2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
15 #include <openssl/md5.h>
16 #include <openssl/dh.h>
17 #include <openssl/rand.h>
19 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
20 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
22 /* TLSv1.3 downgrade protection sentinel values */
23 const unsigned char tls11downgrade[] = {
24 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
26 const unsigned char tls12downgrade[] = {
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
31 * The list of available ciphers, mostly organized into the following
36 * SRP (within that: RSA EC PSK)
37 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
40 static SSL_CIPHER ssl3_ciphers[] = {
43 SSL3_TXT_RSA_NULL_MD5,
44 SSL3_RFC_RSA_NULL_MD5,
50 SSL3_VERSION, TLS1_2_VERSION,
51 DTLS1_BAD_VER, DTLS1_2_VERSION,
53 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
59 SSL3_TXT_RSA_NULL_SHA,
60 SSL3_RFC_RSA_NULL_SHA,
66 SSL3_VERSION, TLS1_2_VERSION,
67 DTLS1_BAD_VER, DTLS1_2_VERSION,
68 SSL_STRONG_NONE | SSL_FIPS,
69 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
73 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
76 SSL3_TXT_RSA_DES_192_CBC3_SHA,
77 SSL3_RFC_RSA_DES_192_CBC3_SHA,
78 SSL3_CK_RSA_DES_192_CBC3_SHA,
83 SSL3_VERSION, TLS1_2_VERSION,
84 DTLS1_BAD_VER, DTLS1_2_VERSION,
85 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
86 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
92 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
93 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
94 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
99 SSL3_VERSION, TLS1_2_VERSION,
100 DTLS1_BAD_VER, DTLS1_2_VERSION,
101 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
102 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
108 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
109 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
110 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
115 SSL3_VERSION, TLS1_2_VERSION,
116 DTLS1_BAD_VER, DTLS1_2_VERSION,
117 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
118 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
124 SSL3_TXT_ADH_DES_192_CBC_SHA,
125 SSL3_RFC_ADH_DES_192_CBC_SHA,
126 SSL3_CK_ADH_DES_192_CBC_SHA,
131 SSL3_VERSION, TLS1_2_VERSION,
132 DTLS1_BAD_VER, DTLS1_2_VERSION,
133 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
134 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
141 TLS1_TXT_RSA_WITH_AES_128_SHA,
142 TLS1_RFC_RSA_WITH_AES_128_SHA,
143 TLS1_CK_RSA_WITH_AES_128_SHA,
148 SSL3_VERSION, TLS1_2_VERSION,
149 DTLS1_BAD_VER, DTLS1_2_VERSION,
151 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
157 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
158 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
164 SSL3_VERSION, TLS1_2_VERSION,
165 DTLS1_BAD_VER, DTLS1_2_VERSION,
166 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
167 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
173 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
174 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
175 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
180 SSL3_VERSION, TLS1_2_VERSION,
181 DTLS1_BAD_VER, DTLS1_2_VERSION,
183 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
189 TLS1_TXT_ADH_WITH_AES_128_SHA,
190 TLS1_RFC_ADH_WITH_AES_128_SHA,
191 TLS1_CK_ADH_WITH_AES_128_SHA,
196 SSL3_VERSION, TLS1_2_VERSION,
197 DTLS1_BAD_VER, DTLS1_2_VERSION,
198 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
199 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
205 TLS1_TXT_RSA_WITH_AES_256_SHA,
206 TLS1_RFC_RSA_WITH_AES_256_SHA,
207 TLS1_CK_RSA_WITH_AES_256_SHA,
212 SSL3_VERSION, TLS1_2_VERSION,
213 DTLS1_BAD_VER, DTLS1_2_VERSION,
215 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
221 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
222 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
223 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
228 SSL3_VERSION, TLS1_2_VERSION,
229 DTLS1_BAD_VER, DTLS1_2_VERSION,
230 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
231 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
237 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
238 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
239 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
244 SSL3_VERSION, TLS1_2_VERSION,
245 DTLS1_BAD_VER, DTLS1_2_VERSION,
247 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
253 TLS1_TXT_ADH_WITH_AES_256_SHA,
254 TLS1_RFC_ADH_WITH_AES_256_SHA,
255 TLS1_CK_ADH_WITH_AES_256_SHA,
260 SSL3_VERSION, TLS1_2_VERSION,
261 DTLS1_BAD_VER, DTLS1_2_VERSION,
262 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
263 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
269 TLS1_TXT_RSA_WITH_NULL_SHA256,
270 TLS1_RFC_RSA_WITH_NULL_SHA256,
271 TLS1_CK_RSA_WITH_NULL_SHA256,
276 TLS1_2_VERSION, TLS1_2_VERSION,
277 DTLS1_2_VERSION, DTLS1_2_VERSION,
278 SSL_STRONG_NONE | SSL_FIPS,
279 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
285 TLS1_TXT_RSA_WITH_AES_128_SHA256,
286 TLS1_RFC_RSA_WITH_AES_128_SHA256,
287 TLS1_CK_RSA_WITH_AES_128_SHA256,
292 TLS1_2_VERSION, TLS1_2_VERSION,
293 DTLS1_2_VERSION, DTLS1_2_VERSION,
295 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
301 TLS1_TXT_RSA_WITH_AES_256_SHA256,
302 TLS1_RFC_RSA_WITH_AES_256_SHA256,
303 TLS1_CK_RSA_WITH_AES_256_SHA256,
308 TLS1_2_VERSION, TLS1_2_VERSION,
309 DTLS1_2_VERSION, DTLS1_2_VERSION,
311 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
317 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
318 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
319 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
324 TLS1_2_VERSION, TLS1_2_VERSION,
325 DTLS1_2_VERSION, DTLS1_2_VERSION,
326 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
327 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
333 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
334 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
335 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
340 TLS1_2_VERSION, TLS1_2_VERSION,
341 DTLS1_2_VERSION, DTLS1_2_VERSION,
343 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
349 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
350 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
351 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
356 TLS1_2_VERSION, TLS1_2_VERSION,
357 DTLS1_2_VERSION, DTLS1_2_VERSION,
358 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
359 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
365 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
366 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
367 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
372 TLS1_2_VERSION, TLS1_2_VERSION,
373 DTLS1_2_VERSION, DTLS1_2_VERSION,
375 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
381 TLS1_TXT_ADH_WITH_AES_128_SHA256,
382 TLS1_RFC_ADH_WITH_AES_128_SHA256,
383 TLS1_CK_ADH_WITH_AES_128_SHA256,
388 TLS1_2_VERSION, TLS1_2_VERSION,
389 DTLS1_2_VERSION, DTLS1_2_VERSION,
390 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
391 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
397 TLS1_TXT_ADH_WITH_AES_256_SHA256,
398 TLS1_RFC_ADH_WITH_AES_256_SHA256,
399 TLS1_CK_ADH_WITH_AES_256_SHA256,
404 TLS1_2_VERSION, TLS1_2_VERSION,
405 DTLS1_2_VERSION, DTLS1_2_VERSION,
406 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
413 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
414 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
415 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
420 TLS1_2_VERSION, TLS1_2_VERSION,
421 DTLS1_2_VERSION, DTLS1_2_VERSION,
423 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
429 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
430 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
431 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
436 TLS1_2_VERSION, TLS1_2_VERSION,
437 DTLS1_2_VERSION, DTLS1_2_VERSION,
439 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
445 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
446 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
447 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
452 TLS1_2_VERSION, TLS1_2_VERSION,
453 DTLS1_2_VERSION, DTLS1_2_VERSION,
455 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
461 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
462 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
463 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
468 TLS1_2_VERSION, TLS1_2_VERSION,
469 DTLS1_2_VERSION, DTLS1_2_VERSION,
471 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
477 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
478 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
479 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
484 TLS1_2_VERSION, TLS1_2_VERSION,
485 DTLS1_2_VERSION, DTLS1_2_VERSION,
486 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
487 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
493 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
494 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
495 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
500 TLS1_2_VERSION, TLS1_2_VERSION,
501 DTLS1_2_VERSION, DTLS1_2_VERSION,
502 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
503 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
509 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
510 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
511 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
516 TLS1_2_VERSION, TLS1_2_VERSION,
517 DTLS1_2_VERSION, DTLS1_2_VERSION,
518 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
519 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
525 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
526 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
527 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
532 TLS1_2_VERSION, TLS1_2_VERSION,
533 DTLS1_2_VERSION, DTLS1_2_VERSION,
534 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
535 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
541 TLS1_TXT_RSA_WITH_AES_128_CCM,
542 TLS1_RFC_RSA_WITH_AES_128_CCM,
543 TLS1_CK_RSA_WITH_AES_128_CCM,
548 TLS1_2_VERSION, TLS1_2_VERSION,
549 DTLS1_2_VERSION, DTLS1_2_VERSION,
550 SSL_NOT_DEFAULT | SSL_HIGH,
551 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
557 TLS1_TXT_RSA_WITH_AES_256_CCM,
558 TLS1_RFC_RSA_WITH_AES_256_CCM,
559 TLS1_CK_RSA_WITH_AES_256_CCM,
564 TLS1_2_VERSION, TLS1_2_VERSION,
565 DTLS1_2_VERSION, DTLS1_2_VERSION,
566 SSL_NOT_DEFAULT | SSL_HIGH,
567 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
573 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
574 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
575 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
580 TLS1_2_VERSION, TLS1_2_VERSION,
581 DTLS1_2_VERSION, DTLS1_2_VERSION,
582 SSL_NOT_DEFAULT | SSL_HIGH,
583 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
589 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
590 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
591 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
596 TLS1_2_VERSION, TLS1_2_VERSION,
597 DTLS1_2_VERSION, DTLS1_2_VERSION,
598 SSL_NOT_DEFAULT | SSL_HIGH,
599 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
605 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
606 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
607 TLS1_CK_RSA_WITH_AES_128_CCM_8,
612 TLS1_2_VERSION, TLS1_2_VERSION,
613 DTLS1_2_VERSION, DTLS1_2_VERSION,
614 SSL_NOT_DEFAULT | SSL_HIGH,
615 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
621 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
622 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
623 TLS1_CK_RSA_WITH_AES_256_CCM_8,
628 TLS1_2_VERSION, TLS1_2_VERSION,
629 DTLS1_2_VERSION, DTLS1_2_VERSION,
630 SSL_NOT_DEFAULT | SSL_HIGH,
631 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
637 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
638 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
639 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
644 TLS1_2_VERSION, TLS1_2_VERSION,
645 DTLS1_2_VERSION, DTLS1_2_VERSION,
646 SSL_NOT_DEFAULT | SSL_HIGH,
647 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
653 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
654 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
655 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
660 TLS1_2_VERSION, TLS1_2_VERSION,
661 DTLS1_2_VERSION, DTLS1_2_VERSION,
662 SSL_NOT_DEFAULT | SSL_HIGH,
663 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
669 TLS1_TXT_PSK_WITH_AES_128_CCM,
670 TLS1_RFC_PSK_WITH_AES_128_CCM,
671 TLS1_CK_PSK_WITH_AES_128_CCM,
676 TLS1_2_VERSION, TLS1_2_VERSION,
677 DTLS1_2_VERSION, DTLS1_2_VERSION,
678 SSL_NOT_DEFAULT | SSL_HIGH,
679 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
685 TLS1_TXT_PSK_WITH_AES_256_CCM,
686 TLS1_RFC_PSK_WITH_AES_256_CCM,
687 TLS1_CK_PSK_WITH_AES_256_CCM,
692 TLS1_2_VERSION, TLS1_2_VERSION,
693 DTLS1_2_VERSION, DTLS1_2_VERSION,
694 SSL_NOT_DEFAULT | SSL_HIGH,
695 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
701 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
702 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
703 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
708 TLS1_2_VERSION, TLS1_2_VERSION,
709 DTLS1_2_VERSION, DTLS1_2_VERSION,
710 SSL_NOT_DEFAULT | SSL_HIGH,
711 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
717 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
718 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
719 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
724 TLS1_2_VERSION, TLS1_2_VERSION,
725 DTLS1_2_VERSION, DTLS1_2_VERSION,
726 SSL_NOT_DEFAULT | SSL_HIGH,
727 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
733 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
734 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
735 TLS1_CK_PSK_WITH_AES_128_CCM_8,
740 TLS1_2_VERSION, TLS1_2_VERSION,
741 DTLS1_2_VERSION, DTLS1_2_VERSION,
742 SSL_NOT_DEFAULT | SSL_HIGH,
743 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
749 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
750 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
751 TLS1_CK_PSK_WITH_AES_256_CCM_8,
756 TLS1_2_VERSION, TLS1_2_VERSION,
757 DTLS1_2_VERSION, DTLS1_2_VERSION,
758 SSL_NOT_DEFAULT | SSL_HIGH,
759 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
765 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
766 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
767 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
772 TLS1_2_VERSION, TLS1_2_VERSION,
773 DTLS1_2_VERSION, DTLS1_2_VERSION,
774 SSL_NOT_DEFAULT | SSL_HIGH,
775 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
781 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
782 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
783 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
788 TLS1_2_VERSION, TLS1_2_VERSION,
789 DTLS1_2_VERSION, DTLS1_2_VERSION,
790 SSL_NOT_DEFAULT | SSL_HIGH,
791 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
797 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
798 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
799 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
804 TLS1_2_VERSION, TLS1_2_VERSION,
805 DTLS1_2_VERSION, DTLS1_2_VERSION,
806 SSL_NOT_DEFAULT | SSL_HIGH,
807 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
813 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
814 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
815 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
820 TLS1_2_VERSION, TLS1_2_VERSION,
821 DTLS1_2_VERSION, DTLS1_2_VERSION,
822 SSL_NOT_DEFAULT | SSL_HIGH,
823 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
829 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
830 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
831 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
836 TLS1_2_VERSION, TLS1_2_VERSION,
837 DTLS1_2_VERSION, DTLS1_2_VERSION,
838 SSL_NOT_DEFAULT | SSL_HIGH,
839 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
845 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
846 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
847 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
852 TLS1_2_VERSION, TLS1_2_VERSION,
853 DTLS1_2_VERSION, DTLS1_2_VERSION,
854 SSL_NOT_DEFAULT | SSL_HIGH,
855 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
861 TLS1_3_TXT_AES_128_GCM_SHA256,
862 TLS1_3_RFC_AES_128_GCM_SHA256,
863 TLS1_3_CK_AES_128_GCM_SHA256,
867 TLS1_3_VERSION, TLS1_3_VERSION,
871 SSL_HANDSHAKE_MAC_SHA256,
877 TLS1_3_TXT_AES_256_GCM_SHA384,
878 TLS1_3_RFC_AES_256_GCM_SHA384,
879 TLS1_3_CK_AES_256_GCM_SHA384,
884 TLS1_3_VERSION, TLS1_3_VERSION,
887 SSL_HANDSHAKE_MAC_SHA384,
891 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
894 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
895 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
896 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
899 SSL_CHACHA20POLY1305,
901 TLS1_3_VERSION, TLS1_3_VERSION,
904 SSL_HANDSHAKE_MAC_SHA256,
911 TLS1_3_TXT_AES_128_CCM_SHA256,
912 TLS1_3_RFC_AES_128_CCM_SHA256,
913 TLS1_3_CK_AES_128_CCM_SHA256,
918 TLS1_3_VERSION, TLS1_3_VERSION,
920 SSL_NOT_DEFAULT | SSL_HIGH,
921 SSL_HANDSHAKE_MAC_SHA256,
927 TLS1_3_TXT_AES_128_CCM_8_SHA256,
928 TLS1_3_RFC_AES_128_CCM_8_SHA256,
929 TLS1_3_CK_AES_128_CCM_8_SHA256,
934 TLS1_3_VERSION, TLS1_3_VERSION,
936 SSL_NOT_DEFAULT | SSL_HIGH,
937 SSL_HANDSHAKE_MAC_SHA256,
942 #ifndef OPENSSL_NO_EC
945 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
946 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
947 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
952 TLS1_VERSION, TLS1_2_VERSION,
953 DTLS1_BAD_VER, DTLS1_2_VERSION,
954 SSL_STRONG_NONE | SSL_FIPS,
955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
962 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
963 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
964 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 TLS1_VERSION, TLS1_2_VERSION,
970 DTLS1_BAD_VER, DTLS1_2_VERSION,
971 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
972 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
979 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
980 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
981 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 TLS1_VERSION, TLS1_2_VERSION,
987 DTLS1_BAD_VER, DTLS1_2_VERSION,
989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
995 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
996 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 TLS1_VERSION, TLS1_2_VERSION,
1003 DTLS1_BAD_VER, DTLS1_2_VERSION,
1004 SSL_HIGH | SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1011 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1012 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1013 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1018 TLS1_VERSION, TLS1_2_VERSION,
1019 DTLS1_BAD_VER, DTLS1_2_VERSION,
1020 SSL_STRONG_NONE | SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1025 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1028 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1029 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1030 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 TLS1_VERSION, TLS1_2_VERSION,
1036 DTLS1_BAD_VER, DTLS1_2_VERSION,
1037 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1045 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1046 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1047 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 TLS1_VERSION, TLS1_2_VERSION,
1053 DTLS1_BAD_VER, DTLS1_2_VERSION,
1054 SSL_HIGH | SSL_FIPS,
1055 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1061 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1062 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1063 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 TLS1_VERSION, TLS1_2_VERSION,
1069 DTLS1_BAD_VER, DTLS1_2_VERSION,
1070 SSL_HIGH | SSL_FIPS,
1071 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1077 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1078 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1079 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1084 TLS1_VERSION, TLS1_2_VERSION,
1085 DTLS1_BAD_VER, DTLS1_2_VERSION,
1086 SSL_STRONG_NONE | SSL_FIPS,
1087 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1091 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1094 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1095 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1096 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 TLS1_VERSION, TLS1_2_VERSION,
1102 DTLS1_BAD_VER, DTLS1_2_VERSION,
1103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1111 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1112 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1113 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 TLS1_VERSION, TLS1_2_VERSION,
1119 DTLS1_BAD_VER, DTLS1_2_VERSION,
1120 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1121 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1127 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1128 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1129 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 TLS1_VERSION, TLS1_2_VERSION,
1135 DTLS1_BAD_VER, DTLS1_2_VERSION,
1136 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1137 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1143 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1144 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1145 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 TLS1_2_VERSION, TLS1_2_VERSION,
1151 DTLS1_2_VERSION, DTLS1_2_VERSION,
1152 SSL_HIGH | SSL_FIPS,
1153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1159 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1160 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1161 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 TLS1_2_VERSION, TLS1_2_VERSION,
1167 DTLS1_2_VERSION, DTLS1_2_VERSION,
1168 SSL_HIGH | SSL_FIPS,
1169 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1175 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1176 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1177 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1182 TLS1_2_VERSION, TLS1_2_VERSION,
1183 DTLS1_2_VERSION, DTLS1_2_VERSION,
1184 SSL_HIGH | SSL_FIPS,
1185 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1191 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1192 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1193 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1198 TLS1_2_VERSION, TLS1_2_VERSION,
1199 DTLS1_2_VERSION, DTLS1_2_VERSION,
1200 SSL_HIGH | SSL_FIPS,
1201 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1207 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1208 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1209 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 TLS1_2_VERSION, TLS1_2_VERSION,
1215 DTLS1_2_VERSION, DTLS1_2_VERSION,
1216 SSL_HIGH | SSL_FIPS,
1217 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1223 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1224 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1225 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 TLS1_2_VERSION, TLS1_2_VERSION,
1231 DTLS1_2_VERSION, DTLS1_2_VERSION,
1232 SSL_HIGH | SSL_FIPS,
1233 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1239 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1240 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1241 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 TLS1_2_VERSION, TLS1_2_VERSION,
1247 DTLS1_2_VERSION, DTLS1_2_VERSION,
1248 SSL_HIGH | SSL_FIPS,
1249 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1255 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1256 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1257 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 TLS1_2_VERSION, TLS1_2_VERSION,
1263 DTLS1_2_VERSION, DTLS1_2_VERSION,
1264 SSL_HIGH | SSL_FIPS,
1265 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1269 #endif /* OPENSSL_NO_EC */
1271 #ifndef OPENSSL_NO_PSK
1274 TLS1_TXT_PSK_WITH_NULL_SHA,
1275 TLS1_RFC_PSK_WITH_NULL_SHA,
1276 TLS1_CK_PSK_WITH_NULL_SHA,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,
1283 SSL_STRONG_NONE | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1290 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1291 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1297 SSL3_VERSION, TLS1_2_VERSION,
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,
1299 SSL_STRONG_NONE | SSL_FIPS,
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1306 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1307 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1313 SSL3_VERSION, TLS1_2_VERSION,
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,
1315 SSL_STRONG_NONE | SSL_FIPS,
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1320 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1323 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1324 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1330 SSL3_VERSION, TLS1_2_VERSION,
1331 DTLS1_BAD_VER, DTLS1_2_VERSION,
1332 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1333 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1340 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1341 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1347 SSL3_VERSION, TLS1_2_VERSION,
1348 DTLS1_BAD_VER, DTLS1_2_VERSION,
1349 SSL_HIGH | SSL_FIPS,
1350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1356 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1357 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1363 SSL3_VERSION, TLS1_2_VERSION,
1364 DTLS1_BAD_VER, DTLS1_2_VERSION,
1365 SSL_HIGH | SSL_FIPS,
1366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1370 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1374 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1380 SSL3_VERSION, TLS1_2_VERSION,
1381 DTLS1_BAD_VER, DTLS1_2_VERSION,
1382 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1390 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1391 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1397 SSL3_VERSION, TLS1_2_VERSION,
1398 DTLS1_BAD_VER, DTLS1_2_VERSION,
1399 SSL_HIGH | SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1406 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1407 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1413 SSL3_VERSION, TLS1_2_VERSION,
1414 DTLS1_BAD_VER, DTLS1_2_VERSION,
1415 SSL_HIGH | SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1420 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1423 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1424 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1430 SSL3_VERSION, TLS1_2_VERSION,
1431 DTLS1_BAD_VER, DTLS1_2_VERSION,
1432 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1440 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1441 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1447 SSL3_VERSION, TLS1_2_VERSION,
1448 DTLS1_BAD_VER, DTLS1_2_VERSION,
1449 SSL_HIGH | SSL_FIPS,
1450 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1456 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1457 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1463 SSL3_VERSION, TLS1_2_VERSION,
1464 DTLS1_BAD_VER, DTLS1_2_VERSION,
1465 SSL_HIGH | SSL_FIPS,
1466 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1472 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1473 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1479 TLS1_2_VERSION, TLS1_2_VERSION,
1480 DTLS1_2_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1488 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1489 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1495 TLS1_2_VERSION, TLS1_2_VERSION,
1496 DTLS1_2_VERSION, DTLS1_2_VERSION,
1497 SSL_HIGH | SSL_FIPS,
1498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1504 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1505 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1511 TLS1_2_VERSION, TLS1_2_VERSION,
1512 DTLS1_2_VERSION, DTLS1_2_VERSION,
1513 SSL_HIGH | SSL_FIPS,
1514 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1520 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1521 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1527 TLS1_2_VERSION, TLS1_2_VERSION,
1528 DTLS1_2_VERSION, DTLS1_2_VERSION,
1529 SSL_HIGH | SSL_FIPS,
1530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1536 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1537 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1543 TLS1_2_VERSION, TLS1_2_VERSION,
1544 DTLS1_2_VERSION, DTLS1_2_VERSION,
1545 SSL_HIGH | SSL_FIPS,
1546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1552 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1553 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1559 TLS1_2_VERSION, TLS1_2_VERSION,
1560 DTLS1_2_VERSION, DTLS1_2_VERSION,
1561 SSL_HIGH | SSL_FIPS,
1562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1568 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1569 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1575 TLS1_VERSION, TLS1_2_VERSION,
1576 DTLS1_BAD_VER, DTLS1_2_VERSION,
1577 SSL_HIGH | SSL_FIPS,
1578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1584 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1585 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1591 TLS1_VERSION, TLS1_2_VERSION,
1592 DTLS1_BAD_VER, DTLS1_2_VERSION,
1593 SSL_HIGH | SSL_FIPS,
1594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1600 TLS1_TXT_PSK_WITH_NULL_SHA256,
1601 TLS1_RFC_PSK_WITH_NULL_SHA256,
1602 TLS1_CK_PSK_WITH_NULL_SHA256,
1607 TLS1_VERSION, TLS1_2_VERSION,
1608 DTLS1_BAD_VER, DTLS1_2_VERSION,
1609 SSL_STRONG_NONE | SSL_FIPS,
1610 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1616 TLS1_TXT_PSK_WITH_NULL_SHA384,
1617 TLS1_RFC_PSK_WITH_NULL_SHA384,
1618 TLS1_CK_PSK_WITH_NULL_SHA384,
1623 TLS1_VERSION, TLS1_2_VERSION,
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,
1625 SSL_STRONG_NONE | SSL_FIPS,
1626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1632 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1633 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1648 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_VERSION, TLS1_2_VERSION,
1656 DTLS1_BAD_VER, DTLS1_2_VERSION,
1657 SSL_HIGH | SSL_FIPS,
1658 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1664 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1665 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1680 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1681 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1687 TLS1_VERSION, TLS1_2_VERSION,
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,
1689 SSL_STRONG_NONE | SSL_FIPS,
1690 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1696 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1697 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1703 TLS1_VERSION, TLS1_2_VERSION,
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,
1705 SSL_HIGH | SSL_FIPS,
1706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1712 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1713 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1719 TLS1_VERSION, TLS1_2_VERSION,
1720 DTLS1_BAD_VER, DTLS1_2_VERSION,
1721 SSL_HIGH | SSL_FIPS,
1722 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1728 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1729 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1735 TLS1_VERSION, TLS1_2_VERSION,
1736 DTLS1_BAD_VER, DTLS1_2_VERSION,
1737 SSL_STRONG_NONE | SSL_FIPS,
1738 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1744 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1745 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1751 TLS1_VERSION, TLS1_2_VERSION,
1752 DTLS1_BAD_VER, DTLS1_2_VERSION,
1753 SSL_STRONG_NONE | SSL_FIPS,
1754 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1758 # ifndef OPENSSL_NO_EC
1759 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1762 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1769 TLS1_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1779 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1786 TLS1_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1788 SSL_HIGH | SSL_FIPS,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1802 TLS1_VERSION, TLS1_2_VERSION,
1803 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_HIGH | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1811 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1818 TLS1_VERSION, TLS1_2_VERSION,
1819 DTLS1_BAD_VER, DTLS1_2_VERSION,
1820 SSL_HIGH | SSL_FIPS,
1821 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1827 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1834 TLS1_VERSION, TLS1_2_VERSION,
1835 DTLS1_BAD_VER, DTLS1_2_VERSION,
1836 SSL_HIGH | SSL_FIPS,
1837 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1843 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1845 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1850 TLS1_VERSION, TLS1_2_VERSION,
1851 DTLS1_BAD_VER, DTLS1_2_VERSION,
1852 SSL_STRONG_NONE | SSL_FIPS,
1853 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1861 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1866 TLS1_VERSION, TLS1_2_VERSION,
1867 DTLS1_BAD_VER, DTLS1_2_VERSION,
1868 SSL_STRONG_NONE | SSL_FIPS,
1869 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1877 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1882 TLS1_VERSION, TLS1_2_VERSION,
1883 DTLS1_BAD_VER, DTLS1_2_VERSION,
1884 SSL_STRONG_NONE | SSL_FIPS,
1885 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1889 # endif /* OPENSSL_NO_EC */
1890 #endif /* OPENSSL_NO_PSK */
1892 #ifndef OPENSSL_NO_SRP
1893 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1896 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1897 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1898 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1903 SSL3_VERSION, TLS1_2_VERSION,
1904 DTLS1_BAD_VER, DTLS1_2_VERSION,
1905 SSL_NOT_DEFAULT | SSL_MEDIUM,
1906 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1912 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1913 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1914 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1919 SSL3_VERSION, TLS1_2_VERSION,
1920 DTLS1_BAD_VER, DTLS1_2_VERSION,
1921 SSL_NOT_DEFAULT | SSL_MEDIUM,
1922 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1928 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1929 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1930 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1935 SSL3_VERSION, TLS1_2_VERSION,
1936 DTLS1_BAD_VER, DTLS1_2_VERSION,
1937 SSL_NOT_DEFAULT | SSL_MEDIUM,
1938 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1945 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1946 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1947 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1952 SSL3_VERSION, TLS1_2_VERSION,
1953 DTLS1_BAD_VER, DTLS1_2_VERSION,
1955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1961 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1962 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1963 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1968 SSL3_VERSION, TLS1_2_VERSION,
1969 DTLS1_BAD_VER, DTLS1_2_VERSION,
1971 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1977 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1978 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1979 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1984 SSL3_VERSION, TLS1_2_VERSION,
1985 DTLS1_BAD_VER, DTLS1_2_VERSION,
1986 SSL_NOT_DEFAULT | SSL_HIGH,
1987 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1993 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1994 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1995 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2000 SSL3_VERSION, TLS1_2_VERSION,
2001 DTLS1_BAD_VER, DTLS1_2_VERSION,
2003 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2009 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2010 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2011 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2016 SSL3_VERSION, TLS1_2_VERSION,
2017 DTLS1_BAD_VER, DTLS1_2_VERSION,
2019 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2025 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2026 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2027 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2032 SSL3_VERSION, TLS1_2_VERSION,
2033 DTLS1_BAD_VER, DTLS1_2_VERSION,
2034 SSL_NOT_DEFAULT | SSL_HIGH,
2035 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039 #endif /* OPENSSL_NO_SRP */
2041 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2042 # ifndef OPENSSL_NO_RSA
2045 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2046 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2047 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2050 SSL_CHACHA20POLY1305,
2052 TLS1_2_VERSION, TLS1_2_VERSION,
2053 DTLS1_2_VERSION, DTLS1_2_VERSION,
2055 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2059 # endif /* OPENSSL_NO_RSA */
2061 # ifndef OPENSSL_NO_EC
2064 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2065 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2066 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2069 SSL_CHACHA20POLY1305,
2071 TLS1_2_VERSION, TLS1_2_VERSION,
2072 DTLS1_2_VERSION, DTLS1_2_VERSION,
2074 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2080 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2081 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2082 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2085 SSL_CHACHA20POLY1305,
2087 TLS1_2_VERSION, TLS1_2_VERSION,
2088 DTLS1_2_VERSION, DTLS1_2_VERSION,
2090 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2094 # endif /* OPENSSL_NO_EC */
2096 # ifndef OPENSSL_NO_PSK
2099 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2100 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2101 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2104 SSL_CHACHA20POLY1305,
2106 TLS1_2_VERSION, TLS1_2_VERSION,
2107 DTLS1_2_VERSION, DTLS1_2_VERSION,
2109 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2115 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2116 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2117 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2120 SSL_CHACHA20POLY1305,
2122 TLS1_2_VERSION, TLS1_2_VERSION,
2123 DTLS1_2_VERSION, DTLS1_2_VERSION,
2125 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2131 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2132 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2133 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2136 SSL_CHACHA20POLY1305,
2138 TLS1_2_VERSION, TLS1_2_VERSION,
2139 DTLS1_2_VERSION, DTLS1_2_VERSION,
2141 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2147 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2148 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2149 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2152 SSL_CHACHA20POLY1305,
2154 TLS1_2_VERSION, TLS1_2_VERSION,
2155 DTLS1_2_VERSION, DTLS1_2_VERSION,
2157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2161 # endif /* OPENSSL_NO_PSK */
2162 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2163 * !defined(OPENSSL_NO_POLY1305) */
2165 #ifndef OPENSSL_NO_CAMELLIA
2168 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2169 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2170 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2175 TLS1_2_VERSION, TLS1_2_VERSION,
2176 DTLS1_2_VERSION, DTLS1_2_VERSION,
2177 SSL_NOT_DEFAULT | SSL_HIGH,
2178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2185 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2186 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2191 TLS1_2_VERSION, TLS1_2_VERSION,
2192 DTLS1_2_VERSION, DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_HIGH,
2194 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2201 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2202 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_2_VERSION, TLS1_2_VERSION,
2208 DTLS1_2_VERSION, DTLS1_2_VERSION,
2209 SSL_NOT_DEFAULT | SSL_HIGH,
2210 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2216 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2217 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2218 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2223 TLS1_2_VERSION, TLS1_2_VERSION,
2224 DTLS1_2_VERSION, DTLS1_2_VERSION,
2225 SSL_NOT_DEFAULT | SSL_HIGH,
2226 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2232 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2233 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2234 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2239 TLS1_2_VERSION, TLS1_2_VERSION,
2240 DTLS1_2_VERSION, DTLS1_2_VERSION,
2241 SSL_NOT_DEFAULT | SSL_HIGH,
2242 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2248 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2249 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2250 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2255 TLS1_2_VERSION, TLS1_2_VERSION,
2256 DTLS1_2_VERSION, DTLS1_2_VERSION,
2257 SSL_NOT_DEFAULT | SSL_HIGH,
2258 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2264 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2265 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2266 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_2_VERSION, TLS1_2_VERSION,
2272 DTLS1_2_VERSION, DTLS1_2_VERSION,
2273 SSL_NOT_DEFAULT | SSL_HIGH,
2274 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2280 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2281 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2282 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2287 TLS1_2_VERSION, TLS1_2_VERSION,
2288 DTLS1_2_VERSION, DTLS1_2_VERSION,
2289 SSL_NOT_DEFAULT | SSL_HIGH,
2290 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2296 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2297 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2298 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_BAD_VER, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2312 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2313 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2314 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2319 SSL3_VERSION, TLS1_2_VERSION,
2320 DTLS1_BAD_VER, DTLS1_2_VERSION,
2321 SSL_NOT_DEFAULT | SSL_HIGH,
2322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2328 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2329 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2330 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335 SSL3_VERSION, TLS1_2_VERSION,
2336 DTLS1_BAD_VER, DTLS1_2_VERSION,
2337 SSL_NOT_DEFAULT | SSL_HIGH,
2338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2344 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2345 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2346 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2351 SSL3_VERSION, TLS1_2_VERSION,
2352 DTLS1_BAD_VER, DTLS1_2_VERSION,
2353 SSL_NOT_DEFAULT | SSL_HIGH,
2354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2360 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2361 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2362 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2367 SSL3_VERSION, TLS1_2_VERSION,
2368 DTLS1_BAD_VER, DTLS1_2_VERSION,
2369 SSL_NOT_DEFAULT | SSL_HIGH,
2370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2376 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2377 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2378 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2383 SSL3_VERSION, TLS1_2_VERSION,
2384 DTLS1_BAD_VER, DTLS1_2_VERSION,
2385 SSL_NOT_DEFAULT | SSL_HIGH,
2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2392 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2393 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2394 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399 SSL3_VERSION, TLS1_2_VERSION,
2400 DTLS1_BAD_VER, DTLS1_2_VERSION,
2401 SSL_NOT_DEFAULT | SSL_HIGH,
2402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2408 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2409 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2410 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2415 SSL3_VERSION, TLS1_2_VERSION,
2416 DTLS1_BAD_VER, DTLS1_2_VERSION,
2417 SSL_NOT_DEFAULT | SSL_HIGH,
2418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2423 # ifndef OPENSSL_NO_EC
2426 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2427 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2428 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2433 TLS1_2_VERSION, TLS1_2_VERSION,
2434 DTLS1_2_VERSION, DTLS1_2_VERSION,
2435 SSL_NOT_DEFAULT | SSL_HIGH,
2436 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2442 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2443 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2444 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2449 TLS1_2_VERSION, TLS1_2_VERSION,
2450 DTLS1_2_VERSION, DTLS1_2_VERSION,
2451 SSL_NOT_DEFAULT | SSL_HIGH,
2452 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2458 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2459 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2460 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2465 TLS1_2_VERSION, TLS1_2_VERSION,
2466 DTLS1_2_VERSION, DTLS1_2_VERSION,
2467 SSL_NOT_DEFAULT | SSL_HIGH,
2468 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2474 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2475 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2476 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2481 TLS1_2_VERSION, TLS1_2_VERSION,
2482 DTLS1_2_VERSION, DTLS1_2_VERSION,
2483 SSL_NOT_DEFAULT | SSL_HIGH,
2484 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2488 # endif /* OPENSSL_NO_EC */
2490 # ifndef OPENSSL_NO_PSK
2493 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2494 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2495 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2500 TLS1_VERSION, TLS1_2_VERSION,
2501 DTLS1_BAD_VER, DTLS1_2_VERSION,
2502 SSL_NOT_DEFAULT | SSL_HIGH,
2503 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2509 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2510 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2511 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2516 TLS1_VERSION, TLS1_2_VERSION,
2517 DTLS1_BAD_VER, DTLS1_2_VERSION,
2518 SSL_NOT_DEFAULT | SSL_HIGH,
2519 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2525 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2526 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2532 TLS1_VERSION, TLS1_2_VERSION,
2533 DTLS1_BAD_VER, DTLS1_2_VERSION,
2534 SSL_NOT_DEFAULT | SSL_HIGH,
2535 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2541 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2542 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2548 TLS1_VERSION, TLS1_2_VERSION,
2549 DTLS1_BAD_VER, DTLS1_2_VERSION,
2550 SSL_NOT_DEFAULT | SSL_HIGH,
2551 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2557 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2558 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2564 TLS1_VERSION, TLS1_2_VERSION,
2565 DTLS1_BAD_VER, DTLS1_2_VERSION,
2566 SSL_NOT_DEFAULT | SSL_HIGH,
2567 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2573 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2574 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2580 TLS1_VERSION, TLS1_2_VERSION,
2581 DTLS1_BAD_VER, DTLS1_2_VERSION,
2582 SSL_NOT_DEFAULT | SSL_HIGH,
2583 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2589 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2590 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2596 TLS1_VERSION, TLS1_2_VERSION,
2597 DTLS1_BAD_VER, DTLS1_2_VERSION,
2598 SSL_NOT_DEFAULT | SSL_HIGH,
2599 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2605 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2606 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2612 TLS1_VERSION, TLS1_2_VERSION,
2613 DTLS1_BAD_VER, DTLS1_2_VERSION,
2614 SSL_NOT_DEFAULT | SSL_HIGH,
2615 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2619 # endif /* OPENSSL_NO_PSK */
2621 #endif /* OPENSSL_NO_CAMELLIA */
2623 #ifndef OPENSSL_NO_GOST
2626 "GOST2001-GOST89-GOST89",
2627 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2631 SSL_eGOST2814789CNT,
2633 TLS1_VERSION, TLS1_2_VERSION,
2636 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2642 "GOST2001-NULL-GOST94",
2643 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2649 TLS1_VERSION, TLS1_2_VERSION,
2652 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2658 "GOST2012-GOST8912-GOST8912",
2662 SSL_aGOST12 | SSL_aGOST01,
2663 SSL_eGOST2814789CNT12,
2665 TLS1_VERSION, TLS1_2_VERSION,
2668 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2674 "GOST2012-NULL-GOST12",
2678 SSL_aGOST12 | SSL_aGOST01,
2681 TLS1_VERSION, TLS1_2_VERSION,
2684 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2688 #endif /* OPENSSL_NO_GOST */
2690 #ifndef OPENSSL_NO_IDEA
2693 SSL3_TXT_RSA_IDEA_128_SHA,
2694 SSL3_RFC_RSA_IDEA_128_SHA,
2695 SSL3_CK_RSA_IDEA_128_SHA,
2700 SSL3_VERSION, TLS1_1_VERSION,
2701 DTLS1_BAD_VER, DTLS1_VERSION,
2702 SSL_NOT_DEFAULT | SSL_MEDIUM,
2703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2709 #ifndef OPENSSL_NO_SEED
2712 TLS1_TXT_RSA_WITH_SEED_SHA,
2713 TLS1_RFC_RSA_WITH_SEED_SHA,
2714 TLS1_CK_RSA_WITH_SEED_SHA,
2719 SSL3_VERSION, TLS1_2_VERSION,
2720 DTLS1_BAD_VER, DTLS1_2_VERSION,
2721 SSL_NOT_DEFAULT | SSL_MEDIUM,
2722 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2728 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2729 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2730 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2735 SSL3_VERSION, TLS1_2_VERSION,
2736 DTLS1_BAD_VER, DTLS1_2_VERSION,
2737 SSL_NOT_DEFAULT | SSL_MEDIUM,
2738 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2744 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2745 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2746 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2751 SSL3_VERSION, TLS1_2_VERSION,
2752 DTLS1_BAD_VER, DTLS1_2_VERSION,
2753 SSL_NOT_DEFAULT | SSL_MEDIUM,
2754 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2760 TLS1_TXT_ADH_WITH_SEED_SHA,
2761 TLS1_RFC_ADH_WITH_SEED_SHA,
2762 TLS1_CK_ADH_WITH_SEED_SHA,
2767 SSL3_VERSION, TLS1_2_VERSION,
2768 DTLS1_BAD_VER, DTLS1_2_VERSION,
2769 SSL_NOT_DEFAULT | SSL_MEDIUM,
2770 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2774 #endif /* OPENSSL_NO_SEED */
2776 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2779 SSL3_TXT_RSA_RC4_128_MD5,
2780 SSL3_RFC_RSA_RC4_128_MD5,
2781 SSL3_CK_RSA_RC4_128_MD5,
2786 SSL3_VERSION, TLS1_2_VERSION,
2788 SSL_NOT_DEFAULT | SSL_MEDIUM,
2789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2795 SSL3_TXT_RSA_RC4_128_SHA,
2796 SSL3_RFC_RSA_RC4_128_SHA,
2797 SSL3_CK_RSA_RC4_128_SHA,
2802 SSL3_VERSION, TLS1_2_VERSION,
2804 SSL_NOT_DEFAULT | SSL_MEDIUM,
2805 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2811 SSL3_TXT_ADH_RC4_128_MD5,
2812 SSL3_RFC_ADH_RC4_128_MD5,
2813 SSL3_CK_ADH_RC4_128_MD5,
2818 SSL3_VERSION, TLS1_2_VERSION,
2820 SSL_NOT_DEFAULT | SSL_MEDIUM,
2821 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2826 # ifndef OPENSSL_NO_EC
2829 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2830 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2831 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2836 TLS1_VERSION, TLS1_2_VERSION,
2838 SSL_NOT_DEFAULT | SSL_MEDIUM,
2839 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2845 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2846 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2847 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2852 TLS1_VERSION, TLS1_2_VERSION,
2854 SSL_NOT_DEFAULT | SSL_MEDIUM,
2855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2861 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2862 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2863 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2868 TLS1_VERSION, TLS1_2_VERSION,
2870 SSL_NOT_DEFAULT | SSL_MEDIUM,
2871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2877 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2878 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2879 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2884 TLS1_VERSION, TLS1_2_VERSION,
2886 SSL_NOT_DEFAULT | SSL_MEDIUM,
2887 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2891 # endif /* OPENSSL_NO_EC */
2893 # ifndef OPENSSL_NO_PSK
2896 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2897 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2898 TLS1_CK_PSK_WITH_RC4_128_SHA,
2903 SSL3_VERSION, TLS1_2_VERSION,
2905 SSL_NOT_DEFAULT | SSL_MEDIUM,
2906 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2912 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2913 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2914 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2919 SSL3_VERSION, TLS1_2_VERSION,
2921 SSL_NOT_DEFAULT | SSL_MEDIUM,
2922 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2928 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2929 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2930 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2935 SSL3_VERSION, TLS1_2_VERSION,
2937 SSL_NOT_DEFAULT | SSL_MEDIUM,
2938 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2942 # endif /* OPENSSL_NO_PSK */
2944 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2949 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2950 * values stuffed into the ciphers field of the wire protocol for signalling
2953 static SSL_CIPHER ssl3_scsvs[] = {
2956 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2957 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2959 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2963 "TLS_FALLBACK_SCSV",
2964 "TLS_FALLBACK_SCSV",
2965 SSL3_CK_FALLBACK_SCSV,
2966 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2970 static int cipher_compare(const void *a, const void *b)
2972 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2973 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2975 if (ap->id == bp->id)
2977 return ap->id < bp->id ? -1 : 1;
2980 void ssl_sort_cipher_list(void)
2982 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2984 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2987 const SSL3_ENC_METHOD SSLv3_enc_data = {
2990 ssl3_setup_key_block,
2991 ssl3_generate_master_secret,
2992 ssl3_change_cipher_state,
2993 ssl3_final_finish_mac,
2994 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2995 SSL3_MD_SERVER_FINISHED_CONST, 4,
2997 (int (*)(SSL *, unsigned char *, size_t, const char *,
2998 size_t, const unsigned char *, size_t,
2999 int use_context))ssl_undefined_function,
3001 ssl3_set_handshake_header,
3002 tls_close_construct_packet,
3003 ssl3_handshake_write
3006 long ssl3_default_timeout(void)
3009 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3010 * http, the cache would over fill
3012 return (60 * 60 * 2);
3015 int ssl3_num_ciphers(void)
3017 return (SSL3_NUM_CIPHERS);
3020 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3022 if (u < SSL3_NUM_CIPHERS)
3023 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
3028 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3030 /* No header in the event of a CCS */
3031 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3034 /* Set the content type and 3 bytes for the message len */
3035 if (!WPACKET_put_bytes_u8(pkt, htype)
3036 || !WPACKET_start_sub_packet_u24(pkt))
3042 int ssl3_handshake_write(SSL *s)
3044 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3047 int ssl3_new(SSL *s)
3051 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3055 #ifndef OPENSSL_NO_SRP
3056 if (!SSL_SRP_CTX_init(s))
3060 if (!s->method->ssl_clear(s))
3068 void ssl3_free(SSL *s)
3070 if (s == NULL || s->s3 == NULL)
3073 ssl3_cleanup_key_block(s);
3075 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3076 EVP_PKEY_free(s->s3->peer_tmp);
3077 s->s3->peer_tmp = NULL;
3078 EVP_PKEY_free(s->s3->tmp.pkey);
3079 s->s3->tmp.pkey = NULL;
3082 OPENSSL_free(s->s3->tmp.ctype);
3083 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3084 OPENSSL_free(s->s3->tmp.ciphers_raw);
3085 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3086 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3087 ssl3_free_digest_list(s);
3088 OPENSSL_free(s->s3->alpn_selected);
3089 OPENSSL_free(s->s3->alpn_proposed);
3091 #ifndef OPENSSL_NO_SRP
3092 SSL_SRP_CTX_free(s);
3094 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3098 int ssl3_clear(SSL *s)
3100 ssl3_cleanup_key_block(s);
3101 OPENSSL_free(s->s3->tmp.ctype);
3102 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3103 OPENSSL_free(s->s3->tmp.ciphers_raw);
3104 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3105 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3107 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3108 EVP_PKEY_free(s->s3->tmp.pkey);
3109 EVP_PKEY_free(s->s3->peer_tmp);
3110 #endif /* !OPENSSL_NO_EC */
3112 ssl3_free_digest_list(s);
3114 OPENSSL_free(s->s3->alpn_selected);
3115 OPENSSL_free(s->s3->alpn_proposed);
3117 /* NULL/zero-out everything in the s3 struct */
3118 memset(s->s3, 0, sizeof(*s->s3));
3120 if (!ssl_free_wbio_buffer(s))
3123 s->version = SSL3_VERSION;
3125 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3126 OPENSSL_free(s->ext.npn);
3134 #ifndef OPENSSL_NO_SRP
3135 static char *srp_password_from_info_cb(SSL *s, void *arg)
3137 return OPENSSL_strdup(s->srp_ctx.info);
3141 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3143 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3148 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3150 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3151 ret = s->s3->num_renegotiations;
3153 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3154 ret = s->s3->num_renegotiations;
3155 s->s3->num_renegotiations = 0;
3157 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3158 ret = s->s3->total_renegotiations;
3160 case SSL_CTRL_GET_FLAGS:
3161 ret = (int)(s->s3->flags);
3163 #ifndef OPENSSL_NO_DH
3164 case SSL_CTRL_SET_TMP_DH:
3166 DH *dh = (DH *)parg;
3167 EVP_PKEY *pkdh = NULL;
3169 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3172 pkdh = ssl_dh_to_pkey(dh);
3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3177 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3178 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3179 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3180 EVP_PKEY_free(pkdh);
3183 EVP_PKEY_free(s->cert->dh_tmp);
3184 s->cert->dh_tmp = pkdh;
3188 case SSL_CTRL_SET_TMP_DH_CB:
3190 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3193 case SSL_CTRL_SET_DH_AUTO:
3194 s->cert->dh_tmp_auto = larg;
3197 #ifndef OPENSSL_NO_EC
3198 case SSL_CTRL_SET_TMP_ECDH:
3200 const EC_GROUP *group = NULL;
3204 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3207 group = EC_KEY_get0_group((const EC_KEY *)parg);
3208 if (group == NULL) {
3209 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3212 nid = EC_GROUP_get_curve_name(group);
3213 if (nid == NID_undef)
3215 return tls1_set_groups(&s->ext.supportedgroups,
3216 &s->ext.supportedgroups_len,
3220 #endif /* !OPENSSL_NO_EC */
3221 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3222 if (larg == TLSEXT_NAMETYPE_host_name) {
3225 OPENSSL_free(s->ext.hostname);
3226 s->ext.hostname = NULL;
3231 len = strlen((char *)parg);
3232 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3233 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3236 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3237 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3241 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3245 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3246 s->ext.debug_arg = parg;
3250 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3251 ret = s->ext.status_type;
3254 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3255 s->ext.status_type = larg;
3259 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3260 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3264 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3265 s->ext.ocsp.exts = parg;
3269 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3270 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3274 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3275 s->ext.ocsp.ids = parg;
3279 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3280 *(unsigned char **)parg = s->ext.ocsp.resp;
3281 if (s->ext.ocsp.resp_len == 0
3282 || s->ext.ocsp.resp_len > LONG_MAX)
3284 return (long)s->ext.ocsp.resp_len;
3286 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3287 OPENSSL_free(s->ext.ocsp.resp);
3288 s->ext.ocsp.resp = parg;
3289 s->ext.ocsp.resp_len = larg;
3293 #ifndef OPENSSL_NO_HEARTBEATS
3294 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3295 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3296 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3300 case SSL_CTRL_CHAIN:
3302 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3304 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3306 case SSL_CTRL_CHAIN_CERT:
3308 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3310 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3312 case SSL_CTRL_GET_CHAIN_CERTS:
3313 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3316 case SSL_CTRL_SELECT_CURRENT_CERT:
3317 return ssl_cert_select_current(s->cert, (X509 *)parg);
3319 case SSL_CTRL_SET_CURRENT_CERT:
3320 if (larg == SSL_CERT_SET_SERVER) {
3321 const SSL_CIPHER *cipher;
3324 cipher = s->s3->tmp.new_cipher;
3328 * No certificate for unauthenticated ciphersuites or using SRP
3331 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3333 if (s->s3->tmp.cert == NULL)
3335 s->cert->key = s->s3->tmp.cert;
3338 return ssl_cert_set_current(s->cert, larg);
3340 #ifndef OPENSSL_NO_EC
3341 case SSL_CTRL_GET_GROUPS:
3343 unsigned char *clist;
3348 clist = s->session->ext.supportedgroups;
3349 clistlen = s->session->ext.supportedgroups_len / 2;
3353 unsigned int cid, nid;
3354 for (i = 0; i < clistlen; i++) {
3356 /* TODO(TLS1.3): Handle DH groups here */
3357 nid = tls1_ec_curve_id2nid(cid, NULL);
3361 cptr[i] = TLSEXT_nid_unknown | cid;
3364 return (int)clistlen;
3367 case SSL_CTRL_SET_GROUPS:
3368 return tls1_set_groups(&s->ext.supportedgroups,
3369 &s->ext.supportedgroups_len, parg, larg);
3371 case SSL_CTRL_SET_GROUPS_LIST:
3372 return tls1_set_groups_list(&s->ext.supportedgroups,
3373 &s->ext.supportedgroups_len, parg);
3375 case SSL_CTRL_GET_SHARED_GROUP:
3376 return tls1_shared_group(s, larg);
3379 case SSL_CTRL_SET_SIGALGS:
3380 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3382 case SSL_CTRL_SET_SIGALGS_LIST:
3383 return tls1_set_sigalgs_list(s->cert, parg, 0);
3385 case SSL_CTRL_SET_CLIENT_SIGALGS:
3386 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3388 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3389 return tls1_set_sigalgs_list(s->cert, parg, 1);
3391 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3393 const unsigned char **pctype = parg;
3394 if (s->server || !s->s3->tmp.cert_req)
3397 *pctype = s->s3->tmp.ctype;
3398 return s->s3->tmp.ctype_len;
3401 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3404 return ssl3_set_req_cert_type(s->cert, parg, larg);
3406 case SSL_CTRL_BUILD_CERT_CHAIN:
3407 return ssl_build_cert_chain(s, NULL, larg);
3409 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3410 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3412 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3413 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3415 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3416 if (s->s3->tmp.peer_sigalg == NULL)
3418 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3421 case SSL_CTRL_GET_SERVER_TMP_KEY:
3422 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3423 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3426 EVP_PKEY_up_ref(s->s3->peer_tmp);
3427 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3433 #ifndef OPENSSL_NO_EC
3434 case SSL_CTRL_GET_EC_POINT_FORMATS:
3436 SSL_SESSION *sess = s->session;
3437 const unsigned char **pformat = parg;
3439 if (sess == NULL || sess->ext.ecpointformats == NULL)
3441 *pformat = sess->ext.ecpointformats;
3442 return (int)sess->ext.ecpointformats_len;
3452 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3457 #ifndef OPENSSL_NO_DH
3458 case SSL_CTRL_SET_TMP_DH_CB:
3460 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3464 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3465 s->ext.debug_cb = (void (*)(SSL *, int, int,
3466 const unsigned char *, int, void *))fp;
3469 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3471 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3480 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3483 #ifndef OPENSSL_NO_DH
3484 case SSL_CTRL_SET_TMP_DH:
3486 DH *dh = (DH *)parg;
3487 EVP_PKEY *pkdh = NULL;
3489 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3492 pkdh = ssl_dh_to_pkey(dh);
3494 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3497 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3498 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3499 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3500 EVP_PKEY_free(pkdh);
3503 EVP_PKEY_free(ctx->cert->dh_tmp);
3504 ctx->cert->dh_tmp = pkdh;
3507 case SSL_CTRL_SET_TMP_DH_CB:
3509 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3512 case SSL_CTRL_SET_DH_AUTO:
3513 ctx->cert->dh_tmp_auto = larg;
3516 #ifndef OPENSSL_NO_EC
3517 case SSL_CTRL_SET_TMP_ECDH:
3519 const EC_GROUP *group = NULL;
3523 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3526 group = EC_KEY_get0_group((const EC_KEY *)parg);
3527 if (group == NULL) {
3528 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3531 nid = EC_GROUP_get_curve_name(group);
3532 if (nid == NID_undef)
3534 return tls1_set_groups(&ctx->ext.supportedgroups,
3535 &ctx->ext.supportedgroups_len,
3538 #endif /* !OPENSSL_NO_EC */
3539 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3540 ctx->ext.servername_arg = parg;
3542 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3543 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3545 unsigned char *keys = parg;
3546 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3547 sizeof(ctx->ext.tick_hmac_key) +
3548 sizeof(ctx->ext.tick_aes_key));
3551 if (larg != tick_keylen) {
3552 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3555 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3556 memcpy(ctx->ext.tick_key_name, keys,
3557 sizeof(ctx->ext.tick_key_name));
3558 memcpy(ctx->ext.tick_hmac_key,
3559 keys + sizeof(ctx->ext.tick_key_name),
3560 sizeof(ctx->ext.tick_hmac_key));
3561 memcpy(ctx->ext.tick_aes_key,
3562 keys + sizeof(ctx->ext.tick_key_name) +
3563 sizeof(ctx->ext.tick_hmac_key),
3564 sizeof(ctx->ext.tick_aes_key));
3566 memcpy(keys, ctx->ext.tick_key_name,
3567 sizeof(ctx->ext.tick_key_name));
3568 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3569 ctx->ext.tick_hmac_key,
3570 sizeof(ctx->ext.tick_hmac_key));
3571 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3572 sizeof(ctx->ext.tick_hmac_key),
3573 ctx->ext.tick_aes_key,
3574 sizeof(ctx->ext.tick_aes_key));
3579 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3580 return ctx->ext.status_type;
3582 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3583 ctx->ext.status_type = larg;
3586 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3587 ctx->ext.status_arg = parg;
3590 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3591 *(void**)parg = ctx->ext.status_arg;
3594 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3595 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3598 #ifndef OPENSSL_NO_SRP
3599 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3600 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3601 OPENSSL_free(ctx->srp_ctx.login);
3602 ctx->srp_ctx.login = NULL;
3605 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3606 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3609 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3610 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3614 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3615 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3616 srp_password_from_info_cb;
3617 if (ctx->srp_ctx.info != NULL)
3618 OPENSSL_free(ctx->srp_ctx.info);
3619 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3620 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3624 case SSL_CTRL_SET_SRP_ARG:
3625 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3626 ctx->srp_ctx.SRP_cb_arg = parg;
3629 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3630 ctx->srp_ctx.strength = larg;
3634 #ifndef OPENSSL_NO_EC
3635 case SSL_CTRL_SET_GROUPS:
3636 return tls1_set_groups(&ctx->ext.supportedgroups,
3637 &ctx->ext.supportedgroups_len,
3640 case SSL_CTRL_SET_GROUPS_LIST:
3641 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3642 &ctx->ext.supportedgroups_len,
3645 case SSL_CTRL_SET_SIGALGS:
3646 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3648 case SSL_CTRL_SET_SIGALGS_LIST:
3649 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3651 case SSL_CTRL_SET_CLIENT_SIGALGS:
3652 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3654 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3655 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3657 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3658 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3660 case SSL_CTRL_BUILD_CERT_CHAIN:
3661 return ssl_build_cert_chain(NULL, ctx, larg);
3663 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3664 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3666 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3667 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3669 /* A Thawte special :-) */
3670 case SSL_CTRL_EXTRA_CHAIN_CERT:
3671 if (ctx->extra_certs == NULL) {
3672 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3673 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3677 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3678 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3683 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3684 if (ctx->extra_certs == NULL && larg == 0)
3685 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3687 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3690 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3691 sk_X509_pop_free(ctx->extra_certs, X509_free);
3692 ctx->extra_certs = NULL;
3695 case SSL_CTRL_CHAIN:
3697 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3699 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3701 case SSL_CTRL_CHAIN_CERT:
3703 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3705 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3707 case SSL_CTRL_GET_CHAIN_CERTS:
3708 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3711 case SSL_CTRL_SELECT_CURRENT_CERT:
3712 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3714 case SSL_CTRL_SET_CURRENT_CERT:
3715 return ssl_cert_set_current(ctx->cert, larg);
3723 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3726 #ifndef OPENSSL_NO_DH
3727 case SSL_CTRL_SET_TMP_DH_CB:
3729 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3733 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3734 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3737 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3738 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3741 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3742 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3745 HMAC_CTX *, int))fp;
3748 #ifndef OPENSSL_NO_SRP
3749 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3750 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3751 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3753 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3754 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3755 ctx->srp_ctx.TLS_ext_srp_username_callback =
3756 (int (*)(SSL *, int *, void *))fp;
3758 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3759 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3760 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3761 (char *(*)(SSL *, void *))fp;
3764 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3766 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3775 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3778 const SSL_CIPHER *cp;
3781 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3784 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3787 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
3789 SSL_CIPHER *c = NULL;
3790 SSL_CIPHER *tbl = ssl3_ciphers;
3793 /* this is not efficient, necessary to optimize this? */
3794 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
3795 if (tbl->stdname == NULL)
3797 if (strcmp(stdname, tbl->stdname) == 0) {
3804 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
3805 if (strcmp(stdname, tbl->stdname) == 0) {
3815 * This function needs to check if the ciphers required are actually
3818 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3820 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3821 | ((uint32_t)p[0] << 8L)
3825 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3827 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3832 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3840 * ssl3_choose_cipher - choose a cipher from those offered by the client
3841 * @s: SSL connection
3842 * @clnt: ciphers offered by the client
3843 * @srvr: ciphers enabled on the server?
3845 * Returns the selected cipher or NULL when no common ciphers.
3847 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3848 STACK_OF(SSL_CIPHER) *srvr)
3850 const SSL_CIPHER *c, *ret = NULL;
3851 STACK_OF(SSL_CIPHER) *prio, *allow;
3853 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
3855 /* Let's see which ciphers we can support */
3858 * Do not set the compare functions, because this may lead to a
3859 * reordering by "id". We want to keep the original ordering. We may pay
3860 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3861 * pay with the price of sk_SSL_CIPHER_dup().
3865 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3867 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3868 c = sk_SSL_CIPHER_value(srvr, i);
3869 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3871 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3873 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3874 c = sk_SSL_CIPHER_value(clnt, i);
3875 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3879 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3887 if (!SSL_IS_TLS13(s)) {
3888 tls1_set_cert_validity(s);
3892 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3893 c = sk_SSL_CIPHER_value(prio, i);
3895 /* Skip ciphers not supported by the protocol version */
3896 if (!SSL_IS_DTLS(s) &&
3897 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3899 if (SSL_IS_DTLS(s) &&
3900 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3901 DTLS_VERSION_GT(s->version, c->max_dtls)))
3905 * Since TLS 1.3 ciphersuites can be used with any auth or
3906 * key exchange scheme skip tests.
3908 if (!SSL_IS_TLS13(s)) {
3909 mask_k = s->s3->tmp.mask_k;
3910 mask_a = s->s3->tmp.mask_a;
3911 #ifndef OPENSSL_NO_SRP
3912 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3918 alg_k = c->algorithm_mkey;
3919 alg_a = c->algorithm_auth;
3921 #ifndef OPENSSL_NO_PSK
3922 /* with PSK there must be server callback set */
3923 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3925 #endif /* OPENSSL_NO_PSK */
3927 ok = (alg_k & mask_k) && (alg_a & mask_a);
3929 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3930 alg_a, mask_k, mask_a, (void *)c, c->name);
3933 #ifndef OPENSSL_NO_EC
3935 * if we are considering an ECC cipher suite that uses an ephemeral
3938 if (alg_k & SSL_kECDHE)
3939 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3940 #endif /* OPENSSL_NO_EC */
3945 ii = sk_SSL_CIPHER_find(allow, c);
3947 /* Check security callback permits this cipher */
3948 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3949 c->strength_bits, 0, (void *)c))
3951 #if !defined(OPENSSL_NO_EC)
3952 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3953 && s->s3->is_probably_safari) {
3955 ret = sk_SSL_CIPHER_value(allow, ii);
3959 ret = sk_SSL_CIPHER_value(allow, ii);
3966 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3968 uint32_t alg_k, alg_a = 0;
3970 /* If we have custom certificate types set, use them */
3972 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3973 /* Get mask of algorithms disabled by signature list */
3974 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3976 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3978 #ifndef OPENSSL_NO_GOST
3979 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3980 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3981 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3982 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3985 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3986 #ifndef OPENSSL_NO_DH
3987 # ifndef OPENSSL_NO_RSA
3988 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3991 # ifndef OPENSSL_NO_DSA
3992 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3995 #endif /* !OPENSSL_NO_DH */
3997 #ifndef OPENSSL_NO_RSA
3998 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4001 #ifndef OPENSSL_NO_DSA
4002 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4005 #ifndef OPENSSL_NO_EC
4007 * ECDSA certs can be used with RSA cipher suites too so we don't
4008 * need to check for SSL_kECDH or SSL_kECDHE
4010 if (s->version >= TLS1_VERSION
4011 && !(alg_a & SSL_aECDSA)
4012 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4018 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4020 OPENSSL_free(c->ctype);
4023 if (p == NULL || len == 0)
4027 c->ctype = OPENSSL_memdup(p, len);
4028 if (c->ctype == NULL)
4034 int ssl3_shutdown(SSL *s)
4039 * Don't do anything much if we have not done the handshake or we don't
4040 * want to send messages :-)
4042 if (s->quiet_shutdown || SSL_in_before(s)) {
4043 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4047 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4048 s->shutdown |= SSL_SENT_SHUTDOWN;
4049 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4051 * our shutdown alert has been sent now, and if it still needs to be
4052 * written, s->s3->alert_dispatch will be true
4054 if (s->s3->alert_dispatch)
4055 return (-1); /* return WANT_WRITE */
4056 } else if (s->s3->alert_dispatch) {
4057 /* resend it if not sent */
4058 ret = s->method->ssl_dispatch_alert(s);
4061 * we only get to return -1 here the 2nd/Nth invocation, we must
4062 * have already signalled return 0 upon a previous invocation,
4067 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4070 * If we are waiting for a close from our peer, we are closed
4072 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4073 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4074 return -1; /* return WANT_READ */
4078 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4079 !s->s3->alert_dispatch)
4085 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4088 if (s->s3->renegotiate)
4089 ssl3_renegotiate_check(s, 0);
4091 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4095 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4101 if (s->s3->renegotiate)
4102 ssl3_renegotiate_check(s, 0);
4103 s->s3->in_read_app_data = 1;
4105 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4107 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4109 * ssl3_read_bytes decided to call s->handshake_func, which called
4110 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4111 * actually found application data and thinks that application data
4112 * makes sense here; so disable handshake processing and try to read
4113 * application data again.
4115 ossl_statem_set_in_handshake(s, 1);
4117 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4118 len, peek, readbytes);
4119 ossl_statem_set_in_handshake(s, 0);
4121 s->s3->in_read_app_data = 0;
4126 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4128 return ssl3_read_internal(s, buf, len, 0, readbytes);
4131 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4133 return ssl3_read_internal(s, buf, len, 1, readbytes);
4136 int ssl3_renegotiate(SSL *s)
4138 if (s->handshake_func == NULL)
4141 s->s3->renegotiate = 1;
4146 * Check if we are waiting to do a renegotiation and if so whether now is a
4147 * good time to do it. If |initok| is true then we are being called from inside
4148 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4149 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4150 * should do a renegotiation now and sets up the state machine for it. Otherwise
4153 int ssl3_renegotiate_check(SSL *s, int initok)
4157 if (s->s3->renegotiate) {
4158 if (!RECORD_LAYER_read_pending(&s->rlayer)
4159 && !RECORD_LAYER_write_pending(&s->rlayer)
4160 && (initok || !SSL_in_init(s))) {
4162 * if we are the server, and we have sent a 'RENEGOTIATE'
4163 * message, we need to set the state machine into the renegotiate
4166 ossl_statem_set_renegotiate(s);
4167 s->s3->renegotiate = 0;
4168 s->s3->num_renegotiations++;
4169 s->s3->total_renegotiations++;
4177 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4178 * handshake macs if required.
4180 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4182 long ssl_get_algorithm2(SSL *s)
4185 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4187 alg2 = s->s3->tmp.new_cipher->algorithm2;
4188 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4189 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4190 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4191 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4192 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4193 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4199 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4200 * failure, 1 on success.
4202 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4205 int send_time = 0, ret;
4210 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4212 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4214 unsigned long Time = (unsigned long)time(NULL);
4215 unsigned char *p = result;
4217 /* TODO(size_t): Convert this */
4218 ret = RAND_bytes(p, (int)(len - 4));
4220 ret = RAND_bytes(result, (int)len);
4222 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4224 if (!ossl_assert(sizeof(tls11downgrade) < len)
4225 || !ossl_assert(sizeof(tls12downgrade) < len))
4227 if (dgrd == DOWNGRADE_TO_1_2)
4228 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4229 sizeof(tls12downgrade));
4230 else if (dgrd == DOWNGRADE_TO_1_1)
4231 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4232 sizeof(tls11downgrade));
4238 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4241 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4244 if (alg_k & SSL_PSK) {
4245 #ifndef OPENSSL_NO_PSK
4246 unsigned char *pskpms, *t;
4247 size_t psklen = s->s3->tmp.psklen;
4250 /* create PSK premaster_secret */
4252 /* For plain PSK "other_secret" is psklen zeroes */
4253 if (alg_k & SSL_kPSK)
4256 pskpmslen = 4 + pmslen + psklen;
4257 pskpms = OPENSSL_malloc(pskpmslen);
4262 if (alg_k & SSL_kPSK)
4263 memset(t, 0, pmslen);
4265 memcpy(t, pms, pmslen);
4268 memcpy(t, s->s3->tmp.psk, psklen);
4270 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4271 s->s3->tmp.psk = NULL;
4272 if (!s->method->ssl3_enc->generate_master_secret(s,
4273 s->session->master_key,pskpms, pskpmslen,
4274 &s->session->master_key_length))
4276 OPENSSL_clear_free(pskpms, pskpmslen);
4278 /* Should never happen */
4282 if (!s->method->ssl3_enc->generate_master_secret(s,
4283 s->session->master_key, pms, pmslen,
4284 &s->session->master_key_length))
4292 OPENSSL_clear_free(pms, pmslen);
4294 OPENSSL_cleanse(pms, pmslen);
4297 s->s3->tmp.pms = NULL;
4301 /* Generate a private key from parameters */
4302 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4304 EVP_PKEY_CTX *pctx = NULL;
4305 EVP_PKEY *pkey = NULL;
4309 pctx = EVP_PKEY_CTX_new(pm, NULL);
4312 if (EVP_PKEY_keygen_init(pctx) <= 0)
4314 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4315 EVP_PKEY_free(pkey);
4320 EVP_PKEY_CTX_free(pctx);
4323 #ifndef OPENSSL_NO_EC
4324 /* Generate a private key a curve ID */
4325 EVP_PKEY *ssl_generate_pkey_curve(int id)
4327 EVP_PKEY_CTX *pctx = NULL;
4328 EVP_PKEY *pkey = NULL;
4329 unsigned int curve_flags;
4330 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4334 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4335 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4338 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4342 if (EVP_PKEY_keygen_init(pctx) <= 0)
4344 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4346 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4347 EVP_PKEY_free(pkey);
4352 EVP_PKEY_CTX_free(pctx);
4357 /* Derive secrets for ECDH/DH */
4358 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4361 unsigned char *pms = NULL;
4365 if (privkey == NULL || pubkey == NULL)
4368 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4370 if (EVP_PKEY_derive_init(pctx) <= 0
4371 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4372 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4376 pms = OPENSSL_malloc(pmslen);
4380 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4384 if (SSL_IS_TLS13(s)) {
4386 * If we are resuming then we already generated the early secret
4387 * when we created the ClientHello, so don't recreate it.
4390 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4392 (unsigned char *)&s->early_secret);
4396 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4398 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4401 /* Save premaster secret */
4402 s->s3->tmp.pms = pms;
4403 s->s3->tmp.pmslen = pmslen;
4409 OPENSSL_clear_free(pms, pmslen);
4410 EVP_PKEY_CTX_free(pctx);
4414 #ifndef OPENSSL_NO_DH
4415 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4420 ret = EVP_PKEY_new();
4421 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {