OLD | NEW |
1 /* ssl/s3_lib.c */ | 1 /* ssl/s3_lib.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 * Portions of the attached software ("Contribution") are developed by | 114 * Portions of the attached software ("Contribution") are developed by |
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. |
116 * | 116 * |
117 * The Contribution is licensed pursuant to the OpenSSL open source | 117 * The Contribution is licensed pursuant to the OpenSSL open source |
118 * license provided above. | 118 * license provided above. |
119 * | 119 * |
120 * ECC cipher suite support in OpenSSL originally written by | 120 * ECC cipher suite support in OpenSSL originally written by |
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. |
122 * | 122 * |
123 */ | 123 */ |
| 124 /* ==================================================================== |
| 125 * Copyright 2005 Nokia. All rights reserved. |
| 126 * |
| 127 * The portions of the attached software ("Contribution") is developed by |
| 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 129 * license. |
| 130 * |
| 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 133 * support (see RFC 4279) to OpenSSL. |
| 134 * |
| 135 * No patent licenses or other rights except those expressly stated in |
| 136 * the OpenSSL open source license shall be deemed granted or received |
| 137 * expressly, by implication, estoppel, or otherwise. |
| 138 * |
| 139 * No assurances are provided by Nokia that the Contribution does not |
| 140 * infringe the patent or other intellectual property rights of any third |
| 141 * party or that the license provides you with all the necessary rights |
| 142 * to make use of the Contribution. |
| 143 * |
| 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 148 * OTHERWISE. |
| 149 */ |
124 | 150 |
125 #include <stdio.h> | 151 #include <stdio.h> |
126 #include <openssl/objects.h> | 152 #include <openssl/objects.h> |
127 #include "ssl_locl.h" | 153 #include "ssl_locl.h" |
128 #include "kssl_lcl.h" | 154 #include "kssl_lcl.h" |
| 155 #ifndef OPENSSL_NO_TLSEXT |
| 156 #ifndef OPENSSL_NO_EC |
| 157 #include "../crypto/ec/ec_lcl.h" |
| 158 #endif /* OPENSSL_NO_EC */ |
| 159 #endif /* OPENSSL_NO_TLSEXT */ |
129 #include <openssl/md5.h> | 160 #include <openssl/md5.h> |
130 #ifndef OPENSSL_NO_DH | 161 #ifndef OPENSSL_NO_DH |
131 #include <openssl/dh.h> | 162 #include <openssl/dh.h> |
132 #endif | 163 #endif |
133 #include <openssl/pq_compat.h> | |
134 | 164 |
135 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; | 165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; |
136 | 166 |
137 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | 167 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) |
138 | 168 |
139 /* list of available SSLv3 ciphers (sorted by id) */ | 169 /* list of available SSLv3 ciphers (sorted by id) */ |
140 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | 170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| 171 |
141 /* The RSA ciphers */ | 172 /* The RSA ciphers */ |
142 /* Cipher 01 */ | 173 /* Cipher 01 */ |
143 { | 174 { |
144 1, | 175 1, |
145 SSL3_TXT_RSA_NULL_MD5, | 176 SSL3_TXT_RSA_NULL_MD5, |
146 SSL3_CK_RSA_NULL_MD5, | 177 SSL3_CK_RSA_NULL_MD5, |
147 » SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, | 178 » SSL_kRSA, |
| 179 » SSL_aRSA, |
| 180 » SSL_eNULL, |
| 181 » SSL_MD5, |
| 182 » SSL_SSLV3, |
148 SSL_NOT_EXP|SSL_STRONG_NONE, | 183 SSL_NOT_EXP|SSL_STRONG_NONE, |
149 » 0, | 184 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
150 » 0, | 185 » 0, |
151 » 0, | 186 » 0, |
152 » SSL_ALL_CIPHERS, | 187 » }, |
153 » SSL_ALL_STRENGTHS, | 188 |
154 » }, | |
155 /* Cipher 02 */ | 189 /* Cipher 02 */ |
156 { | 190 { |
157 1, | 191 1, |
158 SSL3_TXT_RSA_NULL_SHA, | 192 SSL3_TXT_RSA_NULL_SHA, |
159 SSL3_CK_RSA_NULL_SHA, | 193 SSL3_CK_RSA_NULL_SHA, |
160 » SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, | 194 » SSL_kRSA, |
| 195 » SSL_aRSA, |
| 196 » SSL_eNULL, |
| 197 » SSL_SHA1, |
| 198 » SSL_SSLV3, |
161 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, | 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, |
162 » 0, | 200 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
163 » 0, | 201 » 0, |
164 » 0, | 202 » 0, |
165 » SSL_ALL_CIPHERS, | 203 » }, |
166 » SSL_ALL_STRENGTHS, | 204 |
167 » }, | |
168 /* Cipher 03 */ | 205 /* Cipher 03 */ |
169 { | 206 { |
170 1, | 207 1, |
171 SSL3_TXT_RSA_RC4_40_MD5, | 208 SSL3_TXT_RSA_RC4_40_MD5, |
172 SSL3_CK_RSA_RC4_40_MD5, | 209 SSL3_CK_RSA_RC4_40_MD5, |
173 » SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | 210 » SSL_kRSA, |
174 » SSL_EXPORT|SSL_EXP40, | 211 » SSL_aRSA, |
175 » 0, | 212 » SSL_RC4, |
176 » 40, | 213 » SSL_MD5, |
177 » 128, | 214 » SSL_SSLV3, |
178 » SSL_ALL_CIPHERS, | 215 » SSL_EXPORT|SSL_EXP40, |
179 » SSL_ALL_STRENGTHS, | 216 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
180 » }, | 217 » 40, |
| 218 » 128, |
| 219 » }, |
| 220 |
181 /* Cipher 04 */ | 221 /* Cipher 04 */ |
182 { | 222 { |
183 1, | 223 1, |
184 SSL3_TXT_RSA_RC4_128_MD5, | 224 SSL3_TXT_RSA_RC4_128_MD5, |
185 SSL3_CK_RSA_RC4_128_MD5, | 225 SSL3_CK_RSA_RC4_128_MD5, |
186 » SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, | 226 » SSL_kRSA, |
| 227 » SSL_aRSA, |
| 228 » SSL_RC4, |
| 229 » SSL_MD5, |
| 230 » SSL_SSLV3, |
187 SSL_NOT_EXP|SSL_MEDIUM, | 231 SSL_NOT_EXP|SSL_MEDIUM, |
188 » 0, | 232 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
189 » 128, | 233 » 128, |
190 » 128, | 234 » 128, |
191 » SSL_ALL_CIPHERS, | 235 » }, |
192 » SSL_ALL_STRENGTHS, | 236 |
193 » }, | |
194 /* Cipher 05 */ | 237 /* Cipher 05 */ |
195 { | 238 { |
196 1, | 239 1, |
197 SSL3_TXT_RSA_RC4_128_SHA, | 240 SSL3_TXT_RSA_RC4_128_SHA, |
198 SSL3_CK_RSA_RC4_128_SHA, | 241 SSL3_CK_RSA_RC4_128_SHA, |
199 » SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, | 242 » SSL_kRSA, |
| 243 » SSL_aRSA, |
| 244 » SSL_RC4, |
| 245 » SSL_SHA1, |
| 246 » SSL_SSLV3, |
200 SSL_NOT_EXP|SSL_MEDIUM, | 247 SSL_NOT_EXP|SSL_MEDIUM, |
201 » 0, | 248 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
202 » 128, | 249 » 128, |
203 » 128, | 250 » 128, |
204 » SSL_ALL_CIPHERS, | 251 » }, |
205 » SSL_ALL_STRENGTHS, | 252 |
206 » }, | |
207 /* Cipher 06 */ | 253 /* Cipher 06 */ |
208 { | 254 { |
209 1, | 255 1, |
210 SSL3_TXT_RSA_RC2_40_MD5, | 256 SSL3_TXT_RSA_RC2_40_MD5, |
211 SSL3_CK_RSA_RC2_40_MD5, | 257 SSL3_CK_RSA_RC2_40_MD5, |
212 » SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, | 258 » SSL_kRSA, |
213 » SSL_EXPORT|SSL_EXP40, | 259 » SSL_aRSA, |
214 » 0, | 260 » SSL_RC2, |
215 » 40, | 261 » SSL_MD5, |
216 » 128, | 262 » SSL_SSLV3, |
217 » SSL_ALL_CIPHERS, | 263 » SSL_EXPORT|SSL_EXP40, |
218 » SSL_ALL_STRENGTHS, | 264 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
219 » }, | 265 » 40, |
| 266 » 128, |
| 267 » }, |
| 268 |
220 /* Cipher 07 */ | 269 /* Cipher 07 */ |
221 #ifndef OPENSSL_NO_IDEA | 270 #ifndef OPENSSL_NO_IDEA |
222 { | 271 { |
223 1, | 272 1, |
224 SSL3_TXT_RSA_IDEA_128_SHA, | 273 SSL3_TXT_RSA_IDEA_128_SHA, |
225 SSL3_CK_RSA_IDEA_128_SHA, | 274 SSL3_CK_RSA_IDEA_128_SHA, |
226 » SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, | 275 » SSL_kRSA, |
| 276 » SSL_aRSA, |
| 277 » SSL_IDEA, |
| 278 » SSL_SHA1, |
| 279 » SSL_SSLV3, |
227 SSL_NOT_EXP|SSL_MEDIUM, | 280 SSL_NOT_EXP|SSL_MEDIUM, |
228 » 0, | 281 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
229 » 128, | 282 » 128, |
230 » 128, | 283 » 128, |
231 » SSL_ALL_CIPHERS, | |
232 » SSL_ALL_STRENGTHS, | |
233 }, | 284 }, |
234 #endif | 285 #endif |
| 286 |
235 /* Cipher 08 */ | 287 /* Cipher 08 */ |
236 { | 288 { |
237 1, | 289 1, |
238 SSL3_TXT_RSA_DES_40_CBC_SHA, | 290 SSL3_TXT_RSA_DES_40_CBC_SHA, |
239 SSL3_CK_RSA_DES_40_CBC_SHA, | 291 SSL3_CK_RSA_DES_40_CBC_SHA, |
240 » SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, | 292 » SSL_kRSA, |
241 » SSL_EXPORT|SSL_EXP40, | 293 » SSL_aRSA, |
242 » 0, | 294 » SSL_DES, |
243 » 40, | 295 » SSL_SHA1, |
244 » 56, | 296 » SSL_SSLV3, |
245 » SSL_ALL_CIPHERS, | 297 » SSL_EXPORT|SSL_EXP40, |
246 » SSL_ALL_STRENGTHS, | 298 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
247 » }, | 299 » 40, |
| 300 » 56, |
| 301 » }, |
| 302 |
248 /* Cipher 09 */ | 303 /* Cipher 09 */ |
249 { | 304 { |
250 1, | 305 1, |
251 SSL3_TXT_RSA_DES_64_CBC_SHA, | 306 SSL3_TXT_RSA_DES_64_CBC_SHA, |
252 SSL3_CK_RSA_DES_64_CBC_SHA, | 307 SSL3_CK_RSA_DES_64_CBC_SHA, |
253 » SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, | 308 » SSL_kRSA, |
| 309 » SSL_aRSA, |
| 310 » SSL_DES, |
| 311 » SSL_SHA1, |
| 312 » SSL_SSLV3, |
254 SSL_NOT_EXP|SSL_LOW, | 313 SSL_NOT_EXP|SSL_LOW, |
255 » 0, | 314 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
256 » 56, | 315 » 56, |
257 » 56, | 316 » 56, |
258 » SSL_ALL_CIPHERS, | 317 » }, |
259 » SSL_ALL_STRENGTHS, | 318 |
260 » }, | |
261 /* Cipher 0A */ | 319 /* Cipher 0A */ |
262 { | 320 { |
263 1, | 321 1, |
264 SSL3_TXT_RSA_DES_192_CBC3_SHA, | 322 SSL3_TXT_RSA_DES_192_CBC3_SHA, |
265 SSL3_CK_RSA_DES_192_CBC3_SHA, | 323 SSL3_CK_RSA_DES_192_CBC3_SHA, |
266 » SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 324 » SSL_kRSA, |
| 325 » SSL_aRSA, |
| 326 » SSL_3DES, |
| 327 » SSL_SHA1, |
| 328 » SSL_SSLV3, |
267 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
268 » 0, | 330 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
269 » 168, | 331 » 168, |
270 » 168, | 332 » 168, |
271 » SSL_ALL_CIPHERS, | 333 » }, |
272 » SSL_ALL_STRENGTHS, | 334 |
273 » }, | |
274 /* The DH ciphers */ | 335 /* The DH ciphers */ |
275 /* Cipher 0B */ | 336 /* Cipher 0B */ |
276 { | 337 { |
277 0, | 338 0, |
278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, |
279 SSL3_CK_DH_DSS_DES_40_CBC_SHA, | 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA, |
280 » SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, | 341 » SSL_kDHd, |
281 » SSL_EXPORT|SSL_EXP40, | 342 » SSL_aDH, |
282 » 0, | 343 » SSL_DES, |
283 » 40, | 344 » SSL_SHA1, |
284 » 56, | 345 » SSL_SSLV3, |
285 » SSL_ALL_CIPHERS, | 346 » SSL_EXPORT|SSL_EXP40, |
286 » SSL_ALL_STRENGTHS, | 347 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
287 » }, | 348 » 40, |
| 349 » 56, |
| 350 » }, |
| 351 |
288 /* Cipher 0C */ | 352 /* Cipher 0C */ |
289 { | 353 { |
290 » 0, | 354 » 0, /* not implemented (non-ephemeral DH) */ |
291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, |
292 SSL3_CK_DH_DSS_DES_64_CBC_SHA, | 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA, |
293 » SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, | 357 » SSL_kDHd, |
| 358 » SSL_aDH, |
| 359 » SSL_DES, |
| 360 » SSL_SHA1, |
| 361 » SSL_SSLV3, |
294 SSL_NOT_EXP|SSL_LOW, | 362 SSL_NOT_EXP|SSL_LOW, |
295 » 0, | 363 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
296 » 56, | 364 » 56, |
297 » 56, | 365 » 56, |
298 » SSL_ALL_CIPHERS, | 366 » }, |
299 » SSL_ALL_STRENGTHS, | 367 |
300 » }, | |
301 /* Cipher 0D */ | 368 /* Cipher 0D */ |
302 { | 369 { |
303 » 0, | 370 » 0, /* not implemented (non-ephemeral DH) */ |
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, |
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, |
306 » SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 373 » SSL_kDHd, |
| 374 » SSL_aDH, |
| 375 » SSL_3DES, |
| 376 » SSL_SHA1, |
| 377 » SSL_SSLV3, |
307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
308 » 0, | 379 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
309 » 168, | 380 » 168, |
310 » 168, | 381 » 168, |
311 » SSL_ALL_CIPHERS, | 382 » }, |
312 » SSL_ALL_STRENGTHS, | 383 |
313 » }, | |
314 /* Cipher 0E */ | 384 /* Cipher 0E */ |
315 { | 385 { |
316 » 0, | 386 » 0, /* not implemented (non-ephemeral DH) */ |
317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, |
318 SSL3_CK_DH_RSA_DES_40_CBC_SHA, | 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA, |
319 » SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, | 389 » SSL_kDHr, |
320 » SSL_EXPORT|SSL_EXP40, | 390 » SSL_aDH, |
321 » 0, | 391 » SSL_DES, |
322 » 40, | 392 » SSL_SHA1, |
323 » 56, | 393 » SSL_SSLV3, |
324 » SSL_ALL_CIPHERS, | 394 » SSL_EXPORT|SSL_EXP40, |
325 » SSL_ALL_STRENGTHS, | 395 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
326 » }, | 396 » 40, |
| 397 » 56, |
| 398 » }, |
| 399 |
327 /* Cipher 0F */ | 400 /* Cipher 0F */ |
328 { | 401 { |
329 » 0, | 402 » 0, /* not implemented (non-ephemeral DH) */ |
330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, |
331 SSL3_CK_DH_RSA_DES_64_CBC_SHA, | 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA, |
332 » SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, | 405 » SSL_kDHr, |
| 406 » SSL_aDH, |
| 407 » SSL_DES, |
| 408 » SSL_SHA1, |
| 409 » SSL_SSLV3, |
333 SSL_NOT_EXP|SSL_LOW, | 410 SSL_NOT_EXP|SSL_LOW, |
334 » 0, | 411 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
335 » 56, | 412 » 56, |
336 » 56, | 413 » 56, |
337 » SSL_ALL_CIPHERS, | 414 » }, |
338 » SSL_ALL_STRENGTHS, | 415 |
339 » }, | |
340 /* Cipher 10 */ | 416 /* Cipher 10 */ |
341 { | 417 { |
342 » 0, | 418 » 0, /* not implemented (non-ephemeral DH) */ |
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, |
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, |
345 » SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 421 » SSL_kDHr, |
| 422 » SSL_aDH, |
| 423 » SSL_3DES, |
| 424 » SSL_SHA1, |
| 425 » SSL_SSLV3, |
346 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
347 » 0, | 427 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
348 » 168, | 428 » 168, |
349 » 168, | 429 » 168, |
350 » SSL_ALL_CIPHERS, | |
351 » SSL_ALL_STRENGTHS, | |
352 }, | 430 }, |
353 | 431 |
354 /* The Ephemeral DH ciphers */ | 432 /* The Ephemeral DH ciphers */ |
355 /* Cipher 11 */ | 433 /* Cipher 11 */ |
356 { | 434 { |
357 1, | 435 1, |
358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
360 » SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, | 438 » SSL_kEDH, |
| 439 » SSL_aDSS, |
| 440 » SSL_DES, |
| 441 » SSL_SHA1, |
| 442 » SSL_SSLV3, |
361 SSL_EXPORT|SSL_EXP40, | 443 SSL_EXPORT|SSL_EXP40, |
362 » 0, | 444 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
363 40, | 445 40, |
364 56, | 446 56, |
365 SSL_ALL_CIPHERS, | |
366 SSL_ALL_STRENGTHS, | |
367 }, | 447 }, |
| 448 |
368 /* Cipher 12 */ | 449 /* Cipher 12 */ |
369 { | 450 { |
370 1, | 451 1, |
371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, |
372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, |
373 » SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, | 454 » SSL_kEDH, |
| 455 » SSL_aDSS, |
| 456 » SSL_DES, |
| 457 » SSL_SHA1, |
| 458 » SSL_SSLV3, |
374 SSL_NOT_EXP|SSL_LOW, | 459 SSL_NOT_EXP|SSL_LOW, |
375 » 0, | 460 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
376 56, | 461 56, |
377 56, | 462 56, |
378 SSL_ALL_CIPHERS, | |
379 SSL_ALL_STRENGTHS, | |
380 }, | 463 }, |
| 464 |
381 /* Cipher 13 */ | 465 /* Cipher 13 */ |
382 { | 466 { |
383 1, | 467 1, |
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, |
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, |
386 » SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 470 » SSL_kEDH, |
| 471 » SSL_aDSS, |
| 472 » SSL_3DES, |
| 473 » SSL_SHA1, |
| 474 » SSL_SSLV3, |
387 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
388 » 0, | 476 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
389 168, | 477 168, |
390 168, | 478 168, |
391 SSL_ALL_CIPHERS, | |
392 SSL_ALL_STRENGTHS, | |
393 }, | 479 }, |
| 480 |
394 /* Cipher 14 */ | 481 /* Cipher 14 */ |
395 { | 482 { |
396 1, | 483 1, |
397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
399 » SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, | 486 » SSL_kEDH, |
| 487 » SSL_aRSA, |
| 488 » SSL_DES, |
| 489 » SSL_SHA1, |
| 490 » SSL_SSLV3, |
400 SSL_EXPORT|SSL_EXP40, | 491 SSL_EXPORT|SSL_EXP40, |
401 » 0, | 492 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
402 40, | 493 40, |
403 56, | 494 56, |
404 SSL_ALL_CIPHERS, | |
405 SSL_ALL_STRENGTHS, | |
406 }, | 495 }, |
| 496 |
407 /* Cipher 15 */ | 497 /* Cipher 15 */ |
408 { | 498 { |
409 1, | 499 1, |
410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
412 » SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, | 502 » SSL_kEDH, |
| 503 » SSL_aRSA, |
| 504 » SSL_DES, |
| 505 » SSL_SHA1, |
| 506 » SSL_SSLV3, |
413 SSL_NOT_EXP|SSL_LOW, | 507 SSL_NOT_EXP|SSL_LOW, |
414 » 0, | 508 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
415 56, | 509 56, |
416 56, | 510 56, |
417 SSL_ALL_CIPHERS, | |
418 SSL_ALL_STRENGTHS, | |
419 }, | 511 }, |
| 512 |
420 /* Cipher 16 */ | 513 /* Cipher 16 */ |
421 { | 514 { |
422 1, | 515 1, |
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
425 » SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 518 » SSL_kEDH, |
| 519 » SSL_aRSA, |
| 520 » SSL_3DES, |
| 521 » SSL_SHA1, |
| 522 » SSL_SSLV3, |
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
427 » 0, | 524 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
428 168, | 525 168, |
429 168, | 526 168, |
430 SSL_ALL_CIPHERS, | |
431 SSL_ALL_STRENGTHS, | |
432 }, | 527 }, |
| 528 |
433 /* Cipher 17 */ | 529 /* Cipher 17 */ |
434 { | 530 { |
435 1, | 531 1, |
436 SSL3_TXT_ADH_RC4_40_MD5, | 532 SSL3_TXT_ADH_RC4_40_MD5, |
437 SSL3_CK_ADH_RC4_40_MD5, | 533 SSL3_CK_ADH_RC4_40_MD5, |
438 » SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | 534 » SSL_kEDH, |
| 535 » SSL_aNULL, |
| 536 » SSL_RC4, |
| 537 » SSL_MD5, |
| 538 » SSL_SSLV3, |
439 SSL_EXPORT|SSL_EXP40, | 539 SSL_EXPORT|SSL_EXP40, |
440 » 0, | 540 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
441 40, | 541 40, |
442 128, | 542 128, |
443 SSL_ALL_CIPHERS, | |
444 SSL_ALL_STRENGTHS, | |
445 }, | 543 }, |
| 544 |
446 /* Cipher 18 */ | 545 /* Cipher 18 */ |
447 { | 546 { |
448 1, | 547 1, |
449 SSL3_TXT_ADH_RC4_128_MD5, | 548 SSL3_TXT_ADH_RC4_128_MD5, |
450 SSL3_CK_ADH_RC4_128_MD5, | 549 SSL3_CK_ADH_RC4_128_MD5, |
451 » SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | 550 » SSL_kEDH, |
| 551 » SSL_aNULL, |
| 552 » SSL_RC4, |
| 553 » SSL_MD5, |
| 554 » SSL_SSLV3, |
452 SSL_NOT_EXP|SSL_MEDIUM, | 555 SSL_NOT_EXP|SSL_MEDIUM, |
453 » 0, | 556 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
454 128, | 557 128, |
455 128, | 558 128, |
456 SSL_ALL_CIPHERS, | |
457 SSL_ALL_STRENGTHS, | |
458 }, | 559 }, |
| 560 |
459 /* Cipher 19 */ | 561 /* Cipher 19 */ |
460 { | 562 { |
461 1, | 563 1, |
462 SSL3_TXT_ADH_DES_40_CBC_SHA, | 564 SSL3_TXT_ADH_DES_40_CBC_SHA, |
463 SSL3_CK_ADH_DES_40_CBC_SHA, | 565 SSL3_CK_ADH_DES_40_CBC_SHA, |
464 » SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, | 566 » SSL_kEDH, |
| 567 » SSL_aNULL, |
| 568 » SSL_DES, |
| 569 » SSL_SHA1, |
| 570 » SSL_SSLV3, |
465 SSL_EXPORT|SSL_EXP40, | 571 SSL_EXPORT|SSL_EXP40, |
466 » 0, | 572 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
467 40, | 573 40, |
468 128, | 574 128, |
469 SSL_ALL_CIPHERS, | |
470 SSL_ALL_STRENGTHS, | |
471 }, | 575 }, |
| 576 |
472 /* Cipher 1A */ | 577 /* Cipher 1A */ |
473 { | 578 { |
474 1, | 579 1, |
475 SSL3_TXT_ADH_DES_64_CBC_SHA, | 580 SSL3_TXT_ADH_DES_64_CBC_SHA, |
476 SSL3_CK_ADH_DES_64_CBC_SHA, | 581 SSL3_CK_ADH_DES_64_CBC_SHA, |
477 » SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, | 582 » SSL_kEDH, |
| 583 » SSL_aNULL, |
| 584 » SSL_DES, |
| 585 » SSL_SHA1, |
| 586 » SSL_SSLV3, |
478 SSL_NOT_EXP|SSL_LOW, | 587 SSL_NOT_EXP|SSL_LOW, |
479 » 0, | 588 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
480 56, | 589 56, |
481 56, | 590 56, |
482 SSL_ALL_CIPHERS, | |
483 SSL_ALL_STRENGTHS, | |
484 }, | 591 }, |
| 592 |
485 /* Cipher 1B */ | 593 /* Cipher 1B */ |
486 { | 594 { |
487 1, | 595 1, |
488 SSL3_TXT_ADH_DES_192_CBC_SHA, | 596 SSL3_TXT_ADH_DES_192_CBC_SHA, |
489 SSL3_CK_ADH_DES_192_CBC_SHA, | 597 SSL3_CK_ADH_DES_192_CBC_SHA, |
490 » SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 598 » SSL_kEDH, |
| 599 » SSL_aNULL, |
| 600 » SSL_3DES, |
| 601 » SSL_SHA1, |
| 602 » SSL_SSLV3, |
491 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
492 » 0, | 604 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
493 168, | 605 168, |
494 168, | 606 168, |
495 SSL_ALL_CIPHERS, | |
496 SSL_ALL_STRENGTHS, | |
497 }, | 607 }, |
498 | 608 |
499 /* Fortezza */ | 609 /* Fortezza ciphersuite from SSL 3.0 spec */ |
| 610 #if 0 |
500 /* Cipher 1C */ | 611 /* Cipher 1C */ |
501 { | 612 { |
502 0, | 613 0, |
503 SSL3_TXT_FZA_DMS_NULL_SHA, | 614 SSL3_TXT_FZA_DMS_NULL_SHA, |
504 SSL3_CK_FZA_DMS_NULL_SHA, | 615 SSL3_CK_FZA_DMS_NULL_SHA, |
505 » SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, | 616 » SSL_kFZA, |
| 617 » SSL_aFZA, |
| 618 » SSL_eNULL, |
| 619 » SSL_SHA1, |
| 620 » SSL_SSLV3, |
506 SSL_NOT_EXP|SSL_STRONG_NONE, | 621 SSL_NOT_EXP|SSL_STRONG_NONE, |
| 622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
507 0, | 623 0, |
508 0, | 624 0, |
509 0, | |
510 SSL_ALL_CIPHERS, | |
511 SSL_ALL_STRENGTHS, | |
512 }, | 625 }, |
513 | 626 |
514 /* Cipher 1D */ | 627 /* Cipher 1D */ |
515 { | 628 { |
516 0, | 629 0, |
517 SSL3_TXT_FZA_DMS_FZA_SHA, | 630 SSL3_TXT_FZA_DMS_FZA_SHA, |
518 SSL3_CK_FZA_DMS_FZA_SHA, | 631 SSL3_CK_FZA_DMS_FZA_SHA, |
519 » SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, | 632 » SSL_kFZA, |
| 633 » SSL_aFZA, |
| 634 » SSL_eFZA, |
| 635 » SSL_SHA1, |
| 636 » SSL_SSLV3, |
520 SSL_NOT_EXP|SSL_STRONG_NONE, | 637 SSL_NOT_EXP|SSL_STRONG_NONE, |
| 638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
521 0, | 639 0, |
522 0, | 640 0, |
523 0, | |
524 SSL_ALL_CIPHERS, | |
525 SSL_ALL_STRENGTHS, | |
526 }, | 641 }, |
527 | 642 |
528 #if 0 | |
529 /* Cipher 1E */ | 643 /* Cipher 1E */ |
530 { | 644 { |
531 0, | 645 0, |
532 SSL3_TXT_FZA_DMS_RC4_SHA, | 646 SSL3_TXT_FZA_DMS_RC4_SHA, |
533 SSL3_CK_FZA_DMS_RC4_SHA, | 647 SSL3_CK_FZA_DMS_RC4_SHA, |
534 » SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, | 648 » SSL_kFZA, |
| 649 » SSL_aFZA, |
| 650 » SSL_RC4, |
| 651 » SSL_SHA1, |
| 652 » SSL_SSLV3, |
535 SSL_NOT_EXP|SSL_MEDIUM, | 653 SSL_NOT_EXP|SSL_MEDIUM, |
536 » 0, | 654 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
537 128, | 655 128, |
538 128, | 656 128, |
539 SSL_ALL_CIPHERS, | |
540 SSL_ALL_STRENGTHS, | |
541 }, | 657 }, |
542 #endif | 658 #endif |
543 | 659 |
544 #ifndef OPENSSL_NO_KRB5 | 660 #ifndef OPENSSL_NO_KRB5 |
545 /* The Kerberos ciphers */ | 661 /* The Kerberos ciphers*/ |
546 /* Cipher 1E */ | 662 /* Cipher 1E */ |
547 { | 663 { |
548 1, | 664 1, |
549 SSL3_TXT_KRB5_DES_64_CBC_SHA, | 665 SSL3_TXT_KRB5_DES_64_CBC_SHA, |
550 SSL3_CK_KRB5_DES_64_CBC_SHA, | 666 SSL3_CK_KRB5_DES_64_CBC_SHA, |
551 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 667 » SSL_kKRB5, |
| 668 » SSL_aKRB5, |
| 669 » SSL_DES, |
| 670 » SSL_SHA1, |
| 671 » SSL_SSLV3, |
552 SSL_NOT_EXP|SSL_LOW, | 672 SSL_NOT_EXP|SSL_LOW, |
553 » 0, | 673 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
554 56, | 674 56, |
555 56, | 675 56, |
556 SSL_ALL_CIPHERS, | |
557 SSL_ALL_STRENGTHS, | |
558 }, | 676 }, |
559 | 677 |
560 /* Cipher 1F */ | 678 /* Cipher 1F */ |
561 { | 679 { |
562 1, | 680 1, |
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA, | 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA, |
564 SSL3_CK_KRB5_DES_192_CBC3_SHA, | 682 SSL3_CK_KRB5_DES_192_CBC3_SHA, |
565 » SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, | 683 » SSL_kKRB5, |
| 684 » SSL_aKRB5, |
| 685 » SSL_3DES, |
| 686 » SSL_SHA1, |
| 687 » SSL_SSLV3, |
566 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
567 » 0, | 689 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
568 168, | 690 168, |
569 168, | 691 168, |
570 SSL_ALL_CIPHERS, | |
571 SSL_ALL_STRENGTHS, | |
572 }, | 692 }, |
573 | 693 |
574 /* Cipher 20 */ | 694 /* Cipher 20 */ |
575 { | 695 { |
576 1, | 696 1, |
577 SSL3_TXT_KRB5_RC4_128_SHA, | 697 SSL3_TXT_KRB5_RC4_128_SHA, |
578 SSL3_CK_KRB5_RC4_128_SHA, | 698 SSL3_CK_KRB5_RC4_128_SHA, |
579 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, | 699 » SSL_kKRB5, |
| 700 » SSL_aKRB5, |
| 701 » SSL_RC4, |
| 702 » SSL_SHA1, |
| 703 » SSL_SSLV3, |
580 SSL_NOT_EXP|SSL_MEDIUM, | 704 SSL_NOT_EXP|SSL_MEDIUM, |
581 » 0, | 705 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
582 128, | 706 128, |
583 128, | 707 128, |
584 SSL_ALL_CIPHERS, | |
585 SSL_ALL_STRENGTHS, | |
586 }, | 708 }, |
587 | 709 |
588 /* Cipher 21 */ | 710 /* Cipher 21 */ |
589 { | 711 { |
590 1, | 712 1, |
591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, | 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, |
592 SSL3_CK_KRB5_IDEA_128_CBC_SHA, | 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA, |
593 » SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, | 715 » SSL_kKRB5, |
| 716 » SSL_aKRB5, |
| 717 » SSL_IDEA, |
| 718 » SSL_SHA1, |
| 719 » SSL_SSLV3, |
594 SSL_NOT_EXP|SSL_MEDIUM, | 720 SSL_NOT_EXP|SSL_MEDIUM, |
595 » 0, | 721 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
596 128, | 722 128, |
597 128, | 723 128, |
598 SSL_ALL_CIPHERS, | |
599 SSL_ALL_STRENGTHS, | |
600 }, | 724 }, |
601 | 725 |
602 /* Cipher 22 */ | 726 /* Cipher 22 */ |
603 { | 727 { |
604 1, | 728 1, |
605 SSL3_TXT_KRB5_DES_64_CBC_MD5, | 729 SSL3_TXT_KRB5_DES_64_CBC_MD5, |
606 SSL3_CK_KRB5_DES_64_CBC_MD5, | 730 SSL3_CK_KRB5_DES_64_CBC_MD5, |
607 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | 731 » SSL_kKRB5, |
| 732 » SSL_aKRB5, |
| 733 » SSL_DES, |
| 734 » SSL_MD5, |
| 735 » SSL_SSLV3, |
608 SSL_NOT_EXP|SSL_LOW, | 736 SSL_NOT_EXP|SSL_LOW, |
609 » 0, | 737 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
610 56, | 738 56, |
611 56, | 739 56, |
612 SSL_ALL_CIPHERS, | |
613 SSL_ALL_STRENGTHS, | |
614 }, | 740 }, |
615 | 741 |
616 /* Cipher 23 */ | 742 /* Cipher 23 */ |
617 { | 743 { |
618 1, | 744 1, |
619 SSL3_TXT_KRB5_DES_192_CBC3_MD5, | 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5, |
620 SSL3_CK_KRB5_DES_192_CBC3_MD5, | 746 SSL3_CK_KRB5_DES_192_CBC3_MD5, |
621 » SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, | 747 » SSL_kKRB5, |
| 748 » SSL_aKRB5, |
| 749 » SSL_3DES, |
| 750 » SSL_MD5, |
| 751 » SSL_SSLV3, |
622 SSL_NOT_EXP|SSL_HIGH, | 752 SSL_NOT_EXP|SSL_HIGH, |
623 » 0, | 753 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
624 168, | 754 168, |
625 168, | 755 168, |
626 SSL_ALL_CIPHERS, | |
627 SSL_ALL_STRENGTHS, | |
628 }, | 756 }, |
629 | 757 |
630 /* Cipher 24 */ | 758 /* Cipher 24 */ |
631 { | 759 { |
632 1, | 760 1, |
633 SSL3_TXT_KRB5_RC4_128_MD5, | 761 SSL3_TXT_KRB5_RC4_128_MD5, |
634 SSL3_CK_KRB5_RC4_128_MD5, | 762 SSL3_CK_KRB5_RC4_128_MD5, |
635 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, | 763 » SSL_kKRB5, |
| 764 » SSL_aKRB5, |
| 765 » SSL_RC4, |
| 766 » SSL_MD5, |
| 767 » SSL_SSLV3, |
636 SSL_NOT_EXP|SSL_MEDIUM, | 768 SSL_NOT_EXP|SSL_MEDIUM, |
637 » 0, | 769 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
638 128, | 770 128, |
639 128, | 771 128, |
640 SSL_ALL_CIPHERS, | |
641 SSL_ALL_STRENGTHS, | |
642 }, | 772 }, |
643 | 773 |
644 /* Cipher 25 */ | 774 /* Cipher 25 */ |
645 { | 775 { |
646 1, | 776 1, |
647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, | 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, |
648 SSL3_CK_KRB5_IDEA_128_CBC_MD5, | 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5, |
649 » SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, | 779 » SSL_kKRB5, |
| 780 » SSL_aKRB5, |
| 781 » SSL_IDEA, |
| 782 » SSL_MD5, |
| 783 » SSL_SSLV3, |
650 SSL_NOT_EXP|SSL_MEDIUM, | 784 SSL_NOT_EXP|SSL_MEDIUM, |
651 » 0, | 785 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
652 128, | 786 128, |
653 128, | 787 128, |
654 SSL_ALL_CIPHERS, | |
655 SSL_ALL_STRENGTHS, | |
656 }, | 788 }, |
657 | 789 |
658 /* Cipher 26 */ | 790 /* Cipher 26 */ |
659 { | 791 { |
660 1, | 792 1, |
661 SSL3_TXT_KRB5_DES_40_CBC_SHA, | 793 SSL3_TXT_KRB5_DES_40_CBC_SHA, |
662 SSL3_CK_KRB5_DES_40_CBC_SHA, | 794 SSL3_CK_KRB5_DES_40_CBC_SHA, |
663 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 795 » SSL_kKRB5, |
| 796 » SSL_aKRB5, |
| 797 » SSL_DES, |
| 798 » SSL_SHA1, |
| 799 » SSL_SSLV3, |
664 SSL_EXPORT|SSL_EXP40, | 800 SSL_EXPORT|SSL_EXP40, |
665 » 0, | 801 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
666 40, | 802 40, |
667 56, | 803 56, |
668 SSL_ALL_CIPHERS, | |
669 SSL_ALL_STRENGTHS, | |
670 }, | 804 }, |
671 | 805 |
672 /* Cipher 27 */ | 806 /* Cipher 27 */ |
673 { | 807 { |
674 1, | 808 1, |
675 SSL3_TXT_KRB5_RC2_40_CBC_SHA, | 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA, |
676 SSL3_CK_KRB5_RC2_40_CBC_SHA, | 810 SSL3_CK_KRB5_RC2_40_CBC_SHA, |
677 » SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, | 811 » SSL_kKRB5, |
| 812 » SSL_aKRB5, |
| 813 » SSL_RC2, |
| 814 » SSL_SHA1, |
| 815 » SSL_SSLV3, |
678 SSL_EXPORT|SSL_EXP40, | 816 SSL_EXPORT|SSL_EXP40, |
679 » 0, | 817 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
680 40, | 818 40, |
681 128, | 819 128, |
682 SSL_ALL_CIPHERS, | |
683 SSL_ALL_STRENGTHS, | |
684 }, | 820 }, |
685 | 821 |
686 /* Cipher 28 */ | 822 /* Cipher 28 */ |
687 { | 823 { |
688 1, | 824 1, |
689 SSL3_TXT_KRB5_RC4_40_SHA, | 825 SSL3_TXT_KRB5_RC4_40_SHA, |
690 SSL3_CK_KRB5_RC4_40_SHA, | 826 SSL3_CK_KRB5_RC4_40_SHA, |
691 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, | 827 » SSL_kKRB5, |
| 828 » SSL_aKRB5, |
| 829 » SSL_RC4, |
| 830 » SSL_SHA1, |
| 831 » SSL_SSLV3, |
692 SSL_EXPORT|SSL_EXP40, | 832 SSL_EXPORT|SSL_EXP40, |
693 » 0, | 833 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
694 40, | 834 40, |
695 128, | 835 128, |
696 SSL_ALL_CIPHERS, | |
697 SSL_ALL_STRENGTHS, | |
698 }, | 836 }, |
699 | 837 |
700 /* Cipher 29 */ | 838 /* Cipher 29 */ |
701 { | 839 { |
702 1, | 840 1, |
703 SSL3_TXT_KRB5_DES_40_CBC_MD5, | 841 SSL3_TXT_KRB5_DES_40_CBC_MD5, |
704 SSL3_CK_KRB5_DES_40_CBC_MD5, | 842 SSL3_CK_KRB5_DES_40_CBC_MD5, |
705 » SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | 843 » SSL_kKRB5, |
| 844 » SSL_aKRB5, |
| 845 » SSL_DES, |
| 846 » SSL_MD5, |
| 847 » SSL_SSLV3, |
706 SSL_EXPORT|SSL_EXP40, | 848 SSL_EXPORT|SSL_EXP40, |
707 » 0, | 849 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
708 40, | 850 40, |
709 56, | 851 56, |
710 SSL_ALL_CIPHERS, | |
711 SSL_ALL_STRENGTHS, | |
712 }, | 852 }, |
713 | 853 |
714 /* Cipher 2A */ | 854 /* Cipher 2A */ |
715 { | 855 { |
716 1, | 856 1, |
717 SSL3_TXT_KRB5_RC2_40_CBC_MD5, | 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5, |
718 SSL3_CK_KRB5_RC2_40_CBC_MD5, | 858 SSL3_CK_KRB5_RC2_40_CBC_MD5, |
719 » SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, | 859 » SSL_kKRB5, |
| 860 » SSL_aKRB5, |
| 861 » SSL_RC2, |
| 862 » SSL_MD5, |
| 863 » SSL_SSLV3, |
720 SSL_EXPORT|SSL_EXP40, | 864 SSL_EXPORT|SSL_EXP40, |
721 » 0, | 865 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
722 40, | 866 40, |
723 128, | 867 128, |
724 SSL_ALL_CIPHERS, | |
725 SSL_ALL_STRENGTHS, | |
726 }, | 868 }, |
727 | 869 |
728 /* Cipher 2B */ | 870 /* Cipher 2B */ |
729 { | 871 { |
730 1, | 872 1, |
731 SSL3_TXT_KRB5_RC4_40_MD5, | 873 SSL3_TXT_KRB5_RC4_40_MD5, |
732 SSL3_CK_KRB5_RC4_40_MD5, | 874 SSL3_CK_KRB5_RC4_40_MD5, |
733 » SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, | 875 » SSL_kKRB5, |
| 876 » SSL_aKRB5, |
| 877 » SSL_RC4, |
| 878 » SSL_MD5, |
| 879 » SSL_SSLV3, |
734 SSL_EXPORT|SSL_EXP40, | 880 SSL_EXPORT|SSL_EXP40, |
735 » 0, | 881 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
736 40, | 882 40, |
737 128, | 883 128, |
738 SSL_ALL_CIPHERS, | |
739 SSL_ALL_STRENGTHS, | |
740 }, | 884 }, |
741 #endif /* OPENSSL_NO_KRB5 */ | 885 #endif /* OPENSSL_NO_KRB5 */ |
742 | 886 |
743 /* New AES ciphersuites */ | 887 /* New AES ciphersuites */ |
744 /* Cipher 2F */ | 888 /* Cipher 2F */ |
745 { | 889 { |
746 1, | 890 1, |
747 TLS1_TXT_RSA_WITH_AES_128_SHA, | 891 TLS1_TXT_RSA_WITH_AES_128_SHA, |
748 TLS1_CK_RSA_WITH_AES_128_SHA, | 892 TLS1_CK_RSA_WITH_AES_128_SHA, |
749 » SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | 893 » SSL_kRSA, |
| 894 » SSL_aRSA, |
| 895 » SSL_AES128, |
| 896 » SSL_SHA1, |
| 897 » SSL_TLSV1, |
750 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
751 » 0, | 899 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
752 128, | 900 128, |
753 128, | 901 128, |
754 SSL_ALL_CIPHERS, | |
755 SSL_ALL_STRENGTHS, | |
756 }, | 902 }, |
757 /* Cipher 30 */ | 903 /* Cipher 30 */ |
758 { | 904 { |
759 0, | 905 0, |
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, |
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA, | 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA, |
762 » SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 908 » SSL_kDHd, |
| 909 » SSL_aDH, |
| 910 » SSL_AES128, |
| 911 » SSL_SHA1, |
| 912 » SSL_TLSV1, |
763 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
764 » 0, | 914 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
765 128, | 915 128, |
766 128, | 916 128, |
767 SSL_ALL_CIPHERS, | |
768 SSL_ALL_STRENGTHS, | |
769 }, | 917 }, |
770 /* Cipher 31 */ | 918 /* Cipher 31 */ |
771 { | 919 { |
772 0, | 920 0, |
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, |
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA, | 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA, |
775 » SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 923 » SSL_kDHr, |
| 924 » SSL_aDH, |
| 925 » SSL_AES128, |
| 926 » SSL_SHA1, |
| 927 » SSL_TLSV1, |
776 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
777 » 0, | 929 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
778 128, | 930 128, |
779 128, | 931 128, |
780 SSL_ALL_CIPHERS, | |
781 SSL_ALL_STRENGTHS, | |
782 }, | 932 }, |
783 /* Cipher 32 */ | 933 /* Cipher 32 */ |
784 { | 934 { |
785 1, | 935 1, |
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, |
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, |
788 » SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | 938 » SSL_kEDH, |
| 939 » SSL_aDSS, |
| 940 » SSL_AES128, |
| 941 » SSL_SHA1, |
| 942 » SSL_TLSV1, |
789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
790 » 0, | 944 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
791 128, | 945 128, |
792 128, | 946 128, |
793 SSL_ALL_CIPHERS, | |
794 SSL_ALL_STRENGTHS, | |
795 }, | 947 }, |
796 /* Cipher 33 */ | 948 /* Cipher 33 */ |
797 { | 949 { |
798 1, | 950 1, |
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, |
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, |
801 » SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 953 » SSL_kEDH, |
| 954 » SSL_aRSA, |
| 955 » SSL_AES128, |
| 956 » SSL_SHA1, |
| 957 » SSL_TLSV1, |
802 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
803 » 0, | 959 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
804 128, | 960 128, |
805 128, | 961 128, |
806 SSL_ALL_CIPHERS, | |
807 SSL_ALL_STRENGTHS, | |
808 }, | 962 }, |
809 /* Cipher 34 */ | 963 /* Cipher 34 */ |
810 { | 964 { |
811 1, | 965 1, |
812 TLS1_TXT_ADH_WITH_AES_128_SHA, | 966 TLS1_TXT_ADH_WITH_AES_128_SHA, |
813 TLS1_CK_ADH_WITH_AES_128_SHA, | 967 TLS1_CK_ADH_WITH_AES_128_SHA, |
814 » SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 968 » SSL_kEDH, |
| 969 » SSL_aNULL, |
| 970 » SSL_AES128, |
| 971 » SSL_SHA1, |
| 972 » SSL_TLSV1, |
815 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
816 » 0, | 974 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
817 128, | 975 128, |
818 128, | 976 128, |
819 SSL_ALL_CIPHERS, | |
820 SSL_ALL_STRENGTHS, | |
821 }, | 977 }, |
822 | 978 |
823 /* Cipher 35 */ | 979 /* Cipher 35 */ |
824 { | 980 { |
825 1, | 981 1, |
826 TLS1_TXT_RSA_WITH_AES_256_SHA, | 982 TLS1_TXT_RSA_WITH_AES_256_SHA, |
827 TLS1_CK_RSA_WITH_AES_256_SHA, | 983 TLS1_CK_RSA_WITH_AES_256_SHA, |
828 » SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | 984 » SSL_kRSA, |
| 985 » SSL_aRSA, |
| 986 » SSL_AES256, |
| 987 » SSL_SHA1, |
| 988 » SSL_TLSV1, |
829 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
830 » 0, | 990 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
831 256, | 991 256, |
832 256, | 992 256, |
833 SSL_ALL_CIPHERS, | |
834 SSL_ALL_STRENGTHS, | |
835 }, | 993 }, |
836 /* Cipher 36 */ | 994 /* Cipher 36 */ |
837 { | 995 { |
838 0, | 996 0, |
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, |
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA, | 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA, |
841 » SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 999 » SSL_kDHd, |
| 1000 » SSL_aDH, |
| 1001 » SSL_AES256, |
| 1002 » SSL_SHA1, |
| 1003 » SSL_TLSV1, |
842 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
843 » 0, | 1005 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
844 256, | 1006 256, |
845 256, | 1007 256, |
846 SSL_ALL_CIPHERS, | |
847 SSL_ALL_STRENGTHS, | |
848 }, | 1008 }, |
| 1009 |
849 /* Cipher 37 */ | 1010 /* Cipher 37 */ |
850 { | 1011 { |
851 » 0, | 1012 » 0, /* not implemented (non-ephemeral DH) */ |
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, |
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA, | 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA, |
854 » SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1015 » SSL_kDHr, |
| 1016 » SSL_aDH, |
| 1017 » SSL_AES256, |
| 1018 » SSL_SHA1, |
| 1019 » SSL_TLSV1, |
855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
856 » 0, | 1021 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
857 256, | 1022 256, |
858 256, | 1023 256, |
859 SSL_ALL_CIPHERS, | |
860 SSL_ALL_STRENGTHS, | |
861 }, | 1024 }, |
| 1025 |
862 /* Cipher 38 */ | 1026 /* Cipher 38 */ |
863 { | 1027 { |
864 1, | 1028 1, |
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, |
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, |
867 » SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | 1031 » SSL_kEDH, |
| 1032 » SSL_aDSS, |
| 1033 » SSL_AES256, |
| 1034 » SSL_SHA1, |
| 1035 » SSL_TLSV1, |
868 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
869 » 0, | 1037 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
870 256, | 1038 256, |
871 256, | 1039 256, |
872 SSL_ALL_CIPHERS, | |
873 SSL_ALL_STRENGTHS, | |
874 }, | 1040 }, |
| 1041 |
875 /* Cipher 39 */ | 1042 /* Cipher 39 */ |
876 { | 1043 { |
877 1, | 1044 1, |
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, |
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, |
880 » SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1047 » SSL_kEDH, |
| 1048 » SSL_aRSA, |
| 1049 » SSL_AES256, |
| 1050 » SSL_SHA1, |
| 1051 » SSL_TLSV1, |
881 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
882 » 0, | 1053 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
883 256, | 1054 256, |
884 256, | 1055 256, |
885 SSL_ALL_CIPHERS, | |
886 SSL_ALL_STRENGTHS, | |
887 }, | 1056 }, |
| 1057 |
888 /* Cipher 3A */ | 1058 /* Cipher 3A */ |
889 { | 1059 { |
890 1, | 1060 1, |
891 TLS1_TXT_ADH_WITH_AES_256_SHA, | 1061 TLS1_TXT_ADH_WITH_AES_256_SHA, |
892 TLS1_CK_ADH_WITH_AES_256_SHA, | 1062 TLS1_CK_ADH_WITH_AES_256_SHA, |
893 » SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 1063 » SSL_kEDH, |
| 1064 » SSL_aNULL, |
| 1065 » SSL_AES256, |
| 1066 » SSL_SHA1, |
| 1067 » SSL_TLSV1, |
894 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
895 » 0, | 1069 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
896 256, | 1070 256, |
897 256, | 1071 256, |
898 SSL_ALL_CIPHERS, | |
899 SSL_ALL_STRENGTHS, | |
900 }, | 1072 }, |
901 | 1073 |
902 #ifndef OPENSSL_NO_CAMELLIA | 1074 #ifndef OPENSSL_NO_CAMELLIA |
903 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ | 1075 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ |
904 | 1076 |
905 /* Cipher 41 */ | 1077 /* Cipher 41 */ |
906 { | 1078 { |
907 1, | 1079 1, |
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, | 1080 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, |
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, | 1081 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, |
910 » SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1082 » SSL_kRSA, |
| 1083 » SSL_aRSA, |
| 1084 » SSL_CAMELLIA128, |
| 1085 » SSL_SHA1, |
| 1086 » SSL_TLSV1, |
911 SSL_NOT_EXP|SSL_HIGH, | 1087 SSL_NOT_EXP|SSL_HIGH, |
912 » 0, | 1088 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
913 128, | 1089 128, |
914 128, | 1090 128, |
915 SSL_ALL_CIPHERS, | |
916 SSL_ALL_STRENGTHS | |
917 }, | 1091 }, |
| 1092 |
918 /* Cipher 42 */ | 1093 /* Cipher 42 */ |
919 { | 1094 { |
920 0, /* not implemented (non-ephemeral DH) */ | 1095 0, /* not implemented (non-ephemeral DH) */ |
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | 1096 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, |
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | 1097 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, |
923 » SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1098 » SSL_kDHd, |
| 1099 » SSL_aDH, |
| 1100 » SSL_CAMELLIA128, |
| 1101 » SSL_SHA1, |
| 1102 » SSL_TLSV1, |
924 SSL_NOT_EXP|SSL_HIGH, | 1103 SSL_NOT_EXP|SSL_HIGH, |
925 » 0, | 1104 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
926 128, | 1105 128, |
927 128, | 1106 128, |
928 SSL_ALL_CIPHERS, | |
929 SSL_ALL_STRENGTHS | |
930 }, | 1107 }, |
| 1108 |
931 /* Cipher 43 */ | 1109 /* Cipher 43 */ |
932 { | 1110 { |
933 0, /* not implemented (non-ephemeral DH) */ | 1111 0, /* not implemented (non-ephemeral DH) */ |
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | 1112 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, |
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | 1113 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, |
936 » SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1114 » SSL_kDHr, |
| 1115 » SSL_aDH, |
| 1116 » SSL_CAMELLIA128, |
| 1117 » SSL_SHA1, |
| 1118 » SSL_TLSV1, |
937 SSL_NOT_EXP|SSL_HIGH, | 1119 SSL_NOT_EXP|SSL_HIGH, |
938 » 0, | 1120 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
939 128, | 1121 128, |
940 128, | 1122 128, |
941 SSL_ALL_CIPHERS, | |
942 SSL_ALL_STRENGTHS | |
943 }, | 1123 }, |
| 1124 |
944 /* Cipher 44 */ | 1125 /* Cipher 44 */ |
945 { | 1126 { |
946 1, | 1127 1, |
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 1128 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | 1129 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, |
949 » SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1130 » SSL_kEDH, |
| 1131 » SSL_aDSS, |
| 1132 » SSL_CAMELLIA128, |
| 1133 » SSL_SHA1, |
| 1134 » SSL_TLSV1, |
950 SSL_NOT_EXP|SSL_HIGH, | 1135 SSL_NOT_EXP|SSL_HIGH, |
951 » 0, | 1136 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
952 128, | 1137 128, |
953 128, | 1138 128, |
954 SSL_ALL_CIPHERS, | |
955 SSL_ALL_STRENGTHS | |
956 }, | 1139 }, |
| 1140 |
957 /* Cipher 45 */ | 1141 /* Cipher 45 */ |
958 { | 1142 { |
959 1, | 1143 1, |
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 1144 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | 1145 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
962 » SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1146 » SSL_kEDH, |
| 1147 » SSL_aRSA, |
| 1148 » SSL_CAMELLIA128, |
| 1149 » SSL_SHA1, |
| 1150 » SSL_TLSV1, |
963 SSL_NOT_EXP|SSL_HIGH, | 1151 SSL_NOT_EXP|SSL_HIGH, |
964 » 0, | 1152 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
965 128, | 1153 128, |
966 128, | 1154 128, |
967 SSL_ALL_CIPHERS, | |
968 SSL_ALL_STRENGTHS | |
969 }, | 1155 }, |
| 1156 |
970 /* Cipher 46 */ | 1157 /* Cipher 46 */ |
971 { | 1158 { |
972 1, | 1159 1, |
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | 1160 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, |
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | 1161 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, |
975 » SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1162 » SSL_kEDH, |
| 1163 » SSL_aNULL, |
| 1164 » SSL_CAMELLIA128, |
| 1165 » SSL_SHA1, |
| 1166 » SSL_TLSV1, |
976 SSL_NOT_EXP|SSL_HIGH, | 1167 SSL_NOT_EXP|SSL_HIGH, |
977 » 0, | 1168 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
978 128, | 1169 128, |
979 128, | 1170 128, |
980 SSL_ALL_CIPHERS, | |
981 SSL_ALL_STRENGTHS | |
982 }, | 1171 }, |
983 #endif /* OPENSSL_NO_CAMELLIA */ | 1172 #endif /* OPENSSL_NO_CAMELLIA */ |
984 | 1173 |
985 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES | 1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES |
986 /* New TLS Export CipherSuites from expired ID */ | 1175 /* New TLS Export CipherSuites from expired ID */ |
987 #if 0 | 1176 #if 0 |
988 /* Cipher 60 */ | 1177 /* Cipher 60 */ |
989 » { | 1178 » { |
990 » 1, | 1179 » 1, |
991 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, | 1180 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, |
992 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, | 1181 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, |
993 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, | 1182 » SSL_kRSA, |
994 » SSL_EXPORT|SSL_EXP56, | 1183 » SSL_aRSA, |
995 » 0, | 1184 » SSL_RC4, |
996 » 56, | 1185 » SSL_MD5, |
997 » 128, | 1186 » SSL_TLSV1, |
998 » SSL_ALL_CIPHERS, | 1187 » SSL_EXPORT|SSL_EXP56, |
999 » SSL_ALL_STRENGTHS, | 1188 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1000 » }, | 1189 » 56, |
| 1190 » 128, |
| 1191 » }, |
| 1192 |
1001 /* Cipher 61 */ | 1193 /* Cipher 61 */ |
1002 » { | 1194 » { |
1003 » 1, | 1195 » 1, |
1004 » TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | 1196 » TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, |
1005 » TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | 1197 » TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, |
1006 » SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, | 1198 » SSL_kRSA, |
1007 » SSL_EXPORT|SSL_EXP56, | 1199 » SSL_aRSA, |
1008 » 0, | 1200 » SSL_RC2, |
1009 » 56, | 1201 » SSL_MD5, |
1010 » 128, | 1202 » SSL_TLSV1, |
1011 » SSL_ALL_CIPHERS, | 1203 » SSL_EXPORT|SSL_EXP56, |
1012 » SSL_ALL_STRENGTHS, | 1204 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1013 » }, | 1205 » 56, |
| 1206 » 128, |
| 1207 » }, |
1014 #endif | 1208 #endif |
| 1209 |
1015 /* Cipher 62 */ | 1210 /* Cipher 62 */ |
1016 » { | 1211 » { |
1017 » 1, | 1212 » 1, |
1018 » TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 1213 » TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
1019 » TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 1214 » TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
1020 » SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, | 1215 » SSL_kRSA, |
1021 » SSL_EXPORT|SSL_EXP56, | 1216 » SSL_aRSA, |
1022 » 0, | 1217 » SSL_DES, |
1023 » 56, | 1218 » SSL_SHA1, |
1024 » 56, | 1219 » SSL_TLSV1, |
1025 » SSL_ALL_CIPHERS, | 1220 » SSL_EXPORT|SSL_EXP56, |
1026 » SSL_ALL_STRENGTHS, | 1221 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1027 » }, | 1222 » 56, |
| 1223 » 56, |
| 1224 » }, |
| 1225 |
1028 /* Cipher 63 */ | 1226 /* Cipher 63 */ |
1029 » { | 1227 » { |
1030 » 1, | 1228 » 1, |
1031 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | 1229 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, |
1032 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | 1230 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, |
1033 » SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, | 1231 » SSL_kEDH, |
1034 » SSL_EXPORT|SSL_EXP56, | 1232 » SSL_aDSS, |
1035 » 0, | 1233 » SSL_DES, |
1036 » 56, | 1234 » SSL_SHA1, |
1037 » 56, | 1235 » SSL_TLSV1, |
1038 » SSL_ALL_CIPHERS, | 1236 » SSL_EXPORT|SSL_EXP56, |
1039 » SSL_ALL_STRENGTHS, | 1237 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1040 » }, | 1238 » 56, |
| 1239 » 56, |
| 1240 » }, |
| 1241 |
1041 /* Cipher 64 */ | 1242 /* Cipher 64 */ |
1042 » { | 1243 » { |
1043 » 1, | 1244 » 1, |
1044 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, | 1245 » TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, |
1045 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, | 1246 » TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, |
1046 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1247 » SSL_kRSA, |
1047 » SSL_EXPORT|SSL_EXP56, | 1248 » SSL_aRSA, |
1048 » 0, | 1249 » SSL_RC4, |
1049 » 56, | 1250 » SSL_SHA1, |
1050 » 128, | 1251 » SSL_TLSV1, |
1051 » SSL_ALL_CIPHERS, | 1252 » SSL_EXPORT|SSL_EXP56, |
1052 » SSL_ALL_STRENGTHS, | 1253 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1053 » }, | 1254 » 56, |
| 1255 » 128, |
| 1256 » }, |
| 1257 |
1054 /* Cipher 65 */ | 1258 /* Cipher 65 */ |
1055 » { | 1259 » { |
1056 » 1, | 1260 » 1, |
1057 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | 1261 » TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, |
1058 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | 1262 » TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, |
1059 » SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1263 » SSL_kEDH, |
1060 » SSL_EXPORT|SSL_EXP56, | 1264 » SSL_aDSS, |
1061 » 0, | 1265 » SSL_RC4, |
1062 » 56, | 1266 » SSL_SHA1, |
1063 » 128, | 1267 » SSL_TLSV1, |
1064 » SSL_ALL_CIPHERS, | 1268 » SSL_EXPORT|SSL_EXP56, |
1065 » SSL_ALL_STRENGTHS, | 1269 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1066 » }, | 1270 » 56, |
| 1271 » 128, |
| 1272 » }, |
| 1273 |
1067 /* Cipher 66 */ | 1274 /* Cipher 66 */ |
1068 » { | 1275 » { |
1069 » 1, | 1276 » 1, |
1070 » TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, | 1277 » TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, |
1071 » TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, | 1278 » TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, |
1072 » SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1279 » SSL_kEDH, |
1073 » SSL_NOT_EXP|SSL_MEDIUM, | 1280 » SSL_aDSS, |
1074 » 0, | 1281 » SSL_RC4, |
1075 » 128, | 1282 » SSL_SHA1, |
1076 » 128, | 1283 » SSL_TLSV1, |
1077 » SSL_ALL_CIPHERS, | 1284 » SSL_NOT_EXP|SSL_MEDIUM, |
1078 » SSL_ALL_STRENGTHS | 1285 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1079 » }, | 1286 » 128, |
| 1287 » 128, |
| 1288 » }, |
1080 #endif | 1289 #endif |
| 1290 { |
| 1291 1, |
| 1292 "GOST94-GOST89-GOST89", |
| 1293 0x3000080, |
| 1294 SSL_kGOST, |
| 1295 SSL_aGOST94, |
| 1296 SSL_eGOST2814789CNT, |
| 1297 SSL_GOST89MAC, |
| 1298 SSL_TLSV1, |
| 1299 SSL_NOT_EXP|SSL_HIGH, |
| 1300 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, |
| 1301 256, |
| 1302 256 |
| 1303 }, |
| 1304 { |
| 1305 1, |
| 1306 "GOST2001-GOST89-GOST89", |
| 1307 0x3000081, |
| 1308 SSL_kGOST, |
| 1309 SSL_aGOST01, |
| 1310 SSL_eGOST2814789CNT, |
| 1311 SSL_GOST89MAC, |
| 1312 SSL_TLSV1, |
| 1313 SSL_NOT_EXP|SSL_HIGH, |
| 1314 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, |
| 1315 256, |
| 1316 256 |
| 1317 }, |
| 1318 { |
| 1319 1, |
| 1320 "GOST94-NULL-GOST94", |
| 1321 0x3000082, |
| 1322 SSL_kGOST, |
| 1323 SSL_aGOST94, |
| 1324 SSL_eNULL, |
| 1325 SSL_GOST94, |
| 1326 SSL_TLSV1, |
| 1327 SSL_NOT_EXP|SSL_STRONG_NONE, |
| 1328 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, |
| 1329 0, |
| 1330 0 |
| 1331 }, |
| 1332 { |
| 1333 1, |
| 1334 "GOST2001-NULL-GOST94", |
| 1335 0x3000083, |
| 1336 SSL_kGOST, |
| 1337 SSL_aGOST01, |
| 1338 SSL_eNULL, |
| 1339 SSL_GOST94, |
| 1340 SSL_TLSV1, |
| 1341 SSL_NOT_EXP|SSL_STRONG_NONE, |
| 1342 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, |
| 1343 0, |
| 1344 0 |
| 1345 }, |
1081 | 1346 |
1082 #ifndef OPENSSL_NO_CAMELLIA | 1347 #ifndef OPENSSL_NO_CAMELLIA |
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ | 1348 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ |
1084 | 1349 |
1085 /* Cipher 84 */ | 1350 /* Cipher 84 */ |
1086 { | 1351 { |
1087 1, | 1352 1, |
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1353 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, |
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1354 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, |
1090 » SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1355 » SSL_kRSA, |
| 1356 » SSL_aRSA, |
| 1357 » SSL_CAMELLIA256, |
| 1358 » SSL_SHA1, |
| 1359 » SSL_TLSV1, |
1091 SSL_NOT_EXP|SSL_HIGH, | 1360 SSL_NOT_EXP|SSL_HIGH, |
1092 » 0, | 1361 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1093 256, | 1362 256, |
1094 256, | 1363 256, |
1095 SSL_ALL_CIPHERS, | |
1096 SSL_ALL_STRENGTHS | |
1097 }, | 1364 }, |
1098 /* Cipher 85 */ | 1365 /* Cipher 85 */ |
1099 { | 1366 { |
1100 0, /* not implemented (non-ephemeral DH) */ | 1367 0, /* not implemented (non-ephemeral DH) */ |
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1368 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, |
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1369 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, |
1103 » SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1370 » SSL_kDHd, |
| 1371 » SSL_aDH, |
| 1372 » SSL_CAMELLIA256, |
| 1373 » SSL_SHA1, |
| 1374 » SSL_TLSV1, |
1104 SSL_NOT_EXP|SSL_HIGH, | 1375 SSL_NOT_EXP|SSL_HIGH, |
1105 » 0, | 1376 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1106 256, | 1377 256, |
1107 256, | 1378 256, |
1108 SSL_ALL_CIPHERS, | |
1109 SSL_ALL_STRENGTHS | |
1110 }, | 1379 }, |
| 1380 |
1111 /* Cipher 86 */ | 1381 /* Cipher 86 */ |
1112 { | 1382 { |
1113 0, /* not implemented (non-ephemeral DH) */ | 1383 0, /* not implemented (non-ephemeral DH) */ |
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1384 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, |
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1385 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, |
1116 » SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1386 » SSL_kDHr, |
| 1387 » SSL_aDH, |
| 1388 » SSL_CAMELLIA256, |
| 1389 » SSL_SHA1, |
| 1390 » SSL_TLSV1, |
1117 SSL_NOT_EXP|SSL_HIGH, | 1391 SSL_NOT_EXP|SSL_HIGH, |
1118 » 0, | 1392 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1119 256, | 1393 256, |
1120 256, | 1394 256, |
1121 SSL_ALL_CIPHERS, | |
1122 SSL_ALL_STRENGTHS | |
1123 }, | 1395 }, |
| 1396 |
1124 /* Cipher 87 */ | 1397 /* Cipher 87 */ |
1125 { | 1398 { |
1126 1, | 1399 1, |
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1400 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | 1401 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, |
1129 » SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1402 » SSL_kEDH, |
| 1403 » SSL_aDSS, |
| 1404 » SSL_CAMELLIA256, |
| 1405 » SSL_SHA1, |
| 1406 » SSL_TLSV1, |
1130 SSL_NOT_EXP|SSL_HIGH, | 1407 SSL_NOT_EXP|SSL_HIGH, |
1131 » 0, | 1408 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1132 256, | 1409 256, |
1133 256, | 1410 256, |
1134 SSL_ALL_CIPHERS, | |
1135 SSL_ALL_STRENGTHS | |
1136 }, | 1411 }, |
| 1412 |
1137 /* Cipher 88 */ | 1413 /* Cipher 88 */ |
1138 { | 1414 { |
1139 1, | 1415 1, |
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1416 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | 1417 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
1142 » SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1418 » SSL_kEDH, |
| 1419 » SSL_aRSA, |
| 1420 » SSL_CAMELLIA256, |
| 1421 » SSL_SHA1, |
| 1422 » SSL_TLSV1, |
1143 SSL_NOT_EXP|SSL_HIGH, | 1423 SSL_NOT_EXP|SSL_HIGH, |
1144 » 0, | 1424 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1145 256, | 1425 256, |
1146 256, | 1426 256, |
1147 SSL_ALL_CIPHERS, | |
1148 SSL_ALL_STRENGTHS | |
1149 }, | 1427 }, |
| 1428 |
1150 /* Cipher 89 */ | 1429 /* Cipher 89 */ |
1151 { | 1430 { |
1152 1, | 1431 1, |
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | 1432 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, |
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | 1433 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, |
1155 » SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | 1434 » SSL_kEDH, |
| 1435 » SSL_aNULL, |
| 1436 » SSL_CAMELLIA256, |
| 1437 » SSL_SHA1, |
| 1438 » SSL_TLSV1, |
1156 SSL_NOT_EXP|SSL_HIGH, | 1439 SSL_NOT_EXP|SSL_HIGH, |
1157 » 0, | 1440 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1158 256, | 1441 256, |
1159 256, | 1442 256, |
1160 SSL_ALL_CIPHERS, | |
1161 SSL_ALL_STRENGTHS | |
1162 }, | 1443 }, |
1163 #endif /* OPENSSL_NO_CAMELLIA */ | 1444 #endif /* OPENSSL_NO_CAMELLIA */ |
1164 | 1445 |
| 1446 #ifndef OPENSSL_NO_PSK |
| 1447 /* Cipher 8A */ |
| 1448 { |
| 1449 1, |
| 1450 TLS1_TXT_PSK_WITH_RC4_128_SHA, |
| 1451 TLS1_CK_PSK_WITH_RC4_128_SHA, |
| 1452 SSL_kPSK, |
| 1453 SSL_aPSK, |
| 1454 SSL_RC4, |
| 1455 SSL_SHA1, |
| 1456 SSL_TLSV1, |
| 1457 SSL_NOT_EXP|SSL_MEDIUM, |
| 1458 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 1459 128, |
| 1460 128, |
| 1461 }, |
| 1462 |
| 1463 /* Cipher 8B */ |
| 1464 { |
| 1465 1, |
| 1466 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, |
| 1467 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, |
| 1468 SSL_kPSK, |
| 1469 SSL_aPSK, |
| 1470 SSL_3DES, |
| 1471 SSL_SHA1, |
| 1472 SSL_TLSV1, |
| 1473 SSL_NOT_EXP|SSL_HIGH, |
| 1474 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 1475 168, |
| 1476 168, |
| 1477 }, |
| 1478 |
| 1479 /* Cipher 8C */ |
| 1480 { |
| 1481 1, |
| 1482 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, |
| 1483 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, |
| 1484 SSL_kPSK, |
| 1485 SSL_aPSK, |
| 1486 SSL_AES128, |
| 1487 SSL_SHA1, |
| 1488 SSL_TLSV1, |
| 1489 SSL_NOT_EXP|SSL_HIGH, |
| 1490 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 1491 128, |
| 1492 128, |
| 1493 }, |
| 1494 |
| 1495 /* Cipher 8D */ |
| 1496 { |
| 1497 1, |
| 1498 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, |
| 1499 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, |
| 1500 SSL_kPSK, |
| 1501 SSL_aPSK, |
| 1502 SSL_AES256, |
| 1503 SSL_SHA1, |
| 1504 SSL_TLSV1, |
| 1505 SSL_NOT_EXP|SSL_HIGH, |
| 1506 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 1507 256, |
| 1508 256, |
| 1509 }, |
| 1510 #endif /* OPENSSL_NO_PSK */ |
| 1511 |
1165 #ifndef OPENSSL_NO_SEED | 1512 #ifndef OPENSSL_NO_SEED |
1166 /* SEED ciphersuites from RFC4162 */ | 1513 /* SEED ciphersuites from RFC4162 */ |
1167 | 1514 |
1168 /* Cipher 96 */ | 1515 /* Cipher 96 */ |
1169 { | 1516 { |
1170 1, | 1517 1, |
1171 TLS1_TXT_RSA_WITH_SEED_SHA, | 1518 TLS1_TXT_RSA_WITH_SEED_SHA, |
1172 TLS1_CK_RSA_WITH_SEED_SHA, | 1519 TLS1_CK_RSA_WITH_SEED_SHA, |
1173 » SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, | 1520 » SSL_kRSA, |
| 1521 » SSL_aRSA, |
| 1522 » SSL_SEED, |
| 1523 » SSL_SHA1, |
| 1524 » SSL_TLSV1, |
1174 SSL_NOT_EXP|SSL_MEDIUM, | 1525 SSL_NOT_EXP|SSL_MEDIUM, |
1175 » 0, | 1526 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1176 128, | 1527 128, |
1177 128, | 1528 128, |
1178 SSL_ALL_CIPHERS, | |
1179 SSL_ALL_STRENGTHS, | |
1180 }, | 1529 }, |
1181 | 1530 |
1182 /* Cipher 97 */ | 1531 /* Cipher 97 */ |
1183 { | 1532 { |
1184 0, /* not implemented (non-ephemeral DH) */ | 1533 0, /* not implemented (non-ephemeral DH) */ |
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA, | 1534 TLS1_TXT_DH_DSS_WITH_SEED_SHA, |
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA, | 1535 TLS1_CK_DH_DSS_WITH_SEED_SHA, |
1187 » SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, | 1536 » SSL_kDHd, |
| 1537 » SSL_aDH, |
| 1538 » SSL_SEED, |
| 1539 » SSL_SHA1, |
| 1540 » SSL_TLSV1, |
1188 SSL_NOT_EXP|SSL_MEDIUM, | 1541 SSL_NOT_EXP|SSL_MEDIUM, |
1189 » 0, | 1542 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1190 128, | 1543 128, |
1191 128, | 1544 128, |
1192 SSL_ALL_CIPHERS, | |
1193 SSL_ALL_STRENGTHS, | |
1194 }, | 1545 }, |
1195 | 1546 |
1196 /* Cipher 98 */ | 1547 /* Cipher 98 */ |
1197 { | 1548 { |
1198 0, /* not implemented (non-ephemeral DH) */ | 1549 0, /* not implemented (non-ephemeral DH) */ |
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA, | 1550 TLS1_TXT_DH_RSA_WITH_SEED_SHA, |
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA, | 1551 TLS1_CK_DH_RSA_WITH_SEED_SHA, |
1201 » SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, | 1552 » SSL_kDHr, |
| 1553 » SSL_aDH, |
| 1554 » SSL_SEED, |
| 1555 » SSL_SHA1, |
| 1556 » SSL_TLSV1, |
1202 SSL_NOT_EXP|SSL_MEDIUM, | 1557 SSL_NOT_EXP|SSL_MEDIUM, |
1203 » 0, | 1558 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1204 128, | 1559 128, |
1205 128, | 1560 128, |
1206 SSL_ALL_CIPHERS, | |
1207 SSL_ALL_STRENGTHS, | |
1208 }, | 1561 }, |
1209 | 1562 |
1210 /* Cipher 99 */ | 1563 /* Cipher 99 */ |
1211 { | 1564 { |
1212 1, | 1565 1, |
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, | 1566 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, |
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA, | 1567 TLS1_CK_DHE_DSS_WITH_SEED_SHA, |
1215 » SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, | 1568 » SSL_kEDH, |
| 1569 » SSL_aDSS, |
| 1570 » SSL_SEED, |
| 1571 » SSL_SHA1, |
| 1572 » SSL_TLSV1, |
1216 SSL_NOT_EXP|SSL_MEDIUM, | 1573 SSL_NOT_EXP|SSL_MEDIUM, |
1217 » 0, | 1574 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1218 128, | 1575 128, |
1219 128, | 1576 128, |
1220 SSL_ALL_CIPHERS, | |
1221 SSL_ALL_STRENGTHS, | |
1222 }, | 1577 }, |
1223 | 1578 |
1224 /* Cipher 9A */ | 1579 /* Cipher 9A */ |
1225 { | 1580 { |
1226 1, | 1581 1, |
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, | 1582 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, |
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA, | 1583 TLS1_CK_DHE_RSA_WITH_SEED_SHA, |
1229 » SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, | 1584 » SSL_kEDH, |
| 1585 » SSL_aRSA, |
| 1586 » SSL_SEED, |
| 1587 » SSL_SHA1, |
| 1588 » SSL_TLSV1, |
1230 SSL_NOT_EXP|SSL_MEDIUM, | 1589 SSL_NOT_EXP|SSL_MEDIUM, |
1231 » 0, | 1590 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1232 128, | 1591 128, |
1233 128, | 1592 128, |
1234 SSL_ALL_CIPHERS, | |
1235 SSL_ALL_STRENGTHS, | |
1236 }, | 1593 }, |
1237 | 1594 |
1238 /* Cipher 9B */ | 1595 /* Cipher 9B */ |
1239 { | 1596 { |
1240 1, | 1597 1, |
1241 TLS1_TXT_ADH_WITH_SEED_SHA, | 1598 TLS1_TXT_ADH_WITH_SEED_SHA, |
1242 TLS1_CK_ADH_WITH_SEED_SHA, | 1599 TLS1_CK_ADH_WITH_SEED_SHA, |
1243 » SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, | 1600 » SSL_kEDH, |
1244 » SSL_NOT_EXP|SSL_MEDIUM, | 1601 » SSL_aNULL, |
1245 » 0, | 1602 » SSL_SEED, |
1246 » 128, | 1603 » SSL_SHA1, |
1247 » 128, | 1604 » SSL_TLSV1, |
1248 » SSL_ALL_CIPHERS, | 1605 » SSL_NOT_EXP|SSL_MEDIUM, |
1249 » SSL_ALL_STRENGTHS, | 1606 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 1607 » 128, |
| 1608 » 128, |
1250 }, | 1609 }, |
1251 | 1610 |
1252 #endif /* OPENSSL_NO_SEED */ | 1611 #endif /* OPENSSL_NO_SEED */ |
1253 | 1612 |
1254 #ifndef OPENSSL_NO_ECDH | 1613 #ifndef OPENSSL_NO_ECDH |
1255 /* Cipher C001 */ | 1614 /* Cipher C001 */ |
1256 » { | 1615 » { |
1257 1, | 1616 » 1, |
1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, | 1617 » TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, |
1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, | 1618 » TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, |
1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, | 1619 » SSL_kECDHe, |
1261 SSL_NOT_EXP, | 1620 » SSL_aECDH, |
1262 0, | 1621 » SSL_eNULL, |
1263 0, | 1622 » SSL_SHA1, |
1264 0, | 1623 » SSL_TLSV1, |
1265 SSL_ALL_CIPHERS, | 1624 » SSL_NOT_EXP|SSL_STRONG_NONE, |
1266 SSL_ALL_STRENGTHS, | 1625 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1267 }, | 1626 » 0, |
| 1627 » 0, |
| 1628 » }, |
1268 | 1629 |
1269 /* Cipher C002 */ | 1630 /* Cipher C002 */ |
1270 » { | 1631 » { |
1271 1, | 1632 » 1, |
1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, | 1633 » TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, |
1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, | 1634 » TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, |
1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1635 » SSL_kECDHe, |
1275 SSL_NOT_EXP, | 1636 » SSL_aECDH, |
1276 0, | 1637 » SSL_RC4, |
1277 128, | 1638 » SSL_SHA1, |
1278 128, | 1639 » SSL_TLSV1, |
1279 SSL_ALL_CIPHERS, | 1640 » SSL_NOT_EXP|SSL_MEDIUM, |
1280 SSL_ALL_STRENGTHS, | 1641 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1281 }, | 1642 » 128, |
| 1643 » 128, |
| 1644 » }, |
1282 | 1645 |
1283 /* Cipher C003 */ | 1646 /* Cipher C003 */ |
1284 » { | 1647 » { |
1285 1, | 1648 » 1, |
1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, | 1649 » TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, |
1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, | 1650 » TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, |
1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | 1651 » SSL_kECDHe, |
1289 SSL_NOT_EXP|SSL_HIGH, | 1652 » SSL_aECDH, |
1290 0, | 1653 » SSL_3DES, |
1291 168, | 1654 » SSL_SHA1, |
1292 168, | 1655 » SSL_TLSV1, |
1293 SSL_ALL_CIPHERS, | 1656 » SSL_NOT_EXP|SSL_HIGH, |
1294 SSL_ALL_STRENGTHS, | 1657 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1295 }, | 1658 » 168, |
| 1659 » 168, |
| 1660 » }, |
1296 | 1661 |
1297 /* Cipher C004 */ | 1662 /* Cipher C004 */ |
1298 » { | 1663 » { |
1299 1, | 1664 » 1, |
1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | 1665 » TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | 1666 » TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1667 » SSL_kECDHe, |
1303 SSL_NOT_EXP|SSL_HIGH, | 1668 » SSL_aECDH, |
1304 0, | 1669 » SSL_AES128, |
1305 128, | 1670 » SSL_SHA1, |
1306 128, | 1671 » SSL_TLSV1, |
1307 SSL_ALL_CIPHERS, | 1672 » SSL_NOT_EXP|SSL_HIGH, |
1308 SSL_ALL_STRENGTHS, | 1673 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1309 }, | 1674 » 128, |
| 1675 » 128, |
| 1676 » }, |
1310 | 1677 |
1311 /* Cipher C005 */ | 1678 /* Cipher C005 */ |
1312 » { | 1679 » { |
1313 1, | 1680 » 1, |
1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | 1681 » TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | 1682 » TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1683 » SSL_kECDHe, |
1317 SSL_NOT_EXP|SSL_HIGH, | 1684 » SSL_aECDH, |
1318 0, | 1685 » SSL_AES256, |
1319 256, | 1686 » SSL_SHA1, |
1320 256, | 1687 » SSL_TLSV1, |
1321 SSL_ALL_CIPHERS, | 1688 » SSL_NOT_EXP|SSL_HIGH, |
1322 SSL_ALL_STRENGTHS, | 1689 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1323 }, | 1690 » 256, |
| 1691 » 256, |
| 1692 » }, |
1324 | 1693 |
1325 /* Cipher C006 */ | 1694 /* Cipher C006 */ |
1326 » { | 1695 » { |
1327 1, | 1696 » 1, |
1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, | 1697 » TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, | 1698 » TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, | 1699 » SSL_kEECDH, |
1331 SSL_NOT_EXP, | 1700 » SSL_aECDSA, |
1332 0, | 1701 » SSL_eNULL, |
1333 0, | 1702 » SSL_SHA1, |
1334 0, | 1703 » SSL_TLSV1, |
1335 SSL_ALL_CIPHERS, | 1704 » SSL_NOT_EXP|SSL_STRONG_NONE, |
1336 SSL_ALL_STRENGTHS, | 1705 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1337 }, | 1706 » 0, |
| 1707 » 0, |
| 1708 » }, |
1338 | 1709 |
1339 /* Cipher C007 */ | 1710 /* Cipher C007 */ |
1340 » { | 1711 » { |
1341 1, | 1712 » 1, |
1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, | 1713 » TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, | 1714 » TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1715 » SSL_kEECDH, |
1345 SSL_NOT_EXP, | 1716 » SSL_aECDSA, |
1346 0, | 1717 » SSL_RC4, |
1347 128, | 1718 » SSL_SHA1, |
1348 128, | 1719 » SSL_TLSV1, |
1349 SSL_ALL_CIPHERS, | 1720 » SSL_NOT_EXP|SSL_MEDIUM, |
1350 SSL_ALL_STRENGTHS, | 1721 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1351 }, | 1722 » 128, |
| 1723 » 128, |
| 1724 » }, |
1352 | 1725 |
1353 /* Cipher C008 */ | 1726 /* Cipher C008 */ |
1354 » { | 1727 » { |
1355 1, | 1728 » 1, |
1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | 1729 » TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | 1730 » TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | 1731 » SSL_kEECDH, |
1359 SSL_NOT_EXP|SSL_HIGH, | 1732 » SSL_aECDSA, |
1360 0, | 1733 » SSL_3DES, |
1361 168, | 1734 » SSL_SHA1, |
1362 168, | 1735 » SSL_TLSV1, |
1363 SSL_ALL_CIPHERS, | 1736 » SSL_NOT_EXP|SSL_HIGH, |
1364 SSL_ALL_STRENGTHS, | 1737 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1365 }, | 1738 » 168, |
| 1739 » 168, |
| 1740 » }, |
1366 | 1741 |
1367 /* Cipher C009 */ | 1742 /* Cipher C009 */ |
1368 » { | 1743 » { |
1369 1, | 1744 » 1, |
1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 1745 » TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | 1746 » TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1747 » SSL_kEECDH, |
1373 SSL_NOT_EXP|SSL_HIGH, | 1748 » SSL_aECDSA, |
1374 0, | 1749 » SSL_AES128, |
1375 128, | 1750 » SSL_SHA1, |
1376 128, | 1751 » SSL_TLSV1, |
1377 SSL_ALL_CIPHERS, | 1752 » SSL_NOT_EXP|SSL_HIGH, |
1378 SSL_ALL_STRENGTHS, | 1753 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1379 }, | 1754 » 128, |
| 1755 » 128, |
| 1756 » }, |
1380 | 1757 |
1381 /* Cipher C00A */ | 1758 /* Cipher C00A */ |
1382 » { | 1759 » { |
1383 1, | 1760 » 1, |
1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 1761 » TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | 1762 » TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1763 » SSL_kEECDH, |
1387 SSL_NOT_EXP|SSL_HIGH, | 1764 » SSL_aECDSA, |
1388 0, | 1765 » SSL_AES256, |
1389 256, | 1766 » SSL_SHA1, |
1390 256, | 1767 » SSL_TLSV1, |
1391 SSL_ALL_CIPHERS, | 1768 » SSL_NOT_EXP|SSL_HIGH, |
1392 SSL_ALL_STRENGTHS, | 1769 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1393 }, | 1770 » 256, |
| 1771 » 256, |
| 1772 » }, |
1394 | 1773 |
1395 /* Cipher C00B */ | 1774 /* Cipher C00B */ |
1396 » { | 1775 » { |
1397 1, | 1776 » 1, |
1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, | 1777 » TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, |
1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, | 1778 » TLS1_CK_ECDH_RSA_WITH_NULL_SHA, |
1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, | 1779 » SSL_kECDHr, |
1401 SSL_NOT_EXP, | 1780 » SSL_aECDH, |
1402 0, | 1781 » SSL_eNULL, |
1403 0, | 1782 » SSL_SHA1, |
1404 0, | 1783 » SSL_TLSV1, |
1405 SSL_ALL_CIPHERS, | 1784 » SSL_NOT_EXP|SSL_STRONG_NONE, |
1406 SSL_ALL_STRENGTHS, | 1785 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1407 }, | 1786 » 0, |
| 1787 » 0, |
| 1788 » }, |
1408 | 1789 |
1409 /* Cipher C00C */ | 1790 /* Cipher C00C */ |
1410 » { | 1791 » { |
1411 1, | 1792 » 1, |
1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, | 1793 » TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, |
1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, | 1794 » TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, |
1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1795 » SSL_kECDHr, |
1415 SSL_NOT_EXP, | 1796 » SSL_aECDH, |
1416 0, | 1797 » SSL_RC4, |
1417 128, | 1798 » SSL_SHA1, |
1418 128, | 1799 » SSL_TLSV1, |
1419 SSL_ALL_CIPHERS, | 1800 » SSL_NOT_EXP|SSL_MEDIUM, |
1420 SSL_ALL_STRENGTHS, | 1801 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1421 }, | 1802 » 128, |
| 1803 » 128, |
| 1804 » }, |
1422 | 1805 |
1423 /* Cipher C00D */ | 1806 /* Cipher C00D */ |
1424 » { | 1807 » { |
1425 1, | 1808 » 1, |
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, | 1809 » TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, |
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, | 1810 » TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, |
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | 1811 » SSL_kECDHr, |
1429 SSL_NOT_EXP|SSL_HIGH, | 1812 » SSL_aECDH, |
1430 0, | 1813 » SSL_3DES, |
1431 168, | 1814 » SSL_SHA1, |
1432 168, | 1815 » SSL_TLSV1, |
1433 SSL_ALL_CIPHERS, | 1816 » SSL_NOT_EXP|SSL_HIGH, |
1434 SSL_ALL_STRENGTHS, | 1817 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1435 }, | 1818 » 168, |
| 1819 » 168, |
| 1820 » }, |
1436 | 1821 |
1437 /* Cipher C00E */ | 1822 /* Cipher C00E */ |
1438 » { | 1823 » { |
1439 1, | 1824 » 1, |
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, | 1825 » TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, |
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, | 1826 » TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, |
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1827 » SSL_kECDHr, |
1443 SSL_NOT_EXP|SSL_HIGH, | 1828 » SSL_aECDH, |
1444 0, | 1829 » SSL_AES128, |
1445 128, | 1830 » SSL_SHA1, |
1446 128, | 1831 » SSL_TLSV1, |
1447 SSL_ALL_CIPHERS, | 1832 » SSL_NOT_EXP|SSL_HIGH, |
1448 SSL_ALL_STRENGTHS, | 1833 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1449 }, | 1834 » 128, |
| 1835 » 128, |
| 1836 » }, |
1450 | 1837 |
1451 /* Cipher C00F */ | 1838 /* Cipher C00F */ |
1452 » { | 1839 » { |
1453 1, | 1840 » 1, |
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, | 1841 » TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, |
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, | 1842 » TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, |
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1843 » SSL_kECDHr, |
1457 SSL_NOT_EXP|SSL_HIGH, | 1844 » SSL_aECDH, |
1458 0, | 1845 » SSL_AES256, |
1459 256, | 1846 » SSL_SHA1, |
1460 256, | 1847 » SSL_TLSV1, |
1461 SSL_ALL_CIPHERS, | 1848 » SSL_NOT_EXP|SSL_HIGH, |
1462 SSL_ALL_STRENGTHS, | 1849 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1463 }, | 1850 » 256, |
| 1851 » 256, |
| 1852 » }, |
1464 | 1853 |
1465 /* Cipher C010 */ | 1854 /* Cipher C010 */ |
1466 » { | 1855 » { |
1467 1, | 1856 » 1, |
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | 1857 » TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, |
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | 1858 » TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, |
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, | 1859 » SSL_kEECDH, |
1471 SSL_NOT_EXP, | 1860 » SSL_aRSA, |
1472 0, | 1861 » SSL_eNULL, |
1473 0, | 1862 » SSL_SHA1, |
1474 0, | 1863 » SSL_TLSV1, |
1475 SSL_ALL_CIPHERS, | 1864 » SSL_NOT_EXP|SSL_STRONG_NONE, |
1476 SSL_ALL_STRENGTHS, | 1865 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1477 }, | 1866 » 0, |
| 1867 » 0, |
| 1868 » }, |
1478 | 1869 |
1479 /* Cipher C011 */ | 1870 /* Cipher C011 */ |
1480 » { | 1871 » { |
1481 1, | 1872 » 1, |
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | 1873 » TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, |
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | 1874 » TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, |
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1875 » SSL_kEECDH, |
1485 SSL_NOT_EXP, | 1876 » SSL_aRSA, |
1486 0, | 1877 » SSL_RC4, |
1487 128, | 1878 » SSL_SHA1, |
1488 128, | 1879 » SSL_TLSV1, |
1489 SSL_ALL_CIPHERS, | 1880 » SSL_NOT_EXP|SSL_MEDIUM, |
1490 SSL_ALL_STRENGTHS, | 1881 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1491 }, | 1882 » 128, |
| 1883 » 128, |
| 1884 » }, |
1492 | 1885 |
1493 /* Cipher C012 */ | 1886 /* Cipher C012 */ |
1494 » { | 1887 » { |
1495 1, | 1888 » 1, |
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | 1889 » TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | 1890 » TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, |
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | 1891 » SSL_kEECDH, |
1499 SSL_NOT_EXP|SSL_HIGH, | 1892 » SSL_aRSA, |
1500 0, | 1893 » SSL_3DES, |
1501 168, | 1894 » SSL_SHA1, |
1502 168, | 1895 » SSL_TLSV1, |
1503 SSL_ALL_CIPHERS, | 1896 » SSL_NOT_EXP|SSL_HIGH, |
1504 SSL_ALL_STRENGTHS, | 1897 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1505 }, | 1898 » 168, |
| 1899 » 168, |
| 1900 » }, |
1506 | 1901 |
1507 /* Cipher C013 */ | 1902 /* Cipher C013 */ |
1508 » { | 1903 » { |
1509 1, | 1904 » 1, |
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 1905 » TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | 1906 » TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1907 » SSL_kEECDH, |
1513 SSL_NOT_EXP|SSL_HIGH, | 1908 » SSL_aRSA, |
1514 0, | 1909 » SSL_AES128, |
1515 128, | 1910 » SSL_SHA1, |
1516 128, | 1911 » SSL_TLSV1, |
1517 SSL_ALL_CIPHERS, | 1912 » SSL_NOT_EXP|SSL_HIGH, |
1518 SSL_ALL_STRENGTHS, | 1913 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1519 }, | 1914 » 128, |
| 1915 » 128, |
| 1916 » }, |
1520 | 1917 |
1521 /* Cipher C014 */ | 1918 /* Cipher C014 */ |
1522 » { | 1919 » { |
1523 1, | 1920 » 1, |
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 1921 » TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | 1922 » TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1923 » SSL_kEECDH, |
1527 SSL_NOT_EXP|SSL_HIGH, | 1924 » SSL_aRSA, |
1528 0, | 1925 » SSL_AES256, |
1529 256, | 1926 » SSL_SHA1, |
1530 256, | 1927 » SSL_TLSV1, |
1531 SSL_ALL_CIPHERS, | 1928 » SSL_NOT_EXP|SSL_HIGH, |
1532 SSL_ALL_STRENGTHS, | 1929 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1533 }, | 1930 » 256, |
| 1931 » 256, |
| 1932 » }, |
1534 | 1933 |
1535 /* Cipher C015 */ | 1934 /* Cipher C015 */ |
1536 { | 1935 » { |
1537 1, | 1936 » 1, |
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | 1937 » TLS1_TXT_ECDH_anon_WITH_NULL_SHA, |
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA, | 1938 » TLS1_CK_ECDH_anon_WITH_NULL_SHA, |
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, | 1939 » SSL_kEECDH, |
1541 SSL_NOT_EXP, | 1940 » SSL_aNULL, |
1542 0, | 1941 » SSL_eNULL, |
1543 0, | 1942 » SSL_SHA1, |
1544 0, | 1943 » SSL_TLSV1, |
1545 SSL_ALL_CIPHERS, | 1944 » SSL_NOT_EXP|SSL_STRONG_NONE, |
1546 SSL_ALL_STRENGTHS, | 1945 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1547 » }, | 1946 » 0, |
| 1947 » 0, |
| 1948 » }, |
1548 | 1949 |
1549 /* Cipher C016 */ | 1950 /* Cipher C016 */ |
1550 { | 1951 » { |
1551 1, | 1952 » 1, |
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | 1953 » TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, |
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | 1954 » TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, |
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, | 1955 » SSL_kEECDH, |
1555 SSL_NOT_EXP, | 1956 » SSL_aNULL, |
1556 0, | 1957 » SSL_RC4, |
1557 128, | 1958 » SSL_SHA1, |
1558 128, | 1959 » SSL_TLSV1, |
1559 SSL_ALL_CIPHERS, | 1960 » SSL_NOT_EXP|SSL_MEDIUM, |
1560 SSL_ALL_STRENGTHS, | 1961 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1561 » }, | 1962 » 128, |
| 1963 » 128, |
| 1964 » }, |
1562 | 1965 |
1563 /* Cipher C017 */ | 1966 /* Cipher C017 */ |
1564 » { | 1967 » { |
1565 1, | 1968 » 1, |
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | 1969 » TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, |
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | 1970 » TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, |
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, | 1971 » SSL_kEECDH, |
1569 SSL_NOT_EXP|SSL_HIGH, | 1972 » SSL_aNULL, |
1570 0, | 1973 » SSL_3DES, |
1571 168, | 1974 » SSL_SHA1, |
1572 168, | 1975 » SSL_TLSV1, |
1573 SSL_ALL_CIPHERS, | 1976 » SSL_NOT_EXP|SSL_HIGH, |
1574 SSL_ALL_STRENGTHS, | 1977 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1575 }, | 1978 » 168, |
| 1979 » 168, |
| 1980 » }, |
1576 | 1981 |
1577 /* Cipher C018 */ | 1982 /* Cipher C018 */ |
1578 » { | 1983 » { |
1579 1, | 1984 » 1, |
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | 1985 » TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, |
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | 1986 » TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, |
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 1987 » SSL_kEECDH, |
1583 SSL_NOT_EXP|SSL_HIGH, | 1988 » SSL_aNULL, |
1584 0, | 1989 » SSL_AES128, |
1585 128, | 1990 » SSL_SHA1, |
1586 128, | 1991 » SSL_TLSV1, |
1587 SSL_ALL_CIPHERS, | 1992 » SSL_NOT_EXP|SSL_HIGH, |
1588 SSL_ALL_STRENGTHS, | 1993 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1589 }, | 1994 » 128, |
| 1995 » 128, |
| 1996 » }, |
1590 | 1997 |
1591 /* Cipher C019 */ | 1998 /* Cipher C019 */ |
1592 » { | 1999 » { |
1593 1, | 2000 » 1, |
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | 2001 » TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, |
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | 2002 » TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, |
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 2003 » SSL_kEECDH, |
1597 SSL_NOT_EXP|SSL_HIGH, | 2004 » SSL_aNULL, |
1598 0, | 2005 » SSL_AES256, |
1599 256, | 2006 » SSL_SHA1, |
1600 256, | 2007 » SSL_TLSV1, |
1601 SSL_ALL_CIPHERS, | 2008 » SSL_NOT_EXP|SSL_HIGH, |
1602 SSL_ALL_STRENGTHS, | 2009 » SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
1603 }, | 2010 » 256, |
| 2011 » 256, |
| 2012 » }, |
1604 #endif /* OPENSSL_NO_ECDH */ | 2013 #endif /* OPENSSL_NO_ECDH */ |
1605 | 2014 |
| 2015 #ifdef TEMP_GOST_TLS |
| 2016 /* Cipher FF00 */ |
| 2017 { |
| 2018 1, |
| 2019 "GOST-MD5", |
| 2020 0x0300ff00, |
| 2021 SSL_kRSA, |
| 2022 SSL_aRSA, |
| 2023 SSL_eGOST2814789CNT, |
| 2024 SSL_MD5, |
| 2025 SSL_TLSV1, |
| 2026 SSL_NOT_EXP|SSL_HIGH, |
| 2027 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 2028 256, |
| 2029 256, |
| 2030 }, |
| 2031 { |
| 2032 1, |
| 2033 "GOST-GOST94", |
| 2034 0x0300ff01, |
| 2035 SSL_kRSA, |
| 2036 SSL_aRSA, |
| 2037 SSL_eGOST2814789CNT, |
| 2038 SSL_GOST94, |
| 2039 SSL_TLSV1, |
| 2040 SSL_NOT_EXP|SSL_HIGH, |
| 2041 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 2042 256, |
| 2043 256 |
| 2044 }, |
| 2045 { |
| 2046 1, |
| 2047 "GOST-GOST89MAC", |
| 2048 0x0300ff02, |
| 2049 SSL_kRSA, |
| 2050 SSL_aRSA, |
| 2051 SSL_eGOST2814789CNT, |
| 2052 SSL_GOST89MAC, |
| 2053 SSL_TLSV1, |
| 2054 SSL_NOT_EXP|SSL_HIGH, |
| 2055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 2056 256, |
| 2057 256 |
| 2058 }, |
| 2059 { |
| 2060 1, |
| 2061 "GOST-GOST89STREAM", |
| 2062 0x0300ff03, |
| 2063 SSL_kRSA, |
| 2064 SSL_aRSA, |
| 2065 SSL_eGOST2814789CNT, |
| 2066 SSL_GOST89MAC, |
| 2067 SSL_TLSV1, |
| 2068 SSL_NOT_EXP|SSL_HIGH, |
| 2069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, |
| 2070 256, |
| 2071 256 |
| 2072 }, |
| 2073 #endif |
1606 | 2074 |
1607 /* end of list */ | 2075 /* end of list */ |
1608 }; | 2076 }; |
1609 | 2077 |
1610 SSL3_ENC_METHOD SSLv3_enc_data={ | 2078 SSL3_ENC_METHOD SSLv3_enc_data={ |
1611 ssl3_enc, | 2079 ssl3_enc, |
1612 » ssl3_mac, | 2080 » n_ssl3_mac, |
1613 ssl3_setup_key_block, | 2081 ssl3_setup_key_block, |
1614 ssl3_generate_master_secret, | 2082 ssl3_generate_master_secret, |
1615 ssl3_change_cipher_state, | 2083 ssl3_change_cipher_state, |
1616 ssl3_final_finish_mac, | 2084 ssl3_final_finish_mac, |
1617 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | 2085 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, |
1618 ssl3_cert_verify_mac, | 2086 ssl3_cert_verify_mac, |
1619 SSL3_MD_CLIENT_FINISHED_CONST,4, | 2087 SSL3_MD_CLIENT_FINISHED_CONST,4, |
1620 SSL3_MD_SERVER_FINISHED_CONST,4, | 2088 SSL3_MD_SERVER_FINISHED_CONST,4, |
1621 ssl3_alert_code, | 2089 ssl3_alert_code, |
1622 }; | 2090 }; |
1623 | 2091 |
1624 long ssl3_default_timeout(void) | 2092 long ssl3_default_timeout(void) |
1625 { | 2093 { |
1626 /* 2 hours, the 24 hours mentioned in the SSLv3 spec | 2094 /* 2 hours, the 24 hours mentioned in the SSLv3 spec |
1627 * is way too long for http, the cache would over fill */ | 2095 * is way too long for http, the cache would over fill */ |
1628 return(60*60*2); | 2096 return(60*60*2); |
1629 } | 2097 } |
1630 | 2098 |
1631 IMPLEMENT_ssl3_meth_func(sslv3_base_method, | |
1632 ssl_undefined_function, | |
1633 ssl_undefined_function, | |
1634 ssl_bad_method) | |
1635 | |
1636 int ssl3_num_ciphers(void) | 2099 int ssl3_num_ciphers(void) |
1637 { | 2100 { |
1638 return(SSL3_NUM_CIPHERS); | 2101 return(SSL3_NUM_CIPHERS); |
1639 } | 2102 } |
1640 | 2103 |
1641 SSL_CIPHER *ssl3_get_cipher(unsigned int u) | 2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u) |
1642 { | 2105 { |
1643 if (u < SSL3_NUM_CIPHERS) | 2106 if (u < SSL3_NUM_CIPHERS) |
1644 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); | 2107 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); |
1645 else | 2108 else |
1646 return(NULL); | 2109 return(NULL); |
1647 } | 2110 } |
1648 | 2111 |
1649 int ssl3_pending(const SSL *s) | 2112 int ssl3_pending(const SSL *s) |
1650 { | 2113 { |
1651 if (s->rstate == SSL_ST_READ_BODY) | 2114 if (s->rstate == SSL_ST_READ_BODY) |
1652 return 0; | 2115 return 0; |
1653 | 2116 |
1654 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.leng
th : 0; | 2117 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.leng
th : 0; |
1655 } | 2118 } |
1656 | 2119 |
1657 int ssl3_new(SSL *s) | 2120 int ssl3_new(SSL *s) |
1658 { | 2121 { |
1659 SSL3_STATE *s3; | 2122 SSL3_STATE *s3; |
1660 | 2123 |
1661 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; | 2124 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; |
1662 memset(s3,0,sizeof *s3); | 2125 memset(s3,0,sizeof *s3); |
1663 » EVP_MD_CTX_init(&s3->finish_dgst1); | 2126 » memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num)); |
1664 » EVP_MD_CTX_init(&s3->finish_dgst2); | 2127 » memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num)); |
1665 » pq_64bit_init(&(s3->rrec.seq_num)); | |
1666 » pq_64bit_init(&(s3->wrec.seq_num)); | |
1667 | 2128 |
1668 s->s3=s3; | 2129 s->s3=s3; |
1669 | 2130 |
1670 s->method->ssl_clear(s); | 2131 s->method->ssl_clear(s); |
1671 return(1); | 2132 return(1); |
1672 err: | 2133 err: |
1673 return(0); | 2134 return(0); |
1674 } | 2135 } |
1675 | 2136 |
1676 void ssl3_free(SSL *s) | 2137 void ssl3_free(SSL *s) |
1677 { | 2138 { |
1678 if(s == NULL) | 2139 if(s == NULL) |
1679 return; | 2140 return; |
1680 | 2141 |
| 2142 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 2143 if (s->s3->client_opaque_prf_input != NULL) |
| 2144 OPENSSL_free(s->s3->client_opaque_prf_input); |
| 2145 if (s->s3->server_opaque_prf_input != NULL) |
| 2146 OPENSSL_free(s->s3->server_opaque_prf_input); |
| 2147 #endif |
| 2148 |
1681 ssl3_cleanup_key_block(s); | 2149 ssl3_cleanup_key_block(s); |
1682 if (s->s3->rbuf.buf != NULL) | 2150 if (s->s3->rbuf.buf != NULL) |
1683 » » OPENSSL_free(s->s3->rbuf.buf); | 2151 » » ssl3_release_read_buffer(s); |
1684 if (s->s3->wbuf.buf != NULL) | 2152 if (s->s3->wbuf.buf != NULL) |
1685 » » OPENSSL_free(s->s3->wbuf.buf); | 2153 » » ssl3_release_write_buffer(s); |
1686 if (s->s3->rrec.comp != NULL) | 2154 if (s->s3->rrec.comp != NULL) |
1687 OPENSSL_free(s->s3->rrec.comp); | 2155 OPENSSL_free(s->s3->rrec.comp); |
1688 #ifndef OPENSSL_NO_DH | 2156 #ifndef OPENSSL_NO_DH |
1689 if (s->s3->tmp.dh != NULL) | 2157 if (s->s3->tmp.dh != NULL) |
1690 DH_free(s->s3->tmp.dh); | 2158 DH_free(s->s3->tmp.dh); |
1691 #endif | 2159 #endif |
1692 #ifndef OPENSSL_NO_ECDH | 2160 #ifndef OPENSSL_NO_ECDH |
1693 if (s->s3->tmp.ecdh != NULL) | 2161 if (s->s3->tmp.ecdh != NULL) |
1694 EC_KEY_free(s->s3->tmp.ecdh); | 2162 EC_KEY_free(s->s3->tmp.ecdh); |
1695 #endif | 2163 #endif |
1696 | 2164 |
1697 if (s->s3->tmp.ca_names != NULL) | 2165 if (s->s3->tmp.ca_names != NULL) |
1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 2166 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
1699 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); | 2167 » if (s->s3->handshake_buffer) { |
1700 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); | 2168 » » BIO_free(s->s3->handshake_buffer); |
1701 » pq_64bit_free(&(s->s3->rrec.seq_num)); | 2169 » } |
1702 » pq_64bit_free(&(s->s3->wrec.seq_num)); | 2170 » if (s->s3->handshake_dgst) ssl3_free_digest_list(s); |
1703 | |
1704 » if (s->s3->snap_start_client_hello.buf) | |
1705 » » { | |
1706 » » /* s->s3->snap_start_records, if set, uses the same buffer */ | |
1707 » » OPENSSL_free(s->s3->snap_start_client_hello.buf); | |
1708 » » } | |
1709 | |
1710 OPENSSL_cleanse(s->s3,sizeof *s->s3); | 2171 OPENSSL_cleanse(s->s3,sizeof *s->s3); |
1711 OPENSSL_free(s->s3); | 2172 OPENSSL_free(s->s3); |
1712 s->s3=NULL; | 2173 s->s3=NULL; |
1713 } | 2174 } |
1714 | 2175 |
1715 void ssl3_clear(SSL *s) | 2176 void ssl3_clear(SSL *s) |
1716 { | 2177 { |
1717 unsigned char *rp,*wp; | 2178 unsigned char *rp,*wp; |
1718 size_t rlen, wlen; | 2179 size_t rlen, wlen; |
| 2180 int init_extra; |
| 2181 |
| 2182 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 2183 if (s->s3->client_opaque_prf_input != NULL) |
| 2184 OPENSSL_free(s->s3->client_opaque_prf_input); |
| 2185 s->s3->client_opaque_prf_input = NULL; |
| 2186 if (s->s3->server_opaque_prf_input != NULL) |
| 2187 OPENSSL_free(s->s3->server_opaque_prf_input); |
| 2188 s->s3->server_opaque_prf_input = NULL; |
| 2189 #endif |
1719 | 2190 |
1720 ssl3_cleanup_key_block(s); | 2191 ssl3_cleanup_key_block(s); |
1721 if (s->s3->tmp.ca_names != NULL) | 2192 if (s->s3->tmp.ca_names != NULL) |
1722 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 2193 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
1723 | 2194 |
1724 if (s->s3->rrec.comp != NULL) | 2195 if (s->s3->rrec.comp != NULL) |
1725 { | 2196 { |
1726 OPENSSL_free(s->s3->rrec.comp); | 2197 OPENSSL_free(s->s3->rrec.comp); |
1727 s->s3->rrec.comp=NULL; | 2198 s->s3->rrec.comp=NULL; |
1728 } | 2199 } |
1729 #ifndef OPENSSL_NO_DH | 2200 #ifndef OPENSSL_NO_DH |
1730 if (s->s3->tmp.dh != NULL) | 2201 if (s->s3->tmp.dh != NULL) |
| 2202 { |
1731 DH_free(s->s3->tmp.dh); | 2203 DH_free(s->s3->tmp.dh); |
| 2204 s->s3->tmp.dh = NULL; |
| 2205 } |
1732 #endif | 2206 #endif |
1733 #ifndef OPENSSL_NO_ECDH | 2207 #ifndef OPENSSL_NO_ECDH |
1734 if (s->s3->tmp.ecdh != NULL) | 2208 if (s->s3->tmp.ecdh != NULL) |
| 2209 { |
1735 EC_KEY_free(s->s3->tmp.ecdh); | 2210 EC_KEY_free(s->s3->tmp.ecdh); |
| 2211 s->s3->tmp.ecdh = NULL; |
| 2212 } |
1736 #endif | 2213 #endif |
1737 | 2214 |
1738 rp = s->s3->rbuf.buf; | 2215 rp = s->s3->rbuf.buf; |
1739 wp = s->s3->wbuf.buf; | 2216 wp = s->s3->wbuf.buf; |
1740 rlen = s->s3->rbuf.len; | 2217 rlen = s->s3->rbuf.len; |
1741 wlen = s->s3->wbuf.len; | 2218 wlen = s->s3->wbuf.len; |
1742 | 2219 » init_extra = s->s3->init_extra; |
1743 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); | 2220 » if (s->s3->handshake_buffer) { |
1744 » EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); | 2221 » » BIO_free(s->s3->handshake_buffer); |
1745 | 2222 » » s->s3->handshake_buffer = NULL; |
| 2223 » } |
| 2224 » if (s->s3->handshake_dgst) { |
| 2225 » » ssl3_free_digest_list(s); |
| 2226 » }» |
1746 memset(s->s3,0,sizeof *s->s3); | 2227 memset(s->s3,0,sizeof *s->s3); |
1747 s->s3->rbuf.buf = rp; | 2228 s->s3->rbuf.buf = rp; |
1748 s->s3->wbuf.buf = wp; | 2229 s->s3->wbuf.buf = wp; |
1749 s->s3->rbuf.len = rlen; | 2230 s->s3->rbuf.len = rlen; |
1750 s->s3->wbuf.len = wlen; | 2231 s->s3->wbuf.len = wlen; |
| 2232 s->s3->init_extra = init_extra; |
1751 | 2233 |
1752 ssl_free_wbio_buffer(s); | 2234 ssl_free_wbio_buffer(s); |
1753 | 2235 |
1754 s->packet_length=0; | 2236 s->packet_length=0; |
1755 s->s3->renegotiate=0; | 2237 s->s3->renegotiate=0; |
1756 s->s3->total_renegotiations=0; | 2238 s->s3->total_renegotiations=0; |
1757 s->s3->num_renegotiations=0; | 2239 s->s3->num_renegotiations=0; |
1758 s->s3->in_read_app_data=0; | 2240 s->s3->in_read_app_data=0; |
1759 s->version=SSL3_VERSION; | 2241 s->version=SSL3_VERSION; |
1760 | 2242 |
1761 #ifndef OPENSSL_NO_TLSEXT | 2243 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
1762 » if (s->next_proto_negotiated) { | 2244 » if (s->next_proto_negotiated) |
| 2245 » » { |
1763 OPENSSL_free(s->next_proto_negotiated); | 2246 OPENSSL_free(s->next_proto_negotiated); |
1764 » » s->next_proto_negotiated = 0; | 2247 » » s->next_proto_negotiated = NULL; |
1765 s->next_proto_negotiated_len = 0; | 2248 s->next_proto_negotiated_len = 0; |
1766 » } | 2249 » » } |
1767 #endif | 2250 #endif |
1768 } | 2251 } |
1769 | 2252 |
1770 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | 2253 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) |
1771 { | 2254 { |
1772 int ret=0; | 2255 int ret=0; |
1773 | 2256 |
1774 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) | 2257 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) |
1775 if ( | 2258 if ( |
1776 #ifndef OPENSSL_NO_RSA | 2259 #ifndef OPENSSL_NO_RSA |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1943 else | 2426 else |
1944 { | 2427 { |
1945 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAM
E_TYPE); | 2428 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAM
E_TYPE); |
1946 return 0; | 2429 return 0; |
1947 } | 2430 } |
1948 break; | 2431 break; |
1949 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: | 2432 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: |
1950 s->tlsext_debug_arg=parg; | 2433 s->tlsext_debug_arg=parg; |
1951 ret = 1; | 2434 ret = 1; |
1952 break; | 2435 break; |
1953 | 2436 |
| 2437 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 2438 » case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: |
| 2439 » » if (larg > 12288) /* actual internal limit is 2^16 for the compl
ete hello message |
| 2440 » » * (including the cert chain and everything) *
/ |
| 2441 » » » { |
| 2442 » » » SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG)
; |
| 2443 » » » break; |
| 2444 » » » } |
| 2445 » » if (s->tlsext_opaque_prf_input != NULL) |
| 2446 » » » OPENSSL_free(s->tlsext_opaque_prf_input); |
| 2447 » » if ((size_t)larg == 0) |
| 2448 » » » s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy
byte just to get non-NULL */ |
| 2449 » » else |
| 2450 » » » s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)la
rg); |
| 2451 » » if (s->tlsext_opaque_prf_input != NULL) |
| 2452 » » » { |
| 2453 » » » s->tlsext_opaque_prf_input_len = (size_t)larg; |
| 2454 » » » ret = 1; |
| 2455 » » » } |
| 2456 » » else |
| 2457 » » » s->tlsext_opaque_prf_input_len = 0; |
| 2458 » » break; |
| 2459 #endif |
| 2460 |
1954 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: | 2461 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: |
1955 s->tlsext_status_type=larg; | 2462 s->tlsext_status_type=larg; |
1956 ret = 1; | 2463 ret = 1; |
1957 break; | 2464 break; |
1958 | 2465 |
1959 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: | 2466 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: |
1960 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; | 2467 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; |
1961 ret = 1; | 2468 ret = 1; |
1962 break; | 2469 break; |
1963 | 2470 |
(...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2201 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); | 2708 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); |
2202 } | 2709 } |
2203 else | 2710 else |
2204 { | 2711 { |
2205 memcpy(keys, ctx->tlsext_tick_key_name, 16); | 2712 memcpy(keys, ctx->tlsext_tick_key_name, 16); |
2206 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); | 2713 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); |
2207 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); | 2714 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); |
2208 } | 2715 } |
2209 return 1; | 2716 return 1; |
2210 } | 2717 } |
2211 | 2718 |
| 2719 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 2720 » case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: |
| 2721 » » ctx->tlsext_opaque_prf_input_callback_arg = parg; |
| 2722 » » return 1; |
| 2723 #endif |
| 2724 |
2212 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: | 2725 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: |
2213 ctx->tlsext_status_arg=parg; | 2726 ctx->tlsext_status_arg=parg; |
2214 return 1; | 2727 return 1; |
2215 break; | 2728 break; |
2216 | 2729 |
2217 #endif /* !OPENSSL_NO_TLSEXT */ | 2730 #endif /* !OPENSSL_NO_TLSEXT */ |
| 2731 |
2218 /* A Thawte special :-) */ | 2732 /* A Thawte special :-) */ |
2219 case SSL_CTRL_EXTRA_CHAIN_CERT: | 2733 case SSL_CTRL_EXTRA_CHAIN_CERT: |
2220 if (ctx->extra_certs == NULL) | 2734 if (ctx->extra_certs == NULL) |
2221 { | 2735 { |
2222 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) | 2736 if ((ctx->extra_certs=sk_X509_new_null()) == NULL) |
2223 return(0); | 2737 return(0); |
2224 } | 2738 } |
2225 sk_X509_push(ctx->extra_certs,(X509 *)parg); | 2739 sk_X509_push(ctx->extra_certs,(X509 *)parg); |
2226 break; | 2740 break; |
2227 | 2741 |
(...skipping 29 matching lines...) Expand all Loading... |
2257 case SSL_CTRL_SET_TMP_ECDH_CB: | 2771 case SSL_CTRL_SET_TMP_ECDH_CB: |
2258 { | 2772 { |
2259 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | 2773 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; |
2260 } | 2774 } |
2261 break; | 2775 break; |
2262 #endif | 2776 #endif |
2263 #ifndef OPENSSL_NO_TLSEXT | 2777 #ifndef OPENSSL_NO_TLSEXT |
2264 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | 2778 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: |
2265 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; | 2779 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; |
2266 break; | 2780 break; |
2267 | 2781 |
| 2782 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 2783 » case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: |
| 2784 » » ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, s
ize_t, void *))fp; |
| 2785 » » break; |
| 2786 #endif |
| 2787 |
2268 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: | 2788 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: |
2269 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; | 2789 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; |
2270 break; | 2790 break; |
2271 | 2791 |
2272 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: | 2792 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: |
2273 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, | 2793 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, |
2274 unsigned char *, | 2794 unsigned char *, |
2275 EVP_CIPHER_CTX *, | 2795 EVP_CIPHER_CTX *, |
2276 HMAC_CTX *, int))fp; | 2796 HMAC_CTX *, int))fp; |
2277 break; | 2797 break; |
2278 | 2798 |
2279 #endif | 2799 #endif |
2280 default: | 2800 default: |
2281 return(0); | 2801 return(0); |
2282 } | 2802 } |
2283 return(1); | 2803 return(1); |
2284 } | 2804 } |
2285 | 2805 |
2286 /* This function needs to check if the ciphers required are actually | 2806 /* This function needs to check if the ciphers required are actually |
2287 * available */ | 2807 * available */ |
2288 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) | 2808 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) |
2289 { | 2809 { |
2290 » SSL_CIPHER c,*cp; | 2810 » SSL_CIPHER c; |
| 2811 » const SSL_CIPHER *cp; |
2291 unsigned long id; | 2812 unsigned long id; |
2292 | 2813 |
2293 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | 2814 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; |
2294 c.id=id; | 2815 c.id=id; |
2295 » cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, | 2816 » cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); |
2296 » » (char *)ssl3_ciphers, | |
2297 » » SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), | |
2298 » » FP_ICC ssl_cipher_id_cmp); | |
2299 if (cp == NULL || cp->valid == 0) | 2817 if (cp == NULL || cp->valid == 0) |
2300 return NULL; | 2818 return NULL; |
2301 else | 2819 else |
2302 return cp; | 2820 return cp; |
2303 } | 2821 } |
2304 | 2822 |
2305 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 2823 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
2306 { | 2824 { |
2307 long l; | 2825 long l; |
2308 | 2826 |
2309 if (p != NULL) | 2827 if (p != NULL) |
2310 { | 2828 { |
2311 l=c->id; | 2829 l=c->id; |
2312 if ((l & 0xff000000) != 0x03000000) return(0); | 2830 if ((l & 0xff000000) != 0x03000000) return(0); |
2313 p[0]=((unsigned char)(l>> 8L))&0xFF; | 2831 p[0]=((unsigned char)(l>> 8L))&0xFF; |
2314 p[1]=((unsigned char)(l ))&0xFF; | 2832 p[1]=((unsigned char)(l ))&0xFF; |
2315 } | 2833 } |
2316 return(2); | 2834 return(2); |
2317 } | 2835 } |
2318 | 2836 |
2319 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | 2837 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, |
2320 STACK_OF(SSL_CIPHER) *srvr) | 2838 STACK_OF(SSL_CIPHER) *srvr) |
2321 { | 2839 { |
2322 SSL_CIPHER *c,*ret=NULL; | 2840 SSL_CIPHER *c,*ret=NULL; |
2323 STACK_OF(SSL_CIPHER) *prio, *allow; | 2841 STACK_OF(SSL_CIPHER) *prio, *allow; |
2324 » int i,j,ok; | 2842 » int i,ii,ok; |
2325 | 2843 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) |
| 2844 » unsigned int j; |
| 2845 » int ec_ok, ec_nid; |
| 2846 » unsigned char ec_search1 = 0, ec_search2 = 0; |
| 2847 #endif |
2326 CERT *cert; | 2848 CERT *cert; |
2327 » unsigned long alg,mask,emask; | 2849 » unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; |
2328 | 2850 |
2329 /* Let's see which ciphers we can support */ | 2851 /* Let's see which ciphers we can support */ |
2330 cert=s->cert; | 2852 cert=s->cert; |
2331 | 2853 |
2332 #if 0 | 2854 #if 0 |
2333 /* Do not set the compare functions, because this may lead to a | 2855 /* Do not set the compare functions, because this may lead to a |
2334 * reordering by "id". We want to keep the original ordering. | 2856 * reordering by "id". We want to keep the original ordering. |
2335 * We may pay a price in performance during sk_SSL_CIPHER_find(), | 2857 * We may pay a price in performance during sk_SSL_CIPHER_find(), |
2336 * but would have to pay with the price of sk_SSL_CIPHER_dup(). | 2858 * but would have to pay with the price of sk_SSL_CIPHER_dup(). |
2337 */ | 2859 */ |
2338 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); | 2860 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); |
2339 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); | 2861 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); |
2340 #endif | 2862 #endif |
2341 | 2863 |
2342 #ifdef CIPHER_DEBUG | 2864 #ifdef CIPHER_DEBUG |
2343 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); | 2865 » printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr
); |
2344 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) | 2866 » for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) |
2345 » { | 2867 » » { |
2346 » c=sk_SSL_CIPHER_value(srvr,i); | 2868 » » c=sk_SSL_CIPHER_value(srvr,i); |
2347 » printf("%p:%s\n",c,c->name); | 2869 » » printf("%p:%s\n",(void *)c,c->name); |
2348 » } | 2870 » » } |
2349 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); | 2871 » printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)cln
t); |
2350 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) | 2872 » for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) |
2351 { | 2873 { |
2352 c=sk_SSL_CIPHER_value(clnt,i); | 2874 c=sk_SSL_CIPHER_value(clnt,i); |
2353 » printf("%p:%s\n",c,c->name); | 2875 » printf("%p:%s\n",(void *)c,c->name); |
2354 } | 2876 } |
2355 #endif | 2877 #endif |
2356 | 2878 |
2357 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) | 2879 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) |
2358 » { | 2880 » » { |
2359 » prio = srvr; | 2881 » » prio = srvr; |
2360 » allow = clnt; | 2882 » » allow = clnt; |
2361 » } | 2883 » » } |
2362 else | 2884 else |
2363 » { | 2885 » » { |
2364 » prio = clnt; | 2886 » » prio = clnt; |
2365 » allow = srvr; | 2887 » » allow = srvr; |
2366 » } | 2888 » » } |
2367 | 2889 |
2368 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) | 2890 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) |
2369 { | 2891 { |
2370 c=sk_SSL_CIPHER_value(prio,i); | 2892 c=sk_SSL_CIPHER_value(prio,i); |
2371 | 2893 |
2372 ssl_set_cert_masks(cert,c); | 2894 ssl_set_cert_masks(cert,c); |
2373 » » mask=cert->mask; | 2895 » » mask_k = cert->mask_k; |
2374 » » emask=cert->export_mask; | 2896 » » mask_a = cert->mask_a; |
| 2897 » » emask_k = cert->export_mask_k; |
| 2898 » » emask_a = cert->export_mask_a; |
2375 | 2899 |
2376 #ifdef KSSL_DEBUG | 2900 #ifdef KSSL_DEBUG |
2377 » » printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); | 2901 /*» » printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ |
2378 #endif /* KSSL_DEBUG */ | 2902 #endif /* KSSL_DEBUG */ |
2379 | 2903 |
2380 » » alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); | 2904 » » alg_k=c->algorithm_mkey; |
| 2905 » » alg_a=c->algorithm_auth; |
| 2906 |
2381 #ifndef OPENSSL_NO_KRB5 | 2907 #ifndef OPENSSL_NO_KRB5 |
2382 if (alg & SSL_KRB5) | 2908 » » if (alg_k & SSL_kKRB5) |
2383 { | 2909 » » » { |
2384 if ( !kssl_keytab_is_available(s->kssl_ctx) ) | 2910 » » » if ( !kssl_keytab_is_available(s->kssl_ctx) ) |
2385 continue; | 2911 » » » continue; |
2386 } | 2912 » » » } |
2387 #endif /* OPENSSL_NO_KRB5 */ | 2913 #endif /* OPENSSL_NO_KRB5 */ |
| 2914 #ifndef OPENSSL_NO_PSK |
| 2915 /* with PSK there must be server callback set */ |
| 2916 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) |
| 2917 continue; |
| 2918 #endif /* OPENSSL_NO_PSK */ |
| 2919 |
2388 if (SSL_C_IS_EXPORT(c)) | 2920 if (SSL_C_IS_EXPORT(c)) |
2389 { | 2921 { |
2390 » » » ok=((alg & emask) == alg)?1:0; | 2922 » » » ok = (alg_k & emask_k) && (alg_a & emask_a); |
2391 #ifdef CIPHER_DEBUG | 2923 #ifdef CIPHER_DEBUG |
2392 » » » printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, | 2924 » » » printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok
,alg_k,alg_a,emask_k,emask_a, |
2393 » » » c,c->name); | 2925 » » » (void *)c,c->name); |
2394 #endif | 2926 #endif |
2395 } | 2927 } |
2396 else | 2928 else |
2397 { | 2929 { |
2398 » » » ok=((alg & mask) == alg)?1:0; | 2930 » » » ok = (alg_k & mask_k) && (alg_a & mask_a); |
2399 #ifdef CIPHER_DEBUG | 2931 #ifdef CIPHER_DEBUG |
2400 » » » printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, | 2932 » » » printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,al
g_a,mask_k,mask_a,(void *)c, |
2401 c->name); | 2933 c->name); |
2402 #endif | 2934 #endif |
2403 } | 2935 } |
2404 | 2936 |
| 2937 #ifndef OPENSSL_NO_TLSEXT |
| 2938 #ifndef OPENSSL_NO_EC |
| 2939 if ( |
| 2940 /* if we are considering an ECC cipher suite that uses o
ur certificate */ |
| 2941 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) |
| 2942 /* and we have an ECC certificate */ |
| 2943 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) |
| 2944 /* and the client specified a Supported Point Formats ex
tension */ |
| 2945 && ((s->session->tlsext_ecpointformatlist_length > 0) &&
(s->session->tlsext_ecpointformatlist != NULL)) |
| 2946 /* and our certificate's point is compressed */ |
| 2947 && ( |
| 2948 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info !=
NULL) |
| 2949 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info
->key != NULL) |
| 2950 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info
->key->public_key != NULL) |
| 2951 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info
->key->public_key->data != NULL) |
| 2952 && ( |
| 2953 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->ce
rt_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) |
| 2954 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509-
>cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) |
| 2955 ) |
| 2956 ) |
| 2957 ) |
| 2958 { |
| 2959 ec_ok = 0; |
| 2960 /* if our certificate's curve is over a field type that
the client does not support |
| 2961 * then do not allow this cipher suite to be negotiated
*/ |
| 2962 if ( |
| 2963 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.e
c != NULL) |
| 2964 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pke
y.ec->group != NULL) |
| 2965 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pke
y.ec->group->meth != NULL) |
| 2966 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_
PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) |
| 2967 ) |
| 2968 { |
| 2969 for (j = 0; j < s->session->tlsext_ecpointformat
list_length; j++) |
| 2970 { |
| 2971 if (s->session->tlsext_ecpointformatlist
[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) |
| 2972 { |
| 2973 ec_ok = 1; |
| 2974 break; |
| 2975 } |
| 2976 } |
| 2977 } |
| 2978 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKE
Y_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) |
| 2979 { |
| 2980 for (j = 0; j < s->session->tlsext_ecpointformat
list_length; j++) |
| 2981 { |
| 2982 if (s->session->tlsext_ecpointformatlist
[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) |
| 2983 { |
| 2984 ec_ok = 1; |
| 2985 break; |
| 2986 } |
| 2987 } |
| 2988 } |
| 2989 ok = ok && ec_ok; |
| 2990 } |
| 2991 if ( |
| 2992 /* if we are considering an ECC cipher suite that uses o
ur certificate */ |
| 2993 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) |
| 2994 /* and we have an ECC certificate */ |
| 2995 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) |
| 2996 /* and the client specified an EllipticCurves extension
*/ |
| 2997 && ((s->session->tlsext_ellipticcurvelist_length > 0) &&
(s->session->tlsext_ellipticcurvelist != NULL)) |
| 2998 ) |
| 2999 { |
| 3000 ec_ok = 0; |
| 3001 if ( |
| 3002 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.e
c != NULL) |
| 3003 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pke
y.ec->group != NULL) |
| 3004 ) |
| 3005 { |
| 3006 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[
SSL_PKEY_ECC].privatekey->pkey.ec->group); |
| 3007 if ((ec_nid == 0) |
| 3008 && (s->cert->pkeys[SSL_PKEY_ECC].private
key->pkey.ec->group->meth != NULL) |
| 3009 ) |
| 3010 { |
| 3011 if (EC_METHOD_get_field_type(s->cert->pk
eys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) |
| 3012 { |
| 3013 ec_search1 = 0xFF; |
| 3014 ec_search2 = 0x01; |
| 3015 } |
| 3016 else if (EC_METHOD_get_field_type(s->cer
t->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteri
stic_two_field) |
| 3017 { |
| 3018 ec_search1 = 0xFF; |
| 3019 ec_search2 = 0x02; |
| 3020 } |
| 3021 } |
| 3022 else |
| 3023 { |
| 3024 ec_search1 = 0x00; |
| 3025 ec_search2 = tls1_ec_nid2curve_id(ec_nid
); |
| 3026 } |
| 3027 if ((ec_search1 != 0) || (ec_search2 != 0)) |
| 3028 { |
| 3029 for (j = 0; j < s->session->tlsext_ellip
ticcurvelist_length / 2; j++) |
| 3030 { |
| 3031 if ((s->session->tlsext_elliptic
curvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] ==
ec_search2)) |
| 3032 { |
| 3033 ec_ok = 1; |
| 3034 break; |
| 3035 } |
| 3036 } |
| 3037 } |
| 3038 } |
| 3039 ok = ok && ec_ok; |
| 3040 } |
| 3041 if ( |
| 3042 /* if we are considering an ECC cipher suite that uses a
n ephemeral EC key */ |
| 3043 (alg_k & SSL_kEECDH) |
| 3044 /* and we have an ephemeral EC key */ |
| 3045 && (s->cert->ecdh_tmp != NULL) |
| 3046 /* and the client specified an EllipticCurves extension
*/ |
| 3047 && ((s->session->tlsext_ellipticcurvelist_length > 0) &&
(s->session->tlsext_ellipticcurvelist != NULL)) |
| 3048 ) |
| 3049 { |
| 3050 ec_ok = 0; |
| 3051 if (s->cert->ecdh_tmp->group != NULL) |
| 3052 { |
| 3053 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_t
mp->group); |
| 3054 if ((ec_nid == 0) |
| 3055 && (s->cert->ecdh_tmp->group->meth != NU
LL) |
| 3056 ) |
| 3057 { |
| 3058 if (EC_METHOD_get_field_type(s->cert->ec
dh_tmp->group->meth) == NID_X9_62_prime_field) |
| 3059 { |
| 3060 ec_search1 = 0xFF; |
| 3061 ec_search2 = 0x01; |
| 3062 } |
| 3063 else if (EC_METHOD_get_field_type(s->cer
t->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) |
| 3064 { |
| 3065 ec_search1 = 0xFF; |
| 3066 ec_search2 = 0x02; |
| 3067 } |
| 3068 } |
| 3069 else |
| 3070 { |
| 3071 ec_search1 = 0x00; |
| 3072 ec_search2 = tls1_ec_nid2curve_id(ec_nid
); |
| 3073 } |
| 3074 if ((ec_search1 != 0) || (ec_search2 != 0)) |
| 3075 { |
| 3076 for (j = 0; j < s->session->tlsext_ellip
ticcurvelist_length / 2; j++) |
| 3077 { |
| 3078 if ((s->session->tlsext_elliptic
curvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] ==
ec_search2)) |
| 3079 { |
| 3080 ec_ok = 1; |
| 3081 break; |
| 3082 } |
| 3083 } |
| 3084 } |
| 3085 } |
| 3086 ok = ok && ec_ok; |
| 3087 } |
| 3088 #endif /* OPENSSL_NO_EC */ |
| 3089 #endif /* OPENSSL_NO_TLSEXT */ |
| 3090 |
2405 if (!ok) continue; | 3091 if (!ok) continue; |
2406 » » j=sk_SSL_CIPHER_find(allow,c); | 3092 » » ii=sk_SSL_CIPHER_find(allow,c); |
2407 » » if (j >= 0) | 3093 » » if (ii >= 0) |
2408 » » » { | 3094 » » » { |
2409 » » » ret=sk_SSL_CIPHER_value(allow,j); | 3095 » » » ret=sk_SSL_CIPHER_value(allow,ii); |
2410 break; | 3096 break; |
2411 } | 3097 } |
2412 } | 3098 } |
2413 return(ret); | 3099 return(ret); |
2414 } | 3100 } |
2415 | 3101 |
2416 int ssl3_get_req_cert_type(SSL *s, unsigned char *p) | 3102 int ssl3_get_req_cert_type(SSL *s, unsigned char *p) |
2417 { | 3103 { |
2418 int ret=0; | 3104 int ret=0; |
2419 » unsigned long alg; | 3105 » unsigned long alg_k; |
2420 | 3106 |
2421 » alg=s->s3->tmp.new_cipher->algorithms; | 3107 » alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 3108 |
| 3109 #ifndef OPENSSL_NO_GOST |
| 3110 » if (s->version >= TLS1_VERSION) |
| 3111 » » { |
| 3112 » » if (alg_k & SSL_kGOST) |
| 3113 » » » { |
| 3114 » » » p[ret++]=TLS_CT_GOST94_SIGN; |
| 3115 » » » p[ret++]=TLS_CT_GOST01_SIGN; |
| 3116 » » » return(ret); |
| 3117 » » » } |
| 3118 » » } |
| 3119 #endif |
2422 | 3120 |
2423 #ifndef OPENSSL_NO_DH | 3121 #ifndef OPENSSL_NO_DH |
2424 » if (alg & (SSL_kDHr|SSL_kEDH)) | 3122 » if (alg_k & (SSL_kDHr|SSL_kEDH)) |
2425 { | 3123 { |
2426 # ifndef OPENSSL_NO_RSA | 3124 # ifndef OPENSSL_NO_RSA |
2427 p[ret++]=SSL3_CT_RSA_FIXED_DH; | 3125 p[ret++]=SSL3_CT_RSA_FIXED_DH; |
2428 # endif | 3126 # endif |
2429 # ifndef OPENSSL_NO_DSA | 3127 # ifndef OPENSSL_NO_DSA |
2430 p[ret++]=SSL3_CT_DSS_FIXED_DH; | 3128 p[ret++]=SSL3_CT_DSS_FIXED_DH; |
2431 # endif | 3129 # endif |
2432 } | 3130 } |
2433 if ((s->version == SSL3_VERSION) && | 3131 if ((s->version == SSL3_VERSION) && |
2434 » » (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) | 3132 » » (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) |
2435 { | 3133 { |
2436 # ifndef OPENSSL_NO_RSA | 3134 # ifndef OPENSSL_NO_RSA |
2437 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; | 3135 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; |
2438 # endif | 3136 # endif |
2439 # ifndef OPENSSL_NO_DSA | 3137 # ifndef OPENSSL_NO_DSA |
2440 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; | 3138 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; |
2441 # endif | 3139 # endif |
2442 } | 3140 } |
2443 #endif /* !OPENSSL_NO_DH */ | 3141 #endif /* !OPENSSL_NO_DH */ |
2444 #ifndef OPENSSL_NO_RSA | 3142 #ifndef OPENSSL_NO_RSA |
2445 p[ret++]=SSL3_CT_RSA_SIGN; | 3143 p[ret++]=SSL3_CT_RSA_SIGN; |
2446 #endif | 3144 #endif |
2447 #ifndef OPENSSL_NO_DSA | 3145 #ifndef OPENSSL_NO_DSA |
2448 p[ret++]=SSL3_CT_DSS_SIGN; | 3146 p[ret++]=SSL3_CT_DSS_SIGN; |
2449 #endif | 3147 #endif |
2450 #ifndef OPENSSL_NO_ECDH | 3148 #ifndef OPENSSL_NO_ECDH |
2451 » /* We should ask for fixed ECDH certificates only | 3149 » if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) |
2452 » * for SSL_kECDH (and not SSL_kECDHE) | |
2453 » */ | |
2454 » if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) | |
2455 { | 3150 { |
2456 p[ret++]=TLS_CT_RSA_FIXED_ECDH; | 3151 p[ret++]=TLS_CT_RSA_FIXED_ECDH; |
2457 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; | 3152 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; |
2458 } | 3153 } |
2459 #endif | 3154 #endif |
2460 | 3155 |
2461 #ifndef OPENSSL_NO_ECDSA | 3156 #ifndef OPENSSL_NO_ECDSA |
2462 /* ECDSA certs can be used with RSA cipher suites as well | 3157 /* ECDSA certs can be used with RSA cipher suites as well |
2463 » * so we don't need to check for SSL_kECDH or SSL_kECDHE | 3158 » * so we don't need to check for SSL_kECDH or SSL_kEECDH |
2464 */ | 3159 */ |
2465 if (s->version >= TLS1_VERSION) | 3160 if (s->version >= TLS1_VERSION) |
2466 { | 3161 { |
2467 p[ret++]=TLS_CT_ECDSA_SIGN; | 3162 p[ret++]=TLS_CT_ECDSA_SIGN; |
2468 } | 3163 } |
2469 #endif | 3164 #endif |
2470 return(ret); | 3165 return(ret); |
2471 } | 3166 } |
2472 | 3167 |
2473 int ssl3_shutdown(SSL *s) | 3168 int ssl3_shutdown(SSL *s) |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2579 } | 3274 } |
2580 | 3275 |
2581 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) | 3276 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) |
2582 { | 3277 { |
2583 int n,ret; | 3278 int n,ret; |
2584 | 3279 |
2585 clear_sys_error(); | 3280 clear_sys_error(); |
2586 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) | 3281 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) |
2587 { | 3282 { |
2588 /* Deal with an application that calls SSL_read() when handshake
data | 3283 /* Deal with an application that calls SSL_read() when handshake
data |
2589 » » * is yet to be written. | 3284 » » * is yet to be written. |
2590 » » */ | 3285 » » */ |
2591 if (BIO_wpending(s->wbio) > 0) | 3286 if (BIO_wpending(s->wbio) > 0) |
2592 { | 3287 { |
2593 s->rwstate=SSL_WRITING; | 3288 s->rwstate=SSL_WRITING; |
2594 n=BIO_flush(s->wbio); | 3289 n=BIO_flush(s->wbio); |
2595 if (n <= 0) return(n); | 3290 if (n <= 0) return(n); |
2596 s->rwstate=SSL_NOTHING; | 3291 s->rwstate=SSL_NOTHING; |
2597 } | 3292 } |
2598 } | 3293 } |
2599 if (s->s3->renegotiate) ssl3_renegotiate_check(s); | 3294 if (s->s3->renegotiate) ssl3_renegotiate_check(s); |
2600 s->s3->in_read_app_data=1; | 3295 s->s3->in_read_app_data=1; |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2656 s->state=SSL_ST_RENEGOTIATE; | 3351 s->state=SSL_ST_RENEGOTIATE; |
2657 s->s3->renegotiate=0; | 3352 s->s3->renegotiate=0; |
2658 s->s3->num_renegotiations++; | 3353 s->s3->num_renegotiations++; |
2659 s->s3->total_renegotiations++; | 3354 s->s3->total_renegotiations++; |
2660 ret=1; | 3355 ret=1; |
2661 } | 3356 } |
2662 } | 3357 } |
2663 return(ret); | 3358 return(ret); |
2664 } | 3359 } |
2665 | 3360 |
OLD | NEW |