2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
21 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
22 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
24 /* TLSv1.3 downgrade protection sentinel values */
25 const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28 const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 * The list of available ciphers, mostly organized into the following
38 * SRP (within that: RSA EC PSK)
39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
42 static SSL_CIPHER ssl3_ciphers[] = {
45 SSL3_TXT_RSA_NULL_MD5,
46 SSL3_RFC_RSA_NULL_MD5,
52 SSL3_VERSION, TLS1_2_VERSION,
53 DTLS1_BAD_VER, DTLS1_2_VERSION,
55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
61 SSL3_TXT_RSA_NULL_SHA,
62 SSL3_RFC_RSA_NULL_SHA,
68 SSL3_VERSION, TLS1_2_VERSION,
69 DTLS1_BAD_VER, DTLS1_2_VERSION,
70 SSL_STRONG_NONE | SSL_FIPS,
71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
75 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 SSL3_CK_RSA_DES_192_CBC3_SHA,
85 SSL3_VERSION, TLS1_2_VERSION,
86 DTLS1_BAD_VER, DTLS1_2_VERSION,
87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
101 SSL3_VERSION, TLS1_2_VERSION,
102 DTLS1_BAD_VER, DTLS1_2_VERSION,
103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
117 SSL3_VERSION, TLS1_2_VERSION,
118 DTLS1_BAD_VER, DTLS1_2_VERSION,
119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
127 SSL3_RFC_ADH_DES_192_CBC_SHA,
128 SSL3_CK_ADH_DES_192_CBC_SHA,
133 SSL3_VERSION, TLS1_2_VERSION,
134 DTLS1_BAD_VER, DTLS1_2_VERSION,
135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
144 TLS1_RFC_RSA_WITH_AES_128_SHA,
145 TLS1_CK_RSA_WITH_AES_128_SHA,
150 SSL3_VERSION, TLS1_2_VERSION,
151 DTLS1_BAD_VER, DTLS1_2_VERSION,
153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
166 SSL3_VERSION, TLS1_2_VERSION,
167 DTLS1_BAD_VER, DTLS1_2_VERSION,
168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
192 TLS1_RFC_ADH_WITH_AES_128_SHA,
193 TLS1_CK_ADH_WITH_AES_128_SHA,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
208 TLS1_RFC_RSA_WITH_AES_256_SHA,
209 TLS1_CK_RSA_WITH_AES_256_SHA,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
246 SSL3_VERSION, TLS1_2_VERSION,
247 DTLS1_BAD_VER, DTLS1_2_VERSION,
249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
256 TLS1_RFC_ADH_WITH_AES_256_SHA,
257 TLS1_CK_ADH_WITH_AES_256_SHA,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
272 TLS1_RFC_RSA_WITH_NULL_SHA256,
273 TLS1_CK_RSA_WITH_NULL_SHA256,
278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
280 SSL_STRONG_NONE | SSL_FIPS,
281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 TLS1_CK_RSA_WITH_AES_128_SHA256,
294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 TLS1_CK_RSA_WITH_AES_256_SHA256,
310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 TLS1_CK_ADH_WITH_AES_256_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
543 TLS1_TXT_RSA_WITH_AES_128_CCM,
544 TLS1_RFC_RSA_WITH_AES_128_CCM,
545 TLS1_CK_RSA_WITH_AES_128_CCM,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
559 TLS1_TXT_RSA_WITH_AES_256_CCM,
560 TLS1_RFC_RSA_WITH_AES_256_CCM,
561 TLS1_CK_RSA_WITH_AES_256_CCM,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 TLS1_TXT_PSK_WITH_AES_128_CCM,
672 TLS1_RFC_PSK_WITH_AES_128_CCM,
673 TLS1_CK_PSK_WITH_AES_128_CCM,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 TLS1_TXT_PSK_WITH_AES_256_CCM,
688 TLS1_RFC_PSK_WITH_AES_256_CCM,
689 TLS1_CK_PSK_WITH_AES_256_CCM,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
808 SSL_NOT_DEFAULT | SSL_HIGH,
809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
864 TLS1_3_RFC_AES_128_GCM_SHA256,
865 TLS1_3_CK_AES_128_GCM_SHA256,
869 TLS1_3_VERSION, TLS1_3_VERSION,
873 SSL_HANDSHAKE_MAC_SHA256,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
880 TLS1_3_RFC_AES_256_GCM_SHA384,
881 TLS1_3_CK_AES_256_GCM_SHA384,
886 TLS1_3_VERSION, TLS1_3_VERSION,
889 SSL_HANDSHAKE_MAC_SHA384,
893 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 SSL_CHACHA20POLY1305,
903 TLS1_3_VERSION, TLS1_3_VERSION,
906 SSL_HANDSHAKE_MAC_SHA256,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
914 TLS1_3_RFC_AES_128_CCM_SHA256,
915 TLS1_3_CK_AES_128_CCM_SHA256,
920 TLS1_3_VERSION, TLS1_3_VERSION,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 TLS1_3_CK_AES_128_CCM_8_SHA256,
936 TLS1_3_VERSION, TLS1_3_VERSION,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
945 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
946 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
947 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
952 TLS1_VERSION, TLS1_2_VERSION,
953 DTLS1_BAD_VER, DTLS1_2_VERSION,
954 SSL_STRONG_NONE | SSL_FIPS,
955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
962 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
963 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
964 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 TLS1_VERSION, TLS1_2_VERSION,
970 DTLS1_BAD_VER, DTLS1_2_VERSION,
971 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
972 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
979 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
980 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
981 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 TLS1_VERSION, TLS1_2_VERSION,
987 DTLS1_BAD_VER, DTLS1_2_VERSION,
989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
995 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
996 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 TLS1_VERSION, TLS1_2_VERSION,
1003 DTLS1_BAD_VER, DTLS1_2_VERSION,
1004 SSL_HIGH | SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1011 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1012 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1013 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1018 TLS1_VERSION, TLS1_2_VERSION,
1019 DTLS1_BAD_VER, DTLS1_2_VERSION,
1020 SSL_STRONG_NONE | SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1025 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1028 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1029 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1030 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 TLS1_VERSION, TLS1_2_VERSION,
1036 DTLS1_BAD_VER, DTLS1_2_VERSION,
1037 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1045 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1046 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1047 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 TLS1_VERSION, TLS1_2_VERSION,
1053 DTLS1_BAD_VER, DTLS1_2_VERSION,
1054 SSL_HIGH | SSL_FIPS,
1055 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1061 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1062 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1063 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 TLS1_VERSION, TLS1_2_VERSION,
1069 DTLS1_BAD_VER, DTLS1_2_VERSION,
1070 SSL_HIGH | SSL_FIPS,
1071 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1077 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1078 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1079 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1084 TLS1_VERSION, TLS1_2_VERSION,
1085 DTLS1_BAD_VER, DTLS1_2_VERSION,
1086 SSL_STRONG_NONE | SSL_FIPS,
1087 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1091 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1094 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1095 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1096 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 TLS1_VERSION, TLS1_2_VERSION,
1102 DTLS1_BAD_VER, DTLS1_2_VERSION,
1103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1111 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1112 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1113 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 TLS1_VERSION, TLS1_2_VERSION,
1119 DTLS1_BAD_VER, DTLS1_2_VERSION,
1120 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1121 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1127 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1128 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1129 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 TLS1_VERSION, TLS1_2_VERSION,
1135 DTLS1_BAD_VER, DTLS1_2_VERSION,
1136 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1137 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1143 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1144 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1145 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 TLS1_2_VERSION, TLS1_2_VERSION,
1151 DTLS1_2_VERSION, DTLS1_2_VERSION,
1152 SSL_HIGH | SSL_FIPS,
1153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1159 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1160 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1161 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 TLS1_2_VERSION, TLS1_2_VERSION,
1167 DTLS1_2_VERSION, DTLS1_2_VERSION,
1168 SSL_HIGH | SSL_FIPS,
1169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1175 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1176 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1177 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1182 TLS1_2_VERSION, TLS1_2_VERSION,
1183 DTLS1_2_VERSION, DTLS1_2_VERSION,
1184 SSL_HIGH | SSL_FIPS,
1185 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1191 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1192 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1193 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1198 TLS1_2_VERSION, TLS1_2_VERSION,
1199 DTLS1_2_VERSION, DTLS1_2_VERSION,
1200 SSL_HIGH | SSL_FIPS,
1201 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1207 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1208 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1209 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 TLS1_2_VERSION, TLS1_2_VERSION,
1215 DTLS1_2_VERSION, DTLS1_2_VERSION,
1216 SSL_HIGH | SSL_FIPS,
1217 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1223 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1224 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1225 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 TLS1_2_VERSION, TLS1_2_VERSION,
1231 DTLS1_2_VERSION, DTLS1_2_VERSION,
1232 SSL_HIGH | SSL_FIPS,
1233 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1239 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1240 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1241 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 TLS1_2_VERSION, TLS1_2_VERSION,
1247 DTLS1_2_VERSION, DTLS1_2_VERSION,
1248 SSL_HIGH | SSL_FIPS,
1249 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1255 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1256 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1257 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 TLS1_2_VERSION, TLS1_2_VERSION,
1263 DTLS1_2_VERSION, DTLS1_2_VERSION,
1264 SSL_HIGH | SSL_FIPS,
1265 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1271 TLS1_TXT_PSK_WITH_NULL_SHA,
1272 TLS1_RFC_PSK_WITH_NULL_SHA,
1273 TLS1_CK_PSK_WITH_NULL_SHA,
1278 SSL3_VERSION, TLS1_2_VERSION,
1279 DTLS1_BAD_VER, DTLS1_2_VERSION,
1280 SSL_STRONG_NONE | SSL_FIPS,
1281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1287 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1288 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1289 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1294 SSL3_VERSION, TLS1_2_VERSION,
1295 DTLS1_BAD_VER, DTLS1_2_VERSION,
1296 SSL_STRONG_NONE | SSL_FIPS,
1297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1304 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1305 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1310 SSL3_VERSION, TLS1_2_VERSION,
1311 DTLS1_BAD_VER, DTLS1_2_VERSION,
1312 SSL_STRONG_NONE | SSL_FIPS,
1313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1317 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1320 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1321 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1322 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1327 SSL3_VERSION, TLS1_2_VERSION,
1328 DTLS1_BAD_VER, DTLS1_2_VERSION,
1329 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1337 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1338 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1339 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1344 SSL3_VERSION, TLS1_2_VERSION,
1345 DTLS1_BAD_VER, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1353 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1354 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1355 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1360 SSL3_VERSION, TLS1_2_VERSION,
1361 DTLS1_BAD_VER, DTLS1_2_VERSION,
1362 SSL_HIGH | SSL_FIPS,
1363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1367 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1370 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1371 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1372 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 SSL3_VERSION, TLS1_2_VERSION,
1378 DTLS1_BAD_VER, DTLS1_2_VERSION,
1379 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1380 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1387 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1388 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1389 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 SSL3_VERSION, TLS1_2_VERSION,
1395 DTLS1_BAD_VER, DTLS1_2_VERSION,
1396 SSL_HIGH | SSL_FIPS,
1397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1403 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1404 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1405 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 SSL3_VERSION, TLS1_2_VERSION,
1411 DTLS1_BAD_VER, DTLS1_2_VERSION,
1412 SSL_HIGH | SSL_FIPS,
1413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1417 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1420 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1421 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1422 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 SSL3_VERSION, TLS1_2_VERSION,
1428 DTLS1_BAD_VER, DTLS1_2_VERSION,
1429 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1437 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1438 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1439 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 SSL3_VERSION, TLS1_2_VERSION,
1445 DTLS1_BAD_VER, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1453 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1454 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 SSL3_VERSION, TLS1_2_VERSION,
1461 DTLS1_BAD_VER, DTLS1_2_VERSION,
1462 SSL_HIGH | SSL_FIPS,
1463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1469 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1470 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1471 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_2_VERSION, TLS1_2_VERSION,
1477 DTLS1_2_VERSION, DTLS1_2_VERSION,
1478 SSL_HIGH | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1486 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1487 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_2_VERSION, TLS1_2_VERSION,
1493 DTLS1_2_VERSION, DTLS1_2_VERSION,
1494 SSL_HIGH | SSL_FIPS,
1495 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1501 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1502 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1503 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_2_VERSION, TLS1_2_VERSION,
1509 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510 SSL_HIGH | SSL_FIPS,
1511 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1517 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1518 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1519 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_2_VERSION, TLS1_2_VERSION,
1525 DTLS1_2_VERSION, DTLS1_2_VERSION,
1526 SSL_HIGH | SSL_FIPS,
1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1534 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1535 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_2_VERSION, TLS1_2_VERSION,
1541 DTLS1_2_VERSION, DTLS1_2_VERSION,
1542 SSL_HIGH | SSL_FIPS,
1543 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1549 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1550 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1551 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_2_VERSION, TLS1_2_VERSION,
1557 DTLS1_2_VERSION, DTLS1_2_VERSION,
1558 SSL_HIGH | SSL_FIPS,
1559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1565 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1566 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1567 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_VERSION, TLS1_2_VERSION,
1573 DTLS1_BAD_VER, DTLS1_2_VERSION,
1574 SSL_HIGH | SSL_FIPS,
1575 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1582 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1583 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_VERSION, TLS1_2_VERSION,
1589 DTLS1_BAD_VER, DTLS1_2_VERSION,
1590 SSL_HIGH | SSL_FIPS,
1591 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1597 TLS1_TXT_PSK_WITH_NULL_SHA256,
1598 TLS1_RFC_PSK_WITH_NULL_SHA256,
1599 TLS1_CK_PSK_WITH_NULL_SHA256,
1604 TLS1_VERSION, TLS1_2_VERSION,
1605 DTLS1_BAD_VER, DTLS1_2_VERSION,
1606 SSL_STRONG_NONE | SSL_FIPS,
1607 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613 TLS1_TXT_PSK_WITH_NULL_SHA384,
1614 TLS1_RFC_PSK_WITH_NULL_SHA384,
1615 TLS1_CK_PSK_WITH_NULL_SHA384,
1620 TLS1_VERSION, TLS1_2_VERSION,
1621 DTLS1_BAD_VER, DTLS1_2_VERSION,
1622 SSL_STRONG_NONE | SSL_FIPS,
1623 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1629 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1630 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1631 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_VERSION, TLS1_2_VERSION,
1637 DTLS1_BAD_VER, DTLS1_2_VERSION,
1638 SSL_HIGH | SSL_FIPS,
1639 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1645 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1646 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1647 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_VERSION, TLS1_2_VERSION,
1653 DTLS1_BAD_VER, DTLS1_2_VERSION,
1654 SSL_HIGH | SSL_FIPS,
1655 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1661 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1662 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1663 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_VERSION, TLS1_2_VERSION,
1669 DTLS1_BAD_VER, DTLS1_2_VERSION,
1670 SSL_STRONG_NONE | SSL_FIPS,
1671 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1677 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1678 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1679 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_VERSION, TLS1_2_VERSION,
1685 DTLS1_BAD_VER, DTLS1_2_VERSION,
1686 SSL_STRONG_NONE | SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1693 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1694 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1695 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_VERSION, TLS1_2_VERSION,
1701 DTLS1_BAD_VER, DTLS1_2_VERSION,
1702 SSL_HIGH | SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1710 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1711 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_VERSION, TLS1_2_VERSION,
1717 DTLS1_BAD_VER, DTLS1_2_VERSION,
1718 SSL_HIGH | SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1725 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1726 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1727 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_VERSION, TLS1_2_VERSION,
1733 DTLS1_BAD_VER, DTLS1_2_VERSION,
1734 SSL_STRONG_NONE | SSL_FIPS,
1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1742 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1743 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_VERSION, TLS1_2_VERSION,
1749 DTLS1_BAD_VER, DTLS1_2_VERSION,
1750 SSL_STRONG_NONE | SSL_FIPS,
1751 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1755 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1758 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1759 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1760 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_VERSION, TLS1_2_VERSION,
1766 DTLS1_BAD_VER, DTLS1_2_VERSION,
1767 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1768 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1775 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1776 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1777 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_VERSION, TLS1_2_VERSION,
1783 DTLS1_BAD_VER, DTLS1_2_VERSION,
1784 SSL_HIGH | SSL_FIPS,
1785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1791 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1792 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1793 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_VERSION, TLS1_2_VERSION,
1799 DTLS1_BAD_VER, DTLS1_2_VERSION,
1800 SSL_HIGH | SSL_FIPS,
1801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1807 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1808 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1809 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_VERSION, TLS1_2_VERSION,
1815 DTLS1_BAD_VER, DTLS1_2_VERSION,
1816 SSL_HIGH | SSL_FIPS,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1823 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1824 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1825 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_VERSION, TLS1_2_VERSION,
1831 DTLS1_BAD_VER, DTLS1_2_VERSION,
1832 SSL_HIGH | SSL_FIPS,
1833 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1839 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1840 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1841 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_VERSION, TLS1_2_VERSION,
1847 DTLS1_BAD_VER, DTLS1_2_VERSION,
1848 SSL_STRONG_NONE | SSL_FIPS,
1849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1855 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1856 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1857 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_VERSION, TLS1_2_VERSION,
1863 DTLS1_BAD_VER, DTLS1_2_VERSION,
1864 SSL_STRONG_NONE | SSL_FIPS,
1865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1871 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1872 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1873 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_VERSION, TLS1_2_VERSION,
1879 DTLS1_BAD_VER, DTLS1_2_VERSION,
1880 SSL_STRONG_NONE | SSL_FIPS,
1881 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1886 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1889 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1890 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1891 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896 SSL3_VERSION, TLS1_2_VERSION,
1897 DTLS1_BAD_VER, DTLS1_2_VERSION,
1898 SSL_NOT_DEFAULT | SSL_MEDIUM,
1899 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1905 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1906 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1907 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912 SSL3_VERSION, TLS1_2_VERSION,
1913 DTLS1_BAD_VER, DTLS1_2_VERSION,
1914 SSL_NOT_DEFAULT | SSL_MEDIUM,
1915 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1921 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1922 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1923 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928 SSL3_VERSION, TLS1_2_VERSION,
1929 DTLS1_BAD_VER, DTLS1_2_VERSION,
1930 SSL_NOT_DEFAULT | SSL_MEDIUM,
1931 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1938 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1939 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1940 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1945 SSL3_VERSION, TLS1_2_VERSION,
1946 DTLS1_BAD_VER, DTLS1_2_VERSION,
1948 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1954 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1955 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1956 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961 SSL3_VERSION, TLS1_2_VERSION,
1962 DTLS1_BAD_VER, DTLS1_2_VERSION,
1964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1970 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1971 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1972 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977 SSL3_VERSION, TLS1_2_VERSION,
1978 DTLS1_BAD_VER, DTLS1_2_VERSION,
1979 SSL_NOT_DEFAULT | SSL_HIGH,
1980 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1986 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1987 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1988 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1993 SSL3_VERSION, TLS1_2_VERSION,
1994 DTLS1_BAD_VER, DTLS1_2_VERSION,
1996 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2002 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2003 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2004 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009 SSL3_VERSION, TLS1_2_VERSION,
2010 DTLS1_BAD_VER, DTLS1_2_VERSION,
2012 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2018 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2019 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2020 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025 SSL3_VERSION, TLS1_2_VERSION,
2026 DTLS1_BAD_VER, DTLS1_2_VERSION,
2027 SSL_NOT_DEFAULT | SSL_HIGH,
2028 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2033 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2036 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2037 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2038 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 SSL_CHACHA20POLY1305,
2043 TLS1_2_VERSION, TLS1_2_VERSION,
2044 DTLS1_2_VERSION, DTLS1_2_VERSION,
2046 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2052 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2053 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2054 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 SSL_CHACHA20POLY1305,
2059 TLS1_2_VERSION, TLS1_2_VERSION,
2060 DTLS1_2_VERSION, DTLS1_2_VERSION,
2062 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2068 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2069 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2070 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 SSL_CHACHA20POLY1305,
2075 TLS1_2_VERSION, TLS1_2_VERSION,
2076 DTLS1_2_VERSION, DTLS1_2_VERSION,
2078 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2084 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2085 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2086 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2089 SSL_CHACHA20POLY1305,
2091 TLS1_2_VERSION, TLS1_2_VERSION,
2092 DTLS1_2_VERSION, DTLS1_2_VERSION,
2094 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2100 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2101 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2102 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 SSL_CHACHA20POLY1305,
2107 TLS1_2_VERSION, TLS1_2_VERSION,
2108 DTLS1_2_VERSION, DTLS1_2_VERSION,
2110 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2116 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2117 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2118 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 SSL_CHACHA20POLY1305,
2123 TLS1_2_VERSION, TLS1_2_VERSION,
2124 DTLS1_2_VERSION, DTLS1_2_VERSION,
2126 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2132 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2133 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2134 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 SSL_CHACHA20POLY1305,
2139 TLS1_2_VERSION, TLS1_2_VERSION,
2140 DTLS1_2_VERSION, DTLS1_2_VERSION,
2142 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2146 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2147 * !defined(OPENSSL_NO_POLY1305) */
2149 #ifndef OPENSSL_NO_CAMELLIA
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2153 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2154 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2159 TLS1_2_VERSION, TLS1_2_VERSION,
2160 DTLS1_2_VERSION, DTLS1_2_VERSION,
2161 SSL_NOT_DEFAULT | SSL_HIGH,
2162 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2169 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2170 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2175 TLS1_2_VERSION, TLS1_2_VERSION,
2176 DTLS1_2_VERSION, DTLS1_2_VERSION,
2177 SSL_NOT_DEFAULT | SSL_HIGH,
2178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2185 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2186 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2191 TLS1_2_VERSION, TLS1_2_VERSION,
2192 DTLS1_2_VERSION, DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_HIGH,
2194 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2201 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2202 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_2_VERSION, TLS1_2_VERSION,
2208 DTLS1_2_VERSION, DTLS1_2_VERSION,
2209 SSL_NOT_DEFAULT | SSL_HIGH,
2210 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2216 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2217 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2218 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2223 TLS1_2_VERSION, TLS1_2_VERSION,
2224 DTLS1_2_VERSION, DTLS1_2_VERSION,
2225 SSL_NOT_DEFAULT | SSL_HIGH,
2226 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2232 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2233 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2234 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2239 TLS1_2_VERSION, TLS1_2_VERSION,
2240 DTLS1_2_VERSION, DTLS1_2_VERSION,
2241 SSL_NOT_DEFAULT | SSL_HIGH,
2242 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2248 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2249 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2250 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2255 TLS1_2_VERSION, TLS1_2_VERSION,
2256 DTLS1_2_VERSION, DTLS1_2_VERSION,
2257 SSL_NOT_DEFAULT | SSL_HIGH,
2258 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2264 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2265 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2266 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_2_VERSION, TLS1_2_VERSION,
2272 DTLS1_2_VERSION, DTLS1_2_VERSION,
2273 SSL_NOT_DEFAULT | SSL_HIGH,
2274 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2280 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2281 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2282 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2287 SSL3_VERSION, TLS1_2_VERSION,
2288 DTLS1_BAD_VER, DTLS1_2_VERSION,
2289 SSL_NOT_DEFAULT | SSL_HIGH,
2290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2296 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2297 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2298 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_BAD_VER, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2312 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2313 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2314 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2319 SSL3_VERSION, TLS1_2_VERSION,
2320 DTLS1_BAD_VER, DTLS1_2_VERSION,
2321 SSL_NOT_DEFAULT | SSL_HIGH,
2322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2328 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2329 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2330 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2335 SSL3_VERSION, TLS1_2_VERSION,
2336 DTLS1_BAD_VER, DTLS1_2_VERSION,
2337 SSL_NOT_DEFAULT | SSL_HIGH,
2338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2344 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2345 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2346 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2351 SSL3_VERSION, TLS1_2_VERSION,
2352 DTLS1_BAD_VER, DTLS1_2_VERSION,
2353 SSL_NOT_DEFAULT | SSL_HIGH,
2354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2360 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2361 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2362 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2367 SSL3_VERSION, TLS1_2_VERSION,
2368 DTLS1_BAD_VER, DTLS1_2_VERSION,
2369 SSL_NOT_DEFAULT | SSL_HIGH,
2370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2376 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2377 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2378 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2383 SSL3_VERSION, TLS1_2_VERSION,
2384 DTLS1_BAD_VER, DTLS1_2_VERSION,
2385 SSL_NOT_DEFAULT | SSL_HIGH,
2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2392 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2393 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2394 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2399 SSL3_VERSION, TLS1_2_VERSION,
2400 DTLS1_BAD_VER, DTLS1_2_VERSION,
2401 SSL_NOT_DEFAULT | SSL_HIGH,
2402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2408 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2409 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2410 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2415 TLS1_2_VERSION, TLS1_2_VERSION,
2416 DTLS1_2_VERSION, DTLS1_2_VERSION,
2417 SSL_NOT_DEFAULT | SSL_HIGH,
2418 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2424 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2425 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2426 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2431 TLS1_2_VERSION, TLS1_2_VERSION,
2432 DTLS1_2_VERSION, DTLS1_2_VERSION,
2433 SSL_NOT_DEFAULT | SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2440 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2441 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2442 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2447 TLS1_2_VERSION, TLS1_2_VERSION,
2448 DTLS1_2_VERSION, DTLS1_2_VERSION,
2449 SSL_NOT_DEFAULT | SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2456 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2457 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2458 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2463 TLS1_2_VERSION, TLS1_2_VERSION,
2464 DTLS1_2_VERSION, DTLS1_2_VERSION,
2465 SSL_NOT_DEFAULT | SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2472 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2474 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2479 TLS1_VERSION, TLS1_2_VERSION,
2480 DTLS1_BAD_VER, DTLS1_2_VERSION,
2481 SSL_NOT_DEFAULT | SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2488 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2489 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2490 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2495 TLS1_VERSION, TLS1_2_VERSION,
2496 DTLS1_BAD_VER, DTLS1_2_VERSION,
2497 SSL_NOT_DEFAULT | SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2504 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2505 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2506 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2511 TLS1_VERSION, TLS1_2_VERSION,
2512 DTLS1_BAD_VER, DTLS1_2_VERSION,
2513 SSL_NOT_DEFAULT | SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2520 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2521 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2522 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2527 TLS1_VERSION, TLS1_2_VERSION,
2528 DTLS1_BAD_VER, DTLS1_2_VERSION,
2529 SSL_NOT_DEFAULT | SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2536 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2537 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2538 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2543 TLS1_VERSION, TLS1_2_VERSION,
2544 DTLS1_BAD_VER, DTLS1_2_VERSION,
2545 SSL_NOT_DEFAULT | SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2552 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2553 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2554 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2559 TLS1_VERSION, TLS1_2_VERSION,
2560 DTLS1_BAD_VER, DTLS1_2_VERSION,
2561 SSL_NOT_DEFAULT | SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2568 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2569 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2570 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2575 TLS1_VERSION, TLS1_2_VERSION,
2576 DTLS1_BAD_VER, DTLS1_2_VERSION,
2577 SSL_NOT_DEFAULT | SSL_HIGH,
2578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2584 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2585 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2586 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2591 TLS1_VERSION, TLS1_2_VERSION,
2592 DTLS1_BAD_VER, DTLS1_2_VERSION,
2593 SSL_NOT_DEFAULT | SSL_HIGH,
2594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2598 #endif /* OPENSSL_NO_CAMELLIA */
2600 #ifndef OPENSSL_NO_GOST
2603 "GOST2001-GOST89-GOST89",
2604 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2608 SSL_eGOST2814789CNT,
2610 TLS1_VERSION, TLS1_2_VERSION,
2613 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2619 "GOST2001-NULL-GOST94",
2620 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2626 TLS1_VERSION, TLS1_2_VERSION,
2629 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2635 "GOST2012-GOST8912-GOST8912",
2639 SSL_aGOST12 | SSL_aGOST01,
2640 SSL_eGOST2814789CNT12,
2642 TLS1_VERSION, TLS1_2_VERSION,
2645 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2651 "GOST2012-NULL-GOST12",
2655 SSL_aGOST12 | SSL_aGOST01,
2658 TLS1_VERSION, TLS1_2_VERSION,
2661 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2665 #endif /* OPENSSL_NO_GOST */
2667 #ifndef OPENSSL_NO_IDEA
2670 SSL3_TXT_RSA_IDEA_128_SHA,
2671 SSL3_RFC_RSA_IDEA_128_SHA,
2672 SSL3_CK_RSA_IDEA_128_SHA,
2677 SSL3_VERSION, TLS1_1_VERSION,
2678 DTLS1_BAD_VER, DTLS1_VERSION,
2679 SSL_NOT_DEFAULT | SSL_MEDIUM,
2680 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2686 #ifndef OPENSSL_NO_SEED
2689 TLS1_TXT_RSA_WITH_SEED_SHA,
2690 TLS1_RFC_RSA_WITH_SEED_SHA,
2691 TLS1_CK_RSA_WITH_SEED_SHA,
2696 SSL3_VERSION, TLS1_2_VERSION,
2697 DTLS1_BAD_VER, DTLS1_2_VERSION,
2698 SSL_NOT_DEFAULT | SSL_MEDIUM,
2699 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2705 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2706 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2707 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2712 SSL3_VERSION, TLS1_2_VERSION,
2713 DTLS1_BAD_VER, DTLS1_2_VERSION,
2714 SSL_NOT_DEFAULT | SSL_MEDIUM,
2715 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2721 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2722 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2723 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2728 SSL3_VERSION, TLS1_2_VERSION,
2729 DTLS1_BAD_VER, DTLS1_2_VERSION,
2730 SSL_NOT_DEFAULT | SSL_MEDIUM,
2731 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2737 TLS1_TXT_ADH_WITH_SEED_SHA,
2738 TLS1_RFC_ADH_WITH_SEED_SHA,
2739 TLS1_CK_ADH_WITH_SEED_SHA,
2744 SSL3_VERSION, TLS1_2_VERSION,
2745 DTLS1_BAD_VER, DTLS1_2_VERSION,
2746 SSL_NOT_DEFAULT | SSL_MEDIUM,
2747 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2751 #endif /* OPENSSL_NO_SEED */
2753 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2756 SSL3_TXT_RSA_RC4_128_MD5,
2757 SSL3_RFC_RSA_RC4_128_MD5,
2758 SSL3_CK_RSA_RC4_128_MD5,
2763 SSL3_VERSION, TLS1_2_VERSION,
2765 SSL_NOT_DEFAULT | SSL_MEDIUM,
2766 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2772 SSL3_TXT_RSA_RC4_128_SHA,
2773 SSL3_RFC_RSA_RC4_128_SHA,
2774 SSL3_CK_RSA_RC4_128_SHA,
2779 SSL3_VERSION, TLS1_2_VERSION,
2781 SSL_NOT_DEFAULT | SSL_MEDIUM,
2782 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2788 SSL3_TXT_ADH_RC4_128_MD5,
2789 SSL3_RFC_ADH_RC4_128_MD5,
2790 SSL3_CK_ADH_RC4_128_MD5,
2795 SSL3_VERSION, TLS1_2_VERSION,
2797 SSL_NOT_DEFAULT | SSL_MEDIUM,
2798 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2804 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2805 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2806 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2811 TLS1_VERSION, TLS1_2_VERSION,
2813 SSL_NOT_DEFAULT | SSL_MEDIUM,
2814 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2820 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2821 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2822 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2827 TLS1_VERSION, TLS1_2_VERSION,
2829 SSL_NOT_DEFAULT | SSL_MEDIUM,
2830 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2836 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2837 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2838 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2843 TLS1_VERSION, TLS1_2_VERSION,
2845 SSL_NOT_DEFAULT | SSL_MEDIUM,
2846 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2852 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2853 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2854 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2859 TLS1_VERSION, TLS1_2_VERSION,
2861 SSL_NOT_DEFAULT | SSL_MEDIUM,
2862 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2869 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2870 TLS1_CK_PSK_WITH_RC4_128_SHA,
2875 SSL3_VERSION, TLS1_2_VERSION,
2877 SSL_NOT_DEFAULT | SSL_MEDIUM,
2878 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2885 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2886 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2891 SSL3_VERSION, TLS1_2_VERSION,
2893 SSL_NOT_DEFAULT | SSL_MEDIUM,
2894 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2901 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2902 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2907 SSL3_VERSION, TLS1_2_VERSION,
2909 SSL_NOT_DEFAULT | SSL_MEDIUM,
2910 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2916 #ifndef OPENSSL_NO_ARIA
2919 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2920 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2921 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2926 TLS1_2_VERSION, TLS1_2_VERSION,
2927 DTLS1_2_VERSION, DTLS1_2_VERSION,
2928 SSL_NOT_DEFAULT | SSL_HIGH,
2929 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2935 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2936 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2937 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2942 TLS1_2_VERSION, TLS1_2_VERSION,
2943 DTLS1_2_VERSION, DTLS1_2_VERSION,
2944 SSL_NOT_DEFAULT | SSL_HIGH,
2945 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2951 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2952 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2953 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2958 TLS1_2_VERSION, TLS1_2_VERSION,
2959 DTLS1_2_VERSION, DTLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_HIGH,
2961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2967 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2968 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2969 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2974 TLS1_2_VERSION, TLS1_2_VERSION,
2975 DTLS1_2_VERSION, DTLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_HIGH,
2977 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2983 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2984 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2985 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2990 TLS1_2_VERSION, TLS1_2_VERSION,
2991 DTLS1_2_VERSION, DTLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_HIGH,
2993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2999 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3000 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3001 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3006 TLS1_2_VERSION, TLS1_2_VERSION,
3007 DTLS1_2_VERSION, DTLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_HIGH,
3009 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3015 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3016 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3017 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3022 TLS1_2_VERSION, TLS1_2_VERSION,
3023 DTLS1_2_VERSION, DTLS1_2_VERSION,
3024 SSL_NOT_DEFAULT | SSL_HIGH,
3025 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3031 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3032 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3033 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3038 TLS1_2_VERSION, TLS1_2_VERSION,
3039 DTLS1_2_VERSION, DTLS1_2_VERSION,
3040 SSL_NOT_DEFAULT | SSL_HIGH,
3041 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3047 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3048 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3049 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054 TLS1_2_VERSION, TLS1_2_VERSION,
3055 DTLS1_2_VERSION, DTLS1_2_VERSION,
3056 SSL_NOT_DEFAULT | SSL_HIGH,
3057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3063 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3064 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3065 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070 TLS1_2_VERSION, TLS1_2_VERSION,
3071 DTLS1_2_VERSION, DTLS1_2_VERSION,
3072 SSL_NOT_DEFAULT | SSL_HIGH,
3073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3079 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3080 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3081 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3086 TLS1_2_VERSION, TLS1_2_VERSION,
3087 DTLS1_2_VERSION, DTLS1_2_VERSION,
3088 SSL_NOT_DEFAULT | SSL_HIGH,
3089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3095 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3096 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3097 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3102 TLS1_2_VERSION, TLS1_2_VERSION,
3103 DTLS1_2_VERSION, DTLS1_2_VERSION,
3104 SSL_NOT_DEFAULT | SSL_HIGH,
3105 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3111 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3112 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3113 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3118 TLS1_2_VERSION, TLS1_2_VERSION,
3119 DTLS1_2_VERSION, DTLS1_2_VERSION,
3120 SSL_NOT_DEFAULT | SSL_HIGH,
3121 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3127 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3128 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3129 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3134 TLS1_2_VERSION, TLS1_2_VERSION,
3135 DTLS1_2_VERSION, DTLS1_2_VERSION,
3136 SSL_NOT_DEFAULT | SSL_HIGH,
3137 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3143 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3144 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3145 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3150 TLS1_2_VERSION, TLS1_2_VERSION,
3151 DTLS1_2_VERSION, DTLS1_2_VERSION,
3152 SSL_NOT_DEFAULT | SSL_HIGH,
3153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3159 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3160 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3161 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3166 TLS1_2_VERSION, TLS1_2_VERSION,
3167 DTLS1_2_VERSION, DTLS1_2_VERSION,
3168 SSL_NOT_DEFAULT | SSL_HIGH,
3169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3173 #endif /* OPENSSL_NO_ARIA */
3177 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3178 * values stuffed into the ciphers field of the wire protocol for signalling
3181 static SSL_CIPHER ssl3_scsvs[] = {
3184 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3185 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3187 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3191 "TLS_FALLBACK_SCSV",
3192 "TLS_FALLBACK_SCSV",
3193 SSL3_CK_FALLBACK_SCSV,
3194 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3198 static int cipher_compare(const void *a, const void *b)
3200 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3201 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3203 if (ap->id == bp->id)
3205 return ap->id < bp->id ? -1 : 1;
3208 void ssl_sort_cipher_list(void)
3210 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3212 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3215 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3216 const char * t, size_t u,
3217 const unsigned char * v, size_t w, int x)
3226 return ssl_undefined_function(ssl);
3229 const SSL3_ENC_METHOD SSLv3_enc_data = {
3232 ssl3_setup_key_block,
3233 ssl3_generate_master_secret,
3234 ssl3_change_cipher_state,
3235 ssl3_final_finish_mac,
3236 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3237 SSL3_MD_SERVER_FINISHED_CONST, 4,
3239 ssl_undefined_function_1,
3241 ssl3_set_handshake_header,
3242 tls_close_construct_packet,
3243 ssl3_handshake_write
3246 long ssl3_default_timeout(void)
3249 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3250 * http, the cache would over fill
3252 return (60 * 60 * 2);
3255 int ssl3_num_ciphers(void)
3257 return SSL3_NUM_CIPHERS;
3260 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3262 if (u < SSL3_NUM_CIPHERS)
3263 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3268 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3270 /* No header in the event of a CCS */
3271 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3274 /* Set the content type and 3 bytes for the message len */
3275 if (!WPACKET_put_bytes_u8(pkt, htype)
3276 || !WPACKET_start_sub_packet_u24(pkt))
3282 int ssl3_handshake_write(SSL *s)
3284 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3287 int ssl3_new(SSL *s)
3291 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3295 #ifndef OPENSSL_NO_SRP
3296 if (!SSL_SRP_CTX_init(s))
3300 if (!s->method->ssl_clear(s))
3308 void ssl3_free(SSL *s)
3310 if (s == NULL || s->s3 == NULL)
3313 ssl3_cleanup_key_block(s);
3315 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3316 EVP_PKEY_free(s->s3->peer_tmp);
3317 s->s3->peer_tmp = NULL;
3318 EVP_PKEY_free(s->s3->tmp.pkey);
3319 s->s3->tmp.pkey = NULL;
3322 OPENSSL_free(s->s3->tmp.ctype);
3323 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3324 OPENSSL_free(s->s3->tmp.ciphers_raw);
3325 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3326 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3327 ssl3_free_digest_list(s);
3328 OPENSSL_free(s->s3->alpn_selected);
3329 OPENSSL_free(s->s3->alpn_proposed);
3331 #ifndef OPENSSL_NO_SRP
3332 SSL_SRP_CTX_free(s);
3334 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3338 int ssl3_clear(SSL *s)
3340 ssl3_cleanup_key_block(s);
3341 OPENSSL_free(s->s3->tmp.ctype);
3342 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3343 OPENSSL_free(s->s3->tmp.ciphers_raw);
3344 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3345 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3347 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3348 EVP_PKEY_free(s->s3->tmp.pkey);
3349 EVP_PKEY_free(s->s3->peer_tmp);
3350 #endif /* !OPENSSL_NO_EC */
3352 ssl3_free_digest_list(s);
3354 OPENSSL_free(s->s3->alpn_selected);
3355 OPENSSL_free(s->s3->alpn_proposed);
3357 /* NULL/zero-out everything in the s3 struct */
3358 memset(s->s3, 0, sizeof(*s->s3));
3360 if (!ssl_free_wbio_buffer(s))
3363 s->version = SSL3_VERSION;
3365 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3366 OPENSSL_free(s->ext.npn);
3374 #ifndef OPENSSL_NO_SRP
3375 static char *srp_password_from_info_cb(SSL *s, void *arg)
3377 return OPENSSL_strdup(s->srp_ctx.info);
3381 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3383 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3388 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3390 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3391 ret = s->s3->num_renegotiations;
3393 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3394 ret = s->s3->num_renegotiations;
3395 s->s3->num_renegotiations = 0;
3397 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3398 ret = s->s3->total_renegotiations;
3400 case SSL_CTRL_GET_FLAGS:
3401 ret = (int)(s->s3->flags);
3403 #ifndef OPENSSL_NO_DH
3404 case SSL_CTRL_SET_TMP_DH:
3406 DH *dh = (DH *)parg;
3407 EVP_PKEY *pkdh = NULL;
3409 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3412 pkdh = ssl_dh_to_pkey(dh);
3414 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3417 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3418 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3419 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3420 EVP_PKEY_free(pkdh);
3423 EVP_PKEY_free(s->cert->dh_tmp);
3424 s->cert->dh_tmp = pkdh;
3428 case SSL_CTRL_SET_TMP_DH_CB:
3430 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3433 case SSL_CTRL_SET_DH_AUTO:
3434 s->cert->dh_tmp_auto = larg;
3437 #ifndef OPENSSL_NO_EC
3438 case SSL_CTRL_SET_TMP_ECDH:
3440 const EC_GROUP *group = NULL;
3444 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3447 group = EC_KEY_get0_group((const EC_KEY *)parg);
3448 if (group == NULL) {
3449 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3452 nid = EC_GROUP_get_curve_name(group);
3453 if (nid == NID_undef)
3455 return tls1_set_groups(&s->ext.supportedgroups,
3456 &s->ext.supportedgroups_len,
3460 #endif /* !OPENSSL_NO_EC */
3461 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3462 if (larg == TLSEXT_NAMETYPE_host_name) {
3465 OPENSSL_free(s->ext.hostname);
3466 s->ext.hostname = NULL;
3471 len = strlen((char *)parg);
3472 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3473 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3476 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3477 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3481 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3485 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3486 s->ext.debug_arg = parg;
3490 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3491 ret = s->ext.status_type;
3494 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3495 s->ext.status_type = larg;
3499 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3500 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3504 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3505 s->ext.ocsp.exts = parg;
3509 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3510 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3514 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3515 s->ext.ocsp.ids = parg;
3519 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3520 *(unsigned char **)parg = s->ext.ocsp.resp;
3521 if (s->ext.ocsp.resp_len == 0
3522 || s->ext.ocsp.resp_len > LONG_MAX)
3524 return (long)s->ext.ocsp.resp_len;
3526 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3527 OPENSSL_free(s->ext.ocsp.resp);
3528 s->ext.ocsp.resp = parg;
3529 s->ext.ocsp.resp_len = larg;
3533 #ifndef OPENSSL_NO_HEARTBEATS
3534 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3535 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3536 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3540 case SSL_CTRL_CHAIN:
3542 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3544 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3546 case SSL_CTRL_CHAIN_CERT:
3548 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3550 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3552 case SSL_CTRL_GET_CHAIN_CERTS:
3553 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3556 case SSL_CTRL_SELECT_CURRENT_CERT:
3557 return ssl_cert_select_current(s->cert, (X509 *)parg);
3559 case SSL_CTRL_SET_CURRENT_CERT:
3560 if (larg == SSL_CERT_SET_SERVER) {
3561 const SSL_CIPHER *cipher;
3564 cipher = s->s3->tmp.new_cipher;
3568 * No certificate for unauthenticated ciphersuites or using SRP
3571 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3573 if (s->s3->tmp.cert == NULL)
3575 s->cert->key = s->s3->tmp.cert;
3578 return ssl_cert_set_current(s->cert, larg);
3580 #ifndef OPENSSL_NO_EC
3581 case SSL_CTRL_GET_GROUPS:
3588 clist = s->session->ext.supportedgroups;
3589 clistlen = s->session->ext.supportedgroups_len;
3594 for (i = 0; i < clistlen; i++) {
3595 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3598 cptr[i] = cinf->nid;
3600 cptr[i] = TLSEXT_nid_unknown | clist[i];
3603 return (int)clistlen;
3606 case SSL_CTRL_SET_GROUPS:
3607 return tls1_set_groups(&s->ext.supportedgroups,
3608 &s->ext.supportedgroups_len, parg, larg);
3610 case SSL_CTRL_SET_GROUPS_LIST:
3611 return tls1_set_groups_list(&s->ext.supportedgroups,
3612 &s->ext.supportedgroups_len, parg);
3614 case SSL_CTRL_GET_SHARED_GROUP:
3616 uint16_t id = tls1_shared_group(s, larg);
3619 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3621 return ginf == NULL ? 0 : ginf->nid;
3626 case SSL_CTRL_SET_SIGALGS:
3627 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3629 case SSL_CTRL_SET_SIGALGS_LIST:
3630 return tls1_set_sigalgs_list(s->cert, parg, 0);
3632 case SSL_CTRL_SET_CLIENT_SIGALGS:
3633 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3635 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3636 return tls1_set_sigalgs_list(s->cert, parg, 1);
3638 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3640 const unsigned char **pctype = parg;
3641 if (s->server || !s->s3->tmp.cert_req)
3644 *pctype = s->s3->tmp.ctype;
3645 return s->s3->tmp.ctype_len;
3648 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3651 return ssl3_set_req_cert_type(s->cert, parg, larg);
3653 case SSL_CTRL_BUILD_CERT_CHAIN:
3654 return ssl_build_cert_chain(s, NULL, larg);
3656 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3657 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3659 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3660 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3662 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3663 if (s->s3->tmp.peer_sigalg == NULL)
3665 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3668 case SSL_CTRL_GET_SERVER_TMP_KEY:
3669 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3670 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3673 EVP_PKEY_up_ref(s->s3->peer_tmp);
3674 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3680 #ifndef OPENSSL_NO_EC
3681 case SSL_CTRL_GET_EC_POINT_FORMATS:
3683 SSL_SESSION *sess = s->session;
3684 const unsigned char **pformat = parg;
3686 if (sess == NULL || sess->ext.ecpointformats == NULL)
3688 *pformat = sess->ext.ecpointformats;
3689 return (int)sess->ext.ecpointformats_len;
3699 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3704 #ifndef OPENSSL_NO_DH
3705 case SSL_CTRL_SET_TMP_DH_CB:
3707 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3711 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3712 s->ext.debug_cb = (void (*)(SSL *, int, int,
3713 const unsigned char *, int, void *))fp;
3716 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3718 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3727 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3730 #ifndef OPENSSL_NO_DH
3731 case SSL_CTRL_SET_TMP_DH:
3733 DH *dh = (DH *)parg;
3734 EVP_PKEY *pkdh = NULL;
3736 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3739 pkdh = ssl_dh_to_pkey(dh);
3741 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3744 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3745 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3746 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3747 EVP_PKEY_free(pkdh);
3750 EVP_PKEY_free(ctx->cert->dh_tmp);
3751 ctx->cert->dh_tmp = pkdh;
3754 case SSL_CTRL_SET_TMP_DH_CB:
3756 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3759 case SSL_CTRL_SET_DH_AUTO:
3760 ctx->cert->dh_tmp_auto = larg;
3763 #ifndef OPENSSL_NO_EC
3764 case SSL_CTRL_SET_TMP_ECDH:
3766 const EC_GROUP *group = NULL;
3770 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3773 group = EC_KEY_get0_group((const EC_KEY *)parg);
3774 if (group == NULL) {
3775 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3778 nid = EC_GROUP_get_curve_name(group);
3779 if (nid == NID_undef)
3781 return tls1_set_groups(&ctx->ext.supportedgroups,
3782 &ctx->ext.supportedgroups_len,
3785 #endif /* !OPENSSL_NO_EC */
3786 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3787 ctx->ext.servername_arg = parg;
3789 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3790 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3792 unsigned char *keys = parg;
3793 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3794 sizeof(ctx->ext.tick_hmac_key) +
3795 sizeof(ctx->ext.tick_aes_key));
3798 if (larg != tick_keylen) {
3799 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3802 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3803 memcpy(ctx->ext.tick_key_name, keys,
3804 sizeof(ctx->ext.tick_key_name));
3805 memcpy(ctx->ext.tick_hmac_key,
3806 keys + sizeof(ctx->ext.tick_key_name),
3807 sizeof(ctx->ext.tick_hmac_key));
3808 memcpy(ctx->ext.tick_aes_key,
3809 keys + sizeof(ctx->ext.tick_key_name) +
3810 sizeof(ctx->ext.tick_hmac_key),
3811 sizeof(ctx->ext.tick_aes_key));
3813 memcpy(keys, ctx->ext.tick_key_name,
3814 sizeof(ctx->ext.tick_key_name));
3815 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3816 ctx->ext.tick_hmac_key,
3817 sizeof(ctx->ext.tick_hmac_key));
3818 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3819 sizeof(ctx->ext.tick_hmac_key),
3820 ctx->ext.tick_aes_key,
3821 sizeof(ctx->ext.tick_aes_key));
3826 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3827 return ctx->ext.status_type;
3829 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3830 ctx->ext.status_type = larg;
3833 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3834 ctx->ext.status_arg = parg;
3837 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3838 *(void**)parg = ctx->ext.status_arg;
3841 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3842 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3845 #ifndef OPENSSL_NO_SRP
3846 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3847 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3848 OPENSSL_free(ctx->srp_ctx.login);
3849 ctx->srp_ctx.login = NULL;
3852 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3853 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3856 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3857 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3861 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3862 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3863 srp_password_from_info_cb;
3864 if (ctx->srp_ctx.info != NULL)
3865 OPENSSL_free(ctx->srp_ctx.info);
3866 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3867 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3871 case SSL_CTRL_SET_SRP_ARG:
3872 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3873 ctx->srp_ctx.SRP_cb_arg = parg;
3876 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3877 ctx->srp_ctx.strength = larg;
3881 #ifndef OPENSSL_NO_EC
3882 case SSL_CTRL_SET_GROUPS:
3883 return tls1_set_groups(&ctx->ext.supportedgroups,
3884 &ctx->ext.supportedgroups_len,
3887 case SSL_CTRL_SET_GROUPS_LIST:
3888 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3889 &ctx->ext.supportedgroups_len,
3892 case SSL_CTRL_SET_SIGALGS:
3893 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3895 case SSL_CTRL_SET_SIGALGS_LIST:
3896 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3898 case SSL_CTRL_SET_CLIENT_SIGALGS:
3899 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3901 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3902 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3904 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3905 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3907 case SSL_CTRL_BUILD_CERT_CHAIN:
3908 return ssl_build_cert_chain(NULL, ctx, larg);
3910 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3911 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3913 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3914 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3916 /* A Thawte special :-) */
3917 case SSL_CTRL_EXTRA_CHAIN_CERT:
3918 if (ctx->extra_certs == NULL) {
3919 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3920 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3924 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3925 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3930 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3931 if (ctx->extra_certs == NULL && larg == 0)
3932 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3934 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3937 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3938 sk_X509_pop_free(ctx->extra_certs, X509_free);
3939 ctx->extra_certs = NULL;
3942 case SSL_CTRL_CHAIN:
3944 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3946 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3948 case SSL_CTRL_CHAIN_CERT:
3950 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3952 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3954 case SSL_CTRL_GET_CHAIN_CERTS:
3955 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3958 case SSL_CTRL_SELECT_CURRENT_CERT:
3959 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3961 case SSL_CTRL_SET_CURRENT_CERT:
3962 return ssl_cert_set_current(ctx->cert, larg);
3970 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3973 #ifndef OPENSSL_NO_DH
3974 case SSL_CTRL_SET_TMP_DH_CB:
3976 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3980 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3981 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3984 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3985 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3988 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3989 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3992 HMAC_CTX *, int))fp;
3995 #ifndef OPENSSL_NO_SRP
3996 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3997 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3998 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4000 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4001 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4002 ctx->srp_ctx.TLS_ext_srp_username_callback =
4003 (int (*)(SSL *, int *, void *))fp;
4005 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4006 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4007 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4008 (char *(*)(SSL *, void *))fp;
4011 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4013 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4022 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4025 const SSL_CIPHER *cp;
4028 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4031 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4034 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4036 SSL_CIPHER *c = NULL;
4037 SSL_CIPHER *tbl = ssl3_ciphers;
4040 /* this is not efficient, necessary to optimize this? */
4041 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
4042 if (tbl->stdname == NULL)
4044 if (strcmp(stdname, tbl->stdname) == 0) {
4051 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4052 if (strcmp(stdname, tbl->stdname) == 0) {
4062 * This function needs to check if the ciphers required are actually
4065 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4067 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4068 | ((uint32_t)p[0] << 8L)
4072 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4074 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4079 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4087 * ssl3_choose_cipher - choose a cipher from those offered by the client
4088 * @s: SSL connection
4089 * @clnt: ciphers offered by the client
4090 * @srvr: ciphers enabled on the server?
4092 * Returns the selected cipher or NULL when no common ciphers.
4094 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4095 STACK_OF(SSL_CIPHER) *srvr)
4097 const SSL_CIPHER *c, *ret = NULL;
4098 STACK_OF(SSL_CIPHER) *prio, *allow;
4100 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4101 #ifndef OPENSSL_NO_CHACHA
4102 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4105 /* Let's see which ciphers we can support */
4108 * Do not set the compare functions, because this may lead to a
4109 * reordering by "id". We want to keep the original ordering. We may pay
4110 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4111 * pay with the price of sk_SSL_CIPHER_dup().
4115 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4117 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4118 c = sk_SSL_CIPHER_value(srvr, i);
4119 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4121 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4123 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4124 c = sk_SSL_CIPHER_value(clnt, i);
4125 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4129 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4130 if (tls1_suiteb(s)) {
4133 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4136 #ifndef OPENSSL_NO_CHACHA
4137 /* If ChaCha20 is at the top of the client preference list,
4138 and there are ChaCha20 ciphers in the server list, then
4139 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4140 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4141 c = sk_SSL_CIPHER_value(clnt, 0);
4142 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4143 /* ChaCha20 is client preferred, check server... */
4144 int num = sk_SSL_CIPHER_num(srvr);
4146 for (i = 0; i < num; i++) {
4147 c = sk_SSL_CIPHER_value(srvr, i);
4148 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4154 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4155 /* if reserve fails, then there's likely a memory issue */
4156 if (prio_chacha != NULL) {
4157 /* Put all ChaCha20 at the top, starting with the one we just found */
4158 sk_SSL_CIPHER_push(prio_chacha, c);
4159 for (i++; i < num; i++) {
4160 c = sk_SSL_CIPHER_value(srvr, i);
4161 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4162 sk_SSL_CIPHER_push(prio_chacha, c);
4164 /* Pull in the rest */
4165 for (i = 0; i < num; i++) {
4166 c = sk_SSL_CIPHER_value(srvr, i);
4167 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4168 sk_SSL_CIPHER_push(prio_chacha, c);
4181 if (!SSL_IS_TLS13(s)) {
4182 tls1_set_cert_validity(s);
4186 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4187 c = sk_SSL_CIPHER_value(prio, i);
4189 /* Skip ciphers not supported by the protocol version */
4190 if (!SSL_IS_DTLS(s) &&
4191 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4193 if (SSL_IS_DTLS(s) &&
4194 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4195 DTLS_VERSION_GT(s->version, c->max_dtls)))
4199 * Since TLS 1.3 ciphersuites can be used with any auth or
4200 * key exchange scheme skip tests.
4202 if (!SSL_IS_TLS13(s)) {
4203 mask_k = s->s3->tmp.mask_k;
4204 mask_a = s->s3->tmp.mask_a;
4205 #ifndef OPENSSL_NO_SRP
4206 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4212 alg_k = c->algorithm_mkey;
4213 alg_a = c->algorithm_auth;
4215 #ifndef OPENSSL_NO_PSK
4216 /* with PSK there must be server callback set */
4217 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4219 #endif /* OPENSSL_NO_PSK */
4221 ok = (alg_k & mask_k) && (alg_a & mask_a);
4223 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4224 alg_a, mask_k, mask_a, (void *)c, c->name);
4227 #ifndef OPENSSL_NO_EC
4229 * if we are considering an ECC cipher suite that uses an ephemeral
4232 if (alg_k & SSL_kECDHE)
4233 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4234 #endif /* OPENSSL_NO_EC */
4239 ii = sk_SSL_CIPHER_find(allow, c);
4241 /* Check security callback permits this cipher */
4242 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4243 c->strength_bits, 0, (void *)c))
4245 #if !defined(OPENSSL_NO_EC)
4246 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4247 && s->s3->is_probably_safari) {
4249 ret = sk_SSL_CIPHER_value(allow, ii);
4253 ret = sk_SSL_CIPHER_value(allow, ii);
4257 #ifndef OPENSSL_NO_CHACHA
4258 sk_SSL_CIPHER_free(prio_chacha);
4263 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4265 uint32_t alg_k, alg_a = 0;
4267 /* If we have custom certificate types set, use them */
4269 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4270 /* Get mask of algorithms disabled by signature list */
4271 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4273 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4275 #ifndef OPENSSL_NO_GOST
4276 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4277 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4278 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4279 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4282 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4283 #ifndef OPENSSL_NO_DH
4284 # ifndef OPENSSL_NO_RSA
4285 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4288 # ifndef OPENSSL_NO_DSA
4289 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4292 #endif /* !OPENSSL_NO_DH */
4294 #ifndef OPENSSL_NO_RSA
4295 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4298 #ifndef OPENSSL_NO_DSA
4299 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4302 #ifndef OPENSSL_NO_EC
4304 * ECDSA certs can be used with RSA cipher suites too so we don't
4305 * need to check for SSL_kECDH or SSL_kECDHE
4307 if (s->version >= TLS1_VERSION
4308 && !(alg_a & SSL_aECDSA)
4309 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4315 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4317 OPENSSL_free(c->ctype);
4320 if (p == NULL || len == 0)
4324 c->ctype = OPENSSL_memdup(p, len);
4325 if (c->ctype == NULL)
4331 int ssl3_shutdown(SSL *s)
4336 * Don't do anything much if we have not done the handshake or we don't
4337 * want to send messages :-)
4339 if (s->quiet_shutdown || SSL_in_before(s)) {
4340 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4344 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4345 s->shutdown |= SSL_SENT_SHUTDOWN;
4346 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4348 * our shutdown alert has been sent now, and if it still needs to be
4349 * written, s->s3->alert_dispatch will be true
4351 if (s->s3->alert_dispatch)
4352 return -1; /* return WANT_WRITE */
4353 } else if (s->s3->alert_dispatch) {
4354 /* resend it if not sent */
4355 ret = s->method->ssl_dispatch_alert(s);
4358 * we only get to return -1 here the 2nd/Nth invocation, we must
4359 * have already signalled return 0 upon a previous invocation,
4364 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4367 * If we are waiting for a close from our peer, we are closed
4369 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4370 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4371 return -1; /* return WANT_READ */
4375 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4376 !s->s3->alert_dispatch)
4382 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4385 if (s->s3->renegotiate)
4386 ssl3_renegotiate_check(s, 0);
4388 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4392 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4398 if (s->s3->renegotiate)
4399 ssl3_renegotiate_check(s, 0);
4400 s->s3->in_read_app_data = 1;
4402 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4404 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4406 * ssl3_read_bytes decided to call s->handshake_func, which called
4407 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4408 * actually found application data and thinks that application data
4409 * makes sense here; so disable handshake processing and try to read
4410 * application data again.
4412 ossl_statem_set_in_handshake(s, 1);
4414 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4415 len, peek, readbytes);
4416 ossl_statem_set_in_handshake(s, 0);
4418 s->s3->in_read_app_data = 0;
4423 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4425 return ssl3_read_internal(s, buf, len, 0, readbytes);
4428 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4430 return ssl3_read_internal(s, buf, len, 1, readbytes);
4433 int ssl3_renegotiate(SSL *s)
4435 if (s->handshake_func == NULL)
4438 s->s3->renegotiate = 1;
4443 * Check if we are waiting to do a renegotiation and if so whether now is a
4444 * good time to do it. If |initok| is true then we are being called from inside
4445 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4446 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4447 * should do a renegotiation now and sets up the state machine for it. Otherwise
4450 int ssl3_renegotiate_check(SSL *s, int initok)
4454 if (s->s3->renegotiate) {
4455 if (!RECORD_LAYER_read_pending(&s->rlayer)
4456 && !RECORD_LAYER_write_pending(&s->rlayer)
4457 && (initok || !SSL_in_init(s))) {
4459 * if we are the server, and we have sent a 'RENEGOTIATE'
4460 * message, we need to set the state machine into the renegotiate
4463 ossl_statem_set_renegotiate(s);
4464 s->s3->renegotiate = 0;
4465 s->s3->num_renegotiations++;
4466 s->s3->total_renegotiations++;
4474 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4475 * handshake macs if required.
4477 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4479 long ssl_get_algorithm2(SSL *s)
4482 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4484 alg2 = s->s3->tmp.new_cipher->algorithm2;
4485 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4486 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4487 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4488 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4489 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4490 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4496 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4497 * failure, 1 on success.
4499 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4502 int send_time = 0, ret;
4507 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4509 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4511 unsigned long Time = (unsigned long)time(NULL);
4512 unsigned char *p = result;
4515 ret = ssl_randbytes(s, p, len - 4);
4517 ret = ssl_randbytes(s, result, len);
4519 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4521 if (!ossl_assert(sizeof(tls11downgrade) < len)
4522 || !ossl_assert(sizeof(tls12downgrade) < len))
4524 if (dgrd == DOWNGRADE_TO_1_2)
4525 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4526 sizeof(tls12downgrade));
4527 else if (dgrd == DOWNGRADE_TO_1_1)
4528 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4529 sizeof(tls11downgrade));
4535 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4538 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4541 if (alg_k & SSL_PSK) {
4542 #ifndef OPENSSL_NO_PSK
4543 unsigned char *pskpms, *t;
4544 size_t psklen = s->s3->tmp.psklen;
4547 /* create PSK premaster_secret */
4549 /* For plain PSK "other_secret" is psklen zeroes */
4550 if (alg_k & SSL_kPSK)
4553 pskpmslen = 4 + pmslen + psklen;
4554 pskpms = OPENSSL_malloc(pskpmslen);
4559 if (alg_k & SSL_kPSK)
4560 memset(t, 0, pmslen);
4562 memcpy(t, pms, pmslen);
4565 memcpy(t, s->s3->tmp.psk, psklen);
4567 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4568 s->s3->tmp.psk = NULL;
4569 if (!s->method->ssl3_enc->generate_master_secret(s,
4570 s->session->master_key,pskpms, pskpmslen,
4571 &s->session->master_key_length)) {
4572 /* SSLfatal() already called */
4575 OPENSSL_clear_free(pskpms, pskpmslen);
4577 /* Should never happen */
4581 if (!s->method->ssl3_enc->generate_master_secret(s,
4582 s->session->master_key, pms, pmslen,
4583 &s->session->master_key_length)) {
4584 /* SSLfatal() already called */
4593 OPENSSL_clear_free(pms, pmslen);
4595 OPENSSL_cleanse(pms, pmslen);
4598 s->s3->tmp.pms = NULL;
4602 /* Generate a private key from parameters */
4603 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4605 EVP_PKEY_CTX *pctx = NULL;
4606 EVP_PKEY *pkey = NULL;
4610 pctx = EVP_PKEY_CTX_new(pm, NULL);
4613 if (EVP_PKEY_keygen_init(pctx) <= 0)
4615 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4616 EVP_PKEY_free(pkey);
4621 EVP_PKEY_CTX_free(pctx);
4624 #ifndef OPENSSL_NO_EC
4625 /* Generate a private key from a group ID */
4626 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4628 EVP_PKEY_CTX *pctx = NULL;
4629 EVP_PKEY *pkey = NULL;
4630 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4634 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4635 ERR_R_INTERNAL_ERROR);
4638 gtype = ginf->flags & TLS_CURVE_TYPE;
4639 if (gtype == TLS_CURVE_CUSTOM)
4640 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4642 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4645 ERR_R_MALLOC_FAILURE);
4648 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4649 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4653 if (gtype != TLS_CURVE_CUSTOM
4654 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4655 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4659 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4660 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4662 EVP_PKEY_free(pkey);
4667 EVP_PKEY_CTX_free(pctx);
4672 * Generate parameters from a group ID
4674 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4676 EVP_PKEY_CTX *pctx = NULL;
4677 EVP_PKEY *pkey = NULL;
4678 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4683 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4684 pkey = EVP_PKEY_new();
4685 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4687 EVP_PKEY_free(pkey);
4691 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4694 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4696 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4698 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4699 EVP_PKEY_free(pkey);
4704 EVP_PKEY_CTX_free(pctx);
4709 /* Derive secrets for ECDH/DH */
4710 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4713 unsigned char *pms = NULL;
4717 if (privkey == NULL || pubkey == NULL) {
4718 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4719 ERR_R_INTERNAL_ERROR);
4723 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4725 if (EVP_PKEY_derive_init(pctx) <= 0
4726 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4727 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4728 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4729 ERR_R_INTERNAL_ERROR);
4733 pms = OPENSSL_malloc(pmslen);
4735 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4736 ERR_R_MALLOC_FAILURE);
4740 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4741 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4742 ERR_R_INTERNAL_ERROR);
4747 /* SSLfatal() called as appropriate in the below functions */
4748 if (SSL_IS_TLS13(s)) {
4750 * If we are resuming then we already generated the early secret
4751 * when we created the ClientHello, so don't recreate it.
4754 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4756 (unsigned char *)&s->early_secret);
4760 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4762 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4765 /* Save premaster secret */
4766 s->s3->tmp.pms = pms;
4767 s->s3->tmp.pmslen = pmslen;
4773 OPENSSL_clear_free(pms, pmslen);
4774 EVP_PKEY_CTX_free(pctx);
4778 #ifndef OPENSSL_NO_DH
4779 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4784 ret = EVP_PKEY_new();
4785 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {