2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
22 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
23 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
25 /* TLSv1.3 downgrade protection sentinel values */
26 const unsigned char tls11downgrade[] = {
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
29 const unsigned char tls12downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 /* The list of available TLSv1.3 ciphers */
34 static SSL_CIPHER tls13_ciphers[] = {
37 TLS1_3_RFC_AES_128_GCM_SHA256,
38 TLS1_3_RFC_AES_128_GCM_SHA256,
39 TLS1_3_CK_AES_128_GCM_SHA256,
44 TLS1_3_VERSION, TLS1_3_VERSION,
47 SSL_HANDSHAKE_MAC_SHA256,
52 TLS1_3_RFC_AES_256_GCM_SHA384,
53 TLS1_3_RFC_AES_256_GCM_SHA384,
54 TLS1_3_CK_AES_256_GCM_SHA384,
59 TLS1_3_VERSION, TLS1_3_VERSION,
62 SSL_HANDSHAKE_MAC_SHA384,
66 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
69 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
70 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
71 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
76 TLS1_3_VERSION, TLS1_3_VERSION,
79 SSL_HANDSHAKE_MAC_SHA256,
86 TLS1_3_RFC_AES_128_CCM_SHA256,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_CK_AES_128_CCM_SHA256,
93 TLS1_3_VERSION, TLS1_3_VERSION,
95 SSL_NOT_DEFAULT | SSL_HIGH,
96 SSL_HANDSHAKE_MAC_SHA256,
101 TLS1_3_RFC_AES_128_CCM_8_SHA256,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_CK_AES_128_CCM_8_SHA256,
108 TLS1_3_VERSION, TLS1_3_VERSION,
110 SSL_NOT_DEFAULT | SSL_HIGH,
111 SSL_HANDSHAKE_MAC_SHA256,
118 * The list of available ciphers, mostly organized into the following
123 * SRP (within that: RSA EC PSK)
124 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
127 static SSL_CIPHER ssl3_ciphers[] = {
130 SSL3_TXT_RSA_NULL_MD5,
131 SSL3_RFC_RSA_NULL_MD5,
132 SSL3_CK_RSA_NULL_MD5,
137 SSL3_VERSION, TLS1_2_VERSION,
138 DTLS1_BAD_VER, DTLS1_2_VERSION,
140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
146 SSL3_TXT_RSA_NULL_SHA,
147 SSL3_RFC_RSA_NULL_SHA,
148 SSL3_CK_RSA_NULL_SHA,
153 SSL3_VERSION, TLS1_2_VERSION,
154 DTLS1_BAD_VER, DTLS1_2_VERSION,
155 SSL_STRONG_NONE | SSL_FIPS,
156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
160 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
163 SSL3_TXT_RSA_DES_192_CBC3_SHA,
164 SSL3_RFC_RSA_DES_192_CBC3_SHA,
165 SSL3_CK_RSA_DES_192_CBC3_SHA,
170 SSL3_VERSION, TLS1_2_VERSION,
171 DTLS1_BAD_VER, DTLS1_2_VERSION,
172 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
173 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
179 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
180 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
181 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
186 SSL3_VERSION, TLS1_2_VERSION,
187 DTLS1_BAD_VER, DTLS1_2_VERSION,
188 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
189 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
195 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
196 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
197 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
202 SSL3_VERSION, TLS1_2_VERSION,
203 DTLS1_BAD_VER, DTLS1_2_VERSION,
204 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
211 SSL3_TXT_ADH_DES_192_CBC_SHA,
212 SSL3_RFC_ADH_DES_192_CBC_SHA,
213 SSL3_CK_ADH_DES_192_CBC_SHA,
218 SSL3_VERSION, TLS1_2_VERSION,
219 DTLS1_BAD_VER, DTLS1_2_VERSION,
220 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
221 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228 TLS1_TXT_RSA_WITH_AES_128_SHA,
229 TLS1_RFC_RSA_WITH_AES_128_SHA,
230 TLS1_CK_RSA_WITH_AES_128_SHA,
235 SSL3_VERSION, TLS1_2_VERSION,
236 DTLS1_BAD_VER, DTLS1_2_VERSION,
238 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
245 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
246 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
251 SSL3_VERSION, TLS1_2_VERSION,
252 DTLS1_BAD_VER, DTLS1_2_VERSION,
253 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
254 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
261 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
262 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
267 SSL3_VERSION, TLS1_2_VERSION,
268 DTLS1_BAD_VER, DTLS1_2_VERSION,
270 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
276 TLS1_TXT_ADH_WITH_AES_128_SHA,
277 TLS1_RFC_ADH_WITH_AES_128_SHA,
278 TLS1_CK_ADH_WITH_AES_128_SHA,
283 SSL3_VERSION, TLS1_2_VERSION,
284 DTLS1_BAD_VER, DTLS1_2_VERSION,
285 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
292 TLS1_TXT_RSA_WITH_AES_256_SHA,
293 TLS1_RFC_RSA_WITH_AES_256_SHA,
294 TLS1_CK_RSA_WITH_AES_256_SHA,
299 SSL3_VERSION, TLS1_2_VERSION,
300 DTLS1_BAD_VER, DTLS1_2_VERSION,
302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
309 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
310 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
315 SSL3_VERSION, TLS1_2_VERSION,
316 DTLS1_BAD_VER, DTLS1_2_VERSION,
317 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
324 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
325 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
326 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
331 SSL3_VERSION, TLS1_2_VERSION,
332 DTLS1_BAD_VER, DTLS1_2_VERSION,
334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
340 TLS1_TXT_ADH_WITH_AES_256_SHA,
341 TLS1_RFC_ADH_WITH_AES_256_SHA,
342 TLS1_CK_ADH_WITH_AES_256_SHA,
347 SSL3_VERSION, TLS1_2_VERSION,
348 DTLS1_BAD_VER, DTLS1_2_VERSION,
349 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
356 TLS1_TXT_RSA_WITH_NULL_SHA256,
357 TLS1_RFC_RSA_WITH_NULL_SHA256,
358 TLS1_CK_RSA_WITH_NULL_SHA256,
363 TLS1_2_VERSION, TLS1_2_VERSION,
364 DTLS1_2_VERSION, DTLS1_2_VERSION,
365 SSL_STRONG_NONE | SSL_FIPS,
366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
372 TLS1_TXT_RSA_WITH_AES_128_SHA256,
373 TLS1_RFC_RSA_WITH_AES_128_SHA256,
374 TLS1_CK_RSA_WITH_AES_128_SHA256,
379 TLS1_2_VERSION, TLS1_2_VERSION,
380 DTLS1_2_VERSION, DTLS1_2_VERSION,
382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
388 TLS1_TXT_RSA_WITH_AES_256_SHA256,
389 TLS1_RFC_RSA_WITH_AES_256_SHA256,
390 TLS1_CK_RSA_WITH_AES_256_SHA256,
395 TLS1_2_VERSION, TLS1_2_VERSION,
396 DTLS1_2_VERSION, DTLS1_2_VERSION,
398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
404 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
405 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
406 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
411 TLS1_2_VERSION, TLS1_2_VERSION,
412 DTLS1_2_VERSION, DTLS1_2_VERSION,
413 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
414 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
420 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
421 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
422 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
427 TLS1_2_VERSION, TLS1_2_VERSION,
428 DTLS1_2_VERSION, DTLS1_2_VERSION,
430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
436 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
437 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
438 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
443 TLS1_2_VERSION, TLS1_2_VERSION,
444 DTLS1_2_VERSION, DTLS1_2_VERSION,
445 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
452 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
453 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
454 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
459 TLS1_2_VERSION, TLS1_2_VERSION,
460 DTLS1_2_VERSION, DTLS1_2_VERSION,
462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
468 TLS1_TXT_ADH_WITH_AES_128_SHA256,
469 TLS1_RFC_ADH_WITH_AES_128_SHA256,
470 TLS1_CK_ADH_WITH_AES_128_SHA256,
475 TLS1_2_VERSION, TLS1_2_VERSION,
476 DTLS1_2_VERSION, DTLS1_2_VERSION,
477 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
478 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
484 TLS1_TXT_ADH_WITH_AES_256_SHA256,
485 TLS1_RFC_ADH_WITH_AES_256_SHA256,
486 TLS1_CK_ADH_WITH_AES_256_SHA256,
491 TLS1_2_VERSION, TLS1_2_VERSION,
492 DTLS1_2_VERSION, DTLS1_2_VERSION,
493 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
494 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
500 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
501 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
502 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
507 TLS1_2_VERSION, TLS1_2_VERSION,
508 DTLS1_2_VERSION, DTLS1_2_VERSION,
510 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
516 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
517 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
518 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
523 TLS1_2_VERSION, TLS1_2_VERSION,
524 DTLS1_2_VERSION, DTLS1_2_VERSION,
526 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
532 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
533 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
534 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
539 TLS1_2_VERSION, TLS1_2_VERSION,
540 DTLS1_2_VERSION, DTLS1_2_VERSION,
542 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
548 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
549 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
550 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
555 TLS1_2_VERSION, TLS1_2_VERSION,
556 DTLS1_2_VERSION, DTLS1_2_VERSION,
558 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
564 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
565 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
566 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
571 TLS1_2_VERSION, TLS1_2_VERSION,
572 DTLS1_2_VERSION, DTLS1_2_VERSION,
573 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
574 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
580 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
581 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
582 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
587 TLS1_2_VERSION, TLS1_2_VERSION,
588 DTLS1_2_VERSION, DTLS1_2_VERSION,
589 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
590 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
596 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
597 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
598 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
603 TLS1_2_VERSION, TLS1_2_VERSION,
604 DTLS1_2_VERSION, DTLS1_2_VERSION,
605 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
606 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
612 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
613 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
614 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
619 TLS1_2_VERSION, TLS1_2_VERSION,
620 DTLS1_2_VERSION, DTLS1_2_VERSION,
621 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
622 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
628 TLS1_TXT_RSA_WITH_AES_128_CCM,
629 TLS1_RFC_RSA_WITH_AES_128_CCM,
630 TLS1_CK_RSA_WITH_AES_128_CCM,
635 TLS1_2_VERSION, TLS1_2_VERSION,
636 DTLS1_2_VERSION, DTLS1_2_VERSION,
637 SSL_NOT_DEFAULT | SSL_HIGH,
638 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
644 TLS1_TXT_RSA_WITH_AES_256_CCM,
645 TLS1_RFC_RSA_WITH_AES_256_CCM,
646 TLS1_CK_RSA_WITH_AES_256_CCM,
651 TLS1_2_VERSION, TLS1_2_VERSION,
652 DTLS1_2_VERSION, DTLS1_2_VERSION,
653 SSL_NOT_DEFAULT | SSL_HIGH,
654 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
660 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
661 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
662 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
667 TLS1_2_VERSION, TLS1_2_VERSION,
668 DTLS1_2_VERSION, DTLS1_2_VERSION,
669 SSL_NOT_DEFAULT | SSL_HIGH,
670 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
676 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
677 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
678 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
683 TLS1_2_VERSION, TLS1_2_VERSION,
684 DTLS1_2_VERSION, DTLS1_2_VERSION,
685 SSL_NOT_DEFAULT | SSL_HIGH,
686 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
692 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
693 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
694 TLS1_CK_RSA_WITH_AES_128_CCM_8,
699 TLS1_2_VERSION, TLS1_2_VERSION,
700 DTLS1_2_VERSION, DTLS1_2_VERSION,
701 SSL_NOT_DEFAULT | SSL_HIGH,
702 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
708 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
709 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
710 TLS1_CK_RSA_WITH_AES_256_CCM_8,
715 TLS1_2_VERSION, TLS1_2_VERSION,
716 DTLS1_2_VERSION, DTLS1_2_VERSION,
717 SSL_NOT_DEFAULT | SSL_HIGH,
718 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
724 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
725 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
726 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
731 TLS1_2_VERSION, TLS1_2_VERSION,
732 DTLS1_2_VERSION, DTLS1_2_VERSION,
733 SSL_NOT_DEFAULT | SSL_HIGH,
734 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
740 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
741 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
742 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
747 TLS1_2_VERSION, TLS1_2_VERSION,
748 DTLS1_2_VERSION, DTLS1_2_VERSION,
749 SSL_NOT_DEFAULT | SSL_HIGH,
750 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
756 TLS1_TXT_PSK_WITH_AES_128_CCM,
757 TLS1_RFC_PSK_WITH_AES_128_CCM,
758 TLS1_CK_PSK_WITH_AES_128_CCM,
763 TLS1_2_VERSION, TLS1_2_VERSION,
764 DTLS1_2_VERSION, DTLS1_2_VERSION,
765 SSL_NOT_DEFAULT | SSL_HIGH,
766 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
772 TLS1_TXT_PSK_WITH_AES_256_CCM,
773 TLS1_RFC_PSK_WITH_AES_256_CCM,
774 TLS1_CK_PSK_WITH_AES_256_CCM,
779 TLS1_2_VERSION, TLS1_2_VERSION,
780 DTLS1_2_VERSION, DTLS1_2_VERSION,
781 SSL_NOT_DEFAULT | SSL_HIGH,
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
788 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
789 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
790 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
795 TLS1_2_VERSION, TLS1_2_VERSION,
796 DTLS1_2_VERSION, DTLS1_2_VERSION,
797 SSL_NOT_DEFAULT | SSL_HIGH,
798 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
804 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
805 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
811 TLS1_2_VERSION, TLS1_2_VERSION,
812 DTLS1_2_VERSION, DTLS1_2_VERSION,
813 SSL_NOT_DEFAULT | SSL_HIGH,
814 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
820 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
821 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
822 TLS1_CK_PSK_WITH_AES_128_CCM_8,
827 TLS1_2_VERSION, TLS1_2_VERSION,
828 DTLS1_2_VERSION, DTLS1_2_VERSION,
829 SSL_NOT_DEFAULT | SSL_HIGH,
830 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
836 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
837 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
838 TLS1_CK_PSK_WITH_AES_256_CCM_8,
843 TLS1_2_VERSION, TLS1_2_VERSION,
844 DTLS1_2_VERSION, DTLS1_2_VERSION,
845 SSL_NOT_DEFAULT | SSL_HIGH,
846 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
852 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
853 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
859 TLS1_2_VERSION, TLS1_2_VERSION,
860 DTLS1_2_VERSION, DTLS1_2_VERSION,
861 SSL_NOT_DEFAULT | SSL_HIGH,
862 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
868 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
869 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
870 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
875 TLS1_2_VERSION, TLS1_2_VERSION,
876 DTLS1_2_VERSION, DTLS1_2_VERSION,
877 SSL_NOT_DEFAULT | SSL_HIGH,
878 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
884 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
885 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
891 TLS1_2_VERSION, TLS1_2_VERSION,
892 DTLS1_2_VERSION, DTLS1_2_VERSION,
893 SSL_NOT_DEFAULT | SSL_HIGH,
894 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
900 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
901 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
902 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
907 TLS1_2_VERSION, TLS1_2_VERSION,
908 DTLS1_2_VERSION, DTLS1_2_VERSION,
909 SSL_NOT_DEFAULT | SSL_HIGH,
910 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
916 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
917 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
923 TLS1_2_VERSION, TLS1_2_VERSION,
924 DTLS1_2_VERSION, DTLS1_2_VERSION,
925 SSL_NOT_DEFAULT | SSL_HIGH,
926 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
932 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
933 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
939 TLS1_2_VERSION, TLS1_2_VERSION,
940 DTLS1_2_VERSION, DTLS1_2_VERSION,
941 SSL_NOT_DEFAULT | SSL_HIGH,
942 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
948 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
955 TLS1_VERSION, TLS1_2_VERSION,
956 DTLS1_BAD_VER, DTLS1_2_VERSION,
957 SSL_STRONG_NONE | SSL_FIPS,
958 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
962 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
965 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
972 TLS1_VERSION, TLS1_2_VERSION,
973 DTLS1_BAD_VER, DTLS1_2_VERSION,
974 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
975 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
982 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
989 TLS1_VERSION, TLS1_2_VERSION,
990 DTLS1_BAD_VER, DTLS1_2_VERSION,
992 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
998 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1005 TLS1_VERSION, TLS1_2_VERSION,
1006 DTLS1_BAD_VER, DTLS1_2_VERSION,
1007 SSL_HIGH | SSL_FIPS,
1008 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1014 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1021 TLS1_VERSION, TLS1_2_VERSION,
1022 DTLS1_BAD_VER, DTLS1_2_VERSION,
1023 SSL_STRONG_NONE | SSL_FIPS,
1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1028 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1031 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1038 TLS1_VERSION, TLS1_2_VERSION,
1039 DTLS1_BAD_VER, DTLS1_2_VERSION,
1040 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1048 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1055 TLS1_VERSION, TLS1_2_VERSION,
1056 DTLS1_BAD_VER, DTLS1_2_VERSION,
1057 SSL_HIGH | SSL_FIPS,
1058 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1064 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1071 TLS1_VERSION, TLS1_2_VERSION,
1072 DTLS1_BAD_VER, DTLS1_2_VERSION,
1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1080 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1087 TLS1_VERSION, TLS1_2_VERSION,
1088 DTLS1_BAD_VER, DTLS1_2_VERSION,
1089 SSL_STRONG_NONE | SSL_FIPS,
1090 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1094 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1097 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1104 TLS1_VERSION, TLS1_2_VERSION,
1105 DTLS1_BAD_VER, DTLS1_2_VERSION,
1106 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1107 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1121 TLS1_VERSION, TLS1_2_VERSION,
1122 DTLS1_BAD_VER, DTLS1_2_VERSION,
1123 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1130 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1137 TLS1_VERSION, TLS1_2_VERSION,
1138 DTLS1_BAD_VER, DTLS1_2_VERSION,
1139 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1146 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1153 TLS1_2_VERSION, TLS1_2_VERSION,
1154 DTLS1_2_VERSION, DTLS1_2_VERSION,
1155 SSL_HIGH | SSL_FIPS,
1156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1162 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1169 TLS1_2_VERSION, TLS1_2_VERSION,
1170 DTLS1_2_VERSION, DTLS1_2_VERSION,
1171 SSL_HIGH | SSL_FIPS,
1172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1178 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1185 TLS1_2_VERSION, TLS1_2_VERSION,
1186 DTLS1_2_VERSION, DTLS1_2_VERSION,
1187 SSL_HIGH | SSL_FIPS,
1188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1194 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1201 TLS1_2_VERSION, TLS1_2_VERSION,
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,
1203 SSL_HIGH | SSL_FIPS,
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1210 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1217 TLS1_2_VERSION, TLS1_2_VERSION,
1218 DTLS1_2_VERSION, DTLS1_2_VERSION,
1219 SSL_HIGH | SSL_FIPS,
1220 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1226 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1233 TLS1_2_VERSION, TLS1_2_VERSION,
1234 DTLS1_2_VERSION, DTLS1_2_VERSION,
1235 SSL_HIGH | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1242 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1249 TLS1_2_VERSION, TLS1_2_VERSION,
1250 DTLS1_2_VERSION, DTLS1_2_VERSION,
1251 SSL_HIGH | SSL_FIPS,
1252 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1258 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1265 TLS1_2_VERSION, TLS1_2_VERSION,
1266 DTLS1_2_VERSION, DTLS1_2_VERSION,
1267 SSL_HIGH | SSL_FIPS,
1268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1274 TLS1_TXT_PSK_WITH_NULL_SHA,
1275 TLS1_RFC_PSK_WITH_NULL_SHA,
1276 TLS1_CK_PSK_WITH_NULL_SHA,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,
1283 SSL_STRONG_NONE | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1290 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1291 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1297 SSL3_VERSION, TLS1_2_VERSION,
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,
1299 SSL_STRONG_NONE | SSL_FIPS,
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1306 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1307 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1313 SSL3_VERSION, TLS1_2_VERSION,
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,
1315 SSL_STRONG_NONE | SSL_FIPS,
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1320 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1323 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1324 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1330 SSL3_VERSION, TLS1_2_VERSION,
1331 DTLS1_BAD_VER, DTLS1_2_VERSION,
1332 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1333 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1340 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1341 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1347 SSL3_VERSION, TLS1_2_VERSION,
1348 DTLS1_BAD_VER, DTLS1_2_VERSION,
1349 SSL_HIGH | SSL_FIPS,
1350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1356 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1357 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1363 SSL3_VERSION, TLS1_2_VERSION,
1364 DTLS1_BAD_VER, DTLS1_2_VERSION,
1365 SSL_HIGH | SSL_FIPS,
1366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1370 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1374 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1380 SSL3_VERSION, TLS1_2_VERSION,
1381 DTLS1_BAD_VER, DTLS1_2_VERSION,
1382 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1390 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1391 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1397 SSL3_VERSION, TLS1_2_VERSION,
1398 DTLS1_BAD_VER, DTLS1_2_VERSION,
1399 SSL_HIGH | SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1406 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1407 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1413 SSL3_VERSION, TLS1_2_VERSION,
1414 DTLS1_BAD_VER, DTLS1_2_VERSION,
1415 SSL_HIGH | SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1420 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1423 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1424 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1430 SSL3_VERSION, TLS1_2_VERSION,
1431 DTLS1_BAD_VER, DTLS1_2_VERSION,
1432 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1440 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1441 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1447 SSL3_VERSION, TLS1_2_VERSION,
1448 DTLS1_BAD_VER, DTLS1_2_VERSION,
1449 SSL_HIGH | SSL_FIPS,
1450 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1456 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1457 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1463 SSL3_VERSION, TLS1_2_VERSION,
1464 DTLS1_BAD_VER, DTLS1_2_VERSION,
1465 SSL_HIGH | SSL_FIPS,
1466 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1472 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1473 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1479 TLS1_2_VERSION, TLS1_2_VERSION,
1480 DTLS1_2_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1488 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1489 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1495 TLS1_2_VERSION, TLS1_2_VERSION,
1496 DTLS1_2_VERSION, DTLS1_2_VERSION,
1497 SSL_HIGH | SSL_FIPS,
1498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1504 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1505 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1511 TLS1_2_VERSION, TLS1_2_VERSION,
1512 DTLS1_2_VERSION, DTLS1_2_VERSION,
1513 SSL_HIGH | SSL_FIPS,
1514 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1520 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1521 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1527 TLS1_2_VERSION, TLS1_2_VERSION,
1528 DTLS1_2_VERSION, DTLS1_2_VERSION,
1529 SSL_HIGH | SSL_FIPS,
1530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1536 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1537 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1543 TLS1_2_VERSION, TLS1_2_VERSION,
1544 DTLS1_2_VERSION, DTLS1_2_VERSION,
1545 SSL_HIGH | SSL_FIPS,
1546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1552 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1553 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1559 TLS1_2_VERSION, TLS1_2_VERSION,
1560 DTLS1_2_VERSION, DTLS1_2_VERSION,
1561 SSL_HIGH | SSL_FIPS,
1562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1568 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1569 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1575 TLS1_VERSION, TLS1_2_VERSION,
1576 DTLS1_BAD_VER, DTLS1_2_VERSION,
1577 SSL_HIGH | SSL_FIPS,
1578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1584 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1585 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1591 TLS1_VERSION, TLS1_2_VERSION,
1592 DTLS1_BAD_VER, DTLS1_2_VERSION,
1593 SSL_HIGH | SSL_FIPS,
1594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1600 TLS1_TXT_PSK_WITH_NULL_SHA256,
1601 TLS1_RFC_PSK_WITH_NULL_SHA256,
1602 TLS1_CK_PSK_WITH_NULL_SHA256,
1607 TLS1_VERSION, TLS1_2_VERSION,
1608 DTLS1_BAD_VER, DTLS1_2_VERSION,
1609 SSL_STRONG_NONE | SSL_FIPS,
1610 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1616 TLS1_TXT_PSK_WITH_NULL_SHA384,
1617 TLS1_RFC_PSK_WITH_NULL_SHA384,
1618 TLS1_CK_PSK_WITH_NULL_SHA384,
1623 TLS1_VERSION, TLS1_2_VERSION,
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,
1625 SSL_STRONG_NONE | SSL_FIPS,
1626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1632 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1633 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1648 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_VERSION, TLS1_2_VERSION,
1656 DTLS1_BAD_VER, DTLS1_2_VERSION,
1657 SSL_HIGH | SSL_FIPS,
1658 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1664 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1665 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1680 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1681 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1687 TLS1_VERSION, TLS1_2_VERSION,
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,
1689 SSL_STRONG_NONE | SSL_FIPS,
1690 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1696 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1697 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1703 TLS1_VERSION, TLS1_2_VERSION,
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,
1705 SSL_HIGH | SSL_FIPS,
1706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1712 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1713 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1719 TLS1_VERSION, TLS1_2_VERSION,
1720 DTLS1_BAD_VER, DTLS1_2_VERSION,
1721 SSL_HIGH | SSL_FIPS,
1722 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1728 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1729 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1735 TLS1_VERSION, TLS1_2_VERSION,
1736 DTLS1_BAD_VER, DTLS1_2_VERSION,
1737 SSL_STRONG_NONE | SSL_FIPS,
1738 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1744 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1745 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1751 TLS1_VERSION, TLS1_2_VERSION,
1752 DTLS1_BAD_VER, DTLS1_2_VERSION,
1753 SSL_STRONG_NONE | SSL_FIPS,
1754 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1758 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1761 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1762 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1768 TLS1_VERSION, TLS1_2_VERSION,
1769 DTLS1_BAD_VER, DTLS1_2_VERSION,
1770 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1771 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1778 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1779 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1785 TLS1_VERSION, TLS1_2_VERSION,
1786 DTLS1_BAD_VER, DTLS1_2_VERSION,
1787 SSL_HIGH | SSL_FIPS,
1788 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1794 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1795 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1801 TLS1_VERSION, TLS1_2_VERSION,
1802 DTLS1_BAD_VER, DTLS1_2_VERSION,
1803 SSL_HIGH | SSL_FIPS,
1804 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1810 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1811 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1817 TLS1_VERSION, TLS1_2_VERSION,
1818 DTLS1_BAD_VER, DTLS1_2_VERSION,
1819 SSL_HIGH | SSL_FIPS,
1820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1827 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1833 TLS1_VERSION, TLS1_2_VERSION,
1834 DTLS1_BAD_VER, DTLS1_2_VERSION,
1835 SSL_HIGH | SSL_FIPS,
1836 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1842 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1843 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1849 TLS1_VERSION, TLS1_2_VERSION,
1850 DTLS1_BAD_VER, DTLS1_2_VERSION,
1851 SSL_STRONG_NONE | SSL_FIPS,
1852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1858 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1859 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1865 TLS1_VERSION, TLS1_2_VERSION,
1866 DTLS1_BAD_VER, DTLS1_2_VERSION,
1867 SSL_STRONG_NONE | SSL_FIPS,
1868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1874 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1875 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1881 TLS1_VERSION, TLS1_2_VERSION,
1882 DTLS1_BAD_VER, DTLS1_2_VERSION,
1883 SSL_STRONG_NONE | SSL_FIPS,
1884 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1889 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1892 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1893 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 SSL3_VERSION, TLS1_2_VERSION,
1900 DTLS1_BAD_VER, DTLS1_2_VERSION,
1901 SSL_NOT_DEFAULT | SSL_MEDIUM,
1902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1909 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 SSL3_VERSION, TLS1_2_VERSION,
1916 DTLS1_BAD_VER, DTLS1_2_VERSION,
1917 SSL_NOT_DEFAULT | SSL_MEDIUM,
1918 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1925 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 SSL3_VERSION, TLS1_2_VERSION,
1932 DTLS1_BAD_VER, DTLS1_2_VERSION,
1933 SSL_NOT_DEFAULT | SSL_MEDIUM,
1934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1942 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1943 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 SSL3_VERSION, TLS1_2_VERSION,
1949 DTLS1_BAD_VER, DTLS1_2_VERSION,
1951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1957 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1958 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 SSL3_VERSION, TLS1_2_VERSION,
1965 DTLS1_BAD_VER, DTLS1_2_VERSION,
1967 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1973 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1974 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 SSL3_VERSION, TLS1_2_VERSION,
1981 DTLS1_BAD_VER, DTLS1_2_VERSION,
1982 SSL_NOT_DEFAULT | SSL_HIGH,
1983 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1989 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1990 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1991 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 SSL3_VERSION, TLS1_2_VERSION,
1997 DTLS1_BAD_VER, DTLS1_2_VERSION,
1999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2005 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2006 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 SSL3_VERSION, TLS1_2_VERSION,
2013 DTLS1_BAD_VER, DTLS1_2_VERSION,
2015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2021 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2022 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 SSL3_VERSION, TLS1_2_VERSION,
2029 DTLS1_BAD_VER, DTLS1_2_VERSION,
2030 SSL_NOT_DEFAULT | SSL_HIGH,
2031 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2036 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2039 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2040 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2044 SSL_CHACHA20POLY1305,
2046 TLS1_2_VERSION, TLS1_2_VERSION,
2047 DTLS1_2_VERSION, DTLS1_2_VERSION,
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2055 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2056 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2060 SSL_CHACHA20POLY1305,
2062 TLS1_2_VERSION, TLS1_2_VERSION,
2063 DTLS1_2_VERSION, DTLS1_2_VERSION,
2065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2071 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2072 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2076 SSL_CHACHA20POLY1305,
2078 TLS1_2_VERSION, TLS1_2_VERSION,
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2087 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2088 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2089 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2092 SSL_CHACHA20POLY1305,
2094 TLS1_2_VERSION, TLS1_2_VERSION,
2095 DTLS1_2_VERSION, DTLS1_2_VERSION,
2097 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2103 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2104 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2108 SSL_CHACHA20POLY1305,
2110 TLS1_2_VERSION, TLS1_2_VERSION,
2111 DTLS1_2_VERSION, DTLS1_2_VERSION,
2113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2119 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2120 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2124 SSL_CHACHA20POLY1305,
2126 TLS1_2_VERSION, TLS1_2_VERSION,
2127 DTLS1_2_VERSION, DTLS1_2_VERSION,
2129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2135 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2136 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2140 SSL_CHACHA20POLY1305,
2142 TLS1_2_VERSION, TLS1_2_VERSION,
2143 DTLS1_2_VERSION, DTLS1_2_VERSION,
2145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2150 * !defined(OPENSSL_NO_POLY1305) */
2152 #ifndef OPENSSL_NO_CAMELLIA
2155 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2156 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2157 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2162 TLS1_2_VERSION, TLS1_2_VERSION,
2163 DTLS1_2_VERSION, DTLS1_2_VERSION,
2164 SSL_NOT_DEFAULT | SSL_HIGH,
2165 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2171 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2173 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_NOT_DEFAULT | SSL_HIGH,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2187 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2189 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2194 TLS1_2_VERSION, TLS1_2_VERSION,
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,
2196 SSL_NOT_DEFAULT | SSL_HIGH,
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2203 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2210 TLS1_2_VERSION, TLS1_2_VERSION,
2211 DTLS1_2_VERSION, DTLS1_2_VERSION,
2212 SSL_NOT_DEFAULT | SSL_HIGH,
2213 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2219 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2220 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2221 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2226 TLS1_2_VERSION, TLS1_2_VERSION,
2227 DTLS1_2_VERSION, DTLS1_2_VERSION,
2228 SSL_NOT_DEFAULT | SSL_HIGH,
2229 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2235 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2237 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2242 TLS1_2_VERSION, TLS1_2_VERSION,
2243 DTLS1_2_VERSION, DTLS1_2_VERSION,
2244 SSL_NOT_DEFAULT | SSL_HIGH,
2245 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2251 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2253 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2258 TLS1_2_VERSION, TLS1_2_VERSION,
2259 DTLS1_2_VERSION, DTLS1_2_VERSION,
2260 SSL_NOT_DEFAULT | SSL_HIGH,
2261 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2267 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2274 TLS1_2_VERSION, TLS1_2_VERSION,
2275 DTLS1_2_VERSION, DTLS1_2_VERSION,
2276 SSL_NOT_DEFAULT | SSL_HIGH,
2277 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2283 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2284 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2285 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2290 SSL3_VERSION, TLS1_2_VERSION,
2291 DTLS1_BAD_VER, DTLS1_2_VERSION,
2292 SSL_NOT_DEFAULT | SSL_HIGH,
2293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2299 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2301 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2306 SSL3_VERSION, TLS1_2_VERSION,
2307 DTLS1_BAD_VER, DTLS1_2_VERSION,
2308 SSL_NOT_DEFAULT | SSL_HIGH,
2309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2315 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2317 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2322 SSL3_VERSION, TLS1_2_VERSION,
2323 DTLS1_BAD_VER, DTLS1_2_VERSION,
2324 SSL_NOT_DEFAULT | SSL_HIGH,
2325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2331 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2338 SSL3_VERSION, TLS1_2_VERSION,
2339 DTLS1_BAD_VER, DTLS1_2_VERSION,
2340 SSL_NOT_DEFAULT | SSL_HIGH,
2341 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2347 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2348 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2349 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2354 SSL3_VERSION, TLS1_2_VERSION,
2355 DTLS1_BAD_VER, DTLS1_2_VERSION,
2356 SSL_NOT_DEFAULT | SSL_HIGH,
2357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2363 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2365 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2370 SSL3_VERSION, TLS1_2_VERSION,
2371 DTLS1_BAD_VER, DTLS1_2_VERSION,
2372 SSL_NOT_DEFAULT | SSL_HIGH,
2373 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2379 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2381 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2386 SSL3_VERSION, TLS1_2_VERSION,
2387 DTLS1_BAD_VER, DTLS1_2_VERSION,
2388 SSL_NOT_DEFAULT | SSL_HIGH,
2389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2395 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2402 SSL3_VERSION, TLS1_2_VERSION,
2403 DTLS1_BAD_VER, DTLS1_2_VERSION,
2404 SSL_NOT_DEFAULT | SSL_HIGH,
2405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2411 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2412 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2418 TLS1_2_VERSION, TLS1_2_VERSION,
2419 DTLS1_2_VERSION, DTLS1_2_VERSION,
2420 SSL_NOT_DEFAULT | SSL_HIGH,
2421 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2427 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2428 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2429 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2434 TLS1_2_VERSION, TLS1_2_VERSION,
2435 DTLS1_2_VERSION, DTLS1_2_VERSION,
2436 SSL_NOT_DEFAULT | SSL_HIGH,
2437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2443 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2444 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2445 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2450 TLS1_2_VERSION, TLS1_2_VERSION,
2451 DTLS1_2_VERSION, DTLS1_2_VERSION,
2452 SSL_NOT_DEFAULT | SSL_HIGH,
2453 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2459 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2460 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2461 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2466 TLS1_2_VERSION, TLS1_2_VERSION,
2467 DTLS1_2_VERSION, DTLS1_2_VERSION,
2468 SSL_NOT_DEFAULT | SSL_HIGH,
2469 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2475 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2476 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2482 TLS1_VERSION, TLS1_2_VERSION,
2483 DTLS1_BAD_VER, DTLS1_2_VERSION,
2484 SSL_NOT_DEFAULT | SSL_HIGH,
2485 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2491 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2492 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2498 TLS1_VERSION, TLS1_2_VERSION,
2499 DTLS1_BAD_VER, DTLS1_2_VERSION,
2500 SSL_NOT_DEFAULT | SSL_HIGH,
2501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2507 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2508 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2509 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2514 TLS1_VERSION, TLS1_2_VERSION,
2515 DTLS1_BAD_VER, DTLS1_2_VERSION,
2516 SSL_NOT_DEFAULT | SSL_HIGH,
2517 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2523 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2524 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2525 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2530 TLS1_VERSION, TLS1_2_VERSION,
2531 DTLS1_BAD_VER, DTLS1_2_VERSION,
2532 SSL_NOT_DEFAULT | SSL_HIGH,
2533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2539 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2540 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2541 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2546 TLS1_VERSION, TLS1_2_VERSION,
2547 DTLS1_BAD_VER, DTLS1_2_VERSION,
2548 SSL_NOT_DEFAULT | SSL_HIGH,
2549 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2555 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2556 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2557 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2562 TLS1_VERSION, TLS1_2_VERSION,
2563 DTLS1_BAD_VER, DTLS1_2_VERSION,
2564 SSL_NOT_DEFAULT | SSL_HIGH,
2565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2571 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2572 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2573 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2578 TLS1_VERSION, TLS1_2_VERSION,
2579 DTLS1_BAD_VER, DTLS1_2_VERSION,
2580 SSL_NOT_DEFAULT | SSL_HIGH,
2581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2587 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2588 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2589 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2594 TLS1_VERSION, TLS1_2_VERSION,
2595 DTLS1_BAD_VER, DTLS1_2_VERSION,
2596 SSL_NOT_DEFAULT | SSL_HIGH,
2597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2601 #endif /* OPENSSL_NO_CAMELLIA */
2603 #ifndef OPENSSL_NO_GOST
2606 "GOST2001-GOST89-GOST89",
2607 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2611 SSL_eGOST2814789CNT,
2613 TLS1_VERSION, TLS1_2_VERSION,
2616 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2622 "GOST2001-NULL-GOST94",
2623 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2629 TLS1_VERSION, TLS1_2_VERSION,
2632 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2638 "GOST2012-GOST8912-GOST8912",
2642 SSL_aGOST12 | SSL_aGOST01,
2643 SSL_eGOST2814789CNT12,
2645 TLS1_VERSION, TLS1_2_VERSION,
2648 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2654 "GOST2012-NULL-GOST12",
2658 SSL_aGOST12 | SSL_aGOST01,
2661 TLS1_VERSION, TLS1_2_VERSION,
2664 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2668 #endif /* OPENSSL_NO_GOST */
2670 #ifndef OPENSSL_NO_IDEA
2673 SSL3_TXT_RSA_IDEA_128_SHA,
2674 SSL3_RFC_RSA_IDEA_128_SHA,
2675 SSL3_CK_RSA_IDEA_128_SHA,
2680 SSL3_VERSION, TLS1_1_VERSION,
2681 DTLS1_BAD_VER, DTLS1_VERSION,
2682 SSL_NOT_DEFAULT | SSL_MEDIUM,
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2689 #ifndef OPENSSL_NO_SEED
2692 TLS1_TXT_RSA_WITH_SEED_SHA,
2693 TLS1_RFC_RSA_WITH_SEED_SHA,
2694 TLS1_CK_RSA_WITH_SEED_SHA,
2699 SSL3_VERSION, TLS1_2_VERSION,
2700 DTLS1_BAD_VER, DTLS1_2_VERSION,
2701 SSL_NOT_DEFAULT | SSL_MEDIUM,
2702 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2708 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2709 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2710 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2715 SSL3_VERSION, TLS1_2_VERSION,
2716 DTLS1_BAD_VER, DTLS1_2_VERSION,
2717 SSL_NOT_DEFAULT | SSL_MEDIUM,
2718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2724 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2725 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2726 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2731 SSL3_VERSION, TLS1_2_VERSION,
2732 DTLS1_BAD_VER, DTLS1_2_VERSION,
2733 SSL_NOT_DEFAULT | SSL_MEDIUM,
2734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2740 TLS1_TXT_ADH_WITH_SEED_SHA,
2741 TLS1_RFC_ADH_WITH_SEED_SHA,
2742 TLS1_CK_ADH_WITH_SEED_SHA,
2747 SSL3_VERSION, TLS1_2_VERSION,
2748 DTLS1_BAD_VER, DTLS1_2_VERSION,
2749 SSL_NOT_DEFAULT | SSL_MEDIUM,
2750 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2754 #endif /* OPENSSL_NO_SEED */
2756 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2759 SSL3_TXT_RSA_RC4_128_MD5,
2760 SSL3_RFC_RSA_RC4_128_MD5,
2761 SSL3_CK_RSA_RC4_128_MD5,
2766 SSL3_VERSION, TLS1_2_VERSION,
2768 SSL_NOT_DEFAULT | SSL_MEDIUM,
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2775 SSL3_TXT_RSA_RC4_128_SHA,
2776 SSL3_RFC_RSA_RC4_128_SHA,
2777 SSL3_CK_RSA_RC4_128_SHA,
2782 SSL3_VERSION, TLS1_2_VERSION,
2784 SSL_NOT_DEFAULT | SSL_MEDIUM,
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2791 SSL3_TXT_ADH_RC4_128_MD5,
2792 SSL3_RFC_ADH_RC4_128_MD5,
2793 SSL3_CK_ADH_RC4_128_MD5,
2798 SSL3_VERSION, TLS1_2_VERSION,
2800 SSL_NOT_DEFAULT | SSL_MEDIUM,
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2807 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2808 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2809 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2814 TLS1_VERSION, TLS1_2_VERSION,
2816 SSL_NOT_DEFAULT | SSL_MEDIUM,
2817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2823 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2824 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2825 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2830 TLS1_VERSION, TLS1_2_VERSION,
2832 SSL_NOT_DEFAULT | SSL_MEDIUM,
2833 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2839 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2840 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2841 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2846 TLS1_VERSION, TLS1_2_VERSION,
2848 SSL_NOT_DEFAULT | SSL_MEDIUM,
2849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2855 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2856 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2857 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2862 TLS1_VERSION, TLS1_2_VERSION,
2864 SSL_NOT_DEFAULT | SSL_MEDIUM,
2865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2871 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2872 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2873 TLS1_CK_PSK_WITH_RC4_128_SHA,
2878 SSL3_VERSION, TLS1_2_VERSION,
2880 SSL_NOT_DEFAULT | SSL_MEDIUM,
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2887 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2888 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2889 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2894 SSL3_VERSION, TLS1_2_VERSION,
2896 SSL_NOT_DEFAULT | SSL_MEDIUM,
2897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2903 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2904 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2910 SSL3_VERSION, TLS1_2_VERSION,
2912 SSL_NOT_DEFAULT | SSL_MEDIUM,
2913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2917 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2919 #ifndef OPENSSL_NO_ARIA
2922 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2923 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2924 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2929 TLS1_2_VERSION, TLS1_2_VERSION,
2930 DTLS1_2_VERSION, DTLS1_2_VERSION,
2931 SSL_NOT_DEFAULT | SSL_HIGH,
2932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2938 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2939 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2940 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2945 TLS1_2_VERSION, TLS1_2_VERSION,
2946 DTLS1_2_VERSION, DTLS1_2_VERSION,
2947 SSL_NOT_DEFAULT | SSL_HIGH,
2948 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2954 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2955 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2956 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2961 TLS1_2_VERSION, TLS1_2_VERSION,
2962 DTLS1_2_VERSION, DTLS1_2_VERSION,
2963 SSL_NOT_DEFAULT | SSL_HIGH,
2964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2970 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2971 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2972 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2977 TLS1_2_VERSION, TLS1_2_VERSION,
2978 DTLS1_2_VERSION, DTLS1_2_VERSION,
2979 SSL_NOT_DEFAULT | SSL_HIGH,
2980 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2986 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2987 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2988 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2993 TLS1_2_VERSION, TLS1_2_VERSION,
2994 DTLS1_2_VERSION, DTLS1_2_VERSION,
2995 SSL_NOT_DEFAULT | SSL_HIGH,
2996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3002 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3003 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3004 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3009 TLS1_2_VERSION, TLS1_2_VERSION,
3010 DTLS1_2_VERSION, DTLS1_2_VERSION,
3011 SSL_NOT_DEFAULT | SSL_HIGH,
3012 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3018 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3019 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3025 TLS1_2_VERSION, TLS1_2_VERSION,
3026 DTLS1_2_VERSION, DTLS1_2_VERSION,
3027 SSL_NOT_DEFAULT | SSL_HIGH,
3028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3034 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3035 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3041 TLS1_2_VERSION, TLS1_2_VERSION,
3042 DTLS1_2_VERSION, DTLS1_2_VERSION,
3043 SSL_NOT_DEFAULT | SSL_HIGH,
3044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3050 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3057 TLS1_2_VERSION, TLS1_2_VERSION,
3058 DTLS1_2_VERSION, DTLS1_2_VERSION,
3059 SSL_NOT_DEFAULT | SSL_HIGH,
3060 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3066 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3073 TLS1_2_VERSION, TLS1_2_VERSION,
3074 DTLS1_2_VERSION, DTLS1_2_VERSION,
3075 SSL_NOT_DEFAULT | SSL_HIGH,
3076 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3082 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3083 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3089 TLS1_2_VERSION, TLS1_2_VERSION,
3090 DTLS1_2_VERSION, DTLS1_2_VERSION,
3091 SSL_NOT_DEFAULT | SSL_HIGH,
3092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3098 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3099 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3105 TLS1_2_VERSION, TLS1_2_VERSION,
3106 DTLS1_2_VERSION, DTLS1_2_VERSION,
3107 SSL_NOT_DEFAULT | SSL_HIGH,
3108 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3114 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3115 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3121 TLS1_2_VERSION, TLS1_2_VERSION,
3122 DTLS1_2_VERSION, DTLS1_2_VERSION,
3123 SSL_NOT_DEFAULT | SSL_HIGH,
3124 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3130 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3131 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3137 TLS1_2_VERSION, TLS1_2_VERSION,
3138 DTLS1_2_VERSION, DTLS1_2_VERSION,
3139 SSL_NOT_DEFAULT | SSL_HIGH,
3140 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3146 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3147 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3153 TLS1_2_VERSION, TLS1_2_VERSION,
3154 DTLS1_2_VERSION, DTLS1_2_VERSION,
3155 SSL_NOT_DEFAULT | SSL_HIGH,
3156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3162 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3163 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3169 TLS1_2_VERSION, TLS1_2_VERSION,
3170 DTLS1_2_VERSION, DTLS1_2_VERSION,
3171 SSL_NOT_DEFAULT | SSL_HIGH,
3172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3176 #endif /* OPENSSL_NO_ARIA */
3180 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3181 * values stuffed into the ciphers field of the wire protocol for signalling
3184 static SSL_CIPHER ssl3_scsvs[] = {
3187 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3188 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3190 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3194 "TLS_FALLBACK_SCSV",
3195 "TLS_FALLBACK_SCSV",
3196 SSL3_CK_FALLBACK_SCSV,
3197 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3201 static int cipher_compare(const void *a, const void *b)
3203 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3204 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3206 if (ap->id == bp->id)
3208 return ap->id < bp->id ? -1 : 1;
3211 void ssl_sort_cipher_list(void)
3213 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3215 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3217 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3220 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3221 const char * t, size_t u,
3222 const unsigned char * v, size_t w, int x)
3231 return ssl_undefined_function(ssl);
3234 const SSL3_ENC_METHOD SSLv3_enc_data = {
3237 ssl3_setup_key_block,
3238 ssl3_generate_master_secret,
3239 ssl3_change_cipher_state,
3240 ssl3_final_finish_mac,
3241 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3242 SSL3_MD_SERVER_FINISHED_CONST, 4,
3244 ssl_undefined_function_1,
3246 ssl3_set_handshake_header,
3247 tls_close_construct_packet,
3248 ssl3_handshake_write
3251 long ssl3_default_timeout(void)
3254 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3255 * http, the cache would over fill
3257 return (60 * 60 * 2);
3260 int ssl3_num_ciphers(void)
3262 return SSL3_NUM_CIPHERS;
3265 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3267 if (u < SSL3_NUM_CIPHERS)
3268 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3273 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3275 /* No header in the event of a CCS */
3276 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3279 /* Set the content type and 3 bytes for the message len */
3280 if (!WPACKET_put_bytes_u8(pkt, htype)
3281 || !WPACKET_start_sub_packet_u24(pkt))
3287 int ssl3_handshake_write(SSL *s)
3289 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3292 int ssl3_new(SSL *s)
3296 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3300 #ifndef OPENSSL_NO_SRP
3301 if (!SSL_SRP_CTX_init(s))
3305 if (!s->method->ssl_clear(s))
3313 void ssl3_free(SSL *s)
3315 if (s == NULL || s->s3 == NULL)
3318 ssl3_cleanup_key_block(s);
3320 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3321 EVP_PKEY_free(s->s3->peer_tmp);
3322 s->s3->peer_tmp = NULL;
3323 EVP_PKEY_free(s->s3->tmp.pkey);
3324 s->s3->tmp.pkey = NULL;
3327 OPENSSL_free(s->s3->tmp.ctype);
3328 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3329 OPENSSL_free(s->s3->tmp.ciphers_raw);
3330 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3331 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3332 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3333 ssl3_free_digest_list(s);
3334 OPENSSL_free(s->s3->alpn_selected);
3335 OPENSSL_free(s->s3->alpn_proposed);
3337 #ifndef OPENSSL_NO_SRP
3338 SSL_SRP_CTX_free(s);
3340 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3344 int ssl3_clear(SSL *s)
3346 ssl3_cleanup_key_block(s);
3347 OPENSSL_free(s->s3->tmp.ctype);
3348 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3349 OPENSSL_free(s->s3->tmp.ciphers_raw);
3350 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3351 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3352 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3354 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3355 EVP_PKEY_free(s->s3->tmp.pkey);
3356 EVP_PKEY_free(s->s3->peer_tmp);
3357 #endif /* !OPENSSL_NO_EC */
3359 ssl3_free_digest_list(s);
3361 OPENSSL_free(s->s3->alpn_selected);
3362 OPENSSL_free(s->s3->alpn_proposed);
3364 /* NULL/zero-out everything in the s3 struct */
3365 memset(s->s3, 0, sizeof(*s->s3));
3367 if (!ssl_free_wbio_buffer(s))
3370 s->version = SSL3_VERSION;
3372 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3373 OPENSSL_free(s->ext.npn);
3381 #ifndef OPENSSL_NO_SRP
3382 static char *srp_password_from_info_cb(SSL *s, void *arg)
3384 return OPENSSL_strdup(s->srp_ctx.info);
3388 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3390 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3395 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3397 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3398 ret = s->s3->num_renegotiations;
3400 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3401 ret = s->s3->num_renegotiations;
3402 s->s3->num_renegotiations = 0;
3404 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3405 ret = s->s3->total_renegotiations;
3407 case SSL_CTRL_GET_FLAGS:
3408 ret = (int)(s->s3->flags);
3410 #ifndef OPENSSL_NO_DH
3411 case SSL_CTRL_SET_TMP_DH:
3413 DH *dh = (DH *)parg;
3414 EVP_PKEY *pkdh = NULL;
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3419 pkdh = ssl_dh_to_pkey(dh);
3421 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3424 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3425 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3426 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3427 EVP_PKEY_free(pkdh);
3430 EVP_PKEY_free(s->cert->dh_tmp);
3431 s->cert->dh_tmp = pkdh;
3435 case SSL_CTRL_SET_TMP_DH_CB:
3437 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3440 case SSL_CTRL_SET_DH_AUTO:
3441 s->cert->dh_tmp_auto = larg;
3444 #ifndef OPENSSL_NO_EC
3445 case SSL_CTRL_SET_TMP_ECDH:
3447 const EC_GROUP *group = NULL;
3451 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3454 group = EC_KEY_get0_group((const EC_KEY *)parg);
3455 if (group == NULL) {
3456 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3459 nid = EC_GROUP_get_curve_name(group);
3460 if (nid == NID_undef)
3462 return tls1_set_groups(&s->ext.supportedgroups,
3463 &s->ext.supportedgroups_len,
3467 #endif /* !OPENSSL_NO_EC */
3468 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3469 if (larg == TLSEXT_NAMETYPE_host_name) {
3472 OPENSSL_free(s->ext.hostname);
3473 s->ext.hostname = NULL;
3478 len = strlen((char *)parg);
3479 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3480 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3483 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3484 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3488 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3492 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3493 s->ext.debug_arg = parg;
3497 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3498 ret = s->ext.status_type;
3501 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3502 s->ext.status_type = larg;
3506 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3507 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3511 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3512 s->ext.ocsp.exts = parg;
3516 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3517 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3521 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3522 s->ext.ocsp.ids = parg;
3526 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3527 *(unsigned char **)parg = s->ext.ocsp.resp;
3528 if (s->ext.ocsp.resp_len == 0
3529 || s->ext.ocsp.resp_len > LONG_MAX)
3531 return (long)s->ext.ocsp.resp_len;
3533 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3534 OPENSSL_free(s->ext.ocsp.resp);
3535 s->ext.ocsp.resp = parg;
3536 s->ext.ocsp.resp_len = larg;
3540 #ifndef OPENSSL_NO_HEARTBEATS
3541 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3542 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3543 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3547 case SSL_CTRL_CHAIN:
3549 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3551 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3553 case SSL_CTRL_CHAIN_CERT:
3555 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3557 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3559 case SSL_CTRL_GET_CHAIN_CERTS:
3560 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3563 case SSL_CTRL_SELECT_CURRENT_CERT:
3564 return ssl_cert_select_current(s->cert, (X509 *)parg);
3566 case SSL_CTRL_SET_CURRENT_CERT:
3567 if (larg == SSL_CERT_SET_SERVER) {
3568 const SSL_CIPHER *cipher;
3571 cipher = s->s3->tmp.new_cipher;
3575 * No certificate for unauthenticated ciphersuites or using SRP
3578 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3580 if (s->s3->tmp.cert == NULL)
3582 s->cert->key = s->s3->tmp.cert;
3585 return ssl_cert_set_current(s->cert, larg);
3587 #ifndef OPENSSL_NO_EC
3588 case SSL_CTRL_GET_GROUPS:
3595 clist = s->session->ext.supportedgroups;
3596 clistlen = s->session->ext.supportedgroups_len;
3601 for (i = 0; i < clistlen; i++) {
3602 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3605 cptr[i] = cinf->nid;
3607 cptr[i] = TLSEXT_nid_unknown | clist[i];
3610 return (int)clistlen;
3613 case SSL_CTRL_SET_GROUPS:
3614 return tls1_set_groups(&s->ext.supportedgroups,
3615 &s->ext.supportedgroups_len, parg, larg);
3617 case SSL_CTRL_SET_GROUPS_LIST:
3618 return tls1_set_groups_list(&s->ext.supportedgroups,
3619 &s->ext.supportedgroups_len, parg);
3621 case SSL_CTRL_GET_SHARED_GROUP:
3623 uint16_t id = tls1_shared_group(s, larg);
3626 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3628 return ginf == NULL ? 0 : ginf->nid;
3633 case SSL_CTRL_SET_SIGALGS:
3634 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3636 case SSL_CTRL_SET_SIGALGS_LIST:
3637 return tls1_set_sigalgs_list(s->cert, parg, 0);
3639 case SSL_CTRL_SET_CLIENT_SIGALGS:
3640 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3642 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3643 return tls1_set_sigalgs_list(s->cert, parg, 1);
3645 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3647 const unsigned char **pctype = parg;
3648 if (s->server || !s->s3->tmp.cert_req)
3651 *pctype = s->s3->tmp.ctype;
3652 return s->s3->tmp.ctype_len;
3655 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3658 return ssl3_set_req_cert_type(s->cert, parg, larg);
3660 case SSL_CTRL_BUILD_CERT_CHAIN:
3661 return ssl_build_cert_chain(s, NULL, larg);
3663 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3664 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3666 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3667 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3669 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3670 if (s->s3->tmp.peer_sigalg == NULL)
3672 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3675 case SSL_CTRL_GET_SERVER_TMP_KEY:
3676 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3677 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3680 EVP_PKEY_up_ref(s->s3->peer_tmp);
3681 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3687 #ifndef OPENSSL_NO_EC
3688 case SSL_CTRL_GET_EC_POINT_FORMATS:
3690 SSL_SESSION *sess = s->session;
3691 const unsigned char **pformat = parg;
3693 if (sess == NULL || sess->ext.ecpointformats == NULL)
3695 *pformat = sess->ext.ecpointformats;
3696 return (int)sess->ext.ecpointformats_len;
3706 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3711 #ifndef OPENSSL_NO_DH
3712 case SSL_CTRL_SET_TMP_DH_CB:
3714 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3718 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3719 s->ext.debug_cb = (void (*)(SSL *, int, int,
3720 const unsigned char *, int, void *))fp;
3723 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3725 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3734 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3737 #ifndef OPENSSL_NO_DH
3738 case SSL_CTRL_SET_TMP_DH:
3740 DH *dh = (DH *)parg;
3741 EVP_PKEY *pkdh = NULL;
3743 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3746 pkdh = ssl_dh_to_pkey(dh);
3748 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3751 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3752 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3753 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3754 EVP_PKEY_free(pkdh);
3757 EVP_PKEY_free(ctx->cert->dh_tmp);
3758 ctx->cert->dh_tmp = pkdh;
3761 case SSL_CTRL_SET_TMP_DH_CB:
3763 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3766 case SSL_CTRL_SET_DH_AUTO:
3767 ctx->cert->dh_tmp_auto = larg;
3770 #ifndef OPENSSL_NO_EC
3771 case SSL_CTRL_SET_TMP_ECDH:
3773 const EC_GROUP *group = NULL;
3777 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3780 group = EC_KEY_get0_group((const EC_KEY *)parg);
3781 if (group == NULL) {
3782 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3785 nid = EC_GROUP_get_curve_name(group);
3786 if (nid == NID_undef)
3788 return tls1_set_groups(&ctx->ext.supportedgroups,
3789 &ctx->ext.supportedgroups_len,
3792 #endif /* !OPENSSL_NO_EC */
3793 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3794 ctx->ext.servername_arg = parg;
3796 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3797 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3799 unsigned char *keys = parg;
3800 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3801 sizeof(ctx->ext.secure->tick_hmac_key) +
3802 sizeof(ctx->ext.secure->tick_aes_key));
3805 if (larg != tick_keylen) {
3806 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3809 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3810 memcpy(ctx->ext.tick_key_name, keys,
3811 sizeof(ctx->ext.tick_key_name));
3812 memcpy(ctx->ext.secure->tick_hmac_key,
3813 keys + sizeof(ctx->ext.tick_key_name),
3814 sizeof(ctx->ext.secure->tick_hmac_key));
3815 memcpy(ctx->ext.secure->tick_aes_key,
3816 keys + sizeof(ctx->ext.tick_key_name) +
3817 sizeof(ctx->ext.secure->tick_hmac_key),
3818 sizeof(ctx->ext.secure->tick_aes_key));
3820 memcpy(keys, ctx->ext.tick_key_name,
3821 sizeof(ctx->ext.tick_key_name));
3822 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3823 ctx->ext.secure->tick_hmac_key,
3824 sizeof(ctx->ext.secure->tick_hmac_key));
3825 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3826 sizeof(ctx->ext.secure->tick_hmac_key),
3827 ctx->ext.secure->tick_aes_key,
3828 sizeof(ctx->ext.secure->tick_aes_key));
3833 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3834 return ctx->ext.status_type;
3836 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3837 ctx->ext.status_type = larg;
3840 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3841 ctx->ext.status_arg = parg;
3844 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3845 *(void**)parg = ctx->ext.status_arg;
3848 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3849 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3852 #ifndef OPENSSL_NO_SRP
3853 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3854 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3855 OPENSSL_free(ctx->srp_ctx.login);
3856 ctx->srp_ctx.login = NULL;
3859 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3860 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3863 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3864 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3868 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3869 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3870 srp_password_from_info_cb;
3871 if (ctx->srp_ctx.info != NULL)
3872 OPENSSL_free(ctx->srp_ctx.info);
3873 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3874 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3878 case SSL_CTRL_SET_SRP_ARG:
3879 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3880 ctx->srp_ctx.SRP_cb_arg = parg;
3883 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3884 ctx->srp_ctx.strength = larg;
3888 #ifndef OPENSSL_NO_EC
3889 case SSL_CTRL_SET_GROUPS:
3890 return tls1_set_groups(&ctx->ext.supportedgroups,
3891 &ctx->ext.supportedgroups_len,
3894 case SSL_CTRL_SET_GROUPS_LIST:
3895 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3896 &ctx->ext.supportedgroups_len,
3899 case SSL_CTRL_SET_SIGALGS:
3900 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3902 case SSL_CTRL_SET_SIGALGS_LIST:
3903 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3905 case SSL_CTRL_SET_CLIENT_SIGALGS:
3906 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3908 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3909 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3911 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3912 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3914 case SSL_CTRL_BUILD_CERT_CHAIN:
3915 return ssl_build_cert_chain(NULL, ctx, larg);
3917 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3918 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3920 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3921 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3923 /* A Thawte special :-) */
3924 case SSL_CTRL_EXTRA_CHAIN_CERT:
3925 if (ctx->extra_certs == NULL) {
3926 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3927 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3931 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3932 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3937 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3938 if (ctx->extra_certs == NULL && larg == 0)
3939 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3941 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3944 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3945 sk_X509_pop_free(ctx->extra_certs, X509_free);
3946 ctx->extra_certs = NULL;
3949 case SSL_CTRL_CHAIN:
3951 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3953 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3955 case SSL_CTRL_CHAIN_CERT:
3957 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3959 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3961 case SSL_CTRL_GET_CHAIN_CERTS:
3962 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3965 case SSL_CTRL_SELECT_CURRENT_CERT:
3966 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3968 case SSL_CTRL_SET_CURRENT_CERT:
3969 return ssl_cert_set_current(ctx->cert, larg);
3977 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3980 #ifndef OPENSSL_NO_DH
3981 case SSL_CTRL_SET_TMP_DH_CB:
3983 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3987 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3988 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3991 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3992 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3995 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3996 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3999 HMAC_CTX *, int))fp;
4002 #ifndef OPENSSL_NO_SRP
4003 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4004 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4005 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4007 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4008 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4009 ctx->srp_ctx.TLS_ext_srp_username_callback =
4010 (int (*)(SSL *, int *, void *))fp;
4012 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4013 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4014 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4015 (char *(*)(SSL *, void *))fp;
4018 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4020 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4029 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4032 const SSL_CIPHER *cp;
4035 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4038 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4041 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4044 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4046 SSL_CIPHER *c = NULL, *tbl;
4047 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
4048 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
4050 /* this is not efficient, necessary to optimize this? */
4051 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4052 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4053 if (tbl->stdname == NULL)
4055 if (strcmp(stdname, tbl->stdname) == 0) {
4063 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4064 if (strcmp(stdname, tbl->stdname) == 0) {
4074 * This function needs to check if the ciphers required are actually
4077 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4079 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4080 | ((uint32_t)p[0] << 8L)
4084 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4086 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4091 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4099 * ssl3_choose_cipher - choose a cipher from those offered by the client
4100 * @s: SSL connection
4101 * @clnt: ciphers offered by the client
4102 * @srvr: ciphers enabled on the server?
4104 * Returns the selected cipher or NULL when no common ciphers.
4106 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4107 STACK_OF(SSL_CIPHER) *srvr)
4109 const SSL_CIPHER *c, *ret = NULL;
4110 STACK_OF(SSL_CIPHER) *prio, *allow;
4111 int i, ii, ok, prefer_sha256 = 0;
4112 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4113 const EVP_MD *mdsha256 = EVP_sha256();
4114 #ifndef OPENSSL_NO_CHACHA
4115 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4118 /* Let's see which ciphers we can support */
4121 * Do not set the compare functions, because this may lead to a
4122 * reordering by "id". We want to keep the original ordering. We may pay
4123 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4124 * pay with the price of sk_SSL_CIPHER_dup().
4128 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4130 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4131 c = sk_SSL_CIPHER_value(srvr, i);
4132 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4134 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4136 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4137 c = sk_SSL_CIPHER_value(clnt, i);
4138 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4142 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4143 if (tls1_suiteb(s)) {
4146 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4149 #ifndef OPENSSL_NO_CHACHA
4150 /* If ChaCha20 is at the top of the client preference list,
4151 and there are ChaCha20 ciphers in the server list, then
4152 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4153 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4154 c = sk_SSL_CIPHER_value(clnt, 0);
4155 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4156 /* ChaCha20 is client preferred, check server... */
4157 int num = sk_SSL_CIPHER_num(srvr);
4159 for (i = 0; i < num; i++) {
4160 c = sk_SSL_CIPHER_value(srvr, i);
4161 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4167 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4168 /* if reserve fails, then there's likely a memory issue */
4169 if (prio_chacha != NULL) {
4170 /* Put all ChaCha20 at the top, starting with the one we just found */
4171 sk_SSL_CIPHER_push(prio_chacha, c);
4172 for (i++; i < num; i++) {
4173 c = sk_SSL_CIPHER_value(srvr, i);
4174 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4175 sk_SSL_CIPHER_push(prio_chacha, c);
4177 /* Pull in the rest */
4178 for (i = 0; i < num; i++) {
4179 c = sk_SSL_CIPHER_value(srvr, i);
4180 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4181 sk_SSL_CIPHER_push(prio_chacha, c);
4194 if (SSL_IS_TLS13(s)) {
4195 #ifndef OPENSSL_NO_PSK
4199 * If we allow "old" style PSK callbacks, and we have no certificate (so
4200 * we're not going to succeed without a PSK anyway), and we're in
4201 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4202 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4205 if (s->psk_server_callback != NULL) {
4206 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4207 if (j == SSL_PKEY_NUM) {
4208 /* There are no certificates */
4214 tls1_set_cert_validity(s);
4218 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4219 c = sk_SSL_CIPHER_value(prio, i);
4221 /* Skip ciphers not supported by the protocol version */
4222 if (!SSL_IS_DTLS(s) &&
4223 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4225 if (SSL_IS_DTLS(s) &&
4226 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4227 DTLS_VERSION_GT(s->version, c->max_dtls)))
4231 * Since TLS 1.3 ciphersuites can be used with any auth or
4232 * key exchange scheme skip tests.
4234 if (!SSL_IS_TLS13(s)) {
4235 mask_k = s->s3->tmp.mask_k;
4236 mask_a = s->s3->tmp.mask_a;
4237 #ifndef OPENSSL_NO_SRP
4238 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4244 alg_k = c->algorithm_mkey;
4245 alg_a = c->algorithm_auth;
4247 #ifndef OPENSSL_NO_PSK
4248 /* with PSK there must be server callback set */
4249 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4251 #endif /* OPENSSL_NO_PSK */
4253 ok = (alg_k & mask_k) && (alg_a & mask_a);
4255 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4256 alg_a, mask_k, mask_a, (void *)c, c->name);
4259 #ifndef OPENSSL_NO_EC
4261 * if we are considering an ECC cipher suite that uses an ephemeral
4264 if (alg_k & SSL_kECDHE)
4265 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4266 #endif /* OPENSSL_NO_EC */
4271 ii = sk_SSL_CIPHER_find(allow, c);
4273 /* Check security callback permits this cipher */
4274 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4275 c->strength_bits, 0, (void *)c))
4277 #if !defined(OPENSSL_NO_EC)
4278 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4279 && s->s3->is_probably_safari) {
4281 ret = sk_SSL_CIPHER_value(allow, ii);
4285 if (prefer_sha256) {
4286 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4288 if (ssl_md(tmp->algorithm2) == mdsha256) {
4296 ret = sk_SSL_CIPHER_value(allow, ii);
4300 #ifndef OPENSSL_NO_CHACHA
4301 sk_SSL_CIPHER_free(prio_chacha);
4306 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4308 uint32_t alg_k, alg_a = 0;
4310 /* If we have custom certificate types set, use them */
4312 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4313 /* Get mask of algorithms disabled by signature list */
4314 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4316 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4318 #ifndef OPENSSL_NO_GOST
4319 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4320 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4321 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4322 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4325 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4326 #ifndef OPENSSL_NO_DH
4327 # ifndef OPENSSL_NO_RSA
4328 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4331 # ifndef OPENSSL_NO_DSA
4332 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4335 #endif /* !OPENSSL_NO_DH */
4337 #ifndef OPENSSL_NO_RSA
4338 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4341 #ifndef OPENSSL_NO_DSA
4342 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4345 #ifndef OPENSSL_NO_EC
4347 * ECDSA certs can be used with RSA cipher suites too so we don't
4348 * need to check for SSL_kECDH or SSL_kECDHE
4350 if (s->version >= TLS1_VERSION
4351 && !(alg_a & SSL_aECDSA)
4352 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4358 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4360 OPENSSL_free(c->ctype);
4363 if (p == NULL || len == 0)
4367 c->ctype = OPENSSL_memdup(p, len);
4368 if (c->ctype == NULL)
4374 int ssl3_shutdown(SSL *s)
4379 * Don't do anything much if we have not done the handshake or we don't
4380 * want to send messages :-)
4382 if (s->quiet_shutdown || SSL_in_before(s)) {
4383 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4387 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4388 s->shutdown |= SSL_SENT_SHUTDOWN;
4389 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4391 * our shutdown alert has been sent now, and if it still needs to be
4392 * written, s->s3->alert_dispatch will be true
4394 if (s->s3->alert_dispatch)
4395 return -1; /* return WANT_WRITE */
4396 } else if (s->s3->alert_dispatch) {
4397 /* resend it if not sent */
4398 ret = s->method->ssl_dispatch_alert(s);
4401 * we only get to return -1 here the 2nd/Nth invocation, we must
4402 * have already signalled return 0 upon a previous invocation,
4407 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4410 * If we are waiting for a close from our peer, we are closed
4412 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4413 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4414 return -1; /* return WANT_READ */
4418 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4419 !s->s3->alert_dispatch)
4425 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4428 if (s->s3->renegotiate)
4429 ssl3_renegotiate_check(s, 0);
4431 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4435 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4441 if (s->s3->renegotiate)
4442 ssl3_renegotiate_check(s, 0);
4443 s->s3->in_read_app_data = 1;
4445 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4447 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4449 * ssl3_read_bytes decided to call s->handshake_func, which called
4450 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4451 * actually found application data and thinks that application data
4452 * makes sense here; so disable handshake processing and try to read
4453 * application data again.
4455 ossl_statem_set_in_handshake(s, 1);
4457 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4458 len, peek, readbytes);
4459 ossl_statem_set_in_handshake(s, 0);
4461 s->s3->in_read_app_data = 0;
4466 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4468 return ssl3_read_internal(s, buf, len, 0, readbytes);
4471 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4473 return ssl3_read_internal(s, buf, len, 1, readbytes);
4476 int ssl3_renegotiate(SSL *s)
4478 if (s->handshake_func == NULL)
4481 s->s3->renegotiate = 1;
4486 * Check if we are waiting to do a renegotiation and if so whether now is a
4487 * good time to do it. If |initok| is true then we are being called from inside
4488 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4489 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4490 * should do a renegotiation now and sets up the state machine for it. Otherwise
4493 int ssl3_renegotiate_check(SSL *s, int initok)
4497 if (s->s3->renegotiate) {
4498 if (!RECORD_LAYER_read_pending(&s->rlayer)
4499 && !RECORD_LAYER_write_pending(&s->rlayer)
4500 && (initok || !SSL_in_init(s))) {
4502 * if we are the server, and we have sent a 'RENEGOTIATE'
4503 * message, we need to set the state machine into the renegotiate
4506 ossl_statem_set_renegotiate(s);
4507 s->s3->renegotiate = 0;
4508 s->s3->num_renegotiations++;
4509 s->s3->total_renegotiations++;
4517 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4518 * handshake macs if required.
4520 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4522 long ssl_get_algorithm2(SSL *s)
4525 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4527 alg2 = s->s3->tmp.new_cipher->algorithm2;
4528 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4529 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4530 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4531 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4532 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4533 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4539 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4540 * failure, 1 on success.
4542 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4545 int send_time = 0, ret;
4550 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4552 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4554 unsigned long Time = (unsigned long)time(NULL);
4555 unsigned char *p = result;
4558 ret = RAND_bytes(p, len - 4);
4560 ret = RAND_bytes(result, len);
4562 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4564 if (!ossl_assert(sizeof(tls11downgrade) < len)
4565 || !ossl_assert(sizeof(tls12downgrade) < len))
4567 if (dgrd == DOWNGRADE_TO_1_2)
4568 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4569 sizeof(tls12downgrade));
4570 else if (dgrd == DOWNGRADE_TO_1_1)
4571 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4572 sizeof(tls11downgrade));
4578 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4581 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4584 if (alg_k & SSL_PSK) {
4585 #ifndef OPENSSL_NO_PSK
4586 unsigned char *pskpms, *t;
4587 size_t psklen = s->s3->tmp.psklen;
4590 /* create PSK premaster_secret */
4592 /* For plain PSK "other_secret" is psklen zeroes */
4593 if (alg_k & SSL_kPSK)
4596 pskpmslen = 4 + pmslen + psklen;
4597 pskpms = OPENSSL_malloc(pskpmslen);
4602 if (alg_k & SSL_kPSK)
4603 memset(t, 0, pmslen);
4605 memcpy(t, pms, pmslen);
4608 memcpy(t, s->s3->tmp.psk, psklen);
4610 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4611 s->s3->tmp.psk = NULL;
4612 if (!s->method->ssl3_enc->generate_master_secret(s,
4613 s->session->master_key,pskpms, pskpmslen,
4614 &s->session->master_key_length)) {
4615 /* SSLfatal() already called */
4618 OPENSSL_clear_free(pskpms, pskpmslen);
4620 /* Should never happen */
4624 if (!s->method->ssl3_enc->generate_master_secret(s,
4625 s->session->master_key, pms, pmslen,
4626 &s->session->master_key_length)) {
4627 /* SSLfatal() already called */
4636 OPENSSL_clear_free(pms, pmslen);
4638 OPENSSL_cleanse(pms, pmslen);
4641 s->s3->tmp.pms = NULL;
4645 /* Generate a private key from parameters */
4646 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4648 EVP_PKEY_CTX *pctx = NULL;
4649 EVP_PKEY *pkey = NULL;
4653 pctx = EVP_PKEY_CTX_new(pm, NULL);
4656 if (EVP_PKEY_keygen_init(pctx) <= 0)
4658 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4659 EVP_PKEY_free(pkey);
4664 EVP_PKEY_CTX_free(pctx);
4667 #ifndef OPENSSL_NO_EC
4668 /* Generate a private key from a group ID */
4669 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4671 EVP_PKEY_CTX *pctx = NULL;
4672 EVP_PKEY *pkey = NULL;
4673 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4677 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4678 ERR_R_INTERNAL_ERROR);
4681 gtype = ginf->flags & TLS_CURVE_TYPE;
4682 if (gtype == TLS_CURVE_CUSTOM)
4683 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4685 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4687 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4688 ERR_R_MALLOC_FAILURE);
4691 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4692 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4696 if (gtype != TLS_CURVE_CUSTOM
4697 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4698 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4702 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4703 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4705 EVP_PKEY_free(pkey);
4710 EVP_PKEY_CTX_free(pctx);
4715 * Generate parameters from a group ID
4717 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4719 EVP_PKEY_CTX *pctx = NULL;
4720 EVP_PKEY *pkey = NULL;
4721 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4726 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4727 pkey = EVP_PKEY_new();
4728 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4730 EVP_PKEY_free(pkey);
4734 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4737 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4739 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4741 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4742 EVP_PKEY_free(pkey);
4747 EVP_PKEY_CTX_free(pctx);
4752 /* Derive secrets for ECDH/DH */
4753 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4756 unsigned char *pms = NULL;
4760 if (privkey == NULL || pubkey == NULL) {
4761 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4762 ERR_R_INTERNAL_ERROR);
4766 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4768 if (EVP_PKEY_derive_init(pctx) <= 0
4769 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4770 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4771 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4772 ERR_R_INTERNAL_ERROR);
4776 pms = OPENSSL_malloc(pmslen);
4778 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4779 ERR_R_MALLOC_FAILURE);
4783 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4784 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4785 ERR_R_INTERNAL_ERROR);
4790 /* SSLfatal() called as appropriate in the below functions */
4791 if (SSL_IS_TLS13(s)) {
4793 * If we are resuming then we already generated the early secret
4794 * when we created the ClientHello, so don't recreate it.
4797 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4799 (unsigned char *)&s->early_secret);
4803 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4805 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4808 /* Save premaster secret */
4809 s->s3->tmp.pms = pms;
4810 s->s3->tmp.pmslen = pmslen;
4816 OPENSSL_clear_free(pms, pmslen);
4817 EVP_PKEY_CTX_free(pctx);
4821 #ifndef OPENSSL_NO_DH
4822 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4827 ret = EVP_PKEY_new();
4828 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {