2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
22 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
23 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
25 /* TLSv1.3 downgrade protection sentinel values */
26 const unsigned char tls11downgrade[] = {
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
29 const unsigned char tls12downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 /* The list of available TLSv1.3 ciphers */
34 static SSL_CIPHER tls13_ciphers[] = {
37 TLS1_3_RFC_AES_128_GCM_SHA256,
38 TLS1_3_RFC_AES_128_GCM_SHA256,
39 TLS1_3_CK_AES_128_GCM_SHA256,
44 TLS1_3_VERSION, TLS1_3_VERSION,
47 SSL_HANDSHAKE_MAC_SHA256,
52 TLS1_3_RFC_AES_256_GCM_SHA384,
53 TLS1_3_RFC_AES_256_GCM_SHA384,
54 TLS1_3_CK_AES_256_GCM_SHA384,
59 TLS1_3_VERSION, TLS1_3_VERSION,
62 SSL_HANDSHAKE_MAC_SHA384,
66 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
69 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
70 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
71 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
76 TLS1_3_VERSION, TLS1_3_VERSION,
79 SSL_HANDSHAKE_MAC_SHA256,
86 TLS1_3_RFC_AES_128_CCM_SHA256,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_CK_AES_128_CCM_SHA256,
93 TLS1_3_VERSION, TLS1_3_VERSION,
95 SSL_NOT_DEFAULT | SSL_HIGH,
96 SSL_HANDSHAKE_MAC_SHA256,
101 TLS1_3_RFC_AES_128_CCM_8_SHA256,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_CK_AES_128_CCM_8_SHA256,
108 TLS1_3_VERSION, TLS1_3_VERSION,
110 SSL_NOT_DEFAULT | SSL_HIGH,
111 SSL_HANDSHAKE_MAC_SHA256,
118 * The list of available ciphers, mostly organized into the following
123 * SRP (within that: RSA EC PSK)
124 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
127 static SSL_CIPHER ssl3_ciphers[] = {
130 SSL3_TXT_RSA_NULL_MD5,
131 SSL3_RFC_RSA_NULL_MD5,
132 SSL3_CK_RSA_NULL_MD5,
137 SSL3_VERSION, TLS1_2_VERSION,
138 DTLS1_BAD_VER, DTLS1_2_VERSION,
140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
146 SSL3_TXT_RSA_NULL_SHA,
147 SSL3_RFC_RSA_NULL_SHA,
148 SSL3_CK_RSA_NULL_SHA,
153 SSL3_VERSION, TLS1_2_VERSION,
154 DTLS1_BAD_VER, DTLS1_2_VERSION,
155 SSL_STRONG_NONE | SSL_FIPS,
156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
160 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
163 SSL3_TXT_RSA_DES_192_CBC3_SHA,
164 SSL3_RFC_RSA_DES_192_CBC3_SHA,
165 SSL3_CK_RSA_DES_192_CBC3_SHA,
170 SSL3_VERSION, TLS1_2_VERSION,
171 DTLS1_BAD_VER, DTLS1_2_VERSION,
172 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
173 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
179 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
180 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
181 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
186 SSL3_VERSION, TLS1_2_VERSION,
187 DTLS1_BAD_VER, DTLS1_2_VERSION,
188 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
189 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
195 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
196 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
197 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
202 SSL3_VERSION, TLS1_2_VERSION,
203 DTLS1_BAD_VER, DTLS1_2_VERSION,
204 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
211 SSL3_TXT_ADH_DES_192_CBC_SHA,
212 SSL3_RFC_ADH_DES_192_CBC_SHA,
213 SSL3_CK_ADH_DES_192_CBC_SHA,
218 SSL3_VERSION, TLS1_2_VERSION,
219 DTLS1_BAD_VER, DTLS1_2_VERSION,
220 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
221 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228 TLS1_TXT_RSA_WITH_AES_128_SHA,
229 TLS1_RFC_RSA_WITH_AES_128_SHA,
230 TLS1_CK_RSA_WITH_AES_128_SHA,
235 SSL3_VERSION, TLS1_2_VERSION,
236 DTLS1_BAD_VER, DTLS1_2_VERSION,
238 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
245 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
246 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
251 SSL3_VERSION, TLS1_2_VERSION,
252 DTLS1_BAD_VER, DTLS1_2_VERSION,
253 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
254 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
261 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
262 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
267 SSL3_VERSION, TLS1_2_VERSION,
268 DTLS1_BAD_VER, DTLS1_2_VERSION,
270 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
276 TLS1_TXT_ADH_WITH_AES_128_SHA,
277 TLS1_RFC_ADH_WITH_AES_128_SHA,
278 TLS1_CK_ADH_WITH_AES_128_SHA,
283 SSL3_VERSION, TLS1_2_VERSION,
284 DTLS1_BAD_VER, DTLS1_2_VERSION,
285 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
292 TLS1_TXT_RSA_WITH_AES_256_SHA,
293 TLS1_RFC_RSA_WITH_AES_256_SHA,
294 TLS1_CK_RSA_WITH_AES_256_SHA,
299 SSL3_VERSION, TLS1_2_VERSION,
300 DTLS1_BAD_VER, DTLS1_2_VERSION,
302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
309 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
310 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
315 SSL3_VERSION, TLS1_2_VERSION,
316 DTLS1_BAD_VER, DTLS1_2_VERSION,
317 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
324 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
325 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
326 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
331 SSL3_VERSION, TLS1_2_VERSION,
332 DTLS1_BAD_VER, DTLS1_2_VERSION,
334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
340 TLS1_TXT_ADH_WITH_AES_256_SHA,
341 TLS1_RFC_ADH_WITH_AES_256_SHA,
342 TLS1_CK_ADH_WITH_AES_256_SHA,
347 SSL3_VERSION, TLS1_2_VERSION,
348 DTLS1_BAD_VER, DTLS1_2_VERSION,
349 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
356 TLS1_TXT_RSA_WITH_NULL_SHA256,
357 TLS1_RFC_RSA_WITH_NULL_SHA256,
358 TLS1_CK_RSA_WITH_NULL_SHA256,
363 TLS1_2_VERSION, TLS1_2_VERSION,
364 DTLS1_2_VERSION, DTLS1_2_VERSION,
365 SSL_STRONG_NONE | SSL_FIPS,
366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
372 TLS1_TXT_RSA_WITH_AES_128_SHA256,
373 TLS1_RFC_RSA_WITH_AES_128_SHA256,
374 TLS1_CK_RSA_WITH_AES_128_SHA256,
379 TLS1_2_VERSION, TLS1_2_VERSION,
380 DTLS1_2_VERSION, DTLS1_2_VERSION,
382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
388 TLS1_TXT_RSA_WITH_AES_256_SHA256,
389 TLS1_RFC_RSA_WITH_AES_256_SHA256,
390 TLS1_CK_RSA_WITH_AES_256_SHA256,
395 TLS1_2_VERSION, TLS1_2_VERSION,
396 DTLS1_2_VERSION, DTLS1_2_VERSION,
398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
404 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
405 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
406 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
411 TLS1_2_VERSION, TLS1_2_VERSION,
412 DTLS1_2_VERSION, DTLS1_2_VERSION,
413 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
414 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
420 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
421 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
422 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
427 TLS1_2_VERSION, TLS1_2_VERSION,
428 DTLS1_2_VERSION, DTLS1_2_VERSION,
430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
436 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
437 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
438 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
443 TLS1_2_VERSION, TLS1_2_VERSION,
444 DTLS1_2_VERSION, DTLS1_2_VERSION,
445 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
452 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
453 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
454 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
459 TLS1_2_VERSION, TLS1_2_VERSION,
460 DTLS1_2_VERSION, DTLS1_2_VERSION,
462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
468 TLS1_TXT_ADH_WITH_AES_128_SHA256,
469 TLS1_RFC_ADH_WITH_AES_128_SHA256,
470 TLS1_CK_ADH_WITH_AES_128_SHA256,
475 TLS1_2_VERSION, TLS1_2_VERSION,
476 DTLS1_2_VERSION, DTLS1_2_VERSION,
477 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
478 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
484 TLS1_TXT_ADH_WITH_AES_256_SHA256,
485 TLS1_RFC_ADH_WITH_AES_256_SHA256,
486 TLS1_CK_ADH_WITH_AES_256_SHA256,
491 TLS1_2_VERSION, TLS1_2_VERSION,
492 DTLS1_2_VERSION, DTLS1_2_VERSION,
493 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
494 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
500 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
501 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
502 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
507 TLS1_2_VERSION, TLS1_2_VERSION,
508 DTLS1_2_VERSION, DTLS1_2_VERSION,
510 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
516 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
517 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
518 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
523 TLS1_2_VERSION, TLS1_2_VERSION,
524 DTLS1_2_VERSION, DTLS1_2_VERSION,
526 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
532 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
533 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
534 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
539 TLS1_2_VERSION, TLS1_2_VERSION,
540 DTLS1_2_VERSION, DTLS1_2_VERSION,
542 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
548 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
549 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
550 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
555 TLS1_2_VERSION, TLS1_2_VERSION,
556 DTLS1_2_VERSION, DTLS1_2_VERSION,
558 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
564 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
565 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
566 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
571 TLS1_2_VERSION, TLS1_2_VERSION,
572 DTLS1_2_VERSION, DTLS1_2_VERSION,
573 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
574 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
580 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
581 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
582 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
587 TLS1_2_VERSION, TLS1_2_VERSION,
588 DTLS1_2_VERSION, DTLS1_2_VERSION,
589 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
590 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
596 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
597 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
598 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
603 TLS1_2_VERSION, TLS1_2_VERSION,
604 DTLS1_2_VERSION, DTLS1_2_VERSION,
605 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
606 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
612 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
613 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
614 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
619 TLS1_2_VERSION, TLS1_2_VERSION,
620 DTLS1_2_VERSION, DTLS1_2_VERSION,
621 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
622 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
628 TLS1_TXT_RSA_WITH_AES_128_CCM,
629 TLS1_RFC_RSA_WITH_AES_128_CCM,
630 TLS1_CK_RSA_WITH_AES_128_CCM,
635 TLS1_2_VERSION, TLS1_2_VERSION,
636 DTLS1_2_VERSION, DTLS1_2_VERSION,
637 SSL_NOT_DEFAULT | SSL_HIGH,
638 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
644 TLS1_TXT_RSA_WITH_AES_256_CCM,
645 TLS1_RFC_RSA_WITH_AES_256_CCM,
646 TLS1_CK_RSA_WITH_AES_256_CCM,
651 TLS1_2_VERSION, TLS1_2_VERSION,
652 DTLS1_2_VERSION, DTLS1_2_VERSION,
653 SSL_NOT_DEFAULT | SSL_HIGH,
654 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
660 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
661 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
662 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
667 TLS1_2_VERSION, TLS1_2_VERSION,
668 DTLS1_2_VERSION, DTLS1_2_VERSION,
669 SSL_NOT_DEFAULT | SSL_HIGH,
670 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
676 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
677 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
678 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
683 TLS1_2_VERSION, TLS1_2_VERSION,
684 DTLS1_2_VERSION, DTLS1_2_VERSION,
685 SSL_NOT_DEFAULT | SSL_HIGH,
686 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
692 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
693 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
694 TLS1_CK_RSA_WITH_AES_128_CCM_8,
699 TLS1_2_VERSION, TLS1_2_VERSION,
700 DTLS1_2_VERSION, DTLS1_2_VERSION,
701 SSL_NOT_DEFAULT | SSL_HIGH,
702 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
708 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
709 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
710 TLS1_CK_RSA_WITH_AES_256_CCM_8,
715 TLS1_2_VERSION, TLS1_2_VERSION,
716 DTLS1_2_VERSION, DTLS1_2_VERSION,
717 SSL_NOT_DEFAULT | SSL_HIGH,
718 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
724 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
725 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
726 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
731 TLS1_2_VERSION, TLS1_2_VERSION,
732 DTLS1_2_VERSION, DTLS1_2_VERSION,
733 SSL_NOT_DEFAULT | SSL_HIGH,
734 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
740 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
741 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
742 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
747 TLS1_2_VERSION, TLS1_2_VERSION,
748 DTLS1_2_VERSION, DTLS1_2_VERSION,
749 SSL_NOT_DEFAULT | SSL_HIGH,
750 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
756 TLS1_TXT_PSK_WITH_AES_128_CCM,
757 TLS1_RFC_PSK_WITH_AES_128_CCM,
758 TLS1_CK_PSK_WITH_AES_128_CCM,
763 TLS1_2_VERSION, TLS1_2_VERSION,
764 DTLS1_2_VERSION, DTLS1_2_VERSION,
765 SSL_NOT_DEFAULT | SSL_HIGH,
766 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
772 TLS1_TXT_PSK_WITH_AES_256_CCM,
773 TLS1_RFC_PSK_WITH_AES_256_CCM,
774 TLS1_CK_PSK_WITH_AES_256_CCM,
779 TLS1_2_VERSION, TLS1_2_VERSION,
780 DTLS1_2_VERSION, DTLS1_2_VERSION,
781 SSL_NOT_DEFAULT | SSL_HIGH,
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
788 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
789 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
790 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
795 TLS1_2_VERSION, TLS1_2_VERSION,
796 DTLS1_2_VERSION, DTLS1_2_VERSION,
797 SSL_NOT_DEFAULT | SSL_HIGH,
798 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
804 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
805 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
811 TLS1_2_VERSION, TLS1_2_VERSION,
812 DTLS1_2_VERSION, DTLS1_2_VERSION,
813 SSL_NOT_DEFAULT | SSL_HIGH,
814 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
820 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
821 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
822 TLS1_CK_PSK_WITH_AES_128_CCM_8,
827 TLS1_2_VERSION, TLS1_2_VERSION,
828 DTLS1_2_VERSION, DTLS1_2_VERSION,
829 SSL_NOT_DEFAULT | SSL_HIGH,
830 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
836 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
837 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
838 TLS1_CK_PSK_WITH_AES_256_CCM_8,
843 TLS1_2_VERSION, TLS1_2_VERSION,
844 DTLS1_2_VERSION, DTLS1_2_VERSION,
845 SSL_NOT_DEFAULT | SSL_HIGH,
846 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
852 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
853 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
859 TLS1_2_VERSION, TLS1_2_VERSION,
860 DTLS1_2_VERSION, DTLS1_2_VERSION,
861 SSL_NOT_DEFAULT | SSL_HIGH,
862 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
868 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
869 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
870 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
875 TLS1_2_VERSION, TLS1_2_VERSION,
876 DTLS1_2_VERSION, DTLS1_2_VERSION,
877 SSL_NOT_DEFAULT | SSL_HIGH,
878 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
884 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
885 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
891 TLS1_2_VERSION, TLS1_2_VERSION,
892 DTLS1_2_VERSION, DTLS1_2_VERSION,
893 SSL_NOT_DEFAULT | SSL_HIGH,
894 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
900 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
901 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
902 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
907 TLS1_2_VERSION, TLS1_2_VERSION,
908 DTLS1_2_VERSION, DTLS1_2_VERSION,
909 SSL_NOT_DEFAULT | SSL_HIGH,
910 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
916 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
917 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
923 TLS1_2_VERSION, TLS1_2_VERSION,
924 DTLS1_2_VERSION, DTLS1_2_VERSION,
925 SSL_NOT_DEFAULT | SSL_HIGH,
926 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
932 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
933 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
939 TLS1_2_VERSION, TLS1_2_VERSION,
940 DTLS1_2_VERSION, DTLS1_2_VERSION,
941 SSL_NOT_DEFAULT | SSL_HIGH,
942 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
948 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
955 TLS1_VERSION, TLS1_2_VERSION,
956 DTLS1_BAD_VER, DTLS1_2_VERSION,
957 SSL_STRONG_NONE | SSL_FIPS,
958 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
962 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
965 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
972 TLS1_VERSION, TLS1_2_VERSION,
973 DTLS1_BAD_VER, DTLS1_2_VERSION,
974 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
975 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
982 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
989 TLS1_VERSION, TLS1_2_VERSION,
990 DTLS1_BAD_VER, DTLS1_2_VERSION,
992 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
998 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1005 TLS1_VERSION, TLS1_2_VERSION,
1006 DTLS1_BAD_VER, DTLS1_2_VERSION,
1007 SSL_HIGH | SSL_FIPS,
1008 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1014 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1021 TLS1_VERSION, TLS1_2_VERSION,
1022 DTLS1_BAD_VER, DTLS1_2_VERSION,
1023 SSL_STRONG_NONE | SSL_FIPS,
1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1028 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1031 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1038 TLS1_VERSION, TLS1_2_VERSION,
1039 DTLS1_BAD_VER, DTLS1_2_VERSION,
1040 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1048 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1055 TLS1_VERSION, TLS1_2_VERSION,
1056 DTLS1_BAD_VER, DTLS1_2_VERSION,
1057 SSL_HIGH | SSL_FIPS,
1058 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1064 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1071 TLS1_VERSION, TLS1_2_VERSION,
1072 DTLS1_BAD_VER, DTLS1_2_VERSION,
1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1080 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1087 TLS1_VERSION, TLS1_2_VERSION,
1088 DTLS1_BAD_VER, DTLS1_2_VERSION,
1089 SSL_STRONG_NONE | SSL_FIPS,
1090 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1094 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1097 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1104 TLS1_VERSION, TLS1_2_VERSION,
1105 DTLS1_BAD_VER, DTLS1_2_VERSION,
1106 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1107 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1121 TLS1_VERSION, TLS1_2_VERSION,
1122 DTLS1_BAD_VER, DTLS1_2_VERSION,
1123 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1130 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1137 TLS1_VERSION, TLS1_2_VERSION,
1138 DTLS1_BAD_VER, DTLS1_2_VERSION,
1139 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1146 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1153 TLS1_2_VERSION, TLS1_2_VERSION,
1154 DTLS1_2_VERSION, DTLS1_2_VERSION,
1155 SSL_HIGH | SSL_FIPS,
1156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1162 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1169 TLS1_2_VERSION, TLS1_2_VERSION,
1170 DTLS1_2_VERSION, DTLS1_2_VERSION,
1171 SSL_HIGH | SSL_FIPS,
1172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1178 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1185 TLS1_2_VERSION, TLS1_2_VERSION,
1186 DTLS1_2_VERSION, DTLS1_2_VERSION,
1187 SSL_HIGH | SSL_FIPS,
1188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1194 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1201 TLS1_2_VERSION, TLS1_2_VERSION,
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,
1203 SSL_HIGH | SSL_FIPS,
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1210 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1217 TLS1_2_VERSION, TLS1_2_VERSION,
1218 DTLS1_2_VERSION, DTLS1_2_VERSION,
1219 SSL_HIGH | SSL_FIPS,
1220 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1226 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1233 TLS1_2_VERSION, TLS1_2_VERSION,
1234 DTLS1_2_VERSION, DTLS1_2_VERSION,
1235 SSL_HIGH | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1242 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1249 TLS1_2_VERSION, TLS1_2_VERSION,
1250 DTLS1_2_VERSION, DTLS1_2_VERSION,
1251 SSL_HIGH | SSL_FIPS,
1252 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1258 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1265 TLS1_2_VERSION, TLS1_2_VERSION,
1266 DTLS1_2_VERSION, DTLS1_2_VERSION,
1267 SSL_HIGH | SSL_FIPS,
1268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1274 TLS1_TXT_PSK_WITH_NULL_SHA,
1275 TLS1_RFC_PSK_WITH_NULL_SHA,
1276 TLS1_CK_PSK_WITH_NULL_SHA,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,
1283 SSL_STRONG_NONE | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1290 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1291 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1297 SSL3_VERSION, TLS1_2_VERSION,
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,
1299 SSL_STRONG_NONE | SSL_FIPS,
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1306 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1307 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1313 SSL3_VERSION, TLS1_2_VERSION,
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,
1315 SSL_STRONG_NONE | SSL_FIPS,
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1320 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1323 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1324 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1330 SSL3_VERSION, TLS1_2_VERSION,
1331 DTLS1_BAD_VER, DTLS1_2_VERSION,
1332 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1333 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1340 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1341 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1347 SSL3_VERSION, TLS1_2_VERSION,
1348 DTLS1_BAD_VER, DTLS1_2_VERSION,
1349 SSL_HIGH | SSL_FIPS,
1350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1356 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1357 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1363 SSL3_VERSION, TLS1_2_VERSION,
1364 DTLS1_BAD_VER, DTLS1_2_VERSION,
1365 SSL_HIGH | SSL_FIPS,
1366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1370 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1374 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1380 SSL3_VERSION, TLS1_2_VERSION,
1381 DTLS1_BAD_VER, DTLS1_2_VERSION,
1382 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1390 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1391 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1397 SSL3_VERSION, TLS1_2_VERSION,
1398 DTLS1_BAD_VER, DTLS1_2_VERSION,
1399 SSL_HIGH | SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1406 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1407 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1413 SSL3_VERSION, TLS1_2_VERSION,
1414 DTLS1_BAD_VER, DTLS1_2_VERSION,
1415 SSL_HIGH | SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1420 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1423 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1424 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1430 SSL3_VERSION, TLS1_2_VERSION,
1431 DTLS1_BAD_VER, DTLS1_2_VERSION,
1432 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1440 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1441 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1447 SSL3_VERSION, TLS1_2_VERSION,
1448 DTLS1_BAD_VER, DTLS1_2_VERSION,
1449 SSL_HIGH | SSL_FIPS,
1450 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1456 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1457 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1463 SSL3_VERSION, TLS1_2_VERSION,
1464 DTLS1_BAD_VER, DTLS1_2_VERSION,
1465 SSL_HIGH | SSL_FIPS,
1466 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1472 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1473 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1479 TLS1_2_VERSION, TLS1_2_VERSION,
1480 DTLS1_2_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1488 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1489 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1495 TLS1_2_VERSION, TLS1_2_VERSION,
1496 DTLS1_2_VERSION, DTLS1_2_VERSION,
1497 SSL_HIGH | SSL_FIPS,
1498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1504 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1505 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1511 TLS1_2_VERSION, TLS1_2_VERSION,
1512 DTLS1_2_VERSION, DTLS1_2_VERSION,
1513 SSL_HIGH | SSL_FIPS,
1514 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1520 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1521 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1527 TLS1_2_VERSION, TLS1_2_VERSION,
1528 DTLS1_2_VERSION, DTLS1_2_VERSION,
1529 SSL_HIGH | SSL_FIPS,
1530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1536 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1537 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1543 TLS1_2_VERSION, TLS1_2_VERSION,
1544 DTLS1_2_VERSION, DTLS1_2_VERSION,
1545 SSL_HIGH | SSL_FIPS,
1546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1552 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1553 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1559 TLS1_2_VERSION, TLS1_2_VERSION,
1560 DTLS1_2_VERSION, DTLS1_2_VERSION,
1561 SSL_HIGH | SSL_FIPS,
1562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1568 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1569 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1575 TLS1_VERSION, TLS1_2_VERSION,
1576 DTLS1_BAD_VER, DTLS1_2_VERSION,
1577 SSL_HIGH | SSL_FIPS,
1578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1584 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1585 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1591 TLS1_VERSION, TLS1_2_VERSION,
1592 DTLS1_BAD_VER, DTLS1_2_VERSION,
1593 SSL_HIGH | SSL_FIPS,
1594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1600 TLS1_TXT_PSK_WITH_NULL_SHA256,
1601 TLS1_RFC_PSK_WITH_NULL_SHA256,
1602 TLS1_CK_PSK_WITH_NULL_SHA256,
1607 TLS1_VERSION, TLS1_2_VERSION,
1608 DTLS1_BAD_VER, DTLS1_2_VERSION,
1609 SSL_STRONG_NONE | SSL_FIPS,
1610 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1616 TLS1_TXT_PSK_WITH_NULL_SHA384,
1617 TLS1_RFC_PSK_WITH_NULL_SHA384,
1618 TLS1_CK_PSK_WITH_NULL_SHA384,
1623 TLS1_VERSION, TLS1_2_VERSION,
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,
1625 SSL_STRONG_NONE | SSL_FIPS,
1626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1632 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1633 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1648 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_VERSION, TLS1_2_VERSION,
1656 DTLS1_BAD_VER, DTLS1_2_VERSION,
1657 SSL_HIGH | SSL_FIPS,
1658 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1664 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1665 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1680 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1681 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1687 TLS1_VERSION, TLS1_2_VERSION,
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,
1689 SSL_STRONG_NONE | SSL_FIPS,
1690 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1696 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1697 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1703 TLS1_VERSION, TLS1_2_VERSION,
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,
1705 SSL_HIGH | SSL_FIPS,
1706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1712 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1713 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1719 TLS1_VERSION, TLS1_2_VERSION,
1720 DTLS1_BAD_VER, DTLS1_2_VERSION,
1721 SSL_HIGH | SSL_FIPS,
1722 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1728 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1729 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1735 TLS1_VERSION, TLS1_2_VERSION,
1736 DTLS1_BAD_VER, DTLS1_2_VERSION,
1737 SSL_STRONG_NONE | SSL_FIPS,
1738 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1744 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1745 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1751 TLS1_VERSION, TLS1_2_VERSION,
1752 DTLS1_BAD_VER, DTLS1_2_VERSION,
1753 SSL_STRONG_NONE | SSL_FIPS,
1754 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1758 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1761 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1762 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1768 TLS1_VERSION, TLS1_2_VERSION,
1769 DTLS1_BAD_VER, DTLS1_2_VERSION,
1770 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1771 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1778 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1779 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1785 TLS1_VERSION, TLS1_2_VERSION,
1786 DTLS1_BAD_VER, DTLS1_2_VERSION,
1787 SSL_HIGH | SSL_FIPS,
1788 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1794 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1795 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1801 TLS1_VERSION, TLS1_2_VERSION,
1802 DTLS1_BAD_VER, DTLS1_2_VERSION,
1803 SSL_HIGH | SSL_FIPS,
1804 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1810 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1811 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1817 TLS1_VERSION, TLS1_2_VERSION,
1818 DTLS1_BAD_VER, DTLS1_2_VERSION,
1819 SSL_HIGH | SSL_FIPS,
1820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1827 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1833 TLS1_VERSION, TLS1_2_VERSION,
1834 DTLS1_BAD_VER, DTLS1_2_VERSION,
1835 SSL_HIGH | SSL_FIPS,
1836 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1842 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1843 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1849 TLS1_VERSION, TLS1_2_VERSION,
1850 DTLS1_BAD_VER, DTLS1_2_VERSION,
1851 SSL_STRONG_NONE | SSL_FIPS,
1852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1858 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1859 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1865 TLS1_VERSION, TLS1_2_VERSION,
1866 DTLS1_BAD_VER, DTLS1_2_VERSION,
1867 SSL_STRONG_NONE | SSL_FIPS,
1868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1874 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1875 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1881 TLS1_VERSION, TLS1_2_VERSION,
1882 DTLS1_BAD_VER, DTLS1_2_VERSION,
1883 SSL_STRONG_NONE | SSL_FIPS,
1884 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1889 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1892 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1893 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 SSL3_VERSION, TLS1_2_VERSION,
1900 DTLS1_BAD_VER, DTLS1_2_VERSION,
1901 SSL_NOT_DEFAULT | SSL_MEDIUM,
1902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1909 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 SSL3_VERSION, TLS1_2_VERSION,
1916 DTLS1_BAD_VER, DTLS1_2_VERSION,
1917 SSL_NOT_DEFAULT | SSL_MEDIUM,
1918 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1925 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 SSL3_VERSION, TLS1_2_VERSION,
1932 DTLS1_BAD_VER, DTLS1_2_VERSION,
1933 SSL_NOT_DEFAULT | SSL_MEDIUM,
1934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1942 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1943 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 SSL3_VERSION, TLS1_2_VERSION,
1949 DTLS1_BAD_VER, DTLS1_2_VERSION,
1951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1957 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1958 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 SSL3_VERSION, TLS1_2_VERSION,
1965 DTLS1_BAD_VER, DTLS1_2_VERSION,
1967 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1973 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1974 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 SSL3_VERSION, TLS1_2_VERSION,
1981 DTLS1_BAD_VER, DTLS1_2_VERSION,
1982 SSL_NOT_DEFAULT | SSL_HIGH,
1983 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1989 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1990 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1991 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 SSL3_VERSION, TLS1_2_VERSION,
1997 DTLS1_BAD_VER, DTLS1_2_VERSION,
1999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2005 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2006 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 SSL3_VERSION, TLS1_2_VERSION,
2013 DTLS1_BAD_VER, DTLS1_2_VERSION,
2015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2021 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2022 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 SSL3_VERSION, TLS1_2_VERSION,
2029 DTLS1_BAD_VER, DTLS1_2_VERSION,
2030 SSL_NOT_DEFAULT | SSL_HIGH,
2031 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2036 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2039 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2040 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2044 SSL_CHACHA20POLY1305,
2046 TLS1_2_VERSION, TLS1_2_VERSION,
2047 DTLS1_2_VERSION, DTLS1_2_VERSION,
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2055 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2056 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2060 SSL_CHACHA20POLY1305,
2062 TLS1_2_VERSION, TLS1_2_VERSION,
2063 DTLS1_2_VERSION, DTLS1_2_VERSION,
2065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2071 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2072 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2076 SSL_CHACHA20POLY1305,
2078 TLS1_2_VERSION, TLS1_2_VERSION,
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2087 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2088 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2089 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2092 SSL_CHACHA20POLY1305,
2094 TLS1_2_VERSION, TLS1_2_VERSION,
2095 DTLS1_2_VERSION, DTLS1_2_VERSION,
2097 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2103 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2104 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2108 SSL_CHACHA20POLY1305,
2110 TLS1_2_VERSION, TLS1_2_VERSION,
2111 DTLS1_2_VERSION, DTLS1_2_VERSION,
2113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2119 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2120 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2124 SSL_CHACHA20POLY1305,
2126 TLS1_2_VERSION, TLS1_2_VERSION,
2127 DTLS1_2_VERSION, DTLS1_2_VERSION,
2129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2135 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2136 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2140 SSL_CHACHA20POLY1305,
2142 TLS1_2_VERSION, TLS1_2_VERSION,
2143 DTLS1_2_VERSION, DTLS1_2_VERSION,
2145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2150 * !defined(OPENSSL_NO_POLY1305) */
2152 #ifndef OPENSSL_NO_CAMELLIA
2155 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2156 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2157 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2162 TLS1_2_VERSION, TLS1_2_VERSION,
2163 DTLS1_2_VERSION, DTLS1_2_VERSION,
2164 SSL_NOT_DEFAULT | SSL_HIGH,
2165 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2171 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2173 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_NOT_DEFAULT | SSL_HIGH,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2187 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2189 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2194 TLS1_2_VERSION, TLS1_2_VERSION,
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,
2196 SSL_NOT_DEFAULT | SSL_HIGH,
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2203 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2210 TLS1_2_VERSION, TLS1_2_VERSION,
2211 DTLS1_2_VERSION, DTLS1_2_VERSION,
2212 SSL_NOT_DEFAULT | SSL_HIGH,
2213 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2219 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2220 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2221 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2226 TLS1_2_VERSION, TLS1_2_VERSION,
2227 DTLS1_2_VERSION, DTLS1_2_VERSION,
2228 SSL_NOT_DEFAULT | SSL_HIGH,
2229 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2235 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2237 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2242 TLS1_2_VERSION, TLS1_2_VERSION,
2243 DTLS1_2_VERSION, DTLS1_2_VERSION,
2244 SSL_NOT_DEFAULT | SSL_HIGH,
2245 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2251 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2253 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2258 TLS1_2_VERSION, TLS1_2_VERSION,
2259 DTLS1_2_VERSION, DTLS1_2_VERSION,
2260 SSL_NOT_DEFAULT | SSL_HIGH,
2261 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2267 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2274 TLS1_2_VERSION, TLS1_2_VERSION,
2275 DTLS1_2_VERSION, DTLS1_2_VERSION,
2276 SSL_NOT_DEFAULT | SSL_HIGH,
2277 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2283 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2284 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2285 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2290 SSL3_VERSION, TLS1_2_VERSION,
2291 DTLS1_BAD_VER, DTLS1_2_VERSION,
2292 SSL_NOT_DEFAULT | SSL_HIGH,
2293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2299 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2301 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2306 SSL3_VERSION, TLS1_2_VERSION,
2307 DTLS1_BAD_VER, DTLS1_2_VERSION,
2308 SSL_NOT_DEFAULT | SSL_HIGH,
2309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2315 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2317 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2322 SSL3_VERSION, TLS1_2_VERSION,
2323 DTLS1_BAD_VER, DTLS1_2_VERSION,
2324 SSL_NOT_DEFAULT | SSL_HIGH,
2325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2331 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2338 SSL3_VERSION, TLS1_2_VERSION,
2339 DTLS1_BAD_VER, DTLS1_2_VERSION,
2340 SSL_NOT_DEFAULT | SSL_HIGH,
2341 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2347 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2348 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2349 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2354 SSL3_VERSION, TLS1_2_VERSION,
2355 DTLS1_BAD_VER, DTLS1_2_VERSION,
2356 SSL_NOT_DEFAULT | SSL_HIGH,
2357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2363 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2365 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2370 SSL3_VERSION, TLS1_2_VERSION,
2371 DTLS1_BAD_VER, DTLS1_2_VERSION,
2372 SSL_NOT_DEFAULT | SSL_HIGH,
2373 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2379 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2381 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2386 SSL3_VERSION, TLS1_2_VERSION,
2387 DTLS1_BAD_VER, DTLS1_2_VERSION,
2388 SSL_NOT_DEFAULT | SSL_HIGH,
2389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2395 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2402 SSL3_VERSION, TLS1_2_VERSION,
2403 DTLS1_BAD_VER, DTLS1_2_VERSION,
2404 SSL_NOT_DEFAULT | SSL_HIGH,
2405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2411 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2412 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2418 TLS1_2_VERSION, TLS1_2_VERSION,
2419 DTLS1_2_VERSION, DTLS1_2_VERSION,
2420 SSL_NOT_DEFAULT | SSL_HIGH,
2421 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2427 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2428 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2429 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2434 TLS1_2_VERSION, TLS1_2_VERSION,
2435 DTLS1_2_VERSION, DTLS1_2_VERSION,
2436 SSL_NOT_DEFAULT | SSL_HIGH,
2437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2443 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2444 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2445 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2450 TLS1_2_VERSION, TLS1_2_VERSION,
2451 DTLS1_2_VERSION, DTLS1_2_VERSION,
2452 SSL_NOT_DEFAULT | SSL_HIGH,
2453 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2459 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2460 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2461 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2466 TLS1_2_VERSION, TLS1_2_VERSION,
2467 DTLS1_2_VERSION, DTLS1_2_VERSION,
2468 SSL_NOT_DEFAULT | SSL_HIGH,
2469 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2475 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2476 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2482 TLS1_VERSION, TLS1_2_VERSION,
2483 DTLS1_BAD_VER, DTLS1_2_VERSION,
2484 SSL_NOT_DEFAULT | SSL_HIGH,
2485 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2491 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2492 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2498 TLS1_VERSION, TLS1_2_VERSION,
2499 DTLS1_BAD_VER, DTLS1_2_VERSION,
2500 SSL_NOT_DEFAULT | SSL_HIGH,
2501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2507 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2508 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2509 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2514 TLS1_VERSION, TLS1_2_VERSION,
2515 DTLS1_BAD_VER, DTLS1_2_VERSION,
2516 SSL_NOT_DEFAULT | SSL_HIGH,
2517 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2523 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2524 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2525 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2530 TLS1_VERSION, TLS1_2_VERSION,
2531 DTLS1_BAD_VER, DTLS1_2_VERSION,
2532 SSL_NOT_DEFAULT | SSL_HIGH,
2533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2539 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2540 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2541 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2546 TLS1_VERSION, TLS1_2_VERSION,
2547 DTLS1_BAD_VER, DTLS1_2_VERSION,
2548 SSL_NOT_DEFAULT | SSL_HIGH,
2549 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2555 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2556 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2557 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2562 TLS1_VERSION, TLS1_2_VERSION,
2563 DTLS1_BAD_VER, DTLS1_2_VERSION,
2564 SSL_NOT_DEFAULT | SSL_HIGH,
2565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2571 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2572 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2573 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2578 TLS1_VERSION, TLS1_2_VERSION,
2579 DTLS1_BAD_VER, DTLS1_2_VERSION,
2580 SSL_NOT_DEFAULT | SSL_HIGH,
2581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2587 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2588 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2589 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2594 TLS1_VERSION, TLS1_2_VERSION,
2595 DTLS1_BAD_VER, DTLS1_2_VERSION,
2596 SSL_NOT_DEFAULT | SSL_HIGH,
2597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2601 #endif /* OPENSSL_NO_CAMELLIA */
2603 #ifndef OPENSSL_NO_GOST
2606 "GOST2001-GOST89-GOST89",
2607 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2611 SSL_eGOST2814789CNT,
2613 TLS1_VERSION, TLS1_2_VERSION,
2616 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2622 "GOST2001-NULL-GOST94",
2623 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2629 TLS1_VERSION, TLS1_2_VERSION,
2632 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2638 "GOST2012-GOST8912-GOST8912",
2642 SSL_aGOST12 | SSL_aGOST01,
2643 SSL_eGOST2814789CNT12,
2645 TLS1_VERSION, TLS1_2_VERSION,
2648 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2654 "GOST2012-NULL-GOST12",
2658 SSL_aGOST12 | SSL_aGOST01,
2661 TLS1_VERSION, TLS1_2_VERSION,
2664 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2668 #endif /* OPENSSL_NO_GOST */
2670 #ifndef OPENSSL_NO_IDEA
2673 SSL3_TXT_RSA_IDEA_128_SHA,
2674 SSL3_RFC_RSA_IDEA_128_SHA,
2675 SSL3_CK_RSA_IDEA_128_SHA,
2680 SSL3_VERSION, TLS1_1_VERSION,
2681 DTLS1_BAD_VER, DTLS1_VERSION,
2682 SSL_NOT_DEFAULT | SSL_MEDIUM,
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2689 #ifndef OPENSSL_NO_SEED
2692 TLS1_TXT_RSA_WITH_SEED_SHA,
2693 TLS1_RFC_RSA_WITH_SEED_SHA,
2694 TLS1_CK_RSA_WITH_SEED_SHA,
2699 SSL3_VERSION, TLS1_2_VERSION,
2700 DTLS1_BAD_VER, DTLS1_2_VERSION,
2701 SSL_NOT_DEFAULT | SSL_MEDIUM,
2702 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2708 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2709 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2710 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2715 SSL3_VERSION, TLS1_2_VERSION,
2716 DTLS1_BAD_VER, DTLS1_2_VERSION,
2717 SSL_NOT_DEFAULT | SSL_MEDIUM,
2718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2724 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2725 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2726 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2731 SSL3_VERSION, TLS1_2_VERSION,
2732 DTLS1_BAD_VER, DTLS1_2_VERSION,
2733 SSL_NOT_DEFAULT | SSL_MEDIUM,
2734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2740 TLS1_TXT_ADH_WITH_SEED_SHA,
2741 TLS1_RFC_ADH_WITH_SEED_SHA,
2742 TLS1_CK_ADH_WITH_SEED_SHA,
2747 SSL3_VERSION, TLS1_2_VERSION,
2748 DTLS1_BAD_VER, DTLS1_2_VERSION,
2749 SSL_NOT_DEFAULT | SSL_MEDIUM,
2750 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2754 #endif /* OPENSSL_NO_SEED */
2756 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2759 SSL3_TXT_RSA_RC4_128_MD5,
2760 SSL3_RFC_RSA_RC4_128_MD5,
2761 SSL3_CK_RSA_RC4_128_MD5,
2766 SSL3_VERSION, TLS1_2_VERSION,
2768 SSL_NOT_DEFAULT | SSL_MEDIUM,
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2775 SSL3_TXT_RSA_RC4_128_SHA,
2776 SSL3_RFC_RSA_RC4_128_SHA,
2777 SSL3_CK_RSA_RC4_128_SHA,
2782 SSL3_VERSION, TLS1_2_VERSION,
2784 SSL_NOT_DEFAULT | SSL_MEDIUM,
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2791 SSL3_TXT_ADH_RC4_128_MD5,
2792 SSL3_RFC_ADH_RC4_128_MD5,
2793 SSL3_CK_ADH_RC4_128_MD5,
2798 SSL3_VERSION, TLS1_2_VERSION,
2800 SSL_NOT_DEFAULT | SSL_MEDIUM,
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2807 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2808 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2809 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2814 TLS1_VERSION, TLS1_2_VERSION,
2816 SSL_NOT_DEFAULT | SSL_MEDIUM,
2817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2823 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2824 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2825 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2830 TLS1_VERSION, TLS1_2_VERSION,
2832 SSL_NOT_DEFAULT | SSL_MEDIUM,
2833 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2839 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2840 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2841 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2846 TLS1_VERSION, TLS1_2_VERSION,
2848 SSL_NOT_DEFAULT | SSL_MEDIUM,
2849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2855 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2856 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2857 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2862 TLS1_VERSION, TLS1_2_VERSION,
2864 SSL_NOT_DEFAULT | SSL_MEDIUM,
2865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2871 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2872 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2873 TLS1_CK_PSK_WITH_RC4_128_SHA,
2878 SSL3_VERSION, TLS1_2_VERSION,
2880 SSL_NOT_DEFAULT | SSL_MEDIUM,
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2887 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2888 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2889 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2894 SSL3_VERSION, TLS1_2_VERSION,
2896 SSL_NOT_DEFAULT | SSL_MEDIUM,
2897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2903 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2904 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2910 SSL3_VERSION, TLS1_2_VERSION,
2912 SSL_NOT_DEFAULT | SSL_MEDIUM,
2913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2917 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2919 #ifndef OPENSSL_NO_ARIA
2922 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2923 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2924 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2929 TLS1_2_VERSION, TLS1_2_VERSION,
2930 DTLS1_2_VERSION, DTLS1_2_VERSION,
2931 SSL_NOT_DEFAULT | SSL_HIGH,
2932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2938 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2939 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2940 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2945 TLS1_2_VERSION, TLS1_2_VERSION,
2946 DTLS1_2_VERSION, DTLS1_2_VERSION,
2947 SSL_NOT_DEFAULT | SSL_HIGH,
2948 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2954 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2955 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2956 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2961 TLS1_2_VERSION, TLS1_2_VERSION,
2962 DTLS1_2_VERSION, DTLS1_2_VERSION,
2963 SSL_NOT_DEFAULT | SSL_HIGH,
2964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2970 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2971 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2972 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2977 TLS1_2_VERSION, TLS1_2_VERSION,
2978 DTLS1_2_VERSION, DTLS1_2_VERSION,
2979 SSL_NOT_DEFAULT | SSL_HIGH,
2980 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2986 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2987 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2988 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2993 TLS1_2_VERSION, TLS1_2_VERSION,
2994 DTLS1_2_VERSION, DTLS1_2_VERSION,
2995 SSL_NOT_DEFAULT | SSL_HIGH,
2996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3002 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3003 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3004 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3009 TLS1_2_VERSION, TLS1_2_VERSION,
3010 DTLS1_2_VERSION, DTLS1_2_VERSION,
3011 SSL_NOT_DEFAULT | SSL_HIGH,
3012 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3018 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3019 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3025 TLS1_2_VERSION, TLS1_2_VERSION,
3026 DTLS1_2_VERSION, DTLS1_2_VERSION,
3027 SSL_NOT_DEFAULT | SSL_HIGH,
3028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3034 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3035 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3041 TLS1_2_VERSION, TLS1_2_VERSION,
3042 DTLS1_2_VERSION, DTLS1_2_VERSION,
3043 SSL_NOT_DEFAULT | SSL_HIGH,
3044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3050 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3057 TLS1_2_VERSION, TLS1_2_VERSION,
3058 DTLS1_2_VERSION, DTLS1_2_VERSION,
3059 SSL_NOT_DEFAULT | SSL_HIGH,
3060 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3066 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3073 TLS1_2_VERSION, TLS1_2_VERSION,
3074 DTLS1_2_VERSION, DTLS1_2_VERSION,
3075 SSL_NOT_DEFAULT | SSL_HIGH,
3076 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3082 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3083 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3089 TLS1_2_VERSION, TLS1_2_VERSION,
3090 DTLS1_2_VERSION, DTLS1_2_VERSION,
3091 SSL_NOT_DEFAULT | SSL_HIGH,
3092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3098 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3099 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3105 TLS1_2_VERSION, TLS1_2_VERSION,
3106 DTLS1_2_VERSION, DTLS1_2_VERSION,
3107 SSL_NOT_DEFAULT | SSL_HIGH,
3108 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3114 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3115 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3121 TLS1_2_VERSION, TLS1_2_VERSION,
3122 DTLS1_2_VERSION, DTLS1_2_VERSION,
3123 SSL_NOT_DEFAULT | SSL_HIGH,
3124 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3130 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3131 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3137 TLS1_2_VERSION, TLS1_2_VERSION,
3138 DTLS1_2_VERSION, DTLS1_2_VERSION,
3139 SSL_NOT_DEFAULT | SSL_HIGH,
3140 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3146 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3147 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3153 TLS1_2_VERSION, TLS1_2_VERSION,
3154 DTLS1_2_VERSION, DTLS1_2_VERSION,
3155 SSL_NOT_DEFAULT | SSL_HIGH,
3156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3162 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3163 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3169 TLS1_2_VERSION, TLS1_2_VERSION,
3170 DTLS1_2_VERSION, DTLS1_2_VERSION,
3171 SSL_NOT_DEFAULT | SSL_HIGH,
3172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3176 #endif /* OPENSSL_NO_ARIA */
3180 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3181 * values stuffed into the ciphers field of the wire protocol for signalling
3184 static SSL_CIPHER ssl3_scsvs[] = {
3187 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3188 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3190 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3194 "TLS_FALLBACK_SCSV",
3195 "TLS_FALLBACK_SCSV",
3196 SSL3_CK_FALLBACK_SCSV,
3197 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3201 static int cipher_compare(const void *a, const void *b)
3203 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3204 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3206 if (ap->id == bp->id)
3208 return ap->id < bp->id ? -1 : 1;
3211 void ssl_sort_cipher_list(void)
3213 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3215 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3217 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3220 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3221 const char * t, size_t u,
3222 const unsigned char * v, size_t w, int x)
3231 return ssl_undefined_function(ssl);
3234 const SSL3_ENC_METHOD SSLv3_enc_data = {
3237 ssl3_setup_key_block,
3238 ssl3_generate_master_secret,
3239 ssl3_change_cipher_state,
3240 ssl3_final_finish_mac,
3241 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3242 SSL3_MD_SERVER_FINISHED_CONST, 4,
3244 ssl_undefined_function_1,
3246 ssl3_set_handshake_header,
3247 tls_close_construct_packet,
3248 ssl3_handshake_write
3251 long ssl3_default_timeout(void)
3254 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3255 * http, the cache would over fill
3257 return (60 * 60 * 2);
3260 int ssl3_num_ciphers(void)
3262 return SSL3_NUM_CIPHERS;
3265 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3267 if (u < SSL3_NUM_CIPHERS)
3268 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3273 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3275 /* No header in the event of a CCS */
3276 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3279 /* Set the content type and 3 bytes for the message len */
3280 if (!WPACKET_put_bytes_u8(pkt, htype)
3281 || !WPACKET_start_sub_packet_u24(pkt))
3287 int ssl3_handshake_write(SSL *s)
3289 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3292 int ssl3_new(SSL *s)
3296 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3300 #ifndef OPENSSL_NO_SRP
3301 if (!SSL_SRP_CTX_init(s))
3305 if (!s->method->ssl_clear(s))
3313 void ssl3_free(SSL *s)
3315 if (s == NULL || s->s3 == NULL)
3318 ssl3_cleanup_key_block(s);
3320 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3321 EVP_PKEY_free(s->s3->peer_tmp);
3322 s->s3->peer_tmp = NULL;
3323 EVP_PKEY_free(s->s3->tmp.pkey);
3324 s->s3->tmp.pkey = NULL;
3327 OPENSSL_free(s->s3->tmp.ctype);
3328 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3329 OPENSSL_free(s->s3->tmp.ciphers_raw);
3330 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3331 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3332 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3333 ssl3_free_digest_list(s);
3334 OPENSSL_free(s->s3->alpn_selected);
3335 OPENSSL_free(s->s3->alpn_proposed);
3337 #ifndef OPENSSL_NO_SRP
3338 SSL_SRP_CTX_free(s);
3340 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3344 int ssl3_clear(SSL *s)
3346 ssl3_cleanup_key_block(s);
3347 OPENSSL_free(s->s3->tmp.ctype);
3348 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3349 OPENSSL_free(s->s3->tmp.ciphers_raw);
3350 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3351 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3352 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3354 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3355 EVP_PKEY_free(s->s3->tmp.pkey);
3356 EVP_PKEY_free(s->s3->peer_tmp);
3357 #endif /* !OPENSSL_NO_EC */
3359 ssl3_free_digest_list(s);
3361 OPENSSL_free(s->s3->alpn_selected);
3362 OPENSSL_free(s->s3->alpn_proposed);
3364 /* NULL/zero-out everything in the s3 struct */
3365 memset(s->s3, 0, sizeof(*s->s3));
3367 if (!ssl_free_wbio_buffer(s))
3370 s->version = SSL3_VERSION;
3372 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3373 OPENSSL_free(s->ext.npn);
3381 #ifndef OPENSSL_NO_SRP
3382 static char *srp_password_from_info_cb(SSL *s, void *arg)
3384 return OPENSSL_strdup(s->srp_ctx.info);
3388 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3390 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3395 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3397 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3398 ret = s->s3->num_renegotiations;
3400 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3401 ret = s->s3->num_renegotiations;
3402 s->s3->num_renegotiations = 0;
3404 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3405 ret = s->s3->total_renegotiations;
3407 case SSL_CTRL_GET_FLAGS:
3408 ret = (int)(s->s3->flags);
3410 #ifndef OPENSSL_NO_DH
3411 case SSL_CTRL_SET_TMP_DH:
3413 DH *dh = (DH *)parg;
3414 EVP_PKEY *pkdh = NULL;
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3419 pkdh = ssl_dh_to_pkey(dh);
3421 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3424 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3425 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3426 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3427 EVP_PKEY_free(pkdh);
3430 EVP_PKEY_free(s->cert->dh_tmp);
3431 s->cert->dh_tmp = pkdh;
3435 case SSL_CTRL_SET_TMP_DH_CB:
3437 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3440 case SSL_CTRL_SET_DH_AUTO:
3441 s->cert->dh_tmp_auto = larg;
3444 #ifndef OPENSSL_NO_EC
3445 case SSL_CTRL_SET_TMP_ECDH:
3447 const EC_GROUP *group = NULL;
3451 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3454 group = EC_KEY_get0_group((const EC_KEY *)parg);
3455 if (group == NULL) {
3456 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3459 nid = EC_GROUP_get_curve_name(group);
3460 if (nid == NID_undef)
3462 return tls1_set_groups(&s->ext.supportedgroups,
3463 &s->ext.supportedgroups_len,
3467 #endif /* !OPENSSL_NO_EC */
3468 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3471 * This API is only used for a client to set what SNI it will request
3472 * from the server, but we currently allow it to be used on servers
3473 * as well, which is a programming error. Currently we just clear
3474 * the field in SSL_do_handshake() for server SSLs, but when we can
3475 * make ABI-breaking changes, we may want to make use of this API
3476 * an error on server SSLs.
3478 if (larg == TLSEXT_NAMETYPE_host_name) {
3481 OPENSSL_free(s->ext.hostname);
3482 s->ext.hostname = NULL;
3487 len = strlen((char *)parg);
3488 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3489 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3492 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3493 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3497 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3501 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3502 s->ext.debug_arg = parg;
3506 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3507 ret = s->ext.status_type;
3510 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3511 s->ext.status_type = larg;
3515 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3516 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3520 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3521 s->ext.ocsp.exts = parg;
3525 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3526 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3530 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3531 s->ext.ocsp.ids = parg;
3535 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3536 *(unsigned char **)parg = s->ext.ocsp.resp;
3537 if (s->ext.ocsp.resp_len == 0
3538 || s->ext.ocsp.resp_len > LONG_MAX)
3540 return (long)s->ext.ocsp.resp_len;
3542 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3543 OPENSSL_free(s->ext.ocsp.resp);
3544 s->ext.ocsp.resp = parg;
3545 s->ext.ocsp.resp_len = larg;
3549 #ifndef OPENSSL_NO_HEARTBEATS
3550 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3551 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3552 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3556 case SSL_CTRL_CHAIN:
3558 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3560 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3562 case SSL_CTRL_CHAIN_CERT:
3564 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3566 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3568 case SSL_CTRL_GET_CHAIN_CERTS:
3569 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3572 case SSL_CTRL_SELECT_CURRENT_CERT:
3573 return ssl_cert_select_current(s->cert, (X509 *)parg);
3575 case SSL_CTRL_SET_CURRENT_CERT:
3576 if (larg == SSL_CERT_SET_SERVER) {
3577 const SSL_CIPHER *cipher;
3580 cipher = s->s3->tmp.new_cipher;
3584 * No certificate for unauthenticated ciphersuites or using SRP
3587 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3589 if (s->s3->tmp.cert == NULL)
3591 s->cert->key = s->s3->tmp.cert;
3594 return ssl_cert_set_current(s->cert, larg);
3596 #ifndef OPENSSL_NO_EC
3597 case SSL_CTRL_GET_GROUPS:
3604 clist = s->session->ext.supportedgroups;
3605 clistlen = s->session->ext.supportedgroups_len;
3610 for (i = 0; i < clistlen; i++) {
3611 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3614 cptr[i] = cinf->nid;
3616 cptr[i] = TLSEXT_nid_unknown | clist[i];
3619 return (int)clistlen;
3622 case SSL_CTRL_SET_GROUPS:
3623 return tls1_set_groups(&s->ext.supportedgroups,
3624 &s->ext.supportedgroups_len, parg, larg);
3626 case SSL_CTRL_SET_GROUPS_LIST:
3627 return tls1_set_groups_list(&s->ext.supportedgroups,
3628 &s->ext.supportedgroups_len, parg);
3630 case SSL_CTRL_GET_SHARED_GROUP:
3632 uint16_t id = tls1_shared_group(s, larg);
3635 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3637 return ginf == NULL ? 0 : ginf->nid;
3642 case SSL_CTRL_SET_SIGALGS:
3643 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3645 case SSL_CTRL_SET_SIGALGS_LIST:
3646 return tls1_set_sigalgs_list(s->cert, parg, 0);
3648 case SSL_CTRL_SET_CLIENT_SIGALGS:
3649 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3651 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3652 return tls1_set_sigalgs_list(s->cert, parg, 1);
3654 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3656 const unsigned char **pctype = parg;
3657 if (s->server || !s->s3->tmp.cert_req)
3660 *pctype = s->s3->tmp.ctype;
3661 return s->s3->tmp.ctype_len;
3664 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3667 return ssl3_set_req_cert_type(s->cert, parg, larg);
3669 case SSL_CTRL_BUILD_CERT_CHAIN:
3670 return ssl_build_cert_chain(s, NULL, larg);
3672 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3673 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3675 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3676 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3678 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3679 if (s->s3->tmp.peer_sigalg == NULL)
3681 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3684 case SSL_CTRL_GET_SIGNATURE_NID:
3685 if (s->s3->tmp.sigalg == NULL)
3687 *(int *)parg = s->s3->tmp.sigalg->hash;
3690 case SSL_CTRL_GET_PEER_TMP_KEY:
3691 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3692 if (s->session == NULL || s->s3->peer_tmp == NULL) {
3695 EVP_PKEY_up_ref(s->s3->peer_tmp);
3696 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3703 case SSL_CTRL_GET_TMP_KEY:
3704 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3705 if (s->session == NULL || s->s3->tmp.pkey == NULL) {
3708 EVP_PKEY_up_ref(s->s3->tmp.pkey);
3709 *(EVP_PKEY **)parg = s->s3->tmp.pkey;
3716 #ifndef OPENSSL_NO_EC
3717 case SSL_CTRL_GET_EC_POINT_FORMATS:
3719 SSL_SESSION *sess = s->session;
3720 const unsigned char **pformat = parg;
3722 if (sess == NULL || sess->ext.ecpointformats == NULL)
3724 *pformat = sess->ext.ecpointformats;
3725 return (int)sess->ext.ecpointformats_len;
3735 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3740 #ifndef OPENSSL_NO_DH
3741 case SSL_CTRL_SET_TMP_DH_CB:
3743 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3747 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3748 s->ext.debug_cb = (void (*)(SSL *, int, int,
3749 const unsigned char *, int, void *))fp;
3752 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3754 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3763 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3766 #ifndef OPENSSL_NO_DH
3767 case SSL_CTRL_SET_TMP_DH:
3769 DH *dh = (DH *)parg;
3770 EVP_PKEY *pkdh = NULL;
3772 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3775 pkdh = ssl_dh_to_pkey(dh);
3777 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3780 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3781 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3782 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3783 EVP_PKEY_free(pkdh);
3786 EVP_PKEY_free(ctx->cert->dh_tmp);
3787 ctx->cert->dh_tmp = pkdh;
3790 case SSL_CTRL_SET_TMP_DH_CB:
3792 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3795 case SSL_CTRL_SET_DH_AUTO:
3796 ctx->cert->dh_tmp_auto = larg;
3799 #ifndef OPENSSL_NO_EC
3800 case SSL_CTRL_SET_TMP_ECDH:
3802 const EC_GROUP *group = NULL;
3806 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3809 group = EC_KEY_get0_group((const EC_KEY *)parg);
3810 if (group == NULL) {
3811 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3814 nid = EC_GROUP_get_curve_name(group);
3815 if (nid == NID_undef)
3817 return tls1_set_groups(&ctx->ext.supportedgroups,
3818 &ctx->ext.supportedgroups_len,
3821 #endif /* !OPENSSL_NO_EC */
3822 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3823 ctx->ext.servername_arg = parg;
3825 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3826 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3828 unsigned char *keys = parg;
3829 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3830 sizeof(ctx->ext.secure->tick_hmac_key) +
3831 sizeof(ctx->ext.secure->tick_aes_key));
3834 if (larg != tick_keylen) {
3835 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3838 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3839 memcpy(ctx->ext.tick_key_name, keys,
3840 sizeof(ctx->ext.tick_key_name));
3841 memcpy(ctx->ext.secure->tick_hmac_key,
3842 keys + sizeof(ctx->ext.tick_key_name),
3843 sizeof(ctx->ext.secure->tick_hmac_key));
3844 memcpy(ctx->ext.secure->tick_aes_key,
3845 keys + sizeof(ctx->ext.tick_key_name) +
3846 sizeof(ctx->ext.secure->tick_hmac_key),
3847 sizeof(ctx->ext.secure->tick_aes_key));
3849 memcpy(keys, ctx->ext.tick_key_name,
3850 sizeof(ctx->ext.tick_key_name));
3851 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3852 ctx->ext.secure->tick_hmac_key,
3853 sizeof(ctx->ext.secure->tick_hmac_key));
3854 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3855 sizeof(ctx->ext.secure->tick_hmac_key),
3856 ctx->ext.secure->tick_aes_key,
3857 sizeof(ctx->ext.secure->tick_aes_key));
3862 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3863 return ctx->ext.status_type;
3865 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3866 ctx->ext.status_type = larg;
3869 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3870 ctx->ext.status_arg = parg;
3873 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3874 *(void**)parg = ctx->ext.status_arg;
3877 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3878 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3881 #ifndef OPENSSL_NO_SRP
3882 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3883 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3884 OPENSSL_free(ctx->srp_ctx.login);
3885 ctx->srp_ctx.login = NULL;
3888 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3889 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3892 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3893 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3897 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3898 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3899 srp_password_from_info_cb;
3900 if (ctx->srp_ctx.info != NULL)
3901 OPENSSL_free(ctx->srp_ctx.info);
3902 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3903 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3907 case SSL_CTRL_SET_SRP_ARG:
3908 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3909 ctx->srp_ctx.SRP_cb_arg = parg;
3912 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3913 ctx->srp_ctx.strength = larg;
3917 #ifndef OPENSSL_NO_EC
3918 case SSL_CTRL_SET_GROUPS:
3919 return tls1_set_groups(&ctx->ext.supportedgroups,
3920 &ctx->ext.supportedgroups_len,
3923 case SSL_CTRL_SET_GROUPS_LIST:
3924 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3925 &ctx->ext.supportedgroups_len,
3928 case SSL_CTRL_SET_SIGALGS:
3929 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3931 case SSL_CTRL_SET_SIGALGS_LIST:
3932 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3934 case SSL_CTRL_SET_CLIENT_SIGALGS:
3935 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3937 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3938 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3940 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3941 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3943 case SSL_CTRL_BUILD_CERT_CHAIN:
3944 return ssl_build_cert_chain(NULL, ctx, larg);
3946 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3947 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3949 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3950 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3952 /* A Thawte special :-) */
3953 case SSL_CTRL_EXTRA_CHAIN_CERT:
3954 if (ctx->extra_certs == NULL) {
3955 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3956 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3960 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3961 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3966 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3967 if (ctx->extra_certs == NULL && larg == 0)
3968 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3970 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3973 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3974 sk_X509_pop_free(ctx->extra_certs, X509_free);
3975 ctx->extra_certs = NULL;
3978 case SSL_CTRL_CHAIN:
3980 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3982 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3984 case SSL_CTRL_CHAIN_CERT:
3986 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3988 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3990 case SSL_CTRL_GET_CHAIN_CERTS:
3991 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3994 case SSL_CTRL_SELECT_CURRENT_CERT:
3995 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3997 case SSL_CTRL_SET_CURRENT_CERT:
3998 return ssl_cert_set_current(ctx->cert, larg);
4006 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4009 #ifndef OPENSSL_NO_DH
4010 case SSL_CTRL_SET_TMP_DH_CB:
4012 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4016 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4017 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4020 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4021 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4024 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4025 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4028 HMAC_CTX *, int))fp;
4031 #ifndef OPENSSL_NO_SRP
4032 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4033 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4034 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4036 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4037 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4038 ctx->srp_ctx.TLS_ext_srp_username_callback =
4039 (int (*)(SSL *, int *, void *))fp;
4041 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4042 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4043 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4044 (char *(*)(SSL *, void *))fp;
4047 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4049 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4058 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4061 const SSL_CIPHER *cp;
4064 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4067 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4070 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4073 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4075 SSL_CIPHER *c = NULL, *tbl;
4076 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
4077 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
4079 /* this is not efficient, necessary to optimize this? */
4080 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4081 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4082 if (tbl->stdname == NULL)
4084 if (strcmp(stdname, tbl->stdname) == 0) {
4092 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4093 if (strcmp(stdname, tbl->stdname) == 0) {
4103 * This function needs to check if the ciphers required are actually
4106 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4108 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4109 | ((uint32_t)p[0] << 8L)
4113 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4115 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4120 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4128 * ssl3_choose_cipher - choose a cipher from those offered by the client
4129 * @s: SSL connection
4130 * @clnt: ciphers offered by the client
4131 * @srvr: ciphers enabled on the server?
4133 * Returns the selected cipher or NULL when no common ciphers.
4135 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4136 STACK_OF(SSL_CIPHER) *srvr)
4138 const SSL_CIPHER *c, *ret = NULL;
4139 STACK_OF(SSL_CIPHER) *prio, *allow;
4140 int i, ii, ok, prefer_sha256 = 0;
4141 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4142 const EVP_MD *mdsha256 = EVP_sha256();
4143 #ifndef OPENSSL_NO_CHACHA
4144 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4147 /* Let's see which ciphers we can support */
4150 * Do not set the compare functions, because this may lead to a
4151 * reordering by "id". We want to keep the original ordering. We may pay
4152 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4153 * pay with the price of sk_SSL_CIPHER_dup().
4157 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4159 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4160 c = sk_SSL_CIPHER_value(srvr, i);
4161 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4163 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4165 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4166 c = sk_SSL_CIPHER_value(clnt, i);
4167 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4171 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4172 if (tls1_suiteb(s)) {
4175 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4178 #ifndef OPENSSL_NO_CHACHA
4179 /* If ChaCha20 is at the top of the client preference list,
4180 and there are ChaCha20 ciphers in the server list, then
4181 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4182 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4183 c = sk_SSL_CIPHER_value(clnt, 0);
4184 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4185 /* ChaCha20 is client preferred, check server... */
4186 int num = sk_SSL_CIPHER_num(srvr);
4188 for (i = 0; i < num; i++) {
4189 c = sk_SSL_CIPHER_value(srvr, i);
4190 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4196 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4197 /* if reserve fails, then there's likely a memory issue */
4198 if (prio_chacha != NULL) {
4199 /* Put all ChaCha20 at the top, starting with the one we just found */
4200 sk_SSL_CIPHER_push(prio_chacha, c);
4201 for (i++; i < num; i++) {
4202 c = sk_SSL_CIPHER_value(srvr, i);
4203 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4204 sk_SSL_CIPHER_push(prio_chacha, c);
4206 /* Pull in the rest */
4207 for (i = 0; i < num; i++) {
4208 c = sk_SSL_CIPHER_value(srvr, i);
4209 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4210 sk_SSL_CIPHER_push(prio_chacha, c);
4223 if (SSL_IS_TLS13(s)) {
4224 #ifndef OPENSSL_NO_PSK
4228 * If we allow "old" style PSK callbacks, and we have no certificate (so
4229 * we're not going to succeed without a PSK anyway), and we're in
4230 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4231 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4234 if (s->psk_server_callback != NULL) {
4235 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4236 if (j == SSL_PKEY_NUM) {
4237 /* There are no certificates */
4243 tls1_set_cert_validity(s);
4247 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4248 c = sk_SSL_CIPHER_value(prio, i);
4250 /* Skip ciphers not supported by the protocol version */
4251 if (!SSL_IS_DTLS(s) &&
4252 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4254 if (SSL_IS_DTLS(s) &&
4255 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4256 DTLS_VERSION_GT(s->version, c->max_dtls)))
4260 * Since TLS 1.3 ciphersuites can be used with any auth or
4261 * key exchange scheme skip tests.
4263 if (!SSL_IS_TLS13(s)) {
4264 mask_k = s->s3->tmp.mask_k;
4265 mask_a = s->s3->tmp.mask_a;
4266 #ifndef OPENSSL_NO_SRP
4267 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4273 alg_k = c->algorithm_mkey;
4274 alg_a = c->algorithm_auth;
4276 #ifndef OPENSSL_NO_PSK
4277 /* with PSK there must be server callback set */
4278 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4280 #endif /* OPENSSL_NO_PSK */
4282 ok = (alg_k & mask_k) && (alg_a & mask_a);
4284 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4285 alg_a, mask_k, mask_a, (void *)c, c->name);
4288 #ifndef OPENSSL_NO_EC
4290 * if we are considering an ECC cipher suite that uses an ephemeral
4293 if (alg_k & SSL_kECDHE)
4294 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4295 #endif /* OPENSSL_NO_EC */
4300 ii = sk_SSL_CIPHER_find(allow, c);
4302 /* Check security callback permits this cipher */
4303 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4304 c->strength_bits, 0, (void *)c))
4306 #if !defined(OPENSSL_NO_EC)
4307 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4308 && s->s3->is_probably_safari) {
4310 ret = sk_SSL_CIPHER_value(allow, ii);
4314 if (prefer_sha256) {
4315 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4317 if (ssl_md(tmp->algorithm2) == mdsha256) {
4325 ret = sk_SSL_CIPHER_value(allow, ii);
4329 #ifndef OPENSSL_NO_CHACHA
4330 sk_SSL_CIPHER_free(prio_chacha);
4335 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4337 uint32_t alg_k, alg_a = 0;
4339 /* If we have custom certificate types set, use them */
4341 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4342 /* Get mask of algorithms disabled by signature list */
4343 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4345 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4347 #ifndef OPENSSL_NO_GOST
4348 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4349 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4350 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4351 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4354 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4355 #ifndef OPENSSL_NO_DH
4356 # ifndef OPENSSL_NO_RSA
4357 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4360 # ifndef OPENSSL_NO_DSA
4361 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4364 #endif /* !OPENSSL_NO_DH */
4366 #ifndef OPENSSL_NO_RSA
4367 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4370 #ifndef OPENSSL_NO_DSA
4371 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4374 #ifndef OPENSSL_NO_EC
4376 * ECDSA certs can be used with RSA cipher suites too so we don't
4377 * need to check for SSL_kECDH or SSL_kECDHE
4379 if (s->version >= TLS1_VERSION
4380 && !(alg_a & SSL_aECDSA)
4381 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4387 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4389 OPENSSL_free(c->ctype);
4392 if (p == NULL || len == 0)
4396 c->ctype = OPENSSL_memdup(p, len);
4397 if (c->ctype == NULL)
4403 int ssl3_shutdown(SSL *s)
4408 * Don't do anything much if we have not done the handshake or we don't
4409 * want to send messages :-)
4411 if (s->quiet_shutdown || SSL_in_before(s)) {
4412 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4416 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4417 s->shutdown |= SSL_SENT_SHUTDOWN;
4418 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4420 * our shutdown alert has been sent now, and if it still needs to be
4421 * written, s->s3->alert_dispatch will be true
4423 if (s->s3->alert_dispatch)
4424 return -1; /* return WANT_WRITE */
4425 } else if (s->s3->alert_dispatch) {
4426 /* resend it if not sent */
4427 ret = s->method->ssl_dispatch_alert(s);
4430 * we only get to return -1 here the 2nd/Nth invocation, we must
4431 * have already signalled return 0 upon a previous invocation,
4436 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4439 * If we are waiting for a close from our peer, we are closed
4441 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4442 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4443 return -1; /* return WANT_READ */
4447 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4448 !s->s3->alert_dispatch)
4454 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4457 if (s->s3->renegotiate)
4458 ssl3_renegotiate_check(s, 0);
4460 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4464 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4470 if (s->s3->renegotiate)
4471 ssl3_renegotiate_check(s, 0);
4472 s->s3->in_read_app_data = 1;
4474 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4476 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4478 * ssl3_read_bytes decided to call s->handshake_func, which called
4479 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4480 * actually found application data and thinks that application data
4481 * makes sense here; so disable handshake processing and try to read
4482 * application data again.
4484 ossl_statem_set_in_handshake(s, 1);
4486 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4487 len, peek, readbytes);
4488 ossl_statem_set_in_handshake(s, 0);
4490 s->s3->in_read_app_data = 0;
4495 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4497 return ssl3_read_internal(s, buf, len, 0, readbytes);
4500 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4502 return ssl3_read_internal(s, buf, len, 1, readbytes);
4505 int ssl3_renegotiate(SSL *s)
4507 if (s->handshake_func == NULL)
4510 s->s3->renegotiate = 1;
4515 * Check if we are waiting to do a renegotiation and if so whether now is a
4516 * good time to do it. If |initok| is true then we are being called from inside
4517 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4518 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4519 * should do a renegotiation now and sets up the state machine for it. Otherwise
4522 int ssl3_renegotiate_check(SSL *s, int initok)
4526 if (s->s3->renegotiate) {
4527 if (!RECORD_LAYER_read_pending(&s->rlayer)
4528 && !RECORD_LAYER_write_pending(&s->rlayer)
4529 && (initok || !SSL_in_init(s))) {
4531 * if we are the server, and we have sent a 'RENEGOTIATE'
4532 * message, we need to set the state machine into the renegotiate
4535 ossl_statem_set_renegotiate(s);
4536 s->s3->renegotiate = 0;
4537 s->s3->num_renegotiations++;
4538 s->s3->total_renegotiations++;
4546 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4547 * handshake macs if required.
4549 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4551 long ssl_get_algorithm2(SSL *s)
4554 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4556 alg2 = s->s3->tmp.new_cipher->algorithm2;
4557 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4558 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4559 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4560 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4561 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4562 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4568 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4569 * failure, 1 on success.
4571 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4574 int send_time = 0, ret;
4579 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4581 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4583 unsigned long Time = (unsigned long)time(NULL);
4584 unsigned char *p = result;
4587 ret = RAND_bytes(p, len - 4);
4589 ret = RAND_bytes(result, len);
4593 if (!ossl_assert(sizeof(tls11downgrade) < len)
4594 || !ossl_assert(sizeof(tls12downgrade) < len))
4596 if (dgrd == DOWNGRADE_TO_1_2)
4597 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4598 sizeof(tls12downgrade));
4599 else if (dgrd == DOWNGRADE_TO_1_1)
4600 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4601 sizeof(tls11downgrade));
4607 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4610 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4613 if (alg_k & SSL_PSK) {
4614 #ifndef OPENSSL_NO_PSK
4615 unsigned char *pskpms, *t;
4616 size_t psklen = s->s3->tmp.psklen;
4619 /* create PSK premaster_secret */
4621 /* For plain PSK "other_secret" is psklen zeroes */
4622 if (alg_k & SSL_kPSK)
4625 pskpmslen = 4 + pmslen + psklen;
4626 pskpms = OPENSSL_malloc(pskpmslen);
4631 if (alg_k & SSL_kPSK)
4632 memset(t, 0, pmslen);
4634 memcpy(t, pms, pmslen);
4637 memcpy(t, s->s3->tmp.psk, psklen);
4639 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4640 s->s3->tmp.psk = NULL;
4641 if (!s->method->ssl3_enc->generate_master_secret(s,
4642 s->session->master_key,pskpms, pskpmslen,
4643 &s->session->master_key_length)) {
4644 OPENSSL_clear_free(pskpms, pskpmslen);
4645 /* SSLfatal() already called */
4648 OPENSSL_clear_free(pskpms, pskpmslen);
4650 /* Should never happen */
4654 if (!s->method->ssl3_enc->generate_master_secret(s,
4655 s->session->master_key, pms, pmslen,
4656 &s->session->master_key_length)) {
4657 /* SSLfatal() already called */
4666 OPENSSL_clear_free(pms, pmslen);
4668 OPENSSL_cleanse(pms, pmslen);
4671 s->s3->tmp.pms = NULL;
4675 /* Generate a private key from parameters */
4676 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4678 EVP_PKEY_CTX *pctx = NULL;
4679 EVP_PKEY *pkey = NULL;
4683 pctx = EVP_PKEY_CTX_new(pm, NULL);
4686 if (EVP_PKEY_keygen_init(pctx) <= 0)
4688 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4689 EVP_PKEY_free(pkey);
4694 EVP_PKEY_CTX_free(pctx);
4697 #ifndef OPENSSL_NO_EC
4698 /* Generate a private key from a group ID */
4699 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4701 EVP_PKEY_CTX *pctx = NULL;
4702 EVP_PKEY *pkey = NULL;
4703 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4707 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4708 ERR_R_INTERNAL_ERROR);
4711 gtype = ginf->flags & TLS_CURVE_TYPE;
4712 if (gtype == TLS_CURVE_CUSTOM)
4713 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4715 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4717 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4718 ERR_R_MALLOC_FAILURE);
4721 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4722 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4726 if (gtype != TLS_CURVE_CUSTOM
4727 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4728 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4732 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4733 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4735 EVP_PKEY_free(pkey);
4740 EVP_PKEY_CTX_free(pctx);
4745 * Generate parameters from a group ID
4747 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4749 EVP_PKEY_CTX *pctx = NULL;
4750 EVP_PKEY *pkey = NULL;
4751 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4756 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4757 pkey = EVP_PKEY_new();
4758 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4760 EVP_PKEY_free(pkey);
4764 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4767 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4769 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4771 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4772 EVP_PKEY_free(pkey);
4777 EVP_PKEY_CTX_free(pctx);
4782 /* Derive secrets for ECDH/DH */
4783 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4786 unsigned char *pms = NULL;
4790 if (privkey == NULL || pubkey == NULL) {
4791 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4792 ERR_R_INTERNAL_ERROR);
4796 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4798 if (EVP_PKEY_derive_init(pctx) <= 0
4799 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4800 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4801 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4802 ERR_R_INTERNAL_ERROR);
4806 pms = OPENSSL_malloc(pmslen);
4808 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4809 ERR_R_MALLOC_FAILURE);
4813 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4814 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4815 ERR_R_INTERNAL_ERROR);
4820 /* SSLfatal() called as appropriate in the below functions */
4821 if (SSL_IS_TLS13(s)) {
4823 * If we are resuming then we already generated the early secret
4824 * when we created the ClientHello, so don't recreate it.
4827 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4829 (unsigned char *)&s->early_secret);
4833 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4835 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4838 /* Save premaster secret */
4839 s->s3->tmp.pms = pms;
4840 s->s3->tmp.pmslen = pmslen;
4846 OPENSSL_clear_free(pms, pmslen);
4847 EVP_PKEY_CTX_free(pctx);
4851 #ifndef OPENSSL_NO_DH
4852 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4857 ret = EVP_PKEY_new();
4858 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {