s3_lib.c 119.6 KB
Newer Older
R
Rich Salz 已提交
1
/*
P
Pauli 已提交
2
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 * Copyright 2005 Nokia. All rights reserved.
B
Bodo Möller 已提交
5
 *
R
Rich Salz 已提交
6 7 8 9
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
B
Bodo Möller 已提交
10
 */
R
Rich Salz 已提交
11

12
#include <stdio.h>
13
#include <openssl/objects.h>
14
#include "internal/nelem.h"
15
#include "ssl_locl.h"
16
#include <openssl/md5.h>
R
Rich Salz 已提交
17
#include <openssl/dh.h>
18
#include <openssl/rand.h>
R
Rich Salz 已提交
19
#include "internal/cryptlib.h"
20

D
Dr. Stephen Henson 已提交
21
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
22
#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
23

24 25 26 27 28 29 30 31
/* TLSv1.3 downgrade protection sentinel values */
const unsigned char tls11downgrade[] = {
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
};
const unsigned char tls12downgrade[] = {
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};

R
Rich Salz 已提交
32
/*
R
Rich Salz 已提交
33
 * The list of available ciphers, mostly organized into the following
R
Rich Salz 已提交
34 35 36 37 38
 * groups:
 *      Always there
 *      EC
 *      PSK
 *      SRP (within that: RSA EC PSK)
P
Pauli 已提交
39
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
R
Rich Salz 已提交
40 41
 *      Weak ciphers
 */
E
Emilia Kasper 已提交
42
static SSL_CIPHER ssl3_ciphers[] = {
43 44 45
    {
     1,
     SSL3_TXT_RSA_NULL_MD5,
46
     SSL3_RFC_RSA_NULL_MD5,
47 48 49 50 51
     SSL3_CK_RSA_NULL_MD5,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_MD5,
52
     SSL3_VERSION, TLS1_2_VERSION,
53
     DTLS1_BAD_VER, DTLS1_2_VERSION,
54
     SSL_STRONG_NONE,
55 56 57 58 59 60 61
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     SSL3_TXT_RSA_NULL_SHA,
62
     SSL3_RFC_RSA_NULL_SHA,
63 64 65 66 67
     SSL3_CK_RSA_NULL_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA1,
68
     SSL3_VERSION, TLS1_2_VERSION,
69
     DTLS1_BAD_VER, DTLS1_2_VERSION,
70
     SSL_STRONG_NONE | SSL_FIPS,
71 72 73 74
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
75
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
76 77 78
    {
     1,
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
79
     SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 81 82 83 84
     SSL3_CK_RSA_DES_192_CBC3_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
85
     SSL3_VERSION, TLS1_2_VERSION,
86
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
87
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 89 90 91 92 93 94
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95
     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 97 98 99 100
     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_3DES,
     SSL_SHA1,
101
     SSL3_VERSION, TLS1_2_VERSION,
102
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
103
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 105 106 107 108 109 110
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111
     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 113 114 115 116
     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
117
     SSL3_VERSION, TLS1_2_VERSION,
118
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
119
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 121 122 123 124 125 126
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_ADH_DES_192_CBC_SHA,
127
     SSL3_RFC_ADH_DES_192_CBC_SHA,
128 129 130 131 132
     SSL3_CK_ADH_DES_192_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_3DES,
     SSL_SHA1,
133
     SSL3_VERSION, TLS1_2_VERSION,
134
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
135
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 137 138 139
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
140
#endif
141 142 143
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA,
144
     TLS1_RFC_RSA_WITH_AES_128_SHA,
145 146 147 148 149
     TLS1_CK_RSA_WITH_AES_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
150
     SSL3_VERSION, TLS1_2_VERSION,
151
     DTLS1_BAD_VER, DTLS1_2_VERSION,
152
     SSL_HIGH | SSL_FIPS,
153 154 155 156 157 158 159
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 162 163 164 165
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA1,
166
     SSL3_VERSION, TLS1_2_VERSION,
167
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
168
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 170 171 172 173 174 175
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 178 179 180 181
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
182
     SSL3_VERSION, TLS1_2_VERSION,
183
     DTLS1_BAD_VER, DTLS1_2_VERSION,
184
     SSL_HIGH | SSL_FIPS,
185 186 187 188 189 190 191
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_128_SHA,
192
     TLS1_RFC_ADH_WITH_AES_128_SHA,
193 194 195 196 197
     TLS1_CK_ADH_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA1,
198
     SSL3_VERSION, TLS1_2_VERSION,
199
     DTLS1_BAD_VER, DTLS1_2_VERSION,
200
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 202 203 204 205 206 207
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_256_SHA,
208
     TLS1_RFC_RSA_WITH_AES_256_SHA,
209 210 211 212 213
     TLS1_CK_RSA_WITH_AES_256_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
214
     SSL3_VERSION, TLS1_2_VERSION,
215
     DTLS1_BAD_VER, DTLS1_2_VERSION,
216
     SSL_HIGH | SSL_FIPS,
217 218 219 220 221 222 223
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 226 227 228 229
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA1,
230
     SSL3_VERSION, TLS1_2_VERSION,
231
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
232
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 234 235 236 237 238 239
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 242 243 244 245
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
246
     SSL3_VERSION, TLS1_2_VERSION,
247
     DTLS1_BAD_VER, DTLS1_2_VERSION,
248
     SSL_HIGH | SSL_FIPS,
249 250 251 252 253 254 255
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_256_SHA,
256
     TLS1_RFC_ADH_WITH_AES_256_SHA,
257 258 259 260 261
     TLS1_CK_ADH_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA1,
262
     SSL3_VERSION, TLS1_2_VERSION,
263
     DTLS1_BAD_VER, DTLS1_2_VERSION,
264
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 266 267 268 269 270 271
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_NULL_SHA256,
272
     TLS1_RFC_RSA_WITH_NULL_SHA256,
273 274 275 276 277
     TLS1_CK_RSA_WITH_NULL_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA256,
278 279
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
280
     SSL_STRONG_NONE | SSL_FIPS,
281 282 283 284 285 286 287
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA256,
288
     TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 290 291 292 293
     TLS1_CK_RSA_WITH_AES_128_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
294 295
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
296
     SSL_HIGH | SSL_FIPS,
297 298 299 300 301 302 303
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_256_SHA256,
304
     TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 306 307 308 309
     TLS1_CK_RSA_WITH_AES_256_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA256,
310 311
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
312
     SSL_HIGH | SSL_FIPS,
313 314 315 316 317 318 319
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 322 323 324 325
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA256,
326 327
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
328
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 330 331 332 333 334 335
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 338 339 340 341
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
342 343
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
344
     SSL_HIGH | SSL_FIPS,
345 346 347 348 349 350 351
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 354 355 356 357
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA256,
358 359
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
360
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 362 363 364 365 366 367
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 370 371 372 373
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA256,
374 375
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
376
     SSL_HIGH | SSL_FIPS,
377 378 379 380 381 382 383
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_128_SHA256,
384
     TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 386 387 388 389
     TLS1_CK_ADH_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA256,
390 391
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
392
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 394 395 396 397 398 399
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_256_SHA256,
400
     TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 402 403 404 405
     TLS1_CK_ADH_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA256,
406 407
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
408
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 410 411 412 413 414
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
415
     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416
     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
417 418 419 420 421 422 423 424 425 426 427 428
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
429 430
    {
     1,
R
Rich Salz 已提交
431
     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432
     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
433
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
434 435
     SSL_kRSA,
     SSL_aRSA,
R
Rich Salz 已提交
436 437 438 439 440 441
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
442 443 444 445 446
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
447
     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448
     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
449
     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
450
     SSL_kDHE,
R
Rich Salz 已提交
451 452 453 454 455 456 457 458 459
     SSL_aRSA,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
460 461 462
     },
    {
     1,
R
Rich Salz 已提交
463
     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464
     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
465
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
466 467
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
468 469 470 471 472 473
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
474 475 476 477 478
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
479
     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480
     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
481
     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
482
     SSL_kDHE,
R
Rich Salz 已提交
483 484 485 486 487 488 489
     SSL_aDSS,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
490 491 492 493 494
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
495
     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496
     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
497 498 499 500 501 502 503 504 505 506 507
     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
508 509 510
     },
    {
     1,
R
Rich Salz 已提交
511
     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512
     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
513 514 515 516 517 518 519 520 521
     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
522 523 524 525 526
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
527
     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528
     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
529 530 531 532 533 534 535 536 537
     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
538 539 540
     256,
     256,
     },
541 542
    {
     1,
R
Rich Salz 已提交
543
     TLS1_TXT_RSA_WITH_AES_128_CCM,
544
     TLS1_RFC_RSA_WITH_AES_128_CCM,
R
Rich Salz 已提交
545 546 547 548 549 550 551 552 553
     TLS1_CK_RSA_WITH_AES_128_CCM,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554 555 556 557 558
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
559
     TLS1_TXT_RSA_WITH_AES_256_CCM,
560
     TLS1_RFC_RSA_WITH_AES_256_CCM,
R
Rich Salz 已提交
561 562 563 564 565 566 567 568 569 570 571
     TLS1_CK_RSA_WITH_AES_256_CCM,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
572 573 574
     },
    {
     1,
R
Rich Salz 已提交
575
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
R
Rich Salz 已提交
577 578 579 580 581 582 583 584 585
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
586 587 588 589 590
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
591
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
R
Rich Salz 已提交
593 594 595 596 597 598 599 600 601
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
602 603 604 605 606
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
607
     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608
     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
609 610
     TLS1_CK_RSA_WITH_AES_128_CCM_8,
     SSL_kRSA,
611
     SSL_aRSA,
R
Rich Salz 已提交
612
     SSL_AES128CCM8,
613
     SSL_AEAD,
614 615
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
616
     SSL_NOT_DEFAULT | SSL_HIGH,
617 618 619 620 621 622
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
623
     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624
     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
625
     TLS1_CK_RSA_WITH_AES_256_CCM_8,
626 627
     SSL_kRSA,
     SSL_aRSA,
R
Rich Salz 已提交
628
     SSL_AES256CCM8,
629
     SSL_AEAD,
630 631
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
632 633
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
634 635 636 637 638
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
639
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
641
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
642 643
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
644
     SSL_AES128CCM8,
645
     SSL_AEAD,
646 647
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
648
     SSL_NOT_DEFAULT | SSL_HIGH,
649 650 651 652 653 654
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
655
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
657
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
658 659
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
660
     SSL_AES256CCM8,
661
     SSL_AEAD,
662 663
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
664 665
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
666 667 668 669 670
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
671
     TLS1_TXT_PSK_WITH_AES_128_CCM,
672
     TLS1_RFC_PSK_WITH_AES_128_CCM,
R
Rich Salz 已提交
673 674 675 676
     TLS1_CK_PSK_WITH_AES_128_CCM,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES128CCM,
677
     SSL_AEAD,
678 679
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
680
     SSL_NOT_DEFAULT | SSL_HIGH,
681 682 683 684 685 686
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
687
     TLS1_TXT_PSK_WITH_AES_256_CCM,
688
     TLS1_RFC_PSK_WITH_AES_256_CCM,
R
Rich Salz 已提交
689 690 691 692
     TLS1_CK_PSK_WITH_AES_256_CCM,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256CCM,
693
     SSL_AEAD,
694 695
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
696 697
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 699 700 701 702
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
703
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
R
Rich Salz 已提交
705 706 707 708
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128CCM,
709
     SSL_AEAD,
710 711
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
712
     SSL_NOT_DEFAULT | SSL_HIGH,
713 714 715 716 717 718
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
719
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
R
Rich Salz 已提交
721 722 723 724
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256CCM,
725
     SSL_AEAD,
726 727
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
728 729
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
730 731 732
     256,
     256,
     },
733 734
    {
     1,
R
Rich Salz 已提交
735
     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736
     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
737
     TLS1_CK_PSK_WITH_AES_128_CCM_8,
738 739
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
740
     SSL_AES128CCM8,
741
     SSL_AEAD,
742 743
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
744
     SSL_NOT_DEFAULT | SSL_HIGH,
745 746 747 748 749 750
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
751
     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752
     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
753
     TLS1_CK_PSK_WITH_AES_256_CCM_8,
754 755
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
756
     SSL_AES256CCM8,
757
     SSL_AEAD,
758 759
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
760 761
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
762 763 764
     256,
     256,
     },
765 766
    {
     1,
R
Rich Salz 已提交
767
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
769
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
770 771
     SSL_kDHEPSK,
     SSL_aPSK,
R
Rich Salz 已提交
772
     SSL_AES128CCM8,
773
     SSL_AEAD,
774 775
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
776
     SSL_NOT_DEFAULT | SSL_HIGH,
777 778 779 780 781 782
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
783
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
785 786
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
     SSL_kDHEPSK,
787
     SSL_aPSK,
R
Rich Salz 已提交
788
     SSL_AES256CCM8,
789
     SSL_AEAD,
790 791
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
792 793
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
794 795 796 797 798
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
799
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
R
Rich Salz 已提交
801 802 803 804
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128CCM,
805
     SSL_AEAD,
806 807
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
808
     SSL_NOT_DEFAULT | SSL_HIGH,
809 810 811 812 813 814
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
815
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
R
Rich Salz 已提交
817 818 819 820
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256CCM,
821
     SSL_AEAD,
822 823
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
824 825
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
826 827 828 829 830
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
831
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
833 834 835 836 837 838 839 840 841
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128CCM8,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
842 843 844 845 846
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
847
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
849 850 851 852 853 854 855 856 857
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256CCM8,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
858 859 860
     256,
     256,
     },
861 862 863
    {
     1,
     TLS1_3_TXT_AES_128_GCM_SHA256,
864
     TLS1_3_RFC_AES_128_GCM_SHA256,
865
     TLS1_3_CK_AES_128_GCM_SHA256,
D
Dr. Stephen Henson 已提交
866
     0, 0,
867 868 869
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
870 871 872 873 874 875 876 877 878 879
     SSL_kANY,
     SSL_aANY,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_3_TXT_AES_256_GCM_SHA384,
880
     TLS1_3_RFC_AES_256_GCM_SHA384,
881 882 883 884 885 886
     TLS1_3_CK_AES_256_GCM_SHA384,
     SSL_kANY,
     SSL_aANY,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
887 888
     0, 0,
     SSL_HIGH,
889 890 891 892 893 894 895 896
     SSL_HANDSHAKE_MAC_SHA384,
     256,
     256,
     },
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
    {
     1,
     TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897
     TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913
     TLS1_3_CK_CHACHA20_POLY1305_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     256,
     256,
     },
#endif
    {
     1,
     TLS1_3_TXT_AES_128_CCM_SHA256,
914
     TLS1_3_RFC_AES_128_CCM_SHA256,
915 916 917 918 919 920 921 922 923 924 925 926 927 928 929
     TLS1_3_CK_AES_128_CCM_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_3_TXT_AES_128_CCM_8_SHA256,
930
     TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 932 933 934 935 936 937 938 939
     TLS1_3_CK_AES_128_CCM_8_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_AES128CCM8,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
940 941 942
     128,
     128,
     },
943

R
Rich Salz 已提交
944
#ifndef OPENSSL_NO_EC
945 946
    {
     1,
R
Rich Salz 已提交
947
     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
948
     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
R
Rich Salz 已提交
949 950 951
     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
952
     SSL_eNULL,
R
Rich Salz 已提交
953
     SSL_SHA1,
T
Todd Short 已提交
954
     TLS1_VERSION, TLS1_2_VERSION,
955
     DTLS1_BAD_VER, DTLS1_2_VERSION,
956
     SSL_STRONG_NONE | SSL_FIPS,
957 958 959 960
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
961
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
962 963
    {
     1,
R
Rich Salz 已提交
964
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965
     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
R
Rich Salz 已提交
966 967 968 969 970
     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
971
     TLS1_VERSION, TLS1_2_VERSION,
972
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
973
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
974 975 976
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
977
     },
978
# endif
979 980
    {
     1,
R
Rich Salz 已提交
981
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
983 984 985
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
986
     SSL_AES128,
R
Rich Salz 已提交
987
     SSL_SHA1,
T
Todd Short 已提交
988
     TLS1_VERSION, TLS1_2_VERSION,
989
     DTLS1_BAD_VER, DTLS1_2_VERSION,
990
     SSL_HIGH | SSL_FIPS,
991 992 993 994 995 996
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
997
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
999 1000 1001
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
1002
     SSL_AES256,
R
Rich Salz 已提交
1003
     SSL_SHA1,
T
Todd Short 已提交
1004
     TLS1_VERSION, TLS1_2_VERSION,
1005
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1006
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1007
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1008 1009 1010 1011 1012
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1013
     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1014
     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
R
Rich Salz 已提交
1015 1016 1017
     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aRSA,
1018
     SSL_eNULL,
R
Rich Salz 已提交
1019
     SSL_SHA1,
T
Todd Short 已提交
1020
     TLS1_VERSION, TLS1_2_VERSION,
1021
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1022
     SSL_STRONG_NONE | SSL_FIPS,
1023 1024 1025 1026
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1027
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1028 1029
    {
     1,
R
Rich Salz 已提交
1030
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031
     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
R
Rich Salz 已提交
1032 1033 1034 1035 1036
     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
1037
     TLS1_VERSION, TLS1_2_VERSION,
1038
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1039
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
1040 1041 1042
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
1043
     },
1044
# endif
1045 1046
    {
     1,
R
Rich Salz 已提交
1047
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1049 1050
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
1051 1052
     SSL_aRSA,
     SSL_AES128,
R
Rich Salz 已提交
1053
     SSL_SHA1,
T
Todd Short 已提交
1054
     TLS1_VERSION, TLS1_2_VERSION,
1055
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1056
     SSL_HIGH | SSL_FIPS,
1057 1058 1059 1060 1061 1062
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1063
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1065 1066
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
1067 1068
     SSL_aRSA,
     SSL_AES256,
R
Rich Salz 已提交
1069
     SSL_SHA1,
T
Todd Short 已提交
1070
     TLS1_VERSION, TLS1_2_VERSION,
1071
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1072
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1073
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1074 1075 1076 1077 1078
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1079
     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1080
     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
R
Rich Salz 已提交
1081 1082 1083
     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aNULL,
1084
     SSL_eNULL,
R
Rich Salz 已提交
1085
     SSL_SHA1,
T
Todd Short 已提交
1086
     TLS1_VERSION, TLS1_2_VERSION,
1087
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1088
     SSL_STRONG_NONE | SSL_FIPS,
1089 1090 1091 1092
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1093
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1094 1095
    {
     1,
R
Rich Salz 已提交
1096
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097
     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
R
Rich Salz 已提交
1098 1099 1100 1101 1102
     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
1103
     TLS1_VERSION, TLS1_2_VERSION,
1104
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1105
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
1106 1107 1108
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
1109
     },
1110
# endif
1111 1112
    {
     1,
R
Rich Salz 已提交
1113
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1114
     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1115 1116 1117 1118 1119
     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA1,
T
Todd Short 已提交
1120
     TLS1_VERSION, TLS1_2_VERSION,
1121
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1122 1123 1124 1125 1126
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
1127 1128
    {
     1,
R
Rich Salz 已提交
1129
     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1130
     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1131 1132 1133 1134 1135
     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA1,
T
Todd Short 已提交
1136
     TLS1_VERSION, TLS1_2_VERSION,
1137
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1138 1139 1140 1141 1142 1143 1144 1145
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
R
Rich Salz 已提交
1147 1148 1149 1150
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128,
1151
     SSL_SHA256,
1152 1153
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1154
     SSL_HIGH | SSL_FIPS,
1155 1156 1157 1158 1159 1160
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1161
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
R
Rich Salz 已提交
1163 1164 1165 1166 1167
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256,
     SSL_SHA384,
1168 1169
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1170 1171 1172 1173
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1174 1175 1176
     },
    {
     1,
R
Rich Salz 已提交
1177
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1178
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
R
Rich Salz 已提交
1179 1180 1181 1182
     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_AES128,
1183
     SSL_SHA256,
1184 1185
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1186
     SSL_HIGH | SSL_FIPS,
1187 1188 1189 1190 1191 1192
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1193
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1194
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
R
Rich Salz 已提交
1195 1196
     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
     SSL_kECDHE,
1197
     SSL_aRSA,
R
Rich Salz 已提交
1198 1199
     SSL_AES256,
     SSL_SHA384,
1200 1201
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1202 1203
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1204 1205 1206 1207 1208
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1209
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1211 1212 1213 1214 1215
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128GCM,
     SSL_AEAD,
1216 1217
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1218
     SSL_HIGH | SSL_FIPS,
1219
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
R
Rich Salz 已提交
1220 1221 1222 1223 1224 1225
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1227 1228 1229 1230 1231 1232 1233 1234 1235
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1236 1237 1238 1239 1240
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1241
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1243 1244
     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     SSL_kECDHE,
1245
     SSL_aRSA,
R
Rich Salz 已提交
1246 1247
     SSL_AES128GCM,
     SSL_AEAD,
1248 1249
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1250
     SSL_HIGH | SSL_FIPS,
1251
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
R
Rich Salz 已提交
1252 1253
     128,
     128,
1254 1255 1256
     },
    {
     1,
R
Rich Salz 已提交
1257
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1259 1260 1261 1262 1263
     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_AES256GCM,
     SSL_AEAD,
1264 1265
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1266 1267
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1268 1269 1270
     256,
     256,
     },
E
Emilia Kasper 已提交
1271
#endif                          /* OPENSSL_NO_EC */
1272

R
Rich Salz 已提交
1273
#ifndef OPENSSL_NO_PSK
1274 1275
    {
     1,
R
Rich Salz 已提交
1276
     TLS1_TXT_PSK_WITH_NULL_SHA,
1277
     TLS1_RFC_PSK_WITH_NULL_SHA,
R
Rich Salz 已提交
1278 1279 1280
     TLS1_CK_PSK_WITH_NULL_SHA,
     SSL_kPSK,
     SSL_aPSK,
1281 1282
     SSL_eNULL,
     SSL_SHA1,
1283
     SSL3_VERSION, TLS1_2_VERSION,
1284
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1285
     SSL_STRONG_NONE | SSL_FIPS,
1286 1287 1288 1289 1290 1291
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
R
Rich Salz 已提交
1292
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
R
Rich Salz 已提交
1294 1295 1296 1297
     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1298
     SSL_SHA1,
1299
     SSL3_VERSION, TLS1_2_VERSION,
1300
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1301
     SSL_STRONG_NONE | SSL_FIPS,
1302
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1303 1304
     0,
     0,
1305 1306 1307
     },
    {
     1,
R
Rich Salz 已提交
1308
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
R
Rich Salz 已提交
1310 1311 1312 1313 1314 1315
     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1316
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1317 1318 1319 1320 1321
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1322
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1323 1324 1325
    {
     1,
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326
     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1327 1328 1329
     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1330 1331
     SSL_3DES,
     SSL_SHA1,
1332
     SSL3_VERSION, TLS1_2_VERSION,
1333
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1334
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335 1336 1337 1338
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1339
# endif
1340 1341
    {
     1,
R
Rich Salz 已提交
1342
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1344 1345 1346
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1347 1348
     SSL_AES128,
     SSL_SHA1,
1349
     SSL3_VERSION, TLS1_2_VERSION,
1350
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1351
     SSL_HIGH | SSL_FIPS,
1352 1353 1354 1355 1356 1357
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1358
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1360 1361 1362
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1363 1364
     SSL_AES256,
     SSL_SHA1,
1365
     SSL3_VERSION, TLS1_2_VERSION,
1366
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1367
     SSL_HIGH | SSL_FIPS,
1368 1369 1370 1371
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
1372
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373 1374
    {
     1,
R
Rich Salz 已提交
1375
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376
     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1377 1378 1379 1380
     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_3DES,
1381
     SSL_SHA1,
1382
     SSL3_VERSION, TLS1_2_VERSION,
1383
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1384
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1386 1387
     112,
     168,
1388
     },
1389
# endif
1390 1391
    {
     1,
R
Rich Salz 已提交
1392
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1394 1395 1396 1397 1398 1399
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1400
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1401
     SSL_HIGH | SSL_FIPS,
1402 1403 1404 1405 1406 1407
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1408
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1410 1411 1412 1413 1414 1415
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1416
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1417 1418 1419 1420 1421
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
1422
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1423 1424 1425
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426
     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1427 1428
     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kRSAPSK,
1429 1430 1431
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
1432
     SSL3_VERSION, TLS1_2_VERSION,
1433
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1434
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435 1436 1437 1438
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1439
# endif
1440 1441
    {
     1,
R
Rich Salz 已提交
1442
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1444 1445
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
     SSL_kRSAPSK,
1446 1447 1448
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
1449
     SSL3_VERSION, TLS1_2_VERSION,
1450
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1451
     SSL_HIGH | SSL_FIPS,
1452 1453 1454 1455 1456 1457
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1458
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1460 1461
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
     SSL_kRSAPSK,
1462 1463 1464
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
1465
     SSL3_VERSION, TLS1_2_VERSION,
1466
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1467
     SSL_HIGH | SSL_FIPS,
1468 1469 1470 1471 1472 1473
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1474
     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475
     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1476 1477 1478 1479 1480 1481 1482 1483 1484
     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485 1486 1487 1488 1489
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1490
     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491
     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502
     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1503 1504 1505
     },
    {
     1,
R
Rich Salz 已提交
1506
     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507
     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1508 1509 1510 1511 1512 1513 1514 1515 1516
     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1517 1518 1519 1520 1521
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1522
     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523
     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1524 1525 1526 1527 1528 1529 1530 1531 1532
     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 1534 1535 1536 1537
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1538
     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539
     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1540 1541
     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kRSAPSK,
1542
     SSL_aRSA,
R
Rich Salz 已提交
1543 1544 1545 1546 1547 1548 1549 1550
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
1551 1552 1553
     },
    {
     1,
R
Rich Salz 已提交
1554
     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555
     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566
     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1567 1568 1569
     },
    {
     1,
R
Rich Salz 已提交
1570
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
R
Rich Salz 已提交
1572 1573 1574
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kPSK,
     SSL_aPSK,
1575
     SSL_AES128,
R
Rich Salz 已提交
1576 1577
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1578
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1579
     SSL_HIGH | SSL_FIPS,
1580 1581 1582 1583 1584 1585
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1586
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
R
Rich Salz 已提交
1588 1589 1590 1591 1592 1593
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1594
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1595 1596 1597 1598
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1599 1600 1601
     },
    {
     1,
R
Rich Salz 已提交
1602
     TLS1_TXT_PSK_WITH_NULL_SHA256,
1603
     TLS1_RFC_PSK_WITH_NULL_SHA256,
R
Rich Salz 已提交
1604 1605 1606 1607 1608 1609
     TLS1_CK_PSK_WITH_NULL_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1610
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1611
     SSL_STRONG_NONE | SSL_FIPS,
1612
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1613 1614
     0,
     0,
1615 1616 1617
     },
    {
     1,
R
Rich Salz 已提交
1618
     TLS1_TXT_PSK_WITH_NULL_SHA384,
1619
     TLS1_RFC_PSK_WITH_NULL_SHA384,
R
Rich Salz 已提交
1620 1621 1622 1623 1624 1625
     TLS1_CK_PSK_WITH_NULL_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1626
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1627 1628 1629 1630
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     0,
     0,
1631 1632 1633
     },
    {
     1,
R
Rich Salz 已提交
1634
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
R
Rich Salz 已提交
1636 1637 1638 1639 1640 1641
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1642
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1643
     SSL_HIGH | SSL_FIPS,
1644
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1645 1646
     128,
     128,
1647 1648 1649
     },
    {
     1,
R
Rich Salz 已提交
1650
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
R
Rich Salz 已提交
1652 1653 1654
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
1655
     SSL_AES256,
R
Rich Salz 已提交
1656 1657
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1658
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1659 1660
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1661 1662 1663 1664 1665
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1666
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
R
Rich Salz 已提交
1668 1669 1670 1671
     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1672
     SSL_SHA256,
R
Rich Salz 已提交
1673
     TLS1_VERSION, TLS1_2_VERSION,
1674
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1675 1676 1677 1678
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
1679 1680 1681
     },
    {
     1,
R
Rich Salz 已提交
1682
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
R
Rich Salz 已提交
1684 1685 1686 1687
     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1688
     SSL_SHA384,
R
Rich Salz 已提交
1689
     TLS1_VERSION, TLS1_2_VERSION,
1690
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1691
     SSL_STRONG_NONE | SSL_FIPS,
1692
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
R
Rich Salz 已提交
1693 1694
     0,
     0,
1695 1696 1697
     },
    {
     1,
R
Rich Salz 已提交
1698
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
R
Rich Salz 已提交
1700 1701
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kRSAPSK,
1702 1703 1704
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
R
Rich Salz 已提交
1705
     TLS1_VERSION, TLS1_2_VERSION,
1706
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1707
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1708
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709 1710 1711 1712 1713
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1714
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
R
Rich Salz 已提交
1716 1717
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kRSAPSK,
1718 1719 1720
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA384,
R
Rich Salz 已提交
1721
     TLS1_VERSION, TLS1_2_VERSION,
1722
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1723
     SSL_HIGH | SSL_FIPS,
1724 1725 1726 1727 1728 1729
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1730
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
R
Rich Salz 已提交
1732 1733
     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
     SSL_kRSAPSK,
1734
     SSL_aRSA,
R
Rich Salz 已提交
1735 1736 1737
     SSL_eNULL,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1738
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1739 1740 1741 1742
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
1743 1744 1745
     },
    {
     1,
R
Rich Salz 已提交
1746
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
R
Rich Salz 已提交
1748 1749
     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
     SSL_kRSAPSK,
1750
     SSL_aRSA,
R
Rich Salz 已提交
1751 1752 1753
     SSL_eNULL,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1754
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1755
     SSL_STRONG_NONE | SSL_FIPS,
1756
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
R
Rich Salz 已提交
1757 1758
     0,
     0,
1759
     },
R
Rich Salz 已提交
1760
# ifndef OPENSSL_NO_EC
1761
#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1762 1763 1764
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765
     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 1767 1768 1769 1770
     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
1771
     TLS1_VERSION, TLS1_2_VERSION,
1772
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1773
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774 1775 1776 1777
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1778
#  endif
1779 1780 1781
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 1784 1785 1786 1787
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA1,
T
Todd Short 已提交
1788
     TLS1_VERSION, TLS1_2_VERSION,
1789
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1790
     SSL_HIGH | SSL_FIPS,
1791 1792 1793 1794 1795 1796 1797
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 1800 1801 1802 1803
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA1,
T
Todd Short 已提交
1804
     TLS1_VERSION, TLS1_2_VERSION,
1805
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1806
     SSL_HIGH | SSL_FIPS,
1807 1808 1809 1810 1811 1812 1813
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 1816 1817 1818 1819
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA256,
1820
     TLS1_VERSION, TLS1_2_VERSION,
1821
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1822
     SSL_HIGH | SSL_FIPS,
1823 1824 1825 1826 1827 1828 1829
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 1832 1833 1834 1835
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA384,
1836
     TLS1_VERSION, TLS1_2_VERSION,
1837
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1838
     SSL_HIGH | SSL_FIPS,
1839 1840 1841 1842 1843 1844 1845
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847 1848 1849 1850 1851
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA1,
T
Todd Short 已提交
1852
     TLS1_VERSION, TLS1_2_VERSION,
1853
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1854
     SSL_STRONG_NONE | SSL_FIPS,
1855 1856 1857 1858 1859 1860 1861
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863 1864 1865 1866 1867
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA256,
1868
     TLS1_VERSION, TLS1_2_VERSION,
1869
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1870
     SSL_STRONG_NONE | SSL_FIPS,
1871 1872 1873 1874 1875 1876 1877
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879 1880 1881 1882 1883
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA384,
1884
     TLS1_VERSION, TLS1_2_VERSION,
1885
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1886
     SSL_STRONG_NONE | SSL_FIPS,
1887 1888 1889 1890
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     0,
     0,
     },
E
Emilia Kasper 已提交
1891 1892
# endif                         /* OPENSSL_NO_EC */
#endif                          /* OPENSSL_NO_PSK */
1893

R
Rich Salz 已提交
1894
#ifndef OPENSSL_NO_SRP
1895
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1896 1897 1898
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899
     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1900 1901 1902 1903 1904 1905
     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1906
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1907
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1908 1909 1910 1911 1912 1913 1914
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915
     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1916 1917 1918 1919 1920 1921
     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1922
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1923
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1924 1925 1926 1927 1928 1929 1930
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931
     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1932 1933 1934 1935 1936 1937
     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1938
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1939
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1940 1941 1942 1943
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1944
# endif
R
Rich Salz 已提交
1945 1946 1947
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948
     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1949 1950 1951 1952 1953 1954
     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1955
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1956 1957 1958 1959 1960 1961 1962 1963
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1965 1966 1967 1968 1969 1970
     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1971
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1972 1973 1974 1975 1976 1977 1978 1979
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1981 1982 1983 1984 1985 1986
     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1987
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1988 1989 1990 1991 1992 1993 1994 1995
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996
     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1997 1998 1999 2000 2001 2002
     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2003
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2004 2005 2006 2007 2008 2009 2010 2011
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
2013 2014 2015 2016 2017 2018
     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2019
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2020 2021 2022 2023 2024 2025 2026 2027
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
2029 2030 2031 2032 2033 2034
     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2035
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2036 2037 2038 2039 2040
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
E
Emilia Kasper 已提交
2041
#endif                          /* OPENSSL_NO_SRP */
R
Rich Salz 已提交
2042 2043 2044 2045 2046 2047

#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# ifndef OPENSSL_NO_RSA
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2048
     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060
     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2061
# endif                         /* OPENSSL_NO_RSA */
R
Rich Salz 已提交
2062 2063 2064 2065 2066

# ifndef OPENSSL_NO_EC
    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2067
     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2083
     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2096
# endif                         /* OPENSSL_NO_EC */
R
Rich Salz 已提交
2097 2098 2099 2100 2101

# ifndef OPENSSL_NO_PSK
    {
     1,
     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2102
     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117
     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2118
     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133
     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2134
     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149
     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2150
     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162
     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2163 2164 2165
# endif                         /* OPENSSL_NO_PSK */
#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
                                 * !defined(OPENSSL_NO_POLY1305) */
R
Rich Salz 已提交
2166 2167 2168 2169 2170

#ifndef OPENSSL_NO_CAMELLIA
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2171
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2187
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aDSS,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2203
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2219
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aNULL,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2235
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2251
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aDSS,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2267
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2283
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aNULL,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2299
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2300 2301 2302 2303 2304 2305
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2306
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2307 2308 2309 2310 2311 2312 2313 2314
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2315
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2316 2317 2318 2319 2320 2321
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2322
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2323 2324 2325 2326 2327 2328 2329 2330
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2331
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2332 2333 2334 2335 2336 2337
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2338
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2339 2340 2341 2342 2343 2344 2345 2346
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2347
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2348 2349 2350 2351 2352 2353
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2354
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2355 2356 2357 2358 2359 2360 2361 2362
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2363
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2364 2365 2366 2367 2368 2369
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2370
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2371 2372 2373 2374 2375 2376 2377 2378
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2379
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2380 2381 2382 2383 2384 2385
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2386
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2387 2388 2389 2390 2391 2392 2393 2394
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2395
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2396 2397 2398 2399 2400 2401
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2402
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2403 2404 2405 2406 2407 2408 2409 2410
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2411
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2412 2413 2414 2415 2416 2417
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2418
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2419 2420 2421 2422 2423 2424 2425 2426
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },

# ifndef OPENSSL_NO_EC
    {
2427 2428
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2429
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430 2431 2432 2433 2434
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2435 2436
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2437
     SSL_NOT_DEFAULT | SSL_HIGH,
2438 2439
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
E
Emilia Kasper 已提交
2440 2441
     128,
     },
R
Rich Salz 已提交
2442
    {
2443 2444
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2445
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446 2447 2448 2449 2450
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2451 2452
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2453
     SSL_NOT_DEFAULT | SSL_HIGH,
2454 2455
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2456 2457
     256,
     },
R
Rich Salz 已提交
2458
    {
2459 2460
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2461
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 2463 2464 2465 2466
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2467 2468
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2469
     SSL_NOT_DEFAULT | SSL_HIGH,
2470 2471
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
E
Emilia Kasper 已提交
2472 2473
     128,
     },
R
Rich Salz 已提交
2474
    {
2475 2476
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2477
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 2479 2480 2481 2482
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2483 2484
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2485
     SSL_NOT_DEFAULT | SSL_HIGH,
2486 2487
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2488 2489 2490
     256,
     },
# endif                         /* OPENSSL_NO_EC */
B
Ben Laurie 已提交
2491

R
Rich Salz 已提交
2492 2493
# ifndef OPENSSL_NO_PSK
    {
2494 2495
     1,
     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2496
     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497 2498 2499 2500 2501
     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CAMELLIA128,
     SSL_SHA256,
2502
     TLS1_VERSION, TLS1_2_VERSION,
2503
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2504
     SSL_NOT_DEFAULT | SSL_HIGH,
2505 2506
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2507 2508
     128,
     },
R
Rich Salz 已提交
2509
    {
2510 2511
     1,
     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2512
     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513 2514 2515 2516 2517
     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CAMELLIA256,
     SSL_SHA384,
2518
     TLS1_VERSION, TLS1_2_VERSION,
2519
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2520
     SSL_NOT_DEFAULT | SSL_HIGH,
2521 2522
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2523 2524
     256,
     },
R
Rich Salz 已提交
2525
    {
2526 2527
     1,
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 2530 2531 2532 2533
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CAMELLIA128,
     SSL_SHA256,
2534
     TLS1_VERSION, TLS1_2_VERSION,
2535
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2536
     SSL_NOT_DEFAULT | SSL_HIGH,
2537 2538
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2539 2540
     128,
     },
R
Rich Salz 已提交
2541
    {
2542 2543
     1,
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 2546 2547 2548 2549
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CAMELLIA256,
     SSL_SHA384,
2550
     TLS1_VERSION, TLS1_2_VERSION,
2551
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2552
     SSL_NOT_DEFAULT | SSL_HIGH,
2553 2554
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2555 2556
     256,
     },
R
Rich Salz 已提交
2557
    {
2558 2559
     1,
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 2562 2563 2564 2565
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2566
     TLS1_VERSION, TLS1_2_VERSION,
2567
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2568
     SSL_NOT_DEFAULT | SSL_HIGH,
2569 2570
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2571 2572
     128,
     },
R
Rich Salz 已提交
2573
    {
2574 2575
     1,
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 2578 2579 2580 2581
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2582
     TLS1_VERSION, TLS1_2_VERSION,
2583
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2584
     SSL_NOT_DEFAULT | SSL_HIGH,
2585 2586
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2587 2588
     256,
     },
2589 2590
    {
     1,
R
Rich Salz 已提交
2591
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2593 2594
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHEPSK,
2595
     SSL_aPSK,
R
Rich Salz 已提交
2596 2597 2598
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
2599
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2600
     SSL_NOT_DEFAULT | SSL_HIGH,
R
Rich Salz 已提交
2601
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602
     128,
E
Emilia Kasper 已提交
2603 2604
     128,
     },
2605 2606
    {
     1,
R
Rich Salz 已提交
2607
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
R
Rich Salz 已提交
2609 2610
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHEPSK,
2611
     SSL_aPSK,
R
Rich Salz 已提交
2612 2613 2614
     SSL_CAMELLIA256,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
2615
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2616
     SSL_NOT_DEFAULT | SSL_HIGH,
R
Rich Salz 已提交
2617
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2618
     256,
E
Emilia Kasper 已提交
2619 2620 2621
     256,
     },
# endif                         /* OPENSSL_NO_PSK */
2622

E
Emilia Kasper 已提交
2623
#endif                          /* OPENSSL_NO_CAMELLIA */
2624

P
Pauli 已提交
2625
#ifndef OPENSSL_NO_GOST
2626 2627
    {
     1,
R
Rich Salz 已提交
2628
     "GOST2001-GOST89-GOST89",
2629
     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
R
Rich Salz 已提交
2630 2631 2632 2633 2634 2635
     0x3000081,
     SSL_kGOST,
     SSL_aGOST01,
     SSL_eGOST2814789CNT,
     SSL_GOST89MAC,
     TLS1_VERSION, TLS1_2_VERSION,
2636
     0, 0,
R
Rich Salz 已提交
2637 2638
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2639
     256,
E
Emilia Kasper 已提交
2640 2641
     256,
     },
R
Rich Salz 已提交
2642 2643 2644
    {
     1,
     "GOST2001-NULL-GOST94",
2645
     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
R
Rich Salz 已提交
2646 2647 2648 2649 2650 2651
     0x3000083,
     SSL_kGOST,
     SSL_aGOST01,
     SSL_eNULL,
     SSL_GOST94,
     TLS1_VERSION, TLS1_2_VERSION,
2652
     0, 0,
R
Rich Salz 已提交
2653 2654 2655
     SSL_STRONG_NONE,
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
     0,
E
Emilia Kasper 已提交
2656 2657
     0,
     },
R
Rich Salz 已提交
2658 2659 2660
    {
     1,
     "GOST2012-GOST8912-GOST8912",
2661
     NULL,
R
Rich Salz 已提交
2662 2663 2664 2665 2666 2667
     0x0300ff85,
     SSL_kGOST,
     SSL_aGOST12 | SSL_aGOST01,
     SSL_eGOST2814789CNT12,
     SSL_GOST89MAC12,
     TLS1_VERSION, TLS1_2_VERSION,
2668
     0, 0,
R
Rich Salz 已提交
2669 2670
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2671
     256,
E
Emilia Kasper 已提交
2672 2673
     256,
     },
R
Rich Salz 已提交
2674 2675 2676
    {
     1,
     "GOST2012-NULL-GOST12",
2677
     NULL,
R
Rich Salz 已提交
2678 2679 2680 2681 2682 2683
     0x0300ff87,
     SSL_kGOST,
     SSL_aGOST12 | SSL_aGOST01,
     SSL_eNULL,
     SSL_GOST12_256,
     TLS1_VERSION, TLS1_2_VERSION,
2684
     0, 0,
R
Rich Salz 已提交
2685 2686 2687
     SSL_STRONG_NONE,
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
     0,
E
Emilia Kasper 已提交
2688 2689 2690
     0,
     },
#endif                          /* OPENSSL_NO_GOST */
2691

R
Rich Salz 已提交
2692
#ifndef OPENSSL_NO_IDEA
2693 2694
    {
     1,
R
Rich Salz 已提交
2695
     SSL3_TXT_RSA_IDEA_128_SHA,
2696
     SSL3_RFC_RSA_IDEA_128_SHA,
R
Rich Salz 已提交
2697 2698 2699 2700 2701 2702
     SSL3_CK_RSA_IDEA_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_IDEA,
     SSL_SHA1,
     SSL3_VERSION, TLS1_1_VERSION,
2703
     DTLS1_BAD_VER, DTLS1_VERSION,
R
Rich Salz 已提交
2704 2705
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2706 2707 2708
     128,
     128,
     },
R
Rich Salz 已提交
2709
#endif
2710

R
Rich Salz 已提交
2711
#ifndef OPENSSL_NO_SEED
2712 2713
    {
     1,
R
Rich Salz 已提交
2714
     TLS1_TXT_RSA_WITH_SEED_SHA,
2715
     TLS1_RFC_RSA_WITH_SEED_SHA,
R
Rich Salz 已提交
2716 2717 2718 2719 2720 2721
     TLS1_CK_RSA_WITH_SEED_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2722
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2723 2724 2725 2726
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2727 2728 2729
     },
    {
     1,
R
Rich Salz 已提交
2730
     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2731
     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
R
Rich Salz 已提交
2732 2733 2734 2735 2736 2737
     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2738
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2739 2740
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2741 2742 2743 2744 2745
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
2746
     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2747
     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
R
Rich Salz 已提交
2748 2749 2750 2751 2752 2753
     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2754
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2755 2756 2757 2758
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2759 2760 2761
     },
    {
     1,
R
Rich Salz 已提交
2762
     TLS1_TXT_ADH_WITH_SEED_SHA,
2763
     TLS1_RFC_ADH_WITH_SEED_SHA,
R
Rich Salz 已提交
2764 2765 2766 2767 2768 2769
     TLS1_CK_ADH_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2770
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2771 2772
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2773 2774 2775
     128,
     128,
     },
E
Emilia Kasper 已提交
2776
#endif                          /* OPENSSL_NO_SEED */
2777

R
Rich Salz 已提交
2778 2779 2780 2781
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC4_128_MD5,
2782
     SSL3_RFC_RSA_RC4_128_MD5,
R
Rich Salz 已提交
2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794
     SSL3_CK_RSA_RC4_128_MD5,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
2795 2796
    {
     1,
R
Rich Salz 已提交
2797
     SSL3_TXT_RSA_RC4_128_SHA,
2798
     SSL3_RFC_RSA_RC4_128_SHA,
R
Rich Salz 已提交
2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809
     SSL3_CK_RSA_RC4_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2810 2811 2812
     },
    {
     1,
R
Rich Salz 已提交
2813
     SSL3_TXT_ADH_RC4_128_MD5,
2814
     SSL3_RFC_ADH_RC4_128_MD5,
R
Rich Salz 已提交
2815 2816 2817 2818 2819 2820 2821 2822 2823
     SSL3_CK_ADH_RC4_128_MD5,
     SSL_kDHE,
     SSL_aNULL,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2824 2825 2826 2827
     128,
     128,
     },

R
Rich Salz 已提交
2828
# ifndef OPENSSL_NO_EC
2829 2830
    {
     1,
R
Rich Salz 已提交
2831
     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2832
     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2833 2834 2835 2836 2837
     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2838
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2839 2840 2841 2842 2843
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2844
     },
A
Andy Polyakov 已提交
2845 2846
    {
     1,
R
Rich Salz 已提交
2847
     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2848
     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2849
     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2850
     SSL_kECDHE,
R
Rich Salz 已提交
2851 2852 2853
     SSL_aNULL,
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2854
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2855 2856 2857 2858 2859
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2860 2861 2862
     },
    {
     1,
R
Rich Salz 已提交
2863
     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2864
     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2865
     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2866 2867
     SSL_kECDHE,
     SSL_aECDSA,
R
Rich Salz 已提交
2868 2869
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2870
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2871 2872 2873 2874 2875
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2876 2877 2878
     },
    {
     1,
R
Rich Salz 已提交
2879
     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2880
     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2881 2882
     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
     SSL_kECDHE,
A
Andy Polyakov 已提交
2883
     SSL_aRSA,
R
Rich Salz 已提交
2884 2885
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2886
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2887 2888 2889 2890 2891
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2892
     },
E
Emilia Kasper 已提交
2893
# endif                         /* OPENSSL_NO_EC */
R
Rich Salz 已提交
2894

A
Andy Polyakov 已提交
2895 2896 2897
# ifndef OPENSSL_NO_PSK
    {
     1,
R
Rich Salz 已提交
2898
     TLS1_TXT_PSK_WITH_RC4_128_SHA,
2899
     TLS1_RFC_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2900
     TLS1_CK_PSK_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2901 2902
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
2903 2904 2905 2906 2907 2908 2909 2910
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2911 2912 2913
     },
    {
     1,
R
Rich Salz 已提交
2914
     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2915
     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926
     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2927 2928 2929
     },
    {
     1,
R
Rich Salz 已提交
2930
     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2931
     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2932
     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2933 2934
     SSL_kDHEPSK,
     SSL_aPSK,
R
Rich Salz 已提交
2935 2936 2937 2938 2939 2940 2941 2942
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2943
     },
E
Emilia Kasper 已提交
2944
# endif                         /* OPENSSL_NO_PSK */
R
Rich Salz 已提交
2945

E
Emilia Kasper 已提交
2946
#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2947

2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207
#ifndef OPENSSL_NO_ARIA
    {
     1,
     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
     SSL_kRSA,
     SSL_aRSA,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aRSA,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aDSS,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },

    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },

    {
     1,
     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_ARIA128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_ARIA256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
#endif /* OPENSSL_NO_ARIA */
3208 3209
};

3210 3211 3212 3213 3214 3215 3216 3217 3218
/*
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
 * values stuffed into the ciphers field of the wire protocol for signalling
 * purposes.
 */
static SSL_CIPHER ssl3_scsvs[] = {
    {
     0,
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3219
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3220 3221 3222 3223 3224 3225
     SSL3_CK_SCSV,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    },
    {
     0,
     "TLS_FALLBACK_SCSV",
3226
     "TLS_FALLBACK_SCSV",
3227 3228 3229 3230 3231
     SSL3_CK_FALLBACK_SCSV,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    },
};

R
Rich Salz 已提交
3232 3233 3234 3235 3236
static int cipher_compare(const void *a, const void *b)
{
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;

R
Richard Levitte 已提交
3237 3238 3239
    if (ap->id == bp->id)
        return 0;
    return ap->id < bp->id ? -1 : 1;
R
Rich Salz 已提交
3240 3241 3242 3243
}

void ssl_sort_cipher_list(void)
{
3244
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
R
Rich Salz 已提交
3245
          cipher_compare);
3246
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
R
Rich Salz 已提交
3247 3248
}

3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262
const SSL3_ENC_METHOD SSLv3_enc_data = {
    ssl3_enc,
    n_ssl3_mac,
    ssl3_setup_key_block,
    ssl3_generate_master_secret,
    ssl3_change_cipher_state,
    ssl3_final_finish_mac,
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
    SSL3_MD_SERVER_FINISHED_CONST, 4,
    ssl3_alert_code,
    (int (*)(SSL *, unsigned char *, size_t, const char *,
             size_t, const unsigned char *, size_t,
             int use_context))ssl_undefined_function,
    0,
M
Matt Caswell 已提交
3263
    ssl3_set_handshake_header,
3264
    tls_close_construct_packet,
3265 3266
    ssl3_handshake_write
};
3267

3268
long ssl3_default_timeout(void)
3269 3270 3271 3272 3273 3274 3275
{
    /*
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
     * http, the cache would over fill
     */
    return (60 * 60 * 2);
}
3276

U
Ulf Möller 已提交
3277
int ssl3_num_ciphers(void)
3278 3279 3280
{
    return (SSL3_NUM_CIPHERS);
}
3281

3282
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3283 3284 3285 3286 3287 3288
{
    if (u < SSL3_NUM_CIPHERS)
        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
    else
        return (NULL);
}
3289

M
Matt Caswell 已提交
3290
int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3291
{
3292 3293 3294 3295
    /* No header in the event of a CCS */
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
        return 1;

3296
    /* Set the content type and 3 bytes for the message len */
3297
    if (!WPACKET_put_bytes_u8(pkt, htype)
M
Matt Caswell 已提交
3298
            || !WPACKET_start_sub_packet_u24(pkt))
3299 3300 3301 3302 3303
        return 0;

    return 1;
}

D
Dr. Stephen Henson 已提交
3304
int ssl3_handshake_write(SSL *s)
3305 3306 3307
{
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}
D
Dr. Stephen Henson 已提交
3308

U
Ulf Möller 已提交
3309
int ssl3_new(SSL *s)
3310 3311
{
    SSL3_STATE *s3;
3312

R
Rich Salz 已提交
3313
    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3314 3315
        goto err;
    s->s3 = s3;
B
Ben Laurie 已提交
3316

B
Ben Laurie 已提交
3317
#ifndef OPENSSL_NO_SRP
V
Viktor Dukhovni 已提交
3318
    if (!SSL_SRP_CTX_init(s))
E
Emilia Kasper 已提交
3319
        goto err;
B
Ben Laurie 已提交
3320
#endif
3321 3322 3323 3324

    if (!s->method->ssl_clear(s))
        return 0;

M
Matt Caswell 已提交
3325
    return 1;
3326
 err:
M
Matt Caswell 已提交
3327
    return 0;
3328
}
3329

U
Ulf Möller 已提交
3330
void ssl3_free(SSL *s)
3331
{
3332
    if (s == NULL || s->s3 == NULL)
3333
        return;
B
Ben Laurie 已提交
3334

3335
    ssl3_cleanup_key_block(s);
3336

D
Dr. Stephen Henson 已提交
3337
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3338 3339
    EVP_PKEY_free(s->s3->peer_tmp);
    s->s3->peer_tmp = NULL;
D
Dr. Stephen Henson 已提交
3340 3341
    EVP_PKEY_free(s->s3->tmp.pkey);
    s->s3->tmp.pkey = NULL;
B
Bodo Möller 已提交
3342 3343
#endif

3344
    OPENSSL_free(s->s3->tmp.ctype);
3345
    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
D
Dr. Stephen Henson 已提交
3346 3347 3348
    OPENSSL_free(s->s3->tmp.ciphers_raw);
    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
3349
    ssl3_free_digest_list(s);
R
Rich Salz 已提交
3350
    OPENSSL_free(s->s3->alpn_selected);
T
Todd Short 已提交
3351
    OPENSSL_free(s->s3->alpn_proposed);
A
Adam Langley 已提交
3352

B
Ben Laurie 已提交
3353
#ifndef OPENSSL_NO_SRP
3354
    SSL_SRP_CTX_free(s);
B
Ben Laurie 已提交
3355
#endif
R
Rich Salz 已提交
3356
    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3357 3358
    s->s3 = NULL;
}
3359

3360
int ssl3_clear(SSL *s)
3361 3362
{
    ssl3_cleanup_key_block(s);
3363
    OPENSSL_free(s->s3->tmp.ctype);
3364
    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
D
Dr. Stephen Henson 已提交
3365 3366 3367
    OPENSSL_free(s->s3->tmp.ciphers_raw);
    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
3368

D
Dr. Stephen Henson 已提交
3369
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
D
Dr. Stephen Henson 已提交
3370
    EVP_PKEY_free(s->s3->tmp.pkey);
3371
    EVP_PKEY_free(s->s3->peer_tmp);
E
Emilia Kasper 已提交
3372
#endif                          /* !OPENSSL_NO_EC */
3373

3374
    ssl3_free_digest_list(s);
3375

T
Todd Short 已提交
3376 3377
    OPENSSL_free(s->s3->alpn_selected);
    OPENSSL_free(s->s3->alpn_proposed);
3378

T
Todd Short 已提交
3379
    /* NULL/zero-out everything in the s3 struct */
R
Rich Salz 已提交
3380
    memset(s->s3, 0, sizeof(*s->s3));
3381

3382 3383
    if (!ssl_free_wbio_buffer(s))
        return 0;
3384 3385

    s->version = SSL3_VERSION;
B
Ben Laurie 已提交
3386

3387
#if !defined(OPENSSL_NO_NEXTPROTONEG)
R
Rich Salz 已提交
3388 3389 3390
    OPENSSL_free(s->ext.npn);
    s->ext.npn = NULL;
    s->ext.npn_len = 0;
B
Ben Laurie 已提交
3391
#endif
3392 3393

    return 1;
3394
}
3395

B
Ben Laurie 已提交
3396
#ifndef OPENSSL_NO_SRP
3397 3398
static char *srp_password_from_info_cb(SSL *s, void *arg)
{
R
Rich Salz 已提交
3399
    return OPENSSL_strdup(s->srp_ctx.info);
3400
}
B
Ben Laurie 已提交
3401 3402
#endif

E
Emilia Kasper 已提交
3403
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3404

3405
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3406 3407
{
    int ret = 0;
3408

3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424
    switch (cmd) {
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
        break;
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
        ret = s->s3->num_renegotiations;
        break;
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
        ret = s->s3->num_renegotiations;
        s->s3->num_renegotiations = 0;
        break;
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
        ret = s->s3->total_renegotiations;
        break;
    case SSL_CTRL_GET_FLAGS:
        ret = (int)(s->s3->flags);
        break;
3425
#ifndef OPENSSL_NO_DH
3426 3427 3428
    case SSL_CTRL_SET_TMP_DH:
        {
            DH *dh = (DH *)parg;
3429
            EVP_PKEY *pkdh = NULL;
3430 3431 3432 3433
            if (dh == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
                return (ret);
            }
3434 3435 3436 3437 3438
            pkdh = ssl_dh_to_pkey(dh);
            if (pkdh == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
                return 0;
            }
3439
            if (!ssl_security(s, SSL_SECOP_TMP_DH,
3440
                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3441
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3442 3443
                EVP_PKEY_free(pkdh);
                return ret;
3444
            }
3445 3446
            EVP_PKEY_free(s->cert->dh_tmp);
            s->cert->dh_tmp = pkdh;
3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457
            ret = 1;
        }
        break;
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            return (ret);
        }
    case SSL_CTRL_SET_DH_AUTO:
        s->cert->dh_tmp_auto = larg;
        return 1;
3458
#endif
3459
#ifndef OPENSSL_NO_EC
3460 3461
    case SSL_CTRL_SET_TMP_ECDH:
        {
3462 3463
            const EC_GROUP *group = NULL;
            int nid;
3464 3465 3466

            if (parg == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3467
                return 0;
3468
            }
3469 3470 3471 3472
            group = EC_KEY_get0_group((const EC_KEY *)parg);
            if (group == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
                return 0;
3473
            }
3474 3475 3476
            nid = EC_GROUP_get_curve_name(group);
            if (nid == NID_undef)
                return 0;
R
Rich Salz 已提交
3477 3478
            return tls1_set_groups(&s->ext.supportedgroups,
                                   &s->ext.supportedgroups_len,
3479
                                   &nid, 1);
3480 3481
        }
        break;
3482
#endif                          /* !OPENSSL_NO_EC */
3483 3484
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
        if (larg == TLSEXT_NAMETYPE_host_name) {
V
Viktor Dukhovni 已提交
3485 3486
            size_t len;

R
Rich Salz 已提交
3487 3488
            OPENSSL_free(s->ext.hostname);
            s->ext.hostname = NULL;
3489 3490 3491 3492

            ret = 1;
            if (parg == NULL)
                break;
V
Viktor Dukhovni 已提交
3493 3494
            len = strlen((char *)parg);
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3495 3496 3497
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                return 0;
            }
R
Rich Salz 已提交
3498
            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3499 3500 3501 3502 3503 3504 3505 3506 3507
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
                return 0;
            }
        } else {
            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
            return 0;
        }
        break;
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
R
Rich Salz 已提交
3508
        s->ext.debug_arg = parg;
3509 3510 3511
        ret = 1;
        break;

3512
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3513
        ret = s->ext.status_type;
3514 3515
        break;

3516
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3517
        s->ext.status_type = larg;
3518 3519 3520 3521
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
R
Rich Salz 已提交
3522
        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3523 3524 3525 3526
        ret = 1;
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
R
Rich Salz 已提交
3527
        s->ext.ocsp.exts = parg;
3528 3529 3530 3531
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
R
Rich Salz 已提交
3532
        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3533 3534 3535 3536
        ret = 1;
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
R
Rich Salz 已提交
3537
        s->ext.ocsp.ids = parg;
3538 3539 3540 3541
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
R
Rich Salz 已提交
3542 3543 3544
        *(unsigned char **)parg = s->ext.ocsp.resp;
        if (s->ext.ocsp.resp_len == 0
                || s->ext.ocsp.resp_len > LONG_MAX)
M
Matt Caswell 已提交
3545
            return -1;
R
Rich Salz 已提交
3546
        return (long)s->ext.ocsp.resp_len;
3547 3548

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
R
Rich Salz 已提交
3549 3550 3551
        OPENSSL_free(s->ext.ocsp.resp);
        s->ext.ocsp.resp = parg;
        s->ext.ocsp.resp_len = larg;
3552 3553 3554
        ret = 1;
        break;

3555 3556 3557 3558 3559 3560 3561
#ifndef OPENSSL_NO_HEARTBEATS
    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
        break;
#endif

3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);

    case SSL_CTRL_CHAIN_CERT:
        if (larg)
            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
        else
            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);

    case SSL_CTRL_GET_CHAIN_CERTS:
        *(STACK_OF(X509) **)parg = s->cert->key->chain;
        break;

    case SSL_CTRL_SELECT_CURRENT_CERT:
        return ssl_cert_select_current(s->cert, (X509 *)parg);

    case SSL_CTRL_SET_CURRENT_CERT:
        if (larg == SSL_CERT_SET_SERVER) {
            const SSL_CIPHER *cipher;
            if (!s->server)
                return 0;
            cipher = s->s3->tmp.new_cipher;
D
Dr. Stephen Henson 已提交
3587
            if (cipher == NULL)
3588 3589 3590 3591 3592 3593 3594
                return 0;
            /*
             * No certificate for unauthenticated ciphersuites or using SRP
             * authentication
             */
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
                return 2;
3595
            if (s->s3->tmp.cert == NULL)
3596
                return 0;
3597
            s->cert->key = s->s3->tmp.cert;
3598 3599 3600
            return 1;
        }
        return ssl_cert_set_current(s->cert, larg);
3601

3602
#ifndef OPENSSL_NO_EC
3603
    case SSL_CTRL_GET_GROUPS:
3604
        {
D
Dr. Stephen Henson 已提交
3605
            uint16_t *clist;
3606
            size_t clistlen;
R
Rich Salz 已提交
3607

3608 3609
            if (!s->session)
                return 0;
R
Rich Salz 已提交
3610
            clist = s->session->ext.supportedgroups;
D
Dr. Stephen Henson 已提交
3611
            clistlen = s->session->ext.supportedgroups_len;
3612 3613 3614
            if (parg) {
                size_t i;
                int *cptr = parg;
3615

3616
                for (i = 0; i < clistlen; i++) {
3617 3618 3619 3620
                    const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);

                    if (cinf != NULL)
                        cptr[i] = cinf->nid;
3621
                    else
D
Dr. Stephen Henson 已提交
3622
                        cptr[i] = TLSEXT_nid_unknown | clist[i];
3623 3624 3625 3626 3627
                }
            }
            return (int)clistlen;
        }

3628
    case SSL_CTRL_SET_GROUPS:
R
Rich Salz 已提交
3629 3630
        return tls1_set_groups(&s->ext.supportedgroups,
                               &s->ext.supportedgroups_len, parg, larg);
3631

3632
    case SSL_CTRL_SET_GROUPS_LIST:
R
Rich Salz 已提交
3633 3634
        return tls1_set_groups_list(&s->ext.supportedgroups,
                                    &s->ext.supportedgroups_len, parg);
3635

3636
    case SSL_CTRL_GET_SHARED_GROUP:
3637 3638
        {
            uint16_t id = tls1_shared_group(s, larg);
3639

3640 3641 3642 3643 3644 3645 3646
            if (larg != -1) {
                const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);

                return ginf == NULL ? 0 : ginf->nid;
            }
            return id;
        }
3647
#endif
3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665
    case SSL_CTRL_SET_SIGALGS:
        return tls1_set_sigalgs(s->cert, parg, larg, 0);

    case SSL_CTRL_SET_SIGALGS_LIST:
        return tls1_set_sigalgs_list(s->cert, parg, 0);

    case SSL_CTRL_SET_CLIENT_SIGALGS:
        return tls1_set_sigalgs(s->cert, parg, larg, 1);

    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
        return tls1_set_sigalgs_list(s->cert, parg, 1);

    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
        {
            const unsigned char **pctype = parg;
            if (s->server || !s->s3->tmp.cert_req)
                return 0;
            if (pctype)
3666 3667
                *pctype = s->s3->tmp.ctype;
            return s->s3->tmp.ctype_len;
3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684
        }

    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
        if (!s->server)
            return 0;
        return ssl3_set_req_cert_type(s->cert, parg, larg);

    case SSL_CTRL_BUILD_CERT_CHAIN:
        return ssl_build_cert_chain(s, NULL, larg);

    case SSL_CTRL_SET_VERIFY_CERT_STORE:
        return ssl_cert_set_cert_store(s->cert, parg, 0, larg);

    case SSL_CTRL_SET_CHAIN_CERT_STORE:
        return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3685
        if (s->s3->tmp.peer_sigalg == NULL)
3686
            return 0;
3687 3688
        *(int *)parg = s->s3->tmp.peer_sigalg->hash;
        return 1;
3689 3690

    case SSL_CTRL_GET_SERVER_TMP_KEY:
D
Dr. Stephen Henson 已提交
3691 3692
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3693
            return 0;
D
Dr. Stephen Henson 已提交
3694 3695 3696 3697
        } else {
            EVP_PKEY_up_ref(s->s3->peer_tmp);
            *(EVP_PKEY **)parg = s->s3->peer_tmp;
            return 1;
3698
        }
D
Dr. Stephen Henson 已提交
3699 3700 3701
#else
        return 0;
#endif
3702
#ifndef OPENSSL_NO_EC
3703 3704 3705 3706
    case SSL_CTRL_GET_EC_POINT_FORMATS:
        {
            SSL_SESSION *sess = s->session;
            const unsigned char **pformat = parg;
R
Rich Salz 已提交
3707 3708

            if (sess == NULL || sess->ext.ecpointformats == NULL)
3709
                return 0;
R
Rich Salz 已提交
3710 3711
            *pformat = sess->ext.ecpointformats;
            return (int)sess->ext.ecpointformats_len;
3712
        }
3713
#endif
B
Bodo Moeller 已提交
3714

3715 3716 3717 3718 3719 3720 3721 3722 3723
    default:
        break;
    }
    return (ret);
}

long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
{
    int ret = 0;
3724

3725
    switch (cmd) {
3726
#ifndef OPENSSL_NO_DH
3727 3728 3729 3730 3731
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
        }
        break;
3732
#endif
3733
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
R
Rich Salz 已提交
3734
        s->ext.debug_cb = (void (*)(SSL *, int, int,
R
Rich Salz 已提交
3735
                                    const unsigned char *, int, void *))fp;
3736
        break;
3737

3738 3739 3740 3741 3742 3743 3744 3745 3746 3747
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
        {
            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
        }
        break;
    default:
        break;
    }
    return (ret);
}
3748

3749
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3750 3751
{
    switch (cmd) {
3752
#ifndef OPENSSL_NO_DH
3753 3754
    case SSL_CTRL_SET_TMP_DH:
        {
3755 3756 3757 3758
            DH *dh = (DH *)parg;
            EVP_PKEY *pkdh = NULL;
            if (dh == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3759 3760
                return 0;
            }
3761 3762 3763
            pkdh = ssl_dh_to_pkey(dh);
            if (pkdh == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3764 3765
                return 0;
            }
3766 3767 3768 3769 3770
            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
                EVP_PKEY_free(pkdh);
                return 1;
3771
            }
3772 3773
            EVP_PKEY_free(ctx->cert->dh_tmp);
            ctx->cert->dh_tmp = pkdh;
3774 3775 3776 3777 3778 3779 3780 3781 3782 3783
            return 1;
        }
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            return (0);
        }
    case SSL_CTRL_SET_DH_AUTO:
        ctx->cert->dh_tmp_auto = larg;
        return 1;
3784
#endif
3785
#ifndef OPENSSL_NO_EC
3786 3787
    case SSL_CTRL_SET_TMP_ECDH:
        {
3788 3789
            const EC_GROUP *group = NULL;
            int nid;
3790 3791

            if (parg == NULL) {
3792
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3793 3794
                return 0;
            }
3795 3796 3797
            group = EC_KEY_get0_group((const EC_KEY *)parg);
            if (group == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3798 3799
                return 0;
            }
3800 3801 3802
            nid = EC_GROUP_get_curve_name(group);
            if (nid == NID_undef)
                return 0;
R
Rich Salz 已提交
3803 3804
            return tls1_set_groups(&ctx->ext.supportedgroups,
                                   &ctx->ext.supportedgroups_len,
3805
                                   &nid, 1);
3806
        }
3807
#endif                          /* !OPENSSL_NO_EC */
3808
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
R
Rich Salz 已提交
3809
        ctx->ext.servername_arg = parg;
3810 3811 3812 3813 3814
        break;
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
        {
            unsigned char *keys = parg;
R
Rich Salz 已提交
3815 3816 3817
            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
                                sizeof(ctx->ext.tick_hmac_key) +
                                sizeof(ctx->ext.tick_aes_key));
K
Kurt Roeckx 已提交
3818
            if (keys == NULL)
R
Rich Salz 已提交
3819 3820
                return tick_keylen;
            if (larg != tick_keylen) {
3821 3822 3823 3824
                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
                return 0;
            }
            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
R
Rich Salz 已提交
3825 3826 3827 3828 3829 3830 3831 3832 3833
                memcpy(ctx->ext.tick_key_name, keys,
                       sizeof(ctx->ext.tick_key_name));
                memcpy(ctx->ext.tick_hmac_key,
                       keys + sizeof(ctx->ext.tick_key_name),
                       sizeof(ctx->ext.tick_hmac_key));
                memcpy(ctx->ext.tick_aes_key,
                       keys + sizeof(ctx->ext.tick_key_name) +
                       sizeof(ctx->ext.tick_hmac_key),
                       sizeof(ctx->ext.tick_aes_key));
3834
            } else {
R
Rich Salz 已提交
3835 3836 3837 3838 3839 3840 3841 3842 3843
                memcpy(keys, ctx->ext.tick_key_name,
                       sizeof(ctx->ext.tick_key_name));
                memcpy(keys + sizeof(ctx->ext.tick_key_name),
                       ctx->ext.tick_hmac_key,
                       sizeof(ctx->ext.tick_hmac_key));
                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
                       sizeof(ctx->ext.tick_hmac_key),
                       ctx->ext.tick_aes_key,
                       sizeof(ctx->ext.tick_aes_key));
3844 3845 3846 3847
            }
            return 1;
        }

3848
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3849
        return ctx->ext.status_type;
3850

3851
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3852
        ctx->ext.status_type = larg;
3853 3854
        break;

3855
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
R
Rich Salz 已提交
3856
        ctx->ext.status_arg = parg;
3857 3858
        return 1;

3859
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
R
Rich Salz 已提交
3860
        *(void**)parg = ctx->ext.status_arg;
3861 3862 3863
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
R
Rich Salz 已提交
3864
        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3865 3866
        break;

3867
#ifndef OPENSSL_NO_SRP
3868 3869
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
R
Rich Salz 已提交
3870
        OPENSSL_free(ctx->srp_ctx.login);
3871 3872 3873
        ctx->srp_ctx.login = NULL;
        if (parg == NULL)
            break;
E
Emilia Kasper 已提交
3874
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3875 3876 3877
            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
            return 0;
        }
R
Rich Salz 已提交
3878
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3879 3880 3881 3882 3883 3884 3885
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
            return 0;
        }
        break;
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
            srp_password_from_info_cb;
3886 3887 3888 3889 3890 3891
        if (ctx->srp_ctx.info != NULL)
            OPENSSL_free(ctx->srp_ctx.info);
        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
            return 0;
        }
3892 3893 3894 3895 3896 3897 3898 3899 3900
        break;
    case SSL_CTRL_SET_SRP_ARG:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_cb_arg = parg;
        break;

    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
        ctx->srp_ctx.strength = larg;
        break;
3901
#endif
3902

3903
#ifndef OPENSSL_NO_EC
3904
    case SSL_CTRL_SET_GROUPS:
R
Rich Salz 已提交
3905 3906
        return tls1_set_groups(&ctx->ext.supportedgroups,
                               &ctx->ext.supportedgroups_len,
3907 3908
                               parg, larg);

3909
    case SSL_CTRL_SET_GROUPS_LIST:
R
Rich Salz 已提交
3910 3911
        return tls1_set_groups_list(&ctx->ext.supportedgroups,
                                    &ctx->ext.supportedgroups_len,
3912
                                    parg);
3913
#endif
3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 3937 3938 3939 3940
    case SSL_CTRL_SET_SIGALGS:
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);

    case SSL_CTRL_SET_SIGALGS_LIST:
        return tls1_set_sigalgs_list(ctx->cert, parg, 0);

    case SSL_CTRL_SET_CLIENT_SIGALGS:
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);

    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
        return tls1_set_sigalgs_list(ctx->cert, parg, 1);

    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);

    case SSL_CTRL_BUILD_CERT_CHAIN:
        return ssl_build_cert_chain(NULL, ctx, larg);

    case SSL_CTRL_SET_VERIFY_CERT_STORE:
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);

    case SSL_CTRL_SET_CHAIN_CERT_STORE:
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);

        /* A Thawte special :-) */
    case SSL_CTRL_EXTRA_CHAIN_CERT:
        if (ctx->extra_certs == NULL) {
3941 3942 3943 3944 3945 3946 3947 3948
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
                return 0;
            }
        }
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
            return 0;
3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959
        }
        break;

    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
        if (ctx->extra_certs == NULL && larg == 0)
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
        else
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
        break;

    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
R
Rich Salz 已提交
3960 3961
        sk_X509_pop_free(ctx->extra_certs, X509_free);
        ctx->extra_certs = NULL;
3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988
        break;

    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);

    case SSL_CTRL_CHAIN_CERT:
        if (larg)
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
        else
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);

    case SSL_CTRL_GET_CHAIN_CERTS:
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
        break;

    case SSL_CTRL_SELECT_CURRENT_CERT:
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);

    case SSL_CTRL_SET_CURRENT_CERT:
        return ssl_cert_set_current(ctx->cert, larg);

    default:
        return (0);
    }
3989
    return 1;
3990 3991 3992 3993 3994
}

long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
    switch (cmd) {
3995
#ifndef OPENSSL_NO_DH
3996 3997
    case SSL_CTRL_SET_TMP_DH_CB:
        {
M
Matt Caswell 已提交
3998
            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3999 4000
        }
        break;
4001
#endif
4002
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
R
Rich Salz 已提交
4003
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4004 4005 4006
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
R
Rich Salz 已提交
4007
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4008 4009 4010
        break;

    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
R
Rich Salz 已提交
4011
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4012 4013 4014 4015 4016
                                             unsigned char *,
                                             EVP_CIPHER_CTX *,
                                             HMAC_CTX *, int))fp;
        break;

4017
#ifndef OPENSSL_NO_SRP
4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
        break;
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.TLS_ext_srp_username_callback =
            (int (*)(SSL *, int *, void *))fp;
        break;
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
            (char *(*)(SSL *, void *))fp;
        break;
4032
#endif
4033 4034 4035 4036 4037 4038 4039 4040
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
        {
            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
        }
        break;
    default:
        return (0);
    }
4041
    return 1;
4042
}
4043

4044 4045 4046
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
{
    SSL_CIPHER c;
4047
    const SSL_CIPHER *cp;
4048 4049

    c.id = id;
4050 4051 4052 4053
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
    if (cp != NULL)
        return cp;
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4054 4055
}

4056 4057 4058 4059 4060 4061
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{
    SSL_CIPHER *c = NULL;
    SSL_CIPHER *tbl = ssl3_ciphers;
    size_t i;

4062
    /* this is not efficient, necessary to optimize this? */
4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082
    for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
        if (tbl->stdname == NULL)
            continue;
        if (strcmp(stdname, tbl->stdname) == 0) {
            c = tbl;
            break;
        }
    }
    if (c == NULL) {
        tbl = ssl3_scsvs;
        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
            if (strcmp(stdname, tbl->stdname) == 0) {
                c = tbl;
                break;
            }
        }
    }
    return c;
}

4083 4084 4085 4086
/*
 * This function needs to check if the ciphers required are actually
 * available
 */
4087
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4088
{
4089
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4090 4091
                                 | ((uint32_t)p[0] << 8L)
                                 | (uint32_t)p[1]);
4092
}
4093

M
Matt Caswell 已提交
4094
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4095
{
4096
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4097 4098 4099 4100
        *len = 0;
        return 1;
    }

4101
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4102 4103 4104 4105 4106 4107
        return 0;

    *len = 2;
    return 1;
}

4108 4109 4110 4111 4112 4113 4114 4115
/*
 * ssl3_choose_cipher - choose a cipher from those offered by the client
 * @s: SSL connection
 * @clnt: ciphers offered by the client
 * @srvr: ciphers enabled on the server?
 *
 * Returns the selected cipher or NULL when no common ciphers.
 */
4116
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
E
Emilia Kasper 已提交
4117
                                     STACK_OF(SSL_CIPHER) *srvr)
4118
{
4119
    const SSL_CIPHER *c, *ret = NULL;
4120 4121
    STACK_OF(SSL_CIPHER) *prio, *allow;
    int i, ii, ok;
4122
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4123

4124
    /* Let's see which ciphers we can support */
4125

4126 4127 4128 4129 4130 4131
    /*
     * Do not set the compare functions, because this may lead to a
     * reordering by "id". We want to keep the original ordering. We may pay
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
     * pay with the price of sk_SSL_CIPHER_dup().
     */
4132

B
Ben Laurie 已提交
4133
#ifdef CIPHER_DEBUG
4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145
    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
            (void *)srvr);
    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
        c = sk_SSL_CIPHER_value(srvr, i);
        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
    }
    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
            (void *)clnt);
    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
        c = sk_SSL_CIPHER_value(clnt, i);
        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
    }
B
Ben Laurie 已提交
4146 4147
#endif

4148 4149 4150 4151 4152 4153 4154 4155
    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
        prio = srvr;
        allow = clnt;
    } else {
        prio = clnt;
        allow = srvr;
    }

4156 4157 4158 4159
    if (!SSL_IS_TLS13(s)) {
        tls1_set_cert_validity(s);
        ssl_set_masks(s);
    }
4160 4161 4162 4163

    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
        c = sk_SSL_CIPHER_value(prio, i);

4164 4165
        /* Skip ciphers not supported by the protocol version */
        if (!SSL_IS_DTLS(s) &&
E
Emilia Kasper 已提交
4166
            ((s->version < c->min_tls) || (s->version > c->max_tls)))
4167
            continue;
4168
        if (SSL_IS_DTLS(s) &&
E
Emilia Kasper 已提交
4169 4170
            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
             DTLS_VERSION_GT(s->version, c->max_dtls)))
4171
            continue;
4172

4173 4174 4175 4176 4177
        /*
         * Since TLS 1.3 ciphersuites can be used with any auth or
         * key exchange scheme skip tests.
         */
        if (!SSL_IS_TLS13(s)) {
4178 4179
            mask_k = s->s3->tmp.mask_k;
            mask_a = s->s3->tmp.mask_a;
B
Ben Laurie 已提交
4180
#ifndef OPENSSL_NO_SRP
4181 4182 4183 4184
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
                mask_k |= SSL_kSRP;
                mask_a |= SSL_aSRP;
            }
B
Ben Laurie 已提交
4185
#endif
4186

4187 4188
            alg_k = c->algorithm_mkey;
            alg_a = c->algorithm_auth;
4189

4190
#ifndef OPENSSL_NO_PSK
4191 4192 4193
            /* with PSK there must be server callback set */
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
                continue;
4194 4195
#endif                          /* OPENSSL_NO_PSK */

4196
            ok = (alg_k & mask_k) && (alg_a & mask_a);
4197
#ifdef CIPHER_DEBUG
4198 4199
            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
                    alg_a, mask_k, mask_a, (void *)c, c->name);
4200 4201
#endif

E
Emilia Kasper 已提交
4202
#ifndef OPENSSL_NO_EC
4203 4204 4205 4206 4207 4208
            /*
             * if we are considering an ECC cipher suite that uses an ephemeral
             * EC key check it
             */
            if (alg_k & SSL_kECDHE)
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
E
Emilia Kasper 已提交
4209
#endif                          /* OPENSSL_NO_EC */
4210

4211 4212 4213
            if (!ok)
                continue;
        }
4214 4215 4216 4217
        ii = sk_SSL_CIPHER_find(allow, c);
        if (ii >= 0) {
            /* Check security callback permits this cipher */
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4218
                              c->strength_bits, 0, (void *)c))
4219
                continue;
4220
#if !defined(OPENSSL_NO_EC)
4221 4222 4223 4224 4225 4226
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
                && s->s3->is_probably_safari) {
                if (!ret)
                    ret = sk_SSL_CIPHER_value(allow, ii);
                continue;
            }
4227
#endif
4228 4229 4230 4231 4232 4233
            ret = sk_SSL_CIPHER_value(allow, ii);
            break;
        }
    }
    return (ret);
}
4234

4235
int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4236
{
4237
    uint32_t alg_k, alg_a = 0;
4238 4239

    /* If we have custom certificate types set, use them */
4240 4241
    if (s->cert->ctype)
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4242 4243 4244 4245
    /* Get mask of algorithms disabled by signature list */
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);

    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4246

D
Dr. Stephen Henson 已提交
4247
#ifndef OPENSSL_NO_GOST
4248 4249 4250 4251
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
D
Dr. Stephen Henson 已提交
4252 4253
#endif

D
Dr. Stephen Henson 已提交
4254
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4255
#ifndef OPENSSL_NO_DH
4256
# ifndef OPENSSL_NO_RSA
4257 4258
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
            return 0;
4259 4260
# endif
# ifndef OPENSSL_NO_DSA
4261 4262
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
            return 0;
4263 4264
# endif
#endif                          /* !OPENSSL_NO_DH */
B
Ben Laurie 已提交
4265
    }
4266
#ifndef OPENSSL_NO_RSA
4267 4268
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
        return 0;
4269
#endif
4270
#ifndef OPENSSL_NO_DSA
4271 4272
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
        return 0;
4273
#endif
4274
#ifndef OPENSSL_NO_EC
4275
    /*
D
Dr. Stephen Henson 已提交
4276
     * ECDSA certs can be used with RSA cipher suites too so we don't
4277 4278
     * need to check for SSL_kECDH or SSL_kECDHE
     */
4279 4280 4281 4282
    if (s->version >= TLS1_VERSION
            && !(alg_a & SSL_aECDSA)
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
        return 0;
4283
#endif
4284
    return 1;
4285
}
4286

4287
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4288
{
4289 4290 4291 4292
    OPENSSL_free(c->ctype);
    c->ctype = NULL;
    c->ctype_len = 0;
    if (p == NULL || len == 0)
4293 4294 4295
        return 1;
    if (len > 0xff)
        return 0;
4296 4297
    c->ctype = OPENSSL_memdup(p, len);
    if (c->ctype == NULL)
4298
        return 0;
4299
    c->ctype_len = len;
4300 4301
    return 1;
}
4302

U
Ulf Möller 已提交
4303
int ssl3_shutdown(SSL *s)
4304 4305 4306 4307 4308 4309 4310
{
    int ret;

    /*
     * Don't do anything much if we have not done the handshake or we don't
     * want to send messages :-)
     */
M
Matt Caswell 已提交
4311
    if (s->quiet_shutdown || SSL_in_before(s)) {
4312
        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4313
        return 1;
4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330
    }

    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
        s->shutdown |= SSL_SENT_SHUTDOWN;
        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
        /*
         * our shutdown alert has been sent now, and if it still needs to be
         * written, s->s3->alert_dispatch will be true
         */
        if (s->s3->alert_dispatch)
            return (-1);        /* return WANT_WRITE */
    } else if (s->s3->alert_dispatch) {
        /* resend it if not sent */
        ret = s->method->ssl_dispatch_alert(s);
        if (ret == -1) {
            /*
             * we only get to return -1 here the 2nd/Nth invocation, we must
F
FdaSilvaYY 已提交
4331
             * have already signalled return 0 upon a previous invocation,
4332 4333 4334 4335 4336
             * return WANT_WRITE
             */
            return (ret);
        }
    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4337
        size_t readbytes;
4338 4339 4340
        /*
         * If we are waiting for a close from our peer, we are closed
         */
4341
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4342
        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4343
            return -1;        /* return WANT_READ */
4344 4345 4346 4347 4348
        }
    }

    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
        !s->s3->alert_dispatch)
4349
        return 1;
4350 4351 4352
    else
        return (0);
}
4353

M
Matt Caswell 已提交
4354
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4355 4356 4357
{
    clear_sys_error();
    if (s->s3->renegotiate)
4358
        ssl3_renegotiate_check(s, 0);
4359

M
Matt Caswell 已提交
4360 4361
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
                                      written);
4362
}
4363

4364
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4365
                              size_t *readbytes)
4366 4367 4368 4369 4370
{
    int ret;

    clear_sys_error();
    if (s->s3->renegotiate)
4371
        ssl3_renegotiate_check(s, 0);
4372 4373
    s->s3->in_read_app_data = 1;
    ret =
4374
        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4375
                                  peek, readbytes);
4376 4377 4378 4379 4380 4381 4382 4383
    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
        /*
         * ssl3_read_bytes decided to call s->handshake_func, which called
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
         * actually found application data and thinks that application data
         * makes sense here; so disable handshake processing and try to read
         * application data again.
         */
M
Matt Caswell 已提交
4384
        ossl_statem_set_in_handshake(s, 1);
4385
        ret =
4386
            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4387
                                      len, peek, readbytes);
M
Matt Caswell 已提交
4388
        ossl_statem_set_in_handshake(s, 0);
4389 4390 4391
    } else
        s->s3->in_read_app_data = 0;

4392
    return ret;
4393
}
4394

4395
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4396
{
4397
    return ssl3_read_internal(s, buf, len, 0, readbytes);
4398
}
4399

4400
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4401
{
4402
    return ssl3_read_internal(s, buf, len, 1, readbytes);
4403
}
4404

U
Ulf Möller 已提交
4405
int ssl3_renegotiate(SSL *s)
4406 4407
{
    if (s->handshake_func == NULL)
4408
        return 1;
4409

4410
    s->s3->renegotiate = 1;
4411
    return 1;
4412
}
4413

4414 4415 4416 4417 4418 4419 4420 4421 4422
/*
 * Check if we are waiting to do a renegotiation and if so whether now is a
 * good time to do it. If |initok| is true then we are being called from inside
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
 * should do a renegotiation now and sets up the state machine for it. Otherwise
 * returns 0.
 */
int ssl3_renegotiate_check(SSL *s, int initok)
4423 4424 4425 4426
{
    int ret = 0;

    if (s->s3->renegotiate) {
4427 4428
        if (!RECORD_LAYER_read_pending(&s->rlayer)
            && !RECORD_LAYER_write_pending(&s->rlayer)
4429
            && (initok || !SSL_in_init(s))) {
4430 4431
            /*
             * if we are the server, and we have sent a 'RENEGOTIATE'
M
Matt Caswell 已提交
4432 4433
             * message, we need to set the state machine into the renegotiate
             * state.
4434
             */
M
Matt Caswell 已提交
4435
            ossl_statem_set_renegotiate(s);
4436 4437 4438 4439 4440 4441
            s->s3->renegotiate = 0;
            s->s3->num_renegotiations++;
            s->s3->total_renegotiations++;
            ret = 1;
        }
    }
4442
    return ret;
4443 4444
}

4445
/*
4446 4447
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
 * handshake macs if required.
D
Dr. Stephen Henson 已提交
4448 4449
 *
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4450 4451
 */
long ssl_get_algorithm2(SSL *s)
4452
{
4453 4454 4455 4456
    long alg2;
    if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
        return -1;
    alg2 = s->s3->tmp.new_cipher->algorithm2;
D
Dr. Stephen Henson 已提交
4457 4458 4459 4460 4461 4462 4463
    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
    }
4464 4465
    return alg2;
}
4466 4467 4468 4469 4470

/*
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
 * failure, 1 on success.
 */
4471 4472
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
                          DOWNGRADE dgrd)
4473
{
4474
    int send_time = 0, ret;
4475 4476 4477 4478 4479 4480 4481 4482 4483 4484

    if (len < 4)
        return 0;
    if (server)
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
    else
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
    if (send_time) {
        unsigned long Time = (unsigned long)time(NULL);
        unsigned char *p = result;
R
Rich Salz 已提交
4485

4486
        l2n(Time, p);
R
Rich Salz 已提交
4487
        ret = ssl_randbytes(s, p, len - 4);
4488
    } else {
R
Rich Salz 已提交
4489
        ret = ssl_randbytes(s, result, len);
4490 4491 4492
    }
#ifndef OPENSSL_NO_TLS13DOWNGRADE
    if (ret) {
4493 4494 4495
        if (!ossl_assert(sizeof(tls11downgrade) < len)
                || !ossl_assert(sizeof(tls12downgrade) < len))
             return 0;
4496 4497 4498 4499 4500 4501 4502 4503 4504
        if (dgrd == DOWNGRADE_TO_1_2)
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
                   sizeof(tls12downgrade));
        else if (dgrd == DOWNGRADE_TO_1_1)
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
                   sizeof(tls11downgrade));
    }
#endif
    return ret;
4505
}
4506 4507 4508 4509

int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
                               int free_pms)
{
4510
    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4511 4512
    int ret = 0;

4513
    if (alg_k & SSL_PSK) {
4514
#ifndef OPENSSL_NO_PSK
4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526
        unsigned char *pskpms, *t;
        size_t psklen = s->s3->tmp.psklen;
        size_t pskpmslen;

        /* create PSK premaster_secret */

        /* For plain PSK "other_secret" is psklen zeroes */
        if (alg_k & SSL_kPSK)
            pmslen = psklen;

        pskpmslen = 4 + pmslen + psklen;
        pskpms = OPENSSL_malloc(pskpmslen);
4527
        if (pskpms == NULL)
4528
            goto err;
4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540
        t = pskpms;
        s2n(pmslen, t);
        if (alg_k & SSL_kPSK)
            memset(t, 0, pmslen);
        else
            memcpy(t, pms, pmslen);
        t += pmslen;
        s2n(psklen, t);
        memcpy(t, s->s3->tmp.psk, psklen);

        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
        s->s3->tmp.psk = NULL;
4541 4542 4543 4544
        if (!s->method->ssl3_enc->generate_master_secret(s,
                    s->session->master_key,pskpms, pskpmslen,
                    &s->session->master_key_length))
            goto err;
4545
        OPENSSL_clear_free(pskpms, pskpmslen);
4546 4547 4548
#else
        /* Should never happen */
        goto err;
4549
#endif
4550
    } else {
4551 4552 4553 4554
        if (!s->method->ssl3_enc->generate_master_secret(s,
                s->session->master_key, pms, pmslen,
                &s->session->master_key_length))
            goto err;
4555 4556
    }

4557
    ret = 1;
4558
 err:
4559 4560 4561 4562 4563 4564
    if (pms) {
        if (free_pms)
            OPENSSL_clear_free(pms, pmslen);
        else
            OPENSSL_cleanse(pms, pmslen);
    }
4565 4566
    if (s->server == 0)
        s->s3->tmp.pms = NULL;
4567
    return ret;
4568
}
4569

D
Dr. Stephen Henson 已提交
4570 4571
/* Generate a private key from parameters */
EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4572 4573 4574
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
D
Dr. Stephen Henson 已提交
4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592

    if (pm == NULL)
        return NULL;
    pctx = EVP_PKEY_CTX_new(pm, NULL);
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

    err:
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
#ifndef OPENSSL_NO_EC
4593 4594
/* Generate a private key from a group ID */
EVP_PKEY *ssl_generate_pkey_group(uint16_t id)
D
Dr. Stephen Henson 已提交
4595 4596 4597
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
4598 4599
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
    uint16_t gtype;
D
Dr. Stephen Henson 已提交
4600

4601
    if (ginf == NULL)
D
Dr. Stephen Henson 已提交
4602
        goto err;
4603 4604 4605 4606
    gtype = ginf->flags & TLS_CURVE_TYPE;
    if (gtype == TLS_CURVE_CUSTOM)
        pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
    else
D
Dr. Stephen Henson 已提交
4607
        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4608 4609 4610 4611
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
4612 4613
    if (gtype != TLS_CURVE_CUSTOM
            && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4614 4615 4616 4617 4618 4619
        goto err;
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

E
Emilia Kasper 已提交
4620
 err:
4621 4622 4623
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660

/*
 * Generate parameters from a group ID
 */
EVP_PKEY *ssl_generate_param_group(uint16_t id)
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);

    if (ginf == NULL)
        goto err;

    if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
        pkey = EVP_PKEY_new();
        if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
            return pkey;
        EVP_PKEY_free(pkey);
        return NULL;
    }

    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_paramgen_init(pctx) <= 0)
        goto err;
    if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
        goto err;
    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

 err:
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
D
Dr. Stephen Henson 已提交
4661
#endif
E
Emilia Kasper 已提交
4662

4663 4664
/* Derive secrets for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688
{
    int rv = 0;
    unsigned char *pms = NULL;
    size_t pmslen = 0;
    EVP_PKEY_CTX *pctx;

    if (privkey == NULL || pubkey == NULL)
        return 0;

    pctx = EVP_PKEY_CTX_new(privkey, NULL);

    if (EVP_PKEY_derive_init(pctx) <= 0
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
        goto err;
    }

    pms = OPENSSL_malloc(pmslen);
    if (pms == NULL)
        goto err;

    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
        goto err;

4689 4690 4691
    if (gensecret) {
        if (SSL_IS_TLS13(s)) {
            /*
4692 4693
             * If we are resuming then we already generated the early secret
             * when we created the ClientHello, so don't recreate it.
4694
             */
4695 4696 4697 4698
            if (!s->hit)
                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
                                           0,
                                           (unsigned char *)&s->early_secret);
4699 4700 4701
            else
                rv = 1;

4702
            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4703
        } else {
4704
            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4705
        }
4706
    } else {
4707
        /* Save premaster secret */
4708 4709 4710 4711 4712 4713
        s->s3->tmp.pms = pms;
        s->s3->tmp.pmslen = pmslen;
        pms = NULL;
        rv = 1;
    }

E
Emilia Kasper 已提交
4714
 err:
4715 4716 4717 4718
    OPENSSL_clear_free(pms, pmslen);
    EVP_PKEY_CTX_free(pctx);
    return rv;
}
D
Dr. Stephen Henson 已提交
4719

B
Ben Laurie 已提交
4720
#ifndef OPENSSL_NO_DH
D
Dr. Stephen Henson 已提交
4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
    EVP_PKEY *ret;
    if (dh == NULL)
        return NULL;
    ret = EVP_PKEY_new();
    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
        EVP_PKEY_free(ret);
        return NULL;
    }
    return ret;
}
B
Ben Laurie 已提交
4733
#endif