2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28 const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 * The list of available ciphers, mostly organized into the following
38 * SRP (within that: RSA EC PSK)
39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
42 static SSL_CIPHER ssl3_ciphers[] = {
45 SSL3_TXT_RSA_NULL_MD5,
46 SSL3_RFC_RSA_NULL_MD5,
52 SSL3_VERSION, TLS1_2_VERSION,
53 DTLS1_BAD_VER, DTLS1_2_VERSION,
55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
61 SSL3_TXT_RSA_NULL_SHA,
62 SSL3_RFC_RSA_NULL_SHA,
68 SSL3_VERSION, TLS1_2_VERSION,
69 DTLS1_BAD_VER, DTLS1_2_VERSION,
70 SSL_STRONG_NONE | SSL_FIPS,
71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 SSL3_CK_RSA_DES_192_CBC3_SHA,
85 SSL3_VERSION, TLS1_2_VERSION,
86 DTLS1_BAD_VER, DTLS1_2_VERSION,
87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
101 SSL3_VERSION, TLS1_2_VERSION,
102 DTLS1_BAD_VER, DTLS1_2_VERSION,
103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
117 SSL3_VERSION, TLS1_2_VERSION,
118 DTLS1_BAD_VER, DTLS1_2_VERSION,
119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
127 SSL3_RFC_ADH_DES_192_CBC_SHA,
128 SSL3_CK_ADH_DES_192_CBC_SHA,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
144 TLS1_RFC_RSA_WITH_AES_128_SHA,
145 TLS1_CK_RSA_WITH_AES_128_SHA,
150 SSL3_VERSION, TLS1_2_VERSION,
151 DTLS1_BAD_VER, DTLS1_2_VERSION,
153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
166 SSL3_VERSION, TLS1_2_VERSION,
167 DTLS1_BAD_VER, DTLS1_2_VERSION,
168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
192 TLS1_RFC_ADH_WITH_AES_128_SHA,
193 TLS1_CK_ADH_WITH_AES_128_SHA,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
208 TLS1_RFC_RSA_WITH_AES_256_SHA,
209 TLS1_CK_RSA_WITH_AES_256_SHA,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
256 TLS1_RFC_ADH_WITH_AES_256_SHA,
257 TLS1_CK_ADH_WITH_AES_256_SHA,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
272 TLS1_RFC_RSA_WITH_NULL_SHA256,
273 TLS1_CK_RSA_WITH_NULL_SHA256,
278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
280 SSL_STRONG_NONE | SSL_FIPS,
281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 TLS1_CK_RSA_WITH_AES_128_SHA256,
294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 TLS1_CK_RSA_WITH_AES_256_SHA256,
310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 TLS1_CK_ADH_WITH_AES_256_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
543 TLS1_TXT_RSA_WITH_AES_128_CCM,
544 TLS1_RFC_RSA_WITH_AES_128_CCM,
545 TLS1_CK_RSA_WITH_AES_128_CCM,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
559 TLS1_TXT_RSA_WITH_AES_256_CCM,
560 TLS1_RFC_RSA_WITH_AES_256_CCM,
561 TLS1_CK_RSA_WITH_AES_256_CCM,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 TLS1_TXT_PSK_WITH_AES_128_CCM,
672 TLS1_RFC_PSK_WITH_AES_128_CCM,
673 TLS1_CK_PSK_WITH_AES_128_CCM,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 TLS1_TXT_PSK_WITH_AES_256_CCM,
688 TLS1_RFC_PSK_WITH_AES_256_CCM,
689 TLS1_CK_PSK_WITH_AES_256_CCM,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
808 SSL_NOT_DEFAULT | SSL_HIGH,
809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
864 TLS1_3_RFC_AES_128_GCM_SHA256,
865 TLS1_3_CK_AES_128_GCM_SHA256,
869 TLS1_3_VERSION, TLS1_3_VERSION,
873 SSL_HANDSHAKE_MAC_SHA256,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
880 TLS1_3_RFC_AES_256_GCM_SHA384,
881 TLS1_3_CK_AES_256_GCM_SHA384,
886 TLS1_3_VERSION, TLS1_3_VERSION,
889 SSL_HANDSHAKE_MAC_SHA384,
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 SSL_CHACHA20POLY1305,
903 TLS1_3_VERSION, TLS1_3_VERSION,
906 SSL_HANDSHAKE_MAC_SHA256,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
914 TLS1_3_RFC_AES_128_CCM_SHA256,
915 TLS1_3_CK_AES_128_CCM_SHA256,
920 TLS1_3_VERSION, TLS1_3_VERSION,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 TLS1_3_CK_AES_128_CCM_8_SHA256,
936 TLS1_3_VERSION, TLS1_3_VERSION,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
944 #ifndef OPENSSL_NO_EC
947 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
948 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
954 TLS1_VERSION, TLS1_2_VERSION,
955 DTLS1_BAD_VER, DTLS1_2_VERSION,
956 SSL_STRONG_NONE | SSL_FIPS,
957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
961 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
964 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
971 TLS1_VERSION, TLS1_2_VERSION,
972 DTLS1_BAD_VER, DTLS1_2_VERSION,
973 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
981 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
988 TLS1_VERSION, TLS1_2_VERSION,
989 DTLS1_BAD_VER, DTLS1_2_VERSION,
991 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
997 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1004 TLS1_VERSION, TLS1_2_VERSION,
1005 DTLS1_BAD_VER, DTLS1_2_VERSION,
1006 SSL_HIGH | SSL_FIPS,
1007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1013 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1014 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1020 TLS1_VERSION, TLS1_2_VERSION,
1021 DTLS1_BAD_VER, DTLS1_2_VERSION,
1022 SSL_STRONG_NONE | SSL_FIPS,
1023 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1027 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1030 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1037 TLS1_VERSION, TLS1_2_VERSION,
1038 DTLS1_BAD_VER, DTLS1_2_VERSION,
1039 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1040 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1047 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1054 TLS1_VERSION, TLS1_2_VERSION,
1055 DTLS1_BAD_VER, DTLS1_2_VERSION,
1056 SSL_HIGH | SSL_FIPS,
1057 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1063 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1070 TLS1_VERSION, TLS1_2_VERSION,
1071 DTLS1_BAD_VER, DTLS1_2_VERSION,
1072 SSL_HIGH | SSL_FIPS,
1073 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1079 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1080 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1086 TLS1_VERSION, TLS1_2_VERSION,
1087 DTLS1_BAD_VER, DTLS1_2_VERSION,
1088 SSL_STRONG_NONE | SSL_FIPS,
1089 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1093 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1096 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1103 TLS1_VERSION, TLS1_2_VERSION,
1104 DTLS1_BAD_VER, DTLS1_2_VERSION,
1105 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1106 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1113 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1114 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1120 TLS1_VERSION, TLS1_2_VERSION,
1121 DTLS1_BAD_VER, DTLS1_2_VERSION,
1122 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1123 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1129 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1130 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1136 TLS1_VERSION, TLS1_2_VERSION,
1137 DTLS1_BAD_VER, DTLS1_2_VERSION,
1138 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1139 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1145 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1152 TLS1_2_VERSION, TLS1_2_VERSION,
1153 DTLS1_2_VERSION, DTLS1_2_VERSION,
1154 SSL_HIGH | SSL_FIPS,
1155 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1161 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1168 TLS1_2_VERSION, TLS1_2_VERSION,
1169 DTLS1_2_VERSION, DTLS1_2_VERSION,
1170 SSL_HIGH | SSL_FIPS,
1171 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1177 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1178 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1184 TLS1_2_VERSION, TLS1_2_VERSION,
1185 DTLS1_2_VERSION, DTLS1_2_VERSION,
1186 SSL_HIGH | SSL_FIPS,
1187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1193 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1194 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1200 TLS1_2_VERSION, TLS1_2_VERSION,
1201 DTLS1_2_VERSION, DTLS1_2_VERSION,
1202 SSL_HIGH | SSL_FIPS,
1203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1209 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1216 TLS1_2_VERSION, TLS1_2_VERSION,
1217 DTLS1_2_VERSION, DTLS1_2_VERSION,
1218 SSL_HIGH | SSL_FIPS,
1219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1225 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1232 TLS1_2_VERSION, TLS1_2_VERSION,
1233 DTLS1_2_VERSION, DTLS1_2_VERSION,
1234 SSL_HIGH | SSL_FIPS,
1235 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1241 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1248 TLS1_2_VERSION, TLS1_2_VERSION,
1249 DTLS1_2_VERSION, DTLS1_2_VERSION,
1250 SSL_HIGH | SSL_FIPS,
1251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1257 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1264 TLS1_2_VERSION, TLS1_2_VERSION,
1265 DTLS1_2_VERSION, DTLS1_2_VERSION,
1266 SSL_HIGH | SSL_FIPS,
1267 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1271 #endif /* OPENSSL_NO_EC */
1273 #ifndef OPENSSL_NO_PSK
1276 TLS1_TXT_PSK_WITH_NULL_SHA,
1277 TLS1_RFC_PSK_WITH_NULL_SHA,
1278 TLS1_CK_PSK_WITH_NULL_SHA,
1283 SSL3_VERSION, TLS1_2_VERSION,
1284 DTLS1_BAD_VER, DTLS1_2_VERSION,
1285 SSL_STRONG_NONE | SSL_FIPS,
1286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1292 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1294 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1299 SSL3_VERSION, TLS1_2_VERSION,
1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
1301 SSL_STRONG_NONE | SSL_FIPS,
1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1308 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1310 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1315 SSL3_VERSION, TLS1_2_VERSION,
1316 DTLS1_BAD_VER, DTLS1_2_VERSION,
1317 SSL_STRONG_NONE | SSL_FIPS,
1318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1322 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1325 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1327 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1332 SSL3_VERSION, TLS1_2_VERSION,
1333 DTLS1_BAD_VER, DTLS1_2_VERSION,
1334 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1342 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1344 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1349 SSL3_VERSION, TLS1_2_VERSION,
1350 DTLS1_BAD_VER, DTLS1_2_VERSION,
1351 SSL_HIGH | SSL_FIPS,
1352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1358 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1360 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1365 SSL3_VERSION, TLS1_2_VERSION,
1366 DTLS1_BAD_VER, DTLS1_2_VERSION,
1367 SSL_HIGH | SSL_FIPS,
1368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1372 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1375 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1382 SSL3_VERSION, TLS1_2_VERSION,
1383 DTLS1_BAD_VER, DTLS1_2_VERSION,
1384 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1392 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_BAD_VER, DTLS1_2_VERSION,
1401 SSL_HIGH | SSL_FIPS,
1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1408 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1415 SSL3_VERSION, TLS1_2_VERSION,
1416 DTLS1_BAD_VER, DTLS1_2_VERSION,
1417 SSL_HIGH | SSL_FIPS,
1418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1422 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1425 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1432 SSL3_VERSION, TLS1_2_VERSION,
1433 DTLS1_BAD_VER, DTLS1_2_VERSION,
1434 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1442 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1449 SSL3_VERSION, TLS1_2_VERSION,
1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
1451 SSL_HIGH | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1458 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1465 SSL3_VERSION, TLS1_2_VERSION,
1466 DTLS1_BAD_VER, DTLS1_2_VERSION,
1467 SSL_HIGH | SSL_FIPS,
1468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1474 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1481 TLS1_2_VERSION, TLS1_2_VERSION,
1482 DTLS1_2_VERSION, DTLS1_2_VERSION,
1483 SSL_HIGH | SSL_FIPS,
1484 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1490 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1497 TLS1_2_VERSION, TLS1_2_VERSION,
1498 DTLS1_2_VERSION, DTLS1_2_VERSION,
1499 SSL_HIGH | SSL_FIPS,
1500 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1506 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1513 TLS1_2_VERSION, TLS1_2_VERSION,
1514 DTLS1_2_VERSION, DTLS1_2_VERSION,
1515 SSL_HIGH | SSL_FIPS,
1516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1522 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1529 TLS1_2_VERSION, TLS1_2_VERSION,
1530 DTLS1_2_VERSION, DTLS1_2_VERSION,
1531 SSL_HIGH | SSL_FIPS,
1532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1538 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1545 TLS1_2_VERSION, TLS1_2_VERSION,
1546 DTLS1_2_VERSION, DTLS1_2_VERSION,
1547 SSL_HIGH | SSL_FIPS,
1548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1554 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1561 TLS1_2_VERSION, TLS1_2_VERSION,
1562 DTLS1_2_VERSION, DTLS1_2_VERSION,
1563 SSL_HIGH | SSL_FIPS,
1564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1570 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1577 TLS1_VERSION, TLS1_2_VERSION,
1578 DTLS1_BAD_VER, DTLS1_2_VERSION,
1579 SSL_HIGH | SSL_FIPS,
1580 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1593 TLS1_VERSION, TLS1_2_VERSION,
1594 DTLS1_BAD_VER, DTLS1_2_VERSION,
1595 SSL_HIGH | SSL_FIPS,
1596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1602 TLS1_TXT_PSK_WITH_NULL_SHA256,
1603 TLS1_RFC_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_PSK_WITH_NULL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_BAD_VER, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618 TLS1_TXT_PSK_WITH_NULL_SHA384,
1619 TLS1_RFC_PSK_WITH_NULL_SHA384,
1620 TLS1_CK_PSK_WITH_NULL_SHA384,
1625 TLS1_VERSION, TLS1_2_VERSION,
1626 DTLS1_BAD_VER, DTLS1_2_VERSION,
1627 SSL_STRONG_NONE | SSL_FIPS,
1628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1634 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1641 TLS1_VERSION, TLS1_2_VERSION,
1642 DTLS1_BAD_VER, DTLS1_2_VERSION,
1643 SSL_HIGH | SSL_FIPS,
1644 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1650 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1657 TLS1_VERSION, TLS1_2_VERSION,
1658 DTLS1_BAD_VER, DTLS1_2_VERSION,
1659 SSL_HIGH | SSL_FIPS,
1660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1666 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1673 TLS1_VERSION, TLS1_2_VERSION,
1674 DTLS1_BAD_VER, DTLS1_2_VERSION,
1675 SSL_STRONG_NONE | SSL_FIPS,
1676 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1682 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1689 TLS1_VERSION, TLS1_2_VERSION,
1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
1691 SSL_STRONG_NONE | SSL_FIPS,
1692 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1698 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_HIGH | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1714 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1721 TLS1_VERSION, TLS1_2_VERSION,
1722 DTLS1_BAD_VER, DTLS1_2_VERSION,
1723 SSL_HIGH | SSL_FIPS,
1724 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1730 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1737 TLS1_VERSION, TLS1_2_VERSION,
1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
1739 SSL_STRONG_NONE | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1746 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_STRONG_NONE | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1760 # ifndef OPENSSL_NO_EC
1761 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1764 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1771 TLS1_VERSION, TLS1_2_VERSION,
1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
1773 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1781 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1788 TLS1_VERSION, TLS1_2_VERSION,
1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
1790 SSL_HIGH | SSL_FIPS,
1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1797 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1804 TLS1_VERSION, TLS1_2_VERSION,
1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
1806 SSL_HIGH | SSL_FIPS,
1807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1813 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1820 TLS1_VERSION, TLS1_2_VERSION,
1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
1822 SSL_HIGH | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1829 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1836 TLS1_VERSION, TLS1_2_VERSION,
1837 DTLS1_BAD_VER, DTLS1_2_VERSION,
1838 SSL_HIGH | SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1845 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1852 TLS1_VERSION, TLS1_2_VERSION,
1853 DTLS1_BAD_VER, DTLS1_2_VERSION,
1854 SSL_STRONG_NONE | SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1861 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1868 TLS1_VERSION, TLS1_2_VERSION,
1869 DTLS1_BAD_VER, DTLS1_2_VERSION,
1870 SSL_STRONG_NONE | SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1877 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1884 TLS1_VERSION, TLS1_2_VERSION,
1885 DTLS1_BAD_VER, DTLS1_2_VERSION,
1886 SSL_STRONG_NONE | SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891 # endif /* OPENSSL_NO_EC */
1892 #endif /* OPENSSL_NO_PSK */
1894 #ifndef OPENSSL_NO_SRP
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1898 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1905 SSL3_VERSION, TLS1_2_VERSION,
1906 DTLS1_BAD_VER, DTLS1_2_VERSION,
1907 SSL_NOT_DEFAULT | SSL_MEDIUM,
1908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1921 SSL3_VERSION, TLS1_2_VERSION,
1922 DTLS1_BAD_VER, DTLS1_2_VERSION,
1923 SSL_NOT_DEFAULT | SSL_MEDIUM,
1924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1930 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1937 SSL3_VERSION, TLS1_2_VERSION,
1938 DTLS1_BAD_VER, DTLS1_2_VERSION,
1939 SSL_NOT_DEFAULT | SSL_MEDIUM,
1940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1947 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1954 SSL3_VERSION, TLS1_2_VERSION,
1955 DTLS1_BAD_VER, DTLS1_2_VERSION,
1957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1970 SSL3_VERSION, TLS1_2_VERSION,
1971 DTLS1_BAD_VER, DTLS1_2_VERSION,
1973 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1986 SSL3_VERSION, TLS1_2_VERSION,
1987 DTLS1_BAD_VER, DTLS1_2_VERSION,
1988 SSL_NOT_DEFAULT | SSL_HIGH,
1989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1995 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2002 SSL3_VERSION, TLS1_2_VERSION,
2003 DTLS1_BAD_VER, DTLS1_2_VERSION,
2005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2018 SSL3_VERSION, TLS1_2_VERSION,
2019 DTLS1_BAD_VER, DTLS1_2_VERSION,
2021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2034 SSL3_VERSION, TLS1_2_VERSION,
2035 DTLS1_BAD_VER, DTLS1_2_VERSION,
2036 SSL_NOT_DEFAULT | SSL_HIGH,
2037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2041 #endif /* OPENSSL_NO_SRP */
2043 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2044 # ifndef OPENSSL_NO_RSA
2047 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2048 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2049 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2052 SSL_CHACHA20POLY1305,
2054 TLS1_2_VERSION, TLS1_2_VERSION,
2055 DTLS1_2_VERSION, DTLS1_2_VERSION,
2057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2061 # endif /* OPENSSL_NO_RSA */
2063 # ifndef OPENSSL_NO_EC
2066 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2067 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2068 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2071 SSL_CHACHA20POLY1305,
2073 TLS1_2_VERSION, TLS1_2_VERSION,
2074 DTLS1_2_VERSION, DTLS1_2_VERSION,
2076 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2083 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2084 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2087 SSL_CHACHA20POLY1305,
2089 TLS1_2_VERSION, TLS1_2_VERSION,
2090 DTLS1_2_VERSION, DTLS1_2_VERSION,
2092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2096 # endif /* OPENSSL_NO_EC */
2098 # ifndef OPENSSL_NO_PSK
2101 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2102 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2103 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2106 SSL_CHACHA20POLY1305,
2108 TLS1_2_VERSION, TLS1_2_VERSION,
2109 DTLS1_2_VERSION, DTLS1_2_VERSION,
2111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2117 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2118 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2119 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2122 SSL_CHACHA20POLY1305,
2124 TLS1_2_VERSION, TLS1_2_VERSION,
2125 DTLS1_2_VERSION, DTLS1_2_VERSION,
2127 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2133 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2134 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2135 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2138 SSL_CHACHA20POLY1305,
2140 TLS1_2_VERSION, TLS1_2_VERSION,
2141 DTLS1_2_VERSION, DTLS1_2_VERSION,
2143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2150 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2151 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2154 SSL_CHACHA20POLY1305,
2156 TLS1_2_VERSION, TLS1_2_VERSION,
2157 DTLS1_2_VERSION, DTLS1_2_VERSION,
2159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2163 # endif /* OPENSSL_NO_PSK */
2164 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2165 * !defined(OPENSSL_NO_POLY1305) */
2167 #ifndef OPENSSL_NO_CAMELLIA
2170 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2171 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2177 TLS1_2_VERSION, TLS1_2_VERSION,
2178 DTLS1_2_VERSION, DTLS1_2_VERSION,
2179 SSL_NOT_DEFAULT | SSL_HIGH,
2180 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2186 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2187 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2193 TLS1_2_VERSION, TLS1_2_VERSION,
2194 DTLS1_2_VERSION, DTLS1_2_VERSION,
2195 SSL_NOT_DEFAULT | SSL_HIGH,
2196 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2202 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2203 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209 TLS1_2_VERSION, TLS1_2_VERSION,
2210 DTLS1_2_VERSION, DTLS1_2_VERSION,
2211 SSL_NOT_DEFAULT | SSL_HIGH,
2212 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2218 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2219 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2220 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2225 TLS1_2_VERSION, TLS1_2_VERSION,
2226 DTLS1_2_VERSION, DTLS1_2_VERSION,
2227 SSL_NOT_DEFAULT | SSL_HIGH,
2228 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2234 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2235 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2241 TLS1_2_VERSION, TLS1_2_VERSION,
2242 DTLS1_2_VERSION, DTLS1_2_VERSION,
2243 SSL_NOT_DEFAULT | SSL_HIGH,
2244 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2250 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2251 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2257 TLS1_2_VERSION, TLS1_2_VERSION,
2258 DTLS1_2_VERSION, DTLS1_2_VERSION,
2259 SSL_NOT_DEFAULT | SSL_HIGH,
2260 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2266 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2267 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273 TLS1_2_VERSION, TLS1_2_VERSION,
2274 DTLS1_2_VERSION, DTLS1_2_VERSION,
2275 SSL_NOT_DEFAULT | SSL_HIGH,
2276 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2282 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2283 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2284 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2289 TLS1_2_VERSION, TLS1_2_VERSION,
2290 DTLS1_2_VERSION, DTLS1_2_VERSION,
2291 SSL_NOT_DEFAULT | SSL_HIGH,
2292 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2298 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2299 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2305 SSL3_VERSION, TLS1_2_VERSION,
2306 DTLS1_BAD_VER, DTLS1_2_VERSION,
2307 SSL_NOT_DEFAULT | SSL_HIGH,
2308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2314 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2315 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2321 SSL3_VERSION, TLS1_2_VERSION,
2322 DTLS1_BAD_VER, DTLS1_2_VERSION,
2323 SSL_NOT_DEFAULT | SSL_HIGH,
2324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2330 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2331 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337 SSL3_VERSION, TLS1_2_VERSION,
2338 DTLS1_BAD_VER, DTLS1_2_VERSION,
2339 SSL_NOT_DEFAULT | SSL_HIGH,
2340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2346 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2347 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2348 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2353 SSL3_VERSION, TLS1_2_VERSION,
2354 DTLS1_BAD_VER, DTLS1_2_VERSION,
2355 SSL_NOT_DEFAULT | SSL_HIGH,
2356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2362 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2363 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2369 SSL3_VERSION, TLS1_2_VERSION,
2370 DTLS1_BAD_VER, DTLS1_2_VERSION,
2371 SSL_NOT_DEFAULT | SSL_HIGH,
2372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2378 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2379 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2385 SSL3_VERSION, TLS1_2_VERSION,
2386 DTLS1_BAD_VER, DTLS1_2_VERSION,
2387 SSL_NOT_DEFAULT | SSL_HIGH,
2388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2394 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2395 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401 SSL3_VERSION, TLS1_2_VERSION,
2402 DTLS1_BAD_VER, DTLS1_2_VERSION,
2403 SSL_NOT_DEFAULT | SSL_HIGH,
2404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2410 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2411 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2412 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2417 SSL3_VERSION, TLS1_2_VERSION,
2418 DTLS1_BAD_VER, DTLS1_2_VERSION,
2419 SSL_NOT_DEFAULT | SSL_HIGH,
2420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425 # ifndef OPENSSL_NO_EC
2428 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2429 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2435 TLS1_2_VERSION, TLS1_2_VERSION,
2436 DTLS1_2_VERSION, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2444 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2445 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2451 TLS1_2_VERSION, TLS1_2_VERSION,
2452 DTLS1_2_VERSION, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2460 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2461 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2476 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2477 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_2_VERSION, TLS1_2_VERSION,
2484 DTLS1_2_VERSION, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2490 # endif /* OPENSSL_NO_EC */
2492 # ifndef OPENSSL_NO_PSK
2495 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2496 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2502 TLS1_VERSION, TLS1_2_VERSION,
2503 DTLS1_BAD_VER, DTLS1_2_VERSION,
2504 SSL_NOT_DEFAULT | SSL_HIGH,
2505 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2511 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2512 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2518 TLS1_VERSION, TLS1_2_VERSION,
2519 DTLS1_BAD_VER, DTLS1_2_VERSION,
2520 SSL_NOT_DEFAULT | SSL_HIGH,
2521 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2527 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2534 TLS1_VERSION, TLS1_2_VERSION,
2535 DTLS1_BAD_VER, DTLS1_2_VERSION,
2536 SSL_NOT_DEFAULT | SSL_HIGH,
2537 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2543 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2550 TLS1_VERSION, TLS1_2_VERSION,
2551 DTLS1_BAD_VER, DTLS1_2_VERSION,
2552 SSL_NOT_DEFAULT | SSL_HIGH,
2553 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2559 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2566 TLS1_VERSION, TLS1_2_VERSION,
2567 DTLS1_BAD_VER, DTLS1_2_VERSION,
2568 SSL_NOT_DEFAULT | SSL_HIGH,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2575 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2582 TLS1_VERSION, TLS1_2_VERSION,
2583 DTLS1_BAD_VER, DTLS1_2_VERSION,
2584 SSL_NOT_DEFAULT | SSL_HIGH,
2585 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2591 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2598 TLS1_VERSION, TLS1_2_VERSION,
2599 DTLS1_BAD_VER, DTLS1_2_VERSION,
2600 SSL_NOT_DEFAULT | SSL_HIGH,
2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2607 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2614 TLS1_VERSION, TLS1_2_VERSION,
2615 DTLS1_BAD_VER, DTLS1_2_VERSION,
2616 SSL_NOT_DEFAULT | SSL_HIGH,
2617 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2621 # endif /* OPENSSL_NO_PSK */
2623 #endif /* OPENSSL_NO_CAMELLIA */
2625 #ifndef OPENSSL_NO_GOST
2628 "GOST2001-GOST89-GOST89",
2629 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2633 SSL_eGOST2814789CNT,
2635 TLS1_VERSION, TLS1_2_VERSION,
2638 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2644 "GOST2001-NULL-GOST94",
2645 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2651 TLS1_VERSION, TLS1_2_VERSION,
2654 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2660 "GOST2012-GOST8912-GOST8912",
2664 SSL_aGOST12 | SSL_aGOST01,
2665 SSL_eGOST2814789CNT12,
2667 TLS1_VERSION, TLS1_2_VERSION,
2670 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2676 "GOST2012-NULL-GOST12",
2680 SSL_aGOST12 | SSL_aGOST01,
2683 TLS1_VERSION, TLS1_2_VERSION,
2686 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2690 #endif /* OPENSSL_NO_GOST */
2692 #ifndef OPENSSL_NO_IDEA
2695 SSL3_TXT_RSA_IDEA_128_SHA,
2696 SSL3_RFC_RSA_IDEA_128_SHA,
2697 SSL3_CK_RSA_IDEA_128_SHA,
2702 SSL3_VERSION, TLS1_1_VERSION,
2703 DTLS1_BAD_VER, DTLS1_VERSION,
2704 SSL_NOT_DEFAULT | SSL_MEDIUM,
2705 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2711 #ifndef OPENSSL_NO_SEED
2714 TLS1_TXT_RSA_WITH_SEED_SHA,
2715 TLS1_RFC_RSA_WITH_SEED_SHA,
2716 TLS1_CK_RSA_WITH_SEED_SHA,
2721 SSL3_VERSION, TLS1_2_VERSION,
2722 DTLS1_BAD_VER, DTLS1_2_VERSION,
2723 SSL_NOT_DEFAULT | SSL_MEDIUM,
2724 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2730 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2731 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2732 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2737 SSL3_VERSION, TLS1_2_VERSION,
2738 DTLS1_BAD_VER, DTLS1_2_VERSION,
2739 SSL_NOT_DEFAULT | SSL_MEDIUM,
2740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2746 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2747 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2748 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2753 SSL3_VERSION, TLS1_2_VERSION,
2754 DTLS1_BAD_VER, DTLS1_2_VERSION,
2755 SSL_NOT_DEFAULT | SSL_MEDIUM,
2756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2762 TLS1_TXT_ADH_WITH_SEED_SHA,
2763 TLS1_RFC_ADH_WITH_SEED_SHA,
2764 TLS1_CK_ADH_WITH_SEED_SHA,
2769 SSL3_VERSION, TLS1_2_VERSION,
2770 DTLS1_BAD_VER, DTLS1_2_VERSION,
2771 SSL_NOT_DEFAULT | SSL_MEDIUM,
2772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776 #endif /* OPENSSL_NO_SEED */
2778 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2781 SSL3_TXT_RSA_RC4_128_MD5,
2782 SSL3_RFC_RSA_RC4_128_MD5,
2783 SSL3_CK_RSA_RC4_128_MD5,
2788 SSL3_VERSION, TLS1_2_VERSION,
2790 SSL_NOT_DEFAULT | SSL_MEDIUM,
2791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2797 SSL3_TXT_RSA_RC4_128_SHA,
2798 SSL3_RFC_RSA_RC4_128_SHA,
2799 SSL3_CK_RSA_RC4_128_SHA,
2804 SSL3_VERSION, TLS1_2_VERSION,
2806 SSL_NOT_DEFAULT | SSL_MEDIUM,
2807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2813 SSL3_TXT_ADH_RC4_128_MD5,
2814 SSL3_RFC_ADH_RC4_128_MD5,
2815 SSL3_CK_ADH_RC4_128_MD5,
2820 SSL3_VERSION, TLS1_2_VERSION,
2822 SSL_NOT_DEFAULT | SSL_MEDIUM,
2823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2828 # ifndef OPENSSL_NO_EC
2831 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2832 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2833 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2838 TLS1_VERSION, TLS1_2_VERSION,
2840 SSL_NOT_DEFAULT | SSL_MEDIUM,
2841 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2847 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2848 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2849 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2854 TLS1_VERSION, TLS1_2_VERSION,
2856 SSL_NOT_DEFAULT | SSL_MEDIUM,
2857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2863 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2864 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2865 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2870 TLS1_VERSION, TLS1_2_VERSION,
2872 SSL_NOT_DEFAULT | SSL_MEDIUM,
2873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2879 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2880 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2881 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2886 TLS1_VERSION, TLS1_2_VERSION,
2888 SSL_NOT_DEFAULT | SSL_MEDIUM,
2889 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2893 # endif /* OPENSSL_NO_EC */
2895 # ifndef OPENSSL_NO_PSK
2898 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2899 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2900 TLS1_CK_PSK_WITH_RC4_128_SHA,
2905 SSL3_VERSION, TLS1_2_VERSION,
2907 SSL_NOT_DEFAULT | SSL_MEDIUM,
2908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2915 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2916 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2921 SSL3_VERSION, TLS1_2_VERSION,
2923 SSL_NOT_DEFAULT | SSL_MEDIUM,
2924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2930 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2931 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2932 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2937 SSL3_VERSION, TLS1_2_VERSION,
2939 SSL_NOT_DEFAULT | SSL_MEDIUM,
2940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2944 # endif /* OPENSSL_NO_PSK */
2946 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2948 #ifndef OPENSSL_NO_ARIA
2951 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2952 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2953 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2958 TLS1_2_VERSION, TLS1_2_VERSION,
2959 DTLS1_2_VERSION, DTLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_HIGH,
2961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2967 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2968 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2969 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2974 TLS1_2_VERSION, TLS1_2_VERSION,
2975 DTLS1_2_VERSION, DTLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_HIGH,
2977 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2983 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2984 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2985 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2990 TLS1_2_VERSION, TLS1_2_VERSION,
2991 DTLS1_2_VERSION, DTLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_HIGH,
2993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2999 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3000 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3001 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3006 TLS1_2_VERSION, TLS1_2_VERSION,
3007 DTLS1_2_VERSION, DTLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_HIGH,
3009 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3015 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3016 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3017 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3022 TLS1_2_VERSION, TLS1_2_VERSION,
3023 DTLS1_2_VERSION, DTLS1_2_VERSION,
3024 SSL_NOT_DEFAULT | SSL_HIGH,
3025 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3031 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3032 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3033 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3038 TLS1_2_VERSION, TLS1_2_VERSION,
3039 DTLS1_2_VERSION, DTLS1_2_VERSION,
3040 SSL_NOT_DEFAULT | SSL_HIGH,
3041 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3047 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3048 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3049 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3054 TLS1_2_VERSION, TLS1_2_VERSION,
3055 DTLS1_2_VERSION, DTLS1_2_VERSION,
3056 SSL_NOT_DEFAULT | SSL_HIGH,
3057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3063 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3064 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3065 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3070 TLS1_2_VERSION, TLS1_2_VERSION,
3071 DTLS1_2_VERSION, DTLS1_2_VERSION,
3072 SSL_NOT_DEFAULT | SSL_HIGH,
3073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3080 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3081 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3082 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3087 TLS1_2_VERSION, TLS1_2_VERSION,
3088 DTLS1_2_VERSION, DTLS1_2_VERSION,
3089 SSL_NOT_DEFAULT | SSL_HIGH,
3090 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3096 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3097 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3098 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3103 TLS1_2_VERSION, TLS1_2_VERSION,
3104 DTLS1_2_VERSION, DTLS1_2_VERSION,
3105 SSL_NOT_DEFAULT | SSL_HIGH,
3106 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3112 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3113 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3114 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3119 TLS1_2_VERSION, TLS1_2_VERSION,
3120 DTLS1_2_VERSION, DTLS1_2_VERSION,
3121 SSL_NOT_DEFAULT | SSL_HIGH,
3122 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3128 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3129 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3130 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3135 TLS1_2_VERSION, TLS1_2_VERSION,
3136 DTLS1_2_VERSION, DTLS1_2_VERSION,
3137 SSL_NOT_DEFAULT | SSL_HIGH,
3138 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3144 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3145 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3146 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3151 TLS1_2_VERSION, TLS1_2_VERSION,
3152 DTLS1_2_VERSION, DTLS1_2_VERSION,
3153 SSL_NOT_DEFAULT | SSL_HIGH,
3154 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3160 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3161 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3162 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3167 TLS1_2_VERSION, TLS1_2_VERSION,
3168 DTLS1_2_VERSION, DTLS1_2_VERSION,
3169 SSL_NOT_DEFAULT | SSL_HIGH,
3170 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3177 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3178 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3179 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3184 TLS1_2_VERSION, TLS1_2_VERSION,
3185 DTLS1_2_VERSION, DTLS1_2_VERSION,
3186 SSL_NOT_DEFAULT | SSL_HIGH,
3187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3193 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3194 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3195 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3200 TLS1_2_VERSION, TLS1_2_VERSION,
3201 DTLS1_2_VERSION, DTLS1_2_VERSION,
3202 SSL_NOT_DEFAULT | SSL_HIGH,
3203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3207 #endif /* OPENSSL_NO_ARIA */
3211 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3212 * values stuffed into the ciphers field of the wire protocol for signalling
3215 static SSL_CIPHER ssl3_scsvs[] = {
3218 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3219 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3221 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3225 "TLS_FALLBACK_SCSV",
3226 "TLS_FALLBACK_SCSV",
3227 SSL3_CK_FALLBACK_SCSV,
3228 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3232 static int cipher_compare(const void *a, const void *b)
3234 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3235 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3237 if (ap->id == bp->id)
3239 return ap->id < bp->id ? -1 : 1;
3242 void ssl_sort_cipher_list(void)
3244 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
3246 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
3249 const SSL3_ENC_METHOD SSLv3_enc_data = {
3252 ssl3_setup_key_block,
3253 ssl3_generate_master_secret,
3254 ssl3_change_cipher_state,
3255 ssl3_final_finish_mac,
3256 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3257 SSL3_MD_SERVER_FINISHED_CONST, 4,
3259 (int (*)(SSL *, unsigned char *, size_t, const char *,
3260 size_t, const unsigned char *, size_t,
3261 int use_context))ssl_undefined_function,
3263 ssl3_set_handshake_header,
3264 tls_close_construct_packet,
3265 ssl3_handshake_write
3268 long ssl3_default_timeout(void)
3271 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3272 * http, the cache would over fill
3274 return (60 * 60 * 2);
3277 int ssl3_num_ciphers(void)
3279 return SSL3_NUM_CIPHERS;
3282 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3284 if (u < SSL3_NUM_CIPHERS)
3285 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3290 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3292 /* No header in the event of a CCS */
3293 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3296 /* Set the content type and 3 bytes for the message len */
3297 if (!WPACKET_put_bytes_u8(pkt, htype)
3298 || !WPACKET_start_sub_packet_u24(pkt))
3304 int ssl3_handshake_write(SSL *s)
3306 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3309 int ssl3_new(SSL *s)
3313 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3317 #ifndef OPENSSL_NO_SRP
3318 if (!SSL_SRP_CTX_init(s))
3322 if (!s->method->ssl_clear(s))
3330 void ssl3_free(SSL *s)
3332 if (s == NULL || s->s3 == NULL)
3335 ssl3_cleanup_key_block(s);
3337 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3338 EVP_PKEY_free(s->s3->peer_tmp);
3339 s->s3->peer_tmp = NULL;
3340 EVP_PKEY_free(s->s3->tmp.pkey);
3341 s->s3->tmp.pkey = NULL;
3344 OPENSSL_free(s->s3->tmp.ctype);
3345 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3346 OPENSSL_free(s->s3->tmp.ciphers_raw);
3347 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3348 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3349 ssl3_free_digest_list(s);
3350 OPENSSL_free(s->s3->alpn_selected);
3351 OPENSSL_free(s->s3->alpn_proposed);
3353 #ifndef OPENSSL_NO_SRP
3354 SSL_SRP_CTX_free(s);
3356 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3360 int ssl3_clear(SSL *s)
3362 ssl3_cleanup_key_block(s);
3363 OPENSSL_free(s->s3->tmp.ctype);
3364 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3365 OPENSSL_free(s->s3->tmp.ciphers_raw);
3366 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3367 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3369 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3370 EVP_PKEY_free(s->s3->tmp.pkey);
3371 EVP_PKEY_free(s->s3->peer_tmp);
3372 #endif /* !OPENSSL_NO_EC */
3374 ssl3_free_digest_list(s);
3376 OPENSSL_free(s->s3->alpn_selected);
3377 OPENSSL_free(s->s3->alpn_proposed);
3379 /* NULL/zero-out everything in the s3 struct */
3380 memset(s->s3, 0, sizeof(*s->s3));
3382 if (!ssl_free_wbio_buffer(s))
3385 s->version = SSL3_VERSION;
3387 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3388 OPENSSL_free(s->ext.npn);
3396 #ifndef OPENSSL_NO_SRP
3397 static char *srp_password_from_info_cb(SSL *s, void *arg)
3399 return OPENSSL_strdup(s->srp_ctx.info);
3403 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3405 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3410 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3412 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3413 ret = s->s3->num_renegotiations;
3415 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3416 ret = s->s3->num_renegotiations;
3417 s->s3->num_renegotiations = 0;
3419 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3420 ret = s->s3->total_renegotiations;
3422 case SSL_CTRL_GET_FLAGS:
3423 ret = (int)(s->s3->flags);
3425 #ifndef OPENSSL_NO_DH
3426 case SSL_CTRL_SET_TMP_DH:
3428 DH *dh = (DH *)parg;
3429 EVP_PKEY *pkdh = NULL;
3431 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3434 pkdh = ssl_dh_to_pkey(dh);
3436 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3439 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3440 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3441 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3442 EVP_PKEY_free(pkdh);
3445 EVP_PKEY_free(s->cert->dh_tmp);
3446 s->cert->dh_tmp = pkdh;
3450 case SSL_CTRL_SET_TMP_DH_CB:
3452 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3455 case SSL_CTRL_SET_DH_AUTO:
3456 s->cert->dh_tmp_auto = larg;
3459 #ifndef OPENSSL_NO_EC
3460 case SSL_CTRL_SET_TMP_ECDH:
3462 const EC_GROUP *group = NULL;
3466 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3469 group = EC_KEY_get0_group((const EC_KEY *)parg);
3470 if (group == NULL) {
3471 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3474 nid = EC_GROUP_get_curve_name(group);
3475 if (nid == NID_undef)
3477 return tls1_set_groups(&s->ext.supportedgroups,
3478 &s->ext.supportedgroups_len,
3482 #endif /* !OPENSSL_NO_EC */
3483 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3484 if (larg == TLSEXT_NAMETYPE_host_name) {
3487 OPENSSL_free(s->ext.hostname);
3488 s->ext.hostname = NULL;
3493 len = strlen((char *)parg);
3494 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3495 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3498 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3499 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3503 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3507 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3508 s->ext.debug_arg = parg;
3512 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3513 ret = s->ext.status_type;
3516 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3517 s->ext.status_type = larg;
3521 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3522 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3526 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3527 s->ext.ocsp.exts = parg;
3531 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3532 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3536 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3537 s->ext.ocsp.ids = parg;
3541 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3542 *(unsigned char **)parg = s->ext.ocsp.resp;
3543 if (s->ext.ocsp.resp_len == 0
3544 || s->ext.ocsp.resp_len > LONG_MAX)
3546 return (long)s->ext.ocsp.resp_len;
3548 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3549 OPENSSL_free(s->ext.ocsp.resp);
3550 s->ext.ocsp.resp = parg;
3551 s->ext.ocsp.resp_len = larg;
3555 #ifndef OPENSSL_NO_HEARTBEATS
3556 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3557 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3558 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3562 case SSL_CTRL_CHAIN:
3564 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3566 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3568 case SSL_CTRL_CHAIN_CERT:
3570 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3572 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3574 case SSL_CTRL_GET_CHAIN_CERTS:
3575 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3578 case SSL_CTRL_SELECT_CURRENT_CERT:
3579 return ssl_cert_select_current(s->cert, (X509 *)parg);
3581 case SSL_CTRL_SET_CURRENT_CERT:
3582 if (larg == SSL_CERT_SET_SERVER) {
3583 const SSL_CIPHER *cipher;
3586 cipher = s->s3->tmp.new_cipher;
3590 * No certificate for unauthenticated ciphersuites or using SRP
3593 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3595 if (s->s3->tmp.cert == NULL)
3597 s->cert->key = s->s3->tmp.cert;
3600 return ssl_cert_set_current(s->cert, larg);
3602 #ifndef OPENSSL_NO_EC
3603 case SSL_CTRL_GET_GROUPS:
3610 clist = s->session->ext.supportedgroups;
3611 clistlen = s->session->ext.supportedgroups_len;
3616 for (i = 0; i < clistlen; i++) {
3617 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3620 cptr[i] = cinf->nid;
3622 cptr[i] = TLSEXT_nid_unknown | clist[i];
3625 return (int)clistlen;
3628 case SSL_CTRL_SET_GROUPS:
3629 return tls1_set_groups(&s->ext.supportedgroups,
3630 &s->ext.supportedgroups_len, parg, larg);
3632 case SSL_CTRL_SET_GROUPS_LIST:
3633 return tls1_set_groups_list(&s->ext.supportedgroups,
3634 &s->ext.supportedgroups_len, parg);
3636 case SSL_CTRL_GET_SHARED_GROUP:
3638 uint16_t id = tls1_shared_group(s, larg);
3641 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3643 return ginf == NULL ? 0 : ginf->nid;
3648 case SSL_CTRL_SET_SIGALGS:
3649 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3651 case SSL_CTRL_SET_SIGALGS_LIST:
3652 return tls1_set_sigalgs_list(s->cert, parg, 0);
3654 case SSL_CTRL_SET_CLIENT_SIGALGS:
3655 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3657 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3658 return tls1_set_sigalgs_list(s->cert, parg, 1);
3660 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3662 const unsigned char **pctype = parg;
3663 if (s->server || !s->s3->tmp.cert_req)
3666 *pctype = s->s3->tmp.ctype;
3667 return s->s3->tmp.ctype_len;
3670 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3673 return ssl3_set_req_cert_type(s->cert, parg, larg);
3675 case SSL_CTRL_BUILD_CERT_CHAIN:
3676 return ssl_build_cert_chain(s, NULL, larg);
3678 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3679 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3681 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3682 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3684 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3685 if (s->s3->tmp.peer_sigalg == NULL)
3687 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3690 case SSL_CTRL_GET_SERVER_TMP_KEY:
3691 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3692 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3695 EVP_PKEY_up_ref(s->s3->peer_tmp);
3696 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3702 #ifndef OPENSSL_NO_EC
3703 case SSL_CTRL_GET_EC_POINT_FORMATS:
3705 SSL_SESSION *sess = s->session;
3706 const unsigned char **pformat = parg;
3708 if (sess == NULL || sess->ext.ecpointformats == NULL)
3710 *pformat = sess->ext.ecpointformats;
3711 return (int)sess->ext.ecpointformats_len;
3721 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3726 #ifndef OPENSSL_NO_DH
3727 case SSL_CTRL_SET_TMP_DH_CB:
3729 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3733 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3734 s->ext.debug_cb = (void (*)(SSL *, int, int,
3735 const unsigned char *, int, void *))fp;
3738 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3740 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3749 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3752 #ifndef OPENSSL_NO_DH
3753 case SSL_CTRL_SET_TMP_DH:
3755 DH *dh = (DH *)parg;
3756 EVP_PKEY *pkdh = NULL;
3758 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3761 pkdh = ssl_dh_to_pkey(dh);
3763 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3766 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3767 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3768 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3769 EVP_PKEY_free(pkdh);
3772 EVP_PKEY_free(ctx->cert->dh_tmp);
3773 ctx->cert->dh_tmp = pkdh;
3776 case SSL_CTRL_SET_TMP_DH_CB:
3778 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3781 case SSL_CTRL_SET_DH_AUTO:
3782 ctx->cert->dh_tmp_auto = larg;
3785 #ifndef OPENSSL_NO_EC
3786 case SSL_CTRL_SET_TMP_ECDH:
3788 const EC_GROUP *group = NULL;
3792 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3795 group = EC_KEY_get0_group((const EC_KEY *)parg);
3796 if (group == NULL) {
3797 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3800 nid = EC_GROUP_get_curve_name(group);
3801 if (nid == NID_undef)
3803 return tls1_set_groups(&ctx->ext.supportedgroups,
3804 &ctx->ext.supportedgroups_len,
3807 #endif /* !OPENSSL_NO_EC */
3808 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3809 ctx->ext.servername_arg = parg;
3811 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3812 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3814 unsigned char *keys = parg;
3815 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3816 sizeof(ctx->ext.tick_hmac_key) +
3817 sizeof(ctx->ext.tick_aes_key));
3820 if (larg != tick_keylen) {
3821 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3824 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3825 memcpy(ctx->ext.tick_key_name, keys,
3826 sizeof(ctx->ext.tick_key_name));
3827 memcpy(ctx->ext.tick_hmac_key,
3828 keys + sizeof(ctx->ext.tick_key_name),
3829 sizeof(ctx->ext.tick_hmac_key));
3830 memcpy(ctx->ext.tick_aes_key,
3831 keys + sizeof(ctx->ext.tick_key_name) +
3832 sizeof(ctx->ext.tick_hmac_key),
3833 sizeof(ctx->ext.tick_aes_key));
3835 memcpy(keys, ctx->ext.tick_key_name,
3836 sizeof(ctx->ext.tick_key_name));
3837 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3838 ctx->ext.tick_hmac_key,
3839 sizeof(ctx->ext.tick_hmac_key));
3840 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3841 sizeof(ctx->ext.tick_hmac_key),
3842 ctx->ext.tick_aes_key,
3843 sizeof(ctx->ext.tick_aes_key));
3848 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3849 return ctx->ext.status_type;
3851 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3852 ctx->ext.status_type = larg;
3855 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3856 ctx->ext.status_arg = parg;
3859 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3860 *(void**)parg = ctx->ext.status_arg;
3863 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3864 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3867 #ifndef OPENSSL_NO_SRP
3868 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3869 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3870 OPENSSL_free(ctx->srp_ctx.login);
3871 ctx->srp_ctx.login = NULL;
3874 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3875 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3878 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3879 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3883 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3884 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3885 srp_password_from_info_cb;
3886 if (ctx->srp_ctx.info != NULL)
3887 OPENSSL_free(ctx->srp_ctx.info);
3888 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3889 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3893 case SSL_CTRL_SET_SRP_ARG:
3894 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3895 ctx->srp_ctx.SRP_cb_arg = parg;
3898 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3899 ctx->srp_ctx.strength = larg;
3903 #ifndef OPENSSL_NO_EC
3904 case SSL_CTRL_SET_GROUPS:
3905 return tls1_set_groups(&ctx->ext.supportedgroups,
3906 &ctx->ext.supportedgroups_len,
3909 case SSL_CTRL_SET_GROUPS_LIST:
3910 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3911 &ctx->ext.supportedgroups_len,
3914 case SSL_CTRL_SET_SIGALGS:
3915 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3917 case SSL_CTRL_SET_SIGALGS_LIST:
3918 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3920 case SSL_CTRL_SET_CLIENT_SIGALGS:
3921 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3923 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3924 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3926 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3927 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3929 case SSL_CTRL_BUILD_CERT_CHAIN:
3930 return ssl_build_cert_chain(NULL, ctx, larg);
3932 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3933 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3935 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3936 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3938 /* A Thawte special :-) */
3939 case SSL_CTRL_EXTRA_CHAIN_CERT:
3940 if (ctx->extra_certs == NULL) {
3941 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3942 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3946 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3947 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3952 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3953 if (ctx->extra_certs == NULL && larg == 0)
3954 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3956 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3959 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3960 sk_X509_pop_free(ctx->extra_certs, X509_free);
3961 ctx->extra_certs = NULL;
3964 case SSL_CTRL_CHAIN:
3966 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3968 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3970 case SSL_CTRL_CHAIN_CERT:
3972 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3974 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3976 case SSL_CTRL_GET_CHAIN_CERTS:
3977 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3980 case SSL_CTRL_SELECT_CURRENT_CERT:
3981 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3983 case SSL_CTRL_SET_CURRENT_CERT:
3984 return ssl_cert_set_current(ctx->cert, larg);
3992 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3995 #ifndef OPENSSL_NO_DH
3996 case SSL_CTRL_SET_TMP_DH_CB:
3998 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4002 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4003 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4006 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4007 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4010 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4011 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4014 HMAC_CTX *, int))fp;
4017 #ifndef OPENSSL_NO_SRP
4018 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4019 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4020 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4022 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4023 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4024 ctx->srp_ctx.TLS_ext_srp_username_callback =
4025 (int (*)(SSL *, int *, void *))fp;
4027 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4028 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4029 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4030 (char *(*)(SSL *, void *))fp;
4033 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4035 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4044 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4047 const SSL_CIPHER *cp;
4050 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4053 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4056 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4058 SSL_CIPHER *c = NULL;
4059 SSL_CIPHER *tbl = ssl3_ciphers;
4062 /* this is not efficient, necessary to optimize this? */
4063 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
4064 if (tbl->stdname == NULL)
4066 if (strcmp(stdname, tbl->stdname) == 0) {
4073 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4074 if (strcmp(stdname, tbl->stdname) == 0) {
4084 * This function needs to check if the ciphers required are actually
4087 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4089 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4090 | ((uint32_t)p[0] << 8L)
4094 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4096 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4101 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4109 * ssl3_choose_cipher - choose a cipher from those offered by the client
4110 * @s: SSL connection
4111 * @clnt: ciphers offered by the client
4112 * @srvr: ciphers enabled on the server?
4114 * Returns the selected cipher or NULL when no common ciphers.
4116 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4117 STACK_OF(SSL_CIPHER) *srvr)
4119 const SSL_CIPHER *c, *ret = NULL;
4120 STACK_OF(SSL_CIPHER) *prio, *allow;
4122 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4123 #ifndef OPENSSL_NO_CHACHA
4124 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4127 /* Let's see which ciphers we can support */
4130 * Do not set the compare functions, because this may lead to a
4131 * reordering by "id". We want to keep the original ordering. We may pay
4132 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4133 * pay with the price of sk_SSL_CIPHER_dup().
4137 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4139 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4140 c = sk_SSL_CIPHER_value(srvr, i);
4141 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4143 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4145 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4146 c = sk_SSL_CIPHER_value(clnt, i);
4147 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4151 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4152 if (tls1_suiteb(s)) {
4155 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4158 #ifndef OPENSSL_NO_CHACHA
4159 /* If ChaCha20 is at the top of the client preference list,
4160 and there are ChaCha20 ciphers in the server list, then
4161 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4162 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4163 c = sk_SSL_CIPHER_value(clnt, 0);
4164 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4165 /* ChaCha20 is client preferred, check server... */
4166 int num = sk_SSL_CIPHER_num(srvr);
4168 for (i = 0; i < num; i++) {
4169 c = sk_SSL_CIPHER_value(srvr, i);
4170 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4176 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4177 /* if reserve fails, then there's likely a memory issue */
4178 if (prio_chacha != NULL) {
4179 /* Put all ChaCha20 at the top, starting with the one we just found */
4180 sk_SSL_CIPHER_push(prio_chacha, c);
4181 for (i++; i < num; i++) {
4182 c = sk_SSL_CIPHER_value(srvr, i);
4183 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4184 sk_SSL_CIPHER_push(prio_chacha, c);
4186 /* Pull in the rest */
4187 for (i = 0; i < num; i++) {
4188 c = sk_SSL_CIPHER_value(srvr, i);
4189 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4190 sk_SSL_CIPHER_push(prio_chacha, c);
4203 if (!SSL_IS_TLS13(s)) {
4204 tls1_set_cert_validity(s);
4208 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4209 c = sk_SSL_CIPHER_value(prio, i);
4211 /* Skip ciphers not supported by the protocol version */
4212 if (!SSL_IS_DTLS(s) &&
4213 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4215 if (SSL_IS_DTLS(s) &&
4216 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4217 DTLS_VERSION_GT(s->version, c->max_dtls)))
4221 * Since TLS 1.3 ciphersuites can be used with any auth or
4222 * key exchange scheme skip tests.
4224 if (!SSL_IS_TLS13(s)) {
4225 mask_k = s->s3->tmp.mask_k;
4226 mask_a = s->s3->tmp.mask_a;
4227 #ifndef OPENSSL_NO_SRP
4228 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4234 alg_k = c->algorithm_mkey;
4235 alg_a = c->algorithm_auth;
4237 #ifndef OPENSSL_NO_PSK
4238 /* with PSK there must be server callback set */
4239 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4241 #endif /* OPENSSL_NO_PSK */
4243 ok = (alg_k & mask_k) && (alg_a & mask_a);
4245 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4246 alg_a, mask_k, mask_a, (void *)c, c->name);
4249 #ifndef OPENSSL_NO_EC
4251 * if we are considering an ECC cipher suite that uses an ephemeral
4254 if (alg_k & SSL_kECDHE)
4255 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4256 #endif /* OPENSSL_NO_EC */
4261 ii = sk_SSL_CIPHER_find(allow, c);
4263 /* Check security callback permits this cipher */
4264 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4265 c->strength_bits, 0, (void *)c))
4267 #if !defined(OPENSSL_NO_EC)
4268 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4269 && s->s3->is_probably_safari) {
4271 ret = sk_SSL_CIPHER_value(allow, ii);
4275 ret = sk_SSL_CIPHER_value(allow, ii);
4279 #ifndef OPENSSL_NO_CHACHA
4280 sk_SSL_CIPHER_free(prio_chacha);
4285 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4287 uint32_t alg_k, alg_a = 0;
4289 /* If we have custom certificate types set, use them */
4291 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4292 /* Get mask of algorithms disabled by signature list */
4293 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4295 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4297 #ifndef OPENSSL_NO_GOST
4298 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4299 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4300 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4301 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4304 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4305 #ifndef OPENSSL_NO_DH
4306 # ifndef OPENSSL_NO_RSA
4307 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4310 # ifndef OPENSSL_NO_DSA
4311 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4314 #endif /* !OPENSSL_NO_DH */
4316 #ifndef OPENSSL_NO_RSA
4317 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4320 #ifndef OPENSSL_NO_DSA
4321 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4324 #ifndef OPENSSL_NO_EC
4326 * ECDSA certs can be used with RSA cipher suites too so we don't
4327 * need to check for SSL_kECDH or SSL_kECDHE
4329 if (s->version >= TLS1_VERSION
4330 && !(alg_a & SSL_aECDSA)
4331 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4337 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4339 OPENSSL_free(c->ctype);
4342 if (p == NULL || len == 0)
4346 c->ctype = OPENSSL_memdup(p, len);
4347 if (c->ctype == NULL)
4353 int ssl3_shutdown(SSL *s)
4358 * Don't do anything much if we have not done the handshake or we don't
4359 * want to send messages :-)
4361 if (s->quiet_shutdown || SSL_in_before(s)) {
4362 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4366 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4367 s->shutdown |= SSL_SENT_SHUTDOWN;
4368 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4370 * our shutdown alert has been sent now, and if it still needs to be
4371 * written, s->s3->alert_dispatch will be true
4373 if (s->s3->alert_dispatch)
4374 return -1; /* return WANT_WRITE */
4375 } else if (s->s3->alert_dispatch) {
4376 /* resend it if not sent */
4377 ret = s->method->ssl_dispatch_alert(s);
4380 * we only get to return -1 here the 2nd/Nth invocation, we must
4381 * have already signalled return 0 upon a previous invocation,
4386 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4389 * If we are waiting for a close from our peer, we are closed
4391 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4392 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4393 return -1; /* return WANT_READ */
4397 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4398 !s->s3->alert_dispatch)
4404 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4407 if (s->s3->renegotiate)
4408 ssl3_renegotiate_check(s, 0);
4410 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4414 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4420 if (s->s3->renegotiate)
4421 ssl3_renegotiate_check(s, 0);
4422 s->s3->in_read_app_data = 1;
4424 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4426 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4428 * ssl3_read_bytes decided to call s->handshake_func, which called
4429 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4430 * actually found application data and thinks that application data
4431 * makes sense here; so disable handshake processing and try to read
4432 * application data again.
4434 ossl_statem_set_in_handshake(s, 1);
4436 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4437 len, peek, readbytes);
4438 ossl_statem_set_in_handshake(s, 0);
4440 s->s3->in_read_app_data = 0;
4445 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4447 return ssl3_read_internal(s, buf, len, 0, readbytes);
4450 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4452 return ssl3_read_internal(s, buf, len, 1, readbytes);
4455 int ssl3_renegotiate(SSL *s)
4457 if (s->handshake_func == NULL)
4460 s->s3->renegotiate = 1;
4465 * Check if we are waiting to do a renegotiation and if so whether now is a
4466 * good time to do it. If |initok| is true then we are being called from inside
4467 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4468 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4469 * should do a renegotiation now and sets up the state machine for it. Otherwise
4472 int ssl3_renegotiate_check(SSL *s, int initok)
4476 if (s->s3->renegotiate) {
4477 if (!RECORD_LAYER_read_pending(&s->rlayer)
4478 && !RECORD_LAYER_write_pending(&s->rlayer)
4479 && (initok || !SSL_in_init(s))) {
4481 * if we are the server, and we have sent a 'RENEGOTIATE'
4482 * message, we need to set the state machine into the renegotiate
4485 ossl_statem_set_renegotiate(s);
4486 s->s3->renegotiate = 0;
4487 s->s3->num_renegotiations++;
4488 s->s3->total_renegotiations++;
4496 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4497 * handshake macs if required.
4499 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4501 long ssl_get_algorithm2(SSL *s)
4504 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4506 alg2 = s->s3->tmp.new_cipher->algorithm2;
4507 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4508 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4509 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4510 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4511 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4512 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4518 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4519 * failure, 1 on success.
4521 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4524 int send_time = 0, ret;
4529 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4531 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4533 unsigned long Time = (unsigned long)time(NULL);
4534 unsigned char *p = result;
4537 ret = ssl_randbytes(s, p, len - 4);
4539 ret = ssl_randbytes(s, result, len);
4541 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4543 if (!ossl_assert(sizeof(tls11downgrade) < len)
4544 || !ossl_assert(sizeof(tls12downgrade) < len))
4546 if (dgrd == DOWNGRADE_TO_1_2)
4547 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4548 sizeof(tls12downgrade));
4549 else if (dgrd == DOWNGRADE_TO_1_1)
4550 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4551 sizeof(tls11downgrade));
4557 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4560 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4563 if (alg_k & SSL_PSK) {
4564 #ifndef OPENSSL_NO_PSK
4565 unsigned char *pskpms, *t;
4566 size_t psklen = s->s3->tmp.psklen;
4569 /* create PSK premaster_secret */
4571 /* For plain PSK "other_secret" is psklen zeroes */
4572 if (alg_k & SSL_kPSK)
4575 pskpmslen = 4 + pmslen + psklen;
4576 pskpms = OPENSSL_malloc(pskpmslen);
4581 if (alg_k & SSL_kPSK)
4582 memset(t, 0, pmslen);
4584 memcpy(t, pms, pmslen);
4587 memcpy(t, s->s3->tmp.psk, psklen);
4589 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4590 s->s3->tmp.psk = NULL;
4591 if (!s->method->ssl3_enc->generate_master_secret(s,
4592 s->session->master_key,pskpms, pskpmslen,
4593 &s->session->master_key_length)) {
4594 /* SSLfatal() already called */
4597 OPENSSL_clear_free(pskpms, pskpmslen);
4599 /* Should never happen */
4603 if (!s->method->ssl3_enc->generate_master_secret(s,
4604 s->session->master_key, pms, pmslen,
4605 &s->session->master_key_length)) {
4606 /* SSLfatal() already called */
4615 OPENSSL_clear_free(pms, pmslen);
4617 OPENSSL_cleanse(pms, pmslen);
4620 s->s3->tmp.pms = NULL;
4624 /* Generate a private key from parameters */
4625 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4627 EVP_PKEY_CTX *pctx = NULL;
4628 EVP_PKEY *pkey = NULL;
4632 pctx = EVP_PKEY_CTX_new(pm, NULL);
4635 if (EVP_PKEY_keygen_init(pctx) <= 0)
4637 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4638 EVP_PKEY_free(pkey);
4643 EVP_PKEY_CTX_free(pctx);
4646 #ifndef OPENSSL_NO_EC
4647 /* Generate a private key from a group ID */
4648 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4650 EVP_PKEY_CTX *pctx = NULL;
4651 EVP_PKEY *pkey = NULL;
4652 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4656 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4657 ERR_R_INTERNAL_ERROR);
4660 gtype = ginf->flags & TLS_CURVE_TYPE;
4661 if (gtype == TLS_CURVE_CUSTOM)
4662 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4664 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4666 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4667 ERR_R_MALLOC_FAILURE);
4670 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4671 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4675 if (gtype != TLS_CURVE_CUSTOM
4676 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4677 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4681 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4682 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4684 EVP_PKEY_free(pkey);
4689 EVP_PKEY_CTX_free(pctx);
4694 * Generate parameters from a group ID
4696 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4698 EVP_PKEY_CTX *pctx = NULL;
4699 EVP_PKEY *pkey = NULL;
4700 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4705 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4706 pkey = EVP_PKEY_new();
4707 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4709 EVP_PKEY_free(pkey);
4713 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4716 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4718 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4720 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4721 EVP_PKEY_free(pkey);
4726 EVP_PKEY_CTX_free(pctx);
4731 /* Derive secrets for ECDH/DH */
4732 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4735 unsigned char *pms = NULL;
4739 if (privkey == NULL || pubkey == NULL) {
4740 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4741 ERR_R_INTERNAL_ERROR);
4745 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4747 if (EVP_PKEY_derive_init(pctx) <= 0
4748 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4749 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4750 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4751 ERR_R_INTERNAL_ERROR);
4755 pms = OPENSSL_malloc(pmslen);
4757 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4758 ERR_R_MALLOC_FAILURE);
4762 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4763 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4764 ERR_R_INTERNAL_ERROR);
4769 /* SSLfatal() called as appropriate in the below functions */
4770 if (SSL_IS_TLS13(s)) {
4772 * If we are resuming then we already generated the early secret
4773 * when we created the ClientHello, so don't recreate it.
4776 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4778 (unsigned char *)&s->early_secret);
4782 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4784 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4787 /* Save premaster secret */
4788 s->s3->tmp.pms = pms;
4789 s->s3->tmp.pmslen = pmslen;
4795 OPENSSL_clear_free(pms, pmslen);
4796 EVP_PKEY_CTX_free(pctx);
4800 #ifndef OPENSSL_NO_DH
4801 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4806 ret = EVP_PKEY_new();
4807 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {