1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA384,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA384,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
#ifndef OPENSSL_NO_EC
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
- if (alg_k & SSL_kEECDH)
+ if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
if (ii >= 0)
{
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
- if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+ if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
{
if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
continue;
#ifndef OPENSSL_NO_ECDSA
/* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kEECDH
+ * so we don't need to check for SSL_kECDH or SSL_kECDHE
*/
if (s->version >= TLS1_VERSION)
{
{0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
- {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+ {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
/* key exchange aliases
* (some of those using only a single bit here combine
{0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kECDHE,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kEECDH,0, SSL_kECDHE,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kECDHE,0, SSL_kECDHE,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
/* aliases combining key exchange and server authentication */
{0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_ECDHE,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_EECDH,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDHE,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
{0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
{0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
{0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_AECDH,0, SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
{0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
/* AES is our preferred symmetric cipher */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
case SSL_kECDHe:
kx="ECDH/ECDSA";
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
kx="ECDH";
break;
case SSL_kPSK:
if (alg_k & (SSL_kECDHr|SSL_kECDHe))
{
- /* we don't need to look at SSL_kEECDH
+ /* we don't need to look at SSL_kECDHE
* since no certificate is needed for
* anon ECDH and for authenticated
- * EECDH, the check for the auth
+ * ECDHE, the check for the auth
* algorithm will set i correctly
* NOTE: For ECDH-RSA, we need an ECC
- * not an RSA cert but for EECDH-RSA
+ * not an RSA cert but for ECDHE-RSA
* we need an RSA cert. Placing the
* checks for SSL_kECDH before RSA
* checks ensures the correct cert is chosen.
projects / oweals / openssl.git / commitdiff