aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorRich Salz <rsalz@openssl.org>2016-03-16 12:33:00 -0400
committerRich Salz <rsalz@openssl.org>2016-03-16 22:21:25 -0400
commit748f254657ab900c0de5e9e1843150c2df4c4bea (patch)
tree71fca621ae9f196baedea3095d206265ead55af2 /ssl
parent757c416c4d728c346e30e3e7a32fccc4d9be8329 (diff)
downloadopenssl-748f254657ab900c0de5e9e1843150c2df4c4bea.tar.gz
Sort cipher-list at runtime.
Reduces #ifdef complexity. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s3_lib.c2752
-rw-r--r--ssl/ssl_ciph.c2
-rw-r--r--ssl/ssl_locl.h1
3 files changed, 1227 insertions, 1528 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 973274bc8d..49180cd34a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -158,11 +158,18 @@
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
-/* list of available SSLv3 ciphers (sorted by id) */
-static const SSL_CIPHER ssl3_ciphers[] = {
-
-/* The RSA ciphers */
-/* Cipher 01 */
+/*
+ * The list of available ciphers, organized into the following
+ * groups:
+ * Always there
+ * EC
+ * PSK
+ * SRP (within that: RSA EC PSK)
+ * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
+ * Weak ciphers
+ */
+static SSL_CIPHER ssl3_ciphers[] =
+{
{
1,
SSL3_TXT_RSA_NULL_MD5,
@@ -178,8 +185,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
-/* Cipher 02 */
{
1,
SSL3_TXT_RSA_NULL_SHA,
@@ -195,63 +200,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
-/* Cipher 04 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
- SSL3_CK_RSA_RC4_128_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 05 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
- SSL3_CK_RSA_RC4_128_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
- {
- 1,
- SSL3_TXT_RSA_IDEA_128_SHA,
- SSL3_CK_RSA_IDEA_128_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_IDEA,
- SSL_SHA1,
- SSL3_VERSION, TLS1_1_VERSION,
- DTLS1_VERSION, DTLS1_VERSION,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
-/* Cipher 0A */
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
@@ -267,8 +215,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
-/* Cipher 13 */
{
1,
SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
@@ -284,8 +230,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
-/* Cipher 16 */
{
1,
SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
@@ -301,27 +245,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
-/* Cipher 18 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
- SSL3_CK_ADH_RC4_128_MD5,
- SSL_kDHE,
- SSL_aNULL,
- SSL_RC4,
- SSL_MD5,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
-/* Cipher 1B */
{
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
@@ -337,59 +260,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-#ifndef OPENSSL_NO_PSK
- /* Cipher 2C */
- {
- 1,
- TLS1_TXT_PSK_WITH_NULL_SHA,
- TLS1_CK_PSK_WITH_NULL_SHA,
- SSL_kPSK,
- SSL_aPSK,
- SSL_eNULL,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
- /* Cipher 2D */
- {
- 1,
- TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
- TLS1_CK_DHE_PSK_WITH_NULL_SHA,
- SSL_kDHEPSK,
- SSL_aPSK,
- SSL_eNULL,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
- /* Cipher 2E */
- {
- 1,
- TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
- TLS1_CK_RSA_PSK_WITH_NULL_SHA,
- SSL_kRSAPSK,
- SSL_aRSA,
- SSL_eNULL,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-#endif
-
-/* New AES ciphersuites */
-/* Cipher 2F */
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
@@ -405,7 +275,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-/* Cipher 32 */
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
@@ -421,7 +290,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-/* Cipher 33 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
@@ -437,7 +305,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-/* Cipher 34 */
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
@@ -453,8 +320,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
-/* Cipher 35 */
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA,
@@ -470,8 +335,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
-/* Cipher 38 */
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
@@ -487,8 +350,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
-/* Cipher 39 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
@@ -504,8 +365,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher 3A */
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA,
@@ -521,9 +380,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* TLS v1.2 ciphersuites */
- /* Cipher 3B */
{
1,
TLS1_TXT_RSA_WITH_NULL_SHA256,
@@ -539,8 +395,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher 3C */
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA256,
@@ -556,8 +410,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 3D */
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA256,
@@ -573,8 +425,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher 40 */
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
@@ -590,81 +440,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
-#ifndef OPENSSL_NO_CAMELLIA
- /* Camellia ciphersuites from RFC4132 (128-bit portion) */
-
- /* Cipher 41 */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher 44 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHE,
- SSL_aDSS,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher 45 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHE,
- SSL_aRSA,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher 46 */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHE,
- SSL_aNULL,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif /* OPENSSL_NO_CAMELLIA */
-
- /* TLS v1.2 ciphersuites */
- /* Cipher 67 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
@@ -680,8 +455,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 6A */
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
@@ -697,8 +470,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher 6B */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
@@ -714,8 +485,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher 6C */
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA256,
@@ -731,8 +500,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 6D */
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA256,
@@ -748,210 +515,449 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* GOST Ciphersuites */
-#ifndef OPENSL_NO_GOST
{
1,
- "GOST2001-GOST89-GOST89",
- 0x3000081,
- SSL_kGOST,
- SSL_aGOST01,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- TLS1_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+ TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256
- },
+ 256,
+ },
{
1,
- "GOST2001-NULL-GOST94",
- 0x3000083,
- SSL_kGOST,
- SSL_aGOST01,
- SSL_eNULL,
- SSL_GOST94,
- TLS1_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
- 0,
- 0
- },
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- /* Camellia ciphersuites from RFC4132 (256-bit portion) */
-
- /* Cipher 84 */
+ TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
{
1,
- TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kRSA,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ SSL_kDHE,
SSL_aRSA,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
-
- /* Cipher 87 */
{
1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aDSS,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ SSL_kDHE,
+ SSL_aDSS,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_CK_RSA_WITH_AES_128_CCM,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_CK_RSA_WITH_AES_256_CCM,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
-
- /* Cipher 88 */
{
1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
SSL_kDHE,
SSL_aRSA,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
-
- /* Cipher 89 */
{
1,
- TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_RSA_WITH_AES_128_CCM_8,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_RSA_WITH_AES_256_CCM_8,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
SSL_kDHE,
- SSL_aNULL,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#ifndef OPENSSL_NO_PSK
- /* PSK ciphersuites from RFC 4279 */
- /* Cipher 8A */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
- TLS1_TXT_PSK_WITH_RC4_128_SHA,
- TLS1_CK_PSK_WITH_RC4_128_SHA,
+ TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_CK_PSK_WITH_AES_128_CCM,
SSL_kPSK,
SSL_aPSK,
- SSL_RC4,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
-#endif
-
- /* Cipher 8B */
{
1,
- TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
- TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_CK_PSK_WITH_AES_256_CCM,
SSL_kPSK,
SSL_aPSK,
- SSL_3DES,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
},
-
- /* Cipher 8C */
{
1,
- TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
- TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_PSK_WITH_AES_128_CCM_8,
SSL_kPSK,
SSL_aPSK,
- SSL_AES128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
-
- /* Cipher 8D */
{
1,
- TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
- TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_PSK_WITH_AES_256_CCM_8,
SSL_kPSK,
SSL_aPSK,
- SSL_AES256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
-
- /* Cipher 8E */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
- TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
- TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
- SSL_RC4,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
-#endif
-
- /* Cipher 8F */
{
1,
- TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
- TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+#ifndef OPENSSL_NO_EC
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE,
+ SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -961,14 +967,12 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
- /* Cipher 90 */
{
1,
- TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
- TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
- SSL_kDHEPSK,
- SSL_aPSK,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE,
+ SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -978,14 +982,12 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 91 */
{
1,
- TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
- TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
- SSL_kDHEPSK,
- SSL_aPSK,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE,
+ SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -995,32 +997,26 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher 92 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
- TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
- TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
- SSL_kRSAPSK,
+ TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+ SSL_kECDHE,
SSL_aRSA,
- SSL_RC4,
+ SSL_eNULL,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 0,
+ 0,
},
-#endif
-
- /* Cipher 93 */
{
1,
- TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
- TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
- SSL_kRSAPSK,
+ TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
@@ -1031,13 +1027,11 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
- /* Cipher 94 */
{
1,
- TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
- TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
- SSL_kRSAPSK,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
@@ -1048,13 +1042,11 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 95 */
{
1,
- TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
- TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
- SSL_kRSAPSK,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
@@ -1065,92 +1057,74 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-#endif /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_SEED
- /* SEED ciphersuites from RFC4162 */
-
- /* Cipher 96 */
{
1,
- TLS1_TXT_RSA_WITH_SEED_SHA,
- TLS1_CK_RSA_WITH_SEED_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_SEED,
+ TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+ SSL_kECDHE,
+ SSL_aNULL,
+ SSL_eNULL,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 0,
+ 0,
},
-
- /* Cipher 99 */
{
1,
- TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
- TLS1_CK_DHE_DSS_WITH_SEED_SHA,
- SSL_kDHE,
- SSL_aDSS,
- SSL_SEED,
+ TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE,
+ SSL_aNULL,
+ SSL_3DES,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 112,
+ 168,
},
-
- /* Cipher 9A */
{
1,
- TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
- TLS1_CK_DHE_RSA_WITH_SEED_SHA,
- SSL_kDHE,
- SSL_aRSA,
- SSL_SEED,
+ TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE,
+ SSL_aNULL,
+ SSL_AES128,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher 9B */
{
1,
- TLS1_TXT_ADH_WITH_SEED_SHA,
- TLS1_CK_ADH_WITH_SEED_SHA,
- SSL_kDHE,
+ TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE,
SSL_aNULL,
- SSL_SEED,
+ SSL_AES256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 256,
+ 256,
},
-
-#endif /* OPENSSL_NO_SEED */
-
- /* GCM ciphersuites from RFC5288 */
-
- /* Cipher 9C */
{
1,
- TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES128GCM,
- SSL_AEAD,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128,
+ SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
@@ -1158,16 +1132,14 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 9D */
{
1,
- TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256,
+ SSL_SHA384,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
@@ -1175,16 +1147,14 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher 9E */
{
1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kDHE,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+ SSL_kECDHE,
SSL_aRSA,
- SSL_AES128GCM,
- SSL_AEAD,
+ SSL_AES128,
+ SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
@@ -1192,16 +1162,14 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher 9F */
{
1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kDHE,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+ SSL_kECDHE,
SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
+ SSL_AES256,
+ SSL_SHA384,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
@@ -1209,78 +1177,249 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher A2 */
{
1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
- SSL_kDHE,
- SSL_aDSS,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ SSL_kECDHE,
+ SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
-
- /* Cipher A3 */
{
1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
- SSL_kDHE,
- SSL_aDSS,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ SSL_kECDHE,
+ SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
-
- /* Cipher A6 */
{
1,
- TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
- SSL_kDHE,
- SSL_aNULL,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ SSL_kECDHE,
+ SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
-
- /* Cipher A7 */
{
1,
- TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- SSL_kDHE,
- SSL_aNULL,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ SSL_kECDHE,
+ SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
-#ifndef OPENSSL_NO_PSK
- /* PSK ciphersuites from RFC5487 */
+#endif /* OPENSSL_NO_EC */
- /* Cipher A8 */
+#ifndef OPENSSL_NO_PSK
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_NULL_SHA,
+ TLS1_CK_PSK_WITH_NULL_SHA,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+ TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+ TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 112,
+ 168,
+ },
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 112,
+ 168,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 112,
+ 168,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 256,
+ 256,
+ },
{
1,
TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
@@ -1296,8 +1435,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher A9 */
{
1,
TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
@@ -1313,8 +1450,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher AA */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
@@ -1330,8 +1465,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher AB */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
@@ -1347,8 +1480,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher AC */
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
@@ -1364,8 +1495,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher AD */
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
@@ -1381,8 +1510,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher AE */
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
@@ -1398,8 +1525,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher AF */
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
@@ -1415,8 +1540,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher B0 */
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA256,
@@ -1432,8 +1555,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher B1 */
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA384,
@@ -1449,8 +1570,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher B2 */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
@@ -1466,8 +1585,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher B3 */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
@@ -1483,8 +1600,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher B4 */
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
@@ -1500,8 +1615,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher B5 */
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
@@ -1517,8 +1630,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher B6 */
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
@@ -1534,8 +1645,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher B7 */
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
@@ -1551,8 +1660,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher B8 */
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
@@ -1568,8 +1675,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher B9 */
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
@@ -1585,193 +1690,13 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-#endif /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_CAMELLIA
- /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
-
- /* Cipher BA */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_CAMELLIA128,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher BD */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kEDH,
- SSL_aDSS,
- SSL_CAMELLIA128,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher BE */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kEDH,
- SSL_aRSA,
- SSL_CAMELLIA128,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher BF */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kEDH,
- SSL_aNULL,
- SSL_CAMELLIA128,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C0 */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_CAMELLIA256,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C3 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kEDH,
- SSL_aDSS,
- SSL_CAMELLIA256,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C4 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kEDH,
- SSL_aRSA,
- SSL_CAMELLIA256,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C5 */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
- TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kEDH,
- SSL_aNULL,
- SSL_CAMELLIA256,
- SSL_SHA256,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-#endif
-
-#ifndef OPENSSL_NO_EC
-
- /* Cipher C006 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_eNULL,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C007 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_RC4,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
- /* Cipher C008 */
+# ifndef OPENSSL_NO_EC
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE,
- SSL_aECDSA,
+ TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
SSL_3DES,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -1781,14 +1706,12 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
- /* Cipher C009 */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHE,
- SSL_aECDSA,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
SSL_AES128,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -1798,14 +1721,12 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher C00A */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHE,
- SSL_aECDSA,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
SSL_AES256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -1815,101 +1736,42 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher C010 */
{
1,
- TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_eNULL,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C011 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
- /* Cipher C012 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_3DES,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C013 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHE,
- SSL_aRSA,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
SSL_AES128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ SSL_SHA256,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C014 */
{
1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHE,
- SSL_aRSA,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
SSL_AES256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ SSL_SHA384,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
-
- /* Cipher C015 */
{
1,
- TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
- TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kECDHE,
- SSL_aNULL,
+ TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
@@ -1919,80 +1781,40 @@ static const SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
-
- /* Cipher C016 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kECDHE,
- SSL_aNULL,
- SSL_RC4,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
- /* Cipher C017 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE,
- SSL_aNULL,
- SSL_3DES,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C018 */
{
1,
- TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kECDHE,
- SSL_aNULL,
- SSL_AES128,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA256,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+ SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 0,
+ 0,
},
-
- /* Cipher C019 */
{
1,
- TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kECDHE,
- SSL_aNULL,
- SSL_AES256,
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA384,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
+ SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 0,
+ 0,
},
-#endif /* OPENSSL_NO_EC */
+# endif /* OPENSSL_NO_EC */
+#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
- /* Cipher C01A */
{
1,
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
@@ -2008,8 +1830,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
- /* Cipher C01B */
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
@@ -2025,8 +1845,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
- /* Cipher C01C */
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
@@ -2042,8 +1860,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
-
- /* Cipher C01D */
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
@@ -2059,8 +1875,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher C01E */
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
@@ -2076,8 +1890,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher C01F */
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
@@ -2093,8 +1905,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
-
- /* Cipher C020 */
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
@@ -2110,8 +1920,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher C021 */
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
@@ -2127,8 +1935,6 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-
- /* Cipher C022 */
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
@@ -2144,309 +1950,369 @@ static const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-#endif /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_EC
+#endif /* OPENSSL_NO_SRP */
- /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+# ifndef OPENSSL_NO_RSA
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+# endif /* OPENSSL_NO_RSA */
- /* Cipher C023 */
+# ifndef OPENSSL_NO_EC
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
- SSL_aECDSA,
- SSL_AES128,
- SSL_SHA256,
+ SSL_aRSA,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
+ 256,
+ 256,
},
-
- /* Cipher C024 */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aECDSA,
- SSL_AES256,
- SSL_SHA384,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
+# endif /* OPENSSL_NO_EC */
-
- /* Cipher C027 */
+# ifndef OPENSSL_NO_PSK
{
1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA256,
+ TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
+ 256,
+ 256,
},
-
- /* Cipher C028 */
{
1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA384,
+ TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
-
- /* GCM based TLS v1.2 ciphersuites from RFC5289 */
-
- /* Cipher C02B */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_AES128GCM,
+ TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_CHACHA20POLY1305,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
+ 256,
+ 256,
},
-
- /* Cipher C02C */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_AES256GCM,
+ TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_CHACHA20POLY1305,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
+# endif /* OPENSSL_NO_PSK */
+#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
- /* Cipher C02F */
+#ifndef OPENSSL_NO_CAMELLIA
{
1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHE,
+ TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kRSA,
SSL_aRSA,
- SSL_AES128GCM,
- SSL_AEAD,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
-
- /* Cipher C030 */
{
1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHE,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kEDH,
+ SSL_aDSS,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kEDH,
SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kEDH,
+ SSL_aNULL,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_CAMELLIA256,
+ SSL_SHA256,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
-
- /* PSK ciphersuites from RFC 5489 */
- /* Cipher C033 */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_RC4,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+ SSL_kEDH,
+ SSL_aDSS,
+ SSL_CAMELLIA256,
+ SSL_SHA256,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ SSL_kEDH,
+ SSL_aRSA,
+ SSL_CAMELLIA256,
+ SSL_SHA256,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+ SSL_kEDH,
+ SSL_aNULL,
+ SSL_CAMELLIA256,
+ SSL_SHA256,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_CAMELLIA256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 256,
+ 256,
},
-#endif
-
- /* Cipher C034 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
- TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_3DES,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHE,
+ SSL_aDSS,
+ SSL_CAMELLIA256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
+ 256,
+ 256,
},
-
- /* Cipher C035 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_AES128,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_CAMELLIA256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
+ 256,
+ 256,
},
-
- /* Cipher C036 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_AES256,
+ TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_CAMELLIA256,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
-
- /* Cipher C037 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
- TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_AES128,
- SSL_SHA256,
- TLS1_VERSION, TLS1_2_VERSION,
+ TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_CAMELLIA128,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C038 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
- TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_AES256,
- SSL_SHA384,
- TLS1_VERSION, TLS1_2_VERSION,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHE,
+ SSL_aDSS,
+ SSL_CAMELLIA128,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
-
- /* Cipher C039 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
- TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_eNULL,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_CAMELLIA128,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
+ 128,
+ 128,
},
-
- /* Cipher C03A */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
- TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_eNULL,
- SSL_SHA256,
- TLS1_VERSION, TLS1_2_VERSION,
+ TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_CAMELLIA128,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
+ 128,
+ 128,
},
- /* Cipher C03B */
+# ifndef OPENSSL_NO_EC
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
- TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_eNULL,
- SSL_SHA384,
- TLS1_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 0,
- 0,
- },
-
-# ifndef OPENSSL_NO_CAMELLIA
- { /* Cipher C072 */
- 1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
@@ -2458,9 +2324,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
- 128},
-
- { /* Cipher C073 */
+ 128
+ },
+ {
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
@@ -2473,9 +2339,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256},
-
- { /* Cipher C076 */
+ 256
+ },
+ {
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2488,9 +2354,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
- 128},
-
- { /* Cipher C077 */
+ 128
+ },
+ {
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
@@ -2503,13 +2369,12 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256},
-
-# endif /* OPENSSL_NO_CAMELLIA */
-#endif /* OPENSSL_NO_EC */
+ 256
+ },
+# endif /* OPENSSL_NO_EC */
-#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK)
- { /* Cipher C094 */
+# ifndef OPENSSL_NO_PSK
+ {
1,
TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2522,9 +2387,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
- 128},
-
- { /* Cipher C095 */
+ 128
+ },
+ {
1,
TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@@ -2537,9 +2402,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256},
-
- { /* Cipher C096 */
+ 256
+ },
+ {
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2552,9 +2417,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
- 128},
-
- { /* Cipher C097 */
+ 128
+ },
+ {
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@@ -2567,9 +2432,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256},
-
- { /* Cipher C098 */
+ 256
+ },
+ {
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2582,9 +2447,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
- 128},
-
- { /* Cipher C099 */
+ 128
+ },
+ {
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@@ -2597,9 +2462,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256},
-
- { /* Cipher C09A */
+ 256
+ },
+ {
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2612,9 +2477,9 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
- 128},
-
- { /* Cipher C09B */
+ 128
+ },
+ {
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@@ -2627,502 +2492,333 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
- 256},
-#endif
+ 256
+ },
+# endif /* OPENSSL_NO_PSK */
- /* Cipher C09C */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_128_CCM,
- TLS1_CK_RSA_WITH_AES_128_CCM,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES128CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
+#endif /* OPENSSL_NO_CAMELLIA */
- /* Cipher C09D */
+#ifndef OPENSL_NO_GOST
{
1,
- TLS1_TXT_RSA_WITH_AES_256_CCM,
- TLS1_CK_RSA_WITH_AES_256_CCM,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES256CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ "GOST2001-GOST89-GOST89",
+ 0x3000081,
+ SSL_kGOST,
+ SSL_aGOST01,
+ SSL_eGOST2814789CNT,
+ SSL_GOST89MAC,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
- },
-
- /* Cipher C09E */
+ 256
+ },
{
1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
- TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
- SSL_kDHE,
- SSL_aRSA,
- SSL_AES128CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C09F */
+ "GOST2001-NULL-GOST94",
+ 0x3000083,
+ SSL_kGOST,
+ SSL_aGOST01,
+ SSL_eNULL,
+ SSL_GOST94,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE,
+ SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+ 0,
+ 0
+ },
{
1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
- TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
- SSL_kDHE,
- SSL_aRSA,
- SSL_AES256CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ "GOST2012-GOST8912-GOST8912",
+ 0x0300ff85,
+ SSL_kGOST,
+ SSL_aGOST12 | SSL_aGOST01,
+ SSL_eGOST2814789CNT12,
+ SSL_GOST89MAC12,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256,
- },
+ 256
+ },
+ {
+ 1,
+ "GOST2012-NULL-GOST12",
+ 0x0300ff87,
+ SSL_kGOST,
+ SSL_aGOST12 | SSL_aGOST01,
+ SSL_eNULL,
+ SSL_GOST12_256,
+ TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_STRONG_NONE,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+ 0,
+ 0},
+#endif /* OPENSL_NO_GOST */
- /* Cipher C0A0 */
+#ifndef OPENSSL_NO_IDEA
{
1,
- TLS1_TXT_RSA_WITH_AES_128_CCM_8,
- TLS1_CK_RSA_WITH_AES_128_CCM_8,
+ SSL3_TXT_RSA_IDEA_128_SHA,
+ SSL3_CK_RSA_IDEA_128_SHA,
SSL_kRSA,
SSL_aRSA,
- SSL_AES128CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_IDEA,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_1_VERSION,
+ DTLS1_VERSION, DTLS1_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif
- /* Cipher C0A1 */
+#ifndef OPENSSL_NO_SEED
{
1,
- TLS1_TXT_RSA_WITH_AES_256_CCM_8,
- TLS1_CK_RSA_WITH_AES_256_CCM_8,
+ TLS1_TXT_RSA_WITH_SEED_SHA,
+ TLS1_CK_RSA_WITH_SEED_SHA,
SSL_kRSA,
SSL_aRSA,
- SSL_AES256CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ SSL_SEED,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
-
- /* Cipher C0A2 */
{
1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
- TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+ TLS1_CK_DHE_DSS_WITH_SEED_SHA,
SSL_kDHE,
- SSL_aRSA,
- SSL_AES128CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_aDSS,
+ SSL_SEED,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C0A3 */
{
1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
- TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+ TLS1_CK_DHE_RSA_WITH_SEED_SHA,
SSL_kDHE,
SSL_aRSA,
- SSL_AES256CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C0A4 */
- {
- 1,
- TLS1_TXT_PSK_WITH_AES_128_CCM,
- TLS1_CK_PSK_WITH_AES_128_CCM,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES128CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_SEED,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C0A4 */
{
1,
- TLS1_TXT_PSK_WITH_AES_256_CCM,
- TLS1_CK_PSK_WITH_AES_256_CCM,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES256CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C0A6 */
- {
- 1,
- TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
- TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
- SSL_kDHEPSK,
- SSL_aPSK,
- SSL_AES128CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ TLS1_TXT_ADH_WITH_SEED_SHA,
+ TLS1_CK_ADH_WITH_SEED_SHA,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_SEED,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
+#endif /* OPENSSL_NO_SEED */
- /* Cipher C0A7 */
- {
- 1,
- TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
- TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
- SSL_kDHEPSK,
- SSL_aPSK,
- SSL_AES256CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C0A8 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
- TLS1_TXT_PSK_WITH_AES_128_CCM_8,
- TLS1_CK_PSK_WITH_AES_128_CCM_8,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES128CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL3_TXT_RSA_RC4_128_MD5,
+ SSL3_CK_RSA_RC4_128_MD5,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_MD5,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C0A9 */
{
1,
- TLS1_TXT_PSK_WITH_AES_256_CCM_8,
- TLS1_CK_PSK_WITH_AES_256_CCM_8,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES256CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ SSL3_TXT_RSA_RC4_128_SHA,
+ SSL3_CK_RSA_RC4_128_SHA,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
-
- /* Cipher C0AA */
{
1,
- TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
- TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
- SSL_kDHEPSK,
- SSL_aPSK,
- SSL_AES128CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL3_TXT_ADH_RC4_128_MD5,
+ SSL3_CK_ADH_RC4_128_MD5,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_RC4,
+ SSL_MD5,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
- /* Cipher C0AB */
+# ifndef OPENSSL_NO_EC
{
1,
- TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
- TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
- SSL_kDHEPSK,
+ TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
+ SSL_kECDHEPSK,
SSL_aPSK,
- SSL_AES256CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C0AC */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_AES128CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C0AD */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
- SSL_kECDHE,
- SSL_aECDSA,
- SSL_AES256CCM,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-
- /* Cipher C0AE */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
SSL_kECDHE,
- SSL_aECDSA,
- SSL_AES128CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_aNULL,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
-
- /* Cipher C0AF */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aECDSA,
- SSL_AES256CCM8,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
-# ifndef OPENSSL_NO_EC
- /* Cipher CCA8 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
- SSL_kECDHE,
- SSL_aRSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
- /* Cipher CCA9 */
{
1,
- TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_kECDHE,
- SSL_aECDSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
-# endif
-# ifndef OPENSSL_NO_RSA
- /* Cipher CCAA */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
- SSL_kDHE,
SSL_aRSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
-# endif
+# endif /* OPENSSL_NO_EC */
+
# ifndef OPENSSL_NO_PSK
- /* Cipher CCAB */
{
1,
- TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
- TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_TXT_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_PSK_WITH_RC4_128_SHA,
SSL_kPSK,
SSL_aPSK,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
- /* Cipher CCAC */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
- SSL_kECDHEPSK,
- SSL_aPSK,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
- /* Cipher CCAD */
{
1,
- TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
- TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
SSL_kDHEPSK,
SSL_aPSK,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
- },
- /* Cipher CCAE */
- {
- 1,
- TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
- TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
- SSL_kRSAPSK,
- SSL_aRSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_2_VERSION, TLS1_2_VERSION,
- DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
- 256,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL3_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
},
-# endif
-#endif
-#ifndef OPENSSL_NO_GOST
- {
- 1,
- "GOST2012-GOST8912-GOST8912",
- 0x0300ff85,
- SSL_kGOST,
- SSL_aGOST12 | SSL_aGOST01,
- SSL_eGOST2814789CNT12,
- SSL_GOST89MAC12,
- TLS1_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
- 256,
- 256},
- {
- 1,
- "GOST2012-NULL-GOST12",
- 0x0300ff87,
- SSL_kGOST,
- SSL_aGOST12 | SSL_aGOST01,
- SSL_eNULL,
- SSL_GOST12_256,
- TLS1_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
- SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
- 0,
- 0},
-#endif
+# endif /* OPENSSL_NO_PSK */
+
+#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
-/* end of list */
};
+
+static int cipher_compare(const void *a, const void *b)
+{
+ const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
+ const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
+
+ return ap->id - bp->id;
+}
+
+void ssl_sort_cipher_list(void)
+{
+ qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
+ cipher_compare);
+}
+
+
const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_enc,
n_ssl3_mac,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index f7e9259c93..aaeeb8da27 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -488,7 +488,9 @@ void ssl_load_ciphers(void)
{
size_t i;
const ssl_cipher_table *t;
+
disabled_enc_mask = 0;
+ ssl_sort_cipher_list();
for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
if (t->nid == NID_undef) {
ssl_cipher_methods[i] = NULL;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d01fb5415b..fa0254c809 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1949,6 +1949,7 @@ __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type);
+void ssl_sort_cipher_list(void);
void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-22 19:29:21 +0000