2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
52 #include <openssl/objects.h>
54 #include <openssl/md5.h>
55 #include <openssl/dh.h>
56 #include <openssl/rand.h>
58 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
59 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
61 /* TLSv1.3 downgrade protection sentinel values */
62 const unsigned char tls11downgrade[] = {
63 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
65 const unsigned char tls12downgrade[] = {
66 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
70 * The list of available ciphers, mostly organized into the following
75 * SRP (within that: RSA EC PSK)
76 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
79 static SSL_CIPHER ssl3_ciphers[] = {
82 SSL3_TXT_RSA_NULL_MD5,
88 SSL3_VERSION, TLS1_2_VERSION,
89 DTLS1_BAD_VER, DTLS1_2_VERSION,
91 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
97 SSL3_TXT_RSA_NULL_SHA,
103 SSL3_VERSION, TLS1_2_VERSION,
104 DTLS1_BAD_VER, DTLS1_2_VERSION,
105 SSL_STRONG_NONE | SSL_FIPS,
106 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
110 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
113 SSL3_TXT_RSA_DES_192_CBC3_SHA,
114 SSL3_CK_RSA_DES_192_CBC3_SHA,
119 SSL3_VERSION, TLS1_2_VERSION,
120 DTLS1_BAD_VER, DTLS1_2_VERSION,
121 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
122 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
129 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
134 SSL3_VERSION, TLS1_2_VERSION,
135 DTLS1_BAD_VER, DTLS1_2_VERSION,
136 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
137 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
144 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
149 SSL3_VERSION, TLS1_2_VERSION,
150 DTLS1_BAD_VER, DTLS1_2_VERSION,
151 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
152 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
158 SSL3_TXT_ADH_DES_192_CBC_SHA,
159 SSL3_CK_ADH_DES_192_CBC_SHA,
164 SSL3_VERSION, TLS1_2_VERSION,
165 DTLS1_BAD_VER, DTLS1_2_VERSION,
166 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
167 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
174 TLS1_TXT_RSA_WITH_AES_128_SHA,
175 TLS1_CK_RSA_WITH_AES_128_SHA,
180 SSL3_VERSION, TLS1_2_VERSION,
181 DTLS1_BAD_VER, DTLS1_2_VERSION,
183 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
189 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
190 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
195 SSL3_VERSION, TLS1_2_VERSION,
196 DTLS1_BAD_VER, DTLS1_2_VERSION,
197 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
198 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
204 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
205 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
210 SSL3_VERSION, TLS1_2_VERSION,
211 DTLS1_BAD_VER, DTLS1_2_VERSION,
213 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
219 TLS1_TXT_ADH_WITH_AES_128_SHA,
220 TLS1_CK_ADH_WITH_AES_128_SHA,
225 SSL3_VERSION, TLS1_2_VERSION,
226 DTLS1_BAD_VER, DTLS1_2_VERSION,
227 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
228 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
234 TLS1_TXT_RSA_WITH_AES_256_SHA,
235 TLS1_CK_RSA_WITH_AES_256_SHA,
240 SSL3_VERSION, TLS1_2_VERSION,
241 DTLS1_BAD_VER, DTLS1_2_VERSION,
243 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
249 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
250 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
255 SSL3_VERSION, TLS1_2_VERSION,
256 DTLS1_BAD_VER, DTLS1_2_VERSION,
257 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
258 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
264 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
265 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
270 SSL3_VERSION, TLS1_2_VERSION,
271 DTLS1_BAD_VER, DTLS1_2_VERSION,
273 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
279 TLS1_TXT_ADH_WITH_AES_256_SHA,
280 TLS1_CK_ADH_WITH_AES_256_SHA,
285 SSL3_VERSION, TLS1_2_VERSION,
286 DTLS1_BAD_VER, DTLS1_2_VERSION,
287 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
288 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
294 TLS1_TXT_RSA_WITH_NULL_SHA256,
295 TLS1_CK_RSA_WITH_NULL_SHA256,
300 TLS1_2_VERSION, TLS1_2_VERSION,
301 DTLS1_2_VERSION, DTLS1_2_VERSION,
302 SSL_STRONG_NONE | SSL_FIPS,
303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309 TLS1_TXT_RSA_WITH_AES_128_SHA256,
310 TLS1_CK_RSA_WITH_AES_128_SHA256,
315 TLS1_2_VERSION, TLS1_2_VERSION,
316 DTLS1_2_VERSION, DTLS1_2_VERSION,
318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
324 TLS1_TXT_RSA_WITH_AES_256_SHA256,
325 TLS1_CK_RSA_WITH_AES_256_SHA256,
330 TLS1_2_VERSION, TLS1_2_VERSION,
331 DTLS1_2_VERSION, DTLS1_2_VERSION,
333 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
339 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
340 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
345 TLS1_2_VERSION, TLS1_2_VERSION,
346 DTLS1_2_VERSION, DTLS1_2_VERSION,
347 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
348 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
354 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
355 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
360 TLS1_2_VERSION, TLS1_2_VERSION,
361 DTLS1_2_VERSION, DTLS1_2_VERSION,
363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
369 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
370 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
375 TLS1_2_VERSION, TLS1_2_VERSION,
376 DTLS1_2_VERSION, DTLS1_2_VERSION,
377 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
384 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
385 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 TLS1_TXT_ADH_WITH_AES_128_SHA256,
400 TLS1_CK_ADH_WITH_AES_128_SHA256,
405 TLS1_2_VERSION, TLS1_2_VERSION,
406 DTLS1_2_VERSION, DTLS1_2_VERSION,
407 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
408 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
414 TLS1_TXT_ADH_WITH_AES_256_SHA256,
415 TLS1_CK_ADH_WITH_AES_256_SHA256,
420 TLS1_2_VERSION, TLS1_2_VERSION,
421 DTLS1_2_VERSION, DTLS1_2_VERSION,
422 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
423 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
429 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
430 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
435 TLS1_2_VERSION, TLS1_2_VERSION,
436 DTLS1_2_VERSION, DTLS1_2_VERSION,
438 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
444 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
445 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
450 TLS1_2_VERSION, TLS1_2_VERSION,
451 DTLS1_2_VERSION, DTLS1_2_VERSION,
453 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
459 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
460 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
465 TLS1_2_VERSION, TLS1_2_VERSION,
466 DTLS1_2_VERSION, DTLS1_2_VERSION,
468 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
474 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
475 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
480 TLS1_2_VERSION, TLS1_2_VERSION,
481 DTLS1_2_VERSION, DTLS1_2_VERSION,
483 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
489 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
490 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
495 TLS1_2_VERSION, TLS1_2_VERSION,
496 DTLS1_2_VERSION, DTLS1_2_VERSION,
497 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
498 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
504 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
505 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
510 TLS1_2_VERSION, TLS1_2_VERSION,
511 DTLS1_2_VERSION, DTLS1_2_VERSION,
512 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
513 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
519 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
520 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
525 TLS1_2_VERSION, TLS1_2_VERSION,
526 DTLS1_2_VERSION, DTLS1_2_VERSION,
527 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
528 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
534 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
535 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
540 TLS1_2_VERSION, TLS1_2_VERSION,
541 DTLS1_2_VERSION, DTLS1_2_VERSION,
542 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
543 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
549 TLS1_TXT_RSA_WITH_AES_128_CCM,
550 TLS1_CK_RSA_WITH_AES_128_CCM,
555 TLS1_2_VERSION, TLS1_2_VERSION,
556 DTLS1_2_VERSION, DTLS1_2_VERSION,
557 SSL_NOT_DEFAULT | SSL_HIGH,
558 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
564 TLS1_TXT_RSA_WITH_AES_256_CCM,
565 TLS1_CK_RSA_WITH_AES_256_CCM,
570 TLS1_2_VERSION, TLS1_2_VERSION,
571 DTLS1_2_VERSION, DTLS1_2_VERSION,
572 SSL_NOT_DEFAULT | SSL_HIGH,
573 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
579 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
580 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
585 TLS1_2_VERSION, TLS1_2_VERSION,
586 DTLS1_2_VERSION, DTLS1_2_VERSION,
587 SSL_NOT_DEFAULT | SSL_HIGH,
588 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
594 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
595 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
600 TLS1_2_VERSION, TLS1_2_VERSION,
601 DTLS1_2_VERSION, DTLS1_2_VERSION,
602 SSL_NOT_DEFAULT | SSL_HIGH,
603 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
609 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
610 TLS1_CK_RSA_WITH_AES_128_CCM_8,
615 TLS1_2_VERSION, TLS1_2_VERSION,
616 DTLS1_2_VERSION, DTLS1_2_VERSION,
617 SSL_NOT_DEFAULT | SSL_HIGH,
618 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
624 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
645 TLS1_2_VERSION, TLS1_2_VERSION,
646 DTLS1_2_VERSION, DTLS1_2_VERSION,
647 SSL_NOT_DEFAULT | SSL_HIGH,
648 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
654 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
655 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
660 TLS1_2_VERSION, TLS1_2_VERSION,
661 DTLS1_2_VERSION, DTLS1_2_VERSION,
662 SSL_NOT_DEFAULT | SSL_HIGH,
663 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
669 TLS1_TXT_PSK_WITH_AES_128_CCM,
670 TLS1_CK_PSK_WITH_AES_128_CCM,
675 TLS1_2_VERSION, TLS1_2_VERSION,
676 DTLS1_2_VERSION, DTLS1_2_VERSION,
677 SSL_NOT_DEFAULT | SSL_HIGH,
678 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
684 TLS1_TXT_PSK_WITH_AES_256_CCM,
685 TLS1_CK_PSK_WITH_AES_256_CCM,
690 TLS1_2_VERSION, TLS1_2_VERSION,
691 DTLS1_2_VERSION, DTLS1_2_VERSION,
692 SSL_NOT_DEFAULT | SSL_HIGH,
693 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
699 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
700 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_2_VERSION, TLS1_2_VERSION,
706 DTLS1_2_VERSION, DTLS1_2_VERSION,
707 SSL_NOT_DEFAULT | SSL_HIGH,
708 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
714 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
715 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_2_VERSION, TLS1_2_VERSION,
721 DTLS1_2_VERSION, DTLS1_2_VERSION,
722 SSL_NOT_DEFAULT | SSL_HIGH,
723 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
729 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
730 TLS1_CK_PSK_WITH_AES_128_CCM_8,
735 TLS1_2_VERSION, TLS1_2_VERSION,
736 DTLS1_2_VERSION, DTLS1_2_VERSION,
737 SSL_NOT_DEFAULT | SSL_HIGH,
738 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
744 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
745 TLS1_CK_PSK_WITH_AES_256_CCM_8,
750 TLS1_2_VERSION, TLS1_2_VERSION,
751 DTLS1_2_VERSION, DTLS1_2_VERSION,
752 SSL_NOT_DEFAULT | SSL_HIGH,
753 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
759 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
760 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
765 TLS1_2_VERSION, TLS1_2_VERSION,
766 DTLS1_2_VERSION, DTLS1_2_VERSION,
767 SSL_NOT_DEFAULT | SSL_HIGH,
768 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
774 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
775 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
780 TLS1_2_VERSION, TLS1_2_VERSION,
781 DTLS1_2_VERSION, DTLS1_2_VERSION,
782 SSL_NOT_DEFAULT | SSL_HIGH,
783 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
789 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
790 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
795 TLS1_2_VERSION, TLS1_2_VERSION,
796 DTLS1_2_VERSION, DTLS1_2_VERSION,
797 SSL_NOT_DEFAULT | SSL_HIGH,
798 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
804 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
805 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
810 TLS1_2_VERSION, TLS1_2_VERSION,
811 DTLS1_2_VERSION, DTLS1_2_VERSION,
812 SSL_NOT_DEFAULT | SSL_HIGH,
813 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
819 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
820 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
825 TLS1_2_VERSION, TLS1_2_VERSION,
826 DTLS1_2_VERSION, DTLS1_2_VERSION,
827 SSL_NOT_DEFAULT | SSL_HIGH,
828 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
834 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
835 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
840 TLS1_2_VERSION, TLS1_2_VERSION,
841 DTLS1_2_VERSION, DTLS1_2_VERSION,
842 SSL_NOT_DEFAULT | SSL_HIGH,
843 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
849 TLS1_3_TXT_AES_128_GCM_SHA256,
850 TLS1_3_CK_AES_128_GCM_SHA256,
854 TLS1_3_VERSION, TLS1_3_VERSION,
858 SSL_HANDSHAKE_MAC_SHA256,
864 TLS1_3_TXT_AES_256_GCM_SHA384,
865 TLS1_3_CK_AES_256_GCM_SHA384,
870 TLS1_3_VERSION, TLS1_3_VERSION,
873 SSL_HANDSHAKE_MAC_SHA384,
877 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
880 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
881 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
884 SSL_CHACHA20POLY1305,
886 TLS1_3_VERSION, TLS1_3_VERSION,
889 SSL_HANDSHAKE_MAC_SHA256,
896 TLS1_3_TXT_AES_128_CCM_SHA256,
897 TLS1_3_CK_AES_128_CCM_SHA256,
902 TLS1_3_VERSION, TLS1_3_VERSION,
904 SSL_NOT_DEFAULT | SSL_HIGH,
905 SSL_HANDSHAKE_MAC_SHA256,
911 TLS1_3_TXT_AES_128_CCM_8_SHA256,
912 TLS1_3_CK_AES_128_CCM_8_SHA256,
917 TLS1_3_VERSION, TLS1_3_VERSION,
919 SSL_NOT_DEFAULT | SSL_HIGH,
920 SSL_HANDSHAKE_MAC_SHA256,
925 #ifndef OPENSSL_NO_EC
928 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
929 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
934 TLS1_VERSION, TLS1_2_VERSION,
935 DTLS1_BAD_VER, DTLS1_2_VERSION,
936 SSL_STRONG_NONE | SSL_FIPS,
937 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
941 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
944 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
945 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
950 TLS1_VERSION, TLS1_2_VERSION,
951 DTLS1_BAD_VER, DTLS1_2_VERSION,
952 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
953 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
961 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
966 TLS1_VERSION, TLS1_2_VERSION,
967 DTLS1_BAD_VER, DTLS1_2_VERSION,
969 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
975 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
976 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
981 TLS1_VERSION, TLS1_2_VERSION,
982 DTLS1_BAD_VER, DTLS1_2_VERSION,
984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
990 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
991 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
996 TLS1_VERSION, TLS1_2_VERSION,
997 DTLS1_BAD_VER, DTLS1_2_VERSION,
998 SSL_STRONG_NONE | SSL_FIPS,
999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1003 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1006 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1007 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1012 TLS1_VERSION, TLS1_2_VERSION,
1013 DTLS1_BAD_VER, DTLS1_2_VERSION,
1014 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1022 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1023 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1028 TLS1_VERSION, TLS1_2_VERSION,
1029 DTLS1_BAD_VER, DTLS1_2_VERSION,
1030 SSL_HIGH | SSL_FIPS,
1031 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1037 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1038 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1043 TLS1_VERSION, TLS1_2_VERSION,
1044 DTLS1_BAD_VER, DTLS1_2_VERSION,
1045 SSL_HIGH | SSL_FIPS,
1046 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1052 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1053 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1058 TLS1_VERSION, TLS1_2_VERSION,
1059 DTLS1_BAD_VER, DTLS1_2_VERSION,
1060 SSL_STRONG_NONE | SSL_FIPS,
1061 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1065 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1068 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1069 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1074 TLS1_VERSION, TLS1_2_VERSION,
1075 DTLS1_BAD_VER, DTLS1_2_VERSION,
1076 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1077 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1084 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1085 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1090 TLS1_VERSION, TLS1_2_VERSION,
1091 DTLS1_BAD_VER, DTLS1_2_VERSION,
1092 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1093 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1099 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1100 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1105 TLS1_VERSION, TLS1_2_VERSION,
1106 DTLS1_BAD_VER, DTLS1_2_VERSION,
1107 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1108 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1115 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1120 TLS1_2_VERSION, TLS1_2_VERSION,
1121 DTLS1_2_VERSION, DTLS1_2_VERSION,
1122 SSL_HIGH | SSL_FIPS,
1123 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1129 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1130 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1135 TLS1_2_VERSION, TLS1_2_VERSION,
1136 DTLS1_2_VERSION, DTLS1_2_VERSION,
1137 SSL_HIGH | SSL_FIPS,
1138 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1144 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1145 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1150 TLS1_2_VERSION, TLS1_2_VERSION,
1151 DTLS1_2_VERSION, DTLS1_2_VERSION,
1152 SSL_HIGH | SSL_FIPS,
1153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1159 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1160 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1165 TLS1_2_VERSION, TLS1_2_VERSION,
1166 DTLS1_2_VERSION, DTLS1_2_VERSION,
1167 SSL_HIGH | SSL_FIPS,
1168 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1174 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1175 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1180 TLS1_2_VERSION, TLS1_2_VERSION,
1181 DTLS1_2_VERSION, DTLS1_2_VERSION,
1182 SSL_HIGH | SSL_FIPS,
1183 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1189 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1190 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1195 TLS1_2_VERSION, TLS1_2_VERSION,
1196 DTLS1_2_VERSION, DTLS1_2_VERSION,
1197 SSL_HIGH | SSL_FIPS,
1198 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1204 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1205 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1210 TLS1_2_VERSION, TLS1_2_VERSION,
1211 DTLS1_2_VERSION, DTLS1_2_VERSION,
1212 SSL_HIGH | SSL_FIPS,
1213 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1219 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1220 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1225 TLS1_2_VERSION, TLS1_2_VERSION,
1226 DTLS1_2_VERSION, DTLS1_2_VERSION,
1227 SSL_HIGH | SSL_FIPS,
1228 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1232 #endif /* OPENSSL_NO_EC */
1234 #ifndef OPENSSL_NO_PSK
1237 TLS1_TXT_PSK_WITH_NULL_SHA,
1238 TLS1_CK_PSK_WITH_NULL_SHA,
1243 SSL3_VERSION, TLS1_2_VERSION,
1244 DTLS1_BAD_VER, DTLS1_2_VERSION,
1245 SSL_STRONG_NONE | SSL_FIPS,
1246 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1252 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1253 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1258 SSL3_VERSION, TLS1_2_VERSION,
1259 DTLS1_BAD_VER, DTLS1_2_VERSION,
1260 SSL_STRONG_NONE | SSL_FIPS,
1261 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1267 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1268 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1273 SSL3_VERSION, TLS1_2_VERSION,
1274 DTLS1_BAD_VER, DTLS1_2_VERSION,
1275 SSL_STRONG_NONE | SSL_FIPS,
1276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1280 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1283 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1284 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1289 SSL3_VERSION, TLS1_2_VERSION,
1290 DTLS1_BAD_VER, DTLS1_2_VERSION,
1291 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1299 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1300 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1305 SSL3_VERSION, TLS1_2_VERSION,
1306 DTLS1_BAD_VER, DTLS1_2_VERSION,
1307 SSL_HIGH | SSL_FIPS,
1308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1314 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1315 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1320 SSL3_VERSION, TLS1_2_VERSION,
1321 DTLS1_BAD_VER, DTLS1_2_VERSION,
1322 SSL_HIGH | SSL_FIPS,
1323 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1327 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1330 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1331 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1336 SSL3_VERSION, TLS1_2_VERSION,
1337 DTLS1_BAD_VER, DTLS1_2_VERSION,
1338 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1339 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1346 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1347 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1352 SSL3_VERSION, TLS1_2_VERSION,
1353 DTLS1_BAD_VER, DTLS1_2_VERSION,
1354 SSL_HIGH | SSL_FIPS,
1355 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1361 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1362 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1367 SSL3_VERSION, TLS1_2_VERSION,
1368 DTLS1_BAD_VER, DTLS1_2_VERSION,
1369 SSL_HIGH | SSL_FIPS,
1370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1374 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1377 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1378 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1383 SSL3_VERSION, TLS1_2_VERSION,
1384 DTLS1_BAD_VER, DTLS1_2_VERSION,
1385 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1393 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_BAD_VER, DTLS1_2_VERSION,
1401 SSL_HIGH | SSL_FIPS,
1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1408 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1414 SSL3_VERSION, TLS1_2_VERSION,
1415 DTLS1_BAD_VER, DTLS1_2_VERSION,
1416 SSL_HIGH | SSL_FIPS,
1417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1424 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1429 TLS1_2_VERSION, TLS1_2_VERSION,
1430 DTLS1_2_VERSION, DTLS1_2_VERSION,
1431 SSL_HIGH | SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1438 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1439 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1444 TLS1_2_VERSION, TLS1_2_VERSION,
1445 DTLS1_2_VERSION, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1453 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1454 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1459 TLS1_2_VERSION, TLS1_2_VERSION,
1460 DTLS1_2_VERSION, DTLS1_2_VERSION,
1461 SSL_HIGH | SSL_FIPS,
1462 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1468 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1469 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1474 TLS1_2_VERSION, TLS1_2_VERSION,
1475 DTLS1_2_VERSION, DTLS1_2_VERSION,
1476 SSL_HIGH | SSL_FIPS,
1477 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1483 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1484 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1489 TLS1_2_VERSION, TLS1_2_VERSION,
1490 DTLS1_2_VERSION, DTLS1_2_VERSION,
1491 SSL_HIGH | SSL_FIPS,
1492 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1498 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1499 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1504 TLS1_2_VERSION, TLS1_2_VERSION,
1505 DTLS1_2_VERSION, DTLS1_2_VERSION,
1506 SSL_HIGH | SSL_FIPS,
1507 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1513 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1514 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1519 TLS1_VERSION, TLS1_2_VERSION,
1520 DTLS1_BAD_VER, DTLS1_2_VERSION,
1521 SSL_HIGH | SSL_FIPS,
1522 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1528 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1529 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1534 TLS1_VERSION, TLS1_2_VERSION,
1535 DTLS1_BAD_VER, DTLS1_2_VERSION,
1536 SSL_HIGH | SSL_FIPS,
1537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1543 TLS1_TXT_PSK_WITH_NULL_SHA256,
1544 TLS1_CK_PSK_WITH_NULL_SHA256,
1549 TLS1_VERSION, TLS1_2_VERSION,
1550 DTLS1_BAD_VER, DTLS1_2_VERSION,
1551 SSL_STRONG_NONE | SSL_FIPS,
1552 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1558 TLS1_TXT_PSK_WITH_NULL_SHA384,
1559 TLS1_CK_PSK_WITH_NULL_SHA384,
1564 TLS1_VERSION, TLS1_2_VERSION,
1565 DTLS1_BAD_VER, DTLS1_2_VERSION,
1566 SSL_STRONG_NONE | SSL_FIPS,
1567 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1573 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1574 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1579 TLS1_VERSION, TLS1_2_VERSION,
1580 DTLS1_BAD_VER, DTLS1_2_VERSION,
1581 SSL_HIGH | SSL_FIPS,
1582 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1588 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1589 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1594 TLS1_VERSION, TLS1_2_VERSION,
1595 DTLS1_BAD_VER, DTLS1_2_VERSION,
1596 SSL_HIGH | SSL_FIPS,
1597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1603 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_BAD_VER, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1619 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1624 TLS1_VERSION, TLS1_2_VERSION,
1625 DTLS1_BAD_VER, DTLS1_2_VERSION,
1626 SSL_STRONG_NONE | SSL_FIPS,
1627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1633 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1648 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1654 TLS1_VERSION, TLS1_2_VERSION,
1655 DTLS1_BAD_VER, DTLS1_2_VERSION,
1656 SSL_HIGH | SSL_FIPS,
1657 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1663 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1664 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1669 TLS1_VERSION, TLS1_2_VERSION,
1670 DTLS1_BAD_VER, DTLS1_2_VERSION,
1671 SSL_STRONG_NONE | SSL_FIPS,
1672 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1678 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1679 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1684 TLS1_VERSION, TLS1_2_VERSION,
1685 DTLS1_BAD_VER, DTLS1_2_VERSION,
1686 SSL_STRONG_NONE | SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1691 # ifndef OPENSSL_NO_EC
1692 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1695 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1696 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1701 TLS1_VERSION, TLS1_2_VERSION,
1702 DTLS1_BAD_VER, DTLS1_2_VERSION,
1703 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1704 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1711 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1712 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1717 TLS1_VERSION, TLS1_2_VERSION,
1718 DTLS1_BAD_VER, DTLS1_2_VERSION,
1719 SSL_HIGH | SSL_FIPS,
1720 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1726 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1727 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1732 TLS1_VERSION, TLS1_2_VERSION,
1733 DTLS1_BAD_VER, DTLS1_2_VERSION,
1734 SSL_HIGH | SSL_FIPS,
1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1742 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1747 TLS1_VERSION, TLS1_2_VERSION,
1748 DTLS1_BAD_VER, DTLS1_2_VERSION,
1749 SSL_HIGH | SSL_FIPS,
1750 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1756 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1757 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1762 TLS1_VERSION, TLS1_2_VERSION,
1763 DTLS1_BAD_VER, DTLS1_2_VERSION,
1764 SSL_HIGH | SSL_FIPS,
1765 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1771 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1772 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1777 TLS1_VERSION, TLS1_2_VERSION,
1778 DTLS1_BAD_VER, DTLS1_2_VERSION,
1779 SSL_STRONG_NONE | SSL_FIPS,
1780 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1786 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1787 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1792 TLS1_VERSION, TLS1_2_VERSION,
1793 DTLS1_BAD_VER, DTLS1_2_VERSION,
1794 SSL_STRONG_NONE | SSL_FIPS,
1795 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1801 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1802 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1807 TLS1_VERSION, TLS1_2_VERSION,
1808 DTLS1_BAD_VER, DTLS1_2_VERSION,
1809 SSL_STRONG_NONE | SSL_FIPS,
1810 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1814 # endif /* OPENSSL_NO_EC */
1815 #endif /* OPENSSL_NO_PSK */
1817 #ifndef OPENSSL_NO_SRP
1818 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1821 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1822 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1827 SSL3_VERSION, TLS1_2_VERSION,
1828 DTLS1_BAD_VER, DTLS1_2_VERSION,
1829 SSL_NOT_DEFAULT | SSL_MEDIUM,
1830 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1836 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1837 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1842 SSL3_VERSION, TLS1_2_VERSION,
1843 DTLS1_BAD_VER, DTLS1_2_VERSION,
1844 SSL_NOT_DEFAULT | SSL_MEDIUM,
1845 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1851 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1852 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1857 SSL3_VERSION, TLS1_2_VERSION,
1858 DTLS1_BAD_VER, DTLS1_2_VERSION,
1859 SSL_NOT_DEFAULT | SSL_MEDIUM,
1860 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1867 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1868 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1873 SSL3_VERSION, TLS1_2_VERSION,
1874 DTLS1_BAD_VER, DTLS1_2_VERSION,
1876 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1882 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1883 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1888 SSL3_VERSION, TLS1_2_VERSION,
1889 DTLS1_BAD_VER, DTLS1_2_VERSION,
1891 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1897 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1898 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1903 SSL3_VERSION, TLS1_2_VERSION,
1904 DTLS1_BAD_VER, DTLS1_2_VERSION,
1905 SSL_NOT_DEFAULT | SSL_HIGH,
1906 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1912 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1913 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1918 SSL3_VERSION, TLS1_2_VERSION,
1919 DTLS1_BAD_VER, DTLS1_2_VERSION,
1921 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1927 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1928 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1933 SSL3_VERSION, TLS1_2_VERSION,
1934 DTLS1_BAD_VER, DTLS1_2_VERSION,
1936 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1942 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1943 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1948 SSL3_VERSION, TLS1_2_VERSION,
1949 DTLS1_BAD_VER, DTLS1_2_VERSION,
1950 SSL_NOT_DEFAULT | SSL_HIGH,
1951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1955 #endif /* OPENSSL_NO_SRP */
1957 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1958 # ifndef OPENSSL_NO_RSA
1961 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1962 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1965 SSL_CHACHA20POLY1305,
1967 TLS1_2_VERSION, TLS1_2_VERSION,
1968 DTLS1_2_VERSION, DTLS1_2_VERSION,
1970 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1974 # endif /* OPENSSL_NO_RSA */
1976 # ifndef OPENSSL_NO_EC
1979 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1980 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1983 SSL_CHACHA20POLY1305,
1985 TLS1_2_VERSION, TLS1_2_VERSION,
1986 DTLS1_2_VERSION, DTLS1_2_VERSION,
1988 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1994 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1995 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1998 SSL_CHACHA20POLY1305,
2000 TLS1_2_VERSION, TLS1_2_VERSION,
2001 DTLS1_2_VERSION, DTLS1_2_VERSION,
2003 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2007 # endif /* OPENSSL_NO_EC */
2009 # ifndef OPENSSL_NO_PSK
2012 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2013 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2016 SSL_CHACHA20POLY1305,
2018 TLS1_2_VERSION, TLS1_2_VERSION,
2019 DTLS1_2_VERSION, DTLS1_2_VERSION,
2021 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2027 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2028 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2031 SSL_CHACHA20POLY1305,
2033 TLS1_2_VERSION, TLS1_2_VERSION,
2034 DTLS1_2_VERSION, DTLS1_2_VERSION,
2036 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2042 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2043 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2046 SSL_CHACHA20POLY1305,
2048 TLS1_2_VERSION, TLS1_2_VERSION,
2049 DTLS1_2_VERSION, DTLS1_2_VERSION,
2051 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2057 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2058 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2061 SSL_CHACHA20POLY1305,
2063 TLS1_2_VERSION, TLS1_2_VERSION,
2064 DTLS1_2_VERSION, DTLS1_2_VERSION,
2066 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2070 # endif /* OPENSSL_NO_PSK */
2071 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2072 * !defined(OPENSSL_NO_POLY1305) */
2074 #ifndef OPENSSL_NO_CAMELLIA
2077 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2078 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2083 TLS1_2_VERSION, TLS1_2_VERSION,
2084 DTLS1_2_VERSION, DTLS1_2_VERSION,
2085 SSL_NOT_DEFAULT | SSL_HIGH,
2086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2092 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2093 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2098 TLS1_2_VERSION, TLS1_2_VERSION,
2099 DTLS1_2_VERSION, DTLS1_2_VERSION,
2100 SSL_NOT_DEFAULT | SSL_HIGH,
2101 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2107 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2108 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2113 TLS1_2_VERSION, TLS1_2_VERSION,
2114 DTLS1_2_VERSION, DTLS1_2_VERSION,
2115 SSL_NOT_DEFAULT | SSL_HIGH,
2116 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2122 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2123 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2128 TLS1_2_VERSION, TLS1_2_VERSION,
2129 DTLS1_2_VERSION, DTLS1_2_VERSION,
2130 SSL_NOT_DEFAULT | SSL_HIGH,
2131 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2137 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2138 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2143 TLS1_2_VERSION, TLS1_2_VERSION,
2144 DTLS1_2_VERSION, DTLS1_2_VERSION,
2145 SSL_NOT_DEFAULT | SSL_HIGH,
2146 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2153 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2158 TLS1_2_VERSION, TLS1_2_VERSION,
2159 DTLS1_2_VERSION, DTLS1_2_VERSION,
2160 SSL_NOT_DEFAULT | SSL_HIGH,
2161 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2167 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2168 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2173 TLS1_2_VERSION, TLS1_2_VERSION,
2174 DTLS1_2_VERSION, DTLS1_2_VERSION,
2175 SSL_NOT_DEFAULT | SSL_HIGH,
2176 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2182 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2183 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2188 TLS1_2_VERSION, TLS1_2_VERSION,
2189 DTLS1_2_VERSION, DTLS1_2_VERSION,
2190 SSL_NOT_DEFAULT | SSL_HIGH,
2191 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2197 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2198 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2203 SSL3_VERSION, TLS1_2_VERSION,
2204 DTLS1_BAD_VER, DTLS1_2_VERSION,
2205 SSL_NOT_DEFAULT | SSL_HIGH,
2206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2212 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2213 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2218 SSL3_VERSION, TLS1_2_VERSION,
2219 DTLS1_BAD_VER, DTLS1_2_VERSION,
2220 SSL_NOT_DEFAULT | SSL_HIGH,
2221 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2227 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2228 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2233 SSL3_VERSION, TLS1_2_VERSION,
2234 DTLS1_BAD_VER, DTLS1_2_VERSION,
2235 SSL_NOT_DEFAULT | SSL_HIGH,
2236 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2242 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2243 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2248 SSL3_VERSION, TLS1_2_VERSION,
2249 DTLS1_BAD_VER, DTLS1_2_VERSION,
2250 SSL_NOT_DEFAULT | SSL_HIGH,
2251 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2257 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2258 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2263 SSL3_VERSION, TLS1_2_VERSION,
2264 DTLS1_BAD_VER, DTLS1_2_VERSION,
2265 SSL_NOT_DEFAULT | SSL_HIGH,
2266 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2272 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2273 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2278 SSL3_VERSION, TLS1_2_VERSION,
2279 DTLS1_BAD_VER, DTLS1_2_VERSION,
2280 SSL_NOT_DEFAULT | SSL_HIGH,
2281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2287 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2288 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2293 SSL3_VERSION, TLS1_2_VERSION,
2294 DTLS1_BAD_VER, DTLS1_2_VERSION,
2295 SSL_NOT_DEFAULT | SSL_HIGH,
2296 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2302 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2303 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2308 SSL3_VERSION, TLS1_2_VERSION,
2309 DTLS1_BAD_VER, DTLS1_2_VERSION,
2310 SSL_NOT_DEFAULT | SSL_HIGH,
2311 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2316 # ifndef OPENSSL_NO_EC
2319 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2320 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2325 TLS1_2_VERSION, TLS1_2_VERSION,
2326 DTLS1_2_VERSION, DTLS1_2_VERSION,
2327 SSL_NOT_DEFAULT | SSL_HIGH,
2328 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2334 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2335 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2340 TLS1_2_VERSION, TLS1_2_VERSION,
2341 DTLS1_2_VERSION, DTLS1_2_VERSION,
2342 SSL_NOT_DEFAULT | SSL_HIGH,
2343 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2349 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2350 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2355 TLS1_2_VERSION, TLS1_2_VERSION,
2356 DTLS1_2_VERSION, DTLS1_2_VERSION,
2357 SSL_NOT_DEFAULT | SSL_HIGH,
2358 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2364 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2365 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2370 TLS1_2_VERSION, TLS1_2_VERSION,
2371 DTLS1_2_VERSION, DTLS1_2_VERSION,
2372 SSL_NOT_DEFAULT | SSL_HIGH,
2373 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2377 # endif /* OPENSSL_NO_EC */
2379 # ifndef OPENSSL_NO_PSK
2382 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2383 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2388 TLS1_VERSION, TLS1_2_VERSION,
2389 DTLS1_BAD_VER, DTLS1_2_VERSION,
2390 SSL_NOT_DEFAULT | SSL_HIGH,
2391 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2397 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2398 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2403 TLS1_VERSION, TLS1_2_VERSION,
2404 DTLS1_BAD_VER, DTLS1_2_VERSION,
2405 SSL_NOT_DEFAULT | SSL_HIGH,
2406 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2412 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2418 TLS1_VERSION, TLS1_2_VERSION,
2419 DTLS1_BAD_VER, DTLS1_2_VERSION,
2420 SSL_NOT_DEFAULT | SSL_HIGH,
2421 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2427 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2428 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2433 TLS1_VERSION, TLS1_2_VERSION,
2434 DTLS1_BAD_VER, DTLS1_2_VERSION,
2435 SSL_NOT_DEFAULT | SSL_HIGH,
2436 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2442 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2443 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2448 TLS1_VERSION, TLS1_2_VERSION,
2449 DTLS1_BAD_VER, DTLS1_2_VERSION,
2450 SSL_NOT_DEFAULT | SSL_HIGH,
2451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2458 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2463 TLS1_VERSION, TLS1_2_VERSION,
2464 DTLS1_BAD_VER, DTLS1_2_VERSION,
2465 SSL_NOT_DEFAULT | SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2472 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2478 TLS1_VERSION, TLS1_2_VERSION,
2479 DTLS1_BAD_VER, DTLS1_2_VERSION,
2480 SSL_NOT_DEFAULT | SSL_HIGH,
2481 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2487 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2488 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493 TLS1_VERSION, TLS1_2_VERSION,
2494 DTLS1_BAD_VER, DTLS1_2_VERSION,
2495 SSL_NOT_DEFAULT | SSL_HIGH,
2496 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2500 # endif /* OPENSSL_NO_PSK */
2502 #endif /* OPENSSL_NO_CAMELLIA */
2504 #ifndef OPENSSL_NO_GOST
2507 "GOST2001-GOST89-GOST89",
2511 SSL_eGOST2814789CNT,
2513 TLS1_VERSION, TLS1_2_VERSION,
2516 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2522 "GOST2001-NULL-GOST94",
2528 TLS1_VERSION, TLS1_2_VERSION,
2531 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2537 "GOST2012-GOST8912-GOST8912",
2540 SSL_aGOST12 | SSL_aGOST01,
2541 SSL_eGOST2814789CNT12,
2543 TLS1_VERSION, TLS1_2_VERSION,
2546 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2552 "GOST2012-NULL-GOST12",
2555 SSL_aGOST12 | SSL_aGOST01,
2558 TLS1_VERSION, TLS1_2_VERSION,
2561 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2565 #endif /* OPENSSL_NO_GOST */
2567 #ifndef OPENSSL_NO_IDEA
2570 SSL3_TXT_RSA_IDEA_128_SHA,
2571 SSL3_CK_RSA_IDEA_128_SHA,
2576 SSL3_VERSION, TLS1_1_VERSION,
2577 DTLS1_BAD_VER, DTLS1_VERSION,
2578 SSL_NOT_DEFAULT | SSL_MEDIUM,
2579 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2585 #ifndef OPENSSL_NO_SEED
2588 TLS1_TXT_RSA_WITH_SEED_SHA,
2589 TLS1_CK_RSA_WITH_SEED_SHA,
2594 SSL3_VERSION, TLS1_2_VERSION,
2595 DTLS1_BAD_VER, DTLS1_2_VERSION,
2596 SSL_NOT_DEFAULT | SSL_MEDIUM,
2597 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2603 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2604 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2609 SSL3_VERSION, TLS1_2_VERSION,
2610 DTLS1_BAD_VER, DTLS1_2_VERSION,
2611 SSL_NOT_DEFAULT | SSL_MEDIUM,
2612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2618 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2619 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2624 SSL3_VERSION, TLS1_2_VERSION,
2625 DTLS1_BAD_VER, DTLS1_2_VERSION,
2626 SSL_NOT_DEFAULT | SSL_MEDIUM,
2627 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2633 TLS1_TXT_ADH_WITH_SEED_SHA,
2634 TLS1_CK_ADH_WITH_SEED_SHA,
2639 SSL3_VERSION, TLS1_2_VERSION,
2640 DTLS1_BAD_VER, DTLS1_2_VERSION,
2641 SSL_NOT_DEFAULT | SSL_MEDIUM,
2642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2646 #endif /* OPENSSL_NO_SEED */
2648 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2651 SSL3_TXT_RSA_RC4_128_MD5,
2652 SSL3_CK_RSA_RC4_128_MD5,
2657 SSL3_VERSION, TLS1_2_VERSION,
2659 SSL_NOT_DEFAULT | SSL_MEDIUM,
2660 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2666 SSL3_TXT_RSA_RC4_128_SHA,
2667 SSL3_CK_RSA_RC4_128_SHA,
2672 SSL3_VERSION, TLS1_2_VERSION,
2674 SSL_NOT_DEFAULT | SSL_MEDIUM,
2675 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2681 SSL3_TXT_ADH_RC4_128_MD5,
2682 SSL3_CK_ADH_RC4_128_MD5,
2687 SSL3_VERSION, TLS1_2_VERSION,
2689 SSL_NOT_DEFAULT | SSL_MEDIUM,
2690 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2695 # ifndef OPENSSL_NO_EC
2698 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2699 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2704 TLS1_VERSION, TLS1_2_VERSION,
2706 SSL_NOT_DEFAULT | SSL_MEDIUM,
2707 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2713 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2714 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2719 TLS1_VERSION, TLS1_2_VERSION,
2721 SSL_NOT_DEFAULT | SSL_MEDIUM,
2722 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2728 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2729 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2734 TLS1_VERSION, TLS1_2_VERSION,
2736 SSL_NOT_DEFAULT | SSL_MEDIUM,
2737 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2743 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2744 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2749 TLS1_VERSION, TLS1_2_VERSION,
2751 SSL_NOT_DEFAULT | SSL_MEDIUM,
2752 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2756 # endif /* OPENSSL_NO_EC */
2758 # ifndef OPENSSL_NO_PSK
2761 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2762 TLS1_CK_PSK_WITH_RC4_128_SHA,
2767 SSL3_VERSION, TLS1_2_VERSION,
2769 SSL_NOT_DEFAULT | SSL_MEDIUM,
2770 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2777 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2782 SSL3_VERSION, TLS1_2_VERSION,
2784 SSL_NOT_DEFAULT | SSL_MEDIUM,
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2791 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2792 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2797 SSL3_VERSION, TLS1_2_VERSION,
2799 SSL_NOT_DEFAULT | SSL_MEDIUM,
2800 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2804 # endif /* OPENSSL_NO_PSK */
2806 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2811 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2812 * values stuffed into the ciphers field of the wire protocol for signalling
2815 static SSL_CIPHER ssl3_scsvs[] = {
2818 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2820 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2824 "TLS_FALLBACK_SCSV",
2825 SSL3_CK_FALLBACK_SCSV,
2826 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2830 static int cipher_compare(const void *a, const void *b)
2832 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2833 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2835 return ap->id - bp->id;
2838 void ssl_sort_cipher_list(void)
2840 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2842 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2845 const SSL3_ENC_METHOD SSLv3_enc_data = {
2848 ssl3_setup_key_block,
2849 ssl3_generate_master_secret,
2850 ssl3_change_cipher_state,
2851 ssl3_final_finish_mac,
2852 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2853 SSL3_MD_SERVER_FINISHED_CONST, 4,
2855 (int (*)(SSL *, unsigned char *, size_t, const char *,
2856 size_t, const unsigned char *, size_t,
2857 int use_context))ssl_undefined_function,
2859 ssl3_set_handshake_header,
2860 tls_close_construct_packet,
2861 ssl3_handshake_write
2864 long ssl3_default_timeout(void)
2867 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2868 * http, the cache would over fill
2870 return (60 * 60 * 2);
2873 int ssl3_num_ciphers(void)
2875 return (SSL3_NUM_CIPHERS);
2878 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2880 if (u < SSL3_NUM_CIPHERS)
2881 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2886 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2888 /* No header in the event of a CCS */
2889 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
2892 /* Set the content type and 3 bytes for the message len */
2893 if (!WPACKET_put_bytes_u8(pkt, htype)
2894 || !WPACKET_start_sub_packet_u24(pkt))
2900 int ssl3_handshake_write(SSL *s)
2902 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2905 int ssl3_new(SSL *s)
2909 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2913 #ifndef OPENSSL_NO_SRP
2914 if (!SSL_SRP_CTX_init(s))
2917 s->method->ssl_clear(s);
2923 void ssl3_free(SSL *s)
2925 if (s == NULL || s->s3 == NULL)
2928 ssl3_cleanup_key_block(s);
2930 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2931 EVP_PKEY_free(s->s3->peer_tmp);
2932 s->s3->peer_tmp = NULL;
2933 EVP_PKEY_free(s->s3->tmp.pkey);
2934 s->s3->tmp.pkey = NULL;
2937 OPENSSL_free(s->s3->tmp.ctype);
2938 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2939 OPENSSL_free(s->s3->tmp.ciphers_raw);
2940 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2941 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2942 ssl3_free_digest_list(s);
2943 OPENSSL_free(s->s3->alpn_selected);
2944 OPENSSL_free(s->s3->alpn_proposed);
2946 #ifndef OPENSSL_NO_SRP
2947 SSL_SRP_CTX_free(s);
2949 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2953 void ssl3_clear(SSL *s)
2955 ssl3_cleanup_key_block(s);
2956 OPENSSL_free(s->s3->tmp.ctype);
2957 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2958 OPENSSL_free(s->s3->tmp.ciphers_raw);
2959 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2960 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2962 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2963 EVP_PKEY_free(s->s3->tmp.pkey);
2964 EVP_PKEY_free(s->s3->peer_tmp);
2965 #endif /* !OPENSSL_NO_EC */
2967 ssl3_free_digest_list(s);
2969 OPENSSL_free(s->s3->alpn_selected);
2970 OPENSSL_free(s->s3->alpn_proposed);
2972 /* NULL/zero-out everything in the s3 struct */
2973 memset(s->s3, 0, sizeof(*s->s3));
2975 ssl_free_wbio_buffer(s);
2977 s->version = SSL3_VERSION;
2979 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2980 OPENSSL_free(s->ext.npn);
2986 #ifndef OPENSSL_NO_SRP
2987 static char *srp_password_from_info_cb(SSL *s, void *arg)
2989 return OPENSSL_strdup(s->srp_ctx.info);
2993 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2995 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3000 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3002 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3003 ret = s->s3->num_renegotiations;
3005 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3006 ret = s->s3->num_renegotiations;
3007 s->s3->num_renegotiations = 0;
3009 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3010 ret = s->s3->total_renegotiations;
3012 case SSL_CTRL_GET_FLAGS:
3013 ret = (int)(s->s3->flags);
3015 #ifndef OPENSSL_NO_DH
3016 case SSL_CTRL_SET_TMP_DH:
3018 DH *dh = (DH *)parg;
3019 EVP_PKEY *pkdh = NULL;
3021 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3024 pkdh = ssl_dh_to_pkey(dh);
3026 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3029 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3030 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3031 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3032 EVP_PKEY_free(pkdh);
3035 EVP_PKEY_free(s->cert->dh_tmp);
3036 s->cert->dh_tmp = pkdh;
3040 case SSL_CTRL_SET_TMP_DH_CB:
3042 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3045 case SSL_CTRL_SET_DH_AUTO:
3046 s->cert->dh_tmp_auto = larg;
3049 #ifndef OPENSSL_NO_EC
3050 case SSL_CTRL_SET_TMP_ECDH:
3052 const EC_GROUP *group = NULL;
3056 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3059 group = EC_KEY_get0_group((const EC_KEY *)parg);
3060 if (group == NULL) {
3061 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3064 nid = EC_GROUP_get_curve_name(group);
3065 if (nid == NID_undef)
3067 return tls1_set_groups(&s->ext.supportedgroups,
3068 &s->ext.supportedgroups_len,
3072 #endif /* !OPENSSL_NO_EC */
3073 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3074 if (larg == TLSEXT_NAMETYPE_host_name) {
3077 OPENSSL_free(s->ext.hostname);
3078 s->ext.hostname = NULL;
3083 len = strlen((char *)parg);
3084 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3085 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3088 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3089 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3093 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3097 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3098 s->ext.debug_arg = parg;
3102 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3103 ret = s->ext.status_type;
3106 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3107 s->ext.status_type = larg;
3111 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3112 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3116 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3117 s->ext.ocsp.exts = parg;
3121 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3122 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3126 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3127 s->ext.ocsp.ids = parg;
3131 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3132 *(unsigned char **)parg = s->ext.ocsp.resp;
3133 if (s->ext.ocsp.resp_len == 0
3134 || s->ext.ocsp.resp_len > LONG_MAX)
3136 return (long)s->ext.ocsp.resp_len;
3138 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3139 OPENSSL_free(s->ext.ocsp.resp);
3140 s->ext.ocsp.resp = parg;
3141 s->ext.ocsp.resp_len = larg;
3145 #ifndef OPENSSL_NO_HEARTBEATS
3146 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3147 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3148 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3152 case SSL_CTRL_CHAIN:
3154 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3156 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3158 case SSL_CTRL_CHAIN_CERT:
3160 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3162 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3164 case SSL_CTRL_GET_CHAIN_CERTS:
3165 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3168 case SSL_CTRL_SELECT_CURRENT_CERT:
3169 return ssl_cert_select_current(s->cert, (X509 *)parg);
3171 case SSL_CTRL_SET_CURRENT_CERT:
3172 if (larg == SSL_CERT_SET_SERVER) {
3173 const SSL_CIPHER *cipher;
3176 cipher = s->s3->tmp.new_cipher;
3180 * No certificate for unauthenticated ciphersuites or using SRP
3183 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3185 if (s->s3->tmp.cert == NULL)
3187 s->cert->key = s->s3->tmp.cert;
3190 return ssl_cert_set_current(s->cert, larg);
3192 #ifndef OPENSSL_NO_EC
3193 case SSL_CTRL_GET_GROUPS:
3195 unsigned char *clist;
3200 clist = s->session->ext.supportedgroups;
3201 clistlen = s->session->ext.supportedgroups_len / 2;
3205 unsigned int cid, nid;
3206 for (i = 0; i < clistlen; i++) {
3208 /* TODO(TLS1.3): Handle DH groups here */
3209 nid = tls1_ec_curve_id2nid(cid, NULL);
3213 cptr[i] = TLSEXT_nid_unknown | cid;
3216 return (int)clistlen;
3219 case SSL_CTRL_SET_GROUPS:
3220 return tls1_set_groups(&s->ext.supportedgroups,
3221 &s->ext.supportedgroups_len, parg, larg);
3223 case SSL_CTRL_SET_GROUPS_LIST:
3224 return tls1_set_groups_list(&s->ext.supportedgroups,
3225 &s->ext.supportedgroups_len, parg);
3227 case SSL_CTRL_GET_SHARED_GROUP:
3228 return tls1_shared_group(s, larg);
3231 case SSL_CTRL_SET_SIGALGS:
3232 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3234 case SSL_CTRL_SET_SIGALGS_LIST:
3235 return tls1_set_sigalgs_list(s->cert, parg, 0);
3237 case SSL_CTRL_SET_CLIENT_SIGALGS:
3238 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3240 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3241 return tls1_set_sigalgs_list(s->cert, parg, 1);
3243 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3245 const unsigned char **pctype = parg;
3246 if (s->server || !s->s3->tmp.cert_req)
3249 *pctype = s->s3->tmp.ctype;
3250 return s->s3->tmp.ctype_len;
3253 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3256 return ssl3_set_req_cert_type(s->cert, parg, larg);
3258 case SSL_CTRL_BUILD_CERT_CHAIN:
3259 return ssl_build_cert_chain(s, NULL, larg);
3261 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3262 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3264 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3265 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3267 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3268 if (s->s3->tmp.peer_sigalg == NULL)
3270 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3273 case SSL_CTRL_GET_SERVER_TMP_KEY:
3274 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3275 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3278 EVP_PKEY_up_ref(s->s3->peer_tmp);
3279 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3285 #ifndef OPENSSL_NO_EC
3286 case SSL_CTRL_GET_EC_POINT_FORMATS:
3288 SSL_SESSION *sess = s->session;
3289 const unsigned char **pformat = parg;
3291 if (sess == NULL || sess->ext.ecpointformats == NULL)
3293 *pformat = sess->ext.ecpointformats;
3294 return (int)sess->ext.ecpointformats_len;
3304 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3309 #ifndef OPENSSL_NO_DH
3310 case SSL_CTRL_SET_TMP_DH_CB:
3312 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3316 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3317 s->ext.debug_cb = (void (*)(SSL *, int, int,
3318 const unsigned char *, int, void *))fp;
3321 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3323 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3332 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3335 #ifndef OPENSSL_NO_DH
3336 case SSL_CTRL_SET_TMP_DH:
3338 DH *dh = (DH *)parg;
3339 EVP_PKEY *pkdh = NULL;
3341 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3344 pkdh = ssl_dh_to_pkey(dh);
3346 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3349 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3350 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3351 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3352 EVP_PKEY_free(pkdh);
3355 EVP_PKEY_free(ctx->cert->dh_tmp);
3356 ctx->cert->dh_tmp = pkdh;
3359 case SSL_CTRL_SET_TMP_DH_CB:
3361 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3364 case SSL_CTRL_SET_DH_AUTO:
3365 ctx->cert->dh_tmp_auto = larg;
3368 #ifndef OPENSSL_NO_EC
3369 case SSL_CTRL_SET_TMP_ECDH:
3371 const EC_GROUP *group = NULL;
3375 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3378 group = EC_KEY_get0_group((const EC_KEY *)parg);
3379 if (group == NULL) {
3380 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3383 nid = EC_GROUP_get_curve_name(group);
3384 if (nid == NID_undef)
3386 return tls1_set_groups(&ctx->ext.supportedgroups,
3387 &ctx->ext.supportedgroups_len,
3390 #endif /* !OPENSSL_NO_EC */
3391 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3392 ctx->ext.servername_arg = parg;
3394 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3395 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3397 unsigned char *keys = parg;
3398 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3399 sizeof(ctx->ext.tick_hmac_key) +
3400 sizeof(ctx->ext.tick_aes_key));
3403 if (larg != tick_keylen) {
3404 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3407 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3408 memcpy(ctx->ext.tick_key_name, keys,
3409 sizeof(ctx->ext.tick_key_name));
3410 memcpy(ctx->ext.tick_hmac_key,
3411 keys + sizeof(ctx->ext.tick_key_name),
3412 sizeof(ctx->ext.tick_hmac_key));
3413 memcpy(ctx->ext.tick_aes_key,
3414 keys + sizeof(ctx->ext.tick_key_name) +
3415 sizeof(ctx->ext.tick_hmac_key),
3416 sizeof(ctx->ext.tick_aes_key));
3418 memcpy(keys, ctx->ext.tick_key_name,
3419 sizeof(ctx->ext.tick_key_name));
3420 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3421 ctx->ext.tick_hmac_key,
3422 sizeof(ctx->ext.tick_hmac_key));
3423 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3424 sizeof(ctx->ext.tick_hmac_key),
3425 ctx->ext.tick_aes_key,
3426 sizeof(ctx->ext.tick_aes_key));
3431 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3432 return ctx->ext.status_type;
3434 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3435 ctx->ext.status_type = larg;
3438 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3439 ctx->ext.status_arg = parg;
3442 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3443 *(void**)parg = ctx->ext.status_arg;
3446 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3447 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3450 #ifndef OPENSSL_NO_SRP
3451 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3452 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3453 OPENSSL_free(ctx->srp_ctx.login);
3454 ctx->srp_ctx.login = NULL;
3457 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3458 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3461 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3462 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3466 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3467 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3468 srp_password_from_info_cb;
3469 ctx->srp_ctx.info = parg;
3471 case SSL_CTRL_SET_SRP_ARG:
3472 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3473 ctx->srp_ctx.SRP_cb_arg = parg;
3476 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3477 ctx->srp_ctx.strength = larg;
3481 #ifndef OPENSSL_NO_EC
3482 case SSL_CTRL_SET_GROUPS:
3483 return tls1_set_groups(&ctx->ext.supportedgroups,
3484 &ctx->ext.supportedgroups_len,
3487 case SSL_CTRL_SET_GROUPS_LIST:
3488 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3489 &ctx->ext.supportedgroups_len,
3492 case SSL_CTRL_SET_SIGALGS:
3493 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3495 case SSL_CTRL_SET_SIGALGS_LIST:
3496 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3498 case SSL_CTRL_SET_CLIENT_SIGALGS:
3499 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3501 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3502 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3504 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3505 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3507 case SSL_CTRL_BUILD_CERT_CHAIN:
3508 return ssl_build_cert_chain(NULL, ctx, larg);
3510 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3511 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3513 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3514 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3516 /* A Thawte special :-) */
3517 case SSL_CTRL_EXTRA_CHAIN_CERT:
3518 if (ctx->extra_certs == NULL) {
3519 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3520 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3524 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3525 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3530 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3531 if (ctx->extra_certs == NULL && larg == 0)
3532 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3534 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3537 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3538 sk_X509_pop_free(ctx->extra_certs, X509_free);
3539 ctx->extra_certs = NULL;
3542 case SSL_CTRL_CHAIN:
3544 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3546 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3548 case SSL_CTRL_CHAIN_CERT:
3550 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3552 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3554 case SSL_CTRL_GET_CHAIN_CERTS:
3555 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3558 case SSL_CTRL_SELECT_CURRENT_CERT:
3559 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3561 case SSL_CTRL_SET_CURRENT_CERT:
3562 return ssl_cert_set_current(ctx->cert, larg);
3570 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3573 #ifndef OPENSSL_NO_DH
3574 case SSL_CTRL_SET_TMP_DH_CB:
3576 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3580 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3581 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3584 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3585 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3588 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3589 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3592 HMAC_CTX *, int))fp;
3595 #ifndef OPENSSL_NO_SRP
3596 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3597 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3598 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3600 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3601 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3602 ctx->srp_ctx.TLS_ext_srp_username_callback =
3603 (int (*)(SSL *, int *, void *))fp;
3605 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3606 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3607 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3608 (char *(*)(SSL *, void *))fp;
3611 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3613 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3622 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3625 const SSL_CIPHER *cp;
3628 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3631 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3635 * This function needs to check if the ciphers required are actually
3638 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3640 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3641 | ((uint32_t)p[0] << 8L)
3645 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3647 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3652 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3660 * ssl3_choose_cipher - choose a cipher from those offered by the client
3661 * @s: SSL connection
3662 * @clnt: ciphers offered by the client
3663 * @srvr: ciphers enabled on the server?
3665 * Returns the selected cipher or NULL when no common ciphers.
3667 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3668 STACK_OF(SSL_CIPHER) *srvr)
3670 const SSL_CIPHER *c, *ret = NULL;
3671 STACK_OF(SSL_CIPHER) *prio, *allow;
3673 unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
3675 /* Let's see which ciphers we can support */
3678 * Do not set the compare functions, because this may lead to a
3679 * reordering by "id". We want to keep the original ordering. We may pay
3680 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3681 * pay with the price of sk_SSL_CIPHER_dup().
3685 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3687 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3688 c = sk_SSL_CIPHER_value(srvr, i);
3689 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3691 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3693 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3694 c = sk_SSL_CIPHER_value(clnt, i);
3695 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3699 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3707 tls1_set_cert_validity(s);
3710 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3711 c = sk_SSL_CIPHER_value(prio, i);
3713 /* Skip ciphers not supported by the protocol version */
3714 if (!SSL_IS_DTLS(s) &&
3715 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3717 if (SSL_IS_DTLS(s) &&
3718 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3719 DTLS_VERSION_GT(s->version, c->max_dtls)))
3722 * Since TLS 1.3 ciphersuites can be used with any auth or
3723 * key exchange scheme skip tests.
3725 if (!SSL_IS_TLS13(s)) {
3726 mask_k = s->s3->tmp.mask_k;
3727 mask_a = s->s3->tmp.mask_a;
3728 #ifndef OPENSSL_NO_SRP
3729 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3735 alg_k = c->algorithm_mkey;
3736 alg_a = c->algorithm_auth;
3738 #ifndef OPENSSL_NO_PSK
3739 /* with PSK there must be server callback set */
3740 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3742 #endif /* OPENSSL_NO_PSK */
3744 ok = (alg_k & mask_k) && (alg_a & mask_a);
3746 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3747 alg_a, mask_k, mask_a, (void *)c, c->name);
3750 #ifndef OPENSSL_NO_EC
3752 * if we are considering an ECC cipher suite that uses an ephemeral
3755 if (alg_k & SSL_kECDHE)
3756 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3757 #endif /* OPENSSL_NO_EC */
3762 ii = sk_SSL_CIPHER_find(allow, c);
3764 /* Check security callback permits this cipher */
3765 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3766 c->strength_bits, 0, (void *)c))
3768 #if !defined(OPENSSL_NO_EC)
3769 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3770 && s->s3->is_probably_safari) {
3772 ret = sk_SSL_CIPHER_value(allow, ii);
3776 ret = sk_SSL_CIPHER_value(allow, ii);
3783 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3785 uint32_t alg_k, alg_a = 0;
3787 /* If we have custom certificate types set, use them */
3789 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3790 /* Get mask of algorithms disabled by signature list */
3791 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3793 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3795 #ifndef OPENSSL_NO_GOST
3796 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3797 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3798 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3799 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3802 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3803 #ifndef OPENSSL_NO_DH
3804 # ifndef OPENSSL_NO_RSA
3805 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3808 # ifndef OPENSSL_NO_DSA
3809 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3812 #endif /* !OPENSSL_NO_DH */
3814 #ifndef OPENSSL_NO_RSA
3815 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
3818 #ifndef OPENSSL_NO_DSA
3819 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
3822 #ifndef OPENSSL_NO_EC
3824 * ECDSA certs can be used with RSA cipher suites too so we don't
3825 * need to check for SSL_kECDH or SSL_kECDHE
3827 if (s->version >= TLS1_VERSION
3828 && !(alg_a & SSL_aECDSA)
3829 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
3835 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3837 OPENSSL_free(c->ctype);
3840 if (p == NULL || len == 0)
3844 c->ctype = OPENSSL_memdup(p, len);
3845 if (c->ctype == NULL)
3851 int ssl3_shutdown(SSL *s)
3856 * Don't do anything much if we have not done the handshake or we don't
3857 * want to send messages :-)
3859 if (s->quiet_shutdown || SSL_in_before(s)) {
3860 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3864 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3865 s->shutdown |= SSL_SENT_SHUTDOWN;
3866 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3868 * our shutdown alert has been sent now, and if it still needs to be
3869 * written, s->s3->alert_dispatch will be true
3871 if (s->s3->alert_dispatch)
3872 return (-1); /* return WANT_WRITE */
3873 } else if (s->s3->alert_dispatch) {
3874 /* resend it if not sent */
3875 ret = s->method->ssl_dispatch_alert(s);
3878 * we only get to return -1 here the 2nd/Nth invocation, we must
3879 * have already signalled return 0 upon a previous invocation,
3884 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3887 * If we are waiting for a close from our peer, we are closed
3889 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3890 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3891 return -1; /* return WANT_READ */
3895 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3896 !s->s3->alert_dispatch)
3902 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3905 if (s->s3->renegotiate)
3906 ssl3_renegotiate_check(s, 0);
3908 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
3912 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3918 if (s->s3->renegotiate)
3919 ssl3_renegotiate_check(s, 0);
3920 s->s3->in_read_app_data = 1;
3922 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3924 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3926 * ssl3_read_bytes decided to call s->handshake_func, which called
3927 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3928 * actually found application data and thinks that application data
3929 * makes sense here; so disable handshake processing and try to read
3930 * application data again.
3932 ossl_statem_set_in_handshake(s, 1);
3934 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3935 len, peek, readbytes);
3936 ossl_statem_set_in_handshake(s, 0);
3938 s->s3->in_read_app_data = 0;
3943 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3945 return ssl3_read_internal(s, buf, len, 0, readbytes);
3948 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3950 return ssl3_read_internal(s, buf, len, 1, readbytes);
3953 int ssl3_renegotiate(SSL *s)
3955 if (s->handshake_func == NULL)
3958 s->s3->renegotiate = 1;
3963 * Check if we are waiting to do a renegotiation and if so whether now is a
3964 * good time to do it. If |initok| is true then we are being called from inside
3965 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3966 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3967 * should do a renegotiation now and sets up the state machine for it. Otherwise
3970 int ssl3_renegotiate_check(SSL *s, int initok)
3974 if (s->s3->renegotiate) {
3975 if (!RECORD_LAYER_read_pending(&s->rlayer)
3976 && !RECORD_LAYER_write_pending(&s->rlayer)
3977 && (initok || !SSL_in_init(s))) {
3979 * if we are the server, and we have sent a 'RENEGOTIATE'
3980 * message, we need to set the state machine into the renegotiate
3983 ossl_statem_set_renegotiate(s);
3984 s->s3->renegotiate = 0;
3985 s->s3->num_renegotiations++;
3986 s->s3->total_renegotiations++;
3994 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3995 * handshake macs if required.
3997 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3999 long ssl_get_algorithm2(SSL *s)
4002 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4004 alg2 = s->s3->tmp.new_cipher->algorithm2;
4005 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4006 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4007 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4008 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4009 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4010 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4016 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4017 * failure, 1 on success.
4019 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4022 int send_time = 0, ret;
4027 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4029 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4031 unsigned long Time = (unsigned long)time(NULL);
4032 unsigned char *p = result;
4034 /* TODO(size_t): Convert this */
4035 ret = RAND_bytes(p, (int)(len - 4));
4037 ret = RAND_bytes(result, (int)len);
4039 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4041 assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
4042 if (dgrd == DOWNGRADE_TO_1_2)
4043 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4044 sizeof(tls12downgrade));
4045 else if (dgrd == DOWNGRADE_TO_1_1)
4046 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4047 sizeof(tls11downgrade));
4053 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4056 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4059 if (alg_k & SSL_PSK) {
4060 #ifndef OPENSSL_NO_PSK
4061 unsigned char *pskpms, *t;
4062 size_t psklen = s->s3->tmp.psklen;
4065 /* create PSK premaster_secret */
4067 /* For plain PSK "other_secret" is psklen zeroes */
4068 if (alg_k & SSL_kPSK)
4071 pskpmslen = 4 + pmslen + psklen;
4072 pskpms = OPENSSL_malloc(pskpmslen);
4077 if (alg_k & SSL_kPSK)
4078 memset(t, 0, pmslen);
4080 memcpy(t, pms, pmslen);
4083 memcpy(t, s->s3->tmp.psk, psklen);
4085 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4086 s->s3->tmp.psk = NULL;
4087 if (!s->method->ssl3_enc->generate_master_secret(s,
4088 s->session->master_key,pskpms, pskpmslen,
4089 &s->session->master_key_length))
4091 OPENSSL_clear_free(pskpms, pskpmslen);
4093 /* Should never happen */
4097 if (!s->method->ssl3_enc->generate_master_secret(s,
4098 s->session->master_key, pms, pmslen,
4099 &s->session->master_key_length))
4107 OPENSSL_clear_free(pms, pmslen);
4109 OPENSSL_cleanse(pms, pmslen);
4112 s->s3->tmp.pms = NULL;
4116 /* Generate a private key from parameters */
4117 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4119 EVP_PKEY_CTX *pctx = NULL;
4120 EVP_PKEY *pkey = NULL;
4124 pctx = EVP_PKEY_CTX_new(pm, NULL);
4127 if (EVP_PKEY_keygen_init(pctx) <= 0)
4129 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4130 EVP_PKEY_free(pkey);
4135 EVP_PKEY_CTX_free(pctx);
4138 #ifndef OPENSSL_NO_EC
4139 /* Generate a private key a curve ID */
4140 EVP_PKEY *ssl_generate_pkey_curve(int id)
4142 EVP_PKEY_CTX *pctx = NULL;
4143 EVP_PKEY *pkey = NULL;
4144 unsigned int curve_flags;
4145 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4149 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4150 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4153 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4157 if (EVP_PKEY_keygen_init(pctx) <= 0)
4159 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4161 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4162 EVP_PKEY_free(pkey);
4167 EVP_PKEY_CTX_free(pctx);
4172 /* Derive secrets for ECDH/DH */
4173 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4176 unsigned char *pms = NULL;
4180 if (privkey == NULL || pubkey == NULL)
4183 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4185 if (EVP_PKEY_derive_init(pctx) <= 0
4186 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4187 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4191 pms = OPENSSL_malloc(pmslen);
4195 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4199 if (SSL_IS_TLS13(s)) {
4201 * If we are resuming then we already generated the early secret
4202 * when we created the ClientHello, so don't recreate it.
4205 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4207 (unsigned char *)&s->early_secret);
4211 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4213 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4216 /* Save premaster secret */
4217 s->s3->tmp.pms = pms;
4218 s->s3->tmp.pmslen = pmslen;
4224 OPENSSL_clear_free(pms, pmslen);
4225 EVP_PKEY_CTX_free(pctx);
4229 #ifndef OPENSSL_NO_DH
4230 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4235 ret = EVP_PKEY_new();
4236 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {