| blob | 28129f68d9e69438556c49adfe5148046cc3ddc9 |
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124 /* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
151 #include <stdio.h>
152 #include <openssl/objects.h>
155 #include <openssl/md5.h>
156 #ifndef OPENSSL_NO_DH
157 # include <openssl/dh.h>
158 #endif
162 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
164 /* list of available SSLv3 ciphers (sorted by id) */
165 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
167 /* The RSA ciphers */
168 /* Cipher 01 */
169 {
171 SSL3_TXT_RSA_NULL_MD5,
172 SSL3_CK_RSA_NULL_MD5,
173 SSL_kRSA,
174 SSL_aRSA,
175 SSL_eNULL,
176 SSL_MD5,
177 SSL_SSLV3,
182 },
184 /* Cipher 02 */
185 {
187 SSL3_TXT_RSA_NULL_SHA,
188 SSL3_CK_RSA_NULL_SHA,
189 SSL_kRSA,
190 SSL_aRSA,
191 SSL_eNULL,
192 SSL_SHA1,
193 SSL_SSLV3,
198 },
200 /* Cipher 03 */
201 {
203 SSL3_TXT_RSA_RC4_40_MD5,
204 SSL3_CK_RSA_RC4_40_MD5,
205 SSL_kRSA,
206 SSL_aRSA,
207 SSL_RC4,
208 SSL_MD5,
209 SSL_SSLV3,
214 },
216 /* Cipher 04 */
217 {
219 SSL3_TXT_RSA_RC4_128_MD5,
220 SSL3_CK_RSA_RC4_128_MD5,
221 SSL_kRSA,
222 SSL_aRSA,
223 SSL_RC4,
224 SSL_MD5,
225 SSL_SSLV3,
230 },
232 /* Cipher 05 */
233 {
235 SSL3_TXT_RSA_RC4_128_SHA,
236 SSL3_CK_RSA_RC4_128_SHA,
237 SSL_kRSA,
238 SSL_aRSA,
239 SSL_RC4,
240 SSL_SHA1,
241 SSL_SSLV3,
246 },
248 /* Cipher 06 */
249 {
251 SSL3_TXT_RSA_RC2_40_MD5,
252 SSL3_CK_RSA_RC2_40_MD5,
253 SSL_kRSA,
254 SSL_aRSA,
255 SSL_RC2,
256 SSL_MD5,
257 SSL_SSLV3,
262 },
264 /* Cipher 07 */
265 #ifndef OPENSSL_NO_IDEA
266 {
268 SSL3_TXT_RSA_IDEA_128_SHA,
269 SSL3_CK_RSA_IDEA_128_SHA,
270 SSL_kRSA,
271 SSL_aRSA,
272 SSL_IDEA,
273 SSL_SHA1,
274 SSL_SSLV3,
279 },
280 #endif
282 /* Cipher 08 */
283 {
285 SSL3_TXT_RSA_DES_40_CBC_SHA,
286 SSL3_CK_RSA_DES_40_CBC_SHA,
287 SSL_kRSA,
288 SSL_aRSA,
289 SSL_DES,
290 SSL_SHA1,
291 SSL_SSLV3,
296 },
298 /* Cipher 09 */
299 {
301 SSL3_TXT_RSA_DES_64_CBC_SHA,
302 SSL3_CK_RSA_DES_64_CBC_SHA,
303 SSL_kRSA,
304 SSL_aRSA,
305 SSL_DES,
306 SSL_SHA1,
307 SSL_SSLV3,
312 },
314 /* Cipher 0A */
315 {
317 SSL3_TXT_RSA_DES_192_CBC3_SHA,
318 SSL3_CK_RSA_DES_192_CBC3_SHA,
319 SSL_kRSA,
320 SSL_aRSA,
321 SSL_3DES,
322 SSL_SHA1,
323 SSL_SSLV3,
328 },
330 /* The DH ciphers */
331 /* Cipher 0B */
332 {
334 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
335 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
336 SSL_kDHd,
337 SSL_aDH,
338 SSL_DES,
339 SSL_SHA1,
340 SSL_SSLV3,
345 },
347 /* Cipher 0C */
348 {
350 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
351 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
352 SSL_kDHd,
353 SSL_aDH,
354 SSL_DES,
355 SSL_SHA1,
356 SSL_SSLV3,
361 },
363 /* Cipher 0D */
364 {
366 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
367 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
368 SSL_kDHd,
369 SSL_aDH,
370 SSL_3DES,
371 SSL_SHA1,
372 SSL_SSLV3,
377 },
379 /* Cipher 0E */
380 {
382 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
383 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
384 SSL_kDHr,
385 SSL_aDH,
386 SSL_DES,
387 SSL_SHA1,
388 SSL_SSLV3,
393 },
395 /* Cipher 0F */
396 {
398 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
399 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
400 SSL_kDHr,
401 SSL_aDH,
402 SSL_DES,
403 SSL_SHA1,
404 SSL_SSLV3,
409 },
411 /* Cipher 10 */
412 {
414 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
415 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
416 SSL_kDHr,
417 SSL_aDH,
418 SSL_3DES,
419 SSL_SHA1,
420 SSL_SSLV3,
425 },
427 /* The Ephemeral DH ciphers */
428 /* Cipher 11 */
429 {
431 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
432 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
433 SSL_kEDH,
434 SSL_aDSS,
435 SSL_DES,
436 SSL_SHA1,
437 SSL_SSLV3,
442 },
444 /* Cipher 12 */
445 {
447 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
448 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
449 SSL_kEDH,
450 SSL_aDSS,
451 SSL_DES,
452 SSL_SHA1,
453 SSL_SSLV3,
458 },
460 /* Cipher 13 */
461 {
463 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
464 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
465 SSL_kEDH,
466 SSL_aDSS,
467 SSL_3DES,
468 SSL_SHA1,
469 SSL_SSLV3,
474 },
476 /* Cipher 14 */
477 {
479 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
480 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
481 SSL_kEDH,
482 SSL_aRSA,
483 SSL_DES,
484 SSL_SHA1,
485 SSL_SSLV3,
490 },
492 /* Cipher 15 */
493 {
495 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
496 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
497 SSL_kEDH,
498 SSL_aRSA,
499 SSL_DES,
500 SSL_SHA1,
501 SSL_SSLV3,
506 },
508 /* Cipher 16 */
509 {
511 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
512 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
513 SSL_kEDH,
514 SSL_aRSA,
515 SSL_3DES,
516 SSL_SHA1,
517 SSL_SSLV3,
522 },
524 /* Cipher 17 */
525 {
527 SSL3_TXT_ADH_RC4_40_MD5,
528 SSL3_CK_ADH_RC4_40_MD5,
529 SSL_kEDH,
530 SSL_aNULL,
531 SSL_RC4,
532 SSL_MD5,
533 SSL_SSLV3,
538 },
540 /* Cipher 18 */
541 {
543 SSL3_TXT_ADH_RC4_128_MD5,
544 SSL3_CK_ADH_RC4_128_MD5,
545 SSL_kEDH,
546 SSL_aNULL,
547 SSL_RC4,
548 SSL_MD5,
549 SSL_SSLV3,
554 },
556 /* Cipher 19 */
557 {
559 SSL3_TXT_ADH_DES_40_CBC_SHA,
560 SSL3_CK_ADH_DES_40_CBC_SHA,
561 SSL_kEDH,
562 SSL_aNULL,
563 SSL_DES,
564 SSL_SHA1,
565 SSL_SSLV3,
570 },
572 /* Cipher 1A */
573 {
575 SSL3_TXT_ADH_DES_64_CBC_SHA,
576 SSL3_CK_ADH_DES_64_CBC_SHA,
577 SSL_kEDH,
578 SSL_aNULL,
579 SSL_DES,
580 SSL_SHA1,
581 SSL_SSLV3,
586 },
588 /* Cipher 1B */
589 {
591 SSL3_TXT_ADH_DES_192_CBC_SHA,
592 SSL3_CK_ADH_DES_192_CBC_SHA,
593 SSL_kEDH,
594 SSL_aNULL,
595 SSL_3DES,
596 SSL_SHA1,
597 SSL_SSLV3,
602 },
604 /* Fortezza ciphersuite from SSL 3.0 spec */
605 #if 0
606 /* Cipher 1C */
607 {
609 SSL3_TXT_FZA_DMS_NULL_SHA,
610 SSL3_CK_FZA_DMS_NULL_SHA,
611 SSL_kFZA,
612 SSL_aFZA,
613 SSL_eNULL,
614 SSL_SHA1,
615 SSL_SSLV3,
620 },
622 /* Cipher 1D */
623 {
625 SSL3_TXT_FZA_DMS_FZA_SHA,
626 SSL3_CK_FZA_DMS_FZA_SHA,
627 SSL_kFZA,
628 SSL_aFZA,
629 SSL_eFZA,
630 SSL_SHA1,
631 SSL_SSLV3,
636 },
638 /* Cipher 1E */
639 {
641 SSL3_TXT_FZA_DMS_RC4_SHA,
642 SSL3_CK_FZA_DMS_RC4_SHA,
643 SSL_kFZA,
644 SSL_aFZA,
645 SSL_RC4,
646 SSL_SHA1,
647 SSL_SSLV3,
652 },
653 #endif
655 #ifndef OPENSSL_NO_KRB5
656 /* The Kerberos ciphers*/
657 /* Cipher 1E */
658 {
660 SSL3_TXT_KRB5_DES_64_CBC_SHA,
661 SSL3_CK_KRB5_DES_64_CBC_SHA,
662 SSL_kKRB5,
663 SSL_aKRB5,
664 SSL_DES,
665 SSL_SHA1,
666 SSL_SSLV3,
671 },
673 /* Cipher 1F */
674 {
676 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
677 SSL3_CK_KRB5_DES_192_CBC3_SHA,
678 SSL_kKRB5,
679 SSL_aKRB5,
680 SSL_3DES,
681 SSL_SHA1,
682 SSL_SSLV3,
687 },
689 /* Cipher 20 */
690 {
692 SSL3_TXT_KRB5_RC4_128_SHA,
693 SSL3_CK_KRB5_RC4_128_SHA,
694 SSL_kKRB5,
695 SSL_aKRB5,
696 SSL_RC4,
697 SSL_SHA1,
698 SSL_SSLV3,
703 },
705 /* Cipher 21 */
706 {
708 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
709 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
710 SSL_kKRB5,
711 SSL_aKRB5,
712 SSL_IDEA,
713 SSL_SHA1,
714 SSL_SSLV3,
719 },
721 /* Cipher 22 */
722 {
724 SSL3_TXT_KRB5_DES_64_CBC_MD5,
725 SSL3_CK_KRB5_DES_64_CBC_MD5,
726 SSL_kKRB5,
727 SSL_aKRB5,
728 SSL_DES,
729 SSL_MD5,
730 SSL_SSLV3,
735 },
737 /* Cipher 23 */
738 {
740 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
741 SSL3_CK_KRB5_DES_192_CBC3_MD5,
742 SSL_kKRB5,
743 SSL_aKRB5,
744 SSL_3DES,
745 SSL_MD5,
746 SSL_SSLV3,
751 },
753 /* Cipher 24 */
754 {
756 SSL3_TXT_KRB5_RC4_128_MD5,
757 SSL3_CK_KRB5_RC4_128_MD5,
758 SSL_kKRB5,
759 SSL_aKRB5,
760 SSL_RC4,
761 SSL_MD5,
762 SSL_SSLV3,
767 },
769 /* Cipher 25 */
770 {
772 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
773 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
774 SSL_kKRB5,
775 SSL_aKRB5,
776 SSL_IDEA,
777 SSL_MD5,
778 SSL_SSLV3,
783 },
785 /* Cipher 26 */
786 {
788 SSL3_TXT_KRB5_DES_40_CBC_SHA,
789 SSL3_CK_KRB5_DES_40_CBC_SHA,
790 SSL_kKRB5,
791 SSL_aKRB5,
792 SSL_DES,
793 SSL_SHA1,
794 SSL_SSLV3,
799 },
801 /* Cipher 27 */
802 {
804 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
805 SSL3_CK_KRB5_RC2_40_CBC_SHA,
806 SSL_kKRB5,
807 SSL_aKRB5,
808 SSL_RC2,
809 SSL_SHA1,
810 SSL_SSLV3,
815 },
817 /* Cipher 28 */
818 {
820 SSL3_TXT_KRB5_RC4_40_SHA,
821 SSL3_CK_KRB5_RC4_40_SHA,
822 SSL_kKRB5,
823 SSL_aKRB5,
824 SSL_RC4,
825 SSL_SHA1,
826 SSL_SSLV3,
831 },
833 /* Cipher 29 */
834 {
836 SSL3_TXT_KRB5_DES_40_CBC_MD5,
837 SSL3_CK_KRB5_DES_40_CBC_MD5,
838 SSL_kKRB5,
839 SSL_aKRB5,
840 SSL_DES,
841 SSL_MD5,
842 SSL_SSLV3,
847 },
849 /* Cipher 2A */
850 {
852 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
853 SSL3_CK_KRB5_RC2_40_CBC_MD5,
854 SSL_kKRB5,
855 SSL_aKRB5,
856 SSL_RC2,
857 SSL_MD5,
858 SSL_SSLV3,
863 },
865 /* Cipher 2B */
866 {
868 SSL3_TXT_KRB5_RC4_40_MD5,
869 SSL3_CK_KRB5_RC4_40_MD5,
870 SSL_kKRB5,
871 SSL_aKRB5,
872 SSL_RC4,
873 SSL_MD5,
874 SSL_SSLV3,
879 },
882 /* New AES ciphersuites */
883 /* Cipher 2F */
884 {
886 TLS1_TXT_RSA_WITH_AES_128_SHA,
887 TLS1_CK_RSA_WITH_AES_128_SHA,
888 SSL_kRSA,
889 SSL_aRSA,
890 SSL_AES128,
891 SSL_SHA1,
892 SSL_TLSV1,
897 },
898 /* Cipher 30 */
899 {
901 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
902 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
903 SSL_kDHd,
904 SSL_aDH,
905 SSL_AES128,
906 SSL_SHA1,
907 SSL_TLSV1,
912 },
913 /* Cipher 31 */
914 {
916 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
917 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
918 SSL_kDHr,
919 SSL_aDH,
920 SSL_AES128,
921 SSL_SHA1,
922 SSL_TLSV1,
927 },
928 /* Cipher 32 */
929 {
931 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
932 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
933 SSL_kEDH,
934 SSL_aDSS,
935 SSL_AES128,
936 SSL_SHA1,
937 SSL_TLSV1,
942 },
943 /* Cipher 33 */
944 {
946 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
947 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
948 SSL_kEDH,
949 SSL_aRSA,
950 SSL_AES128,
951 SSL_SHA1,
952 SSL_TLSV1,
957 },
958 /* Cipher 34 */
959 {
961 TLS1_TXT_ADH_WITH_AES_128_SHA,
962 TLS1_CK_ADH_WITH_AES_128_SHA,
963 SSL_kEDH,
964 SSL_aNULL,
965 SSL_AES128,
966 SSL_SHA1,
967 SSL_TLSV1,
972 },
974 /* Cipher 35 */
975 {
977 TLS1_TXT_RSA_WITH_AES_256_SHA,
978 TLS1_CK_RSA_WITH_AES_256_SHA,
979 SSL_kRSA,
980 SSL_aRSA,
981 SSL_AES256,
982 SSL_SHA1,
983 SSL_TLSV1,
988 },
989 /* Cipher 36 */
990 {
992 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
993 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
994 SSL_kDHd,
995 SSL_aDH,
996 SSL_AES256,
997 SSL_SHA1,
998 SSL_TLSV1,
1003 },
1005 /* Cipher 37 */
1006 {
1008 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1009 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1010 SSL_kDHr,
1011 SSL_aDH,
1012 SSL_AES256,
1013 SSL_SHA1,
1014 SSL_TLSV1,
1019 },
1021 /* Cipher 38 */
1022 {
1024 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1025 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1026 SSL_kEDH,
1027 SSL_aDSS,
1028 SSL_AES256,
1029 SSL_SHA1,
1030 SSL_TLSV1,
1035 },
1037 /* Cipher 39 */
1038 {
1040 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1041 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1042 SSL_kEDH,
1043 SSL_aRSA,
1044 SSL_AES256,
1045 SSL_SHA1,
1046 SSL_TLSV1,
1051 },
1053 /* Cipher 3A */
1054 {
1056 TLS1_TXT_ADH_WITH_AES_256_SHA,
1057 TLS1_CK_ADH_WITH_AES_256_SHA,
1058 SSL_kEDH,
1059 SSL_aNULL,
1060 SSL_AES256,
1061 SSL_SHA1,
1062 SSL_TLSV1,
1067 },
1069 /* TLS v1.2 ciphersuites */
1070 /* Cipher 3B */
1071 {
1073 TLS1_TXT_RSA_WITH_NULL_SHA256,
1074 TLS1_CK_RSA_WITH_NULL_SHA256,
1075 SSL_kRSA,
1076 SSL_aRSA,
1077 SSL_eNULL,
1078 SSL_SHA256,
1079 SSL_TLSV1_2,
1084 },
1086 /* Cipher 3C */
1087 {
1089 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1090 TLS1_CK_RSA_WITH_AES_128_SHA256,
1091 SSL_kRSA,
1092 SSL_aRSA,
1093 SSL_AES128,
1094 SSL_SHA256,
1095 SSL_TLSV1_2,
1100 },
1102 /* Cipher 3D */
1103 {
1105 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1106 TLS1_CK_RSA_WITH_AES_256_SHA256,
1107 SSL_kRSA,
1108 SSL_aRSA,
1109 SSL_AES256,
1110 SSL_SHA256,
1111 SSL_TLSV1_2,
1116 },
1118 /* Cipher 3E */
1119 {
1121 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1122 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1123 SSL_kDHd,
1124 SSL_aDH,
1125 SSL_AES128,
1126 SSL_SHA256,
1127 SSL_TLSV1_2,
1132 },
1134 /* Cipher 3F */
1135 {
1137 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1138 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1139 SSL_kDHr,
1140 SSL_aDH,
1141 SSL_AES128,
1142 SSL_SHA256,
1143 SSL_TLSV1_2,
1148 },
1150 /* Cipher 40 */
1151 {
1153 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1154 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1155 SSL_kEDH,
1156 SSL_aDSS,
1157 SSL_AES128,
1158 SSL_SHA256,
1159 SSL_TLSV1_2,
1164 },
1166 #ifndef OPENSSL_NO_CAMELLIA
1167 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1169 /* Cipher 41 */
1170 {
1172 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1173 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1174 SSL_kRSA,
1175 SSL_aRSA,
1176 SSL_CAMELLIA128,
1177 SSL_SHA1,
1178 SSL_TLSV1,
1183 },
1185 /* Cipher 42 */
1186 {
1188 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1189 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1190 SSL_kDHd,
1191 SSL_aDH,
1192 SSL_CAMELLIA128,
1193 SSL_SHA1,
1194 SSL_TLSV1,
1199 },
1201 /* Cipher 43 */
1202 {
1204 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1205 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1206 SSL_kDHr,
1207 SSL_aDH,
1208 SSL_CAMELLIA128,
1209 SSL_SHA1,
1210 SSL_TLSV1,
1215 },
1217 /* Cipher 44 */
1218 {
1220 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1221 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1222 SSL_kEDH,
1223 SSL_aDSS,
1224 SSL_CAMELLIA128,
1225 SSL_SHA1,
1226 SSL_TLSV1,
1231 },
1233 /* Cipher 45 */
1234 {
1236 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1237 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1238 SSL_kEDH,
1239 SSL_aRSA,
1240 SSL_CAMELLIA128,
1241 SSL_SHA1,
1242 SSL_TLSV1,
1247 },
1249 /* Cipher 46 */
1250 {
1252 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1253 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1254 SSL_kEDH,
1255 SSL_aNULL,
1256 SSL_CAMELLIA128,
1257 SSL_SHA1,
1258 SSL_TLSV1,
1263 },
1266 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1267 /* New TLS Export CipherSuites from expired ID */
1268 # if 0
1269 /* Cipher 60 */
1270 {
1272 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1273 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1274 SSL_kRSA,
1275 SSL_aRSA,
1276 SSL_RC4,
1277 SSL_MD5,
1278 SSL_TLSV1,
1283 },
1285 /* Cipher 61 */
1286 {
1288 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1289 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1290 SSL_kRSA,
1291 SSL_aRSA,
1292 SSL_RC2,
1293 SSL_MD5,
1294 SSL_TLSV1,
1299 },
1300 # endif
1302 /* Cipher 62 */
1303 {
1305 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1306 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1307 SSL_kRSA,
1308 SSL_aRSA,
1309 SSL_DES,
1310 SSL_SHA1,
1311 SSL_TLSV1,
1316 },
1318 /* Cipher 63 */
1319 {
1321 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1322 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1323 SSL_kEDH,
1324 SSL_aDSS,
1325 SSL_DES,
1326 SSL_SHA1,
1327 SSL_TLSV1,
1332 },
1334 /* Cipher 64 */
1335 {
1337 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1338 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1339 SSL_kRSA,
1340 SSL_aRSA,
1341 SSL_RC4,
1342 SSL_SHA1,
1343 SSL_TLSV1,
1348 },
1350 /* Cipher 65 */
1351 {
1353 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1354 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1355 SSL_kEDH,
1356 SSL_aDSS,
1357 SSL_RC4,
1358 SSL_SHA1,
1359 SSL_TLSV1,
1364 },
1366 /* Cipher 66 */
1367 {
1369 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1370 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1371 SSL_kEDH,
1372 SSL_aDSS,
1373 SSL_RC4,
1374 SSL_SHA1,
1375 SSL_TLSV1,
1380 },
1381 #endif
1383 /* TLS v1.2 ciphersuites */
1384 /* Cipher 67 */
1385 {
1387 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1388 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1389 SSL_kEDH,
1390 SSL_aRSA,
1391 SSL_AES128,
1392 SSL_SHA256,
1393 SSL_TLSV1_2,
1398 },
1400 /* Cipher 68 */
1401 {
1403 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1404 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1405 SSL_kDHd,
1406 SSL_aDH,
1407 SSL_AES256,
1408 SSL_SHA256,
1409 SSL_TLSV1_2,
1414 },
1416 /* Cipher 69 */
1417 {
1419 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1420 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1421 SSL_kDHr,
1422 SSL_aDH,
1423 SSL_AES256,
1424 SSL_SHA256,
1425 SSL_TLSV1_2,
1430 },
1432 /* Cipher 6A */
1433 {
1435 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1436 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1437 SSL_kEDH,
1438 SSL_aDSS,
1439 SSL_AES256,
1440 SSL_SHA256,
1441 SSL_TLSV1_2,
1446 },
1448 /* Cipher 6B */
1449 {
1451 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1452 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1453 SSL_kEDH,
1454 SSL_aRSA,
1455 SSL_AES256,
1456 SSL_SHA256,
1457 SSL_TLSV1_2,
1462 },
1464 /* Cipher 6C */
1465 {
1467 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1468 TLS1_CK_ADH_WITH_AES_128_SHA256,
1469 SSL_kEDH,
1470 SSL_aNULL,
1471 SSL_AES128,
1472 SSL_SHA256,
1473 SSL_TLSV1_2,
1478 },
1480 /* Cipher 6D */
1481 {
1483 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1484 TLS1_CK_ADH_WITH_AES_256_SHA256,
1485 SSL_kEDH,
1486 SSL_aNULL,
1487 SSL_AES256,
1488 SSL_SHA256,
1489 SSL_TLSV1_2,
1494 },
1496 /* GOST Ciphersuites */
1498 {
1502 SSL_kGOST,
1503 SSL_aGOST94,
1504 SSL_eGOST2814789CNT,
1505 SSL_GOST89MAC,
1506 SSL_TLSV1,
1511 {
1515 SSL_kGOST,
1516 SSL_aGOST01,
1517 SSL_eGOST2814789CNT,
1518 SSL_GOST89MAC,
1519 SSL_TLSV1,
1524 {
1528 SSL_kGOST,
1529 SSL_aGOST94,
1530 SSL_eNULL,
1531 SSL_GOST94,
1532 SSL_TLSV1,
1537 {
1541 SSL_kGOST,
1542 SSL_aGOST01,
1543 SSL_eNULL,
1544 SSL_GOST94,
1545 SSL_TLSV1,
1551 #ifndef OPENSSL_NO_CAMELLIA
1552 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1554 /* Cipher 84 */
1555 {
1557 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1558 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1559 SSL_kRSA,
1560 SSL_aRSA,
1561 SSL_CAMELLIA256,
1562 SSL_SHA1,
1563 SSL_TLSV1,
1568 },
1569 /* Cipher 85 */
1570 {
1572 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1573 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1574 SSL_kDHd,
1575 SSL_aDH,
1576 SSL_CAMELLIA256,
1577 SSL_SHA1,
1578 SSL_TLSV1,
1583 },
1585 /* Cipher 86 */
1586 {
1588 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1589 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1590 SSL_kDHr,
1591 SSL_aDH,
1592 SSL_CAMELLIA256,
1593 SSL_SHA1,
1594 SSL_TLSV1,
1599 },
1601 /* Cipher 87 */
1602 {
1604 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1605 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1606 SSL_kEDH,
1607 SSL_aDSS,
1608 SSL_CAMELLIA256,
1609 SSL_SHA1,
1610 SSL_TLSV1,
1615 },
1617 /* Cipher 88 */
1618 {
1620 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1621 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1622 SSL_kEDH,
1623 SSL_aRSA,
1624 SSL_CAMELLIA256,
1625 SSL_SHA1,
1626 SSL_TLSV1,
1631 },
1633 /* Cipher 89 */
1634 {
1636 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1637 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1638 SSL_kEDH,
1639 SSL_aNULL,
1640 SSL_CAMELLIA256,
1641 SSL_SHA1,
1642 SSL_TLSV1,
1647 },
1650 #ifndef OPENSSL_NO_PSK
1651 /* Cipher 8A */
1652 {
1654 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1655 TLS1_CK_PSK_WITH_RC4_128_SHA,
1656 SSL_kPSK,
1657 SSL_aPSK,
1658 SSL_RC4,
1659 SSL_SHA1,
1660 SSL_TLSV1,
1665 },
1667 /* Cipher 8B */
1668 {
1670 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1671 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1672 SSL_kPSK,
1673 SSL_aPSK,
1674 SSL_3DES,
1675 SSL_SHA1,
1676 SSL_TLSV1,
1681 },
1683 /* Cipher 8C */
1684 {
1686 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1687 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1688 SSL_kPSK,
1689 SSL_aPSK,
1690 SSL_AES128,
1691 SSL_SHA1,
1692 SSL_TLSV1,
1697 },
1699 /* Cipher 8D */
1700 {
1702 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1703 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1704 SSL_kPSK,
1705 SSL_aPSK,
1706 SSL_AES256,
1707 SSL_SHA1,
1708 SSL_TLSV1,
1713 },
1716 #ifndef OPENSSL_NO_SEED
1717 /* SEED ciphersuites from RFC4162 */
1719 /* Cipher 96 */
1720 {
1722 TLS1_TXT_RSA_WITH_SEED_SHA,
1723 TLS1_CK_RSA_WITH_SEED_SHA,
1724 SSL_kRSA,
1725 SSL_aRSA,
1726 SSL_SEED,
1727 SSL_SHA1,
1728 SSL_TLSV1,
1733 },
1735 /* Cipher 97 */
1736 {
1738 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1739 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1740 SSL_kDHd,
1741 SSL_aDH,
1742 SSL_SEED,
1743 SSL_SHA1,
1744 SSL_TLSV1,
1749 },
1751 /* Cipher 98 */
1752 {
1754 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1755 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1756 SSL_kDHr,
1757 SSL_aDH,
1758 SSL_SEED,
1759 SSL_SHA1,
1760 SSL_TLSV1,
1765 },
1767 /* Cipher 99 */
1768 {
1770 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1771 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1772 SSL_kEDH,
1773 SSL_aDSS,
1774 SSL_SEED,
1775 SSL_SHA1,
1776 SSL_TLSV1,
1781 },
1783 /* Cipher 9A */
1784 {
1786 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1787 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1788 SSL_kEDH,
1789 SSL_aRSA,
1790 SSL_SEED,
1791 SSL_SHA1,
1792 SSL_TLSV1,
1797 },
1799 /* Cipher 9B */
1800 {
1802 TLS1_TXT_ADH_WITH_SEED_SHA,
1803 TLS1_CK_ADH_WITH_SEED_SHA,
1804 SSL_kEDH,
1805 SSL_aNULL,
1806 SSL_SEED,
1807 SSL_SHA1,
1808 SSL_TLSV1,
1813 },
1817 /* GCM ciphersuites from RFC5288 */
1819 /* Cipher 9C */
1820 {
1822 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1823 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1824 SSL_kRSA,
1825 SSL_aRSA,
1826 SSL_AES128GCM,
1827 SSL_AEAD,
1828 SSL_TLSV1_2,
1833 },
1835 /* Cipher 9D */
1836 {
1838 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1839 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1840 SSL_kRSA,
1841 SSL_aRSA,
1842 SSL_AES256GCM,
1843 SSL_AEAD,
1844 SSL_TLSV1_2,
1849 },
1851 /* Cipher 9E */
1852 {
1854 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1855 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1856 SSL_kEDH,
1857 SSL_aRSA,
1858 SSL_AES128GCM,
1859 SSL_AEAD,
1860 SSL_TLSV1_2,
1865 },
1867 /* Cipher 9F */
1868 {
1870 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1871 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1872 SSL_kEDH,
1873 SSL_aRSA,
1874 SSL_AES256GCM,
1875 SSL_AEAD,
1876 SSL_TLSV1_2,
1881 },
1883 /* Cipher A0 */
1884 {
1886 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1887 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1888 SSL_kDHr,
1889 SSL_aDH,
1890 SSL_AES128GCM,
1891 SSL_AEAD,
1892 SSL_TLSV1_2,
1897 },
1899 /* Cipher A1 */
1900 {
1902 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1903 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1904 SSL_kDHr,
1905 SSL_aDH,
1906 SSL_AES256GCM,
1907 SSL_AEAD,
1908 SSL_TLSV1_2,
1913 },
1915 /* Cipher A2 */
1916 {
1918 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1919 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1920 SSL_kEDH,
1921 SSL_aDSS,
1922 SSL_AES128GCM,
1923 SSL_AEAD,
1924 SSL_TLSV1_2,
1929 },
1931 /* Cipher A3 */
1932 {
1934 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1935 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1936 SSL_kEDH,
1937 SSL_aDSS,
1938 SSL_AES256GCM,
1939 SSL_AEAD,
1940 SSL_TLSV1_2,
1945 },
1947 /* Cipher A4 */
1948 {
1950 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1951 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1952 SSL_kDHd,
1953 SSL_aDH,
1954 SSL_AES128GCM,
1955 SSL_AEAD,
1956 SSL_TLSV1_2,
1961 },
1963 /* Cipher A5 */
1964 {
1966 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1967 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1968 SSL_kDHd,
1969 SSL_aDH,
1970 SSL_AES256GCM,
1971 SSL_AEAD,
1972 SSL_TLSV1_2,
1977 },
1979 /* Cipher A6 */
1980 {
1982 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1983 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1984 SSL_kEDH,
1985 SSL_aNULL,
1986 SSL_AES128GCM,
1987 SSL_AEAD,
1988 SSL_TLSV1_2,
1993 },
1995 /* Cipher A7 */
1996 {
1998 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1999 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2000 SSL_kEDH,
2001 SSL_aNULL,
2002 SSL_AES256GCM,
2003 SSL_AEAD,
2004 SSL_TLSV1_2,
2009 },
2010 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2011 {
2014 SSL3_CK_SCSV,
2024 #endif
2026 #ifndef OPENSSL_NO_ECDH
2027 /* Cipher C001 */
2028 {
2030 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2031 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2032 SSL_kECDHe,
2033 SSL_aECDH,
2034 SSL_eNULL,
2035 SSL_SHA1,
2036 SSL_TLSV1,
2041 },
2043 /* Cipher C002 */
2044 {
2046 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2047 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2048 SSL_kECDHe,
2049 SSL_aECDH,
2050 SSL_RC4,
2051 SSL_SHA1,
2052 SSL_TLSV1,
2057 },
2059 /* Cipher C003 */
2060 {
2062 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2063 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2064 SSL_kECDHe,
2065 SSL_aECDH,
2066 SSL_3DES,
2067 SSL_SHA1,
2068 SSL_TLSV1,
2073 },
2075 /* Cipher C004 */
2076 {
2078 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2079 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2080 SSL_kECDHe,
2081 SSL_aECDH,
2082 SSL_AES128,
2083 SSL_SHA1,
2084 SSL_TLSV1,
2089 },
2091 /* Cipher C005 */
2092 {
2094 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2095 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2096 SSL_kECDHe,
2097 SSL_aECDH,
2098 SSL_AES256,
2099 SSL_SHA1,
2100 SSL_TLSV1,
2105 },
2107 /* Cipher C006 */
2108 {
2110 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2111 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2112 SSL_kEECDH,
2113 SSL_aECDSA,
2114 SSL_eNULL,
2115 SSL_SHA1,
2116 SSL_TLSV1,
2121 },
2123 /* Cipher C007 */
2124 {
2126 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2127 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2128 SSL_kEECDH,
2129 SSL_aECDSA,
2130 SSL_RC4,
2131 SSL_SHA1,
2132 SSL_TLSV1,
2137 },
2139 /* Cipher C008 */
2140 {
2142 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2143 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2144 SSL_kEECDH,
2145 SSL_aECDSA,
2146 SSL_3DES,
2147 SSL_SHA1,
2148 SSL_TLSV1,
2153 },
2155 /* Cipher C009 */
2156 {
2158 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2159 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2160 SSL_kEECDH,
2161 SSL_aECDSA,
2162 SSL_AES128,
2163 SSL_SHA1,
2164 SSL_TLSV1,
2169 },
2171 /* Cipher C00A */
2172 {
2174 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2175 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2176 SSL_kEECDH,
2177 SSL_aECDSA,
2178 SSL_AES256,
2179 SSL_SHA1,
2180 SSL_TLSV1,
2185 },
2187 /* Cipher C00B */
2188 {
2190 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2191 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2192 SSL_kECDHr,
2193 SSL_aECDH,
2194 SSL_eNULL,
2195 SSL_SHA1,
2196 SSL_TLSV1,
2201 },
2203 /* Cipher C00C */
2204 {
2206 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2207 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2208 SSL_kECDHr,
2209 SSL_aECDH,
2210 SSL_RC4,
2211 SSL_SHA1,
2212 SSL_TLSV1,
2217 },
2219 /* Cipher C00D */
2220 {
2222 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2223 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2224 SSL_kECDHr,
2225 SSL_aECDH,
2226 SSL_3DES,
2227 SSL_SHA1,
2228 SSL_TLSV1,
2233 },
2235 /* Cipher C00E */
2236 {
2238 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2239 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2240 SSL_kECDHr,
2241 SSL_aECDH,
2242 SSL_AES128,
2243 SSL_SHA1,
2244 SSL_TLSV1,
2249 },
2251 /* Cipher C00F */
2252 {
2254 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2255 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2256 SSL_kECDHr,
2257 SSL_aECDH,
2258 SSL_AES256,
2259 SSL_SHA1,
2260 SSL_TLSV1,
2265 },
2267 /* Cipher C010 */
2268 {
2270 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2271 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2272 SSL_kEECDH,
2273 SSL_aRSA,
2274 SSL_eNULL,
2275 SSL_SHA1,
2276 SSL_TLSV1,
2281 },
2283 /* Cipher C011 */
2284 {
2286 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2287 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2288 SSL_kEECDH,
2289 SSL_aRSA,
2290 SSL_RC4,
2291 SSL_SHA1,
2292 SSL_TLSV1,
2297 },
2299 /* Cipher C012 */
2300 {
2302 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2303 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2304 SSL_kEECDH,
2305 SSL_aRSA,
2306 SSL_3DES,
2307 SSL_SHA1,
2308 SSL_TLSV1,
2313 },
2315 /* Cipher C013 */
2316 {
2318 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2319 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2320 SSL_kEECDH,
2321 SSL_aRSA,
2322 SSL_AES128,
2323 SSL_SHA1,
2324 SSL_TLSV1,
2329 },
2331 /* Cipher C014 */
2332 {
2334 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2335 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2336 SSL_kEECDH,
2337 SSL_aRSA,
2338 SSL_AES256,
2339 SSL_SHA1,
2340 SSL_TLSV1,
2345 },
2347 /* Cipher C015 */
2348 {
2350 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2351 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2352 SSL_kEECDH,
2353 SSL_aNULL,
2354 SSL_eNULL,
2355 SSL_SHA1,
2356 SSL_TLSV1,
2361 },
2363 /* Cipher C016 */
2364 {
2366 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2367 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2368 SSL_kEECDH,
2369 SSL_aNULL,
2370 SSL_RC4,
2371 SSL_SHA1,
2372 SSL_TLSV1,
2377 },
2379 /* Cipher C017 */
2380 {
2382 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2383 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2384 SSL_kEECDH,
2385 SSL_aNULL,
2386 SSL_3DES,
2387 SSL_SHA1,
2388 SSL_TLSV1,
2393 },
2395 /* Cipher C018 */
2396 {
2398 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2399 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2400 SSL_kEECDH,
2401 SSL_aNULL,
2402 SSL_AES128,
2403 SSL_SHA1,
2404 SSL_TLSV1,
2409 },
2411 /* Cipher C019 */
2412 {
2414 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2415 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2416 SSL_kEECDH,
2417 SSL_aNULL,
2418 SSL_AES256,
2419 SSL_SHA1,
2420 SSL_TLSV1,
2425 },
2428 #ifndef OPENSSL_NO_SRP
2429 /* Cipher C01A */
2430 {
2432 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2433 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2434 SSL_kSRP,
2435 SSL_aSRP,
2436 SSL_3DES,
2437 SSL_SHA1,
2438 SSL_TLSV1,
2443 },
2445 /* Cipher C01B */
2446 {
2448 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2449 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2450 SSL_kSRP,
2451 SSL_aRSA,
2452 SSL_3DES,
2453 SSL_SHA1,
2454 SSL_TLSV1,
2459 },
2461 /* Cipher C01C */
2462 {
2464 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2465 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2466 SSL_kSRP,
2467 SSL_aDSS,
2468 SSL_3DES,
2469 SSL_SHA1,
2470 SSL_TLSV1,
2475 },
2477 /* Cipher C01D */
2478 {
2480 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2481 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2482 SSL_kSRP,
2483 SSL_aSRP,
2484 SSL_AES128,
2485 SSL_SHA1,
2486 SSL_TLSV1,
2491 },
2493 /* Cipher C01E */
2494 {
2496 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2497 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2498 SSL_kSRP,
2499 SSL_aRSA,
2500 SSL_AES128,
2501 SSL_SHA1,
2502 SSL_TLSV1,
2507 },
2509 /* Cipher C01F */
2510 {
2512 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2513 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2514 SSL_kSRP,
2515 SSL_aDSS,
2516 SSL_AES128,
2517 SSL_SHA1,
2518 SSL_TLSV1,
2523 },
2525 /* Cipher C020 */
2526 {
2528 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2529 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2530 SSL_kSRP,
2531 SSL_aSRP,
2532 SSL_AES256,
2533 SSL_SHA1,
2534 SSL_TLSV1,
2539 },
2541 /* Cipher C021 */
2542 {
2544 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2545 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2546 SSL_kSRP,
2547 SSL_aRSA,
2548 SSL_AES256,
2549 SSL_SHA1,
2550 SSL_TLSV1,
2555 },
2557 /* Cipher C022 */
2558 {
2560 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2561 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2562 SSL_kSRP,
2563 SSL_aDSS,
2564 SSL_AES256,
2565 SSL_SHA1,
2566 SSL_TLSV1,
2571 },
2573 #ifndef OPENSSL_NO_ECDH
2575 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2577 /* Cipher C023 */
2578 {
2580 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2581 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2582 SSL_kEECDH,
2583 SSL_aECDSA,
2584 SSL_AES128,
2585 SSL_SHA256,
2586 SSL_TLSV1_2,
2591 },
2593 /* Cipher C024 */
2594 {
2596 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2597 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2598 SSL_kEECDH,
2599 SSL_aECDSA,
2600 SSL_AES256,
2601 SSL_SHA384,
2602 SSL_TLSV1_2,
2607 },
2609 /* Cipher C025 */
2610 {
2612 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2613 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2614 SSL_kECDHe,
2615 SSL_aECDH,
2616 SSL_AES128,
2617 SSL_SHA256,
2618 SSL_TLSV1_2,
2623 },
2625 /* Cipher C026 */
2626 {
2628 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2629 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2630 SSL_kECDHe,
2631 SSL_aECDH,
2632 SSL_AES256,
2633 SSL_SHA384,
2634 SSL_TLSV1_2,
2639 },
2641 /* Cipher C027 */
2642 {
2644 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2645 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2646 SSL_kEECDH,
2647 SSL_aRSA,
2648 SSL_AES128,
2649 SSL_SHA256,
2650 SSL_TLSV1_2,
2655 },
2657 /* Cipher C028 */
2658 {
2660 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2661 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2662 SSL_kEECDH,
2663 SSL_aRSA,
2664 SSL_AES256,
2665 SSL_SHA384,
2666 SSL_TLSV1_2,
2671 },
2673 /* Cipher C029 */
2674 {
2676 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2677 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2678 SSL_kECDHr,
2679 SSL_aECDH,
2680 SSL_AES128,
2681 SSL_SHA256,
2682 SSL_TLSV1_2,
2687 },
2689 /* Cipher C02A */
2690 {
2692 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2693 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2694 SSL_kECDHr,
2695 SSL_aECDH,
2696 SSL_AES256,
2697 SSL_SHA384,
2698 SSL_TLSV1_2,
2703 },
2705 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2707 /* Cipher C02B */
2708 {
2710 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2711 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2712 SSL_kEECDH,
2713 SSL_aECDSA,
2714 SSL_AES128GCM,
2715 SSL_AEAD,
2716 SSL_TLSV1_2,
2721 },
2723 /* Cipher C02C */
2724 {
2726 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2727 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2728 SSL_kEECDH,
2729 SSL_aECDSA,
2730 SSL_AES256GCM,
2731 SSL_AEAD,
2732 SSL_TLSV1_2,
2737 },
2739 /* Cipher C02D */
2740 {
2742 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2743 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2744 SSL_kECDHe,
2745 SSL_aECDH,
2746 SSL_AES128GCM,
2747 SSL_AEAD,
2748 SSL_TLSV1_2,
2753 },
2755 /* Cipher C02E */
2756 {
2758 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2759 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2760 SSL_kECDHe,
2761 SSL_aECDH,
2762 SSL_AES256GCM,
2763 SSL_AEAD,
2764 SSL_TLSV1_2,
2769 },
2771 /* Cipher C02F */
2772 {
2774 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2775 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2776 SSL_kEECDH,
2777 SSL_aRSA,
2778 SSL_AES128GCM,
2779 SSL_AEAD,
2780 SSL_TLSV1_2,
2785 },
2787 /* Cipher C030 */
2788 {
2790 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2791 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2792 SSL_kEECDH,
2793 SSL_aRSA,
2794 SSL_AES256GCM,
2795 SSL_AEAD,
2796 SSL_TLSV1_2,
2801 },
2803 /* Cipher C031 */
2804 {
2806 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2807 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2808 SSL_kECDHr,
2809 SSL_aECDH,
2810 SSL_AES128GCM,
2811 SSL_AEAD,
2812 SSL_TLSV1_2,
2817 },
2819 /* Cipher C032 */
2820 {
2822 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2823 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2824 SSL_kECDHr,
2825 SSL_aECDH,
2826 SSL_AES256GCM,
2827 SSL_AEAD,
2828 SSL_TLSV1_2,
2833 },
2837 #ifdef TEMP_GOST_TLS
2838 /* Cipher FF00 */
2839 {
2843 SSL_kRSA,
2844 SSL_aRSA,
2845 SSL_eGOST2814789CNT,
2846 SSL_MD5,
2847 SSL_TLSV1,
2852 },
2853 {
2857 SSL_kRSA,
2858 SSL_aRSA,
2859 SSL_eGOST2814789CNT,
2860 SSL_GOST94,
2861 SSL_TLSV1,
2866 {
2870 SSL_kRSA,
2871 SSL_aRSA,
2872 SSL_eGOST2814789CNT,
2873 SSL_GOST89MAC,
2874 SSL_TLSV1,
2879 {
2883 SSL_kRSA,
2884 SSL_aRSA,
2885 SSL_eGOST2814789CNT,
2886 SSL_GOST89MAC,
2887 SSL_TLSV1,
2892 #endif
2894 /* end of list */
2895 };
2897 SSL3_ENC_METHOD SSLv3_enc_data = {
2898 ssl3_enc,
2899 n_ssl3_mac,
2900 ssl3_setup_key_block,
2901 ssl3_generate_master_secret,
2902 ssl3_change_cipher_state,
2903 ssl3_final_finish_mac,
2905 ssl3_cert_verify_mac,
2908 ssl3_alert_code,
2913 SSL3_HM_HEADER_LENGTH,
2914 ssl3_set_handshake_header,
2915 ssl3_handshake_write
2916 };
2919 {
2920 /*
2921 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2922 * http, the cache would over fill
2923 */
2925 }
2928 {
2930 }
2933 {
2936 else
2938 }
2941 {
2947 }
2950 {
2956 }
2959 {
2961 }
2964 {
2975 #ifndef OPENSSL_NO_SRP
2977 #endif
2980 err:
2982 }
2985 {
2989 #ifdef TLSEXT_TYPE_opaque_prf_input
2994 #endif
3003 #ifndef OPENSSL_NO_DH
3006 #endif
3007 #ifndef OPENSSL_NO_ECDH
3010 #endif
3016 }
3019 #ifndef OPENSSL_NO_TLSEXT
3022 #endif
3024 #ifndef OPENSSL_NO_SRP
3026 #endif
3030 }
3033 {
3038 #ifdef TLSEXT_TYPE_opaque_prf_input
3045 #endif
3054 }
3055 #ifndef OPENSSL_NO_DH
3059 }
3060 #endif
3061 #ifndef OPENSSL_NO_ECDH
3065 }
3066 #endif
3067 #ifndef OPENSSL_NO_TLSEXT
3068 # ifndef OPENSSL_NO_EC
3081 }
3084 }
3085 #if !defined(OPENSSL_NO_TLSEXT)
3089 }
3090 #endif
3107 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3112 }
3113 #endif
3114 }
3116 #ifndef OPENSSL_NO_SRP
3118 {
3120 }
3121 #endif
3127 {
3130 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3132 # ifndef OPENSSL_NO_RSA
3134 # endif
3135 # ifndef OPENSSL_NO_DSA
3137 # endif
3142 }
3143 }
3144 #endif
3165 #ifndef OPENSSL_NO_RSA
3174 {
3179 }
3183 }
3188 }
3191 {
3194 }
3196 #endif
3197 #ifndef OPENSSL_NO_DH
3199 {
3204 }
3208 }
3214 }
3215 }
3220 }
3223 {
3226 }
3228 #endif
3229 #ifndef OPENSSL_NO_ECDH
3231 {
3237 }
3241 }
3248 }
3249 }
3254 }
3257 {
3260 }
3263 #ifndef OPENSSL_NO_TLSEXT
3276 }
3280 }
3284 }
3291 # ifdef TLSEXT_TYPE_opaque_prf_input
3294 * complete hello message * (including the
3295 * cert chain and everything) */
3298 }
3303 * just to get
3304 * non-NULL */
3305 else
3313 # endif
3352 # ifndef OPENSSL_NO_HEARTBEATS
3356 else
3367 else
3371 # endif
3378 else
3384 else
3403 /*
3404 * No certificate for unauthenticated ciphersuites or using SRP
3405 * authentication
3406 */
3414 }
3417 #ifndef OPENSSL_NO_EC
3419 {
3435 else
3437 }
3438 }
3440 }
3450 parg);
3455 # ifndef OPENSSL_NO_ECDH
3459 # endif
3460 #endif
3474 {
3482 }
3486 }
3510 }
3511 }
3513 }
3514 /* Might want to do something here for other versions */
3515 else
3526 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
3529 #endif
3534 #ifndef OPENSSL_NO_RSA
3537 #endif
3538 #ifndef OPENSSL_NO_DH
3541 #endif
3542 #ifndef OPENSSL_NO_ECDH
3545 #endif
3549 }
3552 }
3553 #ifndef OPENSSL_NO_EC
3555 {
3562 }
3563 #endif
3566 /*
3567 * For library-internal use; checks that the current protocol is the
3568 * highest enabled version (according to s->ctx->method, as version
3569 * negotiation may have changed s->method).
3570 */
3573 /*
3574 * Apparently we're using a version-flexible SSL_METHOD (not at its
3575 * highest protocol version).
3576 */
3578 #if TLS_MAX_VERSION != TLS1_2_VERSION
3579 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3580 #endif
3591 }
3596 }
3598 }
3601 {
3604 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3606 # ifndef OPENSSL_NO_RSA
3608 # endif
3609 # ifndef OPENSSL_NO_DSA
3611 # endif
3616 }
3617 }
3618 #endif
3621 #ifndef OPENSSL_NO_RSA
3623 {
3625 }
3627 #endif
3628 #ifndef OPENSSL_NO_DH
3630 {
3632 }
3634 #endif
3635 #ifndef OPENSSL_NO_ECDH
3637 {
3639 }
3641 #endif
3642 #ifndef OPENSSL_NO_TLSEXT
3647 #endif
3650 }
3652 }
3655 {
3661 #ifndef OPENSSL_NO_RSA
3667 )
3669 else
3671 /* break; */
3673 {
3684 }
3693 }
3694 }
3695 /* break; */
3697 {
3700 }
3702 #endif
3703 #ifndef OPENSSL_NO_DH
3705 {
3712 }
3718 }
3719 }
3724 }
3725 /*
3726 * break;
3727 */
3729 {
3732 }
3734 #endif
3735 #ifndef OPENSSL_NO_ECDH
3737 {
3743 }
3748 }
3754 }
3755 }
3759 }
3762 }
3763 /* break; */
3765 {
3768 }
3771 #ifndef OPENSSL_NO_TLSEXT
3777 {
3784 }
3793 }
3795 }
3797 # ifdef TLSEXT_TYPE_opaque_prf_input
3801 # endif
3808 # ifndef OPENSSL_NO_SRP
3820 }
3824 }
3828 srp_password_from_info_cb;
3839 # endif
3841 # ifndef OPENSSL_NO_EC
3850 parg);
3851 # ifndef OPENSSL_NO_ECDH
3855 # endif
3856 # endif
3883 /* A Thawte special :-) */
3888 }
3895 else
3903 }
3909 else
3915 else
3930 }
3932 }
3935 {
3941 #ifndef OPENSSL_NO_RSA
3943 {
3945 }
3947 #endif
3948 #ifndef OPENSSL_NO_DH
3950 {
3952 }
3954 #endif
3955 #ifndef OPENSSL_NO_ECDH
3957 {
3959 }
3961 #endif
3962 #ifndef OPENSSL_NO_TLSEXT
3967 # ifdef TLSEXT_TYPE_opaque_prf_input
3972 # endif
3981 EVP_CIPHER_CTX *,
3985 # ifndef OPENSSL_NO_SRP
4000 # endif
4001 #endif
4004 }
4006 }
4008 /*
4009 * This function needs to check if the ciphers required are actually
4010 * available
4011 */
4013 {
4014 SSL_CIPHER c;
4021 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
4024 #endif
4026 }
4029 {
4038 }
4040 }
4044 {
4051 /* Let's see which ciphers we can support */
4054 #if 0
4055 /*
4056 * Do not set the compare functions, because this may lead to a
4057 * reordering by "id". We want to keep the original ordering. We may pay
4058 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4059 * pay with the price of sk_SSL_CIPHER_dup().
4060 */
4063 #endif
4065 #ifdef CIPHER_DEBUG
4071 }
4077 }
4078 #endif
4086 }
4093 /* Skip TLS v1.2 only ciphersuites if not supported */
4102 #ifndef OPENSSL_NO_SRP
4108 }
4109 #endif
4111 #ifdef KSSL_DEBUG
4112 /*
4113 * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
4114 * i,c->algorithms);
4115 */
4121 #ifndef OPENSSL_NO_KRB5
4125 }
4127 #ifndef OPENSSL_NO_PSK
4128 /* with PSK there must be server callback set */
4135 #ifdef CIPHER_DEBUG
4138 #endif
4141 #ifdef CIPHER_DEBUG
4144 #endif
4145 }
4147 #ifndef OPENSSL_NO_TLSEXT
4148 # ifndef OPENSSL_NO_EC
4149 # ifndef OPENSSL_NO_ECDH
4150 /*
4151 * if we are considering an ECC cipher suite that uses an ephemeral
4152 * EC key check it
4153 */
4164 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4170 }
4171 #endif
4174 }
4175 }
4177 }
4180 {
4185 #ifndef OPENSSL_NO_ECDSA
4187 #endif
4191 /* If we have custom certificate types set, use them */
4195 }
4196 /* get configured sigalgs */
4209 #ifndef OPENSSL_NO_ECDSA
4213 #endif
4214 }
4215 }
4219 #ifndef OPENSSL_NO_GOST
4225 }
4226 }
4227 #endif
4229 #ifndef OPENSSL_NO_DH
4231 # ifndef OPENSSL_NO_RSA
4232 /*
4233 * Since this refers to a certificate signed with an RSA algorithm,
4234 * only check for rsa signing in strict mode.
4235 */
4238 # endif
4239 # ifndef OPENSSL_NO_DSA
4242 # endif
4243 }
4246 # ifndef OPENSSL_NO_RSA
4248 # endif
4249 # ifndef OPENSSL_NO_DSA
4251 # endif
4252 }
4254 #ifndef OPENSSL_NO_RSA
4257 #endif
4258 #ifndef OPENSSL_NO_DSA
4261 #endif
4262 #ifndef OPENSSL_NO_ECDH
4268 }
4269 #endif
4271 #ifndef OPENSSL_NO_ECDSA
4272 /*
4273 * ECDSA certs can be used with RSA cipher suites as well so we don't
4274 * need to check for SSL_kECDH or SSL_kEECDH
4275 */
4279 }
4280 #endif
4282 }
4285 {
4289 }
4300 }
4303 {
4306 /*
4307 * Don't do anything much if we have not done the handshake or we don't
4308 * want to send messages :-)
4309 */
4313 }
4317 #if 1
4319 #endif
4320 /*
4321 * our shutdown alert has been sent now, and if it still needs to be
4322 * written, s->s3->alert_dispatch will be true
4323 */
4327 /* resend it if not sent */
4328 #if 1
4331 /*
4332 * we only get to return -1 here the 2nd/Nth invocation, we must
4333 * have already signalled return 0 upon a previous invoation,
4334 * return WANT_WRITE
4335 */
4337 }
4338 #endif
4340 /*
4341 * If we are waiting for a close from our peer, we are closed
4342 */
4346 }
4347 }
4352 else
4354 }
4357 {
4360 #if 0
4364 }
4365 #endif
4370 /*
4371 * This is an experimental flag that sends the last handshake message in
4372 * the same packet as the first use data - used to see if it helps the
4373 * TCP protocol during session-id reuse
4374 */
4375 /* The second test is because the buffer may have been removed */
4377 /* First time through, we write into the buffer */
4384 }
4392 /* We have flushed the buffer, so remove it */
4403 }
4406 }
4409 {
4416 ret =
4418 peek);
4420 /*
4421 * ssl3_read_bytes decided to call s->handshake_func, which called
4422 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4423 * actually found application data and thinks that application data
4424 * makes sense here; so disable handshake processing and try to read
4425 * application data again.
4426 */
4428 ret =
4430 peek);
4436 }
4439 {
4441 }
4444 {
4446 }
4449 {
4458 }
4461 {
4467 /*
4468 * if we are the server, and we have sent a 'RENEGOTIATE'
4469 * message, we need to go to SSL_ST_ACCEPT.
4470 */
4471 /* SSL_ST_ACCEPT */
4477 }
4478 }
4480 }
4482 /*
4483 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4484 * handshake macs if required.
4485 */
4487 {
4493 }