-#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH 32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
-
-#define SSL3_MASTER_SECRET_SIZE 48
-#define SSL3_RANDOM_SIZE 32
-#define SSL3_SESSION_ID_SIZE 32
-#define SSL3_RT_HEADER_LENGTH 5
-
-#define SSL3_HM_HEADER_LENGTH 4
-
-#ifndef SSL3_ALIGN_PAYLOAD
- /* Some will argue that this increases memory footprint, but it's
- * not actually true. Point is that malloc has to return at least
- * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
- * 3 bytes in either case. Suggested pre-gaping simply moves these
- * wasted bytes from the end of allocated region to its front,
- * but makes data payload aligned, which improves performance:-) */
-# define SSL3_ALIGN_PAYLOAD 8
-#else
-# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
-# error "insane SSL3_ALIGN_PAYLOAD"
-# undef SSL3_ALIGN_PAYLOAD
+/*
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV)
+ */
+# define SSL3_CK_FALLBACK_SCSV 0x03005600
+
+# define SSL3_CK_RSA_NULL_MD5 0x03000001
+# define SSL3_CK_RSA_NULL_SHA 0x03000002
+# define SSL3_CK_RSA_RC4_40_MD5 0x03000003
+# define SSL3_CK_RSA_RC4_128_MD5 0x03000004
+# define SSL3_CK_RSA_RC4_128_SHA 0x03000005
+# define SSL3_CK_RSA_RC2_40_MD5 0x03000006
+# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
+# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
+# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
+# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
+
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
+
+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
+
+# define SSL3_CK_ADH_RC4_40_MD5 0x03000017
+# define SSL3_CK_ADH_RC4_128_MD5 0x03000018
+# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
+# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
+# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
+
+/*
+ * VRS Additional Kerberos5 entries
+ */
+# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
+# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
+# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
+# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
+# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
+# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
+# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
+# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
+
+# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
+# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
+# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
+# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
+# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
+# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
+
+# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
+# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
+# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
+# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
+# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
+# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
+
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA"
+
+/*
+ * This next block of six "EDH" labels is for backward compatibility with
+ * older versions of OpenSSL. New code should use the six "DHE" labels above
+ * instead:
+ */
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
+# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
+# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
+
+# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
+# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
+# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
+# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
+# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
+# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
+# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
+# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
+
+# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
+# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
+# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
+# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
+# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
+# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
+
+# define SSL3_SSL_SESSION_ID_LENGTH 32
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
+
+# define SSL3_MASTER_SECRET_SIZE 48
+# define SSL3_RANDOM_SIZE 32
+# define SSL3_SESSION_ID_SIZE 32
+# define SSL3_RT_HEADER_LENGTH 5
+
+# define SSL3_HM_HEADER_LENGTH 4
+
+# ifndef SSL3_ALIGN_PAYLOAD
+ /*
+ * Some will argue that this increases memory footprint, but it's not
+ * actually true. Point is that malloc has to return at least 64-bit aligned
+ * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
+ * Suggested pre-gaping simply moves these wasted bytes from the end of
+ * allocated region to its front, but makes data payload aligned, which
+ * improves performance:-)
+ */
+# define SSL3_ALIGN_PAYLOAD 8
+# else
+# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+# error "insane SSL3_ALIGN_PAYLOAD"
+# undef SSL3_ALIGN_PAYLOAD
+# endif