 1162 1.5 spz SSL_AES128, 1163 1.5 spz SSL_SHA256, 1164 1.8 christos SSL_TLSV1_2, 1165 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1166 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1167 1.5 spz 128, 1168 1.5 spz 128, 1169 1.5 spz }, 1170 1.5 spz 1171 1.1 christos #ifndef OPENSSL_NO_CAMELLIA 1172 1.1 christos /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1173 1.1 christos 1174 1.1 christos /* Cipher 41 */ 1175 1.1 christos { 1176 1.1 christos 1, 1177 1.1 christos TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1178 1.1 christos TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1179 1.1 christos SSL_kRSA, 1180 1.1 christos SSL_aRSA, 1181 1.1 christos SSL_CAMELLIA128, 1182 1.1 christos SSL_SHA1, 1183 1.1 christos SSL_TLSV1, 1184 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1185 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1186 1.1 christos 128, 1187 1.1 christos 128, 1188 1.1 christos }, 1189 1.1 christos 1190 1.1 christos /* Cipher 42 */ 1191 1.1 christos { 1192 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1193 1.1 christos TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1194 1.1 christos TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1195 1.1 christos SSL_kDHd, 1196 1.1 christos SSL_aDH, 1197 1.1 christos SSL_CAMELLIA128, 1198 1.1 christos SSL_SHA1, 1199 1.1 christos SSL_TLSV1, 1200 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1201 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1202 1.1 christos 128, 1203 1.1 christos 128, 1204 1.1 christos }, 1205 1.1 christos 1206 1.1 christos /* Cipher 43 */ 1207 1.1 christos { 1208 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1209 1.1 christos TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1210 1.1 christos TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1211 1.1 christos SSL_kDHr, 1212 1.1 christos SSL_aDH, 1213 1.1 christos SSL_CAMELLIA128, 1214 1.1 christos SSL_SHA1, 1215 1.1 christos SSL_TLSV1, 1216 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1217 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1218 1.1 christos 128, 1219 1.1 christos 128, 1220 1.1 christos }, 1221 1.1 christos 1222 1.1 christos /* Cipher 44 */ 1223 1.1 christos { 1224 1.1 christos 1, 1225 1.1 christos TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1226 1.1 christos TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1227 1.1 christos SSL_kEDH, 1228 1.1 christos SSL_aDSS, 1229 1.1 christos SSL_CAMELLIA128, 1230 1.1 christos SSL_SHA1, 1231 1.1 christos SSL_TLSV1, 1232 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1233 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1234 1.1 christos 128, 1235 1.1 christos 128, 1236 1.1 christos }, 1237 1.1 christos 1238 1.1 christos /* Cipher 45 */ 1239 1.1 christos { 1240 1.1 christos 1, 1241 1.1 christos TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1242 1.1 christos TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1243 1.1 christos SSL_kEDH, 1244 1.1 christos SSL_aRSA, 1245 1.1 christos SSL_CAMELLIA128, 1246 1.1 christos SSL_SHA1, 1247 1.1 christos SSL_TLSV1, 1248 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1249 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1250 1.1 christos 128, 1251 1.1 christos 128, 1252 1.1 christos }, 1253 1.1 christos 1254 1.1 christos /* Cipher 46 */ 1255 1.1 christos { 1256 1.1 christos 1, 1257 1.1 christos TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1258 1.1 christos TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1259 1.1 christos SSL_kEDH, 1260 1.1 christos SSL_aNULL, 1261 1.1 christos SSL_CAMELLIA128, 1262 1.1 christos SSL_SHA1, 1263 1.1 christos SSL_TLSV1, 1264 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1265 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1266 1.1 christos 128, 1267 1.1 christos 128, 1268 1.1 christos }, 1269 1.1 christos #endif /* OPENSSL_NO_CAMELLIA */ 1270 1.1 christos 1271 1.1 christos #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1272 1.1 christos /* New TLS Export CipherSuites from expired ID */ 1273 1.1 christos #if 0 1274 1.1 christos /* Cipher 60 */ 1275 1.1 christos { 1276 1.1 christos 1, 1277 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1278 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1279 1.1 christos SSL_kRSA, 1280 1.1 christos SSL_aRSA, 1281 1.1 christos SSL_RC4, 1282 1.1 christos SSL_MD5, 1283 1.1 christos SSL_TLSV1, 1284 1.1 christos SSL_EXPORT|SSL_EXP56, 1285 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1286 1.1 christos 56, 1287 1.1 christos 128, 1288 1.1 christos }, 1289 1.1 christos 1290 1.1 christos /* Cipher 61 */ 1291 1.1 christos { 1292 1.1 christos 1, 1293 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1294 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1295 1.1 christos SSL_kRSA, 1296 1.1 christos SSL_aRSA, 1297 1.1 christos SSL_RC2, 1298 1.1 christos SSL_MD5, 1299 1.1 christos SSL_TLSV1, 1300 1.1 christos SSL_EXPORT|SSL_EXP56, 1301 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1302 1.1 christos 56, 1303 1.1 christos 128, 1304 1.1 christos }, 1305 1.1 christos #endif 1306 1.1 christos 1307 1.1 christos /* Cipher 62 */ 1308 1.1 christos { 1309 1.1 christos 1, 1310 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1311 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1312 1.1 christos SSL_kRSA, 1313 1.1 christos SSL_aRSA, 1314 1.1 christos SSL_DES, 1315 1.1 christos SSL_SHA1, 1316 1.1 christos SSL_TLSV1, 1317 1.1 christos SSL_EXPORT|SSL_EXP56, 1318 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1319 1.1 christos 56, 1320 1.1 christos 56, 1321 1.1 christos }, 1322 1.1 christos 1323 1.1 christos /* Cipher 63 */ 1324 1.1 christos { 1325 1.1 christos 1, 1326 1.1 christos TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1327 1.1 christos TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1328 1.1 christos SSL_kEDH, 1329 1.1 christos SSL_aDSS, 1330 1.1 christos SSL_DES, 1331 1.1 christos SSL_SHA1, 1332 1.1 christos SSL_TLSV1, 1333 1.1 christos SSL_EXPORT|SSL_EXP56, 1334 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1335 1.1 christos 56, 1336 1.1 christos 56, 1337 1.1 christos }, 1338 1.1 christos 1339 1.1 christos /* Cipher 64 */ 1340 1.1 christos { 1341 1.1 christos 1, 1342 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1343 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1344 1.1 christos SSL_kRSA, 1345 1.1 christos SSL_aRSA, 1346 1.1 christos SSL_RC4, 1347 1.1 christos SSL_SHA1, 1348 1.1 christos SSL_TLSV1, 1349 1.1 christos SSL_EXPORT|SSL_EXP56, 1350 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1351 1.1 christos 56, 1352 1.1 christos 128, 1353 1.1 christos }, 1354 1.1 christos 1355 1.1 christos /* Cipher 65 */ 1356 1.1 christos { 1357 1.1 christos 1, 1358 1.1 christos TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1359 1.1 christos TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1360 1.1 christos SSL_kEDH, 1361 1.1 christos SSL_aDSS, 1362 1.1 christos SSL_RC4, 1363 1.1 christos SSL_SHA1, 1364 1.1 christos SSL_TLSV1, 1365 1.1 christos SSL_EXPORT|SSL_EXP56, 1366 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1367 1.1 christos 56, 1368 1.1 christos 128, 1369 1.1 christos }, 1370 1.1 christos 1371 1.1 christos /* Cipher 66 */ 1372 1.1 christos { 1373 1.1 christos 1, 1374 1.1 christos TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1375 1.1 christos TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1376 1.1 christos SSL_kEDH, 1377 1.1 christos SSL_aDSS, 1378 1.1 christos SSL_RC4, 1379 1.1 christos SSL_SHA1, 1380 1.1 christos SSL_TLSV1, 1381 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1382 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1383 1.1 christos 128, 1384 1.1 christos 128, 1385 1.1 christos }, 1386 1.1 christos #endif 1387 1.5 spz 1388 1.5 spz /* TLS v1.2 ciphersuites */ 1389 1.5 spz /* Cipher 67 */ 1390 1.5 spz { 1391 1.5 spz 1, 1392 1.5 spz TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1393 1.5 spz TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1394 1.5 spz SSL_kEDH, 1395 1.5 spz SSL_aRSA, 1396 1.5 spz SSL_AES128, 1397 1.5 spz SSL_SHA256, 1398 1.8 christos SSL_TLSV1_2, 1399 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1400 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1401 1.5 spz 128, 1402 1.5 spz 128, 1403 1.5 spz }, 1404 1.5 spz 1405 1.5 spz /* Cipher 68 */ 1406 1.5 spz { 1407 1.5 spz 0, /* not implemented (non-ephemeral DH) */ 1408 1.5 spz TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1409 1.5 spz TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1410 1.9 christos SSL_kDHd, 1411 1.5 spz SSL_aDH, 1412 1.5 spz SSL_AES256, 1413 1.5 spz SSL_SHA256, 1414 1.8 christos SSL_TLSV1_2, 1415 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1416 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1417 1.5 spz 256, 1418 1.5 spz 256, 1419 1.5 spz }, 1420 1.5 spz 1421 1.5 spz /* Cipher 69 */ 1422 1.5 spz { 1423 1.5 spz 0, /* not implemented (non-ephemeral DH) */ 1424 1.5 spz TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1425 1.5 spz TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1426 1.5 spz SSL_kDHr, 1427 1.5 spz SSL_aDH, 1428 1.5 spz SSL_AES256, 1429 1.5 spz SSL_SHA256, 1430 1.8 christos SSL_TLSV1_2, 1431 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1432 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1433 1.5 spz 256, 1434 1.5 spz 256, 1435 1.5 spz }, 1436 1.5 spz 1437 1.5 spz /* Cipher 6A */ 1438 1.5 spz { 1439 1.5 spz 1, 1440 1.5 spz TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1441 1.5 spz TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1442 1.5 spz SSL_kEDH, 1443 1.5 spz SSL_aDSS, 1444 1.5 spz SSL_AES256, 1445 1.5 spz SSL_SHA256, 1446 1.8 christos SSL_TLSV1_2, 1447 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1448 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1449 1.5 spz 256, 1450 1.5 spz 256, 1451 1.5 spz }, 1452 1.5 spz 1453 1.5 spz /* Cipher 6B */ 1454 1.5 spz { 1455 1.5 spz 1, 1456 1.5 spz TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1457 1.5 spz TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1458 1.5 spz SSL_kEDH, 1459 1.5 spz SSL_aRSA, 1460 1.5 spz SSL_AES256, 1461 1.5 spz SSL_SHA256, 1462 1.8 christos SSL_TLSV1_2, 1463 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1464 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1465 1.5 spz 256, 1466 1.5 spz 256, 1467 1.5 spz }, 1468 1.5 spz 1469 1.5 spz /* Cipher 6C */ 1470 1.5 spz { 1471 1.5 spz 1, 1472 1.5 spz TLS1_TXT_ADH_WITH_AES_128_SHA256, 1473 1.5 spz TLS1_CK_ADH_WITH_AES_128_SHA256, 1474 1.5 spz SSL_kEDH, 1475 1.5 spz SSL_aNULL, 1476 1.5 spz SSL_AES128, 1477 1.5 spz SSL_SHA256, 1478 1.8 christos SSL_TLSV1_2, 1479 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1480 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1481 1.5 spz 128, 1482 1.5 spz 128, 1483 1.5 spz }, 1484 1.5 spz 1485 1.5 spz /* Cipher 6D */ 1486 1.5 spz { 1487 1.5 spz 1, 1488 1.5 spz TLS1_TXT_ADH_WITH_AES_256_SHA256, 1489 1.5 spz TLS1_CK_ADH_WITH_AES_256_SHA256, 1490 1.5 spz SSL_kEDH, 1491 1.5 spz SSL_aNULL, 1492 1.5 spz SSL_AES256, 1493 1.5 spz SSL_SHA256, 1494 1.8 christos SSL_TLSV1_2, 1495 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1496 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1497 1.5 spz 256, 1498 1.5 spz 256, 1499 1.5 spz }, 1500 1.5 spz 1501 1.5 spz /* GOST Ciphersuites */ 1502 1.5 spz 1503 1.1 christos { 1504 1.1 christos 1, 1505 1.1 christos "GOST94-GOST89-GOST89", 1506 1.1 christos 0x3000080, 1507 1.1 christos SSL_kGOST, 1508 1.1 christos SSL_aGOST94, 1509 1.1 christos SSL_eGOST2814789CNT, 1510 1.1 christos SSL_GOST89MAC, 1511 1.1 christos SSL_TLSV1, 1512 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1513 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1514 1.1 christos 256, 1515 1.1 christos 256 1516 1.1 christos }, 1517 1.1 christos { 1518 1.1 christos 1, 1519 1.1 christos "GOST2001-GOST89-GOST89", 1520 1.1 christos 0x3000081, 1521 1.1 christos SSL_kGOST, 1522 1.1 christos SSL_aGOST01, 1523 1.1 christos SSL_eGOST2814789CNT, 1524 1.1 christos SSL_GOST89MAC, 1525 1.1 christos SSL_TLSV1, 1526 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1527 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1528 1.1 christos 256, 1529 1.1 christos 256 1530 1.1 christos }, 1531 1.1 christos { 1532 1.1 christos 1, 1533 1.1 christos "GOST94-NULL-GOST94", 1534 1.1 christos 0x3000082, 1535 1.1 christos SSL_kGOST, 1536 1.1 christos SSL_aGOST94, 1537 1.1 christos SSL_eNULL, 1538 1.1 christos SSL_GOST94, 1539 1.1 christos SSL_TLSV1, 1540 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE, 1541 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1542 1.1 christos 0, 1543 1.1 christos 0 1544 1.1 christos }, 1545 1.1 christos { 1546 1.1 christos 1, 1547 1.1 christos "GOST2001-NULL-GOST94", 1548 1.1 christos 0x3000083, 1549 1.1 christos SSL_kGOST, 1550 1.1 christos SSL_aGOST01, 1551 1.1 christos SSL_eNULL, 1552 1.1 christos SSL_GOST94, 1553 1.1 christos SSL_TLSV1, 1554 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE, 1555 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1556 1.1 christos 0, 1557 1.1 christos 0 1558 1.1 christos }, 1559 1.1 christos 1560 1.1 christos #ifndef OPENSSL_NO_CAMELLIA 1561 1.1 christos /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1562 1.1 christos 1563 1.1 christos /* Cipher 84 */ 1564 1.1 christos { 1565 1.1 christos 1, 1566 1.1 christos TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1567 1.1 christos TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1568 1.1 christos SSL_kRSA, 1569 1.1 christos SSL_aRSA, 1570 1.1 christos SSL_CAMELLIA256, 1571 1.1 christos SSL_SHA1, 1572 1.1 christos SSL_TLSV1, 1573 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1574 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1575 1.1 christos 256, 1576 1.1 christos 256, 1577 1.1 christos }, 1578 1.1 christos /* Cipher 85 */ 1579 1.1 christos { 1580 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1581 1.1 christos TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1582 1.1 christos TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1583 1.1 christos SSL_kDHd, 1584 1.1 christos SSL_aDH, 1585 1.1 christos SSL_CAMELLIA256, 1586 1.1 christos SSL_SHA1, 1587 1.1 christos SSL_TLSV1, 1588 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1589 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1590 1.1 christos 256, 1591 1.1 christos 256, 1592 1.1 christos }, 1593 1.1 christos 1594 1.1 christos /* Cipher 86 */ 1595 1.1 christos { 1596 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1597 1.1 christos TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1598 1.1 christos TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1599 1.1 christos SSL_kDHr, 1600 1.1 christos SSL_aDH, 1601 1.1 christos SSL_CAMELLIA256, 1602 1.1 christos SSL_SHA1, 1603 1.1 christos SSL_TLSV1, 1604 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1605 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1606 1.1 christos 256, 1607 1.1 christos 256, 1608 1.1 christos }, 1609 1.1 christos 1610 1.1 christos /* Cipher 87 */ 1611 1.1 christos { 1612 1.1 christos 1, 1613 1.1 christos TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1614 1.1 christos TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1615 1.1 christos SSL_kEDH, 1616 1.1 christos SSL_aDSS, 1617 1.1 christos SSL_CAMELLIA256, 1618 1.1 christos SSL_SHA1, 1619 1.1 christos SSL_TLSV1, 1620 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1621 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1622 1.1 christos 256, 1623 1.1 christos 256, 1624 1.1 christos }, 1625 1.1 christos 1626 1.1 christos /* Cipher 88 */ 1627 1.1 christos { 1628 1.1 christos 1, 1629 1.1 christos TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1630 1.1 christos TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1631 1.1 christos SSL_kEDH, 1632 1.1 christos SSL_aRSA, 1633 1.1 christos SSL_CAMELLIA256, 1634 1.1 christos SSL_SHA1, 1635 1.1 christos SSL_TLSV1, 1636 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1637 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1638 1.1 christos 256, 1639 1.1 christos 256, 1640 1.1 christos }, 1641 1.1 christos 1642 1.1 christos /* Cipher 89 */ 1643 1.1 christos { 1644 1.1 christos 1, 1645 1.1 christos TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1646 1.1 christos TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1647 1.1 christos SSL_kEDH, 1648 1.1 christos SSL_aNULL, 1649 1.1 christos SSL_CAMELLIA256, 1650 1.1 christos SSL_SHA1, 1651 1.1 christos SSL_TLSV1, 1652 1.1 christos SSL_NOT_EXP|SSL_HIGH, 1653 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1654 1.1 christos 256, 1655 1.1 christos 256, 1656 1.1 christos }, 1657 1.1 christos #endif /* OPENSSL_NO_CAMELLIA */ 1658 1.1 christos 1659 1.1 christos #ifndef OPENSSL_NO_PSK 1660 1.1 christos /* Cipher 8A */ 1661 1.1 christos { 1662 1.1 christos 1, 1663 1.1 christos TLS1_TXT_PSK_WITH_RC4_128_SHA, 1664 1.1 christos TLS1_CK_PSK_WITH_RC4_128_SHA, 1665 1.1 christos SSL_kPSK, 1666 1.1 christos SSL_aPSK, 1667 1.1 christos SSL_RC4, 1668 1.1 christos SSL_SHA1, 1669 1.1 christos SSL_TLSV1, 1670 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1671 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1672 1.1 christos 128, 1673 1.1 christos 128, 1674 1.1 christos }, 1675 1.1 christos 1676 1.1 christos /* Cipher 8B */ 1677 1.1 christos { 1678 1.1 christos 1, 1679 1.1 christos TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1680 1.1 christos TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1681 1.1 christos SSL_kPSK, 1682 1.1 christos SSL_aPSK, 1683 1.1 christos SSL_3DES, 1684 1.1 christos SSL_SHA1, 1685 1.1 christos SSL_TLSV1, 1686 1.10 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1687 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1688 1.11 spz 112, 1689 1.1 christos 168, 1690 1.1 christos }, 1691 1.1 christos 1692 1.1 christos /* Cipher 8C */ 1693 1.1 christos { 1694 1.1 christos 1, 1695 1.1 christos TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1696 1.1 christos TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1697 1.1 christos SSL_kPSK, 1698 1.1 christos SSL_aPSK, 1699 1.1 christos SSL_AES128, 1700 1.1 christos SSL_SHA1, 1701 1.1 christos SSL_TLSV1, 1702 1.10 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1703 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1704 1.1 christos 128, 1705 1.1 christos 128, 1706 1.1 christos }, 1707 1.1 christos 1708 1.1 christos /* Cipher 8D */ 1709 1.1 christos { 1710 1.1 christos 1, 1711 1.1 christos TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1712 1.1 christos TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1713 1.1 christos SSL_kPSK, 1714 1.1 christos SSL_aPSK, 1715 1.1 christos SSL_AES256, 1716 1.1 christos SSL_SHA1, 1717 1.1 christos SSL_TLSV1, 1718 1.10 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1719 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1720 1.1 christos 256, 1721 1.1 christos 256, 1722 1.1 christos }, 1723 1.1 christos #endif /* OPENSSL_NO_PSK */ 1724 1.1 christos 1725 1.1 christos #ifndef OPENSSL_NO_SEED 1726 1.1 christos /* SEED ciphersuites from RFC4162 */ 1727 1.1 christos 1728 1.1 christos /* Cipher 96 */ 1729 1.1 christos { 1730 1.1 christos 1, 1731 1.1 christos TLS1_TXT_RSA_WITH_SEED_SHA, 1732 1.1 christos TLS1_CK_RSA_WITH_SEED_SHA, 1733 1.1 christos SSL_kRSA, 1734 1.1 christos SSL_aRSA, 1735 1.1 christos SSL_SEED, 1736 1.1 christos SSL_SHA1, 1737 1.1 christos SSL_TLSV1, 1738 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1739 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1740 1.1 christos 128, 1741 1.1 christos 128, 1742 1.1 christos }, 1743 1.1 christos 1744 1.1 christos /* Cipher 97 */ 1745 1.1 christos { 1746 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1747 1.1 christos TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1748 1.1 christos TLS1_CK_DH_DSS_WITH_SEED_SHA, 1749 1.1 christos SSL_kDHd, 1750 1.1 christos SSL_aDH, 1751 1.1 christos SSL_SEED, 1752 1.1 christos SSL_SHA1, 1753 1.1 christos SSL_TLSV1, 1754 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1755 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1756 1.1 christos 128, 1757 1.1 christos 128, 1758 1.1 christos }, 1759 1.1 christos 1760 1.1 christos /* Cipher 98 */ 1761 1.1 christos { 1762 1.1 christos 0, /* not implemented (non-ephemeral DH) */ 1763 1.1 christos TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1764 1.1 christos TLS1_CK_DH_RSA_WITH_SEED_SHA, 1765 1.1 christos SSL_kDHr, 1766 1.1 christos SSL_aDH, 1767 1.1 christos SSL_SEED, 1768 1.1 christos SSL_SHA1, 1769 1.1 christos SSL_TLSV1, 1770 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1771 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1772 1.1 christos 128, 1773 1.1 christos 128, 1774 1.1 christos }, 1775 1.1 christos 1776 1.1 christos /* Cipher 99 */ 1777 1.1 christos { 1778 1.1 christos 1, 1779 1.1 christos TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1780 1.1 christos TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1781 1.1 christos SSL_kEDH, 1782 1.1 christos SSL_aDSS, 1783 1.1 christos SSL_SEED, 1784 1.1 christos SSL_SHA1, 1785 1.1 christos SSL_TLSV1, 1786 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1787 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1788 1.1 christos 128, 1789 1.1 christos 128, 1790 1.1 christos }, 1791 1.1 christos 1792 1.1 christos /* Cipher 9A */ 1793 1.1 christos { 1794 1.1 christos 1, 1795 1.1 christos TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1796 1.1 christos TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1797 1.1 christos SSL_kEDH, 1798 1.1 christos SSL_aRSA, 1799 1.1 christos SSL_SEED, 1800 1.1 christos SSL_SHA1, 1801 1.1 christos SSL_TLSV1, 1802 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1803 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1804 1.1 christos 128, 1805 1.1 christos 128, 1806 1.1 christos }, 1807 1.1 christos 1808 1.1 christos /* Cipher 9B */ 1809 1.1 christos { 1810 1.1 christos 1, 1811 1.1 christos TLS1_TXT_ADH_WITH_SEED_SHA, 1812 1.1 christos TLS1_CK_ADH_WITH_SEED_SHA, 1813 1.1 christos SSL_kEDH, 1814 1.1 christos SSL_aNULL, 1815 1.1 christos SSL_SEED, 1816 1.1 christos SSL_SHA1, 1817 1.1 christos SSL_TLSV1, 1818 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 1819 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1820 1.1 christos 128, 1821 1.1 christos 128, 1822 1.1 christos }, 1823 1.1 christos 1824 1.1 christos #endif /* OPENSSL_NO_SEED */ 1825 1.1 christos 1826 1.8 christos /* GCM ciphersuites from RFC5288 */ 1827 1.8 christos 1828 1.8 christos /* Cipher 9C */ 1829 1.8 christos { 1830 1.8 christos 1, 1831 1.8 christos TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1832 1.8 christos TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1833 1.8 christos SSL_kRSA, 1834 1.8 christos SSL_aRSA, 1835 1.8 christos SSL_AES128GCM, 1836 1.8 christos SSL_AEAD, 1837 1.8 christos SSL_TLSV1_2, 1838 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1839 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1840 1.8 christos 128, 1841 1.8 christos 128, 1842 1.8 christos }, 1843 1.8 christos 1844 1.8 christos /* Cipher 9D */ 1845 1.8 christos { 1846 1.8 christos 1, 1847 1.8 christos TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1848 1.8 christos TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1849 1.8 christos SSL_kRSA, 1850 1.8 christos SSL_aRSA, 1851 1.8 christos SSL_AES256GCM, 1852 1.8 christos SSL_AEAD, 1853 1.8 christos SSL_TLSV1_2, 1854 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1855 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1856 1.8 christos 256, 1857 1.8 christos 256, 1858 1.8 christos }, 1859 1.8 christos 1860 1.8 christos /* Cipher 9E */ 1861 1.8 christos { 1862 1.8 christos 1, 1863 1.8 christos TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1864 1.8 christos TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1865 1.8 christos SSL_kEDH, 1866 1.8 christos SSL_aRSA, 1867 1.8 christos SSL_AES128GCM, 1868 1.8 christos SSL_AEAD, 1869 1.8 christos SSL_TLSV1_2, 1870 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1871 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1872 1.8 christos 128, 1873 1.8 christos 128, 1874 1.8 christos }, 1875 1.8 christos 1876 1.8 christos /* Cipher 9F */ 1877 1.8 christos { 1878 1.8 christos 1, 1879 1.8 christos TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1880 1.8 christos TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1881 1.8 christos SSL_kEDH, 1882 1.8 christos SSL_aRSA, 1883 1.8 christos SSL_AES256GCM, 1884 1.8 christos SSL_AEAD, 1885 1.8 christos SSL_TLSV1_2, 1886 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1887 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1888 1.8 christos 256, 1889 1.8 christos 256, 1890 1.8 christos }, 1891 1.8 christos 1892 1.8 christos /* Cipher A0 */ 1893 1.8 christos { 1894 1.8 christos 0, 1895 1.8 christos TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1896 1.8 christos TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1897 1.8 christos SSL_kDHr, 1898 1.8 christos SSL_aDH, 1899 1.8 christos SSL_AES128GCM, 1900 1.8 christos SSL_AEAD, 1901 1.8 christos SSL_TLSV1_2, 1902 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1903 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1904 1.8 christos 128, 1905 1.8 christos 128, 1906 1.8 christos }, 1907 1.8 christos 1908 1.8 christos /* Cipher A1 */ 1909 1.8 christos { 1910 1.8 christos 0, 1911 1.8 christos TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1912 1.8 christos TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1913 1.8 christos SSL_kDHr, 1914 1.8 christos SSL_aDH, 1915 1.8 christos SSL_AES256GCM, 1916 1.8 christos SSL_AEAD, 1917 1.8 christos SSL_TLSV1_2, 1918 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1919 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1920 1.8 christos 256, 1921 1.8 christos 256, 1922 1.8 christos }, 1923 1.8 christos 1924 1.8 christos /* Cipher A2 */ 1925 1.8 christos { 1926 1.8 christos 1, 1927 1.8 christos TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1928 1.8 christos TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1929 1.8 christos SSL_kEDH, 1930 1.8 christos SSL_aDSS, 1931 1.8 christos SSL_AES128GCM, 1932 1.8 christos SSL_AEAD, 1933 1.8 christos SSL_TLSV1_2, 1934 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1935 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1936 1.8 christos 128, 1937 1.8 christos 128, 1938 1.8 christos }, 1939 1.8 christos 1940 1.8 christos /* Cipher A3 */ 1941 1.8 christos { 1942 1.8 christos 1, 1943 1.8 christos TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1944 1.8 christos TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1945 1.8 christos SSL_kEDH, 1946 1.8 christos SSL_aDSS, 1947 1.8 christos SSL_AES256GCM, 1948 1.8 christos SSL_AEAD, 1949 1.8 christos SSL_TLSV1_2, 1950 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1951 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1952 1.8 christos 256, 1953 1.8 christos 256, 1954 1.8 christos }, 1955 1.8 christos 1956 1.8 christos /* Cipher A4 */ 1957 1.8 christos { 1958 1.8 christos 0, 1959 1.8 christos TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1960 1.8 christos TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1961 1.9 christos SSL_kDHd, 1962 1.8 christos SSL_aDH, 1963 1.8 christos SSL_AES128GCM, 1964 1.8 christos SSL_AEAD, 1965 1.8 christos SSL_TLSV1_2, 1966 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1967 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1968 1.8 christos 128, 1969 1.8 christos 128, 1970 1.8 christos }, 1971 1.8 christos 1972 1.8 christos /* Cipher A5 */ 1973 1.8 christos { 1974 1.8 christos 0, 1975 1.8 christos TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1976 1.8 christos TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1977 1.9 christos SSL_kDHd, 1978 1.8 christos SSL_aDH, 1979 1.8 christos SSL_AES256GCM, 1980 1.8 christos SSL_AEAD, 1981 1.8 christos SSL_TLSV1_2, 1982 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1983 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1984 1.8 christos 256, 1985 1.8 christos 256, 1986 1.8 christos }, 1987 1.8 christos 1988 1.8 christos /* Cipher A6 */ 1989 1.8 christos { 1990 1.8 christos 1, 1991 1.8 christos TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1992 1.8 christos TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1993 1.8 christos SSL_kEDH, 1994 1.8 christos SSL_aNULL, 1995 1.8 christos SSL_AES128GCM, 1996 1.8 christos SSL_AEAD, 1997 1.8 christos SSL_TLSV1_2, 1998 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1999 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2000 1.8 christos 128, 2001 1.8 christos 128, 2002 1.8 christos }, 2003 1.8 christos 2004 1.8 christos /* Cipher A7 */ 2005 1.8 christos { 2006 1.8 christos 1, 2007 1.8 christos TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2008 1.8 christos TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2009 1.8 christos SSL_kEDH, 2010 1.8 christos SSL_aNULL, 2011 1.8 christos SSL_AES256GCM, 2012 1.8 christos SSL_AEAD, 2013 1.8 christos SSL_TLSV1_2, 2014 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2015 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2016 1.8 christos 256, 2017 1.8 christos 256, 2018 1.8 christos }, 2019 1.8 christos 2020 1.1 christos #ifndef OPENSSL_NO_ECDH 2021 1.1 christos /* Cipher C001 */ 2022 1.1 christos { 2023 1.1 christos 1, 2024 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2025 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2026 1.1 christos SSL_kECDHe, 2027 1.1 christos SSL_aECDH, 2028 1.1 christos SSL_eNULL, 2029 1.1 christos SSL_SHA1, 2030 1.1 christos SSL_TLSV1, 2031 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2032 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2033 1.1 christos 0, 2034 1.1 christos 0, 2035 1.1 christos }, 2036 1.1 christos 2037 1.1 christos /* Cipher C002 */ 2038 1.1 christos { 2039 1.1 christos 1, 2040 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2041 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2042 1.1 christos SSL_kECDHe, 2043 1.1 christos SSL_aECDH, 2044 1.1 christos SSL_RC4, 2045 1.1 christos SSL_SHA1, 2046 1.1 christos SSL_TLSV1, 2047 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 2048 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2049 1.1 christos 128, 2050 1.1 christos 128, 2051 1.1 christos }, 2052 1.1 christos 2053 1.1 christos /* Cipher C003 */ 2054 1.1 christos { 2055 1.1 christos 1, 2056 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2057 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2058 1.1 christos SSL_kECDHe, 2059 1.1 christos SSL_aECDH, 2060 1.1 christos SSL_3DES, 2061 1.1 christos SSL_SHA1, 2062 1.1 christos SSL_TLSV1, 2063 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2064 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2065 1.11 spz 112, 2066 1.1 christos 168, 2067 1.1 christos }, 2068 1.1 christos 2069 1.1 christos /* Cipher C004 */ 2070 1.1 christos { 2071 1.1 christos 1, 2072 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2073 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2074 1.1 christos SSL_kECDHe, 2075 1.1 christos SSL_aECDH, 2076 1.1 christos SSL_AES128, 2077 1.1 christos SSL_SHA1, 2078 1.1 christos SSL_TLSV1, 2079 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2080 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2081 1.1 christos 128, 2082 1.1 christos 128, 2083 1.1 christos }, 2084 1.1 christos 2085 1.1 christos /* Cipher C005 */ 2086 1.1 christos { 2087 1.1 christos 1, 2088 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2089 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2090 1.1 christos SSL_kECDHe, 2091 1.1 christos SSL_aECDH, 2092 1.1 christos SSL_AES256, 2093 1.1 christos SSL_SHA1, 2094 1.1 christos SSL_TLSV1, 2095 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2096 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2097 1.1 christos 256, 2098 1.1 christos 256, 2099 1.1 christos }, 2100 1.1 christos 2101 1.1 christos /* Cipher C006 */ 2102 1.1 christos { 2103 1.1 christos 1, 2104 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2105 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2106 1.1 christos SSL_kEECDH, 2107 1.1 christos SSL_aECDSA, 2108 1.1 christos SSL_eNULL, 2109 1.1 christos SSL_SHA1, 2110 1.1 christos SSL_TLSV1, 2111 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2112 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2113 1.1 christos 0, 2114 1.1 christos 0, 2115 1.1 christos }, 2116 1.1 christos 2117 1.1 christos /* Cipher C007 */ 2118 1.1 christos { 2119 1.1 christos 1, 2120 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2121 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2122 1.1 christos SSL_kEECDH, 2123 1.1 christos SSL_aECDSA, 2124 1.1 christos SSL_RC4, 2125 1.1 christos SSL_SHA1, 2126 1.1 christos SSL_TLSV1, 2127 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 2128 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2129 1.1 christos 128, 2130 1.1 christos 128, 2131 1.1 christos }, 2132 1.1 christos 2133 1.1 christos /* Cipher C008 */ 2134 1.1 christos { 2135 1.1 christos 1, 2136 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2137 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2138 1.1 christos SSL_kEECDH, 2139 1.1 christos SSL_aECDSA, 2140 1.1 christos SSL_3DES, 2141 1.1 christos SSL_SHA1, 2142 1.1 christos SSL_TLSV1, 2143 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2144 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2145 1.11 spz 112, 2146 1.1 christos 168, 2147 1.1 christos }, 2148 1.1 christos 2149 1.1 christos /* Cipher C009 */ 2150 1.1 christos { 2151 1.1 christos 1, 2152 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2153 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2154 1.1 christos SSL_kEECDH, 2155 1.1 christos SSL_aECDSA, 2156 1.1 christos SSL_AES128, 2157 1.1 christos SSL_SHA1, 2158 1.1 christos SSL_TLSV1, 2159 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2160 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2161 1.1 christos 128, 2162 1.1 christos 128, 2163 1.1 christos }, 2164 1.1 christos 2165 1.1 christos /* Cipher C00A */ 2166 1.1 christos { 2167 1.1 christos 1, 2168 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2169 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2170 1.1 christos SSL_kEECDH, 2171 1.1 christos SSL_aECDSA, 2172 1.1 christos SSL_AES256, 2173 1.1 christos SSL_SHA1, 2174 1.1 christos SSL_TLSV1, 2175 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2176 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2177 1.1 christos 256, 2178 1.1 christos 256, 2179 1.1 christos }, 2180 1.1 christos 2181 1.1 christos /* Cipher C00B */ 2182 1.1 christos { 2183 1.1 christos 1, 2184 1.1 christos TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2185 1.1 christos TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2186 1.1 christos SSL_kECDHr, 2187 1.1 christos SSL_aECDH, 2188 1.1 christos SSL_eNULL, 2189 1.1 christos SSL_SHA1, 2190 1.1 christos SSL_TLSV1, 2191 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2192 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2193 1.1 christos 0, 2194 1.1 christos 0, 2195 1.1 christos }, 2196 1.1 christos 2197 1.1 christos /* Cipher C00C */ 2198 1.1 christos { 2199 1.1 christos 1, 2200 1.1 christos TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2201 1.1 christos TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2202 1.1 christos SSL_kECDHr, 2203 1.1 christos SSL_aECDH, 2204 1.1 christos SSL_RC4, 2205 1.1 christos SSL_SHA1, 2206 1.1 christos SSL_TLSV1, 2207 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 2208 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2209 1.1 christos 128, 2210 1.1 christos 128, 2211 1.1 christos }, 2212 1.1 christos 2213 1.1 christos /* Cipher C00D */ 2214 1.1 christos { 2215 1.1 christos 1, 2216 1.1 christos TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2217 1.1 christos TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2218 1.1 christos SSL_kECDHr, 2219 1.1 christos SSL_aECDH, 2220 1.1 christos SSL_3DES, 2221 1.1 christos SSL_SHA1, 2222 1.1 christos SSL_TLSV1, 2223 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2224 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2225 1.11 spz 112, 2226 1.1 christos 168, 2227 1.1 christos }, 2228 1.1 christos 2229 1.1 christos /* Cipher C00E */ 2230 1.1 christos { 2231 1.1 christos 1, 2232 1.1 christos TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2233 1.1 christos TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2234 1.1 christos SSL_kECDHr, 2235 1.1 christos SSL_aECDH, 2236 1.1 christos SSL_AES128, 2237 1.1 christos SSL_SHA1, 2238 1.1 christos SSL_TLSV1, 2239 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2240 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2241 1.1 christos 128, 2242 1.1 christos 128, 2243 1.1 christos }, 2244 1.1 christos 2245 1.1 christos /* Cipher C00F */ 2246 1.1 christos { 2247 1.1 christos 1, 2248 1.1 christos TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2249 1.1 christos TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2250 1.1 christos SSL_kECDHr, 2251 1.1 christos SSL_aECDH, 2252 1.1 christos SSL_AES256, 2253 1.1 christos SSL_SHA1, 2254 1.1 christos SSL_TLSV1, 2255 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2256 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2257 1.1 christos 256, 2258 1.1 christos 256, 2259 1.1 christos }, 2260 1.1 christos 2261 1.1 christos /* Cipher C010 */ 2262 1.1 christos { 2263 1.1 christos 1, 2264 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2265 1.1 christos TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2266 1.1 christos SSL_kEECDH, 2267 1.1 christos SSL_aRSA, 2268 1.1 christos SSL_eNULL, 2269 1.1 christos SSL_SHA1, 2270 1.1 christos SSL_TLSV1, 2271 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2272 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2273 1.1 christos 0, 2274 1.1 christos 0, 2275 1.1 christos }, 2276 1.1 christos 2277 1.1 christos /* Cipher C011 */ 2278 1.1 christos { 2279 1.1 christos 1, 2280 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2281 1.1 christos TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2282 1.1 christos SSL_kEECDH, 2283 1.1 christos SSL_aRSA, 2284 1.1 christos SSL_RC4, 2285 1.1 christos SSL_SHA1, 2286 1.1 christos SSL_TLSV1, 2287 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 2288 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2289 1.1 christos 128, 2290 1.1 christos 128, 2291 1.1 christos }, 2292 1.1 christos 2293 1.1 christos /* Cipher C012 */ 2294 1.1 christos { 2295 1.1 christos 1, 2296 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2297 1.1 christos TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2298 1.1 christos SSL_kEECDH, 2299 1.1 christos SSL_aRSA, 2300 1.1 christos SSL_3DES, 2301 1.1 christos SSL_SHA1, 2302 1.1 christos SSL_TLSV1, 2303 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2304 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2305 1.11 spz 112, 2306 1.1 christos 168, 2307 1.1 christos }, 2308 1.1 christos 2309 1.1 christos /* Cipher C013 */ 2310 1.1 christos { 2311 1.1 christos 1, 2312 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2313 1.1 christos TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2314 1.1 christos SSL_kEECDH, 2315 1.1 christos SSL_aRSA, 2316 1.1 christos SSL_AES128, 2317 1.1 christos SSL_SHA1, 2318 1.1 christos SSL_TLSV1, 2319 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2320 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2321 1.1 christos 128, 2322 1.1 christos 128, 2323 1.1 christos }, 2324 1.1 christos 2325 1.1 christos /* Cipher C014 */ 2326 1.1 christos { 2327 1.1 christos 1, 2328 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2329 1.1 christos TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2330 1.1 christos SSL_kEECDH, 2331 1.1 christos SSL_aRSA, 2332 1.1 christos SSL_AES256, 2333 1.1 christos SSL_SHA1, 2334 1.1 christos SSL_TLSV1, 2335 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2336 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2337 1.1 christos 256, 2338 1.1 christos 256, 2339 1.1 christos }, 2340 1.1 christos 2341 1.1 christos /* Cipher C015 */ 2342 1.1 christos { 2343 1.1 christos 1, 2344 1.1 christos TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2345 1.1 christos TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2346 1.1 christos SSL_kEECDH, 2347 1.1 christos SSL_aNULL, 2348 1.1 christos SSL_eNULL, 2349 1.1 christos SSL_SHA1, 2350 1.1 christos SSL_TLSV1, 2351 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2352 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2353 1.1 christos 0, 2354 1.1 christos 0, 2355 1.1 christos }, 2356 1.1 christos 2357 1.1 christos /* Cipher C016 */ 2358 1.1 christos { 2359 1.1 christos 1, 2360 1.1 christos TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2361 1.1 christos TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2362 1.1 christos SSL_kEECDH, 2363 1.1 christos SSL_aNULL, 2364 1.1 christos SSL_RC4, 2365 1.1 christos SSL_SHA1, 2366 1.1 christos SSL_TLSV1, 2367 1.1 christos SSL_NOT_EXP|SSL_MEDIUM, 2368 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2369 1.1 christos 128, 2370 1.1 christos 128, 2371 1.1 christos }, 2372 1.1 christos 2373 1.1 christos /* Cipher C017 */ 2374 1.1 christos { 2375 1.1 christos 1, 2376 1.1 christos TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2377 1.1 christos TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2378 1.1 christos SSL_kEECDH, 2379 1.1 christos SSL_aNULL, 2380 1.1 christos SSL_3DES, 2381 1.1 christos SSL_SHA1, 2382 1.1 christos SSL_TLSV1, 2383 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2384 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2385 1.11 spz 112, 2386 1.1 christos 168, 2387 1.1 christos }, 2388 1.1 christos 2389 1.1 christos /* Cipher C018 */ 2390 1.1 christos { 2391 1.1 christos 1, 2392 1.1 christos TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2393 1.1 christos TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2394 1.1 christos SSL_kEECDH, 2395 1.1 christos SSL_aNULL, 2396 1.1 christos SSL_AES128, 2397 1.1 christos SSL_SHA1, 2398 1.1 christos SSL_TLSV1, 2399 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2400 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2401 1.1 christos 128, 2402 1.1 christos 128, 2403 1.1 christos }, 2404 1.1 christos 2405 1.1 christos /* Cipher C019 */ 2406 1.1 christos { 2407 1.1 christos 1, 2408 1.1 christos TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2409 1.1 christos TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2410 1.1 christos SSL_kEECDH, 2411 1.1 christos SSL_aNULL, 2412 1.1 christos SSL_AES256, 2413 1.1 christos SSL_SHA1, 2414 1.1 christos SSL_TLSV1, 2415 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2416 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2417 1.1 christos 256, 2418 1.1 christos 256, 2419 1.1 christos }, 2420 1.1 christos #endif /* OPENSSL_NO_ECDH */ 2421 1.1 christos 2422 1.5 spz #ifndef OPENSSL_NO_SRP 2423 1.5 spz /* Cipher C01A */ 2424 1.5 spz { 2425 1.5 spz 1, 2426 1.5 spz TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2427 1.5 spz TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2428 1.5 spz SSL_kSRP, 2429 1.11 spz SSL_aSRP, 2430 1.5 spz SSL_3DES, 2431 1.5 spz SSL_SHA1, 2432 1.5 spz SSL_TLSV1, 2433 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2434 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2435 1.11 spz 112, 2436 1.5 spz 168, 2437 1.5 spz }, 2438 1.5 spz 2439 1.5 spz /* Cipher C01B */ 2440 1.5 spz { 2441 1.5 spz 1, 2442 1.5 spz TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2443 1.5 spz TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2444 1.5 spz SSL_kSRP, 2445 1.5 spz SSL_aRSA, 2446 1.5 spz SSL_3DES, 2447 1.5 spz SSL_SHA1, 2448 1.5 spz SSL_TLSV1, 2449 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2450 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2451 1.11 spz 112, 2452 1.5 spz 168, 2453 1.5 spz }, 2454 1.5 spz 2455 1.5 spz /* Cipher C01C */ 2456 1.5 spz { 2457 1.5 spz 1, 2458 1.5 spz TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2459 1.5 spz TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2460 1.5 spz SSL_kSRP, 2461 1.5 spz SSL_aDSS, 2462 1.5 spz SSL_3DES, 2463 1.5 spz SSL_SHA1, 2464 1.5 spz SSL_TLSV1, 2465 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2466 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2467 1.11 spz 112, 2468 1.5 spz 168, 2469 1.5 spz }, 2470 1.5 spz 2471 1.5 spz /* Cipher C01D */ 2472 1.5 spz { 2473 1.5 spz 1, 2474 1.5 spz TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2475 1.5 spz TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2476 1.5 spz SSL_kSRP, 2477 1.11 spz SSL_aSRP, 2478 1.5 spz SSL_AES128, 2479 1.5 spz SSL_SHA1, 2480 1.5 spz SSL_TLSV1, 2481 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2482 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2483 1.5 spz 128, 2484 1.5 spz 128, 2485 1.5 spz }, 2486 1.5 spz 2487 1.5 spz /* Cipher C01E */ 2488 1.5 spz { 2489 1.5 spz 1, 2490 1.5 spz TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2491 1.5 spz TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2492 1.5 spz SSL_kSRP, 2493 1.5 spz SSL_aRSA, 2494 1.5 spz SSL_AES128, 2495 1.5 spz SSL_SHA1, 2496 1.5 spz SSL_TLSV1, 2497 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2498 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2499 1.5 spz 128, 2500 1.5 spz 128, 2501 1.5 spz }, 2502 1.5 spz 2503 1.5 spz /* Cipher C01F */ 2504 1.5 spz { 2505 1.5 spz 1, 2506 1.5 spz TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2507 1.5 spz TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2508 1.5 spz SSL_kSRP, 2509 1.5 spz SSL_aDSS, 2510 1.5 spz SSL_AES128, 2511 1.5 spz SSL_SHA1, 2512 1.5 spz SSL_TLSV1, 2513 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2514 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2515 1.5 spz 128, 2516 1.5 spz 128, 2517 1.5 spz }, 2518 1.5 spz 2519 1.5 spz /* Cipher C020 */ 2520 1.5 spz { 2521 1.5 spz 1, 2522 1.5 spz TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2523 1.5 spz TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2524 1.5 spz SSL_kSRP, 2525 1.11 spz SSL_aSRP, 2526 1.5 spz SSL_AES256, 2527 1.5 spz SSL_SHA1, 2528 1.5 spz SSL_TLSV1, 2529 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2530 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2531 1.5 spz 256, 2532 1.5 spz 256, 2533 1.5 spz }, 2534 1.5 spz 2535 1.5 spz /* Cipher C021 */ 2536 1.5 spz { 2537 1.5 spz 1, 2538 1.5 spz TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2539 1.5 spz TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2540 1.5 spz SSL_kSRP, 2541 1.5 spz SSL_aRSA, 2542 1.5 spz SSL_AES256, 2543 1.5 spz SSL_SHA1, 2544 1.5 spz SSL_TLSV1, 2545 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2546 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2547 1.5 spz 256, 2548 1.5 spz 256, 2549 1.5 spz }, 2550 1.5 spz 2551 1.5 spz /* Cipher C022 */ 2552 1.5 spz { 2553 1.5 spz 1, 2554 1.5 spz TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2555 1.5 spz TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2556 1.5 spz SSL_kSRP, 2557 1.5 spz SSL_aDSS, 2558 1.5 spz SSL_AES256, 2559 1.5 spz SSL_SHA1, 2560 1.5 spz SSL_TLSV1, 2561 1.5 spz SSL_NOT_EXP|SSL_HIGH, 2562 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2563 1.5 spz 256, 2564 1.5 spz 256, 2565 1.5 spz }, 2566 1.5 spz #endif /* OPENSSL_NO_SRP */ 2567 1.8 christos #ifndef OPENSSL_NO_ECDH 2568 1.8 christos 2569 1.8 christos /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2570 1.8 christos 2571 1.8 christos /* Cipher C023 */ 2572 1.8 christos { 2573 1.8 christos 1, 2574 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2575 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2576 1.8 christos SSL_kEECDH, 2577 1.8 christos SSL_aECDSA, 2578 1.8 christos SSL_AES128, 2579 1.8 christos SSL_SHA256, 2580 1.8 christos SSL_TLSV1_2, 2581 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2582 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2583 1.8 christos 128, 2584 1.8 christos 128, 2585 1.8 christos }, 2586 1.8 christos 2587 1.8 christos /* Cipher C024 */ 2588 1.8 christos { 2589 1.8 christos 1, 2590 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2591 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2592 1.8 christos SSL_kEECDH, 2593 1.8 christos SSL_aECDSA, 2594 1.8 christos SSL_AES256, 2595 1.8 christos SSL_SHA384, 2596 1.8 christos SSL_TLSV1_2, 2597 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2598 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2599 1.8 christos 256, 2600 1.8 christos 256, 2601 1.8 christos }, 2602 1.8 christos 2603 1.8 christos /* Cipher C025 */ 2604 1.8 christos { 2605 1.8 christos 1, 2606 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2607 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2608 1.8 christos SSL_kECDHe, 2609 1.8 christos SSL_aECDH, 2610 1.8 christos SSL_AES128, 2611 1.8 christos SSL_SHA256, 2612 1.8 christos SSL_TLSV1_2, 2613 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2614 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2615 1.8 christos 128, 2616 1.8 christos 128, 2617 1.8 christos }, 2618 1.8 christos 2619 1.8 christos /* Cipher C026 */ 2620 1.8 christos { 2621 1.8 christos 1, 2622 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2623 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2624 1.8 christos SSL_kECDHe, 2625 1.8 christos SSL_aECDH, 2626 1.8 christos SSL_AES256, 2627 1.8 christos SSL_SHA384, 2628 1.8 christos SSL_TLSV1_2, 2629 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2630 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2631 1.8 christos 256, 2632 1.8 christos 256, 2633 1.8 christos }, 2634 1.8 christos 2635 1.8 christos /* Cipher C027 */ 2636 1.8 christos { 2637 1.8 christos 1, 2638 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2639 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2640 1.8 christos SSL_kEECDH, 2641 1.8 christos SSL_aRSA, 2642 1.8 christos SSL_AES128, 2643 1.8 christos SSL_SHA256, 2644 1.8 christos SSL_TLSV1_2, 2645 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2646 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2647 1.8 christos 128, 2648 1.8 christos 128, 2649 1.8 christos }, 2650 1.8 christos 2651 1.8 christos /* Cipher C028 */ 2652 1.8 christos { 2653 1.8 christos 1, 2654 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2655 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2656 1.8 christos SSL_kEECDH, 2657 1.8 christos SSL_aRSA, 2658 1.8 christos SSL_AES256, 2659 1.8 christos SSL_SHA384, 2660 1.8 christos SSL_TLSV1_2, 2661 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2662 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2663 1.8 christos 256, 2664 1.8 christos 256, 2665 1.8 christos }, 2666 1.8 christos 2667 1.8 christos /* Cipher C029 */ 2668 1.8 christos { 2669 1.8 christos 1, 2670 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2671 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2672 1.9 christos SSL_kECDHr, 2673 1.8 christos SSL_aECDH, 2674 1.8 christos SSL_AES128, 2675 1.8 christos SSL_SHA256, 2676 1.8 christos SSL_TLSV1_2, 2677 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2678 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2679 1.8 christos 128, 2680 1.8 christos 128, 2681 1.8 christos }, 2682 1.8 christos 2683 1.8 christos /* Cipher C02A */ 2684 1.8 christos { 2685 1.8 christos 1, 2686 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2687 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2688 1.9 christos SSL_kECDHr, 2689 1.8 christos SSL_aECDH, 2690 1.8 christos SSL_AES256, 2691 1.8 christos SSL_SHA384, 2692 1.8 christos SSL_TLSV1_2, 2693 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2694 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2695 1.8 christos 256, 2696 1.8 christos 256, 2697 1.8 christos }, 2698 1.8 christos 2699 1.8 christos /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2700 1.8 christos 2701 1.8 christos /* Cipher C02B */ 2702 1.8 christos { 2703 1.8 christos 1, 2704 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2705 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2706 1.8 christos SSL_kEECDH, 2707 1.8 christos SSL_aECDSA, 2708 1.8 christos SSL_AES128GCM, 2709 1.8 christos SSL_AEAD, 2710 1.8 christos SSL_TLSV1_2, 2711 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2712 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2713 1.8 christos 128, 2714 1.8 christos 128, 2715 1.8 christos }, 2716 1.8 christos 2717 1.8 christos /* Cipher C02C */ 2718 1.8 christos { 2719 1.8 christos 1, 2720 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2721 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2722 1.8 christos SSL_kEECDH, 2723 1.8 christos SSL_aECDSA, 2724 1.8 christos SSL_AES256GCM, 2725 1.8 christos SSL_AEAD, 2726 1.8 christos SSL_TLSV1_2, 2727 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2728 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2729 1.8 christos 256, 2730 1.8 christos 256, 2731 1.8 christos }, 2732 1.8 christos 2733 1.8 christos /* Cipher C02D */ 2734 1.8 christos { 2735 1.8 christos 1, 2736 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2737 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2738 1.8 christos SSL_kECDHe, 2739 1.8 christos SSL_aECDH, 2740 1.8 christos SSL_AES128GCM, 2741 1.8 christos SSL_AEAD, 2742 1.8 christos SSL_TLSV1_2, 2743 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2744 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2745 1.8 christos 128, 2746 1.8 christos 128, 2747 1.8 christos }, 2748 1.8 christos 2749 1.8 christos /* Cipher C02E */ 2750 1.8 christos { 2751 1.8 christos 1, 2752 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2753 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2754 1.8 christos SSL_kECDHe, 2755 1.8 christos SSL_aECDH, 2756 1.8 christos SSL_AES256GCM, 2757 1.8 christos SSL_AEAD, 2758 1.8 christos SSL_TLSV1_2, 2759 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2760 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2761 1.8 christos 256, 2762 1.8 christos 256, 2763 1.8 christos }, 2764 1.8 christos 2765 1.8 christos /* Cipher C02F */ 2766 1.8 christos { 2767 1.8 christos 1, 2768 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2769 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2770 1.8 christos SSL_kEECDH, 2771 1.8 christos SSL_aRSA, 2772 1.8 christos SSL_AES128GCM, 2773 1.8 christos SSL_AEAD, 2774 1.8 christos SSL_TLSV1_2, 2775 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2776 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2777 1.8 christos 128, 2778 1.8 christos 128, 2779 1.8 christos }, 2780 1.8 christos 2781 1.8 christos /* Cipher C030 */ 2782 1.8 christos { 2783 1.8 christos 1, 2784 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2785 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2786 1.8 christos SSL_kEECDH, 2787 1.8 christos SSL_aRSA, 2788 1.8 christos SSL_AES256GCM, 2789 1.8 christos SSL_AEAD, 2790 1.8 christos SSL_TLSV1_2, 2791 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2792 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2793 1.8 christos 256, 2794 1.8 christos 256, 2795 1.8 christos }, 2796 1.8 christos 2797 1.8 christos /* Cipher C031 */ 2798 1.8 christos { 2799 1.8 christos 1, 2800 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2802 1.9 christos SSL_kECDHr, 2803 1.8 christos SSL_aECDH, 2804 1.8 christos SSL_AES128GCM, 2805 1.8 christos SSL_AEAD, 2806 1.8 christos SSL_TLSV1_2, 2807 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2808 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2809 1.8 christos 128, 2810 1.8 christos 128, 2811 1.8 christos }, 2812 1.8 christos 2813 1.8 christos /* Cipher C032 */ 2814 1.8 christos { 2815 1.8 christos 1, 2816 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2818 1.9 christos SSL_kECDHr, 2819 1.8 christos SSL_aECDH, 2820 1.8 christos SSL_AES256GCM, 2821 1.8 christos SSL_AEAD, 2822 1.8 christos SSL_TLSV1_2, 2823 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2824 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2825 1.8 christos 256, 2826 1.8 christos 256, 2827 1.8 christos }, 2828 1.8 christos 2829 1.8 christos #endif /* OPENSSL_NO_ECDH */ 2830 1.8 christos 2831 1.5 spz 2832 1.1 christos #ifdef TEMP_GOST_TLS 2833 1.1 christos /* Cipher FF00 */ 2834 1.1 christos { 2835 1.1 christos 1, 2836 1.1 christos "GOST-MD5", 2837 1.1 christos 0x0300ff00, 2838 1.1 christos SSL_kRSA, 2839 1.1 christos SSL_aRSA, 2840 1.1 christos SSL_eGOST2814789CNT, 2841 1.1 christos SSL_MD5, 2842 1.1 christos SSL_TLSV1, 2843 1.1 christos SSL_NOT_EXP|SSL_HIGH, 2844 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2845 1.1 christos 256, 2846 1.1 christos 256, 2847 1.1 christos }, 2848 1.1 christos { 2849 1.1 christos 1, 2850 1.1 christos "GOST-GOST94", 2851 1.1 christos 0x0300ff01, 2852 1.1 christos SSL_kRSA, 2853 1.1 christos SSL_aRSA, 2854 1.1 christos SSL_eGOST2814789CNT, 2855 1.1 christos SSL_GOST94, 2856 1.1 christos SSL_TLSV1, 2857 1.1 christos SSL_NOT_EXP|SSL_HIGH, 2858 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2859 1.1 christos 256, 2860 1.1 christos 256 2861 1.1 christos }, 2862 1.1 christos { 2863 1.1 christos 1, 2864 1.1 christos "GOST-GOST89MAC", 2865 1.1 christos 0x0300ff02, 2866 1.1 christos SSL_kRSA, 2867 1.1 christos SSL_aRSA, 2868 1.1 christos SSL_eGOST2814789CNT, 2869 1.1 christos SSL_GOST89MAC, 2870 1.1 christos SSL_TLSV1, 2871 1.1 christos SSL_NOT_EXP|SSL_HIGH, 2872 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2873 1.1 christos 256, 2874 1.1 christos 256 2875 1.1 christos }, 2876 1.1 christos { 2877 1.1 christos 1, 2878 1.1 christos "GOST-GOST89STREAM", 2879 1.1 christos 0x0300ff03, 2880 1.1 christos SSL_kRSA, 2881 1.1 christos SSL_aRSA, 2882 1.1 christos SSL_eGOST2814789CNT, 2883 1.1 christos SSL_GOST89MAC, 2884 1.1 christos SSL_TLSV1, 2885 1.1 christos SSL_NOT_EXP|SSL_HIGH, 2886 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, 2887 1.1 christos 256, 2888 1.1 christos 256 2889 1.1 christos }, 2890 1.1 christos #endif 2891 1.1 christos 2892 1.1 christos /* end of list */ 2893 1.1 christos }; 2894 1.1 christos 2895 1.1 christos SSL3_ENC_METHOD SSLv3_enc_data={ 2896 1.1 christos ssl3_enc, 2897 1.1 christos n_ssl3_mac, 2898 1.1 christos ssl3_setup_key_block, 2899 1.1 christos ssl3_generate_master_secret, 2900 1.1 christos ssl3_change_cipher_state, 2901 1.1 christos ssl3_final_finish_mac, 2902 1.1 christos MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2903 1.1 christos ssl3_cert_verify_mac, 2904 1.1 christos SSL3_MD_CLIENT_FINISHED_CONST,4, 2905 1.1 christos SSL3_MD_SERVER_FINISHED_CONST,4, 2906 1.1 christos ssl3_alert_code, 2907 1.8 christos (int (*)(SSL *, unsigned char *, size_t, const char *, 2908 1.8 christos size_t, const unsigned char *, size_t, 2909 1.8 christos int use_context))ssl_undefined_function, 2910 1.1 christos }; 2911 1.1 christos 2912 1.1 christos long ssl3_default_timeout(void) 2913 1.1 christos { 2914 1.1 christos /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2915 1.1 christos * is way too long for http, the cache would over fill */ 2916 1.1 christos return(60*60*2); 2917 1.1 christos } 2918 1.1 christos 2919 1.1 christos int ssl3_num_ciphers(void) 2920 1.1 christos { 2921 1.1 christos return(SSL3_NUM_CIPHERS); 2922 1.1 christos } 2923 1.1 christos 2924 1.1 christos const SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2925 1.1 christos { 2926 1.1 christos if (u < SSL3_NUM_CIPHERS) 2927 1.1 christos return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2928 1.1 christos else 2929 1.1 christos return(NULL); 2930 1.1 christos } 2931 1.1 christos 2932 1.1 christos int ssl3_pending(const SSL *s) 2933 1.1 christos { 2934 1.1 christos if (s->rstate == SSL_ST_READ_BODY) 2935 1.1 christos return 0; 2936 1.1 christos 2937 1.1 christos return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2938 1.1 christos } 2939 1.1 christos 2940 1.1 christos int ssl3_new(SSL *s) 2941 1.1 christos { 2942 1.1 christos SSL3_STATE *s3; 2943 1.1 christos 2944 1.1 christos if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2945 1.1 christos memset(s3,0,sizeof *s3); 2946 1.1 christos memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); 2947 1.1 christos memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); 2948 1.1 christos 2949 1.1 christos s->s3=s3; 2950 1.1 christos 2951 1.5 spz #ifndef OPENSSL_NO_SRP 2952 1.5 spz SSL_SRP_CTX_init(s); 2953 1.5 spz #endif 2954 1.1 christos s->method->ssl_clear(s); 2955 1.1 christos return(1); 2956 1.1 christos err: 2957 1.1 christos return(0); 2958 1.1 christos } 2959 1.1 christos 2960 1.1 christos void ssl3_free(SSL *s) 2961 1.1 christos { 2962 1.1 christos if(s == NULL) 2963 1.1 christos return; 2964 1.1 christos 2965 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input 2966 1.1 christos if (s->s3->client_opaque_prf_input != NULL) 2967 1.1 christos OPENSSL_free(s->s3->client_opaque_prf_input); 2968 1.1 christos if (s->s3->server_opaque_prf_input != NULL) 2969 1.1 christos OPENSSL_free(s->s3->server_opaque_prf_input); 2970 1.1 christos #endif 2971 1.1 christos 2972 1.1 christos ssl3_cleanup_key_block(s); 2973 1.1 christos if (s->s3->rbuf.buf != NULL) 2974 1.1 christos ssl3_release_read_buffer(s); 2975 1.1 christos if (s->s3->wbuf.buf != NULL) 2976 1.1 christos ssl3_release_write_buffer(s); 2977 1.1 christos if (s->s3->rrec.comp != NULL) 2978 1.1 christos OPENSSL_free(s->s3->rrec.comp); 2979 1.1 christos #ifndef OPENSSL_NO_DH 2980 1.1 christos if (s->s3->tmp.dh != NULL) 2981 1.1 christos DH_free(s->s3->tmp.dh); 2982 1.1 christos #endif 2983 1.1 christos #ifndef OPENSSL_NO_ECDH 2984 1.1 christos if (s->s3->tmp.ecdh != NULL) 2985 1.1 christos EC_KEY_free(s->s3->tmp.ecdh); 2986 1.1 christos #endif 2987 1.1 christos 2988 1.1 christos if (s->s3->tmp.ca_names != NULL) 2989 1.1 christos sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2990 1.1 christos if (s->s3->handshake_buffer) { 2991 1.1 christos BIO_free(s->s3->handshake_buffer); 2992 1.1 christos } 2993 1.1 christos if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2994 1.5 spz #ifndef OPENSSL_NO_SRP 2995 1.5 spz SSL_SRP_CTX_free(s); 2996 1.5 spz #endif 2997 1.1 christos OPENSSL_cleanse(s->s3,sizeof *s->s3); 2998 1.1 christos OPENSSL_free(s->s3); 2999 1.1 christos s->s3=NULL; 3000 1.1 christos } 3001 1.1 christos 3002 1.1 christos void ssl3_clear(SSL *s) 3003 1.1 christos { 3004 1.1 christos unsigned char *rp,*wp; 3005 1.1 christos size_t rlen, wlen; 3006 1.8 christos int init_extra; 3007 1.1 christos 3008 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input 3009 1.1 christos if (s->s3->client_opaque_prf_input != NULL) 3010 1.1 christos OPENSSL_free(s->s3->client_opaque_prf_input); 3011 1.1 christos s->s3->client_opaque_prf_input = NULL; 3012 1.1 christos if (s->s3->server_opaque_prf_input != NULL) 3013 1.1 christos OPENSSL_free(s->s3->server_opaque_prf_input); 3014 1.1 christos s->s3->server_opaque_prf_input = NULL; 3015 1.1 christos #endif 3016 1.1 christos 3017 1.1 christos ssl3_cleanup_key_block(s); 3018 1.1 christos if (s->s3->tmp.ca_names != NULL) 3019 1.1 christos sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 3020 1.1 christos 3021 1.1 christos if (s->s3->rrec.comp != NULL) 3022 1.1 christos { 3023 1.1 christos OPENSSL_free(s->s3->rrec.comp); 3024 1.1 christos s->s3->rrec.comp=NULL; 3025 1.1 christos } 3026 1.1 christos #ifndef OPENSSL_NO_DH 3027 1.1 christos if (s->s3->tmp.dh != NULL) 3028 1.7 drochner { 3029 1.1 christos DH_free(s->s3->tmp.dh); 3030 1.7 drochner s->s3->tmp.dh = NULL; 3031 1.7 drochner } 3032 1.1 christos #endif 3033 1.1 christos #ifndef OPENSSL_NO_ECDH 3034 1.1 christos if (s->s3->tmp.ecdh != NULL) 3035 1.7 drochner { 3036 1.1 christos EC_KEY_free(s->s3->tmp.ecdh); 3037 1.7 drochner s->s3->tmp.ecdh = NULL; 3038 1.7 drochner } 3039 1.1 christos #endif 3040 1.10 christos #ifndef OPENSSL_NO_TLSEXT 3041 1.10 christos #ifndef OPENSSL_NO_EC 3042 1.10 christos s->s3->is_probably_safari = 0; 3043 1.10 christos #endif /* !OPENSSL_NO_EC */ 3044 1.10 christos #endif /* !OPENSSL_NO_TLSEXT */ 3045 1.1 christos 3046 1.1 christos rp = s->s3->rbuf.buf; 3047 1.1 christos wp = s->s3->wbuf.buf; 3048 1.1 christos rlen = s->s3->rbuf.len; 3049 1.1 christos wlen = s->s3->wbuf.len; 3050 1.8 christos init_extra = s->s3->init_extra; 3051 1.1 christos if (s->s3->handshake_buffer) { 3052 1.1 christos BIO_free(s->s3->handshake_buffer); 3053 1.3 christos s->s3->handshake_buffer = NULL; 3054 1.1 christos } 3055 1.1 christos if (s->s3->handshake_dgst) { 3056 1.1 christos ssl3_free_digest_list(s); 3057 1.1 christos } 3058 1.1 christos memset(s->s3,0,sizeof *s->s3); 3059 1.1 christos s->s3->rbuf.buf = rp; 3060 1.1 christos s->s3->wbuf.buf = wp; 3061 1.1 christos s->s3->rbuf.len = rlen; 3062 1.1 christos s->s3->wbuf.len = wlen; 3063 1.8 christos s->s3->init_extra = init_extra; 3064 1.1 christos 3065 1.1 christos ssl_free_wbio_buffer(s); 3066 1.1 christos 3067 1.1 christos s->packet_length=0; 3068 1.1 christos s->s3->renegotiate=0; 3069 1.1 christos s->s3->total_renegotiations=0; 3070 1.1 christos s->s3->num_renegotiations=0; 3071 1.1 christos s->s3->in_read_app_data=0; 3072 1.1 christos s->version=SSL3_VERSION; 3073 1.8 christos 3074 1.8 christos #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3075 1.8 christos if (s->next_proto_negotiated) 3076 1.8 christos { 3077 1.8 christos OPENSSL_free(s->next_proto_negotiated); 3078 1.8 christos s->next_proto_negotiated = NULL; 3079 1.8 christos s->next_proto_negotiated_len = 0; 3080 1.8 christos } 3081 1.8 christos #endif 3082 1.1 christos } 3083 1.1 christos 3084 1.5 spz #ifndef OPENSSL_NO_SRP 3085 1.5 spz static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg) 3086 1.5 spz { 3087 1.5 spz return BUF_strdup(s->srp_ctx.info) ; 3088 1.5 spz } 3089 1.5 spz #endif 3090 1.5 spz 3091 1.1 christos long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3092 1.1 christos { 3093 1.1 christos int ret=0; 3094 1.1 christos 3095 1.1 christos #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3096 1.1 christos if ( 3097 1.1 christos #ifndef OPENSSL_NO_RSA 3098 1.1 christos cmd == SSL_CTRL_SET_TMP_RSA || 3099 1.1 christos cmd == SSL_CTRL_SET_TMP_RSA_CB || 3100 1.1 christos #endif 3101 1.1 christos #ifndef OPENSSL_NO_DSA 3102 1.1 christos cmd == SSL_CTRL_SET_TMP_DH || 3103 1.1 christos cmd == SSL_CTRL_SET_TMP_DH_CB || 3104 1.1 christos #endif 3105 1.1 christos 0) 3106 1.1 christos { 3107 1.1 christos if (!ssl_cert_inst(&s->cert)) 3108 1.1 christos { 3109 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 3110 1.1 christos return(0); 3111 1.1 christos } 3112 1.1 christos } 3113 1.1 christos #endif 3114 1.1 christos 3115 1.1 christos switch (cmd) 3116 1.1 christos { 3117 1.1 christos case SSL_CTRL_GET_SESSION_REUSED: 3118 1.1 christos ret=s->hit; 3119 1.1 christos break; 3120 1.1 christos case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3121 1.1 christos break; 3122 1.1 christos case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3123 1.1 christos ret=s->s3->num_renegotiations; 3124 1.1 christos break; 3125 1.1 christos case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3126 1.1 christos ret=s->s3->num_renegotiations; 3127 1.1 christos s->s3->num_renegotiations=0; 3128 1.1 christos break; 3129 1.1 christos case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3130 1.1 christos ret=s->s3->total_renegotiations; 3131 1.1 christos break; 3132 1.1 christos case SSL_CTRL_GET_FLAGS: 3133 1.1 christos ret=(int)(s->s3->flags); 3134 1.1 christos break; 3135 1.1 christos #ifndef OPENSSL_NO_RSA 3136 1.1 christos case SSL_CTRL_NEED_TMP_RSA: 3137 1.1 christos if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 3138 1.1 christos ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3139 1.1 christos (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) 3140 1.1 christos ret = 1; 3141 1.1 christos break; 3142 1.1 christos case SSL_CTRL_SET_TMP_RSA: 3143 1.1 christos { 3144 1.1 christos RSA *rsa = (RSA *)parg; 3145 1.1 christos if (rsa == NULL) 3146 1.1 christos { 3147 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3148 1.1 christos return(ret); 3149 1.1 christos } 3150 1.1 christos if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 3151 1.1 christos { 3152 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 3153 1.1 christos return(ret); 3154 1.1 christos } 3155 1.1 christos if (s->cert->rsa_tmp != NULL) 3156 1.1 christos RSA_free(s->cert->rsa_tmp); 3157 1.1 christos s->cert->rsa_tmp = rsa; 3158 1.1 christos ret = 1; 3159 1.1 christos } 3160 1.1 christos break; 3161 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB: 3162 1.1 christos { 3163 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3164 1.1 christos return(ret); 3165 1.1 christos } 3166 1.1 christos break; 3167 1.1 christos #endif 3168 1.1 christos #ifndef OPENSSL_NO_DH 3169 1.1 christos case SSL_CTRL_SET_TMP_DH: 3170 1.1 christos { 3171 1.1 christos DH *dh = (DH *)parg; 3172 1.1 christos if (dh == NULL) 3173 1.1 christos { 3174 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3175 1.1 christos return(ret); 3176 1.1 christos } 3177 1.1 christos if ((dh = DHparams_dup(dh)) == NULL) 3178 1.1 christos { 3179 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3180 1.1 christos return(ret); 3181 1.1 christos } 3182 1.1 christos if (!(s->options & SSL_OP_SINGLE_DH_USE)) 3183 1.1 christos { 3184 1.1 christos if (!DH_generate_key(dh)) 3185 1.1 christos { 3186 1.1 christos DH_free(dh); 3187 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3188 1.1 christos return(ret); 3189 1.1 christos } 3190 1.1 christos } 3191 1.1 christos if (s->cert->dh_tmp != NULL) 3192 1.1 christos DH_free(s->cert->dh_tmp); 3193 1.1 christos s->cert->dh_tmp = dh; 3194 1.1 christos ret = 1; 3195 1.1 christos } 3196 1.1 christos break; 3197 1.1 christos case SSL_CTRL_SET_TMP_DH_CB: 3198 1.1 christos { 3199 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3200 1.1 christos return(ret); 3201 1.1 christos } 3202 1.1 christos break; 3203 1.1 christos #endif 3204 1.1 christos #ifndef OPENSSL_NO_ECDH 3205 1.1 christos case SSL_CTRL_SET_TMP_ECDH: 3206 1.1 christos { 3207 1.1 christos EC_KEY *ecdh = NULL; 3208 1.1 christos 3209 1.1 christos if (parg == NULL) 3210 1.1 christos { 3211 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3212 1.1 christos return(ret); 3213 1.1 christos } 3214 1.1 christos if (!EC_KEY_up_ref((EC_KEY *)parg)) 3215 1.1 christos { 3216 1.1 christos SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3217 1.1 christos return(ret); 3218 1.1 christos } 3219 1.1 christos ecdh = (EC_KEY *)parg; 3220 1.1 christos if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) 3221 1.1 christos { 3222 1.1 christos if (!EC_KEY_generate_key(ecdh)) 3223 1.1 christos { 3224 1.1 christos EC_KEY_free(ecdh); 3225 1.1 christos SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3226 1.1 christos return(ret); 3227 1.1 christos } 3228 1.1 christos } 3229 1.1 christos if (s->cert->ecdh_tmp != NULL) 3230 1.1 christos EC_KEY_free(s->cert->ecdh_tmp); 3231 1.1 christos s->cert->ecdh_tmp = ecdh; 3232 1.1 christos ret = 1; 3233 1.1 christos } 3234 1.1 christos break; 3235 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB: 3236 1.1 christos { 3237 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3238 1.1 christos return(ret); 3239 1.1 christos } 3240 1.1 christos break; 3241 1.1 christos #endif /* !OPENSSL_NO_ECDH */ 3242 1.1 christos #ifndef OPENSSL_NO_TLSEXT 3243 1.1 christos case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3244 1.1 christos if (larg == TLSEXT_NAMETYPE_host_name) 3245 1.1 christos { 3246 1.1 christos if (s->tlsext_hostname != NULL) 3247 1.1 christos OPENSSL_free(s->tlsext_hostname); 3248 1.1 christos s->tlsext_hostname = NULL; 3249 1.1 christos 3250 1.1 christos ret = 1; 3251 1.1 christos if (parg == NULL) 3252 1.1 christos break; 3253 1.1 christos if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) 3254 1.1 christos { 3255 1.1 christos SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3256 1.1 christos return 0; 3257 1.1 christos } 3258 1.1 christos if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) 3259 1.1 christos { 3260 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3261 1.1 christos return 0; 3262 1.1 christos } 3263 1.1 christos } 3264 1.1 christos else 3265 1.1 christos { 3266 1.1 christos SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3267 1.1 christos return 0; 3268 1.1 christos } 3269 1.1 christos break; 3270 1.1 christos case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3271 1.1 christos s->tlsext_debug_arg=parg; 3272 1.1 christos ret = 1; 3273 1.1 christos break; 3274 1.1 christos 3275 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input 3276 1.1 christos case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3277 1.1 christos if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message 3278 1.1 christos * (including the cert chain and everything) */ 3279 1.1 christos { 3280 1.1 christos SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3281 1.1 christos break; 3282 1.1 christos } 3283 1.1 christos if (s->tlsext_opaque_prf_input != NULL) 3284 1.1 christos OPENSSL_free(s->tlsext_opaque_prf_input); 3285 1.1 christos if ((size_t)larg == 0) 3286 1.1 christos s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 3287 1.1 christos else 3288 1.1 christos s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3289 1.1 christos if (s->tlsext_opaque_prf_input != NULL) 3290 1.1 christos { 3291 1.1 christos s->tlsext_opaque_prf_input_len = (size_t)larg; 3292 1.1 christos ret = 1; 3293 1.1 christos } 3294 1.1 christos else 3295 1.1 christos s->tlsext_opaque_prf_input_len = 0; 3296 1.1 christos break; 3297 1.1 christos #endif 3298 1.1 christos 3299 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3300 1.1 christos s->tlsext_status_type=larg; 3301 1.1 christos ret = 1; 3302 1.1 christos break; 3303 1.1 christos 3304 1.1 christos case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 3305 1.1 christos *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 3306 1.1 christos ret = 1; 3307 1.1 christos break; 3308 1.1 christos 3309 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 3310 1.1 christos s->tlsext_ocsp_exts = parg; 3311 1.1 christos ret = 1; 3312 1.1 christos break; 3313 1.1 christos 3314 1.1 christos case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 3315 1.1 christos *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 3316 1.1 christos ret = 1; 3317 1.1 christos break; 3318 1.1 christos 3319 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 3320 1.1 christos s->tlsext_ocsp_ids = parg; 3321 1.1 christos ret = 1; 3322 1.1 christos break; 3323 1.1 christos 3324 1.1 christos case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3325 1.1 christos *(unsigned char **)parg = s->tlsext_ocsp_resp; 3326 1.1 christos return s->tlsext_ocsp_resplen; 3327 1.1 christos 3328 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3329 1.1 christos if (s->tlsext_ocsp_resp) 3330 1.1 christos OPENSSL_free(s->tlsext_ocsp_resp); 3331 1.1 christos s->tlsext_ocsp_resp = parg; 3332 1.1 christos s->tlsext_ocsp_resplen = larg; 3333 1.1 christos ret = 1; 3334 1.1 christos break; 3335 1.1 christos 3336 1.8 christos #ifndef OPENSSL_NO_HEARTBEATS 3337 1.8 christos case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: 3338 1.8 christos if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 3339 1.8 christos ret = dtls1_heartbeat(s); 3340 1.8 christos else 3341 1.8 christos ret = tls1_heartbeat(s); 3342 1.8 christos break; 3343 1.8 christos 3344 1.8 christos case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING: 3345 1.8 christos ret = s->tlsext_hb_pending; 3346 1.8 christos break; 3347 1.8 christos 3348 1.8 christos case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS: 3349 1.8 christos if (larg) 3350 1.8 christos s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3351 1.8 christos else 3352 1.8 christos s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3353 1.8 christos ret = 1; 3354 1.8 christos break; 3355 1.8 christos #endif 3356 1.8 christos 3357 1.1 christos #endif /* !OPENSSL_NO_TLSEXT */ 3358 1.1 christos default: 3359 1.1 christos break; 3360 1.1 christos } 3361 1.1 christos return(ret); 3362 1.1 christos } 3363 1.1 christos 3364 1.1 christos long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 3365 1.1 christos { 3366 1.1 christos int ret=0; 3367 1.1 christos 3368 1.1 christos #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3369 1.1 christos if ( 3370 1.1 christos #ifndef OPENSSL_NO_RSA 3371 1.1 christos cmd == SSL_CTRL_SET_TMP_RSA_CB || 3372 1.1 christos #endif 3373 1.1 christos #ifndef OPENSSL_NO_DSA 3374 1.1 christos cmd == SSL_CTRL_SET_TMP_DH_CB || 3375 1.1 christos #endif 3376 1.1 christos 0) 3377 1.1 christos { 3378 1.1 christos if (!ssl_cert_inst(&s->cert)) 3379 1.1 christos { 3380 1.1 christos SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3381 1.1 christos return(0); 3382 1.1 christos } 3383 1.1 christos } 3384 1.1 christos #endif 3385 1.1 christos 3386 1.1 christos switch (cmd) 3387 1.1 christos { 3388 1.1 christos #ifndef OPENSSL_NO_RSA 3389 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB: 3390 1.1 christos { 3391 1.1 christos s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3392 1.1 christos } 3393 1.1 christos break; 3394 1.1 christos #endif 3395 1.1 christos #ifndef OPENSSL_NO_DH 3396 1.1 christos case SSL_CTRL_SET_TMP_DH_CB: 3397 1.1 christos { 3398 1.1 christos s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3399 1.1 christos } 3400 1.1 christos break; 3401 1.1 christos #endif 3402 1.1 christos #ifndef OPENSSL_NO_ECDH 3403 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB: 3404 1.1 christos { 3405 1.1 christos s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3406 1.1 christos } 3407 1.1 christos break; 3408 1.1 christos #endif 3409 1.1 christos #ifndef OPENSSL_NO_TLSEXT 3410 1.1 christos case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3411 1.1 christos s->tlsext_debug_cb=(void (*)(SSL *,int ,int, 3412 1.1 christos unsigned char *, int, void *))fp; 3413 1.1 christos break; 3414 1.1 christos #endif 3415 1.1 christos default: 3416 1.1 christos break; 3417 1.1 christos } 3418 1.1 christos return(ret); 3419 1.1 christos } 3420 1.1 christos 3421 1.1 christos long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3422 1.1 christos { 3423 1.1 christos CERT *cert; 3424 1.1 christos 3425 1.1 christos cert=ctx->cert; 3426 1.1 christos 3427 1.1 christos switch (cmd) 3428 1.1 christos { 3429 1.1 christos #ifndef OPENSSL_NO_RSA 3430 1.1 christos case SSL_CTRL_NEED_TMP_RSA: 3431 1.1 christos if ( (cert->rsa_tmp == NULL) && 3432 1.1 christos ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3433 1.1 christos (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) 3434 1.1 christos ) 3435 1.1 christos return(1); 3436 1.1 christos else 3437 1.1 christos return(0); 3438 1.1 christos /* break; */ 3439 1.1 christos case SSL_CTRL_SET_TMP_RSA: 3440 1.1 christos { 3441 1.1 christos RSA *rsa; 3442 1.1 christos int i; 3443 1.1 christos 3444 1.1 christos rsa=(RSA *)parg; 3445 1.1 christos i=1; 3446 1.1 christos if (rsa == NULL) 3447 1.1 christos i=0; 3448 1.1 christos else 3449 1.1 christos { 3450 1.1 christos if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) 3451 1.1 christos i=0; 3452 1.1 christos } 3453 1.1 christos if (!i) 3454 1.1 christos { 3455 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); 3456 1.1 christos return(0); 3457 1.1 christos } 3458 1.1 christos else 3459 1.1 christos { 3460 1.1 christos if (cert->rsa_tmp != NULL) 3461 1.1 christos RSA_free(cert->rsa_tmp); 3462 1.1 christos cert->rsa_tmp=rsa; 3463 1.1 christos return(1); 3464 1.1 christos } 3465 1.1 christos } 3466 1.1 christos /* break; */ 3467 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB: 3468 1.1 christos { 3469 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3470 1.1 christos return(0); 3471 1.1 christos } 3472 1.1 christos break; 3473 1.1 christos #endif 3474 1.1 christos #ifndef OPENSSL_NO_DH 3475 1.1 christos case SSL_CTRL_SET_TMP_DH: 3476 1.1 christos { 3477 1.1 christos DH *new=NULL,*dh; 3478 1.1 christos 3479 1.1 christos dh=(DH *)parg; 3480 1.1 christos if ((new=DHparams_dup(dh)) == NULL) 3481 1.1 christos { 3482 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); 3483 1.1 christos return 0; 3484 1.1 christos } 3485 1.1 christos if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) 3486 1.1 christos { 3487 1.1 christos if (!DH_generate_key(new)) 3488 1.1 christos { 3489 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); 3490 1.1 christos DH_free(new); 3491 1.1 christos return 0; 3492 1.1 christos } 3493 1.1 christos } 3494 1.1 christos if (cert->dh_tmp != NULL) 3495 1.1 christos DH_free(cert->dh_tmp); 3496 1.1 christos cert->dh_tmp=new; 3497 1.1 christos return 1; 3498 1.1 christos } 3499 1.1 christos /*break; */ 3500 1.1 christos case SSL_CTRL_SET_TMP_DH_CB: 3501 1.1 christos { 3502 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3503 1.1 christos return(0); 3504 1.1 christos } 3505 1.1 christos break; 3506 1.1 christos #endif 3507 1.1 christos #ifndef OPENSSL_NO_ECDH 3508 1.1 christos case SSL_CTRL_SET_TMP_ECDH: 3509 1.1 christos { 3510 1.1 christos EC_KEY *ecdh = NULL; 3511 1.1 christos 3512 1.1 christos if (parg == NULL) 3513 1.1 christos { 3514 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3515 1.1 christos return 0; 3516 1.1 christos } 3517 1.1 christos ecdh = EC_KEY_dup((EC_KEY *)parg); 3518 1.1 christos if (ecdh == NULL) 3519 1.1 christos { 3520 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); 3521 1.1 christos return 0; 3522 1.1 christos } 3523 1.1 christos if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) 3524 1.1 christos { 3525 1.1 christos if (!EC_KEY_generate_key(ecdh)) 3526 1.1 christos { 3527 1.1 christos EC_KEY_free(ecdh); 3528 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3529 1.1 christos return 0; 3530 1.1 christos } 3531 1.1 christos } 3532 1.1 christos 3533 1.1 christos if (cert->ecdh_tmp != NULL) 3534 1.1 christos { 3535 1.1 christos EC_KEY_free(cert->ecdh_tmp); 3536 1.1 christos } 3537 1.1 christos cert->ecdh_tmp = ecdh; 3538 1.1 christos return 1; 3539 1.1 christos } 3540 1.1 christos /* break; */ 3541 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB: 3542 1.1 christos { 3543 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3544 1.1 christos return(0); 3545 1.1 christos } 3546 1.1 christos break; 3547 1.1 christos #endif /* !OPENSSL_NO_ECDH */ 3548 1.1 christos #ifndef OPENSSL_NO_TLSEXT 3549 1.1 christos case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3550 1.1 christos ctx->tlsext_servername_arg=parg; 3551 1.1 christos break; 3552 1.1 christos case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3553 1.1 christos case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3554 1.1 christos { 3555 1.1 christos unsigned char *keys = parg; 3556 1.1 christos if (!keys) 3557 1.1 christos return 48; 3558 1.1 christos if (larg != 48) 3559 1.1 christos { 3560 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3561 1.1 christos return 0; 3562 1.1 christos } 3563 1.1 christos if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) 3564 1.1 christos { 3565 1.1 christos memcpy(ctx->tlsext_tick_key_name, keys, 16); 3566 1.1 christos memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 3567 1.1 christos memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 3568 1.1 christos } 3569 1.1 christos else 3570 1.1 christos { 3571 1.1 christos memcpy(keys, ctx->tlsext_tick_key_name, 16); 3572 1.1 christos memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3573 1.1 christos memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3574 1.1 christos } 3575 1.1 christos return 1; 3576 1.1 christos } 3577 1.1 christos 3578 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input 3579 1.1 christos case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: 3580 1.1 christos ctx->tlsext_opaque_prf_input_callback_arg = parg; 3581 1.1 christos return 1; 3582 1.1 christos #endif 3583 1.1 christos 3584 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3585 1.1 christos ctx->tlsext_status_arg=parg; 3586 1.1 christos return 1; 3587 1.1 christos break; 3588 1.1 christos 3589 1.5 spz #ifndef OPENSSL_NO_SRP 3590 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: 3591 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3592 1.5 spz if (ctx->srp_ctx.login != NULL) 3593 1.5 spz OPENSSL_free(ctx->srp_ctx.login); 3594 1.5 spz ctx->srp_ctx.login = NULL; 3595 1.5 spz if (parg == NULL) 3596 1.5 spz break; 3597 1.8 christos if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) 3598 1.5 spz { 3599 1.5 spz SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3600 1.5 spz return 0; 3601 1.5 spz } 3602 1.5 spz if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) 3603 1.5 spz { 3604 1.5 spz SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3605 1.5 spz return 0; 3606 1.5 spz } 3607 1.5 spz break; 3608 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3609 1.5 spz ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; 3610 1.5 spz ctx->srp_ctx.info=parg; 3611 1.5 spz break; 3612 1.5 spz case SSL_CTRL_SET_SRP_ARG: 3613 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3614 1.5 spz ctx->srp_ctx.SRP_cb_arg=parg; 3615 1.5 spz break; 3616 1.5 spz 3617 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3618 1.5 spz ctx->srp_ctx.strength=larg; 3619 1.5 spz break; 3620 1.5 spz #endif 3621 1.1 christos #endif /* !OPENSSL_NO_TLSEXT */ 3622 1.1 christos 3623 1.1 christos /* A Thawte special :-) */ 3624 1.1 christos case SSL_CTRL_EXTRA_CHAIN_CERT: 3625 1.1 christos if (ctx->extra_certs == NULL) 3626 1.1 christos { 3627 1.1 christos if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 3628 1.1 christos return(0); 3629 1.1 christos } 3630 1.1 christos sk_X509_push(ctx->extra_certs,(X509 *)parg); 3631 1.1 christos break; 3632 1.1 christos 3633 1.8 christos case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3634 1.8 christos *(STACK_OF(X509) **)parg = ctx->extra_certs; 3635 1.8 christos break; 3636 1.8 christos 3637 1.8 christos case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3638 1.8 christos if (ctx->extra_certs) 3639 1.8 christos { 3640 1.8 christos sk_X509_pop_free(ctx->extra_certs, X509_free); 3641 1.8 christos ctx->extra_certs = NULL; 3642 1.8 christos } 3643 1.8 christos break; 3644 1.8 christos 3645 1.1 christos default: 3646 1.1 christos return(0); 3647 1.1 christos } 3648 1.1 christos return(1); 3649 1.1 christos } 3650 1.1 christos 3651 1.1 christos long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 3652 1.1 christos { 3653 1.1 christos CERT *cert; 3654 1.1 christos 3655 1.1 christos cert=ctx->cert; 3656 1.1 christos 3657 1.1 christos switch (cmd) 3658 1.1 christos { 3659 1.1 christos #ifndef OPENSSL_NO_RSA 3660 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB: 3661 1.1 christos { 3662 1.1 christos cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3663 1.1 christos } 3664 1.1 christos break; 3665 1.1 christos #endif 3666 1.1 christos #ifndef OPENSSL_NO_DH 3667 1.1 christos case SSL_CTRL_SET_TMP_DH_CB: 3668 1.1 christos { 3669 1.1 christos cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3670 1.1 christos } 3671 1.1 christos break; 3672 1.1 christos #endif 3673 1.1 christos #ifndef OPENSSL_NO_ECDH 3674 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB: 3675 1.1 christos { 3676 1.1 christos cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3677 1.1 christos } 3678 1.1 christos break; 3679 1.1 christos #endif 3680 1.1 christos #ifndef OPENSSL_NO_TLSEXT 3681 1.1 christos case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3682 1.1 christos ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 3683 1.1 christos break; 3684 1.1 christos 3685 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input 3686 1.1 christos case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3687 1.1 christos ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; 3688 1.1 christos break; 3689 1.1 christos #endif 3690 1.1 christos 3691 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3692 1.1 christos ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 3693 1.1 christos break; 3694 1.1 christos 3695 1.1 christos case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3696 1.1 christos ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 3697 1.1 christos unsigned char *, 3698 1.1 christos EVP_CIPHER_CTX *, 3699 1.1 christos HMAC_CTX *, int))fp; 3700 1.1 christos break; 3701 1.1 christos 3702 1.5 spz #ifndef OPENSSL_NO_SRP 3703 1.5 spz case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3704 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3705 1.5 spz ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; 3706 1.5 spz break; 3707 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3708 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3709 1.5 spz ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; 3710 1.5 spz break; 3711 1.5 spz case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3712 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3713 1.5 spz ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; 3714 1.5 spz break; 3715 1.5 spz #endif 3716 1.1 christos #endif 3717 1.1 christos default: 3718 1.1 christos return(0); 3719 1.1 christos } 3720 1.1 christos return(1); 3721 1.1 christos } 3722 1.1 christos 3723 1.1 christos /* This function needs to check if the ciphers required are actually 3724 1.1 christos * available */ 3725 1.1 christos const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 3726 1.1 christos { 3727 1.1 christos SSL_CIPHER c; 3728 1.1 christos const SSL_CIPHER *cp; 3729 1.1 christos unsigned long id; 3730 1.1 christos 3731 1.1 christos id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 3732 1.1 christos c.id=id; 3733 1.1 christos cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3734 1.5 spz #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3735 1.5 spz if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3736 1.5 spz #endif 3737 1.1 christos if (cp == NULL || cp->valid == 0) 3738 1.1 christos return NULL; 3739 1.1 christos else 3740 1.1 christos return cp; 3741 1.1 christos } 3742 1.1 christos 3743 1.1 christos int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3744 1.1 christos { 3745 1.1 christos long l; 3746 1.1 christos 3747 1.1 christos if (p != NULL) 3748 1.1 christos { 3749 1.1 christos l=c->id; 3750 1.1 christos if ((l & 0xff000000) != 0x03000000) return(0); 3751 1.1 christos p[0]=((unsigned char)(l>> 8L))&0xFF; 3752 1.1 christos p[1]=((unsigned char)(l ))&0xFF; 3753 1.1 christos } 3754 1.1 christos return(2); 3755 1.1 christos } 3756 1.1 christos 3757 1.1 christos SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3758 1.1 christos STACK_OF(SSL_CIPHER) *srvr) 3759 1.1 christos { 3760 1.1 christos SSL_CIPHER *c,*ret=NULL; 3761 1.1 christos STACK_OF(SSL_CIPHER) *prio, *allow; 3762 1.1 christos int i,ii,ok; 3763 1.1 christos #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3764 1.1 christos unsigned int j; 3765 1.1 christos int ec_ok, ec_nid; 3766 1.1 christos unsigned char ec_search1 = 0, ec_search2 = 0; 3767 1.1 christos #endif 3768 1.1 christos CERT *cert; 3769 1.1 christos unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; 3770 1.1 christos 3771 1.1 christos /* Let's see which ciphers we can support */ 3772 1.1 christos cert=s->cert; 3773 1.1 christos 3774 1.1 christos #if 0 3775 1.1 christos /* Do not set the compare functions, because this may lead to a 3776 1.1 christos * reordering by "id". We want to keep the original ordering. 3777 1.1 christos * We may pay a price in performance during sk_SSL_CIPHER_find(), 3778 1.1 christos * but would have to pay with the price of sk_SSL_CIPHER_dup(). 3779 1.1 christos */ 3780 1.1 christos sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 3781 1.1 christos sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3782 1.1 christos #endif 3783 1.1 christos 3784 1.1 christos #ifdef CIPHER_DEBUG 3785 1.1 christos printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3786 1.1 christos for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 3787 1.1 christos { 3788 1.1 christos c=sk_SSL_CIPHER_value(srvr,i); 3789 1.1 christos printf("%p:%s\n",(void *)c,c->name); 3790 1.1 christos } 3791 1.1 christos printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3792 1.1 christos for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 3793 1.1 christos { 3794 1.1 christos c=sk_SSL_CIPHER_value(clnt,i); 3795 1.1 christos printf("%p:%s\n",(void *)c,c->name); 3796 1.1 christos } 3797 1.1 christos #endif 3798 1.1 christos 3799 1.1 christos if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 3800 1.1 christos { 3801 1.1 christos prio = srvr; 3802 1.1 christos allow = clnt; 3803 1.1 christos } 3804 1.1 christos else 3805 1.1 christos { 3806 1.1 christos prio = clnt; 3807 1.1 christos allow = srvr; 3808 1.1 christos } 3809 1.1 christos 3810 1.1 christos for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 3811 1.1 christos { 3812 1.1 christos c=sk_SSL_CIPHER_value(prio,i); 3813 1.1 christos 3814 1.8 christos /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3815 1.8 christos if ((c->algorithm_ssl & SSL_TLSV1_2) && 3816 1.8 christos (TLS1_get_version(s) < TLS1_2_VERSION)) 3817 1.8 christos continue; 3818 1.8 christos 3819 1.1 christos ssl_set_cert_masks(cert,c); 3820 1.1 christos mask_k = cert->mask_k; 3821 1.1 christos mask_a = cert->mask_a; 3822 1.1 christos emask_k = cert->export_mask_k; 3823 1.1 christos emask_a = cert->export_mask_a; 3824 1.5 spz #ifndef OPENSSL_NO_SRP 3825 1.5 spz mask_k=cert->mask_k | s->srp_ctx.srp_Mask; 3826 1.5 spz emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; 3827 1.5 spz #endif 3828 1.1 christos 3829 1.1 christos #ifdef KSSL_DEBUG 3830 1.1 christos /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3831 1.1 christos #endif /* KSSL_DEBUG */ 3832 1.1 christos 3833 1.1 christos alg_k=c->algorithm_mkey; 3834 1.1 christos alg_a=c->algorithm_auth; 3835 1.1 christos 3836 1.1 christos #ifndef OPENSSL_NO_KRB5 3837 1.1 christos if (alg_k & SSL_kKRB5) 3838 1.1 christos { 3839 1.1 christos if ( !kssl_keytab_is_available(s->kssl_ctx) ) 3840 1.1 christos continue; 3841 1.1 christos } 3842 1.1 christos #endif /* OPENSSL_NO_KRB5 */ 3843 1.1 christos #ifndef OPENSSL_NO_PSK 3844 1.1 christos /* with PSK there must be server callback set */ 3845 1.1 christos if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) 3846 1.1 christos continue; 3847 1.1 christos #endif /* OPENSSL_NO_PSK */ 3848 1.1 christos 3849 1.1 christos if (SSL_C_IS_EXPORT(c)) 3850 1.1 christos { 3851 1.1 christos ok = (alg_k & emask_k) && (alg_a & emask_a); 3852 1.1 christos #ifdef CIPHER_DEBUG 3853 1.1 christos printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, 3854 1.1 christos (void *)c,c->name); 3855 1.1 christos #endif 3856 1.1 christos } 3857 1.1 christos else 3858 1.1 christos { 3859 1.1 christos ok = (alg_k & mask_k) && (alg_a & mask_a); 3860 1.1 christos #ifdef CIPHER_DEBUG 3861 1.1 christos printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, 3862 1.1 christos c->name); 3863 1.1 christos #endif 3864 1.1 christos } 3865 1.1 christos 3866 1.1 christos #ifndef OPENSSL_NO_TLSEXT 3867 1.1 christos #ifndef OPENSSL_NO_EC 3868 1.1 christos if ( 3869 1.1 christos /* if we are considering an ECC cipher suite that uses our certificate */ 3870 1.1 christos (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3871 1.1 christos /* and we have an ECC certificate */ 3872 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3873 1.1 christos /* and the client specified a Supported Point Formats extension */ 3874 1.1 christos && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3875 1.1 christos /* and our certificate's point is compressed */ 3876 1.1 christos && ( 3877 1.1 christos (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3878 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 3879 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 3880 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 3881 1.1 christos && ( 3882 1.1 christos (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3883 1.1 christos || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 3884 1.1 christos ) 3885 1.1 christos ) 3886 1.1 christos ) 3887 1.1 christos { 3888 1.1 christos ec_ok = 0; 3889 1.1 christos /* if our certificate's curve is over a field type that the client does not support 3890 1.1 christos * then do not allow this cipher suite to be negotiated */ 3891 1.1 christos if ( 3892 1.1 christos (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3893 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3894 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3895 1.1 christos && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3896 1.1 christos ) 3897 1.1 christos { 3898 1.1 christos for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3899 1.1 christos { 3900 1.1 christos if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) 3901 1.1 christos { 3902 1.1 christos ec_ok = 1; 3903 1.1 christos break; 3904 1.1 christos } 3905 1.1 christos } 3906 1.1 christos } 3907 1.1 christos else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3908 1.1 christos { 3909 1.1 christos for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3910 1.1 christos { 3911 1.1 christos if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) 3912 1.1 christos { 3913 1.1 christos ec_ok = 1; 3914 1.1 christos break; 3915 1.1 christos } 3916 1.1 christos } 3917 1.1 christos } 3918 1.1 christos ok = ok && ec_ok; 3919 1.1 christos } 3920 1.1 christos if ( 3921 1.1 christos /* if we are considering an ECC cipher suite that uses our certificate */ 3922 1.1 christos (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3923 1.1 christos /* and we have an ECC certificate */ 3924 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3925 1.1 christos /* and the client specified an EllipticCurves extension */ 3926 1.1 christos && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3927 1.1 christos ) 3928 1.1 christos { 3929 1.1 christos ec_ok = 0; 3930 1.1 christos if ( 3931 1.1 christos (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3932 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3933 1.1 christos ) 3934 1.1 christos { 3935 1.1 christos ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3936 1.1 christos if ((ec_nid == 0) 3937 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3938 1.1 christos ) 3939 1.1 christos { 3940 1.1 christos if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3941 1.1 christos { 3942 1.1 christos ec_search1 = 0xFF; 3943 1.1 christos ec_search2 = 0x01; 3944 1.1 christos } 3945 1.1 christos else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3946 1.1 christos { 3947 1.1 christos ec_search1 = 0xFF; 3948 1.1 christos ec_search2 = 0x02; 3949 1.1 christos } 3950 1.1 christos } 3951 1.1 christos else 3952 1.1 christos { 3953 1.1 christos ec_search1 = 0x00; 3954 1.1 christos ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3955 1.1 christos } 3956 1.1 christos if ((ec_search1 != 0) || (ec_search2 != 0)) 3957 1.1 christos { 3958 1.1 christos for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3959 1.1 christos { 3960 1.1 christos if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) 3961 1.1 christos { 3962 1.1 christos ec_ok = 1; 3963 1.1 christos break; 3964 1.1 christos } 3965 1.1 christos } 3966 1.1 christos } 3967 1.1 christos } 3968 1.1 christos ok = ok && ec_ok; 3969 1.1 christos } 3970 1.1 christos if ( 3971 1.1 christos /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 3972 1.1 christos (alg_k & SSL_kEECDH) 3973 1.1 christos /* and we have an ephemeral EC key */ 3974 1.1 christos && (s->cert->ecdh_tmp != NULL) 3975 1.1 christos /* and the client specified an EllipticCurves extension */ 3976 1.1 christos && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3977 1.1 christos ) 3978 1.1 christos { 3979 1.1 christos ec_ok = 0; 3980 1.1 christos if (s->cert->ecdh_tmp->group != NULL) 3981 1.1 christos { 3982 1.1 christos ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 3983 1.1 christos if ((ec_nid == 0) 3984 1.1 christos && (s->cert->ecdh_tmp->group->meth != NULL) 3985 1.1 christos ) 3986 1.1 christos { 3987 1.1 christos if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) 3988 1.1 christos { 3989 1.1 christos ec_search1 = 0xFF; 3990 1.1 christos ec_search2 = 0x01; 3991 1.1 christos } 3992 1.1 christos else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) 3993 1.1 christos { 3994 1.1 christos ec_search1 = 0xFF; 3995 1.1 christos ec_search2 = 0x02; 3996 1.1 christos } 3997 1.1 christos } 3998 1.1 christos else 3999 1.1 christos { 4000 1.1 christos ec_search1 = 0x00; 4001 1.1 christos ec_search2 = tls1_ec_nid2curve_id(ec_nid); 4002 1.1 christos } 4003 1.1 christos if ((ec_search1 != 0) || (ec_search2 != 0)) 4004 1.1 christos { 4005 1.1 christos for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 4006 1.1 christos { 4007 1.1 christos if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) 4008 1.1 christos { 4009 1.1 christos ec_ok = 1; 4010 1.1 christos break; 4011 1.1 christos } 4012 1.1 christos } 4013 1.1 christos } 4014 1.1 christos } 4015 1.1 christos ok = ok && ec_ok; 4016 1.1 christos } 4017 1.1 christos #endif /* OPENSSL_NO_EC */ 4018 1.1 christos #endif /* OPENSSL_NO_TLSEXT */ 4019 1.1 christos 4020 1.1 christos if (!ok) continue; 4021 1.1 christos ii=sk_SSL_CIPHER_find(allow,c); 4022 1.1 christos if (ii >= 0) 4023 1.1 christos { 4024 1.10 christos #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 4025 1.10 christos if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) 4026 1.10 christos { 4027 1.10 christos if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); 4028 1.10 christos continue; 4029 1.10 christos } 4030 1.10 christos #endif 4031 1.1 christos ret=sk_SSL_CIPHER_value(allow,ii); 4032 1.1 christos break; 4033 1.1 christos } 4034 1.1 christos } 4035 1.1 christos return(ret); 4036 1.1 christos } 4037 1.1 christos 4038 1.1 christos int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 4039 1.1 christos { 4040 1.1 christos int ret=0; 4041 1.1 christos unsigned long alg_k; 4042 1.1 christos 4043 1.1 christos alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 4044 1.1 christos 4045 1.1 christos #ifndef OPENSSL_NO_GOST 4046 1.1 christos if (s->version >= TLS1_VERSION) 4047 1.1 christos { 4048 1.1 christos if (alg_k & SSL_kGOST) 4049 1.1 christos { 4050 1.1 christos p[ret++]=TLS_CT_GOST94_SIGN; 4051 1.1 christos p[ret++]=TLS_CT_GOST01_SIGN; 4052 1.1 christos return(ret); 4053 1.1 christos } 4054 1.1 christos } 4055 1.1 christos #endif 4056 1.1 christos 4057 1.1 christos #ifndef OPENSSL_NO_DH 4058 1.1 christos if (alg_k & (SSL_kDHr|SSL_kEDH)) 4059 1.1 christos { 4060 1.1 christos # ifndef OPENSSL_NO_RSA 4061 1.1 christos p[ret++]=SSL3_CT_RSA_FIXED_DH; 4062 1.1 christos # endif 4063 1.1 christos # ifndef OPENSSL_NO_DSA 4064 1.1 christos p[ret++]=SSL3_CT_DSS_FIXED_DH; 4065 1.1 christos # endif 4066 1.1 christos } 4067 1.1 christos if ((s->version == SSL3_VERSION) && 4068 1.1 christos (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 4069 1.1 christos { 4070 1.1 christos # ifndef OPENSSL_NO_RSA 4071 1.1 christos p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 4072 1.1 christos # endif 4073 1.1 christos # ifndef OPENSSL_NO_DSA 4074 1.1 christos p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 4075 1.1 christos # endif 4076 1.1 christos } 4077 1.1 christos #endif /* !OPENSSL_NO_DH */ 4078 1.1 christos #ifndef OPENSSL_NO_RSA 4079 1.1 christos p[ret++]=SSL3_CT_RSA_SIGN; 4080 1.1 christos #endif 4081 1.1 christos #ifndef OPENSSL_NO_DSA 4082 1.1 christos p[ret++]=SSL3_CT_DSS_SIGN; 4083 1.1 christos #endif 4084 1.1 christos #ifndef OPENSSL_NO_ECDH 4085 1.1 christos if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) 4086 1.1 christos { 4087 1.1 christos p[ret++]=TLS_CT_RSA_FIXED_ECDH; 4088 1.1 christos p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 4089 1.1 christos } 4090 1.1 christos #endif 4091 1.1 christos 4092 1.1 christos #ifndef OPENSSL_NO_ECDSA 4093 1.1 christos /* ECDSA certs can be used with RSA cipher suites as well 4094 1.1 christos * so we don't need to check for SSL_kECDH or SSL_kEECDH 4095 1.1 christos */ 4096 1.1 christos if (s->version >= TLS1_VERSION) 4097 1.1 christos { 4098 1.1 christos p[ret++]=TLS_CT_ECDSA_SIGN; 4099 1.1 christos } 4100 1.1 christos #endif 4101 1.1 christos return(ret); 4102 1.1 christos } 4103 1.1 christos 4104 1.1 christos int ssl3_shutdown(SSL *s) 4105 1.1 christos { 4106 1.1 christos int ret; 4107 1.1 christos 4108 1.1 christos /* Don't do anything much if we have not done the handshake or 4109 1.1 christos * we don't want to send messages :-) */ 4110 1.1 christos if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) 4111 1.1 christos { 4112 1.1 christos s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 4113 1.1 christos return(1); 4114 1.1 christos } 4115 1.1 christos 4116 1.1 christos if (!(s->shutdown & SSL_SENT_SHUTDOWN)) 4117 1.1 christos { 4118 1.1 christos s->shutdown|=SSL_SENT_SHUTDOWN; 4119 1.1 christos #if 1 4120 1.1 christos ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); 4121 1.1 christos #endif 4122 1.1 christos /* our shutdown alert has been sent now, and if it still needs 4123 1.1 christos * to be written, s->s3->alert_dispatch will be true */ 4124 1.1 christos if (s->s3->alert_dispatch) 4125 1.1 christos return(-1); /* return WANT_WRITE */ 4126 1.1 christos } 4127 1.1 christos else if (s->s3->alert_dispatch) 4128 1.1 christos { 4129 1.1 christos /* resend it if not sent */ 4130 1.1 christos #if 1 4131 1.1 christos ret=s->method->ssl_dispatch_alert(s); 4132 1.1 christos if(ret == -1) 4133 1.1 christos { 4134 1.1 christos /* we only get to return -1 here the 2nd/Nth 4135 1.1 christos * invocation, we must have already signalled 4136 1.1 christos * return 0 upon a previous invoation, 4137 1.1 christos * return WANT_WRITE */ 4138 1.1 christos return(ret); 4139 1.1 christos } 4140 1.1 christos #endif 4141 1.1 christos } 4142 1.1 christos else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4143 1.1 christos { 4144 1.1 christos /* If we are waiting for a close from our peer, we are closed */ 4145 1.1 christos s->method->ssl_read_bytes(s,0,NULL,0,0); 4146 1.1 christos if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4147 1.1 christos { 4148 1.1 christos return(-1); /* return WANT_READ */ 4149 1.1 christos } 4150 1.1 christos } 4151 1.1 christos 4152 1.1 christos if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 4153 1.1 christos !s->s3->alert_dispatch) 4154 1.1 christos return(1); 4155 1.1 christos else 4156 1.1 christos return(0); 4157 1.1 christos } 4158 1.1 christos 4159 1.1 christos int ssl3_write(SSL *s, const void *buf, int len) 4160 1.1 christos { 4161 1.1 christos int ret,n; 4162 1.1 christos 4163 1.1 christos #if 0 4164 1.1 christos if (s->shutdown & SSL_SEND_SHUTDOWN) 4165 1.1 christos { 4166 1.1 christos s->rwstate=SSL_NOTHING; 4167 1.1 christos return(0); 4168 1.1 christos } 4169 1.1 christos #endif 4170 1.1 christos clear_sys_error(); 4171 1.1 christos if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4172 1.1 christos 4173 1.1 christos /* This is an experimental flag that sends the 4174 1.1 christos * last handshake message in the same packet as the first 4175 1.1 christos * use data - used to see if it helps the TCP protocol during 4176 1.1 christos * session-id reuse */ 4177 1.1 christos /* The second test is because the buffer may have been removed */ 4178 1.1 christos if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 4179 1.1 christos { 4180 1.1 christos /* First time through, we write into the buffer */ 4181 1.1 christos if (s->s3->delay_buf_pop_ret == 0) 4182 1.1 christos { 4183 1.1 christos ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4184 1.1 christos buf,len); 4185 1.1 christos if (ret <= 0) return(ret); 4186 1.1 christos 4187 1.1 christos s->s3->delay_buf_pop_ret=ret; 4188 1.1 christos } 4189 1.1 christos 4190 1.1 christos s->rwstate=SSL_WRITING; 4191 1.1 christos n=BIO_flush(s->wbio); 4192 1.1 christos if (n <= 0) return(n); 4193 1.1 christos s->rwstate=SSL_NOTHING; 4194 1.1 christos 4195 1.1 christos /* We have flushed the buffer, so remove it */ 4196 1.1 christos ssl_free_wbio_buffer(s); 4197 1.1 christos s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 4198 1.1 christos 4199 1.1 christos ret=s->s3->delay_buf_pop_ret; 4200 1.1 christos s->s3->delay_buf_pop_ret=0; 4201 1.1 christos } 4202 1.1 christos else 4203 1.1 christos { 4204 1.1 christos ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4205 1.1 christos buf,len); 4206 1.1 christos if (ret <= 0) return(ret); 4207 1.1 christos } 4208 1.1 christos 4209 1.1 christos return(ret); 4210 1.1 christos } 4211 1.1 christos 4212 1.1 christos static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 4213 1.1 christos { 4214 1.1 christos int ret; 4215 1.1 christos 4216 1.1 christos clear_sys_error(); 4217 1.1 christos if (s->s3->renegotiate) ssl3_renegotiate_check(s); 4218 1.1 christos s->s3->in_read_app_data=1; 4219 1.1 christos ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4220 1.1 christos if ((ret == -1) && (s->s3->in_read_app_data == 2)) 4221 1.1 christos { 4222 1.1 christos /* ssl3_read_bytes decided to call s->handshake_func, which 4223 1.1 christos * called ssl3_read_bytes to read handshake data. 4224 1.1 christos * However, ssl3_read_bytes actually found application data 4225 1.1 christos * and thinks that application data makes sense here; so disable 4226 1.1 christos * handshake processing and try to read application data again. */ 4227 1.1 christos s->in_handshake++; 4228 1.1 christos ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4229 1.1 christos s->in_handshake--; 4230 1.1 christos } 4231 1.1 christos else 4232 1.1 christos s->s3->in_read_app_data=0; 4233 1.1 christos 4234 1.1 christos return(ret); 4235 1.1 christos } 4236 1.1 christos 4237 1.1 christos int ssl3_read(SSL *s, void *buf, int len) 4238 1.1 christos { 4239 1.1 christos return ssl3_read_internal(s, buf, len, 0); 4240 1.1 christos } 4241 1.1 christos 4242 1.1 christos int ssl3_peek(SSL *s, void *buf, int len) 4243 1.1 christos { 4244 1.1 christos return ssl3_read_internal(s, buf, len, 1); 4245 1.1 christos } 4246 1.1 christos 4247 1.1 christos int ssl3_renegotiate(SSL *s) 4248 1.1 christos { 4249 1.1 christos if (s->handshake_func == NULL) 4250 1.1 christos return(1); 4251 1.1 christos 4252 1.1 christos if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 4253 1.1 christos return(0); 4254 1.1 christos 4255 1.1 christos s->s3->renegotiate=1; 4256 1.1 christos return(1); 4257 1.1 christos } 4258 1.1 christos 4259 1.1 christos int ssl3_renegotiate_check(SSL *s) 4260 1.1 christos { 4261 1.1 christos int ret=0; 4262 1.1 christos 4263 1.1 christos if (s->s3->renegotiate) 4264 1.1 christos { 4265 1.1 christos if ( (s->s3->rbuf.left == 0) && 4266 1.1 christos (s->s3->wbuf.left == 0) && 4267 1.1 christos !SSL_in_init(s)) 4268 1.1 christos { 4269 1.1 christos /* 4270 1.1 christos if we are the server, and we have sent a 'RENEGOTIATE' message, we 4271 1.1 christos need to go to SSL_ST_ACCEPT. 4272 1.1 christos */ 4273 1.1 christos /* SSL_ST_ACCEPT */ 4274 1.1 christos s->state=SSL_ST_RENEGOTIATE; 4275 1.1 christos s->s3->renegotiate=0; 4276 1.1 christos s->s3->num_renegotiations++; 4277 1.1 christos s->s3->total_renegotiations++; 4278 1.1 christos ret=1; 4279 1.1 christos } 4280 1.1 christos } 4281 1.1 christos return(ret); 4282 1.1 christos } 4283 1.5 spz /* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4284 1.5 spz * to new SHA256 PRF and handshake macs 4285 1.5 spz */ 4286 1.5 spz long ssl_get_algorithm2(SSL *s) 4287 1.5 spz { 4288 1.5 spz long alg2 = s->s3->tmp.new_cipher->algorithm2; 4289 1.10 christos if (s->method->version == TLS1_2_VERSION && 4290 1.5 spz alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4291 1.5 spz return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4292 1.5 spz return alg2; 4293 1.5 spz } 4294 1.5 spz 4295
Indexes created Sun Mar 01 05:31:48 UTC 2026