handle the new API. Currently only ECB, CBC modes supported. Add new
AES OIDs.
- Add TLS AES ciphersuites as described in the "AES Ciphersuites
- for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet
- official, they are not enabled by default and are not even part
- of the "ALL" ciphersuite alias; for now, they must be explicitly
- requested by specifying the new "AESdraft" ciphersuite alias. If
- you want the default ciphersuite list plus the new ciphersuites,
- use "DEFAULT:AESdraft:@STRENGTH".
- [Ben Laurie, Steve Henson, Bodo Moeller]
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
*) New function OCSP_copy_nonce() to copy nonce value (if present) from
request to response.
o SSL/TLS: support Kerberos cipher suites (RFC2712).
o SSL/TLS: allow more precise control of renegotiations and sessions.
o SSL/TLS: add callback to retrieve SSL/TLS messages.
- o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).
+ o SSL/TLS: support AES cipher suites (RFC3268).
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
#define SSL_TXT_RC4 "RC4"
#define SSL_TXT_RC2 "RC2"
#define SSL_TXT_IDEA "IDEA"
-#define SSL_TXT_AES "AESdraft" /* AES ciphersuites are not yet official (thus excluded from 'ALL') */
+#define SSL_TXT_AES "AES"
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
} CIPHER_ORDER;
static const SSL_CIPHER cipher_aliases[]={
- /* Don't include eNULL unless specifically enabled.
- * Similarly, don't include AES in ALL because these ciphers are not yet official. */
- {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+ /* Don't include eNULL unless specifically enabled. */
+ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
{0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
{0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
case SSL_AES:
switch(cipher->strength_bits)
{
- case 128: enc="AESdraft(128)"; break;
- case 192: enc="AESdraft(192)"; break;
- case 256: enc="AESdraft(256)"; break;
- default: enc="AESdraft(?""?""?)"; break;
+ case 128: enc="AES(128)"; break;
+ case 192: enc="AES(192)"; break;
+ case 256: enc="AES(256)"; break;
+ default: enc="AES(?""?""?)"; break;
}
break;
default:
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
- /* AES ciphersuites from draft ietf-tls-ciphersuite-03.txt */
+/* AES ciphersuites from RFC3268 */
#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
- /* AES ciphersuites from draft-ietf-tls-ciphersuite-06.txt */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA "AESdraft128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AESdraft128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AESdraft128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AESdraft128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AESdraft128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AESdraft128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA "AESdraft256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AESdraft256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AESdraft256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AESdraft256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AESdraft256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AESdraft256-SHA"
+
+/* AES ciphersuites from RFC3268 */
+#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
+
+#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
#define TLS_CT_RSA_SIGN 1
projects / oweals / openssl.git / commitdiff