155714Skris/* ssl/s3_lib.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 855714Skris * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1555714Skris * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 2255714Skris * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 3755714Skris * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4055714Skris * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 5255714Skris * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5872613Skris/* ==================================================================== 59238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 6072613Skris * 6172613Skris * Redistribution and use in source and binary forms, with or without 6272613Skris * modification, are permitted provided that the following conditions 6372613Skris * are met: 6472613Skris * 6572613Skris * 1. Redistributions of source code must retain the above copyright 6672613Skris * notice, this list of conditions and the following disclaimer. 6772613Skris * 6872613Skris * 2. Redistributions in binary form must reproduce the above copyright 6972613Skris * notice, this list of conditions and the following disclaimer in 7072613Skris * the documentation and/or other materials provided with the 7172613Skris * distribution. 7272613Skris * 7372613Skris * 3. All advertising materials mentioning features or use of this 7472613Skris * software must display the following acknowledgment: 7572613Skris * "This product includes software developed by the OpenSSL Project 7672613Skris * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7772613Skris * 7872613Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7972613Skris * endorse or promote products derived from this software without 8072613Skris * prior written permission. For written permission, please contact 8172613Skris * openssl-core@openssl.org. 8272613Skris * 8372613Skris * 5. Products derived from this software may not be called "OpenSSL" 8472613Skris * nor may "OpenSSL" appear in their names without prior written 8572613Skris * permission of the OpenSSL Project. 8672613Skris * 8772613Skris * 6. Redistributions of any form whatsoever must retain the following 8872613Skris * acknowledgment: 8972613Skris * "This product includes software developed by the OpenSSL Project 9072613Skris * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9172613Skris * 9272613Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 9372613Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9472613Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9572613Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9672613Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9772613Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9872613Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9972613Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 10072613Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10172613Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10272613Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10372613Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 10472613Skris * ==================================================================== 10572613Skris * 10672613Skris * This product includes cryptographic software written by Eric Young 10772613Skris * (eay@cryptsoft.com). This product includes software written by Tim 10872613Skris * Hudson (tjh@cryptsoft.com). 10972613Skris * 11072613Skris */ 111160814Ssimon/* ==================================================================== 112160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113160814Ssimon * 114160814Ssimon * Portions of the attached software ("Contribution") are developed by 115160814Ssimon * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116160814Ssimon * 117160814Ssimon * The Contribution is licensed pursuant to the OpenSSL open source 118160814Ssimon * license provided above. 119160814Ssimon * 120160814Ssimon * ECC cipher suite support in OpenSSL originally written by 121160814Ssimon * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122160814Ssimon * 123160814Ssimon */ 124238405Sjkim/* ==================================================================== 125238405Sjkim * Copyright 2005 Nokia. All rights reserved. 126238405Sjkim * 127238405Sjkim * The portions of the attached software ("Contribution") is developed by 128238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129238405Sjkim * license. 130238405Sjkim * 131238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133238405Sjkim * support (see RFC 4279) to OpenSSL. 134238405Sjkim * 135238405Sjkim * No patent licenses or other rights except those expressly stated in 136238405Sjkim * the OpenSSL open source license shall be deemed granted or received 137238405Sjkim * expressly, by implication, estoppel, or otherwise. 138238405Sjkim * 139238405Sjkim * No assurances are provided by Nokia that the Contribution does not 140238405Sjkim * infringe the patent or other intellectual property rights of any third 141238405Sjkim * party or that the license provides you with all the necessary rights 142238405Sjkim * to make use of the Contribution. 143238405Sjkim * 144238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148238405Sjkim * OTHERWISE. 149238405Sjkim */ 15055714Skris 15155714Skris#include <stdio.h> 15255714Skris#include <openssl/objects.h> 15355714Skris#include "ssl_locl.h" 154109998Smarkm#include "kssl_lcl.h" 155238405Sjkim#ifndef OPENSSL_NO_TLSEXT 156238405Sjkim#ifndef OPENSSL_NO_EC 157238405Sjkim#include "../crypto/ec/ec_lcl.h" 158238405Sjkim#endif /* OPENSSL_NO_EC */ 159238405Sjkim#endif /* OPENSSL_NO_TLSEXT */ 160109998Smarkm#include <openssl/md5.h> 161160814Ssimon#ifndef OPENSSL_NO_DH 162160814Ssimon#include <openssl/dh.h> 163160814Ssimon#endif 16455714Skris 165167612Ssimonconst char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 16655714Skris 16755714Skris#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 16855714Skris 169160814Ssimon/* list of available SSLv3 ciphers (sorted by id) */ 17055714SkrisOPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 171238405Sjkim 17255714Skris/* The RSA ciphers */ 17355714Skris/* Cipher 01 */ 17455714Skris { 17555714Skris 1, 17655714Skris SSL3_TXT_RSA_NULL_MD5, 17755714Skris SSL3_CK_RSA_NULL_MD5, 178238405Sjkim SSL_kRSA, 179238405Sjkim SSL_aRSA, 180238405Sjkim SSL_eNULL, 181238405Sjkim SSL_MD5, 182238405Sjkim SSL_SSLV3, 183100936Snectar SSL_NOT_EXP|SSL_STRONG_NONE, 184238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 18555714Skris 0, 18659191Skris 0, 18755714Skris }, 188238405Sjkim 18955714Skris/* Cipher 02 */ 19055714Skris { 19155714Skris 1, 19255714Skris SSL3_TXT_RSA_NULL_SHA, 19355714Skris SSL3_CK_RSA_NULL_SHA, 194238405Sjkim SSL_kRSA, 195238405Sjkim SSL_aRSA, 196238405Sjkim SSL_eNULL, 197238405Sjkim SSL_SHA1, 198238405Sjkim SSL_SSLV3, 199194206Ssimon SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 200238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 20155714Skris 0, 20259191Skris 0, 20355714Skris }, 204238405Sjkim 20555714Skris/* Cipher 03 */ 20655714Skris { 20755714Skris 1, 20855714Skris SSL3_TXT_RSA_RC4_40_MD5, 20955714Skris SSL3_CK_RSA_RC4_40_MD5, 210238405Sjkim SSL_kRSA, 211238405Sjkim SSL_aRSA, 212238405Sjkim SSL_RC4, 213238405Sjkim SSL_MD5, 214238405Sjkim SSL_SSLV3, 21559191Skris SSL_EXPORT|SSL_EXP40, 216238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 21759191Skris 40, 21859191Skris 128, 21955714Skris }, 220238405Sjkim 22155714Skris/* Cipher 04 */ 22255714Skris { 22355714Skris 1, 22455714Skris SSL3_TXT_RSA_RC4_128_MD5, 22555714Skris SSL3_CK_RSA_RC4_128_MD5, 226238405Sjkim SSL_kRSA, 227238405Sjkim SSL_aRSA, 228238405Sjkim SSL_RC4, 229238405Sjkim SSL_MD5, 230238405Sjkim SSL_SSLV3, 23159191Skris SSL_NOT_EXP|SSL_MEDIUM, 232238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 23359191Skris 128, 23459191Skris 128, 23555714Skris }, 236238405Sjkim 23755714Skris/* Cipher 05 */ 23855714Skris { 23955714Skris 1, 24055714Skris SSL3_TXT_RSA_RC4_128_SHA, 24155714Skris SSL3_CK_RSA_RC4_128_SHA, 242238405Sjkim SSL_kRSA, 243238405Sjkim SSL_aRSA, 244238405Sjkim SSL_RC4, 245238405Sjkim SSL_SHA1, 246238405Sjkim SSL_SSLV3, 24759191Skris SSL_NOT_EXP|SSL_MEDIUM, 248238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 24959191Skris 128, 25059191Skris 128, 25155714Skris }, 252238405Sjkim 25355714Skris/* Cipher 06 */ 25455714Skris { 25555714Skris 1, 25655714Skris SSL3_TXT_RSA_RC2_40_MD5, 25755714Skris SSL3_CK_RSA_RC2_40_MD5, 258238405Sjkim SSL_kRSA, 259238405Sjkim SSL_aRSA, 260238405Sjkim SSL_RC2, 261238405Sjkim SSL_MD5, 262238405Sjkim SSL_SSLV3, 26359191Skris SSL_EXPORT|SSL_EXP40, 264238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 26559191Skris 40, 26659191Skris 128, 26755714Skris }, 268238405Sjkim 26955714Skris/* Cipher 07 */ 270127128Snectar#ifndef OPENSSL_NO_IDEA 27155714Skris { 27255714Skris 1, 27355714Skris SSL3_TXT_RSA_IDEA_128_SHA, 27455714Skris SSL3_CK_RSA_IDEA_128_SHA, 275238405Sjkim SSL_kRSA, 276238405Sjkim SSL_aRSA, 277238405Sjkim SSL_IDEA, 278238405Sjkim SSL_SHA1, 279238405Sjkim SSL_SSLV3, 28059191Skris SSL_NOT_EXP|SSL_MEDIUM, 281238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 28259191Skris 128, 28359191Skris 128, 28455714Skris }, 285127128Snectar#endif 286238405Sjkim 28755714Skris/* Cipher 08 */ 28855714Skris { 28955714Skris 1, 29055714Skris SSL3_TXT_RSA_DES_40_CBC_SHA, 29155714Skris SSL3_CK_RSA_DES_40_CBC_SHA, 292238405Sjkim SSL_kRSA, 293238405Sjkim SSL_aRSA, 294238405Sjkim SSL_DES, 295238405Sjkim SSL_SHA1, 296238405Sjkim SSL_SSLV3, 297160814Ssimon SSL_EXPORT|SSL_EXP40, 298238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 29959191Skris 40, 30059191Skris 56, 30155714Skris }, 302238405Sjkim 30355714Skris/* Cipher 09 */ 30455714Skris { 30555714Skris 1, 30655714Skris SSL3_TXT_RSA_DES_64_CBC_SHA, 30755714Skris SSL3_CK_RSA_DES_64_CBC_SHA, 308238405Sjkim SSL_kRSA, 309238405Sjkim SSL_aRSA, 310238405Sjkim SSL_DES, 311238405Sjkim SSL_SHA1, 312238405Sjkim SSL_SSLV3, 313160814Ssimon SSL_NOT_EXP|SSL_LOW, 314238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 31559191Skris 56, 31659191Skris 56, 31755714Skris }, 318238405Sjkim 31955714Skris/* Cipher 0A */ 32055714Skris { 32155714Skris 1, 32255714Skris SSL3_TXT_RSA_DES_192_CBC3_SHA, 32355714Skris SSL3_CK_RSA_DES_192_CBC3_SHA, 324238405Sjkim SSL_kRSA, 325238405Sjkim SSL_aRSA, 326238405Sjkim SSL_3DES, 327238405Sjkim SSL_SHA1, 328238405Sjkim SSL_SSLV3, 329194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 330238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 331279264Sdelphij 112, 33259191Skris 168, 33355714Skris }, 334238405Sjkim 335160814Ssimon/* The DH ciphers */ 33655714Skris/* Cipher 0B */ 33755714Skris { 33855714Skris 0, 33955714Skris SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 34055714Skris SSL3_CK_DH_DSS_DES_40_CBC_SHA, 341238405Sjkim SSL_kDHd, 342238405Sjkim SSL_aDH, 343238405Sjkim SSL_DES, 344238405Sjkim SSL_SHA1, 345238405Sjkim SSL_SSLV3, 346160814Ssimon SSL_EXPORT|SSL_EXP40, 347238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 34859191Skris 40, 34959191Skris 56, 35055714Skris }, 351238405Sjkim 35255714Skris/* Cipher 0C */ 35355714Skris { 354238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 35555714Skris SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 35655714Skris SSL3_CK_DH_DSS_DES_64_CBC_SHA, 357238405Sjkim SSL_kDHd, 358238405Sjkim SSL_aDH, 359238405Sjkim SSL_DES, 360238405Sjkim SSL_SHA1, 361238405Sjkim SSL_SSLV3, 362160814Ssimon SSL_NOT_EXP|SSL_LOW, 363238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 36459191Skris 56, 36559191Skris 56, 36655714Skris }, 367238405Sjkim 36855714Skris/* Cipher 0D */ 36955714Skris { 370238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 37155714Skris SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 37255714Skris SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 373238405Sjkim SSL_kDHd, 374238405Sjkim SSL_aDH, 375238405Sjkim SSL_3DES, 376238405Sjkim SSL_SHA1, 377238405Sjkim SSL_SSLV3, 378194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 379238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 380279264Sdelphij 112, 38159191Skris 168, 38255714Skris }, 383238405Sjkim 38455714Skris/* Cipher 0E */ 38555714Skris { 386238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 38755714Skris SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 38855714Skris SSL3_CK_DH_RSA_DES_40_CBC_SHA, 389238405Sjkim SSL_kDHr, 390238405Sjkim SSL_aDH, 391238405Sjkim SSL_DES, 392238405Sjkim SSL_SHA1, 393238405Sjkim SSL_SSLV3, 394160814Ssimon SSL_EXPORT|SSL_EXP40, 395238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 39659191Skris 40, 39759191Skris 56, 39855714Skris }, 399238405Sjkim 40055714Skris/* Cipher 0F */ 40155714Skris { 402238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 40355714Skris SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 40455714Skris SSL3_CK_DH_RSA_DES_64_CBC_SHA, 405238405Sjkim SSL_kDHr, 406238405Sjkim SSL_aDH, 407238405Sjkim SSL_DES, 408238405Sjkim SSL_SHA1, 409238405Sjkim SSL_SSLV3, 410160814Ssimon SSL_NOT_EXP|SSL_LOW, 411238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 41259191Skris 56, 41359191Skris 56, 41455714Skris }, 415238405Sjkim 41655714Skris/* Cipher 10 */ 41755714Skris { 418238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 41955714Skris SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 42055714Skris SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 421238405Sjkim SSL_kDHr, 422238405Sjkim SSL_aDH, 423238405Sjkim SSL_3DES, 424238405Sjkim SSL_SHA1, 425238405Sjkim SSL_SSLV3, 426194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 427238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 428279264Sdelphij 112, 42959191Skris 168, 43055714Skris }, 43155714Skris 43255714Skris/* The Ephemeral DH ciphers */ 43355714Skris/* Cipher 11 */ 43455714Skris { 43555714Skris 1, 43655714Skris SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 43755714Skris SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 438238405Sjkim SSL_kEDH, 439238405Sjkim SSL_aDSS, 440238405Sjkim SSL_DES, 441238405Sjkim SSL_SHA1, 442238405Sjkim SSL_SSLV3, 443160814Ssimon SSL_EXPORT|SSL_EXP40, 444238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 44559191Skris 40, 44659191Skris 56, 44755714Skris }, 448238405Sjkim 44955714Skris/* Cipher 12 */ 45055714Skris { 45155714Skris 1, 45255714Skris SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 45355714Skris SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 454238405Sjkim SSL_kEDH, 455238405Sjkim SSL_aDSS, 456238405Sjkim SSL_DES, 457238405Sjkim SSL_SHA1, 458238405Sjkim SSL_SSLV3, 459160814Ssimon SSL_NOT_EXP|SSL_LOW, 460238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 46159191Skris 56, 46259191Skris 56, 46355714Skris }, 464238405Sjkim 46555714Skris/* Cipher 13 */ 46655714Skris { 46755714Skris 1, 46855714Skris SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 46955714Skris SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 470238405Sjkim SSL_kEDH, 471238405Sjkim SSL_aDSS, 472238405Sjkim SSL_3DES, 473238405Sjkim SSL_SHA1, 474238405Sjkim SSL_SSLV3, 475194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 476238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 477279264Sdelphij 112, 47859191Skris 168, 47955714Skris }, 480238405Sjkim 48155714Skris/* Cipher 14 */ 48255714Skris { 48355714Skris 1, 48455714Skris SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 48555714Skris SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 486238405Sjkim SSL_kEDH, 487238405Sjkim SSL_aRSA, 488238405Sjkim SSL_DES, 489238405Sjkim SSL_SHA1, 490238405Sjkim SSL_SSLV3, 491160814Ssimon SSL_EXPORT|SSL_EXP40, 492238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 49359191Skris 40, 49459191Skris 56, 49555714Skris }, 496238405Sjkim 49755714Skris/* Cipher 15 */ 49855714Skris { 49955714Skris 1, 50055714Skris SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 50155714Skris SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 502238405Sjkim SSL_kEDH, 503238405Sjkim SSL_aRSA, 504238405Sjkim SSL_DES, 505238405Sjkim SSL_SHA1, 506238405Sjkim SSL_SSLV3, 507160814Ssimon SSL_NOT_EXP|SSL_LOW, 508238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 50959191Skris 56, 51059191Skris 56, 51155714Skris }, 512238405Sjkim 51355714Skris/* Cipher 16 */ 51455714Skris { 51555714Skris 1, 51655714Skris SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 51755714Skris SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 518238405Sjkim SSL_kEDH, 519238405Sjkim SSL_aRSA, 520238405Sjkim SSL_3DES, 521238405Sjkim SSL_SHA1, 522238405Sjkim SSL_SSLV3, 523194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 524238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 525279264Sdelphij 112, 52659191Skris 168, 52755714Skris }, 528238405Sjkim 529160814Ssimon/* Cipher 17 */ 530160814Ssimon { 531160814Ssimon 1, 532160814Ssimon SSL3_TXT_ADH_RC4_40_MD5, 533160814Ssimon SSL3_CK_ADH_RC4_40_MD5, 534238405Sjkim SSL_kEDH, 535238405Sjkim SSL_aNULL, 536238405Sjkim SSL_RC4, 537238405Sjkim SSL_MD5, 538238405Sjkim SSL_SSLV3, 539160814Ssimon SSL_EXPORT|SSL_EXP40, 540238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 541160814Ssimon 40, 542160814Ssimon 128, 543160814Ssimon }, 544238405Sjkim 545160814Ssimon/* Cipher 18 */ 546160814Ssimon { 547160814Ssimon 1, 548160814Ssimon SSL3_TXT_ADH_RC4_128_MD5, 549160814Ssimon SSL3_CK_ADH_RC4_128_MD5, 550238405Sjkim SSL_kEDH, 551238405Sjkim SSL_aNULL, 552238405Sjkim SSL_RC4, 553238405Sjkim SSL_MD5, 554238405Sjkim SSL_SSLV3, 555160814Ssimon SSL_NOT_EXP|SSL_MEDIUM, 556238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 557160814Ssimon 128, 558160814Ssimon 128, 559160814Ssimon }, 560238405Sjkim 561160814Ssimon/* Cipher 19 */ 562160814Ssimon { 563160814Ssimon 1, 564160814Ssimon SSL3_TXT_ADH_DES_40_CBC_SHA, 565160814Ssimon SSL3_CK_ADH_DES_40_CBC_SHA, 566238405Sjkim SSL_kEDH, 567238405Sjkim SSL_aNULL, 568238405Sjkim SSL_DES, 569238405Sjkim SSL_SHA1, 570238405Sjkim SSL_SSLV3, 571160814Ssimon SSL_EXPORT|SSL_EXP40, 572238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 573160814Ssimon 40, 574160814Ssimon 128, 575160814Ssimon }, 576238405Sjkim 577160814Ssimon/* Cipher 1A */ 578160814Ssimon { 579160814Ssimon 1, 580160814Ssimon SSL3_TXT_ADH_DES_64_CBC_SHA, 581160814Ssimon SSL3_CK_ADH_DES_64_CBC_SHA, 582238405Sjkim SSL_kEDH, 583238405Sjkim SSL_aNULL, 584238405Sjkim SSL_DES, 585238405Sjkim SSL_SHA1, 586238405Sjkim SSL_SSLV3, 587160814Ssimon SSL_NOT_EXP|SSL_LOW, 588238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 589160814Ssimon 56, 590160814Ssimon 56, 591160814Ssimon }, 592238405Sjkim 593160814Ssimon/* Cipher 1B */ 594160814Ssimon { 595160814Ssimon 1, 596160814Ssimon SSL3_TXT_ADH_DES_192_CBC_SHA, 597160814Ssimon SSL3_CK_ADH_DES_192_CBC_SHA, 598238405Sjkim SSL_kEDH, 599238405Sjkim SSL_aNULL, 600238405Sjkim SSL_3DES, 601238405Sjkim SSL_SHA1, 602238405Sjkim SSL_SSLV3, 603194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 604238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 605279264Sdelphij 112, 606160814Ssimon 168, 607160814Ssimon }, 60855714Skris 609238405Sjkim/* Fortezza ciphersuite from SSL 3.0 spec */ 610238405Sjkim#if 0 61155714Skris/* Cipher 1C */ 61255714Skris { 61355714Skris 0, 61455714Skris SSL3_TXT_FZA_DMS_NULL_SHA, 61555714Skris SSL3_CK_FZA_DMS_NULL_SHA, 616238405Sjkim SSL_kFZA, 617238405Sjkim SSL_aFZA, 618238405Sjkim SSL_eNULL, 619238405Sjkim SSL_SHA1, 620238405Sjkim SSL_SSLV3, 621100936Snectar SSL_NOT_EXP|SSL_STRONG_NONE, 622238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 62355714Skris 0, 62459191Skris 0, 62555714Skris }, 62655714Skris 62755714Skris/* Cipher 1D */ 62855714Skris { 62955714Skris 0, 63055714Skris SSL3_TXT_FZA_DMS_FZA_SHA, 63155714Skris SSL3_CK_FZA_DMS_FZA_SHA, 632238405Sjkim SSL_kFZA, 633238405Sjkim SSL_aFZA, 634238405Sjkim SSL_eFZA, 635238405Sjkim SSL_SHA1, 636238405Sjkim SSL_SSLV3, 637100936Snectar SSL_NOT_EXP|SSL_STRONG_NONE, 638238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 63955714Skris 0, 64059191Skris 0, 64155714Skris }, 64255714Skris 64355714Skris/* Cipher 1E */ 64455714Skris { 64555714Skris 0, 64655714Skris SSL3_TXT_FZA_DMS_RC4_SHA, 64755714Skris SSL3_CK_FZA_DMS_RC4_SHA, 648238405Sjkim SSL_kFZA, 649238405Sjkim SSL_aFZA, 650238405Sjkim SSL_RC4, 651238405Sjkim SSL_SHA1, 652238405Sjkim SSL_SSLV3, 653100928Snectar SSL_NOT_EXP|SSL_MEDIUM, 654238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 65559191Skris 128, 65659191Skris 128, 65755714Skris }, 658109998Smarkm#endif 65955714Skris 660109998Smarkm#ifndef OPENSSL_NO_KRB5 661238405Sjkim/* The Kerberos ciphers*/ 662194206Ssimon/* Cipher 1E */ 663109998Smarkm { 664109998Smarkm 1, 665109998Smarkm SSL3_TXT_KRB5_DES_64_CBC_SHA, 666109998Smarkm SSL3_CK_KRB5_DES_64_CBC_SHA, 667238405Sjkim SSL_kKRB5, 668238405Sjkim SSL_aKRB5, 669238405Sjkim SSL_DES, 670238405Sjkim SSL_SHA1, 671238405Sjkim SSL_SSLV3, 672109998Smarkm SSL_NOT_EXP|SSL_LOW, 673238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 674109998Smarkm 56, 675109998Smarkm 56, 676109998Smarkm }, 677109998Smarkm 678194206Ssimon/* Cipher 1F */ 679109998Smarkm { 680109998Smarkm 1, 681109998Smarkm SSL3_TXT_KRB5_DES_192_CBC3_SHA, 682109998Smarkm SSL3_CK_KRB5_DES_192_CBC3_SHA, 683238405Sjkim SSL_kKRB5, 684238405Sjkim SSL_aKRB5, 685238405Sjkim SSL_3DES, 686238405Sjkim SSL_SHA1, 687238405Sjkim SSL_SSLV3, 688194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 689238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 690279264Sdelphij 112, 691109998Smarkm 168, 692109998Smarkm }, 693109998Smarkm 694194206Ssimon/* Cipher 20 */ 695109998Smarkm { 696109998Smarkm 1, 697109998Smarkm SSL3_TXT_KRB5_RC4_128_SHA, 698109998Smarkm SSL3_CK_KRB5_RC4_128_SHA, 699238405Sjkim SSL_kKRB5, 700238405Sjkim SSL_aKRB5, 701238405Sjkim SSL_RC4, 702238405Sjkim SSL_SHA1, 703238405Sjkim SSL_SSLV3, 704109998Smarkm SSL_NOT_EXP|SSL_MEDIUM, 705238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 706109998Smarkm 128, 707109998Smarkm 128, 708109998Smarkm }, 709109998Smarkm 710194206Ssimon/* Cipher 21 */ 711109998Smarkm { 712109998Smarkm 1, 713109998Smarkm SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 714109998Smarkm SSL3_CK_KRB5_IDEA_128_CBC_SHA, 715238405Sjkim SSL_kKRB5, 716238405Sjkim SSL_aKRB5, 717238405Sjkim SSL_IDEA, 718238405Sjkim SSL_SHA1, 719238405Sjkim SSL_SSLV3, 720109998Smarkm SSL_NOT_EXP|SSL_MEDIUM, 721238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 722109998Smarkm 128, 723109998Smarkm 128, 724109998Smarkm }, 725109998Smarkm 726194206Ssimon/* Cipher 22 */ 727109998Smarkm { 728109998Smarkm 1, 729109998Smarkm SSL3_TXT_KRB5_DES_64_CBC_MD5, 730109998Smarkm SSL3_CK_KRB5_DES_64_CBC_MD5, 731238405Sjkim SSL_kKRB5, 732238405Sjkim SSL_aKRB5, 733238405Sjkim SSL_DES, 734238405Sjkim SSL_MD5, 735238405Sjkim SSL_SSLV3, 736109998Smarkm SSL_NOT_EXP|SSL_LOW, 737238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 738109998Smarkm 56, 739109998Smarkm 56, 740109998Smarkm }, 741109998Smarkm 742194206Ssimon/* Cipher 23 */ 743109998Smarkm { 744109998Smarkm 1, 745109998Smarkm SSL3_TXT_KRB5_DES_192_CBC3_MD5, 746109998Smarkm SSL3_CK_KRB5_DES_192_CBC3_MD5, 747238405Sjkim SSL_kKRB5, 748238405Sjkim SSL_aKRB5, 749238405Sjkim SSL_3DES, 750238405Sjkim SSL_MD5, 751238405Sjkim SSL_SSLV3, 752109998Smarkm SSL_NOT_EXP|SSL_HIGH, 753238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 754279264Sdelphij 112, 755109998Smarkm 168, 756109998Smarkm }, 757109998Smarkm 758194206Ssimon/* Cipher 24 */ 759109998Smarkm { 760109998Smarkm 1, 761109998Smarkm SSL3_TXT_KRB5_RC4_128_MD5, 762109998Smarkm SSL3_CK_KRB5_RC4_128_MD5, 763238405Sjkim SSL_kKRB5, 764238405Sjkim SSL_aKRB5, 765238405Sjkim SSL_RC4, 766238405Sjkim SSL_MD5, 767238405Sjkim SSL_SSLV3, 768109998Smarkm SSL_NOT_EXP|SSL_MEDIUM, 769238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 770109998Smarkm 128, 771109998Smarkm 128, 772109998Smarkm }, 773109998Smarkm 774194206Ssimon/* Cipher 25 */ 775109998Smarkm { 776109998Smarkm 1, 777109998Smarkm SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 778109998Smarkm SSL3_CK_KRB5_IDEA_128_CBC_MD5, 779238405Sjkim SSL_kKRB5, 780238405Sjkim SSL_aKRB5, 781238405Sjkim SSL_IDEA, 782238405Sjkim SSL_MD5, 783238405Sjkim SSL_SSLV3, 784109998Smarkm SSL_NOT_EXP|SSL_MEDIUM, 785238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 786109998Smarkm 128, 787109998Smarkm 128, 788109998Smarkm }, 789109998Smarkm 790194206Ssimon/* Cipher 26 */ 791109998Smarkm { 792109998Smarkm 1, 793109998Smarkm SSL3_TXT_KRB5_DES_40_CBC_SHA, 794109998Smarkm SSL3_CK_KRB5_DES_40_CBC_SHA, 795238405Sjkim SSL_kKRB5, 796238405Sjkim SSL_aKRB5, 797238405Sjkim SSL_DES, 798238405Sjkim SSL_SHA1, 799238405Sjkim SSL_SSLV3, 800109998Smarkm SSL_EXPORT|SSL_EXP40, 801238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 802109998Smarkm 40, 803109998Smarkm 56, 804109998Smarkm }, 805109998Smarkm 806194206Ssimon/* Cipher 27 */ 807109998Smarkm { 808109998Smarkm 1, 809109998Smarkm SSL3_TXT_KRB5_RC2_40_CBC_SHA, 810109998Smarkm SSL3_CK_KRB5_RC2_40_CBC_SHA, 811238405Sjkim SSL_kKRB5, 812238405Sjkim SSL_aKRB5, 813238405Sjkim SSL_RC2, 814238405Sjkim SSL_SHA1, 815238405Sjkim SSL_SSLV3, 816109998Smarkm SSL_EXPORT|SSL_EXP40, 817238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 818109998Smarkm 40, 819109998Smarkm 128, 820109998Smarkm }, 821109998Smarkm 822194206Ssimon/* Cipher 28 */ 823109998Smarkm { 824109998Smarkm 1, 825109998Smarkm SSL3_TXT_KRB5_RC4_40_SHA, 826109998Smarkm SSL3_CK_KRB5_RC4_40_SHA, 827238405Sjkim SSL_kKRB5, 828238405Sjkim SSL_aKRB5, 829238405Sjkim SSL_RC4, 830238405Sjkim SSL_SHA1, 831238405Sjkim SSL_SSLV3, 832109998Smarkm SSL_EXPORT|SSL_EXP40, 833238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 834167612Ssimon 40, 835109998Smarkm 128, 836109998Smarkm }, 837109998Smarkm 838194206Ssimon/* Cipher 29 */ 839109998Smarkm { 840109998Smarkm 1, 841109998Smarkm SSL3_TXT_KRB5_DES_40_CBC_MD5, 842109998Smarkm SSL3_CK_KRB5_DES_40_CBC_MD5, 843238405Sjkim SSL_kKRB5, 844238405Sjkim SSL_aKRB5, 845238405Sjkim SSL_DES, 846238405Sjkim SSL_MD5, 847238405Sjkim SSL_SSLV3, 848109998Smarkm SSL_EXPORT|SSL_EXP40, 849238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 850109998Smarkm 40, 851109998Smarkm 56, 852109998Smarkm }, 853109998Smarkm 854194206Ssimon/* Cipher 2A */ 855109998Smarkm { 856109998Smarkm 1, 857109998Smarkm SSL3_TXT_KRB5_RC2_40_CBC_MD5, 858109998Smarkm SSL3_CK_KRB5_RC2_40_CBC_MD5, 859238405Sjkim SSL_kKRB5, 860238405Sjkim SSL_aKRB5, 861238405Sjkim SSL_RC2, 862238405Sjkim SSL_MD5, 863238405Sjkim SSL_SSLV3, 864109998Smarkm SSL_EXPORT|SSL_EXP40, 865238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 866109998Smarkm 40, 867109998Smarkm 128, 868109998Smarkm }, 869109998Smarkm 870194206Ssimon/* Cipher 2B */ 871109998Smarkm { 872109998Smarkm 1, 873109998Smarkm SSL3_TXT_KRB5_RC4_40_MD5, 874109998Smarkm SSL3_CK_KRB5_RC4_40_MD5, 875238405Sjkim SSL_kKRB5, 876238405Sjkim SSL_aKRB5, 877238405Sjkim SSL_RC4, 878238405Sjkim SSL_MD5, 879238405Sjkim SSL_SSLV3, 880109998Smarkm SSL_EXPORT|SSL_EXP40, 881238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 882167612Ssimon 40, 883109998Smarkm 128, 884109998Smarkm }, 885109998Smarkm#endif /* OPENSSL_NO_KRB5 */ 886194206Ssimon 887160814Ssimon/* New AES ciphersuites */ 888160814Ssimon/* Cipher 2F */ 889160814Ssimon { 890160814Ssimon 1, 891160814Ssimon TLS1_TXT_RSA_WITH_AES_128_SHA, 892160814Ssimon TLS1_CK_RSA_WITH_AES_128_SHA, 893238405Sjkim SSL_kRSA, 894238405Sjkim SSL_aRSA, 895238405Sjkim SSL_AES128, 896238405Sjkim SSL_SHA1, 897238405Sjkim SSL_TLSV1, 898194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 899238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 900160814Ssimon 128, 901160814Ssimon 128, 902160814Ssimon }, 903160814Ssimon/* Cipher 30 */ 904160814Ssimon { 905160814Ssimon 0, 906160814Ssimon TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 907160814Ssimon TLS1_CK_DH_DSS_WITH_AES_128_SHA, 908238405Sjkim SSL_kDHd, 909238405Sjkim SSL_aDH, 910238405Sjkim SSL_AES128, 911238405Sjkim SSL_SHA1, 912238405Sjkim SSL_TLSV1, 913194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 914238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 915160814Ssimon 128, 916160814Ssimon 128, 917160814Ssimon }, 918160814Ssimon/* Cipher 31 */ 919160814Ssimon { 920160814Ssimon 0, 921160814Ssimon TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 922160814Ssimon TLS1_CK_DH_RSA_WITH_AES_128_SHA, 923238405Sjkim SSL_kDHr, 924238405Sjkim SSL_aDH, 925238405Sjkim SSL_AES128, 926238405Sjkim SSL_SHA1, 927238405Sjkim SSL_TLSV1, 928194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 929238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 930160814Ssimon 128, 931160814Ssimon 128, 932160814Ssimon }, 933160814Ssimon/* Cipher 32 */ 934160814Ssimon { 935160814Ssimon 1, 936160814Ssimon TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 937160814Ssimon TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 938238405Sjkim SSL_kEDH, 939238405Sjkim SSL_aDSS, 940238405Sjkim SSL_AES128, 941238405Sjkim SSL_SHA1, 942238405Sjkim SSL_TLSV1, 943194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 944238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 945160814Ssimon 128, 946160814Ssimon 128, 947160814Ssimon }, 948160814Ssimon/* Cipher 33 */ 949160814Ssimon { 950160814Ssimon 1, 951160814Ssimon TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 952160814Ssimon TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 953238405Sjkim SSL_kEDH, 954238405Sjkim SSL_aRSA, 955238405Sjkim SSL_AES128, 956238405Sjkim SSL_SHA1, 957238405Sjkim SSL_TLSV1, 958194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 959238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 960160814Ssimon 128, 961160814Ssimon 128, 962160814Ssimon }, 963160814Ssimon/* Cipher 34 */ 964160814Ssimon { 965160814Ssimon 1, 966160814Ssimon TLS1_TXT_ADH_WITH_AES_128_SHA, 967160814Ssimon TLS1_CK_ADH_WITH_AES_128_SHA, 968238405Sjkim SSL_kEDH, 969238405Sjkim SSL_aNULL, 970238405Sjkim SSL_AES128, 971238405Sjkim SSL_SHA1, 972238405Sjkim SSL_TLSV1, 973194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 974238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 975160814Ssimon 128, 976160814Ssimon 128, 977160814Ssimon }, 978109998Smarkm 979160814Ssimon/* Cipher 35 */ 980160814Ssimon { 981160814Ssimon 1, 982160814Ssimon TLS1_TXT_RSA_WITH_AES_256_SHA, 983160814Ssimon TLS1_CK_RSA_WITH_AES_256_SHA, 984238405Sjkim SSL_kRSA, 985238405Sjkim SSL_aRSA, 986238405Sjkim SSL_AES256, 987238405Sjkim SSL_SHA1, 988238405Sjkim SSL_TLSV1, 989194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 990238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 991160814Ssimon 256, 992160814Ssimon 256, 993160814Ssimon }, 994160814Ssimon/* Cipher 36 */ 995160814Ssimon { 996160814Ssimon 0, 997160814Ssimon TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 998160814Ssimon TLS1_CK_DH_DSS_WITH_AES_256_SHA, 999238405Sjkim SSL_kDHd, 1000238405Sjkim SSL_aDH, 1001238405Sjkim SSL_AES256, 1002238405Sjkim SSL_SHA1, 1003238405Sjkim SSL_TLSV1, 1004194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1005238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1006160814Ssimon 256, 1007160814Ssimon 256, 1008160814Ssimon }, 1009238405Sjkim 1010160814Ssimon/* Cipher 37 */ 1011160814Ssimon { 1012238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 1013160814Ssimon TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1014160814Ssimon TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1015238405Sjkim SSL_kDHr, 1016238405Sjkim SSL_aDH, 1017238405Sjkim SSL_AES256, 1018238405Sjkim SSL_SHA1, 1019238405Sjkim SSL_TLSV1, 1020194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1021238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1022160814Ssimon 256, 1023160814Ssimon 256, 1024160814Ssimon }, 1025238405Sjkim 1026160814Ssimon/* Cipher 38 */ 1027160814Ssimon { 1028160814Ssimon 1, 1029160814Ssimon TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1030160814Ssimon TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1031238405Sjkim SSL_kEDH, 1032238405Sjkim SSL_aDSS, 1033238405Sjkim SSL_AES256, 1034238405Sjkim SSL_SHA1, 1035238405Sjkim SSL_TLSV1, 1036194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1037238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1038160814Ssimon 256, 1039160814Ssimon 256, 1040160814Ssimon }, 1041238405Sjkim 1042160814Ssimon/* Cipher 39 */ 1043160814Ssimon { 1044160814Ssimon 1, 1045160814Ssimon TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1046160814Ssimon TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1047238405Sjkim SSL_kEDH, 1048238405Sjkim SSL_aRSA, 1049238405Sjkim SSL_AES256, 1050238405Sjkim SSL_SHA1, 1051238405Sjkim SSL_TLSV1, 1052194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1053238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1054160814Ssimon 256, 1055160814Ssimon 256, 1056160814Ssimon }, 1057238405Sjkim 1058160814Ssimon /* Cipher 3A */ 1059160814Ssimon { 1060160814Ssimon 1, 1061160814Ssimon TLS1_TXT_ADH_WITH_AES_256_SHA, 1062160814Ssimon TLS1_CK_ADH_WITH_AES_256_SHA, 1063238405Sjkim SSL_kEDH, 1064238405Sjkim SSL_aNULL, 1065238405Sjkim SSL_AES256, 1066238405Sjkim SSL_SHA1, 1067238405Sjkim SSL_TLSV1, 1068194206Ssimon SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1069238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1070238405Sjkim 256, 1071238405Sjkim 256, 1072238405Sjkim }, 1073238405Sjkim 1074238405Sjkim /* TLS v1.2 ciphersuites */ 1075238405Sjkim /* Cipher 3B */ 1076238405Sjkim { 1077238405Sjkim 1, 1078238405Sjkim TLS1_TXT_RSA_WITH_NULL_SHA256, 1079238405Sjkim TLS1_CK_RSA_WITH_NULL_SHA256, 1080238405Sjkim SSL_kRSA, 1081238405Sjkim SSL_aRSA, 1082238405Sjkim SSL_eNULL, 1083238405Sjkim SSL_SHA256, 1084238405Sjkim SSL_TLSV1_2, 1085238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1086238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1087160814Ssimon 0, 1088238405Sjkim 0, 1089238405Sjkim }, 1090238405Sjkim 1091238405Sjkim /* Cipher 3C */ 1092238405Sjkim { 1093238405Sjkim 1, 1094238405Sjkim TLS1_TXT_RSA_WITH_AES_128_SHA256, 1095238405Sjkim TLS1_CK_RSA_WITH_AES_128_SHA256, 1096238405Sjkim SSL_kRSA, 1097238405Sjkim SSL_aRSA, 1098238405Sjkim SSL_AES128, 1099238405Sjkim SSL_SHA256, 1100238405Sjkim SSL_TLSV1_2, 1101238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1102238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1103238405Sjkim 128, 1104238405Sjkim 128, 1105238405Sjkim }, 1106238405Sjkim 1107238405Sjkim /* Cipher 3D */ 1108238405Sjkim { 1109238405Sjkim 1, 1110238405Sjkim TLS1_TXT_RSA_WITH_AES_256_SHA256, 1111238405Sjkim TLS1_CK_RSA_WITH_AES_256_SHA256, 1112238405Sjkim SSL_kRSA, 1113238405Sjkim SSL_aRSA, 1114238405Sjkim SSL_AES256, 1115238405Sjkim SSL_SHA256, 1116238405Sjkim SSL_TLSV1_2, 1117238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1118238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1119160814Ssimon 256, 1120160814Ssimon 256, 1121160814Ssimon }, 1122160814Ssimon 1123238405Sjkim /* Cipher 3E */ 1124238405Sjkim { 1125238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 1126238405Sjkim TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1127238405Sjkim TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1128246772Sjkim SSL_kDHd, 1129238405Sjkim SSL_aDH, 1130238405Sjkim SSL_AES128, 1131238405Sjkim SSL_SHA256, 1132238405Sjkim SSL_TLSV1_2, 1133238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1134238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1135238405Sjkim 128, 1136238405Sjkim 128, 1137238405Sjkim }, 1138238405Sjkim 1139238405Sjkim /* Cipher 3F */ 1140238405Sjkim { 1141238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 1142238405Sjkim TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1143238405Sjkim TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1144238405Sjkim SSL_kDHr, 1145238405Sjkim SSL_aDH, 1146238405Sjkim SSL_AES128, 1147238405Sjkim SSL_SHA256, 1148238405Sjkim SSL_TLSV1_2, 1149238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1150238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1151238405Sjkim 128, 1152238405Sjkim 128, 1153238405Sjkim }, 1154238405Sjkim 1155238405Sjkim /* Cipher 40 */ 1156238405Sjkim { 1157238405Sjkim 1, 1158238405Sjkim TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1159238405Sjkim TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1160238405Sjkim SSL_kEDH, 1161238405Sjkim SSL_aDSS, 1162238405Sjkim SSL_AES128, 1163238405Sjkim SSL_SHA256, 1164238405Sjkim SSL_TLSV1_2, 1165238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1166238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1167238405Sjkim 128, 1168238405Sjkim 128, 1169238405Sjkim }, 1170238405Sjkim 1171162911Ssimon#ifndef OPENSSL_NO_CAMELLIA 1172162911Ssimon /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1173162911Ssimon 1174162911Ssimon /* Cipher 41 */ 1175162911Ssimon { 1176162911Ssimon 1, 1177162911Ssimon TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1178162911Ssimon TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1179238405Sjkim SSL_kRSA, 1180238405Sjkim SSL_aRSA, 1181238405Sjkim SSL_CAMELLIA128, 1182238405Sjkim SSL_SHA1, 1183238405Sjkim SSL_TLSV1, 1184162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1185238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1186162911Ssimon 128, 1187162911Ssimon 128, 1188162911Ssimon }, 1189238405Sjkim 1190162911Ssimon /* Cipher 42 */ 1191162911Ssimon { 1192162911Ssimon 0, /* not implemented (non-ephemeral DH) */ 1193162911Ssimon TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1194162911Ssimon TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1195238405Sjkim SSL_kDHd, 1196238405Sjkim SSL_aDH, 1197238405Sjkim SSL_CAMELLIA128, 1198238405Sjkim SSL_SHA1, 1199238405Sjkim SSL_TLSV1, 1200162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1201238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1202162911Ssimon 128, 1203162911Ssimon 128, 1204162911Ssimon }, 1205238405Sjkim 1206162911Ssimon /* Cipher 43 */ 1207162911Ssimon { 1208162911Ssimon 0, /* not implemented (non-ephemeral DH) */ 1209162911Ssimon TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1210162911Ssimon TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1211238405Sjkim SSL_kDHr, 1212238405Sjkim SSL_aDH, 1213238405Sjkim SSL_CAMELLIA128, 1214238405Sjkim SSL_SHA1, 1215238405Sjkim SSL_TLSV1, 1216162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1217238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1218162911Ssimon 128, 1219162911Ssimon 128, 1220162911Ssimon }, 1221238405Sjkim 1222162911Ssimon /* Cipher 44 */ 1223162911Ssimon { 1224162911Ssimon 1, 1225162911Ssimon TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1226162911Ssimon TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1227238405Sjkim SSL_kEDH, 1228238405Sjkim SSL_aDSS, 1229238405Sjkim SSL_CAMELLIA128, 1230238405Sjkim SSL_SHA1, 1231238405Sjkim SSL_TLSV1, 1232162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1233238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1234162911Ssimon 128, 1235162911Ssimon 128, 1236162911Ssimon }, 1237238405Sjkim 1238162911Ssimon /* Cipher 45 */ 1239162911Ssimon { 1240162911Ssimon 1, 1241162911Ssimon TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1242162911Ssimon TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1243238405Sjkim SSL_kEDH, 1244238405Sjkim SSL_aRSA, 1245238405Sjkim SSL_CAMELLIA128, 1246238405Sjkim SSL_SHA1, 1247238405Sjkim SSL_TLSV1, 1248162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1249238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1250162911Ssimon 128, 1251162911Ssimon 128, 1252162911Ssimon }, 1253238405Sjkim 1254162911Ssimon /* Cipher 46 */ 1255162911Ssimon { 1256162911Ssimon 1, 1257162911Ssimon TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1258162911Ssimon TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1259238405Sjkim SSL_kEDH, 1260238405Sjkim SSL_aNULL, 1261238405Sjkim SSL_CAMELLIA128, 1262238405Sjkim SSL_SHA1, 1263238405Sjkim SSL_TLSV1, 1264162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1265238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1266162911Ssimon 128, 1267162911Ssimon 128, 1268162911Ssimon }, 1269162911Ssimon#endif /* OPENSSL_NO_CAMELLIA */ 1270162911Ssimon 127155714Skris#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1272162911Ssimon /* New TLS Export CipherSuites from expired ID */ 1273162911Ssimon#if 0 127455714Skris /* Cipher 60 */ 1275238405Sjkim { 1276238405Sjkim 1, 1277238405Sjkim TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1278238405Sjkim TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1279238405Sjkim SSL_kRSA, 1280238405Sjkim SSL_aRSA, 1281238405Sjkim SSL_RC4, 1282238405Sjkim SSL_MD5, 1283238405Sjkim SSL_TLSV1, 1284238405Sjkim SSL_EXPORT|SSL_EXP56, 1285238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1286238405Sjkim 56, 1287238405Sjkim 128, 1288238405Sjkim }, 1289238405Sjkim 129055714Skris /* Cipher 61 */ 1291238405Sjkim { 1292238405Sjkim 1, 1293238405Sjkim TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1294238405Sjkim TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1295238405Sjkim SSL_kRSA, 1296238405Sjkim SSL_aRSA, 1297238405Sjkim SSL_RC2, 1298238405Sjkim SSL_MD5, 1299238405Sjkim SSL_TLSV1, 1300238405Sjkim SSL_EXPORT|SSL_EXP56, 1301238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1302238405Sjkim 56, 1303238405Sjkim 128, 1304238405Sjkim }, 1305162911Ssimon#endif 1306238405Sjkim 130755714Skris /* Cipher 62 */ 1308238405Sjkim { 1309238405Sjkim 1, 1310238405Sjkim TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1311238405Sjkim TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1312238405Sjkim SSL_kRSA, 1313238405Sjkim SSL_aRSA, 1314238405Sjkim SSL_DES, 1315238405Sjkim SSL_SHA1, 1316238405Sjkim SSL_TLSV1, 1317238405Sjkim SSL_EXPORT|SSL_EXP56, 1318238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1319238405Sjkim 56, 1320238405Sjkim 56, 1321238405Sjkim }, 1322238405Sjkim 132355714Skris /* Cipher 63 */ 1324238405Sjkim { 1325238405Sjkim 1, 1326238405Sjkim TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1327238405Sjkim TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1328238405Sjkim SSL_kEDH, 1329238405Sjkim SSL_aDSS, 1330238405Sjkim SSL_DES, 1331238405Sjkim SSL_SHA1, 1332238405Sjkim SSL_TLSV1, 1333238405Sjkim SSL_EXPORT|SSL_EXP56, 1334238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1335238405Sjkim 56, 1336238405Sjkim 56, 1337238405Sjkim }, 1338238405Sjkim 133955714Skris /* Cipher 64 */ 1340238405Sjkim { 1341238405Sjkim 1, 1342238405Sjkim TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1343238405Sjkim TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1344238405Sjkim SSL_kRSA, 1345238405Sjkim SSL_aRSA, 1346238405Sjkim SSL_RC4, 1347238405Sjkim SSL_SHA1, 1348238405Sjkim SSL_TLSV1, 1349238405Sjkim SSL_EXPORT|SSL_EXP56, 1350238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1351238405Sjkim 56, 1352238405Sjkim 128, 1353238405Sjkim }, 1354238405Sjkim 135555714Skris /* Cipher 65 */ 1356238405Sjkim { 1357238405Sjkim 1, 1358238405Sjkim TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1359238405Sjkim TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1360238405Sjkim SSL_kEDH, 1361238405Sjkim SSL_aDSS, 1362238405Sjkim SSL_RC4, 1363238405Sjkim SSL_SHA1, 1364238405Sjkim SSL_TLSV1, 1365238405Sjkim SSL_EXPORT|SSL_EXP56, 1366238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1367238405Sjkim 56, 1368238405Sjkim 128, 1369238405Sjkim }, 1370238405Sjkim 137155714Skris /* Cipher 66 */ 1372238405Sjkim { 1373238405Sjkim 1, 1374238405Sjkim TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1375238405Sjkim TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1376238405Sjkim SSL_kEDH, 1377238405Sjkim SSL_aDSS, 1378238405Sjkim SSL_RC4, 1379238405Sjkim SSL_SHA1, 1380238405Sjkim SSL_TLSV1, 1381238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 1382238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1383238405Sjkim 128, 1384238405Sjkim 128, 1385238405Sjkim }, 138655714Skris#endif 1387162911Ssimon 1388238405Sjkim /* TLS v1.2 ciphersuites */ 1389238405Sjkim /* Cipher 67 */ 1390238405Sjkim { 1391238405Sjkim 1, 1392238405Sjkim TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1393238405Sjkim TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1394238405Sjkim SSL_kEDH, 1395238405Sjkim SSL_aRSA, 1396238405Sjkim SSL_AES128, 1397238405Sjkim SSL_SHA256, 1398238405Sjkim SSL_TLSV1_2, 1399238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1400238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1401238405Sjkim 128, 1402238405Sjkim 128, 1403238405Sjkim }, 1404238405Sjkim 1405238405Sjkim /* Cipher 68 */ 1406238405Sjkim { 1407238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 1408238405Sjkim TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1409238405Sjkim TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1410246772Sjkim SSL_kDHd, 1411238405Sjkim SSL_aDH, 1412238405Sjkim SSL_AES256, 1413238405Sjkim SSL_SHA256, 1414238405Sjkim SSL_TLSV1_2, 1415238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1416238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1417238405Sjkim 256, 1418238405Sjkim 256, 1419238405Sjkim }, 1420238405Sjkim 1421238405Sjkim /* Cipher 69 */ 1422238405Sjkim { 1423238405Sjkim 0, /* not implemented (non-ephemeral DH) */ 1424238405Sjkim TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1425238405Sjkim TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1426238405Sjkim SSL_kDHr, 1427238405Sjkim SSL_aDH, 1428238405Sjkim SSL_AES256, 1429238405Sjkim SSL_SHA256, 1430238405Sjkim SSL_TLSV1_2, 1431238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1432238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1433238405Sjkim 256, 1434238405Sjkim 256, 1435238405Sjkim }, 1436238405Sjkim 1437238405Sjkim /* Cipher 6A */ 1438238405Sjkim { 1439238405Sjkim 1, 1440238405Sjkim TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1441238405Sjkim TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1442238405Sjkim SSL_kEDH, 1443238405Sjkim SSL_aDSS, 1444238405Sjkim SSL_AES256, 1445238405Sjkim SSL_SHA256, 1446238405Sjkim SSL_TLSV1_2, 1447238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1448238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1449238405Sjkim 256, 1450238405Sjkim 256, 1451238405Sjkim }, 1452238405Sjkim 1453238405Sjkim /* Cipher 6B */ 1454238405Sjkim { 1455238405Sjkim 1, 1456238405Sjkim TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1457238405Sjkim TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1458238405Sjkim SSL_kEDH, 1459238405Sjkim SSL_aRSA, 1460238405Sjkim SSL_AES256, 1461238405Sjkim SSL_SHA256, 1462238405Sjkim SSL_TLSV1_2, 1463238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1464238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1465238405Sjkim 256, 1466238405Sjkim 256, 1467238405Sjkim }, 1468238405Sjkim 1469238405Sjkim /* Cipher 6C */ 1470238405Sjkim { 1471238405Sjkim 1, 1472238405Sjkim TLS1_TXT_ADH_WITH_AES_128_SHA256, 1473238405Sjkim TLS1_CK_ADH_WITH_AES_128_SHA256, 1474238405Sjkim SSL_kEDH, 1475238405Sjkim SSL_aNULL, 1476238405Sjkim SSL_AES128, 1477238405Sjkim SSL_SHA256, 1478238405Sjkim SSL_TLSV1_2, 1479238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1480238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1481238405Sjkim 128, 1482238405Sjkim 128, 1483238405Sjkim }, 1484238405Sjkim 1485238405Sjkim /* Cipher 6D */ 1486238405Sjkim { 1487238405Sjkim 1, 1488238405Sjkim TLS1_TXT_ADH_WITH_AES_256_SHA256, 1489238405Sjkim TLS1_CK_ADH_WITH_AES_256_SHA256, 1490238405Sjkim SSL_kEDH, 1491238405Sjkim SSL_aNULL, 1492238405Sjkim SSL_AES256, 1493238405Sjkim SSL_SHA256, 1494238405Sjkim SSL_TLSV1_2, 1495238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1496238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1497238405Sjkim 256, 1498238405Sjkim 256, 1499238405Sjkim }, 1500238405Sjkim 1501238405Sjkim /* GOST Ciphersuites */ 1502238405Sjkim 1503238405Sjkim { 1504238405Sjkim 1, 1505238405Sjkim "GOST94-GOST89-GOST89", 1506238405Sjkim 0x3000080, 1507238405Sjkim SSL_kGOST, 1508238405Sjkim SSL_aGOST94, 1509238405Sjkim SSL_eGOST2814789CNT, 1510238405Sjkim SSL_GOST89MAC, 1511238405Sjkim SSL_TLSV1, 1512238405Sjkim SSL_NOT_EXP|SSL_HIGH, 1513238405Sjkim SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1514238405Sjkim 256, 1515238405Sjkim 256 1516238405Sjkim }, 1517238405Sjkim { 1518238405Sjkim 1, 1519238405Sjkim "GOST2001-GOST89-GOST89", 1520238405Sjkim 0x3000081, 1521238405Sjkim SSL_kGOST, 1522238405Sjkim SSL_aGOST01, 1523238405Sjkim SSL_eGOST2814789CNT, 1524238405Sjkim SSL_GOST89MAC, 1525238405Sjkim SSL_TLSV1, 1526238405Sjkim SSL_NOT_EXP|SSL_HIGH, 1527238405Sjkim SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1528238405Sjkim 256, 1529238405Sjkim 256 1530238405Sjkim }, 1531238405Sjkim { 1532238405Sjkim 1, 1533238405Sjkim "GOST94-NULL-GOST94", 1534238405Sjkim 0x3000082, 1535238405Sjkim SSL_kGOST, 1536238405Sjkim SSL_aGOST94, 1537238405Sjkim SSL_eNULL, 1538238405Sjkim SSL_GOST94, 1539238405Sjkim SSL_TLSV1, 1540238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE, 1541238405Sjkim SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1542238405Sjkim 0, 1543238405Sjkim 0 1544238405Sjkim }, 1545238405Sjkim { 1546238405Sjkim 1, 1547238405Sjkim "GOST2001-NULL-GOST94", 1548238405Sjkim 0x3000083, 1549238405Sjkim SSL_kGOST, 1550238405Sjkim SSL_aGOST01, 1551238405Sjkim SSL_eNULL, 1552238405Sjkim SSL_GOST94, 1553238405Sjkim SSL_TLSV1, 1554238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE, 1555238405Sjkim SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1556238405Sjkim 0, 1557238405Sjkim 0 1558238405Sjkim }, 1559238405Sjkim 1560162911Ssimon#ifndef OPENSSL_NO_CAMELLIA 1561162911Ssimon /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1562162911Ssimon 1563162911Ssimon /* Cipher 84 */ 1564162911Ssimon { 1565162911Ssimon 1, 1566162911Ssimon TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1567162911Ssimon TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1568238405Sjkim SSL_kRSA, 1569238405Sjkim SSL_aRSA, 1570238405Sjkim SSL_CAMELLIA256, 1571238405Sjkim SSL_SHA1, 1572238405Sjkim SSL_TLSV1, 1573162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1574238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1575162911Ssimon 256, 1576162911Ssimon 256, 1577162911Ssimon }, 1578162911Ssimon /* Cipher 85 */ 1579162911Ssimon { 1580162911Ssimon 0, /* not implemented (non-ephemeral DH) */ 1581162911Ssimon TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1582162911Ssimon TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1583238405Sjkim SSL_kDHd, 1584238405Sjkim SSL_aDH, 1585238405Sjkim SSL_CAMELLIA256, 1586238405Sjkim SSL_SHA1, 1587238405Sjkim SSL_TLSV1, 1588162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1589238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1590162911Ssimon 256, 1591162911Ssimon 256, 1592162911Ssimon }, 1593238405Sjkim 1594162911Ssimon /* Cipher 86 */ 1595162911Ssimon { 1596162911Ssimon 0, /* not implemented (non-ephemeral DH) */ 1597162911Ssimon TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1598162911Ssimon TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1599238405Sjkim SSL_kDHr, 1600238405Sjkim SSL_aDH, 1601238405Sjkim SSL_CAMELLIA256, 1602238405Sjkim SSL_SHA1, 1603238405Sjkim SSL_TLSV1, 1604162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1605238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1606162911Ssimon 256, 1607162911Ssimon 256, 1608162911Ssimon }, 1609238405Sjkim 1610162911Ssimon /* Cipher 87 */ 1611162911Ssimon { 1612162911Ssimon 1, 1613162911Ssimon TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1614162911Ssimon TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1615238405Sjkim SSL_kEDH, 1616238405Sjkim SSL_aDSS, 1617238405Sjkim SSL_CAMELLIA256, 1618238405Sjkim SSL_SHA1, 1619238405Sjkim SSL_TLSV1, 1620162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1621238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1622162911Ssimon 256, 1623162911Ssimon 256, 1624162911Ssimon }, 1625238405Sjkim 1626162911Ssimon /* Cipher 88 */ 1627162911Ssimon { 1628162911Ssimon 1, 1629162911Ssimon TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1630162911Ssimon TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1631238405Sjkim SSL_kEDH, 1632238405Sjkim SSL_aRSA, 1633238405Sjkim SSL_CAMELLIA256, 1634238405Sjkim SSL_SHA1, 1635238405Sjkim SSL_TLSV1, 1636162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1637238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1638162911Ssimon 256, 1639162911Ssimon 256, 1640162911Ssimon }, 1641238405Sjkim 1642162911Ssimon /* Cipher 89 */ 1643162911Ssimon { 1644162911Ssimon 1, 1645162911Ssimon TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1646162911Ssimon TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1647238405Sjkim SSL_kEDH, 1648238405Sjkim SSL_aNULL, 1649238405Sjkim SSL_CAMELLIA256, 1650238405Sjkim SSL_SHA1, 1651238405Sjkim SSL_TLSV1, 1652162911Ssimon SSL_NOT_EXP|SSL_HIGH, 1653238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1654162911Ssimon 256, 1655162911Ssimon 256, 1656162911Ssimon }, 1657162911Ssimon#endif /* OPENSSL_NO_CAMELLIA */ 1658162911Ssimon 1659238405Sjkim#ifndef OPENSSL_NO_PSK 1660238405Sjkim /* Cipher 8A */ 1661238405Sjkim { 1662238405Sjkim 1, 1663238405Sjkim TLS1_TXT_PSK_WITH_RC4_128_SHA, 1664238405Sjkim TLS1_CK_PSK_WITH_RC4_128_SHA, 1665238405Sjkim SSL_kPSK, 1666238405Sjkim SSL_aPSK, 1667238405Sjkim SSL_RC4, 1668238405Sjkim SSL_SHA1, 1669238405Sjkim SSL_TLSV1, 1670238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 1671238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1672238405Sjkim 128, 1673238405Sjkim 128, 1674238405Sjkim }, 1675238405Sjkim 1676238405Sjkim /* Cipher 8B */ 1677238405Sjkim { 1678238405Sjkim 1, 1679238405Sjkim TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1680238405Sjkim TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1681238405Sjkim SSL_kPSK, 1682238405Sjkim SSL_aPSK, 1683238405Sjkim SSL_3DES, 1684238405Sjkim SSL_SHA1, 1685238405Sjkim SSL_TLSV1, 1686279264Sdelphij SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1687238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1688279264Sdelphij 112, 1689238405Sjkim 168, 1690238405Sjkim }, 1691238405Sjkim 1692238405Sjkim /* Cipher 8C */ 1693238405Sjkim { 1694238405Sjkim 1, 1695238405Sjkim TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1696238405Sjkim TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1697238405Sjkim SSL_kPSK, 1698238405Sjkim SSL_aPSK, 1699238405Sjkim SSL_AES128, 1700238405Sjkim SSL_SHA1, 1701238405Sjkim SSL_TLSV1, 1702279264Sdelphij SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1703238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1704238405Sjkim 128, 1705238405Sjkim 128, 1706238405Sjkim }, 1707238405Sjkim 1708238405Sjkim /* Cipher 8D */ 1709238405Sjkim { 1710238405Sjkim 1, 1711238405Sjkim TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1712238405Sjkim TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1713238405Sjkim SSL_kPSK, 1714238405Sjkim SSL_aPSK, 1715238405Sjkim SSL_AES256, 1716238405Sjkim SSL_SHA1, 1717238405Sjkim SSL_TLSV1, 1718279264Sdelphij SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1719238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1720238405Sjkim 256, 1721238405Sjkim 256, 1722238405Sjkim }, 1723238405Sjkim#endif /* OPENSSL_NO_PSK */ 1724238405Sjkim 1725194206Ssimon#ifndef OPENSSL_NO_SEED 1726194206Ssimon /* SEED ciphersuites from RFC4162 */ 1727194206Ssimon 1728194206Ssimon /* Cipher 96 */ 1729194206Ssimon { 1730194206Ssimon 1, 1731194206Ssimon TLS1_TXT_RSA_WITH_SEED_SHA, 1732194206Ssimon TLS1_CK_RSA_WITH_SEED_SHA, 1733238405Sjkim SSL_kRSA, 1734238405Sjkim SSL_aRSA, 1735238405Sjkim SSL_SEED, 1736238405Sjkim SSL_SHA1, 1737238405Sjkim SSL_TLSV1, 1738194206Ssimon SSL_NOT_EXP|SSL_MEDIUM, 1739238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1740194206Ssimon 128, 1741194206Ssimon 128, 1742194206Ssimon }, 1743194206Ssimon 1744194206Ssimon /* Cipher 97 */ 1745194206Ssimon { 1746194206Ssimon 0, /* not implemented (non-ephemeral DH) */ 1747194206Ssimon TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1748194206Ssimon TLS1_CK_DH_DSS_WITH_SEED_SHA, 1749238405Sjkim SSL_kDHd, 1750238405Sjkim SSL_aDH, 1751238405Sjkim SSL_SEED, 1752238405Sjkim SSL_SHA1, 1753238405Sjkim SSL_TLSV1, 1754194206Ssimon SSL_NOT_EXP|SSL_MEDIUM, 1755238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1756194206Ssimon 128, 1757194206Ssimon 128, 1758194206Ssimon }, 1759194206Ssimon 1760194206Ssimon /* Cipher 98 */ 1761194206Ssimon { 1762194206Ssimon 0, /* not implemented (non-ephemeral DH) */ 1763194206Ssimon TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1764194206Ssimon TLS1_CK_DH_RSA_WITH_SEED_SHA, 1765238405Sjkim SSL_kDHr, 1766238405Sjkim SSL_aDH, 1767238405Sjkim SSL_SEED, 1768238405Sjkim SSL_SHA1, 1769238405Sjkim SSL_TLSV1, 1770194206Ssimon SSL_NOT_EXP|SSL_MEDIUM, 1771238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1772194206Ssimon 128, 1773194206Ssimon 128, 1774194206Ssimon }, 1775194206Ssimon 1776194206Ssimon /* Cipher 99 */ 1777194206Ssimon { 1778194206Ssimon 1, 1779194206Ssimon TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1780194206Ssimon TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1781238405Sjkim SSL_kEDH, 1782238405Sjkim SSL_aDSS, 1783238405Sjkim SSL_SEED, 1784238405Sjkim SSL_SHA1, 1785238405Sjkim SSL_TLSV1, 1786194206Ssimon SSL_NOT_EXP|SSL_MEDIUM, 1787238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1788194206Ssimon 128, 1789194206Ssimon 128, 1790194206Ssimon }, 1791194206Ssimon 1792194206Ssimon /* Cipher 9A */ 1793194206Ssimon { 1794194206Ssimon 1, 1795194206Ssimon TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1796194206Ssimon TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1797238405Sjkim SSL_kEDH, 1798238405Sjkim SSL_aRSA, 1799238405Sjkim SSL_SEED, 1800238405Sjkim SSL_SHA1, 1801238405Sjkim SSL_TLSV1, 1802194206Ssimon SSL_NOT_EXP|SSL_MEDIUM, 1803238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1804194206Ssimon 128, 1805194206Ssimon 128, 1806194206Ssimon }, 1807194206Ssimon 1808194206Ssimon /* Cipher 9B */ 1809194206Ssimon { 1810194206Ssimon 1, 1811194206Ssimon TLS1_TXT_ADH_WITH_SEED_SHA, 1812194206Ssimon TLS1_CK_ADH_WITH_SEED_SHA, 1813238405Sjkim SSL_kEDH, 1814238405Sjkim SSL_aNULL, 1815238405Sjkim SSL_SEED, 1816238405Sjkim SSL_SHA1, 1817238405Sjkim SSL_TLSV1, 1818194206Ssimon SSL_NOT_EXP|SSL_MEDIUM, 1819238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1820194206Ssimon 128, 1821194206Ssimon 128, 1822194206Ssimon }, 1823194206Ssimon 1824194206Ssimon#endif /* OPENSSL_NO_SEED */ 1825194206Ssimon 1826238405Sjkim /* GCM ciphersuites from RFC5288 */ 1827238405Sjkim 1828238405Sjkim /* Cipher 9C */ 1829238405Sjkim { 1830238405Sjkim 1, 1831238405Sjkim TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1832238405Sjkim TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1833238405Sjkim SSL_kRSA, 1834238405Sjkim SSL_aRSA, 1835238405Sjkim SSL_AES128GCM, 1836238405Sjkim SSL_AEAD, 1837238405Sjkim SSL_TLSV1_2, 1838238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1839238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1840238405Sjkim 128, 1841238405Sjkim 128, 1842238405Sjkim }, 1843238405Sjkim 1844238405Sjkim /* Cipher 9D */ 1845238405Sjkim { 1846238405Sjkim 1, 1847238405Sjkim TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1848238405Sjkim TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1849238405Sjkim SSL_kRSA, 1850238405Sjkim SSL_aRSA, 1851238405Sjkim SSL_AES256GCM, 1852238405Sjkim SSL_AEAD, 1853238405Sjkim SSL_TLSV1_2, 1854238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1855238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1856238405Sjkim 256, 1857238405Sjkim 256, 1858238405Sjkim }, 1859238405Sjkim 1860238405Sjkim /* Cipher 9E */ 1861238405Sjkim { 1862238405Sjkim 1, 1863238405Sjkim TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1864238405Sjkim TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1865238405Sjkim SSL_kEDH, 1866238405Sjkim SSL_aRSA, 1867238405Sjkim SSL_AES128GCM, 1868238405Sjkim SSL_AEAD, 1869238405Sjkim SSL_TLSV1_2, 1870238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1871238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1872238405Sjkim 128, 1873238405Sjkim 128, 1874238405Sjkim }, 1875238405Sjkim 1876238405Sjkim /* Cipher 9F */ 1877238405Sjkim { 1878238405Sjkim 1, 1879238405Sjkim TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1880238405Sjkim TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1881238405Sjkim SSL_kEDH, 1882238405Sjkim SSL_aRSA, 1883238405Sjkim SSL_AES256GCM, 1884238405Sjkim SSL_AEAD, 1885238405Sjkim SSL_TLSV1_2, 1886238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1887238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1888238405Sjkim 256, 1889238405Sjkim 256, 1890238405Sjkim }, 1891238405Sjkim 1892238405Sjkim /* Cipher A0 */ 1893238405Sjkim { 1894238405Sjkim 0, 1895238405Sjkim TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1896238405Sjkim TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1897238405Sjkim SSL_kDHr, 1898238405Sjkim SSL_aDH, 1899238405Sjkim SSL_AES128GCM, 1900238405Sjkim SSL_AEAD, 1901238405Sjkim SSL_TLSV1_2, 1902238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1903238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1904238405Sjkim 128, 1905238405Sjkim 128, 1906238405Sjkim }, 1907238405Sjkim 1908238405Sjkim /* Cipher A1 */ 1909238405Sjkim { 1910238405Sjkim 0, 1911238405Sjkim TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1912238405Sjkim TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1913238405Sjkim SSL_kDHr, 1914238405Sjkim SSL_aDH, 1915238405Sjkim SSL_AES256GCM, 1916238405Sjkim SSL_AEAD, 1917238405Sjkim SSL_TLSV1_2, 1918238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1919238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1920238405Sjkim 256, 1921238405Sjkim 256, 1922238405Sjkim }, 1923238405Sjkim 1924238405Sjkim /* Cipher A2 */ 1925238405Sjkim { 1926238405Sjkim 1, 1927238405Sjkim TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1928238405Sjkim TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1929238405Sjkim SSL_kEDH, 1930238405Sjkim SSL_aDSS, 1931238405Sjkim SSL_AES128GCM, 1932238405Sjkim SSL_AEAD, 1933238405Sjkim SSL_TLSV1_2, 1934238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1935238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1936238405Sjkim 128, 1937238405Sjkim 128, 1938238405Sjkim }, 1939238405Sjkim 1940238405Sjkim /* Cipher A3 */ 1941238405Sjkim { 1942238405Sjkim 1, 1943238405Sjkim TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1944238405Sjkim TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1945238405Sjkim SSL_kEDH, 1946238405Sjkim SSL_aDSS, 1947238405Sjkim SSL_AES256GCM, 1948238405Sjkim SSL_AEAD, 1949238405Sjkim SSL_TLSV1_2, 1950238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1951238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1952238405Sjkim 256, 1953238405Sjkim 256, 1954238405Sjkim }, 1955238405Sjkim 1956238405Sjkim /* Cipher A4 */ 1957238405Sjkim { 1958238405Sjkim 0, 1959238405Sjkim TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1960238405Sjkim TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1961246772Sjkim SSL_kDHd, 1962238405Sjkim SSL_aDH, 1963238405Sjkim SSL_AES128GCM, 1964238405Sjkim SSL_AEAD, 1965238405Sjkim SSL_TLSV1_2, 1966238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1967238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1968238405Sjkim 128, 1969238405Sjkim 128, 1970238405Sjkim }, 1971238405Sjkim 1972238405Sjkim /* Cipher A5 */ 1973238405Sjkim { 1974238405Sjkim 0, 1975238405Sjkim TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1976238405Sjkim TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1977246772Sjkim SSL_kDHd, 1978238405Sjkim SSL_aDH, 1979238405Sjkim SSL_AES256GCM, 1980238405Sjkim SSL_AEAD, 1981238405Sjkim SSL_TLSV1_2, 1982238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1983238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1984238405Sjkim 256, 1985238405Sjkim 256, 1986238405Sjkim }, 1987238405Sjkim 1988238405Sjkim /* Cipher A6 */ 1989238405Sjkim { 1990238405Sjkim 1, 1991238405Sjkim TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1992238405Sjkim TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1993238405Sjkim SSL_kEDH, 1994238405Sjkim SSL_aNULL, 1995238405Sjkim SSL_AES128GCM, 1996238405Sjkim SSL_AEAD, 1997238405Sjkim SSL_TLSV1_2, 1998238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1999238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2000238405Sjkim 128, 2001238405Sjkim 128, 2002238405Sjkim }, 2003238405Sjkim 2004238405Sjkim /* Cipher A7 */ 2005238405Sjkim { 2006238405Sjkim 1, 2007238405Sjkim TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2008238405Sjkim TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2009238405Sjkim SSL_kEDH, 2010238405Sjkim SSL_aNULL, 2011238405Sjkim SSL_AES256GCM, 2012238405Sjkim SSL_AEAD, 2013238405Sjkim SSL_TLSV1_2, 2014238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2015238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2016238405Sjkim 256, 2017238405Sjkim 256, 2018238405Sjkim }, 2019238405Sjkim 2020160814Ssimon#ifndef OPENSSL_NO_ECDH 2021160814Ssimon /* Cipher C001 */ 2022238405Sjkim { 2023238405Sjkim 1, 2024238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2025238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2026238405Sjkim SSL_kECDHe, 2027238405Sjkim SSL_aECDH, 2028238405Sjkim SSL_eNULL, 2029238405Sjkim SSL_SHA1, 2030238405Sjkim SSL_TLSV1, 2031238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2032238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2033238405Sjkim 0, 2034238405Sjkim 0, 2035238405Sjkim }, 203655714Skris 2037160814Ssimon /* Cipher C002 */ 2038238405Sjkim { 2039238405Sjkim 1, 2040238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2041238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2042238405Sjkim SSL_kECDHe, 2043238405Sjkim SSL_aECDH, 2044238405Sjkim SSL_RC4, 2045238405Sjkim SSL_SHA1, 2046238405Sjkim SSL_TLSV1, 2047238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 2048238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2049238405Sjkim 128, 2050238405Sjkim 128, 2051238405Sjkim }, 2052160814Ssimon 2053160814Ssimon /* Cipher C003 */ 2054238405Sjkim { 2055238405Sjkim 1, 2056238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2057238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2058238405Sjkim SSL_kECDHe, 2059238405Sjkim SSL_aECDH, 2060238405Sjkim SSL_3DES, 2061238405Sjkim SSL_SHA1, 2062238405Sjkim SSL_TLSV1, 2063238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2064238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2065279264Sdelphij 112, 2066238405Sjkim 168, 2067238405Sjkim }, 2068160814Ssimon 2069160814Ssimon /* Cipher C004 */ 2070238405Sjkim { 2071238405Sjkim 1, 2072238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2073238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2074238405Sjkim SSL_kECDHe, 2075238405Sjkim SSL_aECDH, 2076238405Sjkim SSL_AES128, 2077238405Sjkim SSL_SHA1, 2078238405Sjkim SSL_TLSV1, 2079238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2080238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2081238405Sjkim 128, 2082238405Sjkim 128, 2083238405Sjkim }, 2084160814Ssimon 2085160814Ssimon /* Cipher C005 */ 2086238405Sjkim { 2087238405Sjkim 1, 2088238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2089238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2090238405Sjkim SSL_kECDHe, 2091238405Sjkim SSL_aECDH, 2092238405Sjkim SSL_AES256, 2093238405Sjkim SSL_SHA1, 2094238405Sjkim SSL_TLSV1, 2095238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2096238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2097238405Sjkim 256, 2098238405Sjkim 256, 2099238405Sjkim }, 2100160814Ssimon 2101160814Ssimon /* Cipher C006 */ 2102238405Sjkim { 2103238405Sjkim 1, 2104238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2105238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2106238405Sjkim SSL_kEECDH, 2107238405Sjkim SSL_aECDSA, 2108238405Sjkim SSL_eNULL, 2109238405Sjkim SSL_SHA1, 2110238405Sjkim SSL_TLSV1, 2111238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2112238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2113238405Sjkim 0, 2114238405Sjkim 0, 2115238405Sjkim }, 2116160814Ssimon 2117160814Ssimon /* Cipher C007 */ 2118238405Sjkim { 2119238405Sjkim 1, 2120238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2121238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2122238405Sjkim SSL_kEECDH, 2123238405Sjkim SSL_aECDSA, 2124238405Sjkim SSL_RC4, 2125238405Sjkim SSL_SHA1, 2126238405Sjkim SSL_TLSV1, 2127238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 2128238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2129238405Sjkim 128, 2130238405Sjkim 128, 2131238405Sjkim }, 2132109998Smarkm 2133160814Ssimon /* Cipher C008 */ 2134238405Sjkim { 2135238405Sjkim 1, 2136238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2137238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2138238405Sjkim SSL_kEECDH, 2139238405Sjkim SSL_aECDSA, 2140238405Sjkim SSL_3DES, 2141238405Sjkim SSL_SHA1, 2142238405Sjkim SSL_TLSV1, 2143238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2144238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2145279264Sdelphij 112, 2146238405Sjkim 168, 2147238405Sjkim }, 2148160814Ssimon 2149160814Ssimon /* Cipher C009 */ 2150238405Sjkim { 2151238405Sjkim 1, 2152238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2153238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2154238405Sjkim SSL_kEECDH, 2155238405Sjkim SSL_aECDSA, 2156238405Sjkim SSL_AES128, 2157238405Sjkim SSL_SHA1, 2158238405Sjkim SSL_TLSV1, 2159238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2160238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2161238405Sjkim 128, 2162238405Sjkim 128, 2163238405Sjkim }, 2164160814Ssimon 2165160814Ssimon /* Cipher C00A */ 2166238405Sjkim { 2167238405Sjkim 1, 2168238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2169238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2170238405Sjkim SSL_kEECDH, 2171238405Sjkim SSL_aECDSA, 2172238405Sjkim SSL_AES256, 2173238405Sjkim SSL_SHA1, 2174238405Sjkim SSL_TLSV1, 2175238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2176238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2177238405Sjkim 256, 2178238405Sjkim 256, 2179238405Sjkim }, 2180160814Ssimon 2181160814Ssimon /* Cipher C00B */ 2182238405Sjkim { 2183238405Sjkim 1, 2184238405Sjkim TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2185238405Sjkim TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2186238405Sjkim SSL_kECDHr, 2187238405Sjkim SSL_aECDH, 2188238405Sjkim SSL_eNULL, 2189238405Sjkim SSL_SHA1, 2190238405Sjkim SSL_TLSV1, 2191238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2192238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2193238405Sjkim 0, 2194238405Sjkim 0, 2195238405Sjkim }, 2196160814Ssimon 2197160814Ssimon /* Cipher C00C */ 2198238405Sjkim { 2199238405Sjkim 1, 2200238405Sjkim TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2201238405Sjkim TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2202238405Sjkim SSL_kECDHr, 2203238405Sjkim SSL_aECDH, 2204238405Sjkim SSL_RC4, 2205238405Sjkim SSL_SHA1, 2206238405Sjkim SSL_TLSV1, 2207238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 2208238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2209238405Sjkim 128, 2210238405Sjkim 128, 2211238405Sjkim }, 2212160814Ssimon 2213160814Ssimon /* Cipher C00D */ 2214238405Sjkim { 2215238405Sjkim 1, 2216238405Sjkim TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2217238405Sjkim TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2218238405Sjkim SSL_kECDHr, 2219238405Sjkim SSL_aECDH, 2220238405Sjkim SSL_3DES, 2221238405Sjkim SSL_SHA1, 2222238405Sjkim SSL_TLSV1, 2223238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2224238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2225279264Sdelphij 112, 2226238405Sjkim 168, 2227238405Sjkim }, 2228160814Ssimon 2229160814Ssimon /* Cipher C00E */ 2230238405Sjkim { 2231238405Sjkim 1, 2232238405Sjkim TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2233238405Sjkim TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2234238405Sjkim SSL_kECDHr, 2235238405Sjkim SSL_aECDH, 2236238405Sjkim SSL_AES128, 2237238405Sjkim SSL_SHA1, 2238238405Sjkim SSL_TLSV1, 2239238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2240238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2241238405Sjkim 128, 2242238405Sjkim 128, 2243238405Sjkim }, 2244160814Ssimon 2245160814Ssimon /* Cipher C00F */ 2246238405Sjkim { 2247238405Sjkim 1, 2248238405Sjkim TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2249238405Sjkim TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2250238405Sjkim SSL_kECDHr, 2251238405Sjkim SSL_aECDH, 2252238405Sjkim SSL_AES256, 2253238405Sjkim SSL_SHA1, 2254238405Sjkim SSL_TLSV1, 2255238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2256238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2257238405Sjkim 256, 2258238405Sjkim 256, 2259238405Sjkim }, 2260160814Ssimon 2261160814Ssimon /* Cipher C010 */ 2262238405Sjkim { 2263238405Sjkim 1, 2264238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2265238405Sjkim TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2266238405Sjkim SSL_kEECDH, 2267238405Sjkim SSL_aRSA, 2268238405Sjkim SSL_eNULL, 2269238405Sjkim SSL_SHA1, 2270238405Sjkim SSL_TLSV1, 2271238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2272238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2273238405Sjkim 0, 2274238405Sjkim 0, 2275238405Sjkim }, 2276160814Ssimon 2277160814Ssimon /* Cipher C011 */ 2278238405Sjkim { 2279238405Sjkim 1, 2280238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2281238405Sjkim TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2282238405Sjkim SSL_kEECDH, 2283238405Sjkim SSL_aRSA, 2284238405Sjkim SSL_RC4, 2285238405Sjkim SSL_SHA1, 2286238405Sjkim SSL_TLSV1, 2287238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 2288238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2289238405Sjkim 128, 2290238405Sjkim 128, 2291238405Sjkim }, 2292160814Ssimon 2293160814Ssimon /* Cipher C012 */ 2294238405Sjkim { 2295238405Sjkim 1, 2296238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2297238405Sjkim TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2298238405Sjkim SSL_kEECDH, 2299238405Sjkim SSL_aRSA, 2300238405Sjkim SSL_3DES, 2301238405Sjkim SSL_SHA1, 2302238405Sjkim SSL_TLSV1, 2303238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2304238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2305279264Sdelphij 112, 2306238405Sjkim 168, 2307238405Sjkim }, 2308160814Ssimon 2309160814Ssimon /* Cipher C013 */ 2310238405Sjkim { 2311238405Sjkim 1, 2312238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2313238405Sjkim TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2314238405Sjkim SSL_kEECDH, 2315238405Sjkim SSL_aRSA, 2316238405Sjkim SSL_AES128, 2317238405Sjkim SSL_SHA1, 2318238405Sjkim SSL_TLSV1, 2319238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2320238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2321238405Sjkim 128, 2322238405Sjkim 128, 2323238405Sjkim }, 2324160814Ssimon 2325160814Ssimon /* Cipher C014 */ 2326238405Sjkim { 2327238405Sjkim 1, 2328238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2329238405Sjkim TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2330238405Sjkim SSL_kEECDH, 2331238405Sjkim SSL_aRSA, 2332238405Sjkim SSL_AES256, 2333238405Sjkim SSL_SHA1, 2334238405Sjkim SSL_TLSV1, 2335238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2336238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2337238405Sjkim 256, 2338238405Sjkim 256, 2339238405Sjkim }, 2340160814Ssimon 2341160814Ssimon /* Cipher C015 */ 2342238405Sjkim { 2343238405Sjkim 1, 2344238405Sjkim TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2345238405Sjkim TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2346238405Sjkim SSL_kEECDH, 2347238405Sjkim SSL_aNULL, 2348238405Sjkim SSL_eNULL, 2349238405Sjkim SSL_SHA1, 2350238405Sjkim SSL_TLSV1, 2351238405Sjkim SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 2352238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2353238405Sjkim 0, 2354238405Sjkim 0, 2355238405Sjkim }, 2356109998Smarkm 2357160814Ssimon /* Cipher C016 */ 2358238405Sjkim { 2359238405Sjkim 1, 2360238405Sjkim TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2361238405Sjkim TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2362238405Sjkim SSL_kEECDH, 2363238405Sjkim SSL_aNULL, 2364238405Sjkim SSL_RC4, 2365238405Sjkim SSL_SHA1, 2366238405Sjkim SSL_TLSV1, 2367238405Sjkim SSL_NOT_EXP|SSL_MEDIUM, 2368238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2369238405Sjkim 128, 2370238405Sjkim 128, 2371238405Sjkim }, 2372160814Ssimon 2373160814Ssimon /* Cipher C017 */ 2374238405Sjkim { 2375238405Sjkim 1, 2376238405Sjkim TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2377238405Sjkim TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2378238405Sjkim SSL_kEECDH, 2379238405Sjkim SSL_aNULL, 2380238405Sjkim SSL_3DES, 2381238405Sjkim SSL_SHA1, 2382238405Sjkim SSL_TLSV1, 2383238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2384238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2385279264Sdelphij 112, 2386238405Sjkim 168, 2387238405Sjkim }, 2388160814Ssimon 2389160814Ssimon /* Cipher C018 */ 2390238405Sjkim { 2391238405Sjkim 1, 2392238405Sjkim TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2393238405Sjkim TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2394238405Sjkim SSL_kEECDH, 2395238405Sjkim SSL_aNULL, 2396238405Sjkim SSL_AES128, 2397238405Sjkim SSL_SHA1, 2398238405Sjkim SSL_TLSV1, 2399238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2400238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2401238405Sjkim 128, 2402238405Sjkim 128, 2403238405Sjkim }, 2404160814Ssimon 2405160814Ssimon /* Cipher C019 */ 2406238405Sjkim { 2407238405Sjkim 1, 2408238405Sjkim TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2409238405Sjkim TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2410238405Sjkim SSL_kEECDH, 2411238405Sjkim SSL_aNULL, 2412238405Sjkim SSL_AES256, 2413238405Sjkim SSL_SHA1, 2414238405Sjkim SSL_TLSV1, 2415238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2416238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2417238405Sjkim 256, 2418238405Sjkim 256, 2419238405Sjkim }, 2420160814Ssimon#endif /* OPENSSL_NO_ECDH */ 2421160814Ssimon 2422238405Sjkim#ifndef OPENSSL_NO_SRP 2423238405Sjkim /* Cipher C01A */ 2424238405Sjkim { 2425238405Sjkim 1, 2426238405Sjkim TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2427238405Sjkim TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2428238405Sjkim SSL_kSRP, 2429271304Sdelphij SSL_aSRP, 2430238405Sjkim SSL_3DES, 2431238405Sjkim SSL_SHA1, 2432238405Sjkim SSL_TLSV1, 2433238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2434238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2435279264Sdelphij 112, 2436238405Sjkim 168, 2437238405Sjkim }, 2438162911Ssimon 2439238405Sjkim /* Cipher C01B */ 2440238405Sjkim { 2441238405Sjkim 1, 2442238405Sjkim TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2443238405Sjkim TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2444238405Sjkim SSL_kSRP, 2445238405Sjkim SSL_aRSA, 2446238405Sjkim SSL_3DES, 2447238405Sjkim SSL_SHA1, 2448238405Sjkim SSL_TLSV1, 2449238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2450238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2451279264Sdelphij 112, 2452238405Sjkim 168, 2453238405Sjkim }, 2454238405Sjkim 2455238405Sjkim /* Cipher C01C */ 2456238405Sjkim { 2457238405Sjkim 1, 2458238405Sjkim TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2459238405Sjkim TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2460238405Sjkim SSL_kSRP, 2461238405Sjkim SSL_aDSS, 2462238405Sjkim SSL_3DES, 2463238405Sjkim SSL_SHA1, 2464238405Sjkim SSL_TLSV1, 2465238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2466238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2467279264Sdelphij 112, 2468238405Sjkim 168, 2469238405Sjkim }, 2470238405Sjkim 2471238405Sjkim /* Cipher C01D */ 2472238405Sjkim { 2473238405Sjkim 1, 2474238405Sjkim TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2475238405Sjkim TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2476238405Sjkim SSL_kSRP, 2477271304Sdelphij SSL_aSRP, 2478238405Sjkim SSL_AES128, 2479238405Sjkim SSL_SHA1, 2480238405Sjkim SSL_TLSV1, 2481238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2482238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2483238405Sjkim 128, 2484238405Sjkim 128, 2485238405Sjkim }, 2486238405Sjkim 2487238405Sjkim /* Cipher C01E */ 2488238405Sjkim { 2489238405Sjkim 1, 2490238405Sjkim TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2491238405Sjkim TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2492238405Sjkim SSL_kSRP, 2493238405Sjkim SSL_aRSA, 2494238405Sjkim SSL_AES128, 2495238405Sjkim SSL_SHA1, 2496238405Sjkim SSL_TLSV1, 2497238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2498238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2499238405Sjkim 128, 2500238405Sjkim 128, 2501238405Sjkim }, 2502238405Sjkim 2503238405Sjkim /* Cipher C01F */ 2504238405Sjkim { 2505238405Sjkim 1, 2506238405Sjkim TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2507238405Sjkim TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2508238405Sjkim SSL_kSRP, 2509238405Sjkim SSL_aDSS, 2510238405Sjkim SSL_AES128, 2511238405Sjkim SSL_SHA1, 2512238405Sjkim SSL_TLSV1, 2513238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2514238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2515238405Sjkim 128, 2516238405Sjkim 128, 2517238405Sjkim }, 2518238405Sjkim 2519238405Sjkim /* Cipher C020 */ 2520238405Sjkim { 2521238405Sjkim 1, 2522238405Sjkim TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2523238405Sjkim TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2524238405Sjkim SSL_kSRP, 2525271304Sdelphij SSL_aSRP, 2526238405Sjkim SSL_AES256, 2527238405Sjkim SSL_SHA1, 2528238405Sjkim SSL_TLSV1, 2529238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2530238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2531238405Sjkim 256, 2532238405Sjkim 256, 2533238405Sjkim }, 2534238405Sjkim 2535238405Sjkim /* Cipher C021 */ 2536238405Sjkim { 2537238405Sjkim 1, 2538238405Sjkim TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2539238405Sjkim TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2540238405Sjkim SSL_kSRP, 2541238405Sjkim SSL_aRSA, 2542238405Sjkim SSL_AES256, 2543238405Sjkim SSL_SHA1, 2544238405Sjkim SSL_TLSV1, 2545238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2546238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2547238405Sjkim 256, 2548238405Sjkim 256, 2549238405Sjkim }, 2550238405Sjkim 2551238405Sjkim /* Cipher C022 */ 2552238405Sjkim { 2553238405Sjkim 1, 2554238405Sjkim TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2555238405Sjkim TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2556238405Sjkim SSL_kSRP, 2557238405Sjkim SSL_aDSS, 2558238405Sjkim SSL_AES256, 2559238405Sjkim SSL_SHA1, 2560238405Sjkim SSL_TLSV1, 2561238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2562238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2563238405Sjkim 256, 2564238405Sjkim 256, 2565238405Sjkim }, 2566238405Sjkim#endif /* OPENSSL_NO_SRP */ 2567238405Sjkim#ifndef OPENSSL_NO_ECDH 2568238405Sjkim 2569238405Sjkim /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2570238405Sjkim 2571238405Sjkim /* Cipher C023 */ 2572238405Sjkim { 2573238405Sjkim 1, 2574238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2575238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2576238405Sjkim SSL_kEECDH, 2577238405Sjkim SSL_aECDSA, 2578238405Sjkim SSL_AES128, 2579238405Sjkim SSL_SHA256, 2580238405Sjkim SSL_TLSV1_2, 2581238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2582238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2583238405Sjkim 128, 2584238405Sjkim 128, 2585238405Sjkim }, 2586238405Sjkim 2587238405Sjkim /* Cipher C024 */ 2588238405Sjkim { 2589238405Sjkim 1, 2590238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2591238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2592238405Sjkim SSL_kEECDH, 2593238405Sjkim SSL_aECDSA, 2594238405Sjkim SSL_AES256, 2595238405Sjkim SSL_SHA384, 2596238405Sjkim SSL_TLSV1_2, 2597238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2598238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2599238405Sjkim 256, 2600238405Sjkim 256, 2601238405Sjkim }, 2602238405Sjkim 2603238405Sjkim /* Cipher C025 */ 2604238405Sjkim { 2605238405Sjkim 1, 2606238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2607238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2608238405Sjkim SSL_kECDHe, 2609238405Sjkim SSL_aECDH, 2610238405Sjkim SSL_AES128, 2611238405Sjkim SSL_SHA256, 2612238405Sjkim SSL_TLSV1_2, 2613238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2614238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2615238405Sjkim 128, 2616238405Sjkim 128, 2617238405Sjkim }, 2618238405Sjkim 2619238405Sjkim /* Cipher C026 */ 2620238405Sjkim { 2621238405Sjkim 1, 2622238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2623238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2624238405Sjkim SSL_kECDHe, 2625238405Sjkim SSL_aECDH, 2626238405Sjkim SSL_AES256, 2627238405Sjkim SSL_SHA384, 2628238405Sjkim SSL_TLSV1_2, 2629238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2630238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2631238405Sjkim 256, 2632238405Sjkim 256, 2633238405Sjkim }, 2634238405Sjkim 2635238405Sjkim /* Cipher C027 */ 2636238405Sjkim { 2637238405Sjkim 1, 2638238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2639238405Sjkim TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2640238405Sjkim SSL_kEECDH, 2641238405Sjkim SSL_aRSA, 2642238405Sjkim SSL_AES128, 2643238405Sjkim SSL_SHA256, 2644238405Sjkim SSL_TLSV1_2, 2645238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2646238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2647238405Sjkim 128, 2648238405Sjkim 128, 2649238405Sjkim }, 2650238405Sjkim 2651238405Sjkim /* Cipher C028 */ 2652238405Sjkim { 2653238405Sjkim 1, 2654238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2655238405Sjkim TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2656238405Sjkim SSL_kEECDH, 2657238405Sjkim SSL_aRSA, 2658238405Sjkim SSL_AES256, 2659238405Sjkim SSL_SHA384, 2660238405Sjkim SSL_TLSV1_2, 2661238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2662238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2663238405Sjkim 256, 2664238405Sjkim 256, 2665238405Sjkim }, 2666238405Sjkim 2667238405Sjkim /* Cipher C029 */ 2668238405Sjkim { 2669238405Sjkim 1, 2670238405Sjkim TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2671238405Sjkim TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2672246772Sjkim SSL_kECDHr, 2673238405Sjkim SSL_aECDH, 2674238405Sjkim SSL_AES128, 2675238405Sjkim SSL_SHA256, 2676238405Sjkim SSL_TLSV1_2, 2677238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2678238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2679238405Sjkim 128, 2680238405Sjkim 128, 2681238405Sjkim }, 2682238405Sjkim 2683238405Sjkim /* Cipher C02A */ 2684238405Sjkim { 2685238405Sjkim 1, 2686238405Sjkim TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2687238405Sjkim TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2688246772Sjkim SSL_kECDHr, 2689238405Sjkim SSL_aECDH, 2690238405Sjkim SSL_AES256, 2691238405Sjkim SSL_SHA384, 2692238405Sjkim SSL_TLSV1_2, 2693238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2694238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2695238405Sjkim 256, 2696238405Sjkim 256, 2697238405Sjkim }, 2698238405Sjkim 2699238405Sjkim /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2700238405Sjkim 2701238405Sjkim /* Cipher C02B */ 2702238405Sjkim { 2703238405Sjkim 1, 2704238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2705238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2706238405Sjkim SSL_kEECDH, 2707238405Sjkim SSL_aECDSA, 2708238405Sjkim SSL_AES128GCM, 2709238405Sjkim SSL_AEAD, 2710238405Sjkim SSL_TLSV1_2, 2711238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2712238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2713238405Sjkim 128, 2714238405Sjkim 128, 2715238405Sjkim }, 2716238405Sjkim 2717238405Sjkim /* Cipher C02C */ 2718238405Sjkim { 2719238405Sjkim 1, 2720238405Sjkim TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2721238405Sjkim TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2722238405Sjkim SSL_kEECDH, 2723238405Sjkim SSL_aECDSA, 2724238405Sjkim SSL_AES256GCM, 2725238405Sjkim SSL_AEAD, 2726238405Sjkim SSL_TLSV1_2, 2727238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2728238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2729238405Sjkim 256, 2730238405Sjkim 256, 2731238405Sjkim }, 2732238405Sjkim 2733238405Sjkim /* Cipher C02D */ 2734238405Sjkim { 2735238405Sjkim 1, 2736238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2737238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2738238405Sjkim SSL_kECDHe, 2739238405Sjkim SSL_aECDH, 2740238405Sjkim SSL_AES128GCM, 2741238405Sjkim SSL_AEAD, 2742238405Sjkim SSL_TLSV1_2, 2743238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2744238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2745238405Sjkim 128, 2746238405Sjkim 128, 2747238405Sjkim }, 2748238405Sjkim 2749238405Sjkim /* Cipher C02E */ 2750238405Sjkim { 2751238405Sjkim 1, 2752238405Sjkim TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2753238405Sjkim TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2754238405Sjkim SSL_kECDHe, 2755238405Sjkim SSL_aECDH, 2756238405Sjkim SSL_AES256GCM, 2757238405Sjkim SSL_AEAD, 2758238405Sjkim SSL_TLSV1_2, 2759238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2760238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2761238405Sjkim 256, 2762238405Sjkim 256, 2763238405Sjkim }, 2764238405Sjkim 2765238405Sjkim /* Cipher C02F */ 2766238405Sjkim { 2767238405Sjkim 1, 2768238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2769238405Sjkim TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2770238405Sjkim SSL_kEECDH, 2771238405Sjkim SSL_aRSA, 2772238405Sjkim SSL_AES128GCM, 2773238405Sjkim SSL_AEAD, 2774238405Sjkim SSL_TLSV1_2, 2775238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2776238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2777238405Sjkim 128, 2778238405Sjkim 128, 2779238405Sjkim }, 2780238405Sjkim 2781238405Sjkim /* Cipher C030 */ 2782238405Sjkim { 2783238405Sjkim 1, 2784238405Sjkim TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2785238405Sjkim TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2786238405Sjkim SSL_kEECDH, 2787238405Sjkim SSL_aRSA, 2788238405Sjkim SSL_AES256GCM, 2789238405Sjkim SSL_AEAD, 2790238405Sjkim SSL_TLSV1_2, 2791238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2792238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2793238405Sjkim 256, 2794238405Sjkim 256, 2795238405Sjkim }, 2796238405Sjkim 2797238405Sjkim /* Cipher C031 */ 2798238405Sjkim { 2799238405Sjkim 1, 2800238405Sjkim TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801238405Sjkim TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2802246772Sjkim SSL_kECDHr, 2803238405Sjkim SSL_aECDH, 2804238405Sjkim SSL_AES128GCM, 2805238405Sjkim SSL_AEAD, 2806238405Sjkim SSL_TLSV1_2, 2807238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2808238405Sjkim SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2809238405Sjkim 128, 2810238405Sjkim 128, 2811238405Sjkim }, 2812238405Sjkim 2813238405Sjkim /* Cipher C032 */ 2814238405Sjkim { 2815238405Sjkim 1, 2816238405Sjkim TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817238405Sjkim TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2818246772Sjkim SSL_kECDHr, 2819238405Sjkim SSL_aECDH, 2820238405Sjkim SSL_AES256GCM, 2821238405Sjkim SSL_AEAD, 2822238405Sjkim SSL_TLSV1_2, 2823238405Sjkim SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2824238405Sjkim SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2825238405Sjkim 256, 2826238405Sjkim 256, 2827238405Sjkim }, 2828238405Sjkim 2829238405Sjkim#endif /* OPENSSL_NO_ECDH */ 2830238405Sjkim 2831238405Sjkim 2832238405Sjkim#ifdef TEMP_GOST_TLS 2833238405Sjkim/* Cipher FF00 */ 2834238405Sjkim { 2835238405Sjkim 1, 2836238405Sjkim "GOST-MD5", 2837238405Sjkim 0x0300ff00, 2838238405Sjkim SSL_kRSA, 2839238405Sjkim SSL_aRSA, 2840238405Sjkim SSL_eGOST2814789CNT, 2841238405Sjkim SSL_MD5, 2842238405Sjkim SSL_TLSV1, 2843238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2844238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2845238405Sjkim 256, 2846238405Sjkim 256, 2847238405Sjkim }, 2848238405Sjkim { 2849238405Sjkim 1, 2850238405Sjkim "GOST-GOST94", 2851238405Sjkim 0x0300ff01, 2852238405Sjkim SSL_kRSA, 2853238405Sjkim SSL_aRSA, 2854238405Sjkim SSL_eGOST2814789CNT, 2855238405Sjkim SSL_GOST94, 2856238405Sjkim SSL_TLSV1, 2857238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2858238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2859238405Sjkim 256, 2860238405Sjkim 256 2861238405Sjkim }, 2862238405Sjkim { 2863238405Sjkim 1, 2864238405Sjkim "GOST-GOST89MAC", 2865238405Sjkim 0x0300ff02, 2866238405Sjkim SSL_kRSA, 2867238405Sjkim SSL_aRSA, 2868238405Sjkim SSL_eGOST2814789CNT, 2869238405Sjkim SSL_GOST89MAC, 2870238405Sjkim SSL_TLSV1, 2871238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2872238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2873238405Sjkim 256, 2874238405Sjkim 256 2875238405Sjkim }, 2876238405Sjkim { 2877238405Sjkim 1, 2878238405Sjkim "GOST-GOST89STREAM", 2879238405Sjkim 0x0300ff03, 2880238405Sjkim SSL_kRSA, 2881238405Sjkim SSL_aRSA, 2882238405Sjkim SSL_eGOST2814789CNT, 2883238405Sjkim SSL_GOST89MAC, 2884238405Sjkim SSL_TLSV1, 2885238405Sjkim SSL_NOT_EXP|SSL_HIGH, 2886238405Sjkim SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, 2887238405Sjkim 256, 2888238405Sjkim 256 2889238405Sjkim }, 2890238405Sjkim#endif 2891238405Sjkim 289255714Skris/* end of list */ 289355714Skris }; 289455714Skris 2895160814SsimonSSL3_ENC_METHOD SSLv3_enc_data={ 289655714Skris ssl3_enc, 2897238405Sjkim n_ssl3_mac, 289855714Skris ssl3_setup_key_block, 289955714Skris ssl3_generate_master_secret, 290055714Skris ssl3_change_cipher_state, 290155714Skris ssl3_final_finish_mac, 290255714Skris MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 290355714Skris ssl3_cert_verify_mac, 290455714Skris SSL3_MD_CLIENT_FINISHED_CONST,4, 290555714Skris SSL3_MD_SERVER_FINISHED_CONST,4, 290655714Skris ssl3_alert_code, 2907238405Sjkim (int (*)(SSL *, unsigned char *, size_t, const char *, 2908238405Sjkim size_t, const unsigned char *, size_t, 2909238405Sjkim int use_context))ssl_undefined_function, 291055714Skris }; 291155714Skris 2912160814Ssimonlong ssl3_default_timeout(void) 291355714Skris { 291455714Skris /* 2 hours, the 24 hours mentioned in the SSLv3 spec 291555714Skris * is way too long for http, the cache would over fill */ 291655714Skris return(60*60*2); 291755714Skris } 291855714Skris 291955714Skrisint ssl3_num_ciphers(void) 292055714Skris { 292155714Skris return(SSL3_NUM_CIPHERS); 292255714Skris } 292355714Skris 2924238405Sjkimconst SSL_CIPHER *ssl3_get_cipher(unsigned int u) 292555714Skris { 292655714Skris if (u < SSL3_NUM_CIPHERS) 292755714Skris return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 292855714Skris else 292955714Skris return(NULL); 293055714Skris } 293155714Skris 2932160814Ssimonint ssl3_pending(const SSL *s) 293355714Skris { 2934100928Snectar if (s->rstate == SSL_ST_READ_BODY) 2935100928Snectar return 0; 2936100928Snectar 293772613Skris return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 293855714Skris } 293955714Skris 294055714Skrisint ssl3_new(SSL *s) 294155714Skris { 294259191Skris SSL3_STATE *s3; 294355714Skris 294468651Skris if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 294559191Skris memset(s3,0,sizeof *s3); 2946238405Sjkim memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); 2947238405Sjkim memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); 294855714Skris 294955714Skris s->s3=s3; 295055714Skris 2951238405Sjkim#ifndef OPENSSL_NO_SRP 2952238405Sjkim SSL_SRP_CTX_init(s); 2953238405Sjkim#endif 295455714Skris s->method->ssl_clear(s); 295555714Skris return(1); 295655714Skriserr: 295755714Skris return(0); 295855714Skris } 295955714Skris 296055714Skrisvoid ssl3_free(SSL *s) 296155714Skris { 296255714Skris if(s == NULL) 296355714Skris return; 296455714Skris 2965238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 2966238405Sjkim if (s->s3->client_opaque_prf_input != NULL) 2967238405Sjkim OPENSSL_free(s->s3->client_opaque_prf_input); 2968238405Sjkim if (s->s3->server_opaque_prf_input != NULL) 2969238405Sjkim OPENSSL_free(s->s3->server_opaque_prf_input); 2970238405Sjkim#endif 2971238405Sjkim 297255714Skris ssl3_cleanup_key_block(s); 297355714Skris if (s->s3->rbuf.buf != NULL) 2974238405Sjkim ssl3_release_read_buffer(s); 297555714Skris if (s->s3->wbuf.buf != NULL) 2976238405Sjkim ssl3_release_write_buffer(s); 297755714Skris if (s->s3->rrec.comp != NULL) 297868651Skris OPENSSL_free(s->s3->rrec.comp); 2979109998Smarkm#ifndef OPENSSL_NO_DH 298055714Skris if (s->s3->tmp.dh != NULL) 298155714Skris DH_free(s->s3->tmp.dh); 298255714Skris#endif 2983160814Ssimon#ifndef OPENSSL_NO_ECDH 2984160814Ssimon if (s->s3->tmp.ecdh != NULL) 2985160814Ssimon EC_KEY_free(s->s3->tmp.ecdh); 2986160814Ssimon#endif 2987160814Ssimon 298855714Skris if (s->s3->tmp.ca_names != NULL) 298955714Skris sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2990238405Sjkim if (s->s3->handshake_buffer) { 2991238405Sjkim BIO_free(s->s3->handshake_buffer); 2992238405Sjkim } 2993238405Sjkim if (s->s3->handshake_dgst) ssl3_free_digest_list(s); 2994238405Sjkim#ifndef OPENSSL_NO_SRP 2995238405Sjkim SSL_SRP_CTX_free(s); 2996238405Sjkim#endif 2997109998Smarkm OPENSSL_cleanse(s->s3,sizeof *s->s3); 299868651Skris OPENSSL_free(s->s3); 299955714Skris s->s3=NULL; 300055714Skris } 300155714Skris 300255714Skrisvoid ssl3_clear(SSL *s) 300355714Skris { 300455714Skris unsigned char *rp,*wp; 3005100928Snectar size_t rlen, wlen; 3006238405Sjkim int init_extra; 300755714Skris 3008238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 3009238405Sjkim if (s->s3->client_opaque_prf_input != NULL) 3010238405Sjkim OPENSSL_free(s->s3->client_opaque_prf_input); 3011238405Sjkim s->s3->client_opaque_prf_input = NULL; 3012238405Sjkim if (s->s3->server_opaque_prf_input != NULL) 3013238405Sjkim OPENSSL_free(s->s3->server_opaque_prf_input); 3014238405Sjkim s->s3->server_opaque_prf_input = NULL; 3015238405Sjkim#endif 3016238405Sjkim 301755714Skris ssl3_cleanup_key_block(s); 301855714Skris if (s->s3->tmp.ca_names != NULL) 301955714Skris sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 302055714Skris 302155714Skris if (s->s3->rrec.comp != NULL) 302255714Skris { 302368651Skris OPENSSL_free(s->s3->rrec.comp); 302455714Skris s->s3->rrec.comp=NULL; 302555714Skris } 3026109998Smarkm#ifndef OPENSSL_NO_DH 302759191Skris if (s->s3->tmp.dh != NULL) 3028225446Sdelphij { 302959191Skris DH_free(s->s3->tmp.dh); 3030225446Sdelphij s->s3->tmp.dh = NULL; 3031225446Sdelphij } 303259191Skris#endif 3033160814Ssimon#ifndef OPENSSL_NO_ECDH 3034160814Ssimon if (s->s3->tmp.ecdh != NULL) 3035225446Sdelphij { 3036160814Ssimon EC_KEY_free(s->s3->tmp.ecdh); 3037225446Sdelphij s->s3->tmp.ecdh = NULL; 3038225446Sdelphij } 3039160814Ssimon#endif 3040279264Sdelphij#ifndef OPENSSL_NO_TLSEXT 3041279264Sdelphij#ifndef OPENSSL_NO_EC 3042279264Sdelphij s->s3->is_probably_safari = 0; 3043279264Sdelphij#endif /* !OPENSSL_NO_EC */ 3044279264Sdelphij#endif /* !OPENSSL_NO_TLSEXT */ 304555714Skris 3046100928Snectar rp = s->s3->rbuf.buf; 3047100928Snectar wp = s->s3->wbuf.buf; 3048109998Smarkm rlen = s->s3->rbuf.len; 3049109998Smarkm wlen = s->s3->wbuf.len; 3050238405Sjkim init_extra = s->s3->init_extra; 3051238405Sjkim if (s->s3->handshake_buffer) { 3052238405Sjkim BIO_free(s->s3->handshake_buffer); 3053238405Sjkim s->s3->handshake_buffer = NULL; 3054238405Sjkim } 3055238405Sjkim if (s->s3->handshake_dgst) { 3056238405Sjkim ssl3_free_digest_list(s); 3057238405Sjkim } 305859191Skris memset(s->s3,0,sizeof *s->s3); 3059100928Snectar s->s3->rbuf.buf = rp; 3060100928Snectar s->s3->wbuf.buf = wp; 3061109998Smarkm s->s3->rbuf.len = rlen; 3062109998Smarkm s->s3->wbuf.len = wlen; 3063238405Sjkim s->s3->init_extra = init_extra; 306455714Skris 306555714Skris ssl_free_wbio_buffer(s); 306655714Skris 306755714Skris s->packet_length=0; 306855714Skris s->s3->renegotiate=0; 306955714Skris s->s3->total_renegotiations=0; 307055714Skris s->s3->num_renegotiations=0; 307155714Skris s->s3->in_read_app_data=0; 307255714Skris s->version=SSL3_VERSION; 3073238405Sjkim 3074238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3075238405Sjkim if (s->next_proto_negotiated) 3076238405Sjkim { 3077238405Sjkim OPENSSL_free(s->next_proto_negotiated); 3078238405Sjkim s->next_proto_negotiated = NULL; 3079238405Sjkim s->next_proto_negotiated_len = 0; 3080238405Sjkim } 3081238405Sjkim#endif 308255714Skris } 308355714Skris 3084238405Sjkim#ifndef OPENSSL_NO_SRP 3085238405Sjkimstatic char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg) 3086238405Sjkim { 3087238405Sjkim return BUF_strdup(s->srp_ctx.info) ; 3088238405Sjkim } 3089238405Sjkim#endif 3090238405Sjkim 3091109998Smarkmlong ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 309255714Skris { 309355714Skris int ret=0; 309455714Skris 3095109998Smarkm#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 309655714Skris if ( 3097109998Smarkm#ifndef OPENSSL_NO_RSA 309855714Skris cmd == SSL_CTRL_SET_TMP_RSA || 309955714Skris cmd == SSL_CTRL_SET_TMP_RSA_CB || 310055714Skris#endif 3101109998Smarkm#ifndef OPENSSL_NO_DSA 310255714Skris cmd == SSL_CTRL_SET_TMP_DH || 310355714Skris cmd == SSL_CTRL_SET_TMP_DH_CB || 310455714Skris#endif 310555714Skris 0) 310655714Skris { 310755714Skris if (!ssl_cert_inst(&s->cert)) 310855714Skris { 310955714Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 311055714Skris return(0); 311155714Skris } 311255714Skris } 311355714Skris#endif 311455714Skris 311555714Skris switch (cmd) 311655714Skris { 311755714Skris case SSL_CTRL_GET_SESSION_REUSED: 311855714Skris ret=s->hit; 311955714Skris break; 312055714Skris case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 312155714Skris break; 312255714Skris case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 312355714Skris ret=s->s3->num_renegotiations; 312455714Skris break; 312555714Skris case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 312655714Skris ret=s->s3->num_renegotiations; 312755714Skris s->s3->num_renegotiations=0; 312855714Skris break; 312955714Skris case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 313055714Skris ret=s->s3->total_renegotiations; 313155714Skris break; 313255714Skris case SSL_CTRL_GET_FLAGS: 313355714Skris ret=(int)(s->s3->flags); 313455714Skris break; 3135109998Smarkm#ifndef OPENSSL_NO_RSA 313655714Skris case SSL_CTRL_NEED_TMP_RSA: 313755714Skris if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 313855714Skris ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 313955714Skris (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) 314055714Skris ret = 1; 314155714Skris break; 314255714Skris case SSL_CTRL_SET_TMP_RSA: 314355714Skris { 314455714Skris RSA *rsa = (RSA *)parg; 314559191Skris if (rsa == NULL) 314659191Skris { 314755714Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 314855714Skris return(ret); 314959191Skris } 315059191Skris if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 315159191Skris { 315255714Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 315355714Skris return(ret); 315459191Skris } 315555714Skris if (s->cert->rsa_tmp != NULL) 315655714Skris RSA_free(s->cert->rsa_tmp); 315755714Skris s->cert->rsa_tmp = rsa; 315855714Skris ret = 1; 315955714Skris } 316055714Skris break; 316155714Skris case SSL_CTRL_SET_TMP_RSA_CB: 316259191Skris { 316359191Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 316459191Skris return(ret); 316559191Skris } 316655714Skris break; 316755714Skris#endif 3168109998Smarkm#ifndef OPENSSL_NO_DH 316955714Skris case SSL_CTRL_SET_TMP_DH: 317055714Skris { 317155714Skris DH *dh = (DH *)parg; 317259191Skris if (dh == NULL) 317359191Skris { 317455714Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 317555714Skris return(ret); 317659191Skris } 317759191Skris if ((dh = DHparams_dup(dh)) == NULL) 317859191Skris { 317955714Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 318055714Skris return(ret); 318159191Skris } 318259191Skris if (!(s->options & SSL_OP_SINGLE_DH_USE)) 318359191Skris { 318459191Skris if (!DH_generate_key(dh)) 318559191Skris { 318659191Skris DH_free(dh); 318759191Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 318859191Skris return(ret); 318959191Skris } 319059191Skris } 319155714Skris if (s->cert->dh_tmp != NULL) 319255714Skris DH_free(s->cert->dh_tmp); 319355714Skris s->cert->dh_tmp = dh; 319455714Skris ret = 1; 319555714Skris } 319655714Skris break; 319755714Skris case SSL_CTRL_SET_TMP_DH_CB: 319859191Skris { 319959191Skris SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 320059191Skris return(ret); 320159191Skris } 320255714Skris break; 320355714Skris#endif 3204160814Ssimon#ifndef OPENSSL_NO_ECDH 3205160814Ssimon case SSL_CTRL_SET_TMP_ECDH: 3206160814Ssimon { 3207160814Ssimon EC_KEY *ecdh = NULL; 3208160814Ssimon 3209160814Ssimon if (parg == NULL) 3210160814Ssimon { 3211160814Ssimon SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3212160814Ssimon return(ret); 3213160814Ssimon } 3214160814Ssimon if (!EC_KEY_up_ref((EC_KEY *)parg)) 3215160814Ssimon { 3216160814Ssimon SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3217160814Ssimon return(ret); 3218160814Ssimon } 3219160814Ssimon ecdh = (EC_KEY *)parg; 3220160814Ssimon if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) 3221160814Ssimon { 3222160814Ssimon if (!EC_KEY_generate_key(ecdh)) 3223160814Ssimon { 3224160814Ssimon EC_KEY_free(ecdh); 3225160814Ssimon SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); 3226160814Ssimon return(ret); 3227160814Ssimon } 3228160814Ssimon } 3229160814Ssimon if (s->cert->ecdh_tmp != NULL) 3230160814Ssimon EC_KEY_free(s->cert->ecdh_tmp); 3231160814Ssimon s->cert->ecdh_tmp = ecdh; 3232160814Ssimon ret = 1; 3233160814Ssimon } 3234160814Ssimon break; 3235160814Ssimon case SSL_CTRL_SET_TMP_ECDH_CB: 3236160814Ssimon { 3237160814Ssimon SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3238160814Ssimon return(ret); 3239160814Ssimon } 3240160814Ssimon break; 3241160814Ssimon#endif /* !OPENSSL_NO_ECDH */ 3242194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3243194206Ssimon case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3244194206Ssimon if (larg == TLSEXT_NAMETYPE_host_name) 3245194206Ssimon { 3246194206Ssimon if (s->tlsext_hostname != NULL) 3247194206Ssimon OPENSSL_free(s->tlsext_hostname); 3248194206Ssimon s->tlsext_hostname = NULL; 3249194206Ssimon 3250194206Ssimon ret = 1; 3251194206Ssimon if (parg == NULL) 3252194206Ssimon break; 3253194206Ssimon if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) 3254194206Ssimon { 3255194206Ssimon SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3256194206Ssimon return 0; 3257194206Ssimon } 3258194206Ssimon if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) 3259194206Ssimon { 3260194206Ssimon SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3261194206Ssimon return 0; 3262194206Ssimon } 3263194206Ssimon } 3264194206Ssimon else 3265194206Ssimon { 3266194206Ssimon SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3267194206Ssimon return 0; 3268194206Ssimon } 3269194206Ssimon break; 3270194206Ssimon case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3271194206Ssimon s->tlsext_debug_arg=parg; 3272194206Ssimon ret = 1; 3273194206Ssimon break; 3274238405Sjkim 3275238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 3276238405Sjkim case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3277238405Sjkim if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message 3278238405Sjkim * (including the cert chain and everything) */ 3279238405Sjkim { 3280238405Sjkim SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3281238405Sjkim break; 3282238405Sjkim } 3283238405Sjkim if (s->tlsext_opaque_prf_input != NULL) 3284238405Sjkim OPENSSL_free(s->tlsext_opaque_prf_input); 3285238405Sjkim if ((size_t)larg == 0) 3286238405Sjkim s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ 3287238405Sjkim else 3288238405Sjkim s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3289238405Sjkim if (s->tlsext_opaque_prf_input != NULL) 3290238405Sjkim { 3291238405Sjkim s->tlsext_opaque_prf_input_len = (size_t)larg; 3292238405Sjkim ret = 1; 3293238405Sjkim } 3294238405Sjkim else 3295238405Sjkim s->tlsext_opaque_prf_input_len = 0; 3296238405Sjkim break; 3297238405Sjkim#endif 3298238405Sjkim 3299194206Ssimon case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3300194206Ssimon s->tlsext_status_type=larg; 3301194206Ssimon ret = 1; 3302194206Ssimon break; 3303194206Ssimon 3304194206Ssimon case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 3305194206Ssimon *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 3306194206Ssimon ret = 1; 3307194206Ssimon break; 3308194206Ssimon 3309194206Ssimon case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 3310194206Ssimon s->tlsext_ocsp_exts = parg; 3311194206Ssimon ret = 1; 3312194206Ssimon break; 3313194206Ssimon 3314194206Ssimon case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 3315194206Ssimon *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 3316194206Ssimon ret = 1; 3317194206Ssimon break; 3318194206Ssimon 3319194206Ssimon case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 3320194206Ssimon s->tlsext_ocsp_ids = parg; 3321194206Ssimon ret = 1; 3322194206Ssimon break; 3323194206Ssimon 3324194206Ssimon case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3325194206Ssimon *(unsigned char **)parg = s->tlsext_ocsp_resp; 3326194206Ssimon return s->tlsext_ocsp_resplen; 3327194206Ssimon 3328194206Ssimon case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3329194206Ssimon if (s->tlsext_ocsp_resp) 3330194206Ssimon OPENSSL_free(s->tlsext_ocsp_resp); 3331194206Ssimon s->tlsext_ocsp_resp = parg; 3332194206Ssimon s->tlsext_ocsp_resplen = larg; 3333194206Ssimon ret = 1; 3334194206Ssimon break; 3335194206Ssimon 3336238405Sjkim#ifndef OPENSSL_NO_HEARTBEATS 3337238405Sjkim case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: 3338238405Sjkim if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 3339238405Sjkim ret = dtls1_heartbeat(s); 3340238405Sjkim else 3341238405Sjkim ret = tls1_heartbeat(s); 3342238405Sjkim break; 3343238405Sjkim 3344238405Sjkim case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING: 3345238405Sjkim ret = s->tlsext_hb_pending; 3346238405Sjkim break; 3347238405Sjkim 3348238405Sjkim case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS: 3349238405Sjkim if (larg) 3350238405Sjkim s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3351238405Sjkim else 3352238405Sjkim s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3353238405Sjkim ret = 1; 3354238405Sjkim break; 3355238405Sjkim#endif 3356238405Sjkim 3357194206Ssimon#endif /* !OPENSSL_NO_TLSEXT */ 3358273415Sdelphij 3359273415Sdelphij case SSL_CTRL_CHECK_PROTO_VERSION: 3360273415Sdelphij /* For library-internal use; checks that the current protocol 3361273415Sdelphij * is the highest enabled version (according to s->ctx->method, 3362273415Sdelphij * as version negotiation may have changed s->method). */ 3363273415Sdelphij if (s->version == s->ctx->method->version) 3364273415Sdelphij return 1; 3365273415Sdelphij /* Apparently we're using a version-flexible SSL_METHOD 3366273415Sdelphij * (not at its highest protocol version). */ 3367273415Sdelphij if (s->ctx->method->version == SSLv23_method()->version) 3368273415Sdelphij { 3369273415Sdelphij#if TLS_MAX_VERSION != TLS1_2_VERSION 3370273415Sdelphij# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. 3371273415Sdelphij#endif 3372273415Sdelphij if (!(s->options & SSL_OP_NO_TLSv1_2)) 3373273415Sdelphij return s->version == TLS1_2_VERSION; 3374273415Sdelphij if (!(s->options & SSL_OP_NO_TLSv1_1)) 3375273415Sdelphij return s->version == TLS1_1_VERSION; 3376273415Sdelphij if (!(s->options & SSL_OP_NO_TLSv1)) 3377273415Sdelphij return s->version == TLS1_VERSION; 3378273415Sdelphij if (!(s->options & SSL_OP_NO_SSLv3)) 3379273415Sdelphij return s->version == SSL3_VERSION; 3380273415Sdelphij if (!(s->options & SSL_OP_NO_SSLv2)) 3381273415Sdelphij return s->version == SSL2_VERSION; 3382273415Sdelphij } 3383273415Sdelphij return 0; /* Unexpected state; fail closed. */ 3384273415Sdelphij 338555714Skris default: 338655714Skris break; 338755714Skris } 338855714Skris return(ret); 338955714Skris } 339055714Skris 3391160814Ssimonlong ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 339259191Skris { 339359191Skris int ret=0; 339459191Skris 3395109998Smarkm#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 339659191Skris if ( 3397109998Smarkm#ifndef OPENSSL_NO_RSA 339859191Skris cmd == SSL_CTRL_SET_TMP_RSA_CB || 339959191Skris#endif 3400109998Smarkm#ifndef OPENSSL_NO_DSA 340159191Skris cmd == SSL_CTRL_SET_TMP_DH_CB || 340259191Skris#endif 340359191Skris 0) 340459191Skris { 340559191Skris if (!ssl_cert_inst(&s->cert)) 340659191Skris { 340759191Skris SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 340859191Skris return(0); 340959191Skris } 341059191Skris } 341159191Skris#endif 341259191Skris 341359191Skris switch (cmd) 341459191Skris { 3415109998Smarkm#ifndef OPENSSL_NO_RSA 341659191Skris case SSL_CTRL_SET_TMP_RSA_CB: 341759191Skris { 341859191Skris s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 341959191Skris } 342059191Skris break; 342159191Skris#endif 3422109998Smarkm#ifndef OPENSSL_NO_DH 342359191Skris case SSL_CTRL_SET_TMP_DH_CB: 342459191Skris { 342559191Skris s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 342659191Skris } 342759191Skris break; 342859191Skris#endif 3429160814Ssimon#ifndef OPENSSL_NO_ECDH 3430160814Ssimon case SSL_CTRL_SET_TMP_ECDH_CB: 3431160814Ssimon { 3432160814Ssimon s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3433160814Ssimon } 3434160814Ssimon break; 3435160814Ssimon#endif 3436194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3437194206Ssimon case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3438194206Ssimon s->tlsext_debug_cb=(void (*)(SSL *,int ,int, 3439194206Ssimon unsigned char *, int, void *))fp; 3440194206Ssimon break; 3441194206Ssimon#endif 344259191Skris default: 344359191Skris break; 344459191Skris } 344559191Skris return(ret); 344659191Skris } 344759191Skris 3448109998Smarkmlong ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 344955714Skris { 345055714Skris CERT *cert; 345155714Skris 345255714Skris cert=ctx->cert; 345355714Skris 345455714Skris switch (cmd) 345555714Skris { 3456109998Smarkm#ifndef OPENSSL_NO_RSA 345755714Skris case SSL_CTRL_NEED_TMP_RSA: 345855714Skris if ( (cert->rsa_tmp == NULL) && 345955714Skris ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 346055714Skris (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) 346155714Skris ) 346255714Skris return(1); 346355714Skris else 346455714Skris return(0); 346555714Skris /* break; */ 346655714Skris case SSL_CTRL_SET_TMP_RSA: 346755714Skris { 346855714Skris RSA *rsa; 346955714Skris int i; 347055714Skris 347155714Skris rsa=(RSA *)parg; 347255714Skris i=1; 347355714Skris if (rsa == NULL) 347455714Skris i=0; 347555714Skris else 347655714Skris { 347755714Skris if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) 347855714Skris i=0; 347955714Skris } 348055714Skris if (!i) 348155714Skris { 348255714Skris SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); 348355714Skris return(0); 348455714Skris } 348555714Skris else 348655714Skris { 348755714Skris if (cert->rsa_tmp != NULL) 348855714Skris RSA_free(cert->rsa_tmp); 348955714Skris cert->rsa_tmp=rsa; 349055714Skris return(1); 349155714Skris } 349255714Skris } 349355714Skris /* break; */ 349455714Skris case SSL_CTRL_SET_TMP_RSA_CB: 349559191Skris { 349659191Skris SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 349759191Skris return(0); 349859191Skris } 349955714Skris break; 350055714Skris#endif 3501109998Smarkm#ifndef OPENSSL_NO_DH 350255714Skris case SSL_CTRL_SET_TMP_DH: 350355714Skris { 350455714Skris DH *new=NULL,*dh; 350555714Skris 350655714Skris dh=(DH *)parg; 350759191Skris if ((new=DHparams_dup(dh)) == NULL) 350855714Skris { 350955714Skris SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); 351059191Skris return 0; 351155714Skris } 351259191Skris if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) 351355714Skris { 351459191Skris if (!DH_generate_key(new)) 351559191Skris { 351659191Skris SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); 351759191Skris DH_free(new); 351859191Skris return 0; 351959191Skris } 352055714Skris } 352159191Skris if (cert->dh_tmp != NULL) 352259191Skris DH_free(cert->dh_tmp); 352359191Skris cert->dh_tmp=new; 352459191Skris return 1; 352555714Skris } 352655714Skris /*break; */ 352755714Skris case SSL_CTRL_SET_TMP_DH_CB: 352859191Skris { 352959191Skris SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 353059191Skris return(0); 353159191Skris } 353255714Skris break; 353355714Skris#endif 3534160814Ssimon#ifndef OPENSSL_NO_ECDH 3535160814Ssimon case SSL_CTRL_SET_TMP_ECDH: 3536160814Ssimon { 3537160814Ssimon EC_KEY *ecdh = NULL; 3538160814Ssimon 3539160814Ssimon if (parg == NULL) 3540160814Ssimon { 3541160814Ssimon SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3542160814Ssimon return 0; 3543160814Ssimon } 3544160814Ssimon ecdh = EC_KEY_dup((EC_KEY *)parg); 3545160814Ssimon if (ecdh == NULL) 3546160814Ssimon { 3547160814Ssimon SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); 3548160814Ssimon return 0; 3549160814Ssimon } 3550160814Ssimon if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) 3551160814Ssimon { 3552160814Ssimon if (!EC_KEY_generate_key(ecdh)) 3553160814Ssimon { 3554160814Ssimon EC_KEY_free(ecdh); 3555160814Ssimon SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); 3556160814Ssimon return 0; 3557160814Ssimon } 3558160814Ssimon } 3559160814Ssimon 3560160814Ssimon if (cert->ecdh_tmp != NULL) 3561160814Ssimon { 3562160814Ssimon EC_KEY_free(cert->ecdh_tmp); 3563160814Ssimon } 3564160814Ssimon cert->ecdh_tmp = ecdh; 3565160814Ssimon return 1; 3566160814Ssimon } 3567160814Ssimon /* break; */ 3568160814Ssimon case SSL_CTRL_SET_TMP_ECDH_CB: 3569160814Ssimon { 3570160814Ssimon SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3571160814Ssimon return(0); 3572160814Ssimon } 3573160814Ssimon break; 3574160814Ssimon#endif /* !OPENSSL_NO_ECDH */ 3575194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3576194206Ssimon case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3577194206Ssimon ctx->tlsext_servername_arg=parg; 3578194206Ssimon break; 3579194206Ssimon case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3580194206Ssimon case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3581194206Ssimon { 3582194206Ssimon unsigned char *keys = parg; 3583194206Ssimon if (!keys) 3584194206Ssimon return 48; 3585194206Ssimon if (larg != 48) 3586194206Ssimon { 3587194206Ssimon SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3588194206Ssimon return 0; 3589194206Ssimon } 3590194206Ssimon if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) 3591194206Ssimon { 3592194206Ssimon memcpy(ctx->tlsext_tick_key_name, keys, 16); 3593194206Ssimon memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 3594194206Ssimon memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 3595194206Ssimon } 3596194206Ssimon else 3597194206Ssimon { 3598194206Ssimon memcpy(keys, ctx->tlsext_tick_key_name, 16); 3599194206Ssimon memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3600194206Ssimon memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3601194206Ssimon } 3602194206Ssimon return 1; 3603194206Ssimon } 3604238405Sjkim 3605238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 3606238405Sjkim case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: 3607238405Sjkim ctx->tlsext_opaque_prf_input_callback_arg = parg; 3608238405Sjkim return 1; 3609238405Sjkim#endif 3610238405Sjkim 3611194206Ssimon case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3612194206Ssimon ctx->tlsext_status_arg=parg; 3613194206Ssimon return 1; 3614194206Ssimon break; 3615194206Ssimon 3616238405Sjkim#ifndef OPENSSL_NO_SRP 3617238405Sjkim case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: 3618238405Sjkim ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3619238405Sjkim if (ctx->srp_ctx.login != NULL) 3620238405Sjkim OPENSSL_free(ctx->srp_ctx.login); 3621238405Sjkim ctx->srp_ctx.login = NULL; 3622238405Sjkim if (parg == NULL) 3623238405Sjkim break; 3624238405Sjkim if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) 3625238405Sjkim { 3626238405Sjkim SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3627238405Sjkim return 0; 3628238405Sjkim } 3629238405Sjkim if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) 3630238405Sjkim { 3631238405Sjkim SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3632238405Sjkim return 0; 3633238405Sjkim } 3634238405Sjkim break; 3635238405Sjkim case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3636238405Sjkim ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb; 3637238405Sjkim ctx->srp_ctx.info=parg; 3638238405Sjkim break; 3639238405Sjkim case SSL_CTRL_SET_SRP_ARG: 3640238405Sjkim ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3641238405Sjkim ctx->srp_ctx.SRP_cb_arg=parg; 3642238405Sjkim break; 3643238405Sjkim 3644238405Sjkim case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3645238405Sjkim ctx->srp_ctx.strength=larg; 3646238405Sjkim break; 3647238405Sjkim#endif 3648194206Ssimon#endif /* !OPENSSL_NO_TLSEXT */ 3649238405Sjkim 365055714Skris /* A Thawte special :-) */ 365155714Skris case SSL_CTRL_EXTRA_CHAIN_CERT: 365255714Skris if (ctx->extra_certs == NULL) 365355714Skris { 365455714Skris if ((ctx->extra_certs=sk_X509_new_null()) == NULL) 365555714Skris return(0); 365655714Skris } 365755714Skris sk_X509_push(ctx->extra_certs,(X509 *)parg); 365855714Skris break; 365955714Skris 3660238405Sjkim case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3661238405Sjkim *(STACK_OF(X509) **)parg = ctx->extra_certs; 3662238405Sjkim break; 3663238405Sjkim 3664238405Sjkim case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3665238405Sjkim if (ctx->extra_certs) 3666238405Sjkim { 3667238405Sjkim sk_X509_pop_free(ctx->extra_certs, X509_free); 3668238405Sjkim ctx->extra_certs = NULL; 3669238405Sjkim } 3670238405Sjkim break; 3671238405Sjkim 367255714Skris default: 367355714Skris return(0); 367455714Skris } 367555714Skris return(1); 367655714Skris } 367755714Skris 3678160814Ssimonlong ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 367959191Skris { 368059191Skris CERT *cert; 368159191Skris 368259191Skris cert=ctx->cert; 368359191Skris 368459191Skris switch (cmd) 368559191Skris { 3686109998Smarkm#ifndef OPENSSL_NO_RSA 368759191Skris case SSL_CTRL_SET_TMP_RSA_CB: 368859191Skris { 368959191Skris cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 369059191Skris } 369159191Skris break; 369259191Skris#endif 3693109998Smarkm#ifndef OPENSSL_NO_DH 369459191Skris case SSL_CTRL_SET_TMP_DH_CB: 369559191Skris { 369659191Skris cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 369759191Skris } 369859191Skris break; 369959191Skris#endif 3700160814Ssimon#ifndef OPENSSL_NO_ECDH 3701160814Ssimon case SSL_CTRL_SET_TMP_ECDH_CB: 3702160814Ssimon { 3703160814Ssimon cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3704160814Ssimon } 3705160814Ssimon break; 3706160814Ssimon#endif 3707194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3708194206Ssimon case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3709194206Ssimon ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 3710194206Ssimon break; 3711238405Sjkim 3712238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 3713238405Sjkim case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3714238405Sjkim ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; 3715238405Sjkim break; 3716238405Sjkim#endif 3717238405Sjkim 3718194206Ssimon case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3719194206Ssimon ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 3720194206Ssimon break; 3721194206Ssimon 3722194206Ssimon case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3723194206Ssimon ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, 3724194206Ssimon unsigned char *, 3725194206Ssimon EVP_CIPHER_CTX *, 3726194206Ssimon HMAC_CTX *, int))fp; 3727194206Ssimon break; 3728194206Ssimon 3729238405Sjkim#ifndef OPENSSL_NO_SRP 3730238405Sjkim case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3731238405Sjkim ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3732238405Sjkim ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp; 3733238405Sjkim break; 3734238405Sjkim case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3735238405Sjkim ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3736238405Sjkim ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp; 3737238405Sjkim break; 3738238405Sjkim case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3739238405Sjkim ctx->srp_ctx.srp_Mask|=SSL_kSRP; 3740238405Sjkim ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp; 3741238405Sjkim break; 3742194206Ssimon#endif 3743238405Sjkim#endif 3744273415Sdelphij 374559191Skris default: 374659191Skris return(0); 374759191Skris } 374859191Skris return(1); 374959191Skris } 375059191Skris 375155714Skris/* This function needs to check if the ciphers required are actually 375255714Skris * available */ 3753238405Sjkimconst SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 375455714Skris { 3755238405Sjkim SSL_CIPHER c; 3756238405Sjkim const SSL_CIPHER *cp; 375755714Skris unsigned long id; 375855714Skris 375955714Skris id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 376055714Skris c.id=id; 3761238405Sjkim cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3762238405Sjkim#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3763238405Sjkimif (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3764238405Sjkim#endif 3765160814Ssimon if (cp == NULL || cp->valid == 0) 3766160814Ssimon return NULL; 376755714Skris else 3768160814Ssimon return cp; 376955714Skris } 377055714Skris 377155714Skrisint ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 377255714Skris { 377355714Skris long l; 377455714Skris 377555714Skris if (p != NULL) 377655714Skris { 377755714Skris l=c->id; 377855714Skris if ((l & 0xff000000) != 0x03000000) return(0); 377955714Skris p[0]=((unsigned char)(l>> 8L))&0xFF; 378055714Skris p[1]=((unsigned char)(l ))&0xFF; 378155714Skris } 378255714Skris return(2); 378355714Skris } 378455714Skris 3785109998SmarkmSSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3786109998Smarkm STACK_OF(SSL_CIPHER) *srvr) 378755714Skris { 378855714Skris SSL_CIPHER *c,*ret=NULL; 3789109998Smarkm STACK_OF(SSL_CIPHER) *prio, *allow; 3790238405Sjkim int i,ii,ok; 3791238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3792238405Sjkim unsigned int j; 3793238405Sjkim int ec_ok, ec_nid; 3794238405Sjkim unsigned char ec_search1 = 0, ec_search2 = 0; 3795238405Sjkim#endif 379655714Skris CERT *cert; 3797238405Sjkim unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; 379855714Skris 379955714Skris /* Let's see which ciphers we can support */ 380055714Skris cert=s->cert; 380155714Skris 3802109998Smarkm#if 0 3803109998Smarkm /* Do not set the compare functions, because this may lead to a 3804109998Smarkm * reordering by "id". We want to keep the original ordering. 3805109998Smarkm * We may pay a price in performance during sk_SSL_CIPHER_find(), 3806109998Smarkm * but would have to pay with the price of sk_SSL_CIPHER_dup(). 3807109998Smarkm */ 3808109998Smarkm sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 3809109998Smarkm sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3810109998Smarkm#endif 381155714Skris 381255714Skris#ifdef CIPHER_DEBUG 3813279264Sdelphij fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3814238405Sjkim for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 3815238405Sjkim { 3816238405Sjkim c=sk_SSL_CIPHER_value(srvr,i); 3817279264Sdelphij fprintf(stderr, "%p:%s\n",(void *)c,c->name); 3818238405Sjkim } 3819279264Sdelphij fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3820238405Sjkim for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 382155714Skris { 3822109998Smarkm c=sk_SSL_CIPHER_value(clnt,i); 3823279264Sdelphij fprintf(stderr, "%p:%s\n",(void *)c,c->name); 3824109998Smarkm } 382555714Skris#endif 382655714Skris 3827109998Smarkm if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 3828238405Sjkim { 3829238405Sjkim prio = srvr; 3830238405Sjkim allow = clnt; 3831238405Sjkim } 3832109998Smarkm else 3833238405Sjkim { 3834238405Sjkim prio = clnt; 3835238405Sjkim allow = srvr; 3836238405Sjkim } 3837109998Smarkm 3838109998Smarkm for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 383955714Skris { 3840109998Smarkm c=sk_SSL_CIPHER_value(prio,i); 384155714Skris 3842238405Sjkim /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3843238405Sjkim if ((c->algorithm_ssl & SSL_TLSV1_2) && 3844238405Sjkim (TLS1_get_version(s) < TLS1_2_VERSION)) 3845238405Sjkim continue; 3846238405Sjkim 384755714Skris ssl_set_cert_masks(cert,c); 3848238405Sjkim mask_k = cert->mask_k; 3849238405Sjkim mask_a = cert->mask_a; 3850238405Sjkim emask_k = cert->export_mask_k; 3851238405Sjkim emask_a = cert->export_mask_a; 3852238405Sjkim#ifndef OPENSSL_NO_SRP 3853279264Sdelphij if (s->srp_ctx.srp_Mask & SSL_kSRP) 3854279264Sdelphij { 3855279264Sdelphij mask_k |= SSL_kSRP; 3856279264Sdelphij emask_k |= SSL_kSRP; 3857279264Sdelphij mask_a |= SSL_aSRP; 3858279264Sdelphij emask_a |= SSL_aSRP; 3859279264Sdelphij } 3860238405Sjkim#endif 3861279264Sdelphij 3862109998Smarkm#ifdef KSSL_DEBUG 3863279264Sdelphij/* fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3864109998Smarkm#endif /* KSSL_DEBUG */ 3865109998Smarkm 3866238405Sjkim alg_k=c->algorithm_mkey; 3867238405Sjkim alg_a=c->algorithm_auth; 3868238405Sjkim 3869109998Smarkm#ifndef OPENSSL_NO_KRB5 3870238405Sjkim if (alg_k & SSL_kKRB5) 3871238405Sjkim { 3872238405Sjkim if ( !kssl_keytab_is_available(s->kssl_ctx) ) 3873238405Sjkim continue; 3874238405Sjkim } 3875109998Smarkm#endif /* OPENSSL_NO_KRB5 */ 3876238405Sjkim#ifndef OPENSSL_NO_PSK 3877238405Sjkim /* with PSK there must be server callback set */ 3878238405Sjkim if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) 3879238405Sjkim continue; 3880238405Sjkim#endif /* OPENSSL_NO_PSK */ 3881238405Sjkim 388259191Skris if (SSL_C_IS_EXPORT(c)) 388355714Skris { 3884238405Sjkim ok = (alg_k & emask_k) && (alg_a & emask_a); 388555714Skris#ifdef CIPHER_DEBUG 3886279264Sdelphij fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a, 3887238405Sjkim (void *)c,c->name); 388855714Skris#endif 388955714Skris } 389055714Skris else 389155714Skris { 3892238405Sjkim ok = (alg_k & mask_k) && (alg_a & mask_a); 389355714Skris#ifdef CIPHER_DEBUG 3894279264Sdelphij fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c, 389555714Skris c->name); 389655714Skris#endif 389755714Skris } 389855714Skris 3899238405Sjkim#ifndef OPENSSL_NO_TLSEXT 3900238405Sjkim#ifndef OPENSSL_NO_EC 3901238405Sjkim if ( 3902238405Sjkim /* if we are considering an ECC cipher suite that uses our certificate */ 3903238405Sjkim (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3904238405Sjkim /* and we have an ECC certificate */ 3905238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3906238405Sjkim /* and the client specified a Supported Point Formats extension */ 3907238405Sjkim && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3908238405Sjkim /* and our certificate's point is compressed */ 3909238405Sjkim && ( 3910238405Sjkim (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3911238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 3912238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 3913238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 3914238405Sjkim && ( 3915238405Sjkim (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3916238405Sjkim || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 3917238405Sjkim ) 3918238405Sjkim ) 3919238405Sjkim ) 3920238405Sjkim { 3921238405Sjkim ec_ok = 0; 3922238405Sjkim /* if our certificate's curve is over a field type that the client does not support 3923238405Sjkim * then do not allow this cipher suite to be negotiated */ 3924238405Sjkim if ( 3925238405Sjkim (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3926238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3927238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3928238405Sjkim && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3929238405Sjkim ) 3930238405Sjkim { 3931238405Sjkim for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3932238405Sjkim { 3933238405Sjkim if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) 3934238405Sjkim { 3935238405Sjkim ec_ok = 1; 3936238405Sjkim break; 3937238405Sjkim } 3938238405Sjkim } 3939238405Sjkim } 3940238405Sjkim else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3941238405Sjkim { 3942238405Sjkim for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) 3943238405Sjkim { 3944238405Sjkim if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) 3945238405Sjkim { 3946238405Sjkim ec_ok = 1; 3947238405Sjkim break; 3948238405Sjkim } 3949238405Sjkim } 3950238405Sjkim } 3951238405Sjkim ok = ok && ec_ok; 3952238405Sjkim } 3953238405Sjkim if ( 3954238405Sjkim /* if we are considering an ECC cipher suite that uses our certificate */ 3955238405Sjkim (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3956238405Sjkim /* and we have an ECC certificate */ 3957238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3958238405Sjkim /* and the client specified an EllipticCurves extension */ 3959238405Sjkim && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3960238405Sjkim ) 3961238405Sjkim { 3962238405Sjkim ec_ok = 0; 3963238405Sjkim if ( 3964238405Sjkim (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3965238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3966238405Sjkim ) 3967238405Sjkim { 3968238405Sjkim ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3969238405Sjkim if ((ec_nid == 0) 3970238405Sjkim && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3971238405Sjkim ) 3972238405Sjkim { 3973238405Sjkim if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3974238405Sjkim { 3975238405Sjkim ec_search1 = 0xFF; 3976238405Sjkim ec_search2 = 0x01; 3977238405Sjkim } 3978238405Sjkim else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) 3979238405Sjkim { 3980238405Sjkim ec_search1 = 0xFF; 3981238405Sjkim ec_search2 = 0x02; 3982238405Sjkim } 3983238405Sjkim } 3984238405Sjkim else 3985238405Sjkim { 3986238405Sjkim ec_search1 = 0x00; 3987238405Sjkim ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3988238405Sjkim } 3989238405Sjkim if ((ec_search1 != 0) || (ec_search2 != 0)) 3990238405Sjkim { 3991238405Sjkim for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 3992238405Sjkim { 3993238405Sjkim if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) 3994238405Sjkim { 3995238405Sjkim ec_ok = 1; 3996238405Sjkim break; 3997238405Sjkim } 3998238405Sjkim } 3999238405Sjkim } 4000238405Sjkim } 4001238405Sjkim ok = ok && ec_ok; 4002238405Sjkim } 4003279264Sdelphij#ifndef OPENSSL_NO_ECDH 4004238405Sjkim if ( 4005238405Sjkim /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 4006238405Sjkim (alg_k & SSL_kEECDH) 4007238405Sjkim /* and we have an ephemeral EC key */ 4008238405Sjkim && (s->cert->ecdh_tmp != NULL) 4009238405Sjkim /* and the client specified an EllipticCurves extension */ 4010238405Sjkim && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 4011238405Sjkim ) 4012238405Sjkim { 4013238405Sjkim ec_ok = 0; 4014238405Sjkim if (s->cert->ecdh_tmp->group != NULL) 4015238405Sjkim { 4016238405Sjkim ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 4017238405Sjkim if ((ec_nid == 0) 4018238405Sjkim && (s->cert->ecdh_tmp->group->meth != NULL) 4019238405Sjkim ) 4020238405Sjkim { 4021238405Sjkim if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) 4022238405Sjkim { 4023238405Sjkim ec_search1 = 0xFF; 4024238405Sjkim ec_search2 = 0x01; 4025238405Sjkim } 4026238405Sjkim else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) 4027238405Sjkim { 4028238405Sjkim ec_search1 = 0xFF; 4029238405Sjkim ec_search2 = 0x02; 4030238405Sjkim } 4031238405Sjkim } 4032238405Sjkim else 4033238405Sjkim { 4034238405Sjkim ec_search1 = 0x00; 4035238405Sjkim ec_search2 = tls1_ec_nid2curve_id(ec_nid); 4036238405Sjkim } 4037238405Sjkim if ((ec_search1 != 0) || (ec_search2 != 0)) 4038238405Sjkim { 4039238405Sjkim for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) 4040238405Sjkim { 4041238405Sjkim if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2)) 4042238405Sjkim { 4043238405Sjkim ec_ok = 1; 4044238405Sjkim break; 4045238405Sjkim } 4046238405Sjkim } 4047238405Sjkim } 4048238405Sjkim } 4049238405Sjkim ok = ok && ec_ok; 4050238405Sjkim } 4051279264Sdelphij#endif /* OPENSSL_NO_ECDH */ 4052238405Sjkim#endif /* OPENSSL_NO_EC */ 4053238405Sjkim#endif /* OPENSSL_NO_TLSEXT */ 4054238405Sjkim 405555714Skris if (!ok) continue; 4056238405Sjkim ii=sk_SSL_CIPHER_find(allow,c); 4057238405Sjkim if (ii >= 0) 405855714Skris { 4059279264Sdelphij#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 4060279264Sdelphij if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) 4061279264Sdelphij { 4062279264Sdelphij if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); 4063279264Sdelphij continue; 4064279264Sdelphij } 4065279264Sdelphij#endif 4066238405Sjkim ret=sk_SSL_CIPHER_value(allow,ii); 406755714Skris break; 406855714Skris } 406955714Skris } 407055714Skris return(ret); 407155714Skris } 407255714Skris 407355714Skrisint ssl3_get_req_cert_type(SSL *s, unsigned char *p) 407455714Skris { 407555714Skris int ret=0; 4076238405Sjkim unsigned long alg_k; 407755714Skris 4078238405Sjkim alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 407955714Skris 4080238405Sjkim#ifndef OPENSSL_NO_GOST 4081238405Sjkim if (s->version >= TLS1_VERSION) 4082238405Sjkim { 4083238405Sjkim if (alg_k & SSL_kGOST) 4084238405Sjkim { 4085238405Sjkim p[ret++]=TLS_CT_GOST94_SIGN; 4086238405Sjkim p[ret++]=TLS_CT_GOST01_SIGN; 4087238405Sjkim return(ret); 4088238405Sjkim } 4089238405Sjkim } 4090238405Sjkim#endif 4091238405Sjkim 4092109998Smarkm#ifndef OPENSSL_NO_DH 4093238405Sjkim if (alg_k & (SSL_kDHr|SSL_kEDH)) 409455714Skris { 4095109998Smarkm# ifndef OPENSSL_NO_RSA 409655714Skris p[ret++]=SSL3_CT_RSA_FIXED_DH; 409755714Skris# endif 4098109998Smarkm# ifndef OPENSSL_NO_DSA 409955714Skris p[ret++]=SSL3_CT_DSS_FIXED_DH; 410055714Skris# endif 410155714Skris } 410255714Skris if ((s->version == SSL3_VERSION) && 4103238405Sjkim (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 410455714Skris { 4105109998Smarkm# ifndef OPENSSL_NO_RSA 410655714Skris p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 410755714Skris# endif 4108109998Smarkm# ifndef OPENSSL_NO_DSA 410955714Skris p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; 411055714Skris# endif 411155714Skris } 4112109998Smarkm#endif /* !OPENSSL_NO_DH */ 4113109998Smarkm#ifndef OPENSSL_NO_RSA 411455714Skris p[ret++]=SSL3_CT_RSA_SIGN; 411555714Skris#endif 4116109998Smarkm#ifndef OPENSSL_NO_DSA 411755714Skris p[ret++]=SSL3_CT_DSS_SIGN; 411855714Skris#endif 4119160814Ssimon#ifndef OPENSSL_NO_ECDH 4120238405Sjkim if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) 4121160814Ssimon { 4122160814Ssimon p[ret++]=TLS_CT_RSA_FIXED_ECDH; 4123160814Ssimon p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 4124160814Ssimon } 4125160814Ssimon#endif 4126160814Ssimon 4127160814Ssimon#ifndef OPENSSL_NO_ECDSA 4128160814Ssimon /* ECDSA certs can be used with RSA cipher suites as well 4129238405Sjkim * so we don't need to check for SSL_kECDH or SSL_kEECDH 4130160814Ssimon */ 4131160814Ssimon if (s->version >= TLS1_VERSION) 4132160814Ssimon { 4133160814Ssimon p[ret++]=TLS_CT_ECDSA_SIGN; 4134160814Ssimon } 4135160814Ssimon#endif 413655714Skris return(ret); 413755714Skris } 413855714Skris 413955714Skrisint ssl3_shutdown(SSL *s) 414055714Skris { 4141205128Ssimon int ret; 414255714Skris 414355714Skris /* Don't do anything much if we have not done the handshake or 414455714Skris * we don't want to send messages :-) */ 414555714Skris if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) 414655714Skris { 414755714Skris s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 414855714Skris return(1); 414955714Skris } 415055714Skris 415155714Skris if (!(s->shutdown & SSL_SENT_SHUTDOWN)) 415255714Skris { 415355714Skris s->shutdown|=SSL_SENT_SHUTDOWN; 415455714Skris#if 1 415555714Skris ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); 415655714Skris#endif 415755714Skris /* our shutdown alert has been sent now, and if it still needs 415855714Skris * to be written, s->s3->alert_dispatch will be true */ 4159205128Ssimon if (s->s3->alert_dispatch) 4160205128Ssimon return(-1); /* return WANT_WRITE */ 416155714Skris } 416255714Skris else if (s->s3->alert_dispatch) 416355714Skris { 416455714Skris /* resend it if not sent */ 416555714Skris#if 1 4166205128Ssimon ret=s->method->ssl_dispatch_alert(s); 4167205128Ssimon if(ret == -1) 4168205128Ssimon { 4169205128Ssimon /* we only get to return -1 here the 2nd/Nth 4170205128Ssimon * invocation, we must have already signalled 4171205128Ssimon * return 0 upon a previous invoation, 4172205128Ssimon * return WANT_WRITE */ 4173205128Ssimon return(ret); 4174205128Ssimon } 417555714Skris#endif 417655714Skris } 417755714Skris else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 417855714Skris { 417955714Skris /* If we are waiting for a close from our peer, we are closed */ 4180160814Ssimon s->method->ssl_read_bytes(s,0,NULL,0,0); 4181205128Ssimon if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 4182205128Ssimon { 4183205128Ssimon return(-1); /* return WANT_READ */ 4184205128Ssimon } 418555714Skris } 418655714Skris 418755714Skris if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 418855714Skris !s->s3->alert_dispatch) 418955714Skris return(1); 419055714Skris else 419155714Skris return(0); 419255714Skris } 419355714Skris 419455714Skrisint ssl3_write(SSL *s, const void *buf, int len) 419555714Skris { 419655714Skris int ret,n; 419755714Skris 419855714Skris#if 0 419955714Skris if (s->shutdown & SSL_SEND_SHUTDOWN) 420055714Skris { 420155714Skris s->rwstate=SSL_NOTHING; 420255714Skris return(0); 420355714Skris } 420455714Skris#endif 420555714Skris clear_sys_error(); 420655714Skris if (s->s3->renegotiate) ssl3_renegotiate_check(s); 420755714Skris 420855714Skris /* This is an experimental flag that sends the 420955714Skris * last handshake message in the same packet as the first 421055714Skris * use data - used to see if it helps the TCP protocol during 421155714Skris * session-id reuse */ 421255714Skris /* The second test is because the buffer may have been removed */ 421355714Skris if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) 421455714Skris { 421555714Skris /* First time through, we write into the buffer */ 421655714Skris if (s->s3->delay_buf_pop_ret == 0) 421755714Skris { 421855714Skris ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, 421955714Skris buf,len); 422055714Skris if (ret <= 0) return(ret); 422155714Skris 422255714Skris s->s3->delay_buf_pop_ret=ret; 422355714Skris } 422455714Skris 422555714Skris s->rwstate=SSL_WRITING; 422655714Skris n=BIO_flush(s->wbio); 422755714Skris if (n <= 0) return(n); 422855714Skris s->rwstate=SSL_NOTHING; 422955714Skris 423055714Skris /* We have flushed the buffer, so remove it */ 423155714Skris ssl_free_wbio_buffer(s); 423255714Skris s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 423355714Skris 423455714Skris ret=s->s3->delay_buf_pop_ret; 423555714Skris s->s3->delay_buf_pop_ret=0; 423655714Skris } 423755714Skris else 423855714Skris { 4239160814Ssimon ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, 4240160814Ssimon buf,len); 424155714Skris if (ret <= 0) return(ret); 424255714Skris } 424355714Skris 424455714Skris return(ret); 424555714Skris } 424655714Skris 424772613Skrisstatic int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 424855714Skris { 424955714Skris int ret; 425055714Skris 425155714Skris clear_sys_error(); 425255714Skris if (s->s3->renegotiate) ssl3_renegotiate_check(s); 425355714Skris s->s3->in_read_app_data=1; 4254160814Ssimon ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 4255100928Snectar if ((ret == -1) && (s->s3->in_read_app_data == 2)) 425655714Skris { 425759191Skris /* ssl3_read_bytes decided to call s->handshake_func, which 425859191Skris * called ssl3_read_bytes to read handshake data. 425959191Skris * However, ssl3_read_bytes actually found application data 4260100928Snectar * and thinks that application data makes sense here; so disable 426159191Skris * handshake processing and try to read application data again. */ 426255714Skris s->in_handshake++; 4263160814Ssimon ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); 426455714Skris s->in_handshake--; 426555714Skris } 426655714Skris else 426755714Skris s->s3->in_read_app_data=0; 426855714Skris 426955714Skris return(ret); 427055714Skris } 427155714Skris 427272613Skrisint ssl3_read(SSL *s, void *buf, int len) 427372613Skris { 427472613Skris return ssl3_read_internal(s, buf, len, 0); 427572613Skris } 427672613Skris 427776866Skrisint ssl3_peek(SSL *s, void *buf, int len) 427855714Skris { 427972613Skris return ssl3_read_internal(s, buf, len, 1); 428055714Skris } 428155714Skris 428255714Skrisint ssl3_renegotiate(SSL *s) 428355714Skris { 428455714Skris if (s->handshake_func == NULL) 428555714Skris return(1); 428655714Skris 428755714Skris if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 428855714Skris return(0); 428955714Skris 429055714Skris s->s3->renegotiate=1; 429155714Skris return(1); 429255714Skris } 429355714Skris 429455714Skrisint ssl3_renegotiate_check(SSL *s) 429555714Skris { 429655714Skris int ret=0; 429755714Skris 429855714Skris if (s->s3->renegotiate) 429955714Skris { 430055714Skris if ( (s->s3->rbuf.left == 0) && 430155714Skris (s->s3->wbuf.left == 0) && 430255714Skris !SSL_in_init(s)) 430355714Skris { 430455714Skris/* 430555714Skrisif we are the server, and we have sent a 'RENEGOTIATE' message, we 430659191Skrisneed to go to SSL_ST_ACCEPT. 430755714Skris*/ 430855714Skris /* SSL_ST_ACCEPT */ 430955714Skris s->state=SSL_ST_RENEGOTIATE; 431055714Skris s->s3->renegotiate=0; 431155714Skris s->s3->num_renegotiations++; 431255714Skris s->s3->total_renegotiations++; 431355714Skris ret=1; 431455714Skris } 431555714Skris } 431655714Skris return(ret); 431755714Skris } 4318238405Sjkim/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4319238405Sjkim * to new SHA256 PRF and handshake macs 4320238405Sjkim */ 4321238405Sjkimlong ssl_get_algorithm2(SSL *s) 4322238405Sjkim { 4323238405Sjkim long alg2 = s->s3->tmp.new_cipher->algorithm2; 4324260405Sdelphij if (s->method->version == TLS1_2_VERSION && 4325238405Sjkim alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4326238405Sjkim return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4327238405Sjkim return alg2; 4328238405Sjkim } 4329