+/* AES ciphersuites from RFC3268 */
+
+#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
+#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
+
+#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
+#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001).
+ * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C
+ * are defined twice so we define ECDH_ECDSA_EXPORT cipher
+ * suites to use 5B and 5C instead (this may change with future
+ * updates to the IETF draft).
+ */
+/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of
+ * ciphersuites, but does not define numbers for all of them
+ * because of possible conflicts with other Internet Drafts;
+ * most numbers are still subject to change. */
+#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047
+#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C
+#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B
+#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C
+
+#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D
+#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E
+#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F
+#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052
+#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053
+#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054
+
+#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055
+#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056
+#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057
+#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058
+#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059
+#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A
+
+/* XXX: ECC ciphersuites offering forward secrecy are not yet specified
+ * in the ECC/TLS draft but our code allows them to be implemented
+ * very easily. To add such a cipher suite, one needs to add two constant
+ * definitions to this file and a new structure in s3_lib.c. We illustrate
+ * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and
+ * ECDHE-RSA-AES128-SHA.
+ */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078
+
+
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */