155714Skris/* ssl/s3_lib.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8296341Sdelphij * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15296341Sdelphij * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22296341Sdelphij * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37296341Sdelphij * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40296341Sdelphij * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52296341Sdelphij * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5872613Skris/* ==================================================================== 59238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 6072613Skris * 6172613Skris * Redistribution and use in source and binary forms, with or without 6272613Skris * modification, are permitted provided that the following conditions 6372613Skris * are met: 6472613Skris * 6572613Skris * 1. Redistributions of source code must retain the above copyright 66296341Sdelphij * notice, this list of conditions and the following disclaimer. 6772613Skris * 6872613Skris * 2. Redistributions in binary form must reproduce the above copyright 6972613Skris * notice, this list of conditions and the following disclaimer in 7072613Skris * the documentation and/or other materials provided with the 7172613Skris * distribution. 7272613Skris * 7372613Skris * 3. All advertising materials mentioning features or use of this 7472613Skris * software must display the following acknowledgment: 7572613Skris * "This product includes software developed by the OpenSSL Project 7672613Skris * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7772613Skris * 7872613Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7972613Skris * endorse or promote products derived from this software without 8072613Skris * prior written permission. For written permission, please contact 8172613Skris * openssl-core@openssl.org. 8272613Skris * 8372613Skris * 5. Products derived from this software may not be called "OpenSSL" 8472613Skris * nor may "OpenSSL" appear in their names without prior written 8572613Skris * permission of the OpenSSL Project. 8672613Skris * 8772613Skris * 6. Redistributions of any form whatsoever must retain the following 8872613Skris * acknowledgment: 8972613Skris * "This product includes software developed by the OpenSSL Project 9072613Skris * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9172613Skris * 9272613Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 9372613Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9472613Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9572613Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9672613Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9772613Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9872613Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9972613Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 10072613Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10172613Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10272613Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10372613Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 10472613Skris * ==================================================================== 10572613Skris * 10672613Skris * This product includes cryptographic software written by Eric Young 10772613Skris * (eay@cryptsoft.com). This product includes software written by Tim 10872613Skris * Hudson (tjh@cryptsoft.com). 10972613Skris * 11072613Skris */ 111160814Ssimon/* ==================================================================== 112160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113160814Ssimon * 114296341Sdelphij * Portions of the attached software ("Contribution") are developed by 115160814Ssimon * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116160814Ssimon * 117160814Ssimon * The Contribution is licensed pursuant to the OpenSSL open source 118160814Ssimon * license provided above. 119160814Ssimon * 120160814Ssimon * ECC cipher suite support in OpenSSL originally written by 121160814Ssimon * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122160814Ssimon * 123160814Ssimon */ 124238405Sjkim/* ==================================================================== 125238405Sjkim * Copyright 2005 Nokia. All rights reserved. 126238405Sjkim * 127238405Sjkim * The portions of the attached software ("Contribution") is developed by 128238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129238405Sjkim * license. 130238405Sjkim * 131238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133238405Sjkim * support (see RFC 4279) to OpenSSL. 134238405Sjkim * 135238405Sjkim * No patent licenses or other rights except those expressly stated in 136238405Sjkim * the OpenSSL open source license shall be deemed granted or received 137238405Sjkim * expressly, by implication, estoppel, or otherwise. 138238405Sjkim * 139238405Sjkim * No assurances are provided by Nokia that the Contribution does not 140238405Sjkim * infringe the patent or other intellectual property rights of any third 141238405Sjkim * party or that the license provides you with all the necessary rights 142238405Sjkim * to make use of the Contribution. 143238405Sjkim * 144238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148238405Sjkim * OTHERWISE. 149238405Sjkim */ 15055714Skris 15155714Skris#include <stdio.h> 15255714Skris#include <openssl/objects.h> 15355714Skris#include "ssl_locl.h" 154109998Smarkm#include "kssl_lcl.h" 155238405Sjkim#ifndef OPENSSL_NO_TLSEXT 156296341Sdelphij# ifndef OPENSSL_NO_EC 157296341Sdelphij# include "../crypto/ec/ec_lcl.h" 158296341Sdelphij# endif /* OPENSSL_NO_EC */ 159296341Sdelphij#endif /* OPENSSL_NO_TLSEXT */ 160109998Smarkm#include <openssl/md5.h> 161160814Ssimon#ifndef OPENSSL_NO_DH 162296341Sdelphij# include <openssl/dh.h> 163160814Ssimon#endif 16455714Skris 165296341Sdelphijconst char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT; 16655714Skris 167296341Sdelphij#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 16855714Skris 169160814Ssimon/* list of available SSLv3 ciphers (sorted by id) */ 170296341SdelphijOPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 171238405Sjkim 17255714Skris/* The RSA ciphers */ 17355714Skris/* Cipher 01 */ 174296341Sdelphij { 175296341Sdelphij 1, 176296341Sdelphij SSL3_TXT_RSA_NULL_MD5, 177296341Sdelphij SSL3_CK_RSA_NULL_MD5, 178296341Sdelphij SSL_kRSA, 179296341Sdelphij SSL_aRSA, 180296341Sdelphij SSL_eNULL, 181296341Sdelphij SSL_MD5, 182296341Sdelphij SSL_SSLV3, 183296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE, 184296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 185296341Sdelphij 0, 186296341Sdelphij 0, 187296341Sdelphij }, 188238405Sjkim 18955714Skris/* Cipher 02 */ 190296341Sdelphij { 191296341Sdelphij 1, 192296341Sdelphij SSL3_TXT_RSA_NULL_SHA, 193296341Sdelphij SSL3_CK_RSA_NULL_SHA, 194296341Sdelphij SSL_kRSA, 195296341Sdelphij SSL_aRSA, 196296341Sdelphij SSL_eNULL, 197296341Sdelphij SSL_SHA1, 198296341Sdelphij SSL_SSLV3, 199296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 200296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 201296341Sdelphij 0, 202296341Sdelphij 0, 203296341Sdelphij }, 204238405Sjkim 20555714Skris/* Cipher 03 */ 206296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 207296341Sdelphij { 208296341Sdelphij 1, 209296341Sdelphij SSL3_TXT_RSA_RC4_40_MD5, 210296341Sdelphij SSL3_CK_RSA_RC4_40_MD5, 211296341Sdelphij SSL_kRSA, 212296341Sdelphij SSL_aRSA, 213296341Sdelphij SSL_RC4, 214296341Sdelphij SSL_MD5, 215296341Sdelphij SSL_SSLV3, 216296341Sdelphij SSL_EXPORT | SSL_EXP40, 217296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 218296341Sdelphij 40, 219296341Sdelphij 128, 220296341Sdelphij }, 221296341Sdelphij#endif 222238405Sjkim 22355714Skris/* Cipher 04 */ 224296341Sdelphij { 225296341Sdelphij 1, 226296341Sdelphij SSL3_TXT_RSA_RC4_128_MD5, 227296341Sdelphij SSL3_CK_RSA_RC4_128_MD5, 228296341Sdelphij SSL_kRSA, 229296341Sdelphij SSL_aRSA, 230296341Sdelphij SSL_RC4, 231296341Sdelphij SSL_MD5, 232296341Sdelphij SSL_SSLV3, 233296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 234296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 235296341Sdelphij 128, 236296341Sdelphij 128, 237296341Sdelphij }, 238238405Sjkim 23955714Skris/* Cipher 05 */ 240296341Sdelphij { 241296341Sdelphij 1, 242296341Sdelphij SSL3_TXT_RSA_RC4_128_SHA, 243296341Sdelphij SSL3_CK_RSA_RC4_128_SHA, 244296341Sdelphij SSL_kRSA, 245296341Sdelphij SSL_aRSA, 246296341Sdelphij SSL_RC4, 247296341Sdelphij SSL_SHA1, 248296341Sdelphij SSL_SSLV3, 249296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 250296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 251296341Sdelphij 128, 252296341Sdelphij 128, 253296341Sdelphij }, 254238405Sjkim 25555714Skris/* Cipher 06 */ 256296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 257296341Sdelphij { 258296341Sdelphij 1, 259296341Sdelphij SSL3_TXT_RSA_RC2_40_MD5, 260296341Sdelphij SSL3_CK_RSA_RC2_40_MD5, 261296341Sdelphij SSL_kRSA, 262296341Sdelphij SSL_aRSA, 263296341Sdelphij SSL_RC2, 264296341Sdelphij SSL_MD5, 265296341Sdelphij SSL_SSLV3, 266296341Sdelphij SSL_EXPORT | SSL_EXP40, 267296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 268296341Sdelphij 40, 269296341Sdelphij 128, 270296341Sdelphij }, 271296341Sdelphij#endif 272238405Sjkim 27355714Skris/* Cipher 07 */ 274127128Snectar#ifndef OPENSSL_NO_IDEA 275296341Sdelphij { 276296341Sdelphij 1, 277296341Sdelphij SSL3_TXT_RSA_IDEA_128_SHA, 278296341Sdelphij SSL3_CK_RSA_IDEA_128_SHA, 279296341Sdelphij SSL_kRSA, 280296341Sdelphij SSL_aRSA, 281296341Sdelphij SSL_IDEA, 282296341Sdelphij SSL_SHA1, 283296341Sdelphij SSL_SSLV3, 284296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 285296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 286296341Sdelphij 128, 287296341Sdelphij 128, 288296341Sdelphij }, 289127128Snectar#endif 290238405Sjkim 29155714Skris/* Cipher 08 */ 292296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 293296341Sdelphij { 294296341Sdelphij 1, 295296341Sdelphij SSL3_TXT_RSA_DES_40_CBC_SHA, 296296341Sdelphij SSL3_CK_RSA_DES_40_CBC_SHA, 297296341Sdelphij SSL_kRSA, 298296341Sdelphij SSL_aRSA, 299296341Sdelphij SSL_DES, 300296341Sdelphij SSL_SHA1, 301296341Sdelphij SSL_SSLV3, 302296341Sdelphij SSL_EXPORT | SSL_EXP40, 303296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 304296341Sdelphij 40, 305296341Sdelphij 56, 306296341Sdelphij }, 307296341Sdelphij#endif 308238405Sjkim 30955714Skris/* Cipher 09 */ 310296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 311296341Sdelphij { 312296341Sdelphij 1, 313296341Sdelphij SSL3_TXT_RSA_DES_64_CBC_SHA, 314296341Sdelphij SSL3_CK_RSA_DES_64_CBC_SHA, 315296341Sdelphij SSL_kRSA, 316296341Sdelphij SSL_aRSA, 317296341Sdelphij SSL_DES, 318296341Sdelphij SSL_SHA1, 319296341Sdelphij SSL_SSLV3, 320296341Sdelphij SSL_NOT_EXP | SSL_LOW, 321296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 322296341Sdelphij 56, 323296341Sdelphij 56, 324296341Sdelphij }, 325296341Sdelphij#endif 326238405Sjkim 32755714Skris/* Cipher 0A */ 328296341Sdelphij { 329296341Sdelphij 1, 330296341Sdelphij SSL3_TXT_RSA_DES_192_CBC3_SHA, 331296341Sdelphij SSL3_CK_RSA_DES_192_CBC3_SHA, 332296341Sdelphij SSL_kRSA, 333296341Sdelphij SSL_aRSA, 334296341Sdelphij SSL_3DES, 335296341Sdelphij SSL_SHA1, 336296341Sdelphij SSL_SSLV3, 337296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 338296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 339296341Sdelphij 112, 340296341Sdelphij 168, 341296341Sdelphij }, 342238405Sjkim 343160814Ssimon/* The DH ciphers */ 34455714Skris/* Cipher 0B */ 345296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 346296341Sdelphij { 347296341Sdelphij 0, 348296341Sdelphij SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 349296341Sdelphij SSL3_CK_DH_DSS_DES_40_CBC_SHA, 350296341Sdelphij SSL_kDHd, 351296341Sdelphij SSL_aDH, 352296341Sdelphij SSL_DES, 353296341Sdelphij SSL_SHA1, 354296341Sdelphij SSL_SSLV3, 355296341Sdelphij SSL_EXPORT | SSL_EXP40, 356296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 357296341Sdelphij 40, 358296341Sdelphij 56, 359296341Sdelphij }, 360296341Sdelphij#endif 361238405Sjkim 36255714Skris/* Cipher 0C */ 363296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 364296341Sdelphij { 365296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 366296341Sdelphij SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 367296341Sdelphij SSL3_CK_DH_DSS_DES_64_CBC_SHA, 368296341Sdelphij SSL_kDHd, 369296341Sdelphij SSL_aDH, 370296341Sdelphij SSL_DES, 371296341Sdelphij SSL_SHA1, 372296341Sdelphij SSL_SSLV3, 373296341Sdelphij SSL_NOT_EXP | SSL_LOW, 374296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 375296341Sdelphij 56, 376296341Sdelphij 56, 377296341Sdelphij }, 378296341Sdelphij#endif 379238405Sjkim 38055714Skris/* Cipher 0D */ 381296341Sdelphij { 382296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 383296341Sdelphij SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 384296341Sdelphij SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 385296341Sdelphij SSL_kDHd, 386296341Sdelphij SSL_aDH, 387296341Sdelphij SSL_3DES, 388296341Sdelphij SSL_SHA1, 389296341Sdelphij SSL_SSLV3, 390296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 391296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 392296341Sdelphij 112, 393296341Sdelphij 168, 394296341Sdelphij }, 395238405Sjkim 39655714Skris/* Cipher 0E */ 397296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 398296341Sdelphij { 399296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 400296341Sdelphij SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 401296341Sdelphij SSL3_CK_DH_RSA_DES_40_CBC_SHA, 402296341Sdelphij SSL_kDHr, 403296341Sdelphij SSL_aDH, 404296341Sdelphij SSL_DES, 405296341Sdelphij SSL_SHA1, 406296341Sdelphij SSL_SSLV3, 407296341Sdelphij SSL_EXPORT | SSL_EXP40, 408296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 409296341Sdelphij 40, 410296341Sdelphij 56, 411296341Sdelphij }, 412296341Sdelphij#endif 413238405Sjkim 41455714Skris/* Cipher 0F */ 415296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 416296341Sdelphij { 417296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 418296341Sdelphij SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 419296341Sdelphij SSL3_CK_DH_RSA_DES_64_CBC_SHA, 420296341Sdelphij SSL_kDHr, 421296341Sdelphij SSL_aDH, 422296341Sdelphij SSL_DES, 423296341Sdelphij SSL_SHA1, 424296341Sdelphij SSL_SSLV3, 425296341Sdelphij SSL_NOT_EXP | SSL_LOW, 426296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 427296341Sdelphij 56, 428296341Sdelphij 56, 429296341Sdelphij }, 430296341Sdelphij#endif 431238405Sjkim 43255714Skris/* Cipher 10 */ 433296341Sdelphij { 434296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 435296341Sdelphij SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 436296341Sdelphij SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 437296341Sdelphij SSL_kDHr, 438296341Sdelphij SSL_aDH, 439296341Sdelphij SSL_3DES, 440296341Sdelphij SSL_SHA1, 441296341Sdelphij SSL_SSLV3, 442296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 443296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 444296341Sdelphij 112, 445296341Sdelphij 168, 446296341Sdelphij }, 44755714Skris 44855714Skris/* The Ephemeral DH ciphers */ 44955714Skris/* Cipher 11 */ 450296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 451296341Sdelphij { 452296341Sdelphij 1, 453296341Sdelphij SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 454296341Sdelphij SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 455296341Sdelphij SSL_kEDH, 456296341Sdelphij SSL_aDSS, 457296341Sdelphij SSL_DES, 458296341Sdelphij SSL_SHA1, 459296341Sdelphij SSL_SSLV3, 460296341Sdelphij SSL_EXPORT | SSL_EXP40, 461296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 462296341Sdelphij 40, 463296341Sdelphij 56, 464296341Sdelphij }, 465296341Sdelphij#endif 466238405Sjkim 46755714Skris/* Cipher 12 */ 468296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 469296341Sdelphij { 470296341Sdelphij 1, 471296341Sdelphij SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 472296341Sdelphij SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 473296341Sdelphij SSL_kEDH, 474296341Sdelphij SSL_aDSS, 475296341Sdelphij SSL_DES, 476296341Sdelphij SSL_SHA1, 477296341Sdelphij SSL_SSLV3, 478296341Sdelphij SSL_NOT_EXP | SSL_LOW, 479296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 480296341Sdelphij 56, 481296341Sdelphij 56, 482296341Sdelphij }, 483296341Sdelphij#endif 484238405Sjkim 48555714Skris/* Cipher 13 */ 486296341Sdelphij { 487296341Sdelphij 1, 488296341Sdelphij SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 489296341Sdelphij SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 490296341Sdelphij SSL_kEDH, 491296341Sdelphij SSL_aDSS, 492296341Sdelphij SSL_3DES, 493296341Sdelphij SSL_SHA1, 494296341Sdelphij SSL_SSLV3, 495296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 496296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 497296341Sdelphij 112, 498296341Sdelphij 168, 499296341Sdelphij }, 500238405Sjkim 50155714Skris/* Cipher 14 */ 502296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 503296341Sdelphij { 504296341Sdelphij 1, 505296341Sdelphij SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 506296341Sdelphij SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 507296341Sdelphij SSL_kEDH, 508296341Sdelphij SSL_aRSA, 509296341Sdelphij SSL_DES, 510296341Sdelphij SSL_SHA1, 511296341Sdelphij SSL_SSLV3, 512296341Sdelphij SSL_EXPORT | SSL_EXP40, 513296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 514296341Sdelphij 40, 515296341Sdelphij 56, 516296341Sdelphij }, 517296341Sdelphij#endif 518238405Sjkim 51955714Skris/* Cipher 15 */ 520296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 521296341Sdelphij { 522296341Sdelphij 1, 523296341Sdelphij SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 524296341Sdelphij SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 525296341Sdelphij SSL_kEDH, 526296341Sdelphij SSL_aRSA, 527296341Sdelphij SSL_DES, 528296341Sdelphij SSL_SHA1, 529296341Sdelphij SSL_SSLV3, 530296341Sdelphij SSL_NOT_EXP | SSL_LOW, 531296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 532296341Sdelphij 56, 533296341Sdelphij 56, 534296341Sdelphij }, 535296341Sdelphij#endif 536238405Sjkim 53755714Skris/* Cipher 16 */ 538296341Sdelphij { 539296341Sdelphij 1, 540296341Sdelphij SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 541296341Sdelphij SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 542296341Sdelphij SSL_kEDH, 543296341Sdelphij SSL_aRSA, 544296341Sdelphij SSL_3DES, 545296341Sdelphij SSL_SHA1, 546296341Sdelphij SSL_SSLV3, 547296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 548296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 549296341Sdelphij 112, 550296341Sdelphij 168, 551296341Sdelphij }, 552238405Sjkim 553160814Ssimon/* Cipher 17 */ 554296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 555296341Sdelphij { 556296341Sdelphij 1, 557296341Sdelphij SSL3_TXT_ADH_RC4_40_MD5, 558296341Sdelphij SSL3_CK_ADH_RC4_40_MD5, 559296341Sdelphij SSL_kEDH, 560296341Sdelphij SSL_aNULL, 561296341Sdelphij SSL_RC4, 562296341Sdelphij SSL_MD5, 563296341Sdelphij SSL_SSLV3, 564296341Sdelphij SSL_EXPORT | SSL_EXP40, 565296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 566296341Sdelphij 40, 567296341Sdelphij 128, 568296341Sdelphij }, 569296341Sdelphij#endif 570238405Sjkim 571160814Ssimon/* Cipher 18 */ 572296341Sdelphij { 573296341Sdelphij 1, 574296341Sdelphij SSL3_TXT_ADH_RC4_128_MD5, 575296341Sdelphij SSL3_CK_ADH_RC4_128_MD5, 576296341Sdelphij SSL_kEDH, 577296341Sdelphij SSL_aNULL, 578296341Sdelphij SSL_RC4, 579296341Sdelphij SSL_MD5, 580296341Sdelphij SSL_SSLV3, 581296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 582296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 583296341Sdelphij 128, 584296341Sdelphij 128, 585296341Sdelphij }, 586238405Sjkim 587160814Ssimon/* Cipher 19 */ 588296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 589296341Sdelphij { 590296341Sdelphij 1, 591296341Sdelphij SSL3_TXT_ADH_DES_40_CBC_SHA, 592296341Sdelphij SSL3_CK_ADH_DES_40_CBC_SHA, 593296341Sdelphij SSL_kEDH, 594296341Sdelphij SSL_aNULL, 595296341Sdelphij SSL_DES, 596296341Sdelphij SSL_SHA1, 597296341Sdelphij SSL_SSLV3, 598296341Sdelphij SSL_EXPORT | SSL_EXP40, 599296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 600296341Sdelphij 40, 601296341Sdelphij 128, 602296341Sdelphij }, 603296341Sdelphij#endif 604238405Sjkim 605160814Ssimon/* Cipher 1A */ 606296341Sdelphij#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 607296341Sdelphij { 608296341Sdelphij 1, 609296341Sdelphij SSL3_TXT_ADH_DES_64_CBC_SHA, 610296341Sdelphij SSL3_CK_ADH_DES_64_CBC_SHA, 611296341Sdelphij SSL_kEDH, 612296341Sdelphij SSL_aNULL, 613296341Sdelphij SSL_DES, 614296341Sdelphij SSL_SHA1, 615296341Sdelphij SSL_SSLV3, 616296341Sdelphij SSL_NOT_EXP | SSL_LOW, 617296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 618296341Sdelphij 56, 619296341Sdelphij 56, 620296341Sdelphij }, 621296341Sdelphij#endif 622238405Sjkim 623160814Ssimon/* Cipher 1B */ 624296341Sdelphij { 625296341Sdelphij 1, 626296341Sdelphij SSL3_TXT_ADH_DES_192_CBC_SHA, 627296341Sdelphij SSL3_CK_ADH_DES_192_CBC_SHA, 628296341Sdelphij SSL_kEDH, 629296341Sdelphij SSL_aNULL, 630296341Sdelphij SSL_3DES, 631296341Sdelphij SSL_SHA1, 632296341Sdelphij SSL_SSLV3, 633296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 634296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 635296341Sdelphij 112, 636296341Sdelphij 168, 637296341Sdelphij }, 63855714Skris 639238405Sjkim/* Fortezza ciphersuite from SSL 3.0 spec */ 640238405Sjkim#if 0 64155714Skris/* Cipher 1C */ 642296341Sdelphij { 643296341Sdelphij 0, 644296341Sdelphij SSL3_TXT_FZA_DMS_NULL_SHA, 645296341Sdelphij SSL3_CK_FZA_DMS_NULL_SHA, 646296341Sdelphij SSL_kFZA, 647296341Sdelphij SSL_aFZA, 648296341Sdelphij SSL_eNULL, 649296341Sdelphij SSL_SHA1, 650296341Sdelphij SSL_SSLV3, 651296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE, 652296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 653296341Sdelphij 0, 654296341Sdelphij 0, 655296341Sdelphij }, 65655714Skris 65755714Skris/* Cipher 1D */ 658296341Sdelphij { 659296341Sdelphij 0, 660296341Sdelphij SSL3_TXT_FZA_DMS_FZA_SHA, 661296341Sdelphij SSL3_CK_FZA_DMS_FZA_SHA, 662296341Sdelphij SSL_kFZA, 663296341Sdelphij SSL_aFZA, 664296341Sdelphij SSL_eFZA, 665296341Sdelphij SSL_SHA1, 666296341Sdelphij SSL_SSLV3, 667296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE, 668296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 669296341Sdelphij 0, 670296341Sdelphij 0, 671296341Sdelphij }, 67255714Skris 67355714Skris/* Cipher 1E */ 674296341Sdelphij { 675296341Sdelphij 0, 676296341Sdelphij SSL3_TXT_FZA_DMS_RC4_SHA, 677296341Sdelphij SSL3_CK_FZA_DMS_RC4_SHA, 678296341Sdelphij SSL_kFZA, 679296341Sdelphij SSL_aFZA, 680296341Sdelphij SSL_RC4, 681296341Sdelphij SSL_SHA1, 682296341Sdelphij SSL_SSLV3, 683296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 684296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 685296341Sdelphij 128, 686296341Sdelphij 128, 687296341Sdelphij }, 688109998Smarkm#endif 68955714Skris 690109998Smarkm#ifndef OPENSSL_NO_KRB5 691238405Sjkim/* The Kerberos ciphers*/ 692194206Ssimon/* Cipher 1E */ 693296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 694296341Sdelphij { 695296341Sdelphij 1, 696296341Sdelphij SSL3_TXT_KRB5_DES_64_CBC_SHA, 697296341Sdelphij SSL3_CK_KRB5_DES_64_CBC_SHA, 698296341Sdelphij SSL_kKRB5, 699296341Sdelphij SSL_aKRB5, 700296341Sdelphij SSL_DES, 701296341Sdelphij SSL_SHA1, 702296341Sdelphij SSL_SSLV3, 703296341Sdelphij SSL_NOT_EXP | SSL_LOW, 704296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 705296341Sdelphij 56, 706296341Sdelphij 56, 707296341Sdelphij }, 708296341Sdelphij# endif 709109998Smarkm 710194206Ssimon/* Cipher 1F */ 711296341Sdelphij { 712296341Sdelphij 1, 713296341Sdelphij SSL3_TXT_KRB5_DES_192_CBC3_SHA, 714296341Sdelphij SSL3_CK_KRB5_DES_192_CBC3_SHA, 715296341Sdelphij SSL_kKRB5, 716296341Sdelphij SSL_aKRB5, 717296341Sdelphij SSL_3DES, 718296341Sdelphij SSL_SHA1, 719296341Sdelphij SSL_SSLV3, 720296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 721296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 722296341Sdelphij 112, 723296341Sdelphij 168, 724296341Sdelphij }, 725109998Smarkm 726194206Ssimon/* Cipher 20 */ 727296341Sdelphij { 728296341Sdelphij 1, 729296341Sdelphij SSL3_TXT_KRB5_RC4_128_SHA, 730296341Sdelphij SSL3_CK_KRB5_RC4_128_SHA, 731296341Sdelphij SSL_kKRB5, 732296341Sdelphij SSL_aKRB5, 733296341Sdelphij SSL_RC4, 734296341Sdelphij SSL_SHA1, 735296341Sdelphij SSL_SSLV3, 736296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 737296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 738296341Sdelphij 128, 739296341Sdelphij 128, 740296341Sdelphij }, 741109998Smarkm 742194206Ssimon/* Cipher 21 */ 743296341Sdelphij { 744296341Sdelphij 1, 745296341Sdelphij SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 746296341Sdelphij SSL3_CK_KRB5_IDEA_128_CBC_SHA, 747296341Sdelphij SSL_kKRB5, 748296341Sdelphij SSL_aKRB5, 749296341Sdelphij SSL_IDEA, 750296341Sdelphij SSL_SHA1, 751296341Sdelphij SSL_SSLV3, 752296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 753296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 754296341Sdelphij 128, 755296341Sdelphij 128, 756296341Sdelphij }, 757109998Smarkm 758194206Ssimon/* Cipher 22 */ 759296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 760296341Sdelphij { 761296341Sdelphij 1, 762296341Sdelphij SSL3_TXT_KRB5_DES_64_CBC_MD5, 763296341Sdelphij SSL3_CK_KRB5_DES_64_CBC_MD5, 764296341Sdelphij SSL_kKRB5, 765296341Sdelphij SSL_aKRB5, 766296341Sdelphij SSL_DES, 767296341Sdelphij SSL_MD5, 768296341Sdelphij SSL_SSLV3, 769296341Sdelphij SSL_NOT_EXP | SSL_LOW, 770296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 771296341Sdelphij 56, 772296341Sdelphij 56, 773296341Sdelphij }, 774296341Sdelphij# endif 775109998Smarkm 776194206Ssimon/* Cipher 23 */ 777296341Sdelphij { 778296341Sdelphij 1, 779296341Sdelphij SSL3_TXT_KRB5_DES_192_CBC3_MD5, 780296341Sdelphij SSL3_CK_KRB5_DES_192_CBC3_MD5, 781296341Sdelphij SSL_kKRB5, 782296341Sdelphij SSL_aKRB5, 783296341Sdelphij SSL_3DES, 784296341Sdelphij SSL_MD5, 785296341Sdelphij SSL_SSLV3, 786296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 787296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 788296341Sdelphij 112, 789296341Sdelphij 168, 790296341Sdelphij }, 791109998Smarkm 792194206Ssimon/* Cipher 24 */ 793296341Sdelphij { 794296341Sdelphij 1, 795296341Sdelphij SSL3_TXT_KRB5_RC4_128_MD5, 796296341Sdelphij SSL3_CK_KRB5_RC4_128_MD5, 797296341Sdelphij SSL_kKRB5, 798296341Sdelphij SSL_aKRB5, 799296341Sdelphij SSL_RC4, 800296341Sdelphij SSL_MD5, 801296341Sdelphij SSL_SSLV3, 802296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 803296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 804296341Sdelphij 128, 805296341Sdelphij 128, 806296341Sdelphij }, 807109998Smarkm 808194206Ssimon/* Cipher 25 */ 809296341Sdelphij { 810296341Sdelphij 1, 811296341Sdelphij SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 812296341Sdelphij SSL3_CK_KRB5_IDEA_128_CBC_MD5, 813296341Sdelphij SSL_kKRB5, 814296341Sdelphij SSL_aKRB5, 815296341Sdelphij SSL_IDEA, 816296341Sdelphij SSL_MD5, 817296341Sdelphij SSL_SSLV3, 818296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 819296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 820296341Sdelphij 128, 821296341Sdelphij 128, 822296341Sdelphij }, 823109998Smarkm 824194206Ssimon/* Cipher 26 */ 825296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 826296341Sdelphij { 827296341Sdelphij 1, 828296341Sdelphij SSL3_TXT_KRB5_DES_40_CBC_SHA, 829296341Sdelphij SSL3_CK_KRB5_DES_40_CBC_SHA, 830296341Sdelphij SSL_kKRB5, 831296341Sdelphij SSL_aKRB5, 832296341Sdelphij SSL_DES, 833296341Sdelphij SSL_SHA1, 834296341Sdelphij SSL_SSLV3, 835296341Sdelphij SSL_EXPORT | SSL_EXP40, 836296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 837296341Sdelphij 40, 838296341Sdelphij 56, 839296341Sdelphij }, 840296341Sdelphij# endif 841109998Smarkm 842194206Ssimon/* Cipher 27 */ 843296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 844296341Sdelphij { 845296341Sdelphij 1, 846296341Sdelphij SSL3_TXT_KRB5_RC2_40_CBC_SHA, 847296341Sdelphij SSL3_CK_KRB5_RC2_40_CBC_SHA, 848296341Sdelphij SSL_kKRB5, 849296341Sdelphij SSL_aKRB5, 850296341Sdelphij SSL_RC2, 851296341Sdelphij SSL_SHA1, 852296341Sdelphij SSL_SSLV3, 853296341Sdelphij SSL_EXPORT | SSL_EXP40, 854296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 855296341Sdelphij 40, 856296341Sdelphij 128, 857296341Sdelphij }, 858296341Sdelphij# endif 859109998Smarkm 860194206Ssimon/* Cipher 28 */ 861296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 862296341Sdelphij { 863296341Sdelphij 1, 864296341Sdelphij SSL3_TXT_KRB5_RC4_40_SHA, 865296341Sdelphij SSL3_CK_KRB5_RC4_40_SHA, 866296341Sdelphij SSL_kKRB5, 867296341Sdelphij SSL_aKRB5, 868296341Sdelphij SSL_RC4, 869296341Sdelphij SSL_SHA1, 870296341Sdelphij SSL_SSLV3, 871296341Sdelphij SSL_EXPORT | SSL_EXP40, 872296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 873296341Sdelphij 40, 874296341Sdelphij 128, 875296341Sdelphij }, 876296341Sdelphij# endif 877109998Smarkm 878194206Ssimon/* Cipher 29 */ 879296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 880296341Sdelphij { 881296341Sdelphij 1, 882296341Sdelphij SSL3_TXT_KRB5_DES_40_CBC_MD5, 883296341Sdelphij SSL3_CK_KRB5_DES_40_CBC_MD5, 884296341Sdelphij SSL_kKRB5, 885296341Sdelphij SSL_aKRB5, 886296341Sdelphij SSL_DES, 887296341Sdelphij SSL_MD5, 888296341Sdelphij SSL_SSLV3, 889296341Sdelphij SSL_EXPORT | SSL_EXP40, 890296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 891296341Sdelphij 40, 892296341Sdelphij 56, 893296341Sdelphij }, 894296341Sdelphij# endif 895109998Smarkm 896194206Ssimon/* Cipher 2A */ 897296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 898296341Sdelphij { 899296341Sdelphij 1, 900296341Sdelphij SSL3_TXT_KRB5_RC2_40_CBC_MD5, 901296341Sdelphij SSL3_CK_KRB5_RC2_40_CBC_MD5, 902296341Sdelphij SSL_kKRB5, 903296341Sdelphij SSL_aKRB5, 904296341Sdelphij SSL_RC2, 905296341Sdelphij SSL_MD5, 906296341Sdelphij SSL_SSLV3, 907296341Sdelphij SSL_EXPORT | SSL_EXP40, 908296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 909296341Sdelphij 40, 910296341Sdelphij 128, 911296341Sdelphij }, 912296341Sdelphij# endif 913109998Smarkm 914194206Ssimon/* Cipher 2B */ 915296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 916296341Sdelphij { 917296341Sdelphij 1, 918296341Sdelphij SSL3_TXT_KRB5_RC4_40_MD5, 919296341Sdelphij SSL3_CK_KRB5_RC4_40_MD5, 920296341Sdelphij SSL_kKRB5, 921296341Sdelphij SSL_aKRB5, 922296341Sdelphij SSL_RC4, 923296341Sdelphij SSL_MD5, 924296341Sdelphij SSL_SSLV3, 925296341Sdelphij SSL_EXPORT | SSL_EXP40, 926296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 927296341Sdelphij 40, 928296341Sdelphij 128, 929296341Sdelphij }, 930296341Sdelphij# endif 931296341Sdelphij#endif /* OPENSSL_NO_KRB5 */ 932194206Ssimon 933160814Ssimon/* New AES ciphersuites */ 934160814Ssimon/* Cipher 2F */ 935296341Sdelphij { 936296341Sdelphij 1, 937296341Sdelphij TLS1_TXT_RSA_WITH_AES_128_SHA, 938296341Sdelphij TLS1_CK_RSA_WITH_AES_128_SHA, 939296341Sdelphij SSL_kRSA, 940296341Sdelphij SSL_aRSA, 941296341Sdelphij SSL_AES128, 942296341Sdelphij SSL_SHA1, 943296341Sdelphij SSL_TLSV1, 944296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 945296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 946296341Sdelphij 128, 947296341Sdelphij 128, 948296341Sdelphij }, 949160814Ssimon/* Cipher 30 */ 950296341Sdelphij { 951296341Sdelphij 0, 952296341Sdelphij TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 953296341Sdelphij TLS1_CK_DH_DSS_WITH_AES_128_SHA, 954296341Sdelphij SSL_kDHd, 955296341Sdelphij SSL_aDH, 956296341Sdelphij SSL_AES128, 957296341Sdelphij SSL_SHA1, 958296341Sdelphij SSL_TLSV1, 959296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 960296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 961296341Sdelphij 128, 962296341Sdelphij 128, 963296341Sdelphij }, 964160814Ssimon/* Cipher 31 */ 965296341Sdelphij { 966296341Sdelphij 0, 967296341Sdelphij TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 968296341Sdelphij TLS1_CK_DH_RSA_WITH_AES_128_SHA, 969296341Sdelphij SSL_kDHr, 970296341Sdelphij SSL_aDH, 971296341Sdelphij SSL_AES128, 972296341Sdelphij SSL_SHA1, 973296341Sdelphij SSL_TLSV1, 974296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 975296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 976296341Sdelphij 128, 977296341Sdelphij 128, 978296341Sdelphij }, 979160814Ssimon/* Cipher 32 */ 980296341Sdelphij { 981296341Sdelphij 1, 982296341Sdelphij TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 983296341Sdelphij TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 984296341Sdelphij SSL_kEDH, 985296341Sdelphij SSL_aDSS, 986296341Sdelphij SSL_AES128, 987296341Sdelphij SSL_SHA1, 988296341Sdelphij SSL_TLSV1, 989296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 990296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 991296341Sdelphij 128, 992296341Sdelphij 128, 993296341Sdelphij }, 994160814Ssimon/* Cipher 33 */ 995296341Sdelphij { 996296341Sdelphij 1, 997296341Sdelphij TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 998296341Sdelphij TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 999296341Sdelphij SSL_kEDH, 1000296341Sdelphij SSL_aRSA, 1001296341Sdelphij SSL_AES128, 1002296341Sdelphij SSL_SHA1, 1003296341Sdelphij SSL_TLSV1, 1004296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1005296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1006296341Sdelphij 128, 1007296341Sdelphij 128, 1008296341Sdelphij }, 1009160814Ssimon/* Cipher 34 */ 1010296341Sdelphij { 1011296341Sdelphij 1, 1012296341Sdelphij TLS1_TXT_ADH_WITH_AES_128_SHA, 1013296341Sdelphij TLS1_CK_ADH_WITH_AES_128_SHA, 1014296341Sdelphij SSL_kEDH, 1015296341Sdelphij SSL_aNULL, 1016296341Sdelphij SSL_AES128, 1017296341Sdelphij SSL_SHA1, 1018296341Sdelphij SSL_TLSV1, 1019296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1020296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1021296341Sdelphij 128, 1022296341Sdelphij 128, 1023296341Sdelphij }, 1024109998Smarkm 1025160814Ssimon/* Cipher 35 */ 1026296341Sdelphij { 1027296341Sdelphij 1, 1028296341Sdelphij TLS1_TXT_RSA_WITH_AES_256_SHA, 1029296341Sdelphij TLS1_CK_RSA_WITH_AES_256_SHA, 1030296341Sdelphij SSL_kRSA, 1031296341Sdelphij SSL_aRSA, 1032296341Sdelphij SSL_AES256, 1033296341Sdelphij SSL_SHA1, 1034296341Sdelphij SSL_TLSV1, 1035296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1036296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1037296341Sdelphij 256, 1038296341Sdelphij 256, 1039296341Sdelphij }, 1040160814Ssimon/* Cipher 36 */ 1041296341Sdelphij { 1042296341Sdelphij 0, 1043296341Sdelphij TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 1044296341Sdelphij TLS1_CK_DH_DSS_WITH_AES_256_SHA, 1045296341Sdelphij SSL_kDHd, 1046296341Sdelphij SSL_aDH, 1047296341Sdelphij SSL_AES256, 1048296341Sdelphij SSL_SHA1, 1049296341Sdelphij SSL_TLSV1, 1050296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1051296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1052296341Sdelphij 256, 1053296341Sdelphij 256, 1054296341Sdelphij }, 1055238405Sjkim 1056160814Ssimon/* Cipher 37 */ 1057296341Sdelphij { 1058296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1059296341Sdelphij TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1060296341Sdelphij TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1061296341Sdelphij SSL_kDHr, 1062296341Sdelphij SSL_aDH, 1063296341Sdelphij SSL_AES256, 1064296341Sdelphij SSL_SHA1, 1065296341Sdelphij SSL_TLSV1, 1066296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1067296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1068296341Sdelphij 256, 1069296341Sdelphij 256, 1070296341Sdelphij }, 1071238405Sjkim 1072160814Ssimon/* Cipher 38 */ 1073296341Sdelphij { 1074296341Sdelphij 1, 1075296341Sdelphij TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1076296341Sdelphij TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1077296341Sdelphij SSL_kEDH, 1078296341Sdelphij SSL_aDSS, 1079296341Sdelphij SSL_AES256, 1080296341Sdelphij SSL_SHA1, 1081296341Sdelphij SSL_TLSV1, 1082296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1083296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1084296341Sdelphij 256, 1085296341Sdelphij 256, 1086296341Sdelphij }, 1087238405Sjkim 1088160814Ssimon/* Cipher 39 */ 1089296341Sdelphij { 1090296341Sdelphij 1, 1091296341Sdelphij TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1092296341Sdelphij TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1093296341Sdelphij SSL_kEDH, 1094296341Sdelphij SSL_aRSA, 1095296341Sdelphij SSL_AES256, 1096296341Sdelphij SSL_SHA1, 1097296341Sdelphij SSL_TLSV1, 1098296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1099296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1100296341Sdelphij 256, 1101296341Sdelphij 256, 1102296341Sdelphij }, 1103238405Sjkim 1104296341Sdelphij /* Cipher 3A */ 1105296341Sdelphij { 1106296341Sdelphij 1, 1107296341Sdelphij TLS1_TXT_ADH_WITH_AES_256_SHA, 1108296341Sdelphij TLS1_CK_ADH_WITH_AES_256_SHA, 1109296341Sdelphij SSL_kEDH, 1110296341Sdelphij SSL_aNULL, 1111296341Sdelphij SSL_AES256, 1112296341Sdelphij SSL_SHA1, 1113296341Sdelphij SSL_TLSV1, 1114296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1115296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1116296341Sdelphij 256, 1117296341Sdelphij 256, 1118296341Sdelphij }, 1119238405Sjkim 1120296341Sdelphij /* TLS v1.2 ciphersuites */ 1121296341Sdelphij /* Cipher 3B */ 1122296341Sdelphij { 1123296341Sdelphij 1, 1124296341Sdelphij TLS1_TXT_RSA_WITH_NULL_SHA256, 1125296341Sdelphij TLS1_CK_RSA_WITH_NULL_SHA256, 1126296341Sdelphij SSL_kRSA, 1127296341Sdelphij SSL_aRSA, 1128296341Sdelphij SSL_eNULL, 1129296341Sdelphij SSL_SHA256, 1130296341Sdelphij SSL_TLSV1_2, 1131296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 1132296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1133296341Sdelphij 0, 1134296341Sdelphij 0, 1135296341Sdelphij }, 1136238405Sjkim 1137296341Sdelphij /* Cipher 3C */ 1138296341Sdelphij { 1139296341Sdelphij 1, 1140296341Sdelphij TLS1_TXT_RSA_WITH_AES_128_SHA256, 1141296341Sdelphij TLS1_CK_RSA_WITH_AES_128_SHA256, 1142296341Sdelphij SSL_kRSA, 1143296341Sdelphij SSL_aRSA, 1144296341Sdelphij SSL_AES128, 1145296341Sdelphij SSL_SHA256, 1146296341Sdelphij SSL_TLSV1_2, 1147296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1148296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1149296341Sdelphij 128, 1150296341Sdelphij 128, 1151296341Sdelphij }, 1152238405Sjkim 1153296341Sdelphij /* Cipher 3D */ 1154296341Sdelphij { 1155296341Sdelphij 1, 1156296341Sdelphij TLS1_TXT_RSA_WITH_AES_256_SHA256, 1157296341Sdelphij TLS1_CK_RSA_WITH_AES_256_SHA256, 1158296341Sdelphij SSL_kRSA, 1159296341Sdelphij SSL_aRSA, 1160296341Sdelphij SSL_AES256, 1161296341Sdelphij SSL_SHA256, 1162296341Sdelphij SSL_TLSV1_2, 1163296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1164296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1165296341Sdelphij 256, 1166296341Sdelphij 256, 1167296341Sdelphij }, 1168160814Ssimon 1169296341Sdelphij /* Cipher 3E */ 1170296341Sdelphij { 1171296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1172296341Sdelphij TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1173296341Sdelphij TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1174296341Sdelphij SSL_kDHd, 1175296341Sdelphij SSL_aDH, 1176296341Sdelphij SSL_AES128, 1177296341Sdelphij SSL_SHA256, 1178296341Sdelphij SSL_TLSV1_2, 1179296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1180296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1181296341Sdelphij 128, 1182296341Sdelphij 128, 1183296341Sdelphij }, 1184238405Sjkim 1185296341Sdelphij /* Cipher 3F */ 1186296341Sdelphij { 1187296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1188296341Sdelphij TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1189296341Sdelphij TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1190296341Sdelphij SSL_kDHr, 1191296341Sdelphij SSL_aDH, 1192296341Sdelphij SSL_AES128, 1193296341Sdelphij SSL_SHA256, 1194296341Sdelphij SSL_TLSV1_2, 1195296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1196296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1197296341Sdelphij 128, 1198296341Sdelphij 128, 1199296341Sdelphij }, 1200238405Sjkim 1201296341Sdelphij /* Cipher 40 */ 1202296341Sdelphij { 1203296341Sdelphij 1, 1204296341Sdelphij TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1205296341Sdelphij TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1206296341Sdelphij SSL_kEDH, 1207296341Sdelphij SSL_aDSS, 1208296341Sdelphij SSL_AES128, 1209296341Sdelphij SSL_SHA256, 1210296341Sdelphij SSL_TLSV1_2, 1211296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1212296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1213296341Sdelphij 128, 1214296341Sdelphij 128, 1215296341Sdelphij }, 1216238405Sjkim 1217162911Ssimon#ifndef OPENSSL_NO_CAMELLIA 1218296341Sdelphij /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1219162911Ssimon 1220296341Sdelphij /* Cipher 41 */ 1221296341Sdelphij { 1222296341Sdelphij 1, 1223296341Sdelphij TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1224296341Sdelphij TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1225296341Sdelphij SSL_kRSA, 1226296341Sdelphij SSL_aRSA, 1227296341Sdelphij SSL_CAMELLIA128, 1228296341Sdelphij SSL_SHA1, 1229296341Sdelphij SSL_TLSV1, 1230296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1231296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1232296341Sdelphij 128, 1233296341Sdelphij 128, 1234296341Sdelphij }, 1235238405Sjkim 1236296341Sdelphij /* Cipher 42 */ 1237296341Sdelphij { 1238296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1239296341Sdelphij TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1240296341Sdelphij TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1241296341Sdelphij SSL_kDHd, 1242296341Sdelphij SSL_aDH, 1243296341Sdelphij SSL_CAMELLIA128, 1244296341Sdelphij SSL_SHA1, 1245296341Sdelphij SSL_TLSV1, 1246296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1247296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1248296341Sdelphij 128, 1249296341Sdelphij 128, 1250296341Sdelphij }, 1251238405Sjkim 1252296341Sdelphij /* Cipher 43 */ 1253296341Sdelphij { 1254296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1255296341Sdelphij TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1256296341Sdelphij TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1257296341Sdelphij SSL_kDHr, 1258296341Sdelphij SSL_aDH, 1259296341Sdelphij SSL_CAMELLIA128, 1260296341Sdelphij SSL_SHA1, 1261296341Sdelphij SSL_TLSV1, 1262296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1263296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1264296341Sdelphij 128, 1265296341Sdelphij 128, 1266296341Sdelphij }, 1267238405Sjkim 1268296341Sdelphij /* Cipher 44 */ 1269296341Sdelphij { 1270296341Sdelphij 1, 1271296341Sdelphij TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1272296341Sdelphij TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1273296341Sdelphij SSL_kEDH, 1274296341Sdelphij SSL_aDSS, 1275296341Sdelphij SSL_CAMELLIA128, 1276296341Sdelphij SSL_SHA1, 1277296341Sdelphij SSL_TLSV1, 1278296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1279296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1280296341Sdelphij 128, 1281296341Sdelphij 128, 1282296341Sdelphij }, 1283238405Sjkim 1284296341Sdelphij /* Cipher 45 */ 1285296341Sdelphij { 1286296341Sdelphij 1, 1287296341Sdelphij TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1288296341Sdelphij TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1289296341Sdelphij SSL_kEDH, 1290296341Sdelphij SSL_aRSA, 1291296341Sdelphij SSL_CAMELLIA128, 1292296341Sdelphij SSL_SHA1, 1293296341Sdelphij SSL_TLSV1, 1294296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1295296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1296296341Sdelphij 128, 1297296341Sdelphij 128, 1298296341Sdelphij }, 1299238405Sjkim 1300296341Sdelphij /* Cipher 46 */ 1301296341Sdelphij { 1302296341Sdelphij 1, 1303296341Sdelphij TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1304296341Sdelphij TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1305296341Sdelphij SSL_kEDH, 1306296341Sdelphij SSL_aNULL, 1307296341Sdelphij SSL_CAMELLIA128, 1308296341Sdelphij SSL_SHA1, 1309296341Sdelphij SSL_TLSV1, 1310296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1311296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1312296341Sdelphij 128, 1313296341Sdelphij 128, 1314296341Sdelphij }, 1315296341Sdelphij#endif /* OPENSSL_NO_CAMELLIA */ 1316162911Ssimon 131755714Skris#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1318296341Sdelphij /* New TLS Export CipherSuites from expired ID */ 1319296341Sdelphij# if 0 1320296341Sdelphij /* Cipher 60 */ 1321296341Sdelphij { 1322296341Sdelphij 1, 1323296341Sdelphij TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1324296341Sdelphij TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1325296341Sdelphij SSL_kRSA, 1326296341Sdelphij SSL_aRSA, 1327296341Sdelphij SSL_RC4, 1328296341Sdelphij SSL_MD5, 1329296341Sdelphij SSL_TLSV1, 1330296341Sdelphij SSL_EXPORT | SSL_EXP56, 1331296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1332296341Sdelphij 56, 1333296341Sdelphij 128, 1334296341Sdelphij }, 1335238405Sjkim 1336296341Sdelphij /* Cipher 61 */ 1337296341Sdelphij { 1338296341Sdelphij 1, 1339296341Sdelphij TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1340296341Sdelphij TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1341296341Sdelphij SSL_kRSA, 1342296341Sdelphij SSL_aRSA, 1343296341Sdelphij SSL_RC2, 1344296341Sdelphij SSL_MD5, 1345296341Sdelphij SSL_TLSV1, 1346296341Sdelphij SSL_EXPORT | SSL_EXP56, 1347296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1348296341Sdelphij 56, 1349296341Sdelphij 128, 1350296341Sdelphij }, 1351296341Sdelphij# endif 1352238405Sjkim 1353296341Sdelphij /* Cipher 62 */ 1354296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1355296341Sdelphij { 1356296341Sdelphij 1, 1357296341Sdelphij TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1358296341Sdelphij TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1359296341Sdelphij SSL_kRSA, 1360296341Sdelphij SSL_aRSA, 1361296341Sdelphij SSL_DES, 1362296341Sdelphij SSL_SHA1, 1363296341Sdelphij SSL_TLSV1, 1364296341Sdelphij SSL_EXPORT | SSL_EXP56, 1365296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1366296341Sdelphij 56, 1367296341Sdelphij 56, 1368296341Sdelphij }, 1369296341Sdelphij# endif 1370238405Sjkim 1371296341Sdelphij /* Cipher 63 */ 1372296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1373296341Sdelphij { 1374296341Sdelphij 1, 1375296341Sdelphij TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1376296341Sdelphij TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1377296341Sdelphij SSL_kEDH, 1378296341Sdelphij SSL_aDSS, 1379296341Sdelphij SSL_DES, 1380296341Sdelphij SSL_SHA1, 1381296341Sdelphij SSL_TLSV1, 1382296341Sdelphij SSL_EXPORT | SSL_EXP56, 1383296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1384296341Sdelphij 56, 1385296341Sdelphij 56, 1386296341Sdelphij }, 1387296341Sdelphij# endif 1388238405Sjkim 1389296341Sdelphij /* Cipher 64 */ 1390296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1391296341Sdelphij { 1392296341Sdelphij 1, 1393296341Sdelphij TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1394296341Sdelphij TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1395296341Sdelphij SSL_kRSA, 1396296341Sdelphij SSL_aRSA, 1397296341Sdelphij SSL_RC4, 1398296341Sdelphij SSL_SHA1, 1399296341Sdelphij SSL_TLSV1, 1400296341Sdelphij SSL_EXPORT | SSL_EXP56, 1401296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1402296341Sdelphij 56, 1403296341Sdelphij 128, 1404296341Sdelphij }, 1405296341Sdelphij# endif 1406238405Sjkim 1407296341Sdelphij /* Cipher 65 */ 1408296341Sdelphij# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1409296341Sdelphij { 1410296341Sdelphij 1, 1411296341Sdelphij TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1412296341Sdelphij TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1413296341Sdelphij SSL_kEDH, 1414296341Sdelphij SSL_aDSS, 1415296341Sdelphij SSL_RC4, 1416296341Sdelphij SSL_SHA1, 1417296341Sdelphij SSL_TLSV1, 1418296341Sdelphij SSL_EXPORT | SSL_EXP56, 1419296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1420296341Sdelphij 56, 1421296341Sdelphij 128, 1422296341Sdelphij }, 1423296341Sdelphij# endif 1424238405Sjkim 1425296341Sdelphij /* Cipher 66 */ 1426296341Sdelphij { 1427296341Sdelphij 1, 1428296341Sdelphij TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1429296341Sdelphij TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1430296341Sdelphij SSL_kEDH, 1431296341Sdelphij SSL_aDSS, 1432296341Sdelphij SSL_RC4, 1433296341Sdelphij SSL_SHA1, 1434296341Sdelphij SSL_TLSV1, 1435296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1436296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1437296341Sdelphij 128, 1438296341Sdelphij 128, 1439296341Sdelphij }, 144055714Skris#endif 1441162911Ssimon 1442296341Sdelphij /* TLS v1.2 ciphersuites */ 1443296341Sdelphij /* Cipher 67 */ 1444296341Sdelphij { 1445296341Sdelphij 1, 1446296341Sdelphij TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1447296341Sdelphij TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1448296341Sdelphij SSL_kEDH, 1449296341Sdelphij SSL_aRSA, 1450296341Sdelphij SSL_AES128, 1451296341Sdelphij SSL_SHA256, 1452296341Sdelphij SSL_TLSV1_2, 1453296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1454296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1455296341Sdelphij 128, 1456296341Sdelphij 128, 1457296341Sdelphij }, 1458238405Sjkim 1459296341Sdelphij /* Cipher 68 */ 1460296341Sdelphij { 1461296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1462296341Sdelphij TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1463296341Sdelphij TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1464296341Sdelphij SSL_kDHd, 1465296341Sdelphij SSL_aDH, 1466296341Sdelphij SSL_AES256, 1467296341Sdelphij SSL_SHA256, 1468296341Sdelphij SSL_TLSV1_2, 1469296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1470296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1471296341Sdelphij 256, 1472296341Sdelphij 256, 1473296341Sdelphij }, 1474238405Sjkim 1475296341Sdelphij /* Cipher 69 */ 1476296341Sdelphij { 1477296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1478296341Sdelphij TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1479296341Sdelphij TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1480296341Sdelphij SSL_kDHr, 1481296341Sdelphij SSL_aDH, 1482296341Sdelphij SSL_AES256, 1483296341Sdelphij SSL_SHA256, 1484296341Sdelphij SSL_TLSV1_2, 1485296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1486296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1487296341Sdelphij 256, 1488296341Sdelphij 256, 1489296341Sdelphij }, 1490238405Sjkim 1491296341Sdelphij /* Cipher 6A */ 1492296341Sdelphij { 1493296341Sdelphij 1, 1494296341Sdelphij TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1495296341Sdelphij TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1496296341Sdelphij SSL_kEDH, 1497296341Sdelphij SSL_aDSS, 1498296341Sdelphij SSL_AES256, 1499296341Sdelphij SSL_SHA256, 1500296341Sdelphij SSL_TLSV1_2, 1501296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1502296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1503296341Sdelphij 256, 1504296341Sdelphij 256, 1505296341Sdelphij }, 1506238405Sjkim 1507296341Sdelphij /* Cipher 6B */ 1508296341Sdelphij { 1509296341Sdelphij 1, 1510296341Sdelphij TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1511296341Sdelphij TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1512296341Sdelphij SSL_kEDH, 1513296341Sdelphij SSL_aRSA, 1514296341Sdelphij SSL_AES256, 1515296341Sdelphij SSL_SHA256, 1516296341Sdelphij SSL_TLSV1_2, 1517296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1518296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1519296341Sdelphij 256, 1520296341Sdelphij 256, 1521296341Sdelphij }, 1522238405Sjkim 1523296341Sdelphij /* Cipher 6C */ 1524296341Sdelphij { 1525296341Sdelphij 1, 1526296341Sdelphij TLS1_TXT_ADH_WITH_AES_128_SHA256, 1527296341Sdelphij TLS1_CK_ADH_WITH_AES_128_SHA256, 1528296341Sdelphij SSL_kEDH, 1529296341Sdelphij SSL_aNULL, 1530296341Sdelphij SSL_AES128, 1531296341Sdelphij SSL_SHA256, 1532296341Sdelphij SSL_TLSV1_2, 1533296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1534296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1535296341Sdelphij 128, 1536296341Sdelphij 128, 1537296341Sdelphij }, 1538238405Sjkim 1539296341Sdelphij /* Cipher 6D */ 1540296341Sdelphij { 1541296341Sdelphij 1, 1542296341Sdelphij TLS1_TXT_ADH_WITH_AES_256_SHA256, 1543296341Sdelphij TLS1_CK_ADH_WITH_AES_256_SHA256, 1544296341Sdelphij SSL_kEDH, 1545296341Sdelphij SSL_aNULL, 1546296341Sdelphij SSL_AES256, 1547296341Sdelphij SSL_SHA256, 1548296341Sdelphij SSL_TLSV1_2, 1549296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1550296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1551296341Sdelphij 256, 1552296341Sdelphij 256, 1553296341Sdelphij }, 1554238405Sjkim 1555296341Sdelphij /* GOST Ciphersuites */ 1556238405Sjkim 1557296341Sdelphij { 1558296341Sdelphij 1, 1559296341Sdelphij "GOST94-GOST89-GOST89", 1560296341Sdelphij 0x3000080, 1561296341Sdelphij SSL_kGOST, 1562296341Sdelphij SSL_aGOST94, 1563296341Sdelphij SSL_eGOST2814789CNT, 1564296341Sdelphij SSL_GOST89MAC, 1565296341Sdelphij SSL_TLSV1, 1566296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1567296341Sdelphij SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 1568296341Sdelphij 256, 1569296341Sdelphij 256}, 1570296341Sdelphij { 1571296341Sdelphij 1, 1572296341Sdelphij "GOST2001-GOST89-GOST89", 1573296341Sdelphij 0x3000081, 1574296341Sdelphij SSL_kGOST, 1575296341Sdelphij SSL_aGOST01, 1576296341Sdelphij SSL_eGOST2814789CNT, 1577296341Sdelphij SSL_GOST89MAC, 1578296341Sdelphij SSL_TLSV1, 1579296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1580296341Sdelphij SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 1581296341Sdelphij 256, 1582296341Sdelphij 256}, 1583296341Sdelphij { 1584296341Sdelphij 1, 1585296341Sdelphij "GOST94-NULL-GOST94", 1586296341Sdelphij 0x3000082, 1587296341Sdelphij SSL_kGOST, 1588296341Sdelphij SSL_aGOST94, 1589296341Sdelphij SSL_eNULL, 1590296341Sdelphij SSL_GOST94, 1591296341Sdelphij SSL_TLSV1, 1592296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE, 1593296341Sdelphij SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 1594296341Sdelphij 0, 1595296341Sdelphij 0}, 1596296341Sdelphij { 1597296341Sdelphij 1, 1598296341Sdelphij "GOST2001-NULL-GOST94", 1599296341Sdelphij 0x3000083, 1600296341Sdelphij SSL_kGOST, 1601296341Sdelphij SSL_aGOST01, 1602296341Sdelphij SSL_eNULL, 1603296341Sdelphij SSL_GOST94, 1604296341Sdelphij SSL_TLSV1, 1605296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE, 1606296341Sdelphij SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 1607296341Sdelphij 0, 1608296341Sdelphij 0}, 1609238405Sjkim 1610162911Ssimon#ifndef OPENSSL_NO_CAMELLIA 1611296341Sdelphij /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1612162911Ssimon 1613296341Sdelphij /* Cipher 84 */ 1614296341Sdelphij { 1615296341Sdelphij 1, 1616296341Sdelphij TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1617296341Sdelphij TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1618296341Sdelphij SSL_kRSA, 1619296341Sdelphij SSL_aRSA, 1620296341Sdelphij SSL_CAMELLIA256, 1621296341Sdelphij SSL_SHA1, 1622296341Sdelphij SSL_TLSV1, 1623296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1624296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1625296341Sdelphij 256, 1626296341Sdelphij 256, 1627296341Sdelphij }, 1628296341Sdelphij /* Cipher 85 */ 1629296341Sdelphij { 1630296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1631296341Sdelphij TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1632296341Sdelphij TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1633296341Sdelphij SSL_kDHd, 1634296341Sdelphij SSL_aDH, 1635296341Sdelphij SSL_CAMELLIA256, 1636296341Sdelphij SSL_SHA1, 1637296341Sdelphij SSL_TLSV1, 1638296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1639296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1640296341Sdelphij 256, 1641296341Sdelphij 256, 1642296341Sdelphij }, 1643238405Sjkim 1644296341Sdelphij /* Cipher 86 */ 1645296341Sdelphij { 1646296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1647296341Sdelphij TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1648296341Sdelphij TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1649296341Sdelphij SSL_kDHr, 1650296341Sdelphij SSL_aDH, 1651296341Sdelphij SSL_CAMELLIA256, 1652296341Sdelphij SSL_SHA1, 1653296341Sdelphij SSL_TLSV1, 1654296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1655296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1656296341Sdelphij 256, 1657296341Sdelphij 256, 1658296341Sdelphij }, 1659238405Sjkim 1660296341Sdelphij /* Cipher 87 */ 1661296341Sdelphij { 1662296341Sdelphij 1, 1663296341Sdelphij TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1664296341Sdelphij TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1665296341Sdelphij SSL_kEDH, 1666296341Sdelphij SSL_aDSS, 1667296341Sdelphij SSL_CAMELLIA256, 1668296341Sdelphij SSL_SHA1, 1669296341Sdelphij SSL_TLSV1, 1670296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1671296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1672296341Sdelphij 256, 1673296341Sdelphij 256, 1674296341Sdelphij }, 1675238405Sjkim 1676296341Sdelphij /* Cipher 88 */ 1677296341Sdelphij { 1678296341Sdelphij 1, 1679296341Sdelphij TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1680296341Sdelphij TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1681296341Sdelphij SSL_kEDH, 1682296341Sdelphij SSL_aRSA, 1683296341Sdelphij SSL_CAMELLIA256, 1684296341Sdelphij SSL_SHA1, 1685296341Sdelphij SSL_TLSV1, 1686296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1687296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1688296341Sdelphij 256, 1689296341Sdelphij 256, 1690296341Sdelphij }, 1691238405Sjkim 1692296341Sdelphij /* Cipher 89 */ 1693296341Sdelphij { 1694296341Sdelphij 1, 1695296341Sdelphij TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1696296341Sdelphij TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1697296341Sdelphij SSL_kEDH, 1698296341Sdelphij SSL_aNULL, 1699296341Sdelphij SSL_CAMELLIA256, 1700296341Sdelphij SSL_SHA1, 1701296341Sdelphij SSL_TLSV1, 1702296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 1703296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1704296341Sdelphij 256, 1705296341Sdelphij 256, 1706296341Sdelphij }, 1707296341Sdelphij#endif /* OPENSSL_NO_CAMELLIA */ 1708162911Ssimon 1709238405Sjkim#ifndef OPENSSL_NO_PSK 1710296341Sdelphij /* Cipher 8A */ 1711296341Sdelphij { 1712296341Sdelphij 1, 1713296341Sdelphij TLS1_TXT_PSK_WITH_RC4_128_SHA, 1714296341Sdelphij TLS1_CK_PSK_WITH_RC4_128_SHA, 1715296341Sdelphij SSL_kPSK, 1716296341Sdelphij SSL_aPSK, 1717296341Sdelphij SSL_RC4, 1718296341Sdelphij SSL_SHA1, 1719296341Sdelphij SSL_TLSV1, 1720296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1721296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1722296341Sdelphij 128, 1723296341Sdelphij 128, 1724296341Sdelphij }, 1725238405Sjkim 1726296341Sdelphij /* Cipher 8B */ 1727296341Sdelphij { 1728296341Sdelphij 1, 1729296341Sdelphij TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1730296341Sdelphij TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1731296341Sdelphij SSL_kPSK, 1732296341Sdelphij SSL_aPSK, 1733296341Sdelphij SSL_3DES, 1734296341Sdelphij SSL_SHA1, 1735296341Sdelphij SSL_TLSV1, 1736296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1737296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1738296341Sdelphij 112, 1739296341Sdelphij 168, 1740296341Sdelphij }, 1741238405Sjkim 1742296341Sdelphij /* Cipher 8C */ 1743296341Sdelphij { 1744296341Sdelphij 1, 1745296341Sdelphij TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1746296341Sdelphij TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1747296341Sdelphij SSL_kPSK, 1748296341Sdelphij SSL_aPSK, 1749296341Sdelphij SSL_AES128, 1750296341Sdelphij SSL_SHA1, 1751296341Sdelphij SSL_TLSV1, 1752296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1753296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1754296341Sdelphij 128, 1755296341Sdelphij 128, 1756296341Sdelphij }, 1757238405Sjkim 1758296341Sdelphij /* Cipher 8D */ 1759296341Sdelphij { 1760296341Sdelphij 1, 1761296341Sdelphij TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1762296341Sdelphij TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1763296341Sdelphij SSL_kPSK, 1764296341Sdelphij SSL_aPSK, 1765296341Sdelphij SSL_AES256, 1766296341Sdelphij SSL_SHA1, 1767296341Sdelphij SSL_TLSV1, 1768296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1769296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1770296341Sdelphij 256, 1771296341Sdelphij 256, 1772296341Sdelphij }, 1773296341Sdelphij#endif /* OPENSSL_NO_PSK */ 1774238405Sjkim 1775194206Ssimon#ifndef OPENSSL_NO_SEED 1776296341Sdelphij /* SEED ciphersuites from RFC4162 */ 1777194206Ssimon 1778296341Sdelphij /* Cipher 96 */ 1779296341Sdelphij { 1780296341Sdelphij 1, 1781296341Sdelphij TLS1_TXT_RSA_WITH_SEED_SHA, 1782296341Sdelphij TLS1_CK_RSA_WITH_SEED_SHA, 1783296341Sdelphij SSL_kRSA, 1784296341Sdelphij SSL_aRSA, 1785296341Sdelphij SSL_SEED, 1786296341Sdelphij SSL_SHA1, 1787296341Sdelphij SSL_TLSV1, 1788296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1789296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1790296341Sdelphij 128, 1791296341Sdelphij 128, 1792296341Sdelphij }, 1793194206Ssimon 1794296341Sdelphij /* Cipher 97 */ 1795296341Sdelphij { 1796296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1797296341Sdelphij TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1798296341Sdelphij TLS1_CK_DH_DSS_WITH_SEED_SHA, 1799296341Sdelphij SSL_kDHd, 1800296341Sdelphij SSL_aDH, 1801296341Sdelphij SSL_SEED, 1802296341Sdelphij SSL_SHA1, 1803296341Sdelphij SSL_TLSV1, 1804296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1805296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1806296341Sdelphij 128, 1807296341Sdelphij 128, 1808296341Sdelphij }, 1809194206Ssimon 1810296341Sdelphij /* Cipher 98 */ 1811296341Sdelphij { 1812296341Sdelphij 0, /* not implemented (non-ephemeral DH) */ 1813296341Sdelphij TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1814296341Sdelphij TLS1_CK_DH_RSA_WITH_SEED_SHA, 1815296341Sdelphij SSL_kDHr, 1816296341Sdelphij SSL_aDH, 1817296341Sdelphij SSL_SEED, 1818296341Sdelphij SSL_SHA1, 1819296341Sdelphij SSL_TLSV1, 1820296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1821296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1822296341Sdelphij 128, 1823296341Sdelphij 128, 1824296341Sdelphij }, 1825194206Ssimon 1826296341Sdelphij /* Cipher 99 */ 1827296341Sdelphij { 1828296341Sdelphij 1, 1829296341Sdelphij TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1830296341Sdelphij TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1831296341Sdelphij SSL_kEDH, 1832296341Sdelphij SSL_aDSS, 1833296341Sdelphij SSL_SEED, 1834296341Sdelphij SSL_SHA1, 1835296341Sdelphij SSL_TLSV1, 1836296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1837296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1838296341Sdelphij 128, 1839296341Sdelphij 128, 1840296341Sdelphij }, 1841194206Ssimon 1842296341Sdelphij /* Cipher 9A */ 1843296341Sdelphij { 1844296341Sdelphij 1, 1845296341Sdelphij TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1846296341Sdelphij TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1847296341Sdelphij SSL_kEDH, 1848296341Sdelphij SSL_aRSA, 1849296341Sdelphij SSL_SEED, 1850296341Sdelphij SSL_SHA1, 1851296341Sdelphij SSL_TLSV1, 1852296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1853296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1854296341Sdelphij 128, 1855296341Sdelphij 128, 1856296341Sdelphij }, 1857194206Ssimon 1858296341Sdelphij /* Cipher 9B */ 1859296341Sdelphij { 1860296341Sdelphij 1, 1861296341Sdelphij TLS1_TXT_ADH_WITH_SEED_SHA, 1862296341Sdelphij TLS1_CK_ADH_WITH_SEED_SHA, 1863296341Sdelphij SSL_kEDH, 1864296341Sdelphij SSL_aNULL, 1865296341Sdelphij SSL_SEED, 1866296341Sdelphij SSL_SHA1, 1867296341Sdelphij SSL_TLSV1, 1868296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 1869296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1870296341Sdelphij 128, 1871296341Sdelphij 128, 1872296341Sdelphij }, 1873194206Ssimon 1874296341Sdelphij#endif /* OPENSSL_NO_SEED */ 1875194206Ssimon 1876296341Sdelphij /* GCM ciphersuites from RFC5288 */ 1877238405Sjkim 1878296341Sdelphij /* Cipher 9C */ 1879296341Sdelphij { 1880296341Sdelphij 1, 1881296341Sdelphij TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1882296341Sdelphij TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1883296341Sdelphij SSL_kRSA, 1884296341Sdelphij SSL_aRSA, 1885296341Sdelphij SSL_AES128GCM, 1886296341Sdelphij SSL_AEAD, 1887296341Sdelphij SSL_TLSV1_2, 1888296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1889296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1890296341Sdelphij 128, 1891296341Sdelphij 128, 1892296341Sdelphij }, 1893238405Sjkim 1894296341Sdelphij /* Cipher 9D */ 1895296341Sdelphij { 1896296341Sdelphij 1, 1897296341Sdelphij TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1898296341Sdelphij TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1899296341Sdelphij SSL_kRSA, 1900296341Sdelphij SSL_aRSA, 1901296341Sdelphij SSL_AES256GCM, 1902296341Sdelphij SSL_AEAD, 1903296341Sdelphij SSL_TLSV1_2, 1904296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1905296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1906296341Sdelphij 256, 1907296341Sdelphij 256, 1908296341Sdelphij }, 1909238405Sjkim 1910296341Sdelphij /* Cipher 9E */ 1911296341Sdelphij { 1912296341Sdelphij 1, 1913296341Sdelphij TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1914296341Sdelphij TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1915296341Sdelphij SSL_kEDH, 1916296341Sdelphij SSL_aRSA, 1917296341Sdelphij SSL_AES128GCM, 1918296341Sdelphij SSL_AEAD, 1919296341Sdelphij SSL_TLSV1_2, 1920296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1921296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1922296341Sdelphij 128, 1923296341Sdelphij 128, 1924296341Sdelphij }, 1925238405Sjkim 1926296341Sdelphij /* Cipher 9F */ 1927296341Sdelphij { 1928296341Sdelphij 1, 1929296341Sdelphij TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1930296341Sdelphij TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1931296341Sdelphij SSL_kEDH, 1932296341Sdelphij SSL_aRSA, 1933296341Sdelphij SSL_AES256GCM, 1934296341Sdelphij SSL_AEAD, 1935296341Sdelphij SSL_TLSV1_2, 1936296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1937296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1938296341Sdelphij 256, 1939296341Sdelphij 256, 1940296341Sdelphij }, 1941238405Sjkim 1942296341Sdelphij /* Cipher A0 */ 1943296341Sdelphij { 1944296341Sdelphij 0, 1945296341Sdelphij TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1946296341Sdelphij TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1947296341Sdelphij SSL_kDHr, 1948296341Sdelphij SSL_aDH, 1949296341Sdelphij SSL_AES128GCM, 1950296341Sdelphij SSL_AEAD, 1951296341Sdelphij SSL_TLSV1_2, 1952296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1953296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1954296341Sdelphij 128, 1955296341Sdelphij 128, 1956296341Sdelphij }, 1957238405Sjkim 1958296341Sdelphij /* Cipher A1 */ 1959296341Sdelphij { 1960296341Sdelphij 0, 1961296341Sdelphij TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1962296341Sdelphij TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1963296341Sdelphij SSL_kDHr, 1964296341Sdelphij SSL_aDH, 1965296341Sdelphij SSL_AES256GCM, 1966296341Sdelphij SSL_AEAD, 1967296341Sdelphij SSL_TLSV1_2, 1968296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1969296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1970296341Sdelphij 256, 1971296341Sdelphij 256, 1972296341Sdelphij }, 1973238405Sjkim 1974296341Sdelphij /* Cipher A2 */ 1975296341Sdelphij { 1976296341Sdelphij 1, 1977296341Sdelphij TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1978296341Sdelphij TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1979296341Sdelphij SSL_kEDH, 1980296341Sdelphij SSL_aDSS, 1981296341Sdelphij SSL_AES128GCM, 1982296341Sdelphij SSL_AEAD, 1983296341Sdelphij SSL_TLSV1_2, 1984296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1985296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1986296341Sdelphij 128, 1987296341Sdelphij 128, 1988296341Sdelphij }, 1989238405Sjkim 1990296341Sdelphij /* Cipher A3 */ 1991296341Sdelphij { 1992296341Sdelphij 1, 1993296341Sdelphij TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1994296341Sdelphij TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1995296341Sdelphij SSL_kEDH, 1996296341Sdelphij SSL_aDSS, 1997296341Sdelphij SSL_AES256GCM, 1998296341Sdelphij SSL_AEAD, 1999296341Sdelphij SSL_TLSV1_2, 2000296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2001296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2002296341Sdelphij 256, 2003296341Sdelphij 256, 2004296341Sdelphij }, 2005238405Sjkim 2006296341Sdelphij /* Cipher A4 */ 2007296341Sdelphij { 2008296341Sdelphij 0, 2009296341Sdelphij TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 2010296341Sdelphij TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 2011296341Sdelphij SSL_kDHd, 2012296341Sdelphij SSL_aDH, 2013296341Sdelphij SSL_AES128GCM, 2014296341Sdelphij SSL_AEAD, 2015296341Sdelphij SSL_TLSV1_2, 2016296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2017296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2018296341Sdelphij 128, 2019296341Sdelphij 128, 2020296341Sdelphij }, 2021238405Sjkim 2022296341Sdelphij /* Cipher A5 */ 2023296341Sdelphij { 2024296341Sdelphij 0, 2025296341Sdelphij TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 2026296341Sdelphij TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 2027296341Sdelphij SSL_kDHd, 2028296341Sdelphij SSL_aDH, 2029296341Sdelphij SSL_AES256GCM, 2030296341Sdelphij SSL_AEAD, 2031296341Sdelphij SSL_TLSV1_2, 2032296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2033296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2034296341Sdelphij 256, 2035296341Sdelphij 256, 2036296341Sdelphij }, 2037238405Sjkim 2038296341Sdelphij /* Cipher A6 */ 2039296341Sdelphij { 2040296341Sdelphij 1, 2041296341Sdelphij TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 2042296341Sdelphij TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 2043296341Sdelphij SSL_kEDH, 2044296341Sdelphij SSL_aNULL, 2045296341Sdelphij SSL_AES128GCM, 2046296341Sdelphij SSL_AEAD, 2047296341Sdelphij SSL_TLSV1_2, 2048296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2049296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2050296341Sdelphij 128, 2051296341Sdelphij 128, 2052296341Sdelphij }, 2053238405Sjkim 2054296341Sdelphij /* Cipher A7 */ 2055296341Sdelphij { 2056296341Sdelphij 1, 2057296341Sdelphij TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2058296341Sdelphij TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2059296341Sdelphij SSL_kEDH, 2060296341Sdelphij SSL_aNULL, 2061296341Sdelphij SSL_AES256GCM, 2062296341Sdelphij SSL_AEAD, 2063296341Sdelphij SSL_TLSV1_2, 2064296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2065296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2066296341Sdelphij 256, 2067296341Sdelphij 256, 2068296341Sdelphij }, 2069238405Sjkim 2070160814Ssimon#ifndef OPENSSL_NO_ECDH 2071296341Sdelphij /* Cipher C001 */ 2072296341Sdelphij { 2073296341Sdelphij 1, 2074296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2075296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2076296341Sdelphij SSL_kECDHe, 2077296341Sdelphij SSL_aECDH, 2078296341Sdelphij SSL_eNULL, 2079296341Sdelphij SSL_SHA1, 2080296341Sdelphij SSL_TLSV1, 2081296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2082296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2083296341Sdelphij 0, 2084296341Sdelphij 0, 2085296341Sdelphij }, 208655714Skris 2087296341Sdelphij /* Cipher C002 */ 2088296341Sdelphij { 2089296341Sdelphij 1, 2090296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2091296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2092296341Sdelphij SSL_kECDHe, 2093296341Sdelphij SSL_aECDH, 2094296341Sdelphij SSL_RC4, 2095296341Sdelphij SSL_SHA1, 2096296341Sdelphij SSL_TLSV1, 2097296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 2098296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2099296341Sdelphij 128, 2100296341Sdelphij 128, 2101296341Sdelphij }, 2102160814Ssimon 2103296341Sdelphij /* Cipher C003 */ 2104296341Sdelphij { 2105296341Sdelphij 1, 2106296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2107296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2108296341Sdelphij SSL_kECDHe, 2109296341Sdelphij SSL_aECDH, 2110296341Sdelphij SSL_3DES, 2111296341Sdelphij SSL_SHA1, 2112296341Sdelphij SSL_TLSV1, 2113296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2114296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2115296341Sdelphij 112, 2116296341Sdelphij 168, 2117296341Sdelphij }, 2118160814Ssimon 2119296341Sdelphij /* Cipher C004 */ 2120296341Sdelphij { 2121296341Sdelphij 1, 2122296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2123296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2124296341Sdelphij SSL_kECDHe, 2125296341Sdelphij SSL_aECDH, 2126296341Sdelphij SSL_AES128, 2127296341Sdelphij SSL_SHA1, 2128296341Sdelphij SSL_TLSV1, 2129296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2130296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2131296341Sdelphij 128, 2132296341Sdelphij 128, 2133296341Sdelphij }, 2134160814Ssimon 2135296341Sdelphij /* Cipher C005 */ 2136296341Sdelphij { 2137296341Sdelphij 1, 2138296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2139296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2140296341Sdelphij SSL_kECDHe, 2141296341Sdelphij SSL_aECDH, 2142296341Sdelphij SSL_AES256, 2143296341Sdelphij SSL_SHA1, 2144296341Sdelphij SSL_TLSV1, 2145296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2146296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2147296341Sdelphij 256, 2148296341Sdelphij 256, 2149296341Sdelphij }, 2150160814Ssimon 2151296341Sdelphij /* Cipher C006 */ 2152296341Sdelphij { 2153296341Sdelphij 1, 2154296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2155296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2156296341Sdelphij SSL_kEECDH, 2157296341Sdelphij SSL_aECDSA, 2158296341Sdelphij SSL_eNULL, 2159296341Sdelphij SSL_SHA1, 2160296341Sdelphij SSL_TLSV1, 2161296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2162296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2163296341Sdelphij 0, 2164296341Sdelphij 0, 2165296341Sdelphij }, 2166160814Ssimon 2167296341Sdelphij /* Cipher C007 */ 2168296341Sdelphij { 2169296341Sdelphij 1, 2170296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2171296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2172296341Sdelphij SSL_kEECDH, 2173296341Sdelphij SSL_aECDSA, 2174296341Sdelphij SSL_RC4, 2175296341Sdelphij SSL_SHA1, 2176296341Sdelphij SSL_TLSV1, 2177296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 2178296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2179296341Sdelphij 128, 2180296341Sdelphij 128, 2181296341Sdelphij }, 2182109998Smarkm 2183296341Sdelphij /* Cipher C008 */ 2184296341Sdelphij { 2185296341Sdelphij 1, 2186296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2187296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2188296341Sdelphij SSL_kEECDH, 2189296341Sdelphij SSL_aECDSA, 2190296341Sdelphij SSL_3DES, 2191296341Sdelphij SSL_SHA1, 2192296341Sdelphij SSL_TLSV1, 2193296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2194296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2195296341Sdelphij 112, 2196296341Sdelphij 168, 2197296341Sdelphij }, 2198160814Ssimon 2199296341Sdelphij /* Cipher C009 */ 2200296341Sdelphij { 2201296341Sdelphij 1, 2202296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2203296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2204296341Sdelphij SSL_kEECDH, 2205296341Sdelphij SSL_aECDSA, 2206296341Sdelphij SSL_AES128, 2207296341Sdelphij SSL_SHA1, 2208296341Sdelphij SSL_TLSV1, 2209296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2210296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2211296341Sdelphij 128, 2212296341Sdelphij 128, 2213296341Sdelphij }, 2214160814Ssimon 2215296341Sdelphij /* Cipher C00A */ 2216296341Sdelphij { 2217296341Sdelphij 1, 2218296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2219296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2220296341Sdelphij SSL_kEECDH, 2221296341Sdelphij SSL_aECDSA, 2222296341Sdelphij SSL_AES256, 2223296341Sdelphij SSL_SHA1, 2224296341Sdelphij SSL_TLSV1, 2225296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2226296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2227296341Sdelphij 256, 2228296341Sdelphij 256, 2229296341Sdelphij }, 2230160814Ssimon 2231296341Sdelphij /* Cipher C00B */ 2232296341Sdelphij { 2233296341Sdelphij 1, 2234296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2235296341Sdelphij TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2236296341Sdelphij SSL_kECDHr, 2237296341Sdelphij SSL_aECDH, 2238296341Sdelphij SSL_eNULL, 2239296341Sdelphij SSL_SHA1, 2240296341Sdelphij SSL_TLSV1, 2241296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2242296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2243296341Sdelphij 0, 2244296341Sdelphij 0, 2245296341Sdelphij }, 2246160814Ssimon 2247296341Sdelphij /* Cipher C00C */ 2248296341Sdelphij { 2249296341Sdelphij 1, 2250296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2251296341Sdelphij TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2252296341Sdelphij SSL_kECDHr, 2253296341Sdelphij SSL_aECDH, 2254296341Sdelphij SSL_RC4, 2255296341Sdelphij SSL_SHA1, 2256296341Sdelphij SSL_TLSV1, 2257296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 2258296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2259296341Sdelphij 128, 2260296341Sdelphij 128, 2261296341Sdelphij }, 2262160814Ssimon 2263296341Sdelphij /* Cipher C00D */ 2264296341Sdelphij { 2265296341Sdelphij 1, 2266296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2267296341Sdelphij TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2268296341Sdelphij SSL_kECDHr, 2269296341Sdelphij SSL_aECDH, 2270296341Sdelphij SSL_3DES, 2271296341Sdelphij SSL_SHA1, 2272296341Sdelphij SSL_TLSV1, 2273296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2274296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2275296341Sdelphij 112, 2276296341Sdelphij 168, 2277296341Sdelphij }, 2278160814Ssimon 2279296341Sdelphij /* Cipher C00E */ 2280296341Sdelphij { 2281296341Sdelphij 1, 2282296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2283296341Sdelphij TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2284296341Sdelphij SSL_kECDHr, 2285296341Sdelphij SSL_aECDH, 2286296341Sdelphij SSL_AES128, 2287296341Sdelphij SSL_SHA1, 2288296341Sdelphij SSL_TLSV1, 2289296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2290296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2291296341Sdelphij 128, 2292296341Sdelphij 128, 2293296341Sdelphij }, 2294160814Ssimon 2295296341Sdelphij /* Cipher C00F */ 2296296341Sdelphij { 2297296341Sdelphij 1, 2298296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2299296341Sdelphij TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2300296341Sdelphij SSL_kECDHr, 2301296341Sdelphij SSL_aECDH, 2302296341Sdelphij SSL_AES256, 2303296341Sdelphij SSL_SHA1, 2304296341Sdelphij SSL_TLSV1, 2305296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2306296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2307296341Sdelphij 256, 2308296341Sdelphij 256, 2309296341Sdelphij }, 2310160814Ssimon 2311296341Sdelphij /* Cipher C010 */ 2312296341Sdelphij { 2313296341Sdelphij 1, 2314296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2315296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2316296341Sdelphij SSL_kEECDH, 2317296341Sdelphij SSL_aRSA, 2318296341Sdelphij SSL_eNULL, 2319296341Sdelphij SSL_SHA1, 2320296341Sdelphij SSL_TLSV1, 2321296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2322296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2323296341Sdelphij 0, 2324296341Sdelphij 0, 2325296341Sdelphij }, 2326160814Ssimon 2327296341Sdelphij /* Cipher C011 */ 2328296341Sdelphij { 2329296341Sdelphij 1, 2330296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2331296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2332296341Sdelphij SSL_kEECDH, 2333296341Sdelphij SSL_aRSA, 2334296341Sdelphij SSL_RC4, 2335296341Sdelphij SSL_SHA1, 2336296341Sdelphij SSL_TLSV1, 2337296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 2338296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2339296341Sdelphij 128, 2340296341Sdelphij 128, 2341296341Sdelphij }, 2342160814Ssimon 2343296341Sdelphij /* Cipher C012 */ 2344296341Sdelphij { 2345296341Sdelphij 1, 2346296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2347296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2348296341Sdelphij SSL_kEECDH, 2349296341Sdelphij SSL_aRSA, 2350296341Sdelphij SSL_3DES, 2351296341Sdelphij SSL_SHA1, 2352296341Sdelphij SSL_TLSV1, 2353296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2354296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2355296341Sdelphij 112, 2356296341Sdelphij 168, 2357296341Sdelphij }, 2358160814Ssimon 2359296341Sdelphij /* Cipher C013 */ 2360296341Sdelphij { 2361296341Sdelphij 1, 2362296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2363296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2364296341Sdelphij SSL_kEECDH, 2365296341Sdelphij SSL_aRSA, 2366296341Sdelphij SSL_AES128, 2367296341Sdelphij SSL_SHA1, 2368296341Sdelphij SSL_TLSV1, 2369296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2370296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2371296341Sdelphij 128, 2372296341Sdelphij 128, 2373296341Sdelphij }, 2374160814Ssimon 2375296341Sdelphij /* Cipher C014 */ 2376296341Sdelphij { 2377296341Sdelphij 1, 2378296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2379296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2380296341Sdelphij SSL_kEECDH, 2381296341Sdelphij SSL_aRSA, 2382296341Sdelphij SSL_AES256, 2383296341Sdelphij SSL_SHA1, 2384296341Sdelphij SSL_TLSV1, 2385296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2386296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2387296341Sdelphij 256, 2388296341Sdelphij 256, 2389296341Sdelphij }, 2390160814Ssimon 2391296341Sdelphij /* Cipher C015 */ 2392296341Sdelphij { 2393296341Sdelphij 1, 2394296341Sdelphij TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2395296341Sdelphij TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2396296341Sdelphij SSL_kEECDH, 2397296341Sdelphij SSL_aNULL, 2398296341Sdelphij SSL_eNULL, 2399296341Sdelphij SSL_SHA1, 2400296341Sdelphij SSL_TLSV1, 2401296341Sdelphij SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2402296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2403296341Sdelphij 0, 2404296341Sdelphij 0, 2405296341Sdelphij }, 2406109998Smarkm 2407296341Sdelphij /* Cipher C016 */ 2408296341Sdelphij { 2409296341Sdelphij 1, 2410296341Sdelphij TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2411296341Sdelphij TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2412296341Sdelphij SSL_kEECDH, 2413296341Sdelphij SSL_aNULL, 2414296341Sdelphij SSL_RC4, 2415296341Sdelphij SSL_SHA1, 2416296341Sdelphij SSL_TLSV1, 2417296341Sdelphij SSL_NOT_EXP | SSL_MEDIUM, 2418296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2419296341Sdelphij 128, 2420296341Sdelphij 128, 2421296341Sdelphij }, 2422160814Ssimon 2423296341Sdelphij /* Cipher C017 */ 2424296341Sdelphij { 2425296341Sdelphij 1, 2426296341Sdelphij TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2427296341Sdelphij TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2428296341Sdelphij SSL_kEECDH, 2429296341Sdelphij SSL_aNULL, 2430296341Sdelphij SSL_3DES, 2431296341Sdelphij SSL_SHA1, 2432296341Sdelphij SSL_TLSV1, 2433296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2434296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2435296341Sdelphij 112, 2436296341Sdelphij 168, 2437296341Sdelphij }, 2438160814Ssimon 2439296341Sdelphij /* Cipher C018 */ 2440296341Sdelphij { 2441296341Sdelphij 1, 2442296341Sdelphij TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2443296341Sdelphij TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2444296341Sdelphij SSL_kEECDH, 2445296341Sdelphij SSL_aNULL, 2446296341Sdelphij SSL_AES128, 2447296341Sdelphij SSL_SHA1, 2448296341Sdelphij SSL_TLSV1, 2449296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2450296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2451296341Sdelphij 128, 2452296341Sdelphij 128, 2453296341Sdelphij }, 2454160814Ssimon 2455296341Sdelphij /* Cipher C019 */ 2456296341Sdelphij { 2457296341Sdelphij 1, 2458296341Sdelphij TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2459296341Sdelphij TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2460296341Sdelphij SSL_kEECDH, 2461296341Sdelphij SSL_aNULL, 2462296341Sdelphij SSL_AES256, 2463296341Sdelphij SSL_SHA1, 2464296341Sdelphij SSL_TLSV1, 2465296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2466296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2467296341Sdelphij 256, 2468296341Sdelphij 256, 2469296341Sdelphij }, 2470296341Sdelphij#endif /* OPENSSL_NO_ECDH */ 2471160814Ssimon 2472238405Sjkim#ifndef OPENSSL_NO_SRP 2473296341Sdelphij /* Cipher C01A */ 2474296341Sdelphij { 2475296341Sdelphij 1, 2476296341Sdelphij TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2477296341Sdelphij TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2478296341Sdelphij SSL_kSRP, 2479296341Sdelphij SSL_aSRP, 2480296341Sdelphij SSL_3DES, 2481296341Sdelphij SSL_SHA1, 2482296341Sdelphij SSL_TLSV1, 2483296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2484296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2485296341Sdelphij 112, 2486296341Sdelphij 168, 2487296341Sdelphij }, 2488162911Ssimon 2489296341Sdelphij /* Cipher C01B */ 2490296341Sdelphij { 2491296341Sdelphij 1, 2492296341Sdelphij TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2493296341Sdelphij TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2494296341Sdelphij SSL_kSRP, 2495296341Sdelphij SSL_aRSA, 2496296341Sdelphij SSL_3DES, 2497296341Sdelphij SSL_SHA1, 2498296341Sdelphij SSL_TLSV1, 2499296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2500296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2501296341Sdelphij 112, 2502296341Sdelphij 168, 2503296341Sdelphij }, 2504238405Sjkim 2505296341Sdelphij /* Cipher C01C */ 2506296341Sdelphij { 2507296341Sdelphij 1, 2508296341Sdelphij TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2509296341Sdelphij TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2510296341Sdelphij SSL_kSRP, 2511296341Sdelphij SSL_aDSS, 2512296341Sdelphij SSL_3DES, 2513296341Sdelphij SSL_SHA1, 2514296341Sdelphij SSL_TLSV1, 2515296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2516296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2517296341Sdelphij 112, 2518296341Sdelphij 168, 2519296341Sdelphij }, 2520238405Sjkim 2521296341Sdelphij /* Cipher C01D */ 2522296341Sdelphij { 2523296341Sdelphij 1, 2524296341Sdelphij TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2525296341Sdelphij TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2526296341Sdelphij SSL_kSRP, 2527296341Sdelphij SSL_aSRP, 2528296341Sdelphij SSL_AES128, 2529296341Sdelphij SSL_SHA1, 2530296341Sdelphij SSL_TLSV1, 2531296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2532296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2533296341Sdelphij 128, 2534296341Sdelphij 128, 2535296341Sdelphij }, 2536238405Sjkim 2537296341Sdelphij /* Cipher C01E */ 2538296341Sdelphij { 2539296341Sdelphij 1, 2540296341Sdelphij TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2541296341Sdelphij TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2542296341Sdelphij SSL_kSRP, 2543296341Sdelphij SSL_aRSA, 2544296341Sdelphij SSL_AES128, 2545296341Sdelphij SSL_SHA1, 2546296341Sdelphij SSL_TLSV1, 2547296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2548296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2549296341Sdelphij 128, 2550296341Sdelphij 128, 2551296341Sdelphij }, 2552238405Sjkim 2553296341Sdelphij /* Cipher C01F */ 2554296341Sdelphij { 2555296341Sdelphij 1, 2556296341Sdelphij TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2557296341Sdelphij TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2558296341Sdelphij SSL_kSRP, 2559296341Sdelphij SSL_aDSS, 2560296341Sdelphij SSL_AES128, 2561296341Sdelphij SSL_SHA1, 2562296341Sdelphij SSL_TLSV1, 2563296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2564296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2565296341Sdelphij 128, 2566296341Sdelphij 128, 2567296341Sdelphij }, 2568238405Sjkim 2569296341Sdelphij /* Cipher C020 */ 2570296341Sdelphij { 2571296341Sdelphij 1, 2572296341Sdelphij TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2573296341Sdelphij TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2574296341Sdelphij SSL_kSRP, 2575296341Sdelphij SSL_aSRP, 2576296341Sdelphij SSL_AES256, 2577296341Sdelphij SSL_SHA1, 2578296341Sdelphij SSL_TLSV1, 2579296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2580296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2581296341Sdelphij 256, 2582296341Sdelphij 256, 2583296341Sdelphij }, 2584238405Sjkim 2585296341Sdelphij /* Cipher C021 */ 2586296341Sdelphij { 2587296341Sdelphij 1, 2588296341Sdelphij TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2589296341Sdelphij TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2590296341Sdelphij SSL_kSRP, 2591296341Sdelphij SSL_aRSA, 2592296341Sdelphij SSL_AES256, 2593296341Sdelphij SSL_SHA1, 2594296341Sdelphij SSL_TLSV1, 2595296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2596296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2597296341Sdelphij 256, 2598296341Sdelphij 256, 2599296341Sdelphij }, 2600238405Sjkim 2601296341Sdelphij /* Cipher C022 */ 2602296341Sdelphij { 2603296341Sdelphij 1, 2604296341Sdelphij TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2605296341Sdelphij TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2606296341Sdelphij SSL_kSRP, 2607296341Sdelphij SSL_aDSS, 2608296341Sdelphij SSL_AES256, 2609296341Sdelphij SSL_SHA1, 2610296341Sdelphij SSL_TLSV1, 2611296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2612296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2613296341Sdelphij 256, 2614296341Sdelphij 256, 2615296341Sdelphij }, 2616296341Sdelphij#endif /* OPENSSL_NO_SRP */ 2617238405Sjkim#ifndef OPENSSL_NO_ECDH 2618238405Sjkim 2619296341Sdelphij /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2620238405Sjkim 2621296341Sdelphij /* Cipher C023 */ 2622296341Sdelphij { 2623296341Sdelphij 1, 2624296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2625296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2626296341Sdelphij SSL_kEECDH, 2627296341Sdelphij SSL_aECDSA, 2628296341Sdelphij SSL_AES128, 2629296341Sdelphij SSL_SHA256, 2630296341Sdelphij SSL_TLSV1_2, 2631296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2632296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2633296341Sdelphij 128, 2634296341Sdelphij 128, 2635296341Sdelphij }, 2636238405Sjkim 2637296341Sdelphij /* Cipher C024 */ 2638296341Sdelphij { 2639296341Sdelphij 1, 2640296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2641296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2642296341Sdelphij SSL_kEECDH, 2643296341Sdelphij SSL_aECDSA, 2644296341Sdelphij SSL_AES256, 2645296341Sdelphij SSL_SHA384, 2646296341Sdelphij SSL_TLSV1_2, 2647296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2648296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2649296341Sdelphij 256, 2650296341Sdelphij 256, 2651296341Sdelphij }, 2652238405Sjkim 2653296341Sdelphij /* Cipher C025 */ 2654296341Sdelphij { 2655296341Sdelphij 1, 2656296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2657296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2658296341Sdelphij SSL_kECDHe, 2659296341Sdelphij SSL_aECDH, 2660296341Sdelphij SSL_AES128, 2661296341Sdelphij SSL_SHA256, 2662296341Sdelphij SSL_TLSV1_2, 2663296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2664296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2665296341Sdelphij 128, 2666296341Sdelphij 128, 2667296341Sdelphij }, 2668238405Sjkim 2669296341Sdelphij /* Cipher C026 */ 2670296341Sdelphij { 2671296341Sdelphij 1, 2672296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2673296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2674296341Sdelphij SSL_kECDHe, 2675296341Sdelphij SSL_aECDH, 2676296341Sdelphij SSL_AES256, 2677296341Sdelphij SSL_SHA384, 2678296341Sdelphij SSL_TLSV1_2, 2679296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2680296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2681296341Sdelphij 256, 2682296341Sdelphij 256, 2683296341Sdelphij }, 2684238405Sjkim 2685296341Sdelphij /* Cipher C027 */ 2686296341Sdelphij { 2687296341Sdelphij 1, 2688296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2689296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2690296341Sdelphij SSL_kEECDH, 2691296341Sdelphij SSL_aRSA, 2692296341Sdelphij SSL_AES128, 2693296341Sdelphij SSL_SHA256, 2694296341Sdelphij SSL_TLSV1_2, 2695296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2696296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2697296341Sdelphij 128, 2698296341Sdelphij 128, 2699296341Sdelphij }, 2700238405Sjkim 2701296341Sdelphij /* Cipher C028 */ 2702296341Sdelphij { 2703296341Sdelphij 1, 2704296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2705296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2706296341Sdelphij SSL_kEECDH, 2707296341Sdelphij SSL_aRSA, 2708296341Sdelphij SSL_AES256, 2709296341Sdelphij SSL_SHA384, 2710296341Sdelphij SSL_TLSV1_2, 2711296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2712296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2713296341Sdelphij 256, 2714296341Sdelphij 256, 2715296341Sdelphij }, 2716238405Sjkim 2717296341Sdelphij /* Cipher C029 */ 2718296341Sdelphij { 2719296341Sdelphij 1, 2720296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2721296341Sdelphij TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2722296341Sdelphij SSL_kECDHr, 2723296341Sdelphij SSL_aECDH, 2724296341Sdelphij SSL_AES128, 2725296341Sdelphij SSL_SHA256, 2726296341Sdelphij SSL_TLSV1_2, 2727296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2728296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2729296341Sdelphij 128, 2730296341Sdelphij 128, 2731296341Sdelphij }, 2732238405Sjkim 2733296341Sdelphij /* Cipher C02A */ 2734296341Sdelphij { 2735296341Sdelphij 1, 2736296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2737296341Sdelphij TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2738296341Sdelphij SSL_kECDHr, 2739296341Sdelphij SSL_aECDH, 2740296341Sdelphij SSL_AES256, 2741296341Sdelphij SSL_SHA384, 2742296341Sdelphij SSL_TLSV1_2, 2743296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2744296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2745296341Sdelphij 256, 2746296341Sdelphij 256, 2747296341Sdelphij }, 2748238405Sjkim 2749296341Sdelphij /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2750238405Sjkim 2751296341Sdelphij /* Cipher C02B */ 2752296341Sdelphij { 2753296341Sdelphij 1, 2754296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2755296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2756296341Sdelphij SSL_kEECDH, 2757296341Sdelphij SSL_aECDSA, 2758296341Sdelphij SSL_AES128GCM, 2759296341Sdelphij SSL_AEAD, 2760296341Sdelphij SSL_TLSV1_2, 2761296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2762296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2763296341Sdelphij 128, 2764296341Sdelphij 128, 2765296341Sdelphij }, 2766238405Sjkim 2767296341Sdelphij /* Cipher C02C */ 2768296341Sdelphij { 2769296341Sdelphij 1, 2770296341Sdelphij TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2771296341Sdelphij TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2772296341Sdelphij SSL_kEECDH, 2773296341Sdelphij SSL_aECDSA, 2774296341Sdelphij SSL_AES256GCM, 2775296341Sdelphij SSL_AEAD, 2776296341Sdelphij SSL_TLSV1_2, 2777296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2778296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2779296341Sdelphij 256, 2780296341Sdelphij 256, 2781296341Sdelphij }, 2782238405Sjkim 2783296341Sdelphij /* Cipher C02D */ 2784296341Sdelphij { 2785296341Sdelphij 1, 2786296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2787296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2788296341Sdelphij SSL_kECDHe, 2789296341Sdelphij SSL_aECDH, 2790296341Sdelphij SSL_AES128GCM, 2791296341Sdelphij SSL_AEAD, 2792296341Sdelphij SSL_TLSV1_2, 2793296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2794296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2795296341Sdelphij 128, 2796296341Sdelphij 128, 2797296341Sdelphij }, 2798238405Sjkim 2799296341Sdelphij /* Cipher C02E */ 2800296341Sdelphij { 2801296341Sdelphij 1, 2802296341Sdelphij TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2803296341Sdelphij TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2804296341Sdelphij SSL_kECDHe, 2805296341Sdelphij SSL_aECDH, 2806296341Sdelphij SSL_AES256GCM, 2807296341Sdelphij SSL_AEAD, 2808296341Sdelphij SSL_TLSV1_2, 2809296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2810296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2811296341Sdelphij 256, 2812296341Sdelphij 256, 2813296341Sdelphij }, 2814238405Sjkim 2815296341Sdelphij /* Cipher C02F */ 2816296341Sdelphij { 2817296341Sdelphij 1, 2818296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2819296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2820296341Sdelphij SSL_kEECDH, 2821296341Sdelphij SSL_aRSA, 2822296341Sdelphij SSL_AES128GCM, 2823296341Sdelphij SSL_AEAD, 2824296341Sdelphij SSL_TLSV1_2, 2825296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2826296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2827296341Sdelphij 128, 2828296341Sdelphij 128, 2829296341Sdelphij }, 2830238405Sjkim 2831296341Sdelphij /* Cipher C030 */ 2832296341Sdelphij { 2833296341Sdelphij 1, 2834296341Sdelphij TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2835296341Sdelphij TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2836296341Sdelphij SSL_kEECDH, 2837296341Sdelphij SSL_aRSA, 2838296341Sdelphij SSL_AES256GCM, 2839296341Sdelphij SSL_AEAD, 2840296341Sdelphij SSL_TLSV1_2, 2841296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2842296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2843296341Sdelphij 256, 2844296341Sdelphij 256, 2845296341Sdelphij }, 2846238405Sjkim 2847296341Sdelphij /* Cipher C031 */ 2848296341Sdelphij { 2849296341Sdelphij 1, 2850296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2851296341Sdelphij TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2852296341Sdelphij SSL_kECDHr, 2853296341Sdelphij SSL_aECDH, 2854296341Sdelphij SSL_AES128GCM, 2855296341Sdelphij SSL_AEAD, 2856296341Sdelphij SSL_TLSV1_2, 2857296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2858296341Sdelphij SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2859296341Sdelphij 128, 2860296341Sdelphij 128, 2861296341Sdelphij }, 2862238405Sjkim 2863296341Sdelphij /* Cipher C032 */ 2864296341Sdelphij { 2865296341Sdelphij 1, 2866296341Sdelphij TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2867296341Sdelphij TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2868296341Sdelphij SSL_kECDHr, 2869296341Sdelphij SSL_aECDH, 2870296341Sdelphij SSL_AES256GCM, 2871296341Sdelphij SSL_AEAD, 2872296341Sdelphij SSL_TLSV1_2, 2873296341Sdelphij SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2874296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2875296341Sdelphij 256, 2876296341Sdelphij 256, 2877296341Sdelphij }, 2878238405Sjkim 2879296341Sdelphij#endif /* OPENSSL_NO_ECDH */ 2880238405Sjkim 2881238405Sjkim#ifdef TEMP_GOST_TLS 2882238405Sjkim/* Cipher FF00 */ 2883296341Sdelphij { 2884296341Sdelphij 1, 2885296341Sdelphij "GOST-MD5", 2886296341Sdelphij 0x0300ff00, 2887296341Sdelphij SSL_kRSA, 2888296341Sdelphij SSL_aRSA, 2889296341Sdelphij SSL_eGOST2814789CNT, 2890296341Sdelphij SSL_MD5, 2891296341Sdelphij SSL_TLSV1, 2892296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2893296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2894296341Sdelphij 256, 2895296341Sdelphij 256, 2896296341Sdelphij }, 2897296341Sdelphij { 2898296341Sdelphij 1, 2899296341Sdelphij "GOST-GOST94", 2900296341Sdelphij 0x0300ff01, 2901296341Sdelphij SSL_kRSA, 2902296341Sdelphij SSL_aRSA, 2903296341Sdelphij SSL_eGOST2814789CNT, 2904296341Sdelphij SSL_GOST94, 2905296341Sdelphij SSL_TLSV1, 2906296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2907296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2908296341Sdelphij 256, 2909296341Sdelphij 256}, 2910296341Sdelphij { 2911296341Sdelphij 1, 2912296341Sdelphij "GOST-GOST89MAC", 2913296341Sdelphij 0x0300ff02, 2914296341Sdelphij SSL_kRSA, 2915296341Sdelphij SSL_aRSA, 2916296341Sdelphij SSL_eGOST2814789CNT, 2917296341Sdelphij SSL_GOST89MAC, 2918296341Sdelphij SSL_TLSV1, 2919296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2920296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2921296341Sdelphij 256, 2922296341Sdelphij 256}, 2923296341Sdelphij { 2924296341Sdelphij 1, 2925296341Sdelphij "GOST-GOST89STREAM", 2926296341Sdelphij 0x0300ff03, 2927296341Sdelphij SSL_kRSA, 2928296341Sdelphij SSL_aRSA, 2929296341Sdelphij SSL_eGOST2814789CNT, 2930296341Sdelphij SSL_GOST89MAC, 2931296341Sdelphij SSL_TLSV1, 2932296341Sdelphij SSL_NOT_EXP | SSL_HIGH, 2933296341Sdelphij SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC, 2934296341Sdelphij 256, 2935296341Sdelphij 256}, 2936238405Sjkim#endif 2937238405Sjkim 293855714Skris/* end of list */ 2939296341Sdelphij}; 294055714Skris 2941296341SdelphijSSL3_ENC_METHOD SSLv3_enc_data = { 2942296341Sdelphij ssl3_enc, 2943296341Sdelphij n_ssl3_mac, 2944296341Sdelphij ssl3_setup_key_block, 2945296341Sdelphij ssl3_generate_master_secret, 2946296341Sdelphij ssl3_change_cipher_state, 2947296341Sdelphij ssl3_final_finish_mac, 2948296341Sdelphij MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 2949296341Sdelphij ssl3_cert_verify_mac, 2950296341Sdelphij SSL3_MD_CLIENT_FINISHED_CONST, 4, 2951296341Sdelphij SSL3_MD_SERVER_FINISHED_CONST, 4, 2952296341Sdelphij ssl3_alert_code, 2953296341Sdelphij (int (*)(SSL *, unsigned char *, size_t, const char *, 2954296341Sdelphij size_t, const unsigned char *, size_t, 2955296341Sdelphij int use_context))ssl_undefined_function, 2956296341Sdelphij}; 295755714Skris 2958160814Ssimonlong ssl3_default_timeout(void) 2959296341Sdelphij{ 2960296341Sdelphij /* 2961296341Sdelphij * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for 2962296341Sdelphij * http, the cache would over fill 2963296341Sdelphij */ 2964296341Sdelphij return (60 * 60 * 2); 2965296341Sdelphij} 296655714Skris 296755714Skrisint ssl3_num_ciphers(void) 2968296341Sdelphij{ 2969296341Sdelphij return (SSL3_NUM_CIPHERS); 2970296341Sdelphij} 297155714Skris 2972238405Sjkimconst SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2973296341Sdelphij{ 2974296341Sdelphij if (u < SSL3_NUM_CIPHERS) 2975296341Sdelphij return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 2976296341Sdelphij else 2977296341Sdelphij return (NULL); 2978296341Sdelphij} 297955714Skris 2980160814Ssimonint ssl3_pending(const SSL *s) 2981296341Sdelphij{ 2982296341Sdelphij if (s->rstate == SSL_ST_READ_BODY) 2983296341Sdelphij return 0; 298455714Skris 2985296341Sdelphij return (s->s3->rrec.type == 2986296341Sdelphij SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2987296341Sdelphij} 2988296341Sdelphij 298955714Skrisint ssl3_new(SSL *s) 2990296341Sdelphij{ 2991296341Sdelphij SSL3_STATE *s3; 299255714Skris 2993296341Sdelphij if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) 2994296341Sdelphij goto err; 2995296341Sdelphij memset(s3, 0, sizeof *s3); 2996296341Sdelphij memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2997296341Sdelphij memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 299855714Skris 2999296341Sdelphij s->s3 = s3; 300055714Skris 3001238405Sjkim#ifndef OPENSSL_NO_SRP 3002296341Sdelphij SSL_SRP_CTX_init(s); 3003238405Sjkim#endif 3004296341Sdelphij s->method->ssl_clear(s); 3005296341Sdelphij return (1); 3006296341Sdelphij err: 3007296341Sdelphij return (0); 3008296341Sdelphij} 300955714Skris 301055714Skrisvoid ssl3_free(SSL *s) 3011296341Sdelphij{ 3012296341Sdelphij if (s == NULL) 3013296341Sdelphij return; 301455714Skris 3015238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 3016296341Sdelphij if (s->s3->client_opaque_prf_input != NULL) 3017296341Sdelphij OPENSSL_free(s->s3->client_opaque_prf_input); 3018296341Sdelphij if (s->s3->server_opaque_prf_input != NULL) 3019296341Sdelphij OPENSSL_free(s->s3->server_opaque_prf_input); 3020238405Sjkim#endif 3021238405Sjkim 3022296341Sdelphij ssl3_cleanup_key_block(s); 3023296341Sdelphij if (s->s3->rbuf.buf != NULL) 3024296341Sdelphij ssl3_release_read_buffer(s); 3025296341Sdelphij if (s->s3->wbuf.buf != NULL) 3026296341Sdelphij ssl3_release_write_buffer(s); 3027296341Sdelphij if (s->s3->rrec.comp != NULL) 3028296341Sdelphij OPENSSL_free(s->s3->rrec.comp); 3029109998Smarkm#ifndef OPENSSL_NO_DH 3030296341Sdelphij if (s->s3->tmp.dh != NULL) 3031296341Sdelphij DH_free(s->s3->tmp.dh); 303255714Skris#endif 3033160814Ssimon#ifndef OPENSSL_NO_ECDH 3034296341Sdelphij if (s->s3->tmp.ecdh != NULL) 3035296341Sdelphij EC_KEY_free(s->s3->tmp.ecdh); 3036160814Ssimon#endif 3037160814Ssimon 3038296341Sdelphij if (s->s3->tmp.ca_names != NULL) 3039296341Sdelphij sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 3040296341Sdelphij if (s->s3->handshake_buffer) { 3041296341Sdelphij BIO_free(s->s3->handshake_buffer); 3042296341Sdelphij } 3043296341Sdelphij if (s->s3->handshake_dgst) 3044296341Sdelphij ssl3_free_digest_list(s); 3045238405Sjkim#ifndef OPENSSL_NO_SRP 3046296341Sdelphij SSL_SRP_CTX_free(s); 3047238405Sjkim#endif 3048296341Sdelphij OPENSSL_cleanse(s->s3, sizeof *s->s3); 3049296341Sdelphij OPENSSL_free(s->s3); 3050296341Sdelphij s->s3 = NULL; 3051296341Sdelphij} 305255714Skris 305355714Skrisvoid ssl3_clear(SSL *s) 3054296341Sdelphij{ 3055296341Sdelphij unsigned char *rp, *wp; 3056296341Sdelphij size_t rlen, wlen; 3057296341Sdelphij int init_extra; 305855714Skris 3059238405Sjkim#ifdef TLSEXT_TYPE_opaque_prf_input 3060296341Sdelphij if (s->s3->client_opaque_prf_input != NULL) 3061296341Sdelphij OPENSSL_free(s->s3->client_opaque_prf_input); 3062296341Sdelphij s->s3->client_opaque_prf_input = NULL; 3063296341Sdelphij if (s->s3->server_opaque_prf_input != NULL) 3064296341Sdelphij OPENSSL_free(s->s3->server_opaque_prf_input); 3065296341Sdelphij s->s3->server_opaque_prf_input = NULL; 3066238405Sjkim#endif 3067238405Sjkim 3068296341Sdelphij ssl3_cleanup_key_block(s); 3069296341Sdelphij if (s->s3->tmp.ca_names != NULL) 3070296341Sdelphij sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 307155714Skris 3072296341Sdelphij if (s->s3->rrec.comp != NULL) { 3073296341Sdelphij OPENSSL_free(s->s3->rrec.comp); 3074296341Sdelphij s->s3->rrec.comp = NULL; 3075296341Sdelphij } 3076109998Smarkm#ifndef OPENSSL_NO_DH 3077296341Sdelphij if (s->s3->tmp.dh != NULL) { 3078296341Sdelphij DH_free(s->s3->tmp.dh); 3079296341Sdelphij s->s3->tmp.dh = NULL; 3080296341Sdelphij } 308159191Skris#endif 3082160814Ssimon#ifndef OPENSSL_NO_ECDH 3083296341Sdelphij if (s->s3->tmp.ecdh != NULL) { 3084296341Sdelphij EC_KEY_free(s->s3->tmp.ecdh); 3085296341Sdelphij s->s3->tmp.ecdh = NULL; 3086296341Sdelphij } 3087160814Ssimon#endif 3088264331Sjkim#ifndef OPENSSL_NO_TLSEXT 3089296341Sdelphij# ifndef OPENSSL_NO_EC 3090296341Sdelphij s->s3->is_probably_safari = 0; 3091296341Sdelphij# endif /* !OPENSSL_NO_EC */ 3092296341Sdelphij#endif /* !OPENSSL_NO_TLSEXT */ 309355714Skris 3094296341Sdelphij rp = s->s3->rbuf.buf; 3095296341Sdelphij wp = s->s3->wbuf.buf; 3096296341Sdelphij rlen = s->s3->rbuf.len; 3097296341Sdelphij wlen = s->s3->wbuf.len; 3098296341Sdelphij init_extra = s->s3->init_extra; 3099296341Sdelphij if (s->s3->handshake_buffer) { 3100296341Sdelphij BIO_free(s->s3->handshake_buffer); 3101296341Sdelphij s->s3->handshake_buffer = NULL; 3102296341Sdelphij } 3103296341Sdelphij if (s->s3->handshake_dgst) { 3104296341Sdelphij ssl3_free_digest_list(s); 3105296341Sdelphij } 3106296341Sdelphij memset(s->s3, 0, sizeof *s->s3); 3107296341Sdelphij s->s3->rbuf.buf = rp; 3108296341Sdelphij s->s3->wbuf.buf = wp; 3109296341Sdelphij s->s3->rbuf.len = rlen; 3110296341Sdelphij s->s3->wbuf.len = wlen; 3111296341Sdelphij s->s3->init_extra = init_extra; 311255714Skris 3113296341Sdelphij ssl_free_wbio_buffer(s); 311455714Skris 3115296341Sdelphij s->packet_length = 0; 3116296341Sdelphij s->s3->renegotiate = 0; 3117296341Sdelphij s->s3->total_renegotiations = 0; 3118296341Sdelphij s->s3->num_renegotiations = 0; 3119296341Sdelphij s->s3->in_read_app_data = 0; 3120296341Sdelphij s->version = SSL3_VERSION; 3121238405Sjkim 3122238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3123296341Sdelphij if (s->next_proto_negotiated) { 3124296341Sdelphij OPENSSL_free(s->next_proto_negotiated); 3125296341Sdelphij s->next_proto_negotiated = NULL; 3126296341Sdelphij s->next_proto_negotiated_len = 0; 3127296341Sdelphij } 3128238405Sjkim#endif 3129296341Sdelphij} 313055714Skris 3131238405Sjkim#ifndef OPENSSL_NO_SRP 3132296341Sdelphijstatic char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg) 3133296341Sdelphij{ 3134296341Sdelphij return BUF_strdup(s->srp_ctx.info); 3135296341Sdelphij} 3136238405Sjkim#endif 3137238405Sjkim 3138109998Smarkmlong ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3139296341Sdelphij{ 3140296341Sdelphij int ret = 0; 314155714Skris 3142109998Smarkm#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3143296341Sdelphij if ( 3144296341Sdelphij# ifndef OPENSSL_NO_RSA 3145296341Sdelphij cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || 3146296341Sdelphij# endif 3147296341Sdelphij# ifndef OPENSSL_NO_DSA 3148296341Sdelphij cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB || 3149296341Sdelphij# endif 3150296341Sdelphij 0) { 3151296341Sdelphij if (!ssl_cert_inst(&s->cert)) { 3152296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 3153296341Sdelphij return (0); 3154296341Sdelphij } 3155296341Sdelphij } 315655714Skris#endif 315755714Skris 3158296341Sdelphij switch (cmd) { 3159296341Sdelphij case SSL_CTRL_GET_SESSION_REUSED: 3160296341Sdelphij ret = s->hit; 3161296341Sdelphij break; 3162296341Sdelphij case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3163296341Sdelphij break; 3164296341Sdelphij case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3165296341Sdelphij ret = s->s3->num_renegotiations; 3166296341Sdelphij break; 3167296341Sdelphij case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3168296341Sdelphij ret = s->s3->num_renegotiations; 3169296341Sdelphij s->s3->num_renegotiations = 0; 3170296341Sdelphij break; 3171296341Sdelphij case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3172296341Sdelphij ret = s->s3->total_renegotiations; 3173296341Sdelphij break; 3174296341Sdelphij case SSL_CTRL_GET_FLAGS: 3175296341Sdelphij ret = (int)(s->s3->flags); 3176296341Sdelphij break; 3177109998Smarkm#ifndef OPENSSL_NO_RSA 3178296341Sdelphij case SSL_CTRL_NEED_TMP_RSA: 3179296341Sdelphij if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 3180296341Sdelphij ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3181296341Sdelphij (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > 3182296341Sdelphij (512 / 8)))) 3183296341Sdelphij ret = 1; 3184296341Sdelphij break; 3185296341Sdelphij case SSL_CTRL_SET_TMP_RSA: 3186296341Sdelphij { 3187296341Sdelphij RSA *rsa = (RSA *)parg; 3188296341Sdelphij if (rsa == NULL) { 3189296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3190296341Sdelphij return (ret); 3191296341Sdelphij } 3192296341Sdelphij if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { 3193296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 3194296341Sdelphij return (ret); 3195296341Sdelphij } 3196296341Sdelphij if (s->cert->rsa_tmp != NULL) 3197296341Sdelphij RSA_free(s->cert->rsa_tmp); 3198296341Sdelphij s->cert->rsa_tmp = rsa; 3199296341Sdelphij ret = 1; 3200296341Sdelphij } 3201296341Sdelphij break; 3202296341Sdelphij case SSL_CTRL_SET_TMP_RSA_CB: 3203296341Sdelphij { 3204296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3205296341Sdelphij return (ret); 3206296341Sdelphij } 3207296341Sdelphij break; 320855714Skris#endif 3209109998Smarkm#ifndef OPENSSL_NO_DH 3210296341Sdelphij case SSL_CTRL_SET_TMP_DH: 3211296341Sdelphij { 3212296341Sdelphij DH *dh = (DH *)parg; 3213296341Sdelphij if (dh == NULL) { 3214296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3215296341Sdelphij return (ret); 3216296341Sdelphij } 3217296341Sdelphij if ((dh = DHparams_dup(dh)) == NULL) { 3218296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3219296341Sdelphij return (ret); 3220296341Sdelphij } 3221296341Sdelphij if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 3222296341Sdelphij if (!DH_generate_key(dh)) { 3223296341Sdelphij DH_free(dh); 3224296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3225296341Sdelphij return (ret); 3226296341Sdelphij } 3227296341Sdelphij } 3228296341Sdelphij if (s->cert->dh_tmp != NULL) 3229296341Sdelphij DH_free(s->cert->dh_tmp); 3230296341Sdelphij s->cert->dh_tmp = dh; 3231296341Sdelphij ret = 1; 3232296341Sdelphij } 3233296341Sdelphij break; 3234296341Sdelphij case SSL_CTRL_SET_TMP_DH_CB: 3235296341Sdelphij { 3236296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3237296341Sdelphij return (ret); 3238296341Sdelphij } 3239296341Sdelphij break; 324055714Skris#endif 3241160814Ssimon#ifndef OPENSSL_NO_ECDH 3242296341Sdelphij case SSL_CTRL_SET_TMP_ECDH: 3243296341Sdelphij { 3244296341Sdelphij EC_KEY *ecdh = NULL; 3245296341Sdelphij 3246296341Sdelphij if (parg == NULL) { 3247296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3248296341Sdelphij return (ret); 3249296341Sdelphij } 3250296341Sdelphij if (!EC_KEY_up_ref((EC_KEY *)parg)) { 3251296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3252296341Sdelphij return (ret); 3253296341Sdelphij } 3254296341Sdelphij ecdh = (EC_KEY *)parg; 3255296341Sdelphij if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 3256296341Sdelphij if (!EC_KEY_generate_key(ecdh)) { 3257296341Sdelphij EC_KEY_free(ecdh); 3258296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3259296341Sdelphij return (ret); 3260296341Sdelphij } 3261296341Sdelphij } 3262296341Sdelphij if (s->cert->ecdh_tmp != NULL) 3263296341Sdelphij EC_KEY_free(s->cert->ecdh_tmp); 3264296341Sdelphij s->cert->ecdh_tmp = ecdh; 3265296341Sdelphij ret = 1; 3266296341Sdelphij } 3267296341Sdelphij break; 3268296341Sdelphij case SSL_CTRL_SET_TMP_ECDH_CB: 3269296341Sdelphij { 3270296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3271296341Sdelphij return (ret); 3272296341Sdelphij } 3273296341Sdelphij break; 3274296341Sdelphij#endif /* !OPENSSL_NO_ECDH */ 3275194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3276296341Sdelphij case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3277296341Sdelphij if (larg == TLSEXT_NAMETYPE_host_name) { 3278296341Sdelphij if (s->tlsext_hostname != NULL) 3279296341Sdelphij OPENSSL_free(s->tlsext_hostname); 3280296341Sdelphij s->tlsext_hostname = NULL; 3281194206Ssimon 3282296341Sdelphij ret = 1; 3283296341Sdelphij if (parg == NULL) 3284296341Sdelphij break; 3285296341Sdelphij if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 3286296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3287296341Sdelphij return 0; 3288296341Sdelphij } 3289296341Sdelphij if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { 3290296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3291296341Sdelphij return 0; 3292296341Sdelphij } 3293296341Sdelphij } else { 3294296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3295296341Sdelphij return 0; 3296296341Sdelphij } 3297296341Sdelphij break; 3298296341Sdelphij case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3299296341Sdelphij s->tlsext_debug_arg = parg; 3300296341Sdelphij ret = 1; 3301296341Sdelphij break; 3302238405Sjkim 3303296341Sdelphij# ifdef TLSEXT_TYPE_opaque_prf_input 3304296341Sdelphij case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3305296341Sdelphij if (larg > 12288) { /* actual internal limit is 2^16 for the 3306296341Sdelphij * complete hello message * (including the 3307296341Sdelphij * cert chain and everything) */ 3308296341Sdelphij SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3309296341Sdelphij break; 3310296341Sdelphij } 3311296341Sdelphij if (s->tlsext_opaque_prf_input != NULL) 3312296341Sdelphij OPENSSL_free(s->tlsext_opaque_prf_input); 3313296341Sdelphij if ((size_t)larg == 0) 3314296341Sdelphij s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte 3315296341Sdelphij * just to get 3316296341Sdelphij * non-NULL */ 3317296341Sdelphij else 3318296341Sdelphij s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3319296341Sdelphij if (s->tlsext_opaque_prf_input != NULL) { 3320296341Sdelphij s->tlsext_opaque_prf_input_len = (size_t)larg; 3321296341Sdelphij ret = 1; 3322296341Sdelphij } else 3323296341Sdelphij s->tlsext_opaque_prf_input_len = 0; 3324296341Sdelphij break; 3325296341Sdelphij# endif 3326238405Sjkim 3327296341Sdelphij case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3328296341Sdelphij s->tlsext_status_type = larg; 3329296341Sdelphij ret = 1; 3330296341Sdelphij break; 3331194206Ssimon 3332296341Sdelphij case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 3333296341Sdelphij *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 3334296341Sdelphij ret = 1; 3335296341Sdelphij break; 3336194206Ssimon 3337296341Sdelphij case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 3338296341Sdelphij s->tlsext_ocsp_exts = parg; 3339296341Sdelphij ret = 1; 3340296341Sdelphij break; 3341194206Ssimon 3342296341Sdelphij case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 3343296341Sdelphij *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 3344296341Sdelphij ret = 1; 3345296341Sdelphij break; 3346194206Ssimon 3347296341Sdelphij case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 3348296341Sdelphij s->tlsext_ocsp_ids = parg; 3349296341Sdelphij ret = 1; 3350296341Sdelphij break; 3351194206Ssimon 3352296341Sdelphij case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3353296341Sdelphij *(unsigned char **)parg = s->tlsext_ocsp_resp; 3354296341Sdelphij return s->tlsext_ocsp_resplen; 3355194206Ssimon 3356296341Sdelphij case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3357296341Sdelphij if (s->tlsext_ocsp_resp) 3358296341Sdelphij OPENSSL_free(s->tlsext_ocsp_resp); 3359296341Sdelphij s->tlsext_ocsp_resp = parg; 3360296341Sdelphij s->tlsext_ocsp_resplen = larg; 3361296341Sdelphij ret = 1; 3362296341Sdelphij break; 3363238405Sjkim 3364296341Sdelphij# ifndef OPENSSL_NO_HEARTBEATS 3365296341Sdelphij case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: 3366296341Sdelphij if (SSL_version(s) == DTLS1_VERSION 3367296341Sdelphij || SSL_version(s) == DTLS1_BAD_VER) 3368296341Sdelphij ret = dtls1_heartbeat(s); 3369296341Sdelphij else 3370296341Sdelphij ret = tls1_heartbeat(s); 3371296341Sdelphij break; 3372238405Sjkim 3373296341Sdelphij case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING: 3374296341Sdelphij ret = s->tlsext_hb_pending; 3375296341Sdelphij break; 3376238405Sjkim 3377296341Sdelphij case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS: 3378296341Sdelphij if (larg) 3379296341Sdelphij s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3380296341Sdelphij else 3381296341Sdelphij s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3382296341Sdelphij ret = 1; 3383296341Sdelphij break; 3384296341Sdelphij# endif 3385273399Sdelphij 3386296341Sdelphij#endif /* !OPENSSL_NO_TLSEXT */ 3387296341Sdelphij 3388296341Sdelphij case SSL_CTRL_CHECK_PROTO_VERSION: 3389296341Sdelphij /* 3390296341Sdelphij * For library-internal use; checks that the current protocol is the 3391296341Sdelphij * highest enabled version (according to s->ctx->method, as version 3392296341Sdelphij * negotiation may have changed s->method). 3393296341Sdelphij */ 3394296341Sdelphij if (s->version == s->ctx->method->version) 3395296341Sdelphij return 1; 3396296341Sdelphij /* 3397296341Sdelphij * Apparently we're using a version-flexible SSL_METHOD (not at its 3398296341Sdelphij * highest protocol version). 3399296341Sdelphij */ 3400296341Sdelphij if (s->ctx->method->version == SSLv23_method()->version) { 3401273399Sdelphij#if TLS_MAX_VERSION != TLS1_2_VERSION 3402296341Sdelphij# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. 3403273399Sdelphij#endif 3404296341Sdelphij if (!(s->options & SSL_OP_NO_TLSv1_2)) 3405296341Sdelphij return s->version == TLS1_2_VERSION; 3406296341Sdelphij if (!(s->options & SSL_OP_NO_TLSv1_1)) 3407296341Sdelphij return s->version == TLS1_1_VERSION; 3408296341Sdelphij if (!(s->options & SSL_OP_NO_TLSv1)) 3409296341Sdelphij return s->version == TLS1_VERSION; 3410296341Sdelphij if (!(s->options & SSL_OP_NO_SSLv3)) 3411296341Sdelphij return s->version == SSL3_VERSION; 3412296341Sdelphij if (!(s->options & SSL_OP_NO_SSLv2)) 3413296341Sdelphij return s->version == SSL2_VERSION; 3414296341Sdelphij } 3415296341Sdelphij return 0; /* Unexpected state; fail closed. */ 3416273399Sdelphij 3417296341Sdelphij default: 3418296341Sdelphij break; 3419296341Sdelphij } 3420296341Sdelphij return (ret); 3421296341Sdelphij} 342255714Skris 3423296341Sdelphijlong ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 3424296341Sdelphij{ 3425296341Sdelphij int ret = 0; 342659191Skris 3427109998Smarkm#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3428296341Sdelphij if ( 3429296341Sdelphij# ifndef OPENSSL_NO_RSA 3430296341Sdelphij cmd == SSL_CTRL_SET_TMP_RSA_CB || 3431296341Sdelphij# endif 3432296341Sdelphij# ifndef OPENSSL_NO_DSA 3433296341Sdelphij cmd == SSL_CTRL_SET_TMP_DH_CB || 3434296341Sdelphij# endif 3435296341Sdelphij 0) { 3436296341Sdelphij if (!ssl_cert_inst(&s->cert)) { 3437296341Sdelphij SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3438296341Sdelphij return (0); 3439296341Sdelphij } 3440296341Sdelphij } 344159191Skris#endif 344259191Skris 3443296341Sdelphij switch (cmd) { 3444109998Smarkm#ifndef OPENSSL_NO_RSA 3445296341Sdelphij case SSL_CTRL_SET_TMP_RSA_CB: 3446296341Sdelphij { 3447296341Sdelphij s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3448296341Sdelphij } 3449296341Sdelphij break; 345059191Skris#endif 3451109998Smarkm#ifndef OPENSSL_NO_DH 3452296341Sdelphij case SSL_CTRL_SET_TMP_DH_CB: 3453296341Sdelphij { 3454296341Sdelphij s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3455296341Sdelphij } 3456296341Sdelphij break; 345759191Skris#endif 3458160814Ssimon#ifndef OPENSSL_NO_ECDH 3459296341Sdelphij case SSL_CTRL_SET_TMP_ECDH_CB: 3460296341Sdelphij { 3461296341Sdelphij s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3462296341Sdelphij } 3463296341Sdelphij break; 3464160814Ssimon#endif 3465194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3466296341Sdelphij case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3467296341Sdelphij s->tlsext_debug_cb = (void (*)(SSL *, int, int, 3468296341Sdelphij unsigned char *, int, void *))fp; 3469296341Sdelphij break; 3470194206Ssimon#endif 3471296341Sdelphij default: 3472296341Sdelphij break; 3473296341Sdelphij } 3474296341Sdelphij return (ret); 3475296341Sdelphij} 347659191Skris 3477109998Smarkmlong ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3478296341Sdelphij{ 3479296341Sdelphij CERT *cert; 348055714Skris 3481296341Sdelphij cert = ctx->cert; 348255714Skris 3483296341Sdelphij switch (cmd) { 3484109998Smarkm#ifndef OPENSSL_NO_RSA 3485296341Sdelphij case SSL_CTRL_NEED_TMP_RSA: 3486296341Sdelphij if ((cert->rsa_tmp == NULL) && 3487296341Sdelphij ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3488296341Sdelphij (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > 3489296341Sdelphij (512 / 8))) 3490296341Sdelphij ) 3491296341Sdelphij return (1); 3492296341Sdelphij else 3493296341Sdelphij return (0); 3494296341Sdelphij /* break; */ 3495296341Sdelphij case SSL_CTRL_SET_TMP_RSA: 3496296341Sdelphij { 3497296341Sdelphij RSA *rsa; 3498296341Sdelphij int i; 349955714Skris 3500296341Sdelphij rsa = (RSA *)parg; 3501296341Sdelphij i = 1; 3502296341Sdelphij if (rsa == NULL) 3503296341Sdelphij i = 0; 3504296341Sdelphij else { 3505296341Sdelphij if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 3506296341Sdelphij i = 0; 3507296341Sdelphij } 3508296341Sdelphij if (!i) { 3509296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); 3510296341Sdelphij return (0); 3511296341Sdelphij } else { 3512296341Sdelphij if (cert->rsa_tmp != NULL) 3513296341Sdelphij RSA_free(cert->rsa_tmp); 3514296341Sdelphij cert->rsa_tmp = rsa; 3515296341Sdelphij return (1); 3516296341Sdelphij } 3517296341Sdelphij } 3518296341Sdelphij /* break; */ 3519296341Sdelphij case SSL_CTRL_SET_TMP_RSA_CB: 3520296341Sdelphij { 3521296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3522296341Sdelphij return (0); 3523296341Sdelphij } 3524296341Sdelphij break; 352555714Skris#endif 3526109998Smarkm#ifndef OPENSSL_NO_DH 3527296341Sdelphij case SSL_CTRL_SET_TMP_DH: 3528296341Sdelphij { 3529296341Sdelphij DH *new = NULL, *dh; 353055714Skris 3531296341Sdelphij dh = (DH *)parg; 3532296341Sdelphij if ((new = DHparams_dup(dh)) == NULL) { 3533296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3534296341Sdelphij return 0; 3535296341Sdelphij } 3536296341Sdelphij if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 3537296341Sdelphij if (!DH_generate_key(new)) { 3538296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3539296341Sdelphij DH_free(new); 3540296341Sdelphij return 0; 3541296341Sdelphij } 3542296341Sdelphij } 3543296341Sdelphij if (cert->dh_tmp != NULL) 3544296341Sdelphij DH_free(cert->dh_tmp); 3545296341Sdelphij cert->dh_tmp = new; 3546296341Sdelphij return 1; 3547296341Sdelphij } 3548296341Sdelphij /* 3549296341Sdelphij * break; 3550296341Sdelphij */ 3551296341Sdelphij case SSL_CTRL_SET_TMP_DH_CB: 3552296341Sdelphij { 3553296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3554296341Sdelphij return (0); 3555296341Sdelphij } 3556296341Sdelphij break; 355755714Skris#endif 3558160814Ssimon#ifndef OPENSSL_NO_ECDH 3559296341Sdelphij case SSL_CTRL_SET_TMP_ECDH: 3560296341Sdelphij { 3561296341Sdelphij EC_KEY *ecdh = NULL; 3562160814Ssimon 3563296341Sdelphij if (parg == NULL) { 3564296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3565296341Sdelphij return 0; 3566296341Sdelphij } 3567296341Sdelphij ecdh = EC_KEY_dup((EC_KEY *)parg); 3568296341Sdelphij if (ecdh == NULL) { 3569296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); 3570296341Sdelphij return 0; 3571296341Sdelphij } 3572296341Sdelphij if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 3573296341Sdelphij if (!EC_KEY_generate_key(ecdh)) { 3574296341Sdelphij EC_KEY_free(ecdh); 3575296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3576296341Sdelphij return 0; 3577296341Sdelphij } 3578296341Sdelphij } 3579296341Sdelphij 3580296341Sdelphij if (cert->ecdh_tmp != NULL) { 3581296341Sdelphij EC_KEY_free(cert->ecdh_tmp); 3582296341Sdelphij } 3583296341Sdelphij cert->ecdh_tmp = ecdh; 3584296341Sdelphij return 1; 3585296341Sdelphij } 3586296341Sdelphij /* break; */ 3587296341Sdelphij case SSL_CTRL_SET_TMP_ECDH_CB: 3588296341Sdelphij { 3589296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3590296341Sdelphij return (0); 3591296341Sdelphij } 3592296341Sdelphij break; 3593296341Sdelphij#endif /* !OPENSSL_NO_ECDH */ 3594194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3595296341Sdelphij case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3596296341Sdelphij ctx->tlsext_servername_arg = parg; 3597296341Sdelphij break; 3598296341Sdelphij case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3599296341Sdelphij case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3600296341Sdelphij { 3601296341Sdelphij unsigned char *keys = parg; 3602296341Sdelphij if (!keys) 3603296341Sdelphij return 48; 3604296341Sdelphij if (larg != 48) { 3605296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3606296341Sdelphij return 0; 3607296341Sdelphij } 3608296341Sdelphij if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 3609296341Sdelphij memcpy(ctx->tlsext_tick_key_name, keys, 16); 3610296341Sdelphij memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 3611296341Sdelphij memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 3612296341Sdelphij } else { 3613296341Sdelphij memcpy(keys, ctx->tlsext_tick_key_name, 16); 3614296341Sdelphij memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3615296341Sdelphij memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3616296341Sdelphij } 3617296341Sdelphij return 1; 3618296341Sdelphij } 3619238405Sjkim 3620296341Sdelphij# ifdef TLSEXT_TYPE_opaque_prf_input 3621296341Sdelphij case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: 3622296341Sdelphij ctx->tlsext_opaque_prf_input_callback_arg = parg; 3623296341Sdelphij return 1; 3624296341Sdelphij# endif 3625238405Sjkim 3626296341Sdelphij case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3627296341Sdelphij ctx->tlsext_status_arg = parg; 3628296341Sdelphij return 1; 3629296341Sdelphij break; 3630194206Ssimon 3631296341Sdelphij# ifndef OPENSSL_NO_SRP 3632296341Sdelphij case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: 3633296341Sdelphij ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3634296341Sdelphij if (ctx->srp_ctx.login != NULL) 3635296341Sdelphij OPENSSL_free(ctx->srp_ctx.login); 3636296341Sdelphij ctx->srp_ctx.login = NULL; 3637296341Sdelphij if (parg == NULL) 3638296341Sdelphij break; 3639296341Sdelphij if (strlen((const char *)parg) > 255 3640296341Sdelphij || strlen((const char *)parg) < 1) { 3641296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3642296341Sdelphij return 0; 3643296341Sdelphij } 3644296341Sdelphij if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { 3645296341Sdelphij SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3646296341Sdelphij return 0; 3647296341Sdelphij } 3648296341Sdelphij break; 3649296341Sdelphij case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3650296341Sdelphij ctx->srp_ctx.SRP_give_srp_client_pwd_callback = 3651296341Sdelphij srp_password_from_info_cb; 3652296341Sdelphij ctx->srp_ctx.info = parg; 3653296341Sdelphij break; 3654296341Sdelphij case SSL_CTRL_SET_SRP_ARG: 3655296341Sdelphij ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3656296341Sdelphij ctx->srp_ctx.SRP_cb_arg = parg; 3657296341Sdelphij break; 3658238405Sjkim 3659296341Sdelphij case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3660296341Sdelphij ctx->srp_ctx.strength = larg; 3661296341Sdelphij break; 3662296341Sdelphij# endif 3663296341Sdelphij#endif /* !OPENSSL_NO_TLSEXT */ 3664238405Sjkim 3665296341Sdelphij /* A Thawte special :-) */ 3666296341Sdelphij case SSL_CTRL_EXTRA_CHAIN_CERT: 3667296341Sdelphij if (ctx->extra_certs == NULL) { 3668296341Sdelphij if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 3669296341Sdelphij return (0); 3670296341Sdelphij } 3671296341Sdelphij sk_X509_push(ctx->extra_certs, (X509 *)parg); 3672296341Sdelphij break; 367355714Skris 3674296341Sdelphij case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3675296341Sdelphij *(STACK_OF(X509) **)parg = ctx->extra_certs; 3676296341Sdelphij break; 3677238405Sjkim 3678296341Sdelphij case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3679296341Sdelphij if (ctx->extra_certs) { 3680296341Sdelphij sk_X509_pop_free(ctx->extra_certs, X509_free); 3681296341Sdelphij ctx->extra_certs = NULL; 3682296341Sdelphij } 3683296341Sdelphij break; 3684238405Sjkim 3685296341Sdelphij default: 3686296341Sdelphij return (0); 3687296341Sdelphij } 3688296341Sdelphij return (1); 3689296341Sdelphij} 369055714Skris 3691296341Sdelphijlong ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 3692296341Sdelphij{ 3693296341Sdelphij CERT *cert; 369459191Skris 3695296341Sdelphij cert = ctx->cert; 369659191Skris 3697296341Sdelphij switch (cmd) { 3698109998Smarkm#ifndef OPENSSL_NO_RSA 3699296341Sdelphij case SSL_CTRL_SET_TMP_RSA_CB: 3700296341Sdelphij { 3701296341Sdelphij cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3702296341Sdelphij } 3703296341Sdelphij break; 370459191Skris#endif 3705109998Smarkm#ifndef OPENSSL_NO_DH 3706296341Sdelphij case SSL_CTRL_SET_TMP_DH_CB: 3707296341Sdelphij { 3708296341Sdelphij cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3709296341Sdelphij } 3710296341Sdelphij break; 371159191Skris#endif 3712160814Ssimon#ifndef OPENSSL_NO_ECDH 3713296341Sdelphij case SSL_CTRL_SET_TMP_ECDH_CB: 3714296341Sdelphij { 3715296341Sdelphij cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3716296341Sdelphij } 3717296341Sdelphij break; 3718160814Ssimon#endif 3719194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3720296341Sdelphij case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3721296341Sdelphij ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; 3722296341Sdelphij break; 3723238405Sjkim 3724296341Sdelphij# ifdef TLSEXT_TYPE_opaque_prf_input 3725296341Sdelphij case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3726296341Sdelphij ctx->tlsext_opaque_prf_input_callback = 3727296341Sdelphij (int (*)(SSL *, void *, size_t, void *))fp; 3728296341Sdelphij break; 3729296341Sdelphij# endif 3730238405Sjkim 3731296341Sdelphij case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3732296341Sdelphij ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 3733296341Sdelphij break; 3734194206Ssimon 3735296341Sdelphij case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3736296341Sdelphij ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 3737296341Sdelphij unsigned char *, 3738296341Sdelphij EVP_CIPHER_CTX *, 3739296341Sdelphij HMAC_CTX *, int))fp; 3740296341Sdelphij break; 3741194206Ssimon 3742296341Sdelphij# ifndef OPENSSL_NO_SRP 3743296341Sdelphij case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3744296341Sdelphij ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3745296341Sdelphij ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp; 3746296341Sdelphij break; 3747296341Sdelphij case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3748296341Sdelphij ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3749296341Sdelphij ctx->srp_ctx.TLS_ext_srp_username_callback = 3750296341Sdelphij (int (*)(SSL *, int *, void *))fp; 3751296341Sdelphij break; 3752296341Sdelphij case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3753296341Sdelphij ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3754296341Sdelphij ctx->srp_ctx.SRP_give_srp_client_pwd_callback = 3755296341Sdelphij (char *(*)(SSL *, void *))fp; 3756296341Sdelphij break; 3757296341Sdelphij# endif 3758194206Ssimon#endif 3759273399Sdelphij 3760296341Sdelphij default: 3761296341Sdelphij return (0); 3762296341Sdelphij } 3763296341Sdelphij return (1); 3764296341Sdelphij} 376559191Skris 3766296341Sdelphij/* 3767296341Sdelphij * This function needs to check if the ciphers required are actually 3768296341Sdelphij * available 3769296341Sdelphij */ 3770238405Sjkimconst SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 3771296341Sdelphij{ 3772296341Sdelphij SSL_CIPHER c; 3773296341Sdelphij const SSL_CIPHER *cp; 3774296341Sdelphij unsigned long id; 377555714Skris 3776296341Sdelphij id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; 3777296341Sdelphij c.id = id; 3778296341Sdelphij cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3779238405Sjkim#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3780296341Sdelphij if (cp == NULL) 3781296341Sdelphij fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3782238405Sjkim#endif 3783296341Sdelphij if (cp == NULL || cp->valid == 0) 3784296341Sdelphij return NULL; 3785296341Sdelphij else 3786296341Sdelphij return cp; 3787296341Sdelphij} 378855714Skris 378955714Skrisint ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3790296341Sdelphij{ 3791296341Sdelphij long l; 379255714Skris 3793296341Sdelphij if (p != NULL) { 3794296341Sdelphij l = c->id; 3795296341Sdelphij if ((l & 0xff000000) != 0x03000000) 3796296341Sdelphij return (0); 3797296341Sdelphij p[0] = ((unsigned char)(l >> 8L)) & 0xFF; 3798296341Sdelphij p[1] = ((unsigned char)(l)) & 0xFF; 3799296341Sdelphij } 3800296341Sdelphij return (2); 3801296341Sdelphij} 380255714Skris 3803109998SmarkmSSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3804296341Sdelphij STACK_OF(SSL_CIPHER) *srvr) 3805296341Sdelphij{ 3806296341Sdelphij SSL_CIPHER *c, *ret = NULL; 3807296341Sdelphij STACK_OF(SSL_CIPHER) *prio, *allow; 3808296341Sdelphij int i, ii, ok; 3809238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3810296341Sdelphij unsigned int j; 3811296341Sdelphij int ec_ok, ec_nid; 3812296341Sdelphij unsigned char ec_search1 = 0, ec_search2 = 0; 3813238405Sjkim#endif 3814296341Sdelphij CERT *cert; 3815296341Sdelphij unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; 381655714Skris 3817296341Sdelphij /* Let's see which ciphers we can support */ 3818296341Sdelphij cert = s->cert; 381955714Skris 3820109998Smarkm#if 0 3821296341Sdelphij /* 3822296341Sdelphij * Do not set the compare functions, because this may lead to a 3823296341Sdelphij * reordering by "id". We want to keep the original ordering. We may pay 3824296341Sdelphij * a price in performance during sk_SSL_CIPHER_find(), but would have to 3825296341Sdelphij * pay with the price of sk_SSL_CIPHER_dup(). 3826296341Sdelphij */ 3827296341Sdelphij sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 3828296341Sdelphij sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3829109998Smarkm#endif 383055714Skris 383155714Skris#ifdef CIPHER_DEBUG 3832296341Sdelphij fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), 3833296341Sdelphij (void *)srvr); 3834296341Sdelphij for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { 3835296341Sdelphij c = sk_SSL_CIPHER_value(srvr, i); 3836296341Sdelphij fprintf(stderr, "%p:%s\n", (void *)c, c->name); 3837296341Sdelphij } 3838296341Sdelphij fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), 3839296341Sdelphij (void *)clnt); 3840296341Sdelphij for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { 3841296341Sdelphij c = sk_SSL_CIPHER_value(clnt, i); 3842296341Sdelphij fprintf(stderr, "%p:%s\n", (void *)c, c->name); 3843296341Sdelphij } 384455714Skris#endif 384555714Skris 3846296341Sdelphij if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 3847296341Sdelphij prio = srvr; 3848296341Sdelphij allow = clnt; 3849296341Sdelphij } else { 3850296341Sdelphij prio = clnt; 3851296341Sdelphij allow = srvr; 3852296341Sdelphij } 3853109998Smarkm 3854296341Sdelphij for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 3855296341Sdelphij c = sk_SSL_CIPHER_value(prio, i); 385655714Skris 3857296341Sdelphij /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3858296341Sdelphij if ((c->algorithm_ssl & SSL_TLSV1_2) && 3859296341Sdelphij (TLS1_get_version(s) < TLS1_2_VERSION)) 3860296341Sdelphij continue; 3861238405Sjkim 3862296341Sdelphij ssl_set_cert_masks(cert, c); 3863296341Sdelphij mask_k = cert->mask_k; 3864296341Sdelphij mask_a = cert->mask_a; 3865296341Sdelphij emask_k = cert->export_mask_k; 3866296341Sdelphij emask_a = cert->export_mask_a; 3867238405Sjkim#ifndef OPENSSL_NO_SRP 3868296341Sdelphij if (s->srp_ctx.srp_Mask & SSL_kSRP) { 3869296341Sdelphij mask_k |= SSL_kSRP; 3870296341Sdelphij emask_k |= SSL_kSRP; 3871296341Sdelphij mask_a |= SSL_aSRP; 3872296341Sdelphij emask_a |= SSL_aSRP; 3873296341Sdelphij } 3874238405Sjkim#endif 3875273399Sdelphij 3876109998Smarkm#ifdef KSSL_DEBUG 3877296341Sdelphij /* 3878296341Sdelphij * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", 3879296341Sdelphij * i,c->algorithms); 3880296341Sdelphij */ 3881296341Sdelphij#endif /* KSSL_DEBUG */ 3882109998Smarkm 3883296341Sdelphij alg_k = c->algorithm_mkey; 3884296341Sdelphij alg_a = c->algorithm_auth; 3885238405Sjkim 3886109998Smarkm#ifndef OPENSSL_NO_KRB5 3887296341Sdelphij if (alg_k & SSL_kKRB5) { 3888296341Sdelphij if (!kssl_keytab_is_available(s->kssl_ctx)) 3889296341Sdelphij continue; 3890296341Sdelphij } 3891296341Sdelphij#endif /* OPENSSL_NO_KRB5 */ 3892238405Sjkim#ifndef OPENSSL_NO_PSK 3893296341Sdelphij /* with PSK there must be server callback set */ 3894296341Sdelphij if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) 3895296341Sdelphij continue; 3896296341Sdelphij#endif /* OPENSSL_NO_PSK */ 3897238405Sjkim 3898296341Sdelphij if (SSL_C_IS_EXPORT(c)) { 3899296341Sdelphij ok = (alg_k & emask_k) && (alg_a & emask_a); 390055714Skris#ifdef CIPHER_DEBUG 3901296341Sdelphij fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", 3902296341Sdelphij ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name); 390355714Skris#endif 3904296341Sdelphij } else { 3905296341Sdelphij ok = (alg_k & mask_k) && (alg_a & mask_a); 390655714Skris#ifdef CIPHER_DEBUG 3907296341Sdelphij fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, 3908296341Sdelphij alg_a, mask_k, mask_a, (void *)c, c->name); 390955714Skris#endif 3910296341Sdelphij } 391155714Skris 3912238405Sjkim#ifndef OPENSSL_NO_TLSEXT 3913296341Sdelphij# ifndef OPENSSL_NO_EC 3914296341Sdelphij if ( 3915296341Sdelphij /* 3916296341Sdelphij * if we are considering an ECC cipher suite that uses our 3917296341Sdelphij * certificate 3918296341Sdelphij */ 3919296341Sdelphij (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3920296341Sdelphij /* and we have an ECC certificate */ 3921296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3922296341Sdelphij /* 3923296341Sdelphij * and the client specified a Supported Point Formats 3924296341Sdelphij * extension 3925296341Sdelphij */ 3926296341Sdelphij && ((s->session->tlsext_ecpointformatlist_length > 0) 3927296341Sdelphij && (s->session->tlsext_ecpointformatlist != NULL)) 3928296341Sdelphij /* and our certificate's point is compressed */ 3929296341Sdelphij && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3930296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != 3931296341Sdelphij NULL) 3932296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3933296341Sdelphij key->public_key != NULL) 3934296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3935296341Sdelphij key->public_key->data != NULL) 3936296341Sdelphij && 3937296341Sdelphij ((* 3938296341Sdelphij (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3939296341Sdelphij key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3940296341Sdelphij || 3941296341Sdelphij (* 3942296341Sdelphij (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3943296341Sdelphij key->public_key->data) == 3944296341Sdelphij POINT_CONVERSION_COMPRESSED + 1) 3945296341Sdelphij ) 3946296341Sdelphij ) 3947296341Sdelphij ) { 3948296341Sdelphij ec_ok = 0; 3949296341Sdelphij /* 3950296341Sdelphij * if our certificate's curve is over a field type that the 3951296341Sdelphij * client does not support then do not allow this cipher suite to 3952296341Sdelphij * be negotiated 3953296341Sdelphij */ 3954296341Sdelphij if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3955296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != 3956296341Sdelphij NULL) 3957296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec-> 3958296341Sdelphij group->meth != NULL) 3959296341Sdelphij && 3960296341Sdelphij (EC_METHOD_get_field_type 3961296341Sdelphij (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec-> 3962296341Sdelphij group->meth) == NID_X9_62_prime_field) 3963296341Sdelphij ) { 3964296341Sdelphij for (j = 0; j < s->session->tlsext_ecpointformatlist_length; 3965296341Sdelphij j++) { 3966296341Sdelphij if (s->session->tlsext_ecpointformatlist[j] == 3967296341Sdelphij TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) { 3968296341Sdelphij ec_ok = 1; 3969296341Sdelphij break; 3970296341Sdelphij } 3971296341Sdelphij } 3972296341Sdelphij } else 3973296341Sdelphij if (EC_METHOD_get_field_type 3974296341Sdelphij (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec-> 3975296341Sdelphij group->meth) == NID_X9_62_characteristic_two_field) { 3976296341Sdelphij for (j = 0; j < s->session->tlsext_ecpointformatlist_length; 3977296341Sdelphij j++) { 3978296341Sdelphij if (s->session->tlsext_ecpointformatlist[j] == 3979296341Sdelphij TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) { 3980296341Sdelphij ec_ok = 1; 3981296341Sdelphij break; 3982296341Sdelphij } 3983296341Sdelphij } 3984296341Sdelphij } 3985296341Sdelphij ok = ok && ec_ok; 3986296341Sdelphij } 3987296341Sdelphij if ( 3988296341Sdelphij /* 3989296341Sdelphij * if we are considering an ECC cipher suite that uses our 3990296341Sdelphij * certificate 3991296341Sdelphij */ 3992296341Sdelphij (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3993296341Sdelphij /* and we have an ECC certificate */ 3994296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3995296341Sdelphij /* 3996296341Sdelphij * and the client specified an EllipticCurves extension 3997296341Sdelphij */ 3998296341Sdelphij && ((s->session->tlsext_ellipticcurvelist_length > 0) 3999296341Sdelphij && (s->session->tlsext_ellipticcurvelist != NULL)) 4000296341Sdelphij ) { 4001296341Sdelphij ec_ok = 0; 4002296341Sdelphij if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 4003296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != 4004296341Sdelphij NULL) 4005296341Sdelphij ) { 4006296341Sdelphij ec_nid = 4007296341Sdelphij EC_GROUP_get_curve_name(s->cert-> 4008296341Sdelphij pkeys[SSL_PKEY_ECC].privatekey-> 4009296341Sdelphij pkey.ec->group); 4010296341Sdelphij if ((ec_nid == 0) 4011296341Sdelphij && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey. 4012296341Sdelphij ec->group->meth != NULL) 4013296341Sdelphij ) { 4014296341Sdelphij if (EC_METHOD_get_field_type 4015296341Sdelphij (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey. 4016296341Sdelphij ec->group->meth) == NID_X9_62_prime_field) { 4017296341Sdelphij ec_search1 = 0xFF; 4018296341Sdelphij ec_search2 = 0x01; 4019296341Sdelphij } else 4020296341Sdelphij if (EC_METHOD_get_field_type 4021296341Sdelphij (s->cert->pkeys[SSL_PKEY_ECC].privatekey-> 4022296341Sdelphij pkey.ec->group->meth) == 4023296341Sdelphij NID_X9_62_characteristic_two_field) { 4024296341Sdelphij ec_search1 = 0xFF; 4025296341Sdelphij ec_search2 = 0x02; 4026296341Sdelphij } 4027296341Sdelphij } else { 4028296341Sdelphij ec_search1 = 0x00; 4029296341Sdelphij ec_search2 = tls1_ec_nid2curve_id(ec_nid); 4030296341Sdelphij } 4031296341Sdelphij if ((ec_search1 != 0) || (ec_search2 != 0)) { 4032296341Sdelphij for (j = 0; 4033296341Sdelphij j < s->session->tlsext_ellipticcurvelist_length / 2; 4034296341Sdelphij j++) { 4035296341Sdelphij if ((s->session->tlsext_ellipticcurvelist[2 * j] == 4036296341Sdelphij ec_search1) 4037296341Sdelphij && (s->session->tlsext_ellipticcurvelist[2 * j + 4038296341Sdelphij 1] == 4039296341Sdelphij ec_search2)) { 4040296341Sdelphij ec_ok = 1; 4041296341Sdelphij break; 4042296341Sdelphij } 4043296341Sdelphij } 4044296341Sdelphij } 4045296341Sdelphij } 4046296341Sdelphij ok = ok && ec_ok; 4047296341Sdelphij } 4048296341Sdelphij# ifndef OPENSSL_NO_ECDH 4049296341Sdelphij if ( 4050296341Sdelphij /* 4051296341Sdelphij * if we are considering an ECC cipher suite that uses an 4052296341Sdelphij * ephemeral EC key 4053296341Sdelphij */ 4054296341Sdelphij (alg_k & SSL_kEECDH) 4055296341Sdelphij /* and we have an ephemeral EC key */ 4056296341Sdelphij && (s->cert->ecdh_tmp != NULL) 4057296341Sdelphij /* 4058296341Sdelphij * and the client specified an EllipticCurves extension 4059296341Sdelphij */ 4060296341Sdelphij && ((s->session->tlsext_ellipticcurvelist_length > 0) 4061296341Sdelphij && (s->session->tlsext_ellipticcurvelist != NULL)) 4062296341Sdelphij ) { 4063296341Sdelphij ec_ok = 0; 4064296341Sdelphij if (s->cert->ecdh_tmp->group != NULL) { 4065296341Sdelphij ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 4066296341Sdelphij if ((ec_nid == 0) 4067296341Sdelphij && (s->cert->ecdh_tmp->group->meth != NULL) 4068296341Sdelphij ) { 4069296341Sdelphij if (EC_METHOD_get_field_type 4070296341Sdelphij (s->cert->ecdh_tmp->group->meth) == 4071296341Sdelphij NID_X9_62_prime_field) { 4072296341Sdelphij ec_search1 = 0xFF; 4073296341Sdelphij ec_search2 = 0x01; 4074296341Sdelphij } else 4075296341Sdelphij if (EC_METHOD_get_field_type 4076296341Sdelphij (s->cert->ecdh_tmp->group->meth) == 4077296341Sdelphij NID_X9_62_characteristic_two_field) { 4078296341Sdelphij ec_search1 = 0xFF; 4079296341Sdelphij ec_search2 = 0x02; 4080296341Sdelphij } 4081296341Sdelphij } else { 4082296341Sdelphij ec_search1 = 0x00; 4083296341Sdelphij ec_search2 = tls1_ec_nid2curve_id(ec_nid); 4084296341Sdelphij } 4085296341Sdelphij if ((ec_search1 != 0) || (ec_search2 != 0)) { 4086296341Sdelphij for (j = 0; 4087296341Sdelphij j < s->session->tlsext_ellipticcurvelist_length / 2; 4088296341Sdelphij j++) { 4089296341Sdelphij if ((s->session->tlsext_ellipticcurvelist[2 * j] == 4090296341Sdelphij ec_search1) 4091296341Sdelphij && (s->session->tlsext_ellipticcurvelist[2 * j + 4092296341Sdelphij 1] == 4093296341Sdelphij ec_search2)) { 4094296341Sdelphij ec_ok = 1; 4095296341Sdelphij break; 4096296341Sdelphij } 4097296341Sdelphij } 4098296341Sdelphij } 4099296341Sdelphij } 4100296341Sdelphij ok = ok && ec_ok; 4101296341Sdelphij } 4102296341Sdelphij# endif /* OPENSSL_NO_ECDH */ 4103296341Sdelphij# endif /* OPENSSL_NO_EC */ 4104296341Sdelphij#endif /* OPENSSL_NO_TLSEXT */ 4105238405Sjkim 4106296341Sdelphij if (!ok) 4107296341Sdelphij continue; 4108296341Sdelphij ii = sk_SSL_CIPHER_find(allow, c); 4109296341Sdelphij if (ii >= 0) { 4110264331Sjkim#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 4111296341Sdelphij if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) 4112296341Sdelphij && s->s3->is_probably_safari) { 4113296341Sdelphij if (!ret) 4114296341Sdelphij ret = sk_SSL_CIPHER_value(allow, ii); 4115296341Sdelphij continue; 4116296341Sdelphij } 4117264331Sjkim#endif 4118296341Sdelphij ret = sk_SSL_CIPHER_value(allow, ii); 4119296341Sdelphij break; 4120296341Sdelphij } 4121296341Sdelphij } 4122296341Sdelphij return (ret); 4123296341Sdelphij} 412455714Skris 412555714Skrisint ssl3_get_req_cert_type(SSL *s, unsigned char *p) 4126296341Sdelphij{ 4127296341Sdelphij int ret = 0; 4128296341Sdelphij unsigned long alg_k; 412955714Skris 4130296341Sdelphij alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 413155714Skris 4132238405Sjkim#ifndef OPENSSL_NO_GOST 4133296341Sdelphij if (s->version >= TLS1_VERSION) { 4134296341Sdelphij if (alg_k & SSL_kGOST) { 4135296341Sdelphij p[ret++] = TLS_CT_GOST94_SIGN; 4136296341Sdelphij p[ret++] = TLS_CT_GOST01_SIGN; 4137296341Sdelphij return (ret); 4138296341Sdelphij } 4139296341Sdelphij } 4140238405Sjkim#endif 4141238405Sjkim 4142109998Smarkm#ifndef OPENSSL_NO_DH 4143296341Sdelphij if (alg_k & (SSL_kDHr | SSL_kEDH)) { 4144296341Sdelphij# ifndef OPENSSL_NO_RSA 4145296341Sdelphij p[ret++] = SSL3_CT_RSA_FIXED_DH; 4146296341Sdelphij# endif 4147296341Sdelphij# ifndef OPENSSL_NO_DSA 4148296341Sdelphij p[ret++] = SSL3_CT_DSS_FIXED_DH; 4149296341Sdelphij# endif 4150296341Sdelphij } 4151296341Sdelphij if ((s->version == SSL3_VERSION) && 4152296341Sdelphij (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) { 4153296341Sdelphij# ifndef OPENSSL_NO_RSA 4154296341Sdelphij p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 4155296341Sdelphij# endif 4156296341Sdelphij# ifndef OPENSSL_NO_DSA 4157296341Sdelphij p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 4158296341Sdelphij# endif 4159296341Sdelphij } 4160296341Sdelphij#endif /* !OPENSSL_NO_DH */ 4161109998Smarkm#ifndef OPENSSL_NO_RSA 4162296341Sdelphij p[ret++] = SSL3_CT_RSA_SIGN; 416355714Skris#endif 4164109998Smarkm#ifndef OPENSSL_NO_DSA 4165296341Sdelphij p[ret++] = SSL3_CT_DSS_SIGN; 416655714Skris#endif 4167160814Ssimon#ifndef OPENSSL_NO_ECDH 4168296341Sdelphij if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 4169296341Sdelphij p[ret++] = TLS_CT_RSA_FIXED_ECDH; 4170296341Sdelphij p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 4171296341Sdelphij } 4172160814Ssimon#endif 4173160814Ssimon 4174160814Ssimon#ifndef OPENSSL_NO_ECDSA 4175296341Sdelphij /* 4176296341Sdelphij * ECDSA certs can be used with RSA cipher suites as well so we don't 4177296341Sdelphij * need to check for SSL_kECDH or SSL_kEECDH 4178296341Sdelphij */ 4179296341Sdelphij if (s->version >= TLS1_VERSION) { 4180296341Sdelphij p[ret++] = TLS_CT_ECDSA_SIGN; 4181296341Sdelphij } 4182296341Sdelphij#endif 4183296341Sdelphij return (ret); 4184296341Sdelphij} 418555714Skris 418655714Skrisint ssl3_shutdown(SSL *s) 4187296341Sdelphij{ 4188296341Sdelphij int ret; 418955714Skris 4190296341Sdelphij /* 4191296341Sdelphij * Don't do anything much if we have not done the handshake or we don't 4192296341Sdelphij * want to send messages :-) 4193296341Sdelphij */ 4194296341Sdelphij if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 4195296341Sdelphij s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 4196296341Sdelphij return (1); 4197296341Sdelphij } 419855714Skris 4199296341Sdelphij if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 4200296341Sdelphij s->shutdown |= SSL_SENT_SHUTDOWN; 420155714Skris#if 1 4202296341Sdelphij ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 420355714Skris#endif 4204296341Sdelphij /* 4205296341Sdelphij * our shutdown alert has been sent now, and if it still needs to be 4206296341Sdelphij * written, s->s3->alert_dispatch will be true 4207296341Sdelphij */ 4208296341Sdelphij if (s->s3->alert_dispatch) 4209296341Sdelphij return (-1); /* return WANT_WRITE */ 4210296341Sdelphij } else if (s->s3->alert_dispatch) { 4211296341Sdelphij /* resend it if not sent */ 421255714Skris#if 1 4213296341Sdelphij ret = s->method->ssl_dispatch_alert(s); 4214296341Sdelphij if (ret == -1) { 4215296341Sdelphij /* 4216296341Sdelphij * we only get to return -1 here the 2nd/Nth invocation, we must 4217296341Sdelphij * have already signalled return 0 upon a previous invoation, 4218296341Sdelphij * return WANT_WRITE 4219296341Sdelphij */ 4220296341Sdelphij return (ret); 4221296341Sdelphij } 422255714Skris#endif 4223296341Sdelphij } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 4224296341Sdelphij /* 4225296341Sdelphij * If we are waiting for a close from our peer, we are closed 4226296341Sdelphij */ 4227296341Sdelphij s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 4228296341Sdelphij if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 4229296341Sdelphij return (-1); /* return WANT_READ */ 4230296341Sdelphij } 4231296341Sdelphij } 423255714Skris 4233296341Sdelphij if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && 4234296341Sdelphij !s->s3->alert_dispatch) 4235296341Sdelphij return (1); 4236296341Sdelphij else 4237296341Sdelphij return (0); 4238296341Sdelphij} 423955714Skris 424055714Skrisint ssl3_write(SSL *s, const void *buf, int len) 4241296341Sdelphij{ 4242296341Sdelphij int ret, n; 424355714Skris 424455714Skris#if 0 4245296341Sdelphij if (s->shutdown & SSL_SEND_SHUTDOWN) { 4246296341Sdelphij s->rwstate = SSL_NOTHING; 4247296341Sdelphij return (0); 4248296341Sdelphij } 424955714Skris#endif 4250296341Sdelphij clear_sys_error(); 4251296341Sdelphij if (s->s3->renegotiate) 4252296341Sdelphij ssl3_renegotiate_check(s); 425355714Skris 4254296341Sdelphij /* 4255296341Sdelphij * This is an experimental flag that sends the last handshake message in 4256296341Sdelphij * the same packet as the first use data - used to see if it helps the 4257296341Sdelphij * TCP protocol during session-id reuse 4258296341Sdelphij */ 4259296341Sdelphij /* The second test is because the buffer may have been removed */ 4260296341Sdelphij if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 4261296341Sdelphij /* First time through, we write into the buffer */ 4262296341Sdelphij if (s->s3->delay_buf_pop_ret == 0) { 4263296341Sdelphij ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); 4264296341Sdelphij if (ret <= 0) 4265296341Sdelphij return (ret); 426655714Skris 4267296341Sdelphij s->s3->delay_buf_pop_ret = ret; 4268296341Sdelphij } 426955714Skris 4270296341Sdelphij s->rwstate = SSL_WRITING; 4271296341Sdelphij n = BIO_flush(s->wbio); 4272296341Sdelphij if (n <= 0) 4273296341Sdelphij return (n); 4274296341Sdelphij s->rwstate = SSL_NOTHING; 427555714Skris 4276296341Sdelphij /* We have flushed the buffer, so remove it */ 4277296341Sdelphij ssl_free_wbio_buffer(s); 4278296341Sdelphij s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 427955714Skris 4280296341Sdelphij ret = s->s3->delay_buf_pop_ret; 4281296341Sdelphij s->s3->delay_buf_pop_ret = 0; 4282296341Sdelphij } else { 4283296341Sdelphij ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 4284296341Sdelphij buf, len); 4285296341Sdelphij if (ret <= 0) 4286296341Sdelphij return (ret); 4287296341Sdelphij } 428855714Skris 4289296341Sdelphij return (ret); 4290296341Sdelphij} 429155714Skris 429272613Skrisstatic int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 4293296341Sdelphij{ 4294296341Sdelphij int ret; 429555714Skris 4296296341Sdelphij clear_sys_error(); 4297296341Sdelphij if (s->s3->renegotiate) 4298296341Sdelphij ssl3_renegotiate_check(s); 4299296341Sdelphij s->s3->in_read_app_data = 1; 4300296341Sdelphij ret = 4301296341Sdelphij s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, 4302296341Sdelphij peek); 4303296341Sdelphij if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 4304296341Sdelphij /* 4305296341Sdelphij * ssl3_read_bytes decided to call s->handshake_func, which called 4306296341Sdelphij * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes 4307296341Sdelphij * actually found application data and thinks that application data 4308296341Sdelphij * makes sense here; so disable handshake processing and try to read 4309296341Sdelphij * application data again. 4310296341Sdelphij */ 4311296341Sdelphij s->in_handshake++; 4312296341Sdelphij ret = 4313296341Sdelphij s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, 4314296341Sdelphij peek); 4315296341Sdelphij s->in_handshake--; 4316296341Sdelphij } else 4317296341Sdelphij s->s3->in_read_app_data = 0; 431855714Skris 4319296341Sdelphij return (ret); 4320296341Sdelphij} 4321296341Sdelphij 432272613Skrisint ssl3_read(SSL *s, void *buf, int len) 4323296341Sdelphij{ 4324296341Sdelphij return ssl3_read_internal(s, buf, len, 0); 4325296341Sdelphij} 432672613Skris 432776866Skrisint ssl3_peek(SSL *s, void *buf, int len) 4328296341Sdelphij{ 4329296341Sdelphij return ssl3_read_internal(s, buf, len, 1); 4330296341Sdelphij} 433155714Skris 433255714Skrisint ssl3_renegotiate(SSL *s) 4333296341Sdelphij{ 4334296341Sdelphij if (s->handshake_func == NULL) 4335296341Sdelphij return (1); 433655714Skris 4337296341Sdelphij if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 4338296341Sdelphij return (0); 433955714Skris 4340296341Sdelphij s->s3->renegotiate = 1; 4341296341Sdelphij return (1); 4342296341Sdelphij} 434355714Skris 434455714Skrisint ssl3_renegotiate_check(SSL *s) 4345296341Sdelphij{ 4346296341Sdelphij int ret = 0; 434755714Skris 4348296341Sdelphij if (s->s3->renegotiate) { 4349296341Sdelphij if ((s->s3->rbuf.left == 0) && 4350296341Sdelphij (s->s3->wbuf.left == 0) && !SSL_in_init(s)) { 4351296341Sdelphij /* 4352296341Sdelphij * if we are the server, and we have sent a 'RENEGOTIATE' 4353296341Sdelphij * message, we need to go to SSL_ST_ACCEPT. 4354296341Sdelphij */ 4355296341Sdelphij /* SSL_ST_ACCEPT */ 4356296341Sdelphij s->state = SSL_ST_RENEGOTIATE; 4357296341Sdelphij s->s3->renegotiate = 0; 4358296341Sdelphij s->s3->num_renegotiations++; 4359296341Sdelphij s->s3->total_renegotiations++; 4360296341Sdelphij ret = 1; 4361296341Sdelphij } 4362296341Sdelphij } 4363296341Sdelphij return (ret); 4364296341Sdelphij} 4365296341Sdelphij 436655714Skris/* 4367296341Sdelphij * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4368238405Sjkim * to new SHA256 PRF and handshake macs 4369238405Sjkim */ 4370238405Sjkimlong ssl_get_algorithm2(SSL *s) 4371296341Sdelphij{ 4372296341Sdelphij long alg2 = s->s3->tmp.new_cipher->algorithm2; 4373296341Sdelphij if (s->method->version == TLS1_2_VERSION && 4374296341Sdelphij alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) 4375296341Sdelphij return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4376296341Sdelphij return alg2; 4377296341Sdelphij} 4378