-static SSL_CIPHER cipher_aliases[]={
- {0,SSL_TXT_ALL, 0,SSL_ALL, 0,SSL_ALL}, /* must be first */
- {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK},
- {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK},
- {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK},
- {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,SSL_MKEY_MASK},
- {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,SSL_MKEY_MASK},
- {0,SSL_TXT_DH, 0,SSL_DH, 0,SSL_MKEY_MASK},
- {0,SSL_TXT_EDH, 0,SSL_EDH, 0,SSL_MKEY_MASK|SSL_AUTH_MASK},
-
- {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,SSL_AUTH_MASK},
- {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,SSL_AUTH_MASK},
- {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,SSL_AUTH_MASK},
- {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK},
- {0,SSL_TXT_aDH, 0,SSL_aDH, 0,SSL_AUTH_MASK},
- {0,SSL_TXT_DSS, 0,SSL_DSS, 0,SSL_AUTH_MASK},
-
- {0,SSL_TXT_DES, 0,SSL_DES, 0,SSL_ENC_MASK},
- {0,SSL_TXT_3DES,0,SSL_3DES, 0,SSL_ENC_MASK},
- {0,SSL_TXT_RC4, 0,SSL_RC4, 0,SSL_ENC_MASK},
- {0,SSL_TXT_RC2, 0,SSL_RC2, 0,SSL_ENC_MASK},
- {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,SSL_ENC_MASK},
- {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK},
- {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,SSL_ENC_MASK},
-
- {0,SSL_TXT_MD5, 0,SSL_MD5, 0,SSL_MAC_MASK},
- {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,SSL_MAC_MASK},
- {0,SSL_TXT_SHA, 0,SSL_SHA, 0,SSL_MAC_MASK},
-
- {0,SSL_TXT_NULL,0,SSL_NULL, 0,SSL_ENC_MASK},
- {0,SSL_TXT_RSA, 0,SSL_RSA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
- {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK},
- {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
-
- {0,SSL_TXT_EXP, 0,SSL_EXP, 0,SSL_EXP_MASK},
- {0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
- {0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
- {0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
- {0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
- {0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK},
- {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
- {0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
+static const SSL_CIPHER cipher_aliases[]={
+ /* "ALL" doesn't include eNULL (must be specifically enabled) */
+ {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
+ /* "COMPLEMENTOFALL" */
+ {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
+
+ /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
+ {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+
+ /* key exchange aliases
+ * (some of those using only a single bit here combine
+ * multiple key exchange algs according to the RFCs,
+ * e.g. kEDH combines DHE_DSS and DHE_RSA) */
+ {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
+
+ {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
+ {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
+ {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
+ {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
+
+ {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
+
+ {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+
+ {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
+
+ /* server authentication aliases */
+ {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
+ {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
+ {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
+ {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
+ {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
+
+ /* aliases combining key exchange and server authentication */
+ {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
+ {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
+ {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
+
+
+ /* symmetric encryption aliases */
+ {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
+ {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
+ {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
+ {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
+ {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
+ {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
+ {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
+ {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
+ {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
+ {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
+ {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
+ {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
+ {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
+
+ /* MAC aliases */
+ {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
+ {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
+ {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
+ {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
+ {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
+
+ /* protocol version aliases */
+ {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
+ {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
+ {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
+
+ /* export flag */
+ {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
+ {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
+
+ /* strength classes */
+ {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
+ {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
+ {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
+ {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
+ {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
+ /* FIPS 140-2 approved ciphersuite */
+ {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},