summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-07-12 22:33:39 +0000
committerjsing <>2014-07-12 22:33:39 +0000
commita5fd5047b3335510b9ae8ea0b02073c33c7a8f72 (patch)
treeac193b1a184864cbde82877d05b433080052c5d1
parente0fe7621bce09dd6ba62ddb9889bc82d64e677f7 (diff)
downloadopenbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.tar.gz
openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.tar.bz2
openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.zip
The correct name for EDH is DHE, likewise EECDH should be ECDHE.
Based on changes to OpenSSL trunk. ok beck@ miod@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_clnt.c6
-rw-r--r--src/lib/libssl/d1_srvr.c12
-rw-r--r--src/lib/libssl/s3_clnt.c12
-rw-r--r--src/lib/libssl/s3_lib.c134
-rw-r--r--src/lib/libssl/s3_srvr.c18
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c6
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c134
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c18
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c28
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c8
-rw-r--r--src/lib/libssl/ssl_ciph.c28
-rw-r--r--src/lib/libssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/t1_lib.c8
18 files changed, 236 insertions, 236 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 004fd6e04f..552667f6c1 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -984,7 +984,7 @@ dtls1_send_client_key_exchange(SSL *s)
984 s->session->master_key, 984 s->session->master_key,
985 tmp_buf, sizeof tmp_buf); 985 tmp_buf, sizeof tmp_buf);
986 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 986 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
987 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 987 } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
988 DH *dh_srvr, *dh_clnt; 988 DH *dh_srvr, *dh_clnt;
989 989
990 if (s->session->sess_cert->peer_dh_tmp != NULL) 990 if (s->session->sess_cert->peer_dh_tmp != NULL)
@@ -1037,7 +1037,7 @@ dtls1_send_client_key_exchange(SSL *s)
1037 DH_free(dh_clnt); 1037 DH_free(dh_clnt);
1038 1038
1039 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1039 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1040 } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 1040 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
1041 const EC_GROUP *srvr_group = NULL; 1041 const EC_GROUP *srvr_group = NULL;
1042 EC_KEY *tkey; 1042 EC_KEY *tkey;
1043 int ecdh_clnt_cert = 0; 1043 int ecdh_clnt_cert = 0;
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index a94b7ed61b..ecf4a198b1 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -464,8 +464,8 @@ dtls1_accept(SSL *s)
464 /* only send if a DH key exchange or 464 /* only send if a DH key exchange or
465 * RSA but we have a sign only certificate */ 465 * RSA but we have a sign only certificate */
466 if (s->s3->tmp.use_rsa_tmp 466 if (s->s3->tmp.use_rsa_tmp
467 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 467 || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
468 || (alg_k & SSL_kEECDH) 468 || (alg_k & SSL_kECDHE)
469 || ((alg_k & SSL_kRSA) 469 || ((alg_k & SSL_kRSA)
470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
471 ) 471 )
@@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s)
1052 r[1] = rsa->e; 1052 r[1] = rsa->e;
1053 s->s3->tmp.use_rsa_tmp = 1; 1053 s->s3->tmp.use_rsa_tmp = 1;
1054 } else 1054 } else
1055 if (type & SSL_kEDH) { 1055 if (type & SSL_kDHE) {
1056 dhp = cert->dh_tmp; 1056 dhp = cert->dh_tmp;
1057 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1057 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1058 dhp = s->cert->dh_tmp_cb(s, 0, 0); 1058 dhp = s->cert->dh_tmp_cb(s, 0, 0);
@@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s)
1094 r[1] = dh->g; 1094 r[1] = dh->g;
1095 r[2] = dh->pub_key; 1095 r[2] = dh->pub_key;
1096 } else 1096 } else
1097 if (type & SSL_kEECDH) { 1097 if (type & SSL_kECDHE) {
1098 const EC_GROUP *group; 1098 const EC_GROUP *group;
1099 1099
1100 ecdhp = cert->ecdh_tmp; 1100 ecdhp = cert->ecdh_tmp;
@@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s)
1232 p += nr[i]; 1232 p += nr[i];
1233 } 1233 }
1234 1234
1235 if (type & SSL_kEECDH) { 1235 if (type & SSL_kECDHE) {
1236 /* XXX: For now, we only support named (not generic) curves. 1236 /* XXX: For now, we only support named (not generic) curves.
1237 * In this situation, the serverKeyExchange message has: 1237 * In this situation, the serverKeyExchange message has:
1238 * [1 byte CurveType], [2 byte CurveName] 1238 * [1 byte CurveType], [2 byte CurveName]
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 252100f587..b55b2e62c6 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s)
1253 } 1253 }
1254 s->session->sess_cert->peer_rsa_tmp = rsa; 1254 s->session->sess_cert->peer_rsa_tmp = rsa;
1255 rsa = NULL; 1255 rsa = NULL;
1256 } else if (alg_k & SSL_kEDH) { 1256 } else if (alg_k & SSL_kDHE) {
1257 if ((dh = DH_new()) == NULL) { 1257 if ((dh = DH_new()) == NULL) {
1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1259 ERR_R_DH_LIB); 1259 ERR_R_DH_LIB);
@@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s)
1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1329 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1329 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1330 goto f_err; 1330 goto f_err;
1331 } else if (alg_k & SSL_kEECDH) { 1331 } else if (alg_k & SSL_kECDHE) {
1332 EC_GROUP *ngroup; 1332 EC_GROUP *ngroup;
1333 const EC_GROUP *group; 1333 const EC_GROUP *group;
1334 1334
@@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s)
1987 s->method->ssl3_enc->generate_master_secret( 1987 s->method->ssl3_enc->generate_master_secret(
1988 s, s->session->master_key, tmp_buf, sizeof tmp_buf); 1988 s, s->session->master_key, tmp_buf, sizeof tmp_buf);
1989 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 1989 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1990 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1990 } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
1991 DH *dh_srvr, *dh_clnt; 1991 DH *dh_srvr, *dh_clnt;
1992 1992
1993 if (s->session->sess_cert == NULL) { 1993 if (s->session->sess_cert == NULL) {
@@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s)
2051 DH_free(dh_clnt); 2051 DH_free(dh_clnt);
2052 2052
2053 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2053 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2054 } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 2054 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2055 const EC_GROUP *srvr_group = NULL; 2055 const EC_GROUP *srvr_group = NULL;
2056 EC_KEY *tkey; 2056 EC_KEY *tkey;
2057 int ecdh_clnt_cert = 0; 2057 int ecdh_clnt_cert = 0;
@@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2640 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2640 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2641 goto f_err; 2641 goto f_err;
2642 } 2642 }
2643 if ((alg_k & SSL_kEDH) && 2643 if ((alg_k & SSL_kDHE) &&
2644 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2644 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2645 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2645 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2646 SSL_R_MISSING_DH_KEY); 2646 SSL_R_MISSING_DH_KEY);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f94e207fc4..decdda90a3 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -433,7 +433,7 @@ SSL_CIPHER ssl3_ciphers[] = {
433 .valid = 0, /* Weakened 40-bit export cipher. */ 433 .valid = 0, /* Weakened 40-bit export cipher. */
434 .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 434 .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
435 .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 435 .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
436 .algorithm_mkey = SSL_kEDH, 436 .algorithm_mkey = SSL_kDHE,
437 .algorithm_auth = SSL_aDSS, 437 .algorithm_auth = SSL_aDSS,
438 .algorithm_enc = SSL_DES, 438 .algorithm_enc = SSL_DES,
439 .algorithm_mac = SSL_SHA1, 439 .algorithm_mac = SSL_SHA1,
@@ -449,7 +449,7 @@ SSL_CIPHER ssl3_ciphers[] = {
449 .valid = 1, 449 .valid = 1,
450 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 450 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
451 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 451 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
452 .algorithm_mkey = SSL_kEDH, 452 .algorithm_mkey = SSL_kDHE,
453 .algorithm_auth = SSL_aDSS, 453 .algorithm_auth = SSL_aDSS,
454 .algorithm_enc = SSL_DES, 454 .algorithm_enc = SSL_DES,
455 .algorithm_mac = SSL_SHA1, 455 .algorithm_mac = SSL_SHA1,
@@ -465,7 +465,7 @@ SSL_CIPHER ssl3_ciphers[] = {
465 .valid = 1, 465 .valid = 1,
466 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 466 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
467 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 467 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
468 .algorithm_mkey = SSL_kEDH, 468 .algorithm_mkey = SSL_kDHE,
469 .algorithm_auth = SSL_aDSS, 469 .algorithm_auth = SSL_aDSS,
470 .algorithm_enc = SSL_3DES, 470 .algorithm_enc = SSL_3DES,
471 .algorithm_mac = SSL_SHA1, 471 .algorithm_mac = SSL_SHA1,
@@ -481,7 +481,7 @@ SSL_CIPHER ssl3_ciphers[] = {
481 .valid = 0, /* Weakened 40-bit export cipher. */ 481 .valid = 0, /* Weakened 40-bit export cipher. */
482 .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 482 .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
483 .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 483 .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
484 .algorithm_mkey = SSL_kEDH, 484 .algorithm_mkey = SSL_kDHE,
485 .algorithm_auth = SSL_aRSA, 485 .algorithm_auth = SSL_aRSA,
486 .algorithm_enc = SSL_DES, 486 .algorithm_enc = SSL_DES,
487 .algorithm_mac = SSL_SHA1, 487 .algorithm_mac = SSL_SHA1,
@@ -497,7 +497,7 @@ SSL_CIPHER ssl3_ciphers[] = {
497 .valid = 1, 497 .valid = 1,
498 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 498 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
499 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 499 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
500 .algorithm_mkey = SSL_kEDH, 500 .algorithm_mkey = SSL_kDHE,
501 .algorithm_auth = SSL_aRSA, 501 .algorithm_auth = SSL_aRSA,
502 .algorithm_enc = SSL_DES, 502 .algorithm_enc = SSL_DES,
503 .algorithm_mac = SSL_SHA1, 503 .algorithm_mac = SSL_SHA1,
@@ -513,7 +513,7 @@ SSL_CIPHER ssl3_ciphers[] = {
513 .valid = 1, 513 .valid = 1,
514 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 514 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
515 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 515 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
516 .algorithm_mkey = SSL_kEDH, 516 .algorithm_mkey = SSL_kDHE,
517 .algorithm_auth = SSL_aRSA, 517 .algorithm_auth = SSL_aRSA,
518 .algorithm_enc = SSL_3DES, 518 .algorithm_enc = SSL_3DES,
519 .algorithm_mac = SSL_SHA1, 519 .algorithm_mac = SSL_SHA1,
@@ -529,7 +529,7 @@ SSL_CIPHER ssl3_ciphers[] = {
529 .valid = 0, /* Weakened 40-bit export cipher. */ 529 .valid = 0, /* Weakened 40-bit export cipher. */
530 .name = SSL3_TXT_ADH_RC4_40_MD5, 530 .name = SSL3_TXT_ADH_RC4_40_MD5,
531 .id = SSL3_CK_ADH_RC4_40_MD5, 531 .id = SSL3_CK_ADH_RC4_40_MD5,
532 .algorithm_mkey = SSL_kEDH, 532 .algorithm_mkey = SSL_kDHE,
533 .algorithm_auth = SSL_aNULL, 533 .algorithm_auth = SSL_aNULL,
534 .algorithm_enc = SSL_RC4, 534 .algorithm_enc = SSL_RC4,
535 .algorithm_mac = SSL_MD5, 535 .algorithm_mac = SSL_MD5,
@@ -545,7 +545,7 @@ SSL_CIPHER ssl3_ciphers[] = {
545 .valid = 1, 545 .valid = 1,
546 .name = SSL3_TXT_ADH_RC4_128_MD5, 546 .name = SSL3_TXT_ADH_RC4_128_MD5,
547 .id = SSL3_CK_ADH_RC4_128_MD5, 547 .id = SSL3_CK_ADH_RC4_128_MD5,
548 .algorithm_mkey = SSL_kEDH, 548 .algorithm_mkey = SSL_kDHE,
549 .algorithm_auth = SSL_aNULL, 549 .algorithm_auth = SSL_aNULL,
550 .algorithm_enc = SSL_RC4, 550 .algorithm_enc = SSL_RC4,
551 .algorithm_mac = SSL_MD5, 551 .algorithm_mac = SSL_MD5,
@@ -561,7 +561,7 @@ SSL_CIPHER ssl3_ciphers[] = {
561 .valid = 0, /* Weakened 40-bit export cipher. */ 561 .valid = 0, /* Weakened 40-bit export cipher. */
562 .name = SSL3_TXT_ADH_DES_40_CBC_SHA, 562 .name = SSL3_TXT_ADH_DES_40_CBC_SHA,
563 .id = SSL3_CK_ADH_DES_40_CBC_SHA, 563 .id = SSL3_CK_ADH_DES_40_CBC_SHA,
564 .algorithm_mkey = SSL_kEDH, 564 .algorithm_mkey = SSL_kDHE,
565 .algorithm_auth = SSL_aNULL, 565 .algorithm_auth = SSL_aNULL,
566 .algorithm_enc = SSL_DES, 566 .algorithm_enc = SSL_DES,
567 .algorithm_mac = SSL_SHA1, 567 .algorithm_mac = SSL_SHA1,
@@ -577,7 +577,7 @@ SSL_CIPHER ssl3_ciphers[] = {
577 .valid = 1, 577 .valid = 1,
578 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 578 .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
579 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 579 .id = SSL3_CK_ADH_DES_64_CBC_SHA,
580 .algorithm_mkey = SSL_kEDH, 580 .algorithm_mkey = SSL_kDHE,
581 .algorithm_auth = SSL_aNULL, 581 .algorithm_auth = SSL_aNULL,
582 .algorithm_enc = SSL_DES, 582 .algorithm_enc = SSL_DES,
583 .algorithm_mac = SSL_SHA1, 583 .algorithm_mac = SSL_SHA1,
@@ -593,7 +593,7 @@ SSL_CIPHER ssl3_ciphers[] = {
593 .valid = 1, 593 .valid = 1,
594 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 594 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
595 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 595 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
596 .algorithm_mkey = SSL_kEDH, 596 .algorithm_mkey = SSL_kDHE,
597 .algorithm_auth = SSL_aNULL, 597 .algorithm_auth = SSL_aNULL,
598 .algorithm_enc = SSL_3DES, 598 .algorithm_enc = SSL_3DES,
599 .algorithm_mac = SSL_SHA1, 599 .algorithm_mac = SSL_SHA1,
@@ -655,7 +655,7 @@ SSL_CIPHER ssl3_ciphers[] = {
655 .valid = 1, 655 .valid = 1,
656 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 656 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
657 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 657 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
658 .algorithm_mkey = SSL_kEDH, 658 .algorithm_mkey = SSL_kDHE,
659 .algorithm_auth = SSL_aDSS, 659 .algorithm_auth = SSL_aDSS,
660 .algorithm_enc = SSL_AES128, 660 .algorithm_enc = SSL_AES128,
661 .algorithm_mac = SSL_SHA1, 661 .algorithm_mac = SSL_SHA1,
@@ -670,7 +670,7 @@ SSL_CIPHER ssl3_ciphers[] = {
670 .valid = 1, 670 .valid = 1,
671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
673 .algorithm_mkey = SSL_kEDH, 673 .algorithm_mkey = SSL_kDHE,
674 .algorithm_auth = SSL_aRSA, 674 .algorithm_auth = SSL_aRSA,
675 .algorithm_enc = SSL_AES128, 675 .algorithm_enc = SSL_AES128,
676 .algorithm_mac = SSL_SHA1, 676 .algorithm_mac = SSL_SHA1,
@@ -685,7 +685,7 @@ SSL_CIPHER ssl3_ciphers[] = {
685 .valid = 1, 685 .valid = 1,
686 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 686 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
687 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 687 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
688 .algorithm_mkey = SSL_kEDH, 688 .algorithm_mkey = SSL_kDHE,
689 .algorithm_auth = SSL_aNULL, 689 .algorithm_auth = SSL_aNULL,
690 .algorithm_enc = SSL_AES128, 690 .algorithm_enc = SSL_AES128,
691 .algorithm_mac = SSL_SHA1, 691 .algorithm_mac = SSL_SHA1,
@@ -748,7 +748,7 @@ SSL_CIPHER ssl3_ciphers[] = {
748 .valid = 1, 748 .valid = 1,
749 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 749 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
750 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 750 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
751 .algorithm_mkey = SSL_kEDH, 751 .algorithm_mkey = SSL_kDHE,
752 .algorithm_auth = SSL_aDSS, 752 .algorithm_auth = SSL_aDSS,
753 .algorithm_enc = SSL_AES256, 753 .algorithm_enc = SSL_AES256,
754 .algorithm_mac = SSL_SHA1, 754 .algorithm_mac = SSL_SHA1,
@@ -764,7 +764,7 @@ SSL_CIPHER ssl3_ciphers[] = {
764 .valid = 1, 764 .valid = 1,
765 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 765 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
766 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 766 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
767 .algorithm_mkey = SSL_kEDH, 767 .algorithm_mkey = SSL_kDHE,
768 .algorithm_auth = SSL_aRSA, 768 .algorithm_auth = SSL_aRSA,
769 .algorithm_enc = SSL_AES256, 769 .algorithm_enc = SSL_AES256,
770 .algorithm_mac = SSL_SHA1, 770 .algorithm_mac = SSL_SHA1,
@@ -780,7 +780,7 @@ SSL_CIPHER ssl3_ciphers[] = {
780 .valid = 1, 780 .valid = 1,
781 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 781 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
782 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 782 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
783 .algorithm_mkey = SSL_kEDH, 783 .algorithm_mkey = SSL_kDHE,
784 .algorithm_auth = SSL_aNULL, 784 .algorithm_auth = SSL_aNULL,
785 .algorithm_enc = SSL_AES256, 785 .algorithm_enc = SSL_AES256,
786 .algorithm_mac = SSL_SHA1, 786 .algorithm_mac = SSL_SHA1,
@@ -877,7 +877,7 @@ SSL_CIPHER ssl3_ciphers[] = {
877 .valid = 1, 877 .valid = 1,
878 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 878 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
879 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 879 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
880 .algorithm_mkey = SSL_kEDH, 880 .algorithm_mkey = SSL_kDHE,
881 .algorithm_auth = SSL_aDSS, 881 .algorithm_auth = SSL_aDSS,
882 .algorithm_enc = SSL_AES128, 882 .algorithm_enc = SSL_AES128,
883 .algorithm_mac = SSL_SHA256, 883 .algorithm_mac = SSL_SHA256,
@@ -944,7 +944,7 @@ SSL_CIPHER ssl3_ciphers[] = {
944 .valid = 1, 944 .valid = 1,
945 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 945 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
946 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 946 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
947 .algorithm_mkey = SSL_kEDH, 947 .algorithm_mkey = SSL_kDHE,
948 .algorithm_auth = SSL_aDSS, 948 .algorithm_auth = SSL_aDSS,
949 .algorithm_enc = SSL_CAMELLIA128, 949 .algorithm_enc = SSL_CAMELLIA128,
950 .algorithm_mac = SSL_SHA1, 950 .algorithm_mac = SSL_SHA1,
@@ -960,7 +960,7 @@ SSL_CIPHER ssl3_ciphers[] = {
960 .valid = 1, 960 .valid = 1,
961 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 961 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 962 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
963 .algorithm_mkey = SSL_kEDH, 963 .algorithm_mkey = SSL_kDHE,
964 .algorithm_auth = SSL_aRSA, 964 .algorithm_auth = SSL_aRSA,
965 .algorithm_enc = SSL_CAMELLIA128, 965 .algorithm_enc = SSL_CAMELLIA128,
966 .algorithm_mac = SSL_SHA1, 966 .algorithm_mac = SSL_SHA1,
@@ -976,7 +976,7 @@ SSL_CIPHER ssl3_ciphers[] = {
976 .valid = 1, 976 .valid = 1,
977 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 977 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
978 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 978 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
979 .algorithm_mkey = SSL_kEDH, 979 .algorithm_mkey = SSL_kDHE,
980 .algorithm_auth = SSL_aNULL, 980 .algorithm_auth = SSL_aNULL,
981 .algorithm_enc = SSL_CAMELLIA128, 981 .algorithm_enc = SSL_CAMELLIA128,
982 .algorithm_mac = SSL_SHA1, 982 .algorithm_mac = SSL_SHA1,
@@ -994,7 +994,7 @@ SSL_CIPHER ssl3_ciphers[] = {
994 .valid = 1, 994 .valid = 1,
995 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 995 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
996 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 996 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
997 .algorithm_mkey = SSL_kEDH, 997 .algorithm_mkey = SSL_kDHE,
998 .algorithm_auth = SSL_aRSA, 998 .algorithm_auth = SSL_aRSA,
999 .algorithm_enc = SSL_AES128, 999 .algorithm_enc = SSL_AES128,
1000 .algorithm_mac = SSL_SHA256, 1000 .algorithm_mac = SSL_SHA256,
@@ -1042,7 +1042,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1042 .valid = 1, 1042 .valid = 1,
1043 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1043 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1044 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1044 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1045 .algorithm_mkey = SSL_kEDH, 1045 .algorithm_mkey = SSL_kDHE,
1046 .algorithm_auth = SSL_aDSS, 1046 .algorithm_auth = SSL_aDSS,
1047 .algorithm_enc = SSL_AES256, 1047 .algorithm_enc = SSL_AES256,
1048 .algorithm_mac = SSL_SHA256, 1048 .algorithm_mac = SSL_SHA256,
@@ -1058,7 +1058,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1058 .valid = 1, 1058 .valid = 1,
1059 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1059 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1060 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1060 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1061 .algorithm_mkey = SSL_kEDH, 1061 .algorithm_mkey = SSL_kDHE,
1062 .algorithm_auth = SSL_aRSA, 1062 .algorithm_auth = SSL_aRSA,
1063 .algorithm_enc = SSL_AES256, 1063 .algorithm_enc = SSL_AES256,
1064 .algorithm_mac = SSL_SHA256, 1064 .algorithm_mac = SSL_SHA256,
@@ -1074,7 +1074,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1074 .valid = 1, 1074 .valid = 1,
1075 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 1075 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
1076 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 1076 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
1077 .algorithm_mkey = SSL_kEDH, 1077 .algorithm_mkey = SSL_kDHE,
1078 .algorithm_auth = SSL_aNULL, 1078 .algorithm_auth = SSL_aNULL,
1079 .algorithm_enc = SSL_AES128, 1079 .algorithm_enc = SSL_AES128,
1080 .algorithm_mac = SSL_SHA256, 1080 .algorithm_mac = SSL_SHA256,
@@ -1090,7 +1090,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1090 .valid = 1, 1090 .valid = 1,
1091 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 1091 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
1092 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 1092 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
1093 .algorithm_mkey = SSL_kEDH, 1093 .algorithm_mkey = SSL_kDHE,
1094 .algorithm_auth = SSL_aNULL, 1094 .algorithm_auth = SSL_aNULL,
1095 .algorithm_enc = SSL_AES256, 1095 .algorithm_enc = SSL_AES256,
1096 .algorithm_mac = SSL_SHA256, 1096 .algorithm_mac = SSL_SHA256,
@@ -1218,7 +1218,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1218 .valid = 1, 1218 .valid = 1,
1219 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1219 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1220 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1220 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1221 .algorithm_mkey = SSL_kEDH, 1221 .algorithm_mkey = SSL_kDHE,
1222 .algorithm_auth = SSL_aDSS, 1222 .algorithm_auth = SSL_aDSS,
1223 .algorithm_enc = SSL_CAMELLIA256, 1223 .algorithm_enc = SSL_CAMELLIA256,
1224 .algorithm_mac = SSL_SHA1, 1224 .algorithm_mac = SSL_SHA1,
@@ -1234,7 +1234,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1234 .valid = 1, 1234 .valid = 1,
1235 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1235 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1236 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1236 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1237 .algorithm_mkey = SSL_kEDH, 1237 .algorithm_mkey = SSL_kDHE,
1238 .algorithm_auth = SSL_aRSA, 1238 .algorithm_auth = SSL_aRSA,
1239 .algorithm_enc = SSL_CAMELLIA256, 1239 .algorithm_enc = SSL_CAMELLIA256,
1240 .algorithm_mac = SSL_SHA1, 1240 .algorithm_mac = SSL_SHA1,
@@ -1250,7 +1250,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1250 .valid = 1, 1250 .valid = 1,
1251 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1251 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1252 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1252 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1253 .algorithm_mkey = SSL_kEDH, 1253 .algorithm_mkey = SSL_kDHE,
1254 .algorithm_auth = SSL_aNULL, 1254 .algorithm_auth = SSL_aNULL,
1255 .algorithm_enc = SSL_CAMELLIA256, 1255 .algorithm_enc = SSL_CAMELLIA256,
1256 .algorithm_mac = SSL_SHA1, 1256 .algorithm_mac = SSL_SHA1,
@@ -1306,7 +1306,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1306 .valid = 1, 1306 .valid = 1,
1307 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1307 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1308 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1308 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1309 .algorithm_mkey = SSL_kEDH, 1309 .algorithm_mkey = SSL_kDHE,
1310 .algorithm_auth = SSL_aRSA, 1310 .algorithm_auth = SSL_aRSA,
1311 .algorithm_enc = SSL_AES128GCM, 1311 .algorithm_enc = SSL_AES128GCM,
1312 .algorithm_mac = SSL_AEAD, 1312 .algorithm_mac = SSL_AEAD,
@@ -1324,7 +1324,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1324 .valid = 1, 1324 .valid = 1,
1325 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1325 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1326 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1326 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1327 .algorithm_mkey = SSL_kEDH, 1327 .algorithm_mkey = SSL_kDHE,
1328 .algorithm_auth = SSL_aRSA, 1328 .algorithm_auth = SSL_aRSA,
1329 .algorithm_enc = SSL_AES256GCM, 1329 .algorithm_enc = SSL_AES256GCM,
1330 .algorithm_mac = SSL_AEAD, 1330 .algorithm_mac = SSL_AEAD,
@@ -1378,7 +1378,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1378 .valid = 1, 1378 .valid = 1,
1379 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1379 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1380 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1380 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1381 .algorithm_mkey = SSL_kEDH, 1381 .algorithm_mkey = SSL_kDHE,
1382 .algorithm_auth = SSL_aDSS, 1382 .algorithm_auth = SSL_aDSS,
1383 .algorithm_enc = SSL_AES128GCM, 1383 .algorithm_enc = SSL_AES128GCM,
1384 .algorithm_mac = SSL_AEAD, 1384 .algorithm_mac = SSL_AEAD,
@@ -1396,7 +1396,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1396 .valid = 1, 1396 .valid = 1,
1397 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1397 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1398 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1398 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1399 .algorithm_mkey = SSL_kEDH, 1399 .algorithm_mkey = SSL_kDHE,
1400 .algorithm_auth = SSL_aDSS, 1400 .algorithm_auth = SSL_aDSS,
1401 .algorithm_enc = SSL_AES256GCM, 1401 .algorithm_enc = SSL_AES256GCM,
1402 .algorithm_mac = SSL_AEAD, 1402 .algorithm_mac = SSL_AEAD,
@@ -1450,7 +1450,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1450 .valid = 1, 1450 .valid = 1,
1451 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1451 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1452 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1452 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1453 .algorithm_mkey = SSL_kEDH, 1453 .algorithm_mkey = SSL_kDHE,
1454 .algorithm_auth = SSL_aNULL, 1454 .algorithm_auth = SSL_aNULL,
1455 .algorithm_enc = SSL_AES128GCM, 1455 .algorithm_enc = SSL_AES128GCM,
1456 .algorithm_mac = SSL_AEAD, 1456 .algorithm_mac = SSL_AEAD,
@@ -1468,7 +1468,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1468 .valid = 1, 1468 .valid = 1,
1469 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 1469 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1470 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 1470 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
1471 .algorithm_mkey = SSL_kEDH, 1471 .algorithm_mkey = SSL_kDHE,
1472 .algorithm_auth = SSL_aNULL, 1472 .algorithm_auth = SSL_aNULL,
1473 .algorithm_enc = SSL_AES256GCM, 1473 .algorithm_enc = SSL_AES256GCM,
1474 .algorithm_mac = SSL_AEAD, 1474 .algorithm_mac = SSL_AEAD,
@@ -1566,7 +1566,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1566 .valid = 1, 1566 .valid = 1,
1567 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1567 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1568 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1568 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1569 .algorithm_mkey = SSL_kEECDH, 1569 .algorithm_mkey = SSL_kECDHE,
1570 .algorithm_auth = SSL_aECDSA, 1570 .algorithm_auth = SSL_aECDSA,
1571 .algorithm_enc = SSL_eNULL, 1571 .algorithm_enc = SSL_eNULL,
1572 .algorithm_mac = SSL_SHA1, 1572 .algorithm_mac = SSL_SHA1,
@@ -1582,7 +1582,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1582 .valid = 1, 1582 .valid = 1,
1583 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1583 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1584 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1584 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1585 .algorithm_mkey = SSL_kEECDH, 1585 .algorithm_mkey = SSL_kECDHE,
1586 .algorithm_auth = SSL_aECDSA, 1586 .algorithm_auth = SSL_aECDSA,
1587 .algorithm_enc = SSL_RC4, 1587 .algorithm_enc = SSL_RC4,
1588 .algorithm_mac = SSL_SHA1, 1588 .algorithm_mac = SSL_SHA1,
@@ -1598,7 +1598,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1598 .valid = 1, 1598 .valid = 1,
1599 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1599 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1600 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1600 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1601 .algorithm_mkey = SSL_kEECDH, 1601 .algorithm_mkey = SSL_kECDHE,
1602 .algorithm_auth = SSL_aECDSA, 1602 .algorithm_auth = SSL_aECDSA,
1603 .algorithm_enc = SSL_3DES, 1603 .algorithm_enc = SSL_3DES,
1604 .algorithm_mac = SSL_SHA1, 1604 .algorithm_mac = SSL_SHA1,
@@ -1614,7 +1614,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1614 .valid = 1, 1614 .valid = 1,
1615 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1615 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1616 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1616 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1617 .algorithm_mkey = SSL_kEECDH, 1617 .algorithm_mkey = SSL_kECDHE,
1618 .algorithm_auth = SSL_aECDSA, 1618 .algorithm_auth = SSL_aECDSA,
1619 .algorithm_enc = SSL_AES128, 1619 .algorithm_enc = SSL_AES128,
1620 .algorithm_mac = SSL_SHA1, 1620 .algorithm_mac = SSL_SHA1,
@@ -1630,7 +1630,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1630 .valid = 1, 1630 .valid = 1,
1631 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1631 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1632 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1632 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1633 .algorithm_mkey = SSL_kEECDH, 1633 .algorithm_mkey = SSL_kECDHE,
1634 .algorithm_auth = SSL_aECDSA, 1634 .algorithm_auth = SSL_aECDSA,
1635 .algorithm_enc = SSL_AES256, 1635 .algorithm_enc = SSL_AES256,
1636 .algorithm_mac = SSL_SHA1, 1636 .algorithm_mac = SSL_SHA1,
@@ -1726,7 +1726,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1726 .valid = 1, 1726 .valid = 1,
1727 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1727 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1728 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1728 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1729 .algorithm_mkey = SSL_kEECDH, 1729 .algorithm_mkey = SSL_kECDHE,
1730 .algorithm_auth = SSL_aRSA, 1730 .algorithm_auth = SSL_aRSA,
1731 .algorithm_enc = SSL_eNULL, 1731 .algorithm_enc = SSL_eNULL,
1732 .algorithm_mac = SSL_SHA1, 1732 .algorithm_mac = SSL_SHA1,
@@ -1742,7 +1742,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1742 .valid = 1, 1742 .valid = 1,
1743 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1743 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1744 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1744 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1745 .algorithm_mkey = SSL_kEECDH, 1745 .algorithm_mkey = SSL_kECDHE,
1746 .algorithm_auth = SSL_aRSA, 1746 .algorithm_auth = SSL_aRSA,
1747 .algorithm_enc = SSL_RC4, 1747 .algorithm_enc = SSL_RC4,
1748 .algorithm_mac = SSL_SHA1, 1748 .algorithm_mac = SSL_SHA1,
@@ -1758,7 +1758,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1758 .valid = 1, 1758 .valid = 1,
1759 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1759 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1760 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1760 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1761 .algorithm_mkey = SSL_kEECDH, 1761 .algorithm_mkey = SSL_kECDHE,
1762 .algorithm_auth = SSL_aRSA, 1762 .algorithm_auth = SSL_aRSA,
1763 .algorithm_enc = SSL_3DES, 1763 .algorithm_enc = SSL_3DES,
1764 .algorithm_mac = SSL_SHA1, 1764 .algorithm_mac = SSL_SHA1,
@@ -1774,7 +1774,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1774 .valid = 1, 1774 .valid = 1,
1775 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1775 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1776 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1776 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1777 .algorithm_mkey = SSL_kEECDH, 1777 .algorithm_mkey = SSL_kECDHE,
1778 .algorithm_auth = SSL_aRSA, 1778 .algorithm_auth = SSL_aRSA,
1779 .algorithm_enc = SSL_AES128, 1779 .algorithm_enc = SSL_AES128,
1780 .algorithm_mac = SSL_SHA1, 1780 .algorithm_mac = SSL_SHA1,
@@ -1790,7 +1790,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1790 .valid = 1, 1790 .valid = 1,
1791 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1791 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1792 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1792 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1793 .algorithm_mkey = SSL_kEECDH, 1793 .algorithm_mkey = SSL_kECDHE,
1794 .algorithm_auth = SSL_aRSA, 1794 .algorithm_auth = SSL_aRSA,
1795 .algorithm_enc = SSL_AES256, 1795 .algorithm_enc = SSL_AES256,
1796 .algorithm_mac = SSL_SHA1, 1796 .algorithm_mac = SSL_SHA1,
@@ -1806,7 +1806,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1806 .valid = 1, 1806 .valid = 1,
1807 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1807 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1808 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1808 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1809 .algorithm_mkey = SSL_kEECDH, 1809 .algorithm_mkey = SSL_kECDHE,
1810 .algorithm_auth = SSL_aNULL, 1810 .algorithm_auth = SSL_aNULL,
1811 .algorithm_enc = SSL_eNULL, 1811 .algorithm_enc = SSL_eNULL,
1812 .algorithm_mac = SSL_SHA1, 1812 .algorithm_mac = SSL_SHA1,
@@ -1822,7 +1822,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1822 .valid = 1, 1822 .valid = 1,
1823 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1823 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1824 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1824 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1825 .algorithm_mkey = SSL_kEECDH, 1825 .algorithm_mkey = SSL_kECDHE,
1826 .algorithm_auth = SSL_aNULL, 1826 .algorithm_auth = SSL_aNULL,
1827 .algorithm_enc = SSL_RC4, 1827 .algorithm_enc = SSL_RC4,
1828 .algorithm_mac = SSL_SHA1, 1828 .algorithm_mac = SSL_SHA1,
@@ -1838,7 +1838,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1838 .valid = 1, 1838 .valid = 1,
1839 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1839 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1840 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1840 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1841 .algorithm_mkey = SSL_kEECDH, 1841 .algorithm_mkey = SSL_kECDHE,
1842 .algorithm_auth = SSL_aNULL, 1842 .algorithm_auth = SSL_aNULL,
1843 .algorithm_enc = SSL_3DES, 1843 .algorithm_enc = SSL_3DES,
1844 .algorithm_mac = SSL_SHA1, 1844 .algorithm_mac = SSL_SHA1,
@@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1854 .valid = 1, 1854 .valid = 1,
1855 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1855 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1856 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1856 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1857 .algorithm_mkey = SSL_kEECDH, 1857 .algorithm_mkey = SSL_kECDHE,
1858 .algorithm_auth = SSL_aNULL, 1858 .algorithm_auth = SSL_aNULL,
1859 .algorithm_enc = SSL_AES128, 1859 .algorithm_enc = SSL_AES128,
1860 .algorithm_mac = SSL_SHA1, 1860 .algorithm_mac = SSL_SHA1,
@@ -1870,7 +1870,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1870 .valid = 1, 1870 .valid = 1,
1871 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1871 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1872 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1872 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1873 .algorithm_mkey = SSL_kEECDH, 1873 .algorithm_mkey = SSL_kECDHE,
1874 .algorithm_auth = SSL_aNULL, 1874 .algorithm_auth = SSL_aNULL,
1875 .algorithm_enc = SSL_AES256, 1875 .algorithm_enc = SSL_AES256,
1876 .algorithm_mac = SSL_SHA1, 1876 .algorithm_mac = SSL_SHA1,
@@ -1889,7 +1889,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1889 .valid = 1, 1889 .valid = 1,
1890 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1890 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1891 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1891 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1892 .algorithm_mkey = SSL_kEECDH, 1892 .algorithm_mkey = SSL_kECDHE,
1893 .algorithm_auth = SSL_aECDSA, 1893 .algorithm_auth = SSL_aECDSA,
1894 .algorithm_enc = SSL_AES128, 1894 .algorithm_enc = SSL_AES128,
1895 .algorithm_mac = SSL_SHA256, 1895 .algorithm_mac = SSL_SHA256,
@@ -1905,7 +1905,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1905 .valid = 1, 1905 .valid = 1,
1906 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1906 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1907 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1907 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1908 .algorithm_mkey = SSL_kEECDH, 1908 .algorithm_mkey = SSL_kECDHE,
1909 .algorithm_auth = SSL_aECDSA, 1909 .algorithm_auth = SSL_aECDSA,
1910 .algorithm_enc = SSL_AES256, 1910 .algorithm_enc = SSL_AES256,
1911 .algorithm_mac = SSL_SHA384, 1911 .algorithm_mac = SSL_SHA384,
@@ -1953,7 +1953,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1953 .valid = 1, 1953 .valid = 1,
1954 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1954 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1955 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1955 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1956 .algorithm_mkey = SSL_kEECDH, 1956 .algorithm_mkey = SSL_kECDHE,
1957 .algorithm_auth = SSL_aRSA, 1957 .algorithm_auth = SSL_aRSA,
1958 .algorithm_enc = SSL_AES128, 1958 .algorithm_enc = SSL_AES128,
1959 .algorithm_mac = SSL_SHA256, 1959 .algorithm_mac = SSL_SHA256,
@@ -1969,7 +1969,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1969 .valid = 1, 1969 .valid = 1,
1970 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1970 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1971 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1971 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1972 .algorithm_mkey = SSL_kEECDH, 1972 .algorithm_mkey = SSL_kECDHE,
1973 .algorithm_auth = SSL_aRSA, 1973 .algorithm_auth = SSL_aRSA,
1974 .algorithm_enc = SSL_AES256, 1974 .algorithm_enc = SSL_AES256,
1975 .algorithm_mac = SSL_SHA384, 1975 .algorithm_mac = SSL_SHA384,
@@ -2019,7 +2019,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2019 .valid = 1, 2019 .valid = 1,
2020 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2020 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2021 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2021 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2022 .algorithm_mkey = SSL_kEECDH, 2022 .algorithm_mkey = SSL_kECDHE,
2023 .algorithm_auth = SSL_aECDSA, 2023 .algorithm_auth = SSL_aECDSA,
2024 .algorithm_enc = SSL_AES128GCM, 2024 .algorithm_enc = SSL_AES128GCM,
2025 .algorithm_mac = SSL_AEAD, 2025 .algorithm_mac = SSL_AEAD,
@@ -2037,7 +2037,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2037 .valid = 1, 2037 .valid = 1,
2038 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2038 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2039 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2039 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2040 .algorithm_mkey = SSL_kEECDH, 2040 .algorithm_mkey = SSL_kECDHE,
2041 .algorithm_auth = SSL_aECDSA, 2041 .algorithm_auth = SSL_aECDSA,
2042 .algorithm_enc = SSL_AES256GCM, 2042 .algorithm_enc = SSL_AES256GCM,
2043 .algorithm_mac = SSL_AEAD, 2043 .algorithm_mac = SSL_AEAD,
@@ -2091,7 +2091,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2091 .valid = 1, 2091 .valid = 1,
2092 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2092 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2093 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2093 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2094 .algorithm_mkey = SSL_kEECDH, 2094 .algorithm_mkey = SSL_kECDHE,
2095 .algorithm_auth = SSL_aRSA, 2095 .algorithm_auth = SSL_aRSA,
2096 .algorithm_enc = SSL_AES128GCM, 2096 .algorithm_enc = SSL_AES128GCM,
2097 .algorithm_mac = SSL_AEAD, 2097 .algorithm_mac = SSL_AEAD,
@@ -2109,7 +2109,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2109 .valid = 1, 2109 .valid = 1,
2110 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2110 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2111 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2111 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2112 .algorithm_mkey = SSL_kEECDH, 2112 .algorithm_mkey = SSL_kECDHE,
2113 .algorithm_auth = SSL_aRSA, 2113 .algorithm_auth = SSL_aRSA,
2114 .algorithm_enc = SSL_AES256GCM, 2114 .algorithm_enc = SSL_AES256GCM,
2115 .algorithm_mac = SSL_AEAD, 2115 .algorithm_mac = SSL_AEAD,
@@ -2224,7 +2224,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2224 .valid = 1, 2224 .valid = 1,
2225 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 2225 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2226 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 2226 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
2227 .algorithm_mkey = SSL_kEECDH, 2227 .algorithm_mkey = SSL_kECDHE,
2228 .algorithm_auth = SSL_aRSA, 2228 .algorithm_auth = SSL_aRSA,
2229 .algorithm_enc = SSL_CHACHA20POLY1305, 2229 .algorithm_enc = SSL_CHACHA20POLY1305,
2230 .algorithm_mac = SSL_AEAD, 2230 .algorithm_mac = SSL_AEAD,
@@ -2240,7 +2240,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2240 .valid = 1, 2240 .valid = 1,
2241 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 2241 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2242 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 2242 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
2243 .algorithm_mkey = SSL_kEECDH, 2243 .algorithm_mkey = SSL_kECDHE,
2244 .algorithm_auth = SSL_aECDSA, 2244 .algorithm_auth = SSL_aECDSA,
2245 .algorithm_enc = SSL_CHACHA20POLY1305, 2245 .algorithm_enc = SSL_CHACHA20POLY1305,
2246 .algorithm_mac = SSL_AEAD, 2246 .algorithm_mac = SSL_AEAD,
@@ -2256,7 +2256,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2256 .valid = 1, 2256 .valid = 1,
2257 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 2257 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2258 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 2258 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
2259 .algorithm_mkey = SSL_kEDH, 2259 .algorithm_mkey = SSL_kDHE,
2260 .algorithm_auth = SSL_aRSA, 2260 .algorithm_auth = SSL_aRSA,
2261 .algorithm_enc = SSL_CHACHA20POLY1305, 2261 .algorithm_enc = SSL_CHACHA20POLY1305,
2262 .algorithm_mac = SSL_AEAD, 2262 .algorithm_mac = SSL_AEAD,
@@ -3069,7 +3069,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3069 * if we are considering an ECC cipher suite that uses an 3069 * if we are considering an ECC cipher suite that uses an
3070 * ephemeral EC key 3070 * ephemeral EC key
3071 */ 3071 */
3072 (alg_k & SSL_kEECDH) 3072 (alg_k & SSL_kECDHE)
3073 /* and we have an ephemeral EC key */ 3073 /* and we have an ephemeral EC key */
3074 && (s->cert->ecdh_tmp != NULL) 3074 && (s->cert->ecdh_tmp != NULL)
3075 /* and the client specified an EllipticCurves extension */ 3075 /* and the client specified an EllipticCurves extension */
@@ -3108,7 +3108,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3108 continue; 3108 continue;
3109 ii = sk_SSL_CIPHER_find(allow, c); 3109 ii = sk_SSL_CIPHER_find(allow, c);
3110 if (ii >= 0) { 3110 if (ii >= 0) {
3111 if ((alg_k & SSL_kEECDH) && 3111 if ((alg_k & SSL_kECDHE) &&
3112 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 3112 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
3113 if (!ret) 3113 if (!ret)
3114 ret = sk_SSL_CIPHER_value(allow, ii); 3114 ret = sk_SSL_CIPHER_value(allow, ii);
@@ -3139,12 +3139,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3139 } 3139 }
3140#endif 3140#endif
3141 3141
3142 if (alg_k & (SSL_kDHr|SSL_kEDH)) { 3142 if (alg_k & (SSL_kDHr|SSL_kDHE)) {
3143 p[ret++] = SSL3_CT_RSA_FIXED_DH; 3143 p[ret++] = SSL3_CT_RSA_FIXED_DH;
3144 p[ret++] = SSL3_CT_DSS_FIXED_DH; 3144 p[ret++] = SSL3_CT_DSS_FIXED_DH;
3145 } 3145 }
3146 if ((s->version == SSL3_VERSION) && 3146 if ((s->version == SSL3_VERSION) &&
3147 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { 3147 (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) {
3148 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 3148 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3149 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 3149 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3150 } 3150 }
@@ -3157,7 +3157,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3157 3157
3158 /* 3158 /*
3159 * ECDSA certs can be used with RSA cipher suites as well 3159 * ECDSA certs can be used with RSA cipher suites as well
3160 * so we don't need to check for SSL_kECDH or SSL_kEECDH 3160 * so we don't need to check for SSL_kECDH or SSL_kECDHE
3161 */ 3161 */
3162 if (s->version >= TLS1_VERSION) { 3162 if (s->version >= TLS1_VERSION) {
3163 p[ret++] = TLS_CT_ECDSA_SIGN; 3163 p[ret++] = TLS_CT_ECDSA_SIGN;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index e0a7d78995..8d47a16b55 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -422,8 +422,8 @@ ssl3_accept(SSL *s)
422 * public key for key exchange. 422 * public key for key exchange.
423 */ 423 */
424 if (s->s3->tmp.use_rsa_tmp || 424 if (s->s3->tmp.use_rsa_tmp ||
425 (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) || 425 (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) ||
426 (alg_k & SSL_kEECDH) || 426 (alg_k & SSL_kECDHE) ||
427 ((alg_k & SSL_kRSA) && 427 ((alg_k & SSL_kRSA) &&
428 (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == 428 (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
429 NULL))) { 429 NULL))) {
@@ -1416,7 +1416,7 @@ ssl3_send_server_key_exchange(SSL *s)
1416 r[1] = rsa->e; 1416 r[1] = rsa->e;
1417 s->s3->tmp.use_rsa_tmp = 1; 1417 s->s3->tmp.use_rsa_tmp = 1;
1418 } else 1418 } else
1419 if (type & SSL_kEDH) { 1419 if (type & SSL_kDHE) {
1420 dhp = cert->dh_tmp; 1420 dhp = cert->dh_tmp;
1421 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1421 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1422 dhp = s->cert->dh_tmp_cb(s, 0, 0); 1422 dhp = s->cert->dh_tmp_cb(s, 0, 0);
@@ -1463,7 +1463,7 @@ ssl3_send_server_key_exchange(SSL *s)
1463 r[1] = dh->g; 1463 r[1] = dh->g;
1464 r[2] = dh->pub_key; 1464 r[2] = dh->pub_key;
1465 } else 1465 } else
1466 if (type & SSL_kEECDH) { 1466 if (type & SSL_kECDHE) {
1467 const EC_GROUP *group; 1467 const EC_GROUP *group;
1468 1468
1469 ecdhp = cert->ecdh_tmp; 1469 ecdhp = cert->ecdh_tmp;
@@ -1614,7 +1614,7 @@ ssl3_send_server_key_exchange(SSL *s)
1614 p += nr[i]; 1614 p += nr[i];
1615 } 1615 }
1616 1616
1617 if (type & SSL_kEECDH) { 1617 if (type & SSL_kECDHE) {
1618 /* 1618 /*
1619 * XXX: For now, we only support named (not generic) 1619 * XXX: For now, we only support named (not generic)
1620 * curves. 1620 * curves.
@@ -1968,7 +1968,7 @@ ssl3_get_client_key_exchange(SSL *s)
1968 p, i); 1968 p, i);
1969 OPENSSL_cleanse(p, i); 1969 OPENSSL_cleanse(p, i);
1970 } else 1970 } else
1971 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1971 if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
1972 if (2 > n) 1972 if (2 > n)
1973 goto truncated; 1973 goto truncated;
1974 n2s(p, i); 1974 n2s(p, i);
@@ -2026,7 +2026,7 @@ ssl3_get_client_key_exchange(SSL *s)
2026 OPENSSL_cleanse(p, i); 2026 OPENSSL_cleanse(p, i);
2027 } else 2027 } else
2028 2028
2029 if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 2029 if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2030 int ret = 1; 2030 int ret = 1;
2031 int field_size = 0; 2031 int field_size = 0;
2032 const EC_KEY *tkey; 2032 const EC_KEY *tkey;
@@ -2072,7 +2072,7 @@ ssl3_get_client_key_exchange(SSL *s)
2072 if (n == 0L) { 2072 if (n == 0L) {
2073 /* Client Publickey was in Client Certificate */ 2073 /* Client Publickey was in Client Certificate */
2074 2074
2075 if (alg_k & SSL_kEECDH) { 2075 if (alg_k & SSL_kECDHE) {
2076 al = SSL_AD_HANDSHAKE_FAILURE; 2076 al = SSL_AD_HANDSHAKE_FAILURE;
2077 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2077 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2078 SSL_R_MISSING_TMP_ECDH_KEY); 2078 SSL_R_MISSING_TMP_ECDH_KEY);
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 004fd6e04f..552667f6c1 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -984,7 +984,7 @@ dtls1_send_client_key_exchange(SSL *s)
984 s->session->master_key, 984 s->session->master_key,
985 tmp_buf, sizeof tmp_buf); 985 tmp_buf, sizeof tmp_buf);
986 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 986 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
987 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 987 } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
988 DH *dh_srvr, *dh_clnt; 988 DH *dh_srvr, *dh_clnt;
989 989
990 if (s->session->sess_cert->peer_dh_tmp != NULL) 990 if (s->session->sess_cert->peer_dh_tmp != NULL)
@@ -1037,7 +1037,7 @@ dtls1_send_client_key_exchange(SSL *s)
1037 DH_free(dh_clnt); 1037 DH_free(dh_clnt);
1038 1038
1039 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1039 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1040 } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 1040 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
1041 const EC_GROUP *srvr_group = NULL; 1041 const EC_GROUP *srvr_group = NULL;
1042 EC_KEY *tkey; 1042 EC_KEY *tkey;
1043 int ecdh_clnt_cert = 0; 1043 int ecdh_clnt_cert = 0;
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index a94b7ed61b..ecf4a198b1 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -464,8 +464,8 @@ dtls1_accept(SSL *s)
464 /* only send if a DH key exchange or 464 /* only send if a DH key exchange or
465 * RSA but we have a sign only certificate */ 465 * RSA but we have a sign only certificate */
466 if (s->s3->tmp.use_rsa_tmp 466 if (s->s3->tmp.use_rsa_tmp
467 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 467 || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
468 || (alg_k & SSL_kEECDH) 468 || (alg_k & SSL_kECDHE)
469 || ((alg_k & SSL_kRSA) 469 || ((alg_k & SSL_kRSA)
470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 470 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
471 ) 471 )
@@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s)
1052 r[1] = rsa->e; 1052 r[1] = rsa->e;
1053 s->s3->tmp.use_rsa_tmp = 1; 1053 s->s3->tmp.use_rsa_tmp = 1;
1054 } else 1054 } else
1055 if (type & SSL_kEDH) { 1055 if (type & SSL_kDHE) {
1056 dhp = cert->dh_tmp; 1056 dhp = cert->dh_tmp;
1057 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1057 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1058 dhp = s->cert->dh_tmp_cb(s, 0, 0); 1058 dhp = s->cert->dh_tmp_cb(s, 0, 0);
@@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s)
1094 r[1] = dh->g; 1094 r[1] = dh->g;
1095 r[2] = dh->pub_key; 1095 r[2] = dh->pub_key;
1096 } else 1096 } else
1097 if (type & SSL_kEECDH) { 1097 if (type & SSL_kECDHE) {
1098 const EC_GROUP *group; 1098 const EC_GROUP *group;
1099 1099
1100 ecdhp = cert->ecdh_tmp; 1100 ecdhp = cert->ecdh_tmp;
@@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s)
1232 p += nr[i]; 1232 p += nr[i];
1233 } 1233 }
1234 1234
1235 if (type & SSL_kEECDH) { 1235 if (type & SSL_kECDHE) {
1236 /* XXX: For now, we only support named (not generic) curves. 1236 /* XXX: For now, we only support named (not generic) curves.
1237 * In this situation, the serverKeyExchange message has: 1237 * In this situation, the serverKeyExchange message has:
1238 * [1 byte CurveType], [2 byte CurveName] 1238 * [1 byte CurveType], [2 byte CurveName]
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 252100f587..b55b2e62c6 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s)
1253 } 1253 }
1254 s->session->sess_cert->peer_rsa_tmp = rsa; 1254 s->session->sess_cert->peer_rsa_tmp = rsa;
1255 rsa = NULL; 1255 rsa = NULL;
1256 } else if (alg_k & SSL_kEDH) { 1256 } else if (alg_k & SSL_kDHE) {
1257 if ((dh = DH_new()) == NULL) { 1257 if ((dh = DH_new()) == NULL) {
1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1259 ERR_R_DH_LIB); 1259 ERR_R_DH_LIB);
@@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s)
1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1329 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1329 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1330 goto f_err; 1330 goto f_err;
1331 } else if (alg_k & SSL_kEECDH) { 1331 } else if (alg_k & SSL_kECDHE) {
1332 EC_GROUP *ngroup; 1332 EC_GROUP *ngroup;
1333 const EC_GROUP *group; 1333 const EC_GROUP *group;
1334 1334
@@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s)
1987 s->method->ssl3_enc->generate_master_secret( 1987 s->method->ssl3_enc->generate_master_secret(
1988 s, s->session->master_key, tmp_buf, sizeof tmp_buf); 1988 s, s->session->master_key, tmp_buf, sizeof tmp_buf);
1989 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 1989 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1990 } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1990 } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
1991 DH *dh_srvr, *dh_clnt; 1991 DH *dh_srvr, *dh_clnt;
1992 1992
1993 if (s->session->sess_cert == NULL) { 1993 if (s->session->sess_cert == NULL) {
@@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s)
2051 DH_free(dh_clnt); 2051 DH_free(dh_clnt);
2052 2052
2053 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2053 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2054 } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 2054 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2055 const EC_GROUP *srvr_group = NULL; 2055 const EC_GROUP *srvr_group = NULL;
2056 EC_KEY *tkey; 2056 EC_KEY *tkey;
2057 int ecdh_clnt_cert = 0; 2057 int ecdh_clnt_cert = 0;
@@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2640 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2640 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2641 goto f_err; 2641 goto f_err;
2642 } 2642 }
2643 if ((alg_k & SSL_kEDH) && 2643 if ((alg_k & SSL_kDHE) &&
2644 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2644 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2645 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2645 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2646 SSL_R_MISSING_DH_KEY); 2646 SSL_R_MISSING_DH_KEY);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index f94e207fc4..decdda90a3 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -433,7 +433,7 @@ SSL_CIPHER ssl3_ciphers[] = {
433 .valid = 0, /* Weakened 40-bit export cipher. */ 433 .valid = 0, /* Weakened 40-bit export cipher. */
434 .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 434 .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
435 .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 435 .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
436 .algorithm_mkey = SSL_kEDH, 436 .algorithm_mkey = SSL_kDHE,
437 .algorithm_auth = SSL_aDSS, 437 .algorithm_auth = SSL_aDSS,
438 .algorithm_enc = SSL_DES, 438 .algorithm_enc = SSL_DES,
439 .algorithm_mac = SSL_SHA1, 439 .algorithm_mac = SSL_SHA1,
@@ -449,7 +449,7 @@ SSL_CIPHER ssl3_ciphers[] = {
449 .valid = 1, 449 .valid = 1,
450 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 450 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
451 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 451 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
452 .algorithm_mkey = SSL_kEDH, 452 .algorithm_mkey = SSL_kDHE,
453 .algorithm_auth = SSL_aDSS, 453 .algorithm_auth = SSL_aDSS,
454 .algorithm_enc = SSL_DES, 454 .algorithm_enc = SSL_DES,
455 .algorithm_mac = SSL_SHA1, 455 .algorithm_mac = SSL_SHA1,
@@ -465,7 +465,7 @@ SSL_CIPHER ssl3_ciphers[] = {
465 .valid = 1, 465 .valid = 1,
466 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 466 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
467 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 467 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
468 .algorithm_mkey = SSL_kEDH, 468 .algorithm_mkey = SSL_kDHE,
469 .algorithm_auth = SSL_aDSS, 469 .algorithm_auth = SSL_aDSS,
470 .algorithm_enc = SSL_3DES, 470 .algorithm_enc = SSL_3DES,
471 .algorithm_mac = SSL_SHA1, 471 .algorithm_mac = SSL_SHA1,
@@ -481,7 +481,7 @@ SSL_CIPHER ssl3_ciphers[] = {
481 .valid = 0, /* Weakened 40-bit export cipher. */ 481 .valid = 0, /* Weakened 40-bit export cipher. */
482 .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 482 .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
483 .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 483 .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
484 .algorithm_mkey = SSL_kEDH, 484 .algorithm_mkey = SSL_kDHE,
485 .algorithm_auth = SSL_aRSA, 485 .algorithm_auth = SSL_aRSA,
486 .algorithm_enc = SSL_DES, 486 .algorithm_enc = SSL_DES,
487 .algorithm_mac = SSL_SHA1, 487 .algorithm_mac = SSL_SHA1,
@@ -497,7 +497,7 @@ SSL_CIPHER ssl3_ciphers[] = {
497 .valid = 1, 497 .valid = 1,
498 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 498 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
499 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 499 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
500 .algorithm_mkey = SSL_kEDH, 500 .algorithm_mkey = SSL_kDHE,
501 .algorithm_auth = SSL_aRSA, 501 .algorithm_auth = SSL_aRSA,
502 .algorithm_enc = SSL_DES, 502 .algorithm_enc = SSL_DES,
503 .algorithm_mac = SSL_SHA1, 503 .algorithm_mac = SSL_SHA1,
@@ -513,7 +513,7 @@ SSL_CIPHER ssl3_ciphers[] = {
513 .valid = 1, 513 .valid = 1,
514 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 514 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
515 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 515 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
516 .algorithm_mkey = SSL_kEDH, 516 .algorithm_mkey = SSL_kDHE,
517 .algorithm_auth = SSL_aRSA, 517 .algorithm_auth = SSL_aRSA,
518 .algorithm_enc = SSL_3DES, 518 .algorithm_enc = SSL_3DES,
519 .algorithm_mac = SSL_SHA1, 519 .algorithm_mac = SSL_SHA1,
@@ -529,7 +529,7 @@ SSL_CIPHER ssl3_ciphers[] = {
529 .valid = 0, /* Weakened 40-bit export cipher. */ 529 .valid = 0, /* Weakened 40-bit export cipher. */
530 .name = SSL3_TXT_ADH_RC4_40_MD5, 530 .name = SSL3_TXT_ADH_RC4_40_MD5,
531 .id = SSL3_CK_ADH_RC4_40_MD5, 531 .id = SSL3_CK_ADH_RC4_40_MD5,
532 .algorithm_mkey = SSL_kEDH, 532 .algorithm_mkey = SSL_kDHE,
533 .algorithm_auth = SSL_aNULL, 533 .algorithm_auth = SSL_aNULL,
534 .algorithm_enc = SSL_RC4, 534 .algorithm_enc = SSL_RC4,
535 .algorithm_mac = SSL_MD5, 535 .algorithm_mac = SSL_MD5,
@@ -545,7 +545,7 @@ SSL_CIPHER ssl3_ciphers[] = {
545 .valid = 1, 545 .valid = 1,
546 .name = SSL3_TXT_ADH_RC4_128_MD5, 546 .name = SSL3_TXT_ADH_RC4_128_MD5,
547 .id = SSL3_CK_ADH_RC4_128_MD5, 547 .id = SSL3_CK_ADH_RC4_128_MD5,
548 .algorithm_mkey = SSL_kEDH, 548 .algorithm_mkey = SSL_kDHE,
549 .algorithm_auth = SSL_aNULL, 549 .algorithm_auth = SSL_aNULL,
550 .algorithm_enc = SSL_RC4, 550 .algorithm_enc = SSL_RC4,
551 .algorithm_mac = SSL_MD5, 551 .algorithm_mac = SSL_MD5,
@@ -561,7 +561,7 @@ SSL_CIPHER ssl3_ciphers[] = {
561 .valid = 0, /* Weakened 40-bit export cipher. */ 561 .valid = 0, /* Weakened 40-bit export cipher. */
562 .name = SSL3_TXT_ADH_DES_40_CBC_SHA, 562 .name = SSL3_TXT_ADH_DES_40_CBC_SHA,
563 .id = SSL3_CK_ADH_DES_40_CBC_SHA, 563 .id = SSL3_CK_ADH_DES_40_CBC_SHA,
564 .algorithm_mkey = SSL_kEDH, 564 .algorithm_mkey = SSL_kDHE,
565 .algorithm_auth = SSL_aNULL, 565 .algorithm_auth = SSL_aNULL,
566 .algorithm_enc = SSL_DES, 566 .algorithm_enc = SSL_DES,
567 .algorithm_mac = SSL_SHA1, 567 .algorithm_mac = SSL_SHA1,
@@ -577,7 +577,7 @@ SSL_CIPHER ssl3_ciphers[] = {
577 .valid = 1, 577 .valid = 1,
578 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 578 .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
579 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 579 .id = SSL3_CK_ADH_DES_64_CBC_SHA,
580 .algorithm_mkey = SSL_kEDH, 580 .algorithm_mkey = SSL_kDHE,
581 .algorithm_auth = SSL_aNULL, 581 .algorithm_auth = SSL_aNULL,
582 .algorithm_enc = SSL_DES, 582 .algorithm_enc = SSL_DES,
583 .algorithm_mac = SSL_SHA1, 583 .algorithm_mac = SSL_SHA1,
@@ -593,7 +593,7 @@ SSL_CIPHER ssl3_ciphers[] = {
593 .valid = 1, 593 .valid = 1,
594 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 594 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
595 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 595 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
596 .algorithm_mkey = SSL_kEDH, 596 .algorithm_mkey = SSL_kDHE,
597 .algorithm_auth = SSL_aNULL, 597 .algorithm_auth = SSL_aNULL,
598 .algorithm_enc = SSL_3DES, 598 .algorithm_enc = SSL_3DES,
599 .algorithm_mac = SSL_SHA1, 599 .algorithm_mac = SSL_SHA1,
@@ -655,7 +655,7 @@ SSL_CIPHER ssl3_ciphers[] = {
655 .valid = 1, 655 .valid = 1,
656 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 656 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
657 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 657 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
658 .algorithm_mkey = SSL_kEDH, 658 .algorithm_mkey = SSL_kDHE,
659 .algorithm_auth = SSL_aDSS, 659 .algorithm_auth = SSL_aDSS,
660 .algorithm_enc = SSL_AES128, 660 .algorithm_enc = SSL_AES128,
661 .algorithm_mac = SSL_SHA1, 661 .algorithm_mac = SSL_SHA1,
@@ -670,7 +670,7 @@ SSL_CIPHER ssl3_ciphers[] = {
670 .valid = 1, 670 .valid = 1,
671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
673 .algorithm_mkey = SSL_kEDH, 673 .algorithm_mkey = SSL_kDHE,
674 .algorithm_auth = SSL_aRSA, 674 .algorithm_auth = SSL_aRSA,
675 .algorithm_enc = SSL_AES128, 675 .algorithm_enc = SSL_AES128,
676 .algorithm_mac = SSL_SHA1, 676 .algorithm_mac = SSL_SHA1,
@@ -685,7 +685,7 @@ SSL_CIPHER ssl3_ciphers[] = {
685 .valid = 1, 685 .valid = 1,
686 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 686 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
687 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 687 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
688 .algorithm_mkey = SSL_kEDH, 688 .algorithm_mkey = SSL_kDHE,
689 .algorithm_auth = SSL_aNULL, 689 .algorithm_auth = SSL_aNULL,
690 .algorithm_enc = SSL_AES128, 690 .algorithm_enc = SSL_AES128,
691 .algorithm_mac = SSL_SHA1, 691 .algorithm_mac = SSL_SHA1,
@@ -748,7 +748,7 @@ SSL_CIPHER ssl3_ciphers[] = {
748 .valid = 1, 748 .valid = 1,
749 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 749 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
750 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 750 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
751 .algorithm_mkey = SSL_kEDH, 751 .algorithm_mkey = SSL_kDHE,
752 .algorithm_auth = SSL_aDSS, 752 .algorithm_auth = SSL_aDSS,
753 .algorithm_enc = SSL_AES256, 753 .algorithm_enc = SSL_AES256,
754 .algorithm_mac = SSL_SHA1, 754 .algorithm_mac = SSL_SHA1,
@@ -764,7 +764,7 @@ SSL_CIPHER ssl3_ciphers[] = {
764 .valid = 1, 764 .valid = 1,
765 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 765 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
766 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 766 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
767 .algorithm_mkey = SSL_kEDH, 767 .algorithm_mkey = SSL_kDHE,
768 .algorithm_auth = SSL_aRSA, 768 .algorithm_auth = SSL_aRSA,
769 .algorithm_enc = SSL_AES256, 769 .algorithm_enc = SSL_AES256,
770 .algorithm_mac = SSL_SHA1, 770 .algorithm_mac = SSL_SHA1,
@@ -780,7 +780,7 @@ SSL_CIPHER ssl3_ciphers[] = {
780 .valid = 1, 780 .valid = 1,
781 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 781 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
782 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 782 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
783 .algorithm_mkey = SSL_kEDH, 783 .algorithm_mkey = SSL_kDHE,
784 .algorithm_auth = SSL_aNULL, 784 .algorithm_auth = SSL_aNULL,
785 .algorithm_enc = SSL_AES256, 785 .algorithm_enc = SSL_AES256,
786 .algorithm_mac = SSL_SHA1, 786 .algorithm_mac = SSL_SHA1,
@@ -877,7 +877,7 @@ SSL_CIPHER ssl3_ciphers[] = {
877 .valid = 1, 877 .valid = 1,
878 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 878 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
879 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 879 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
880 .algorithm_mkey = SSL_kEDH, 880 .algorithm_mkey = SSL_kDHE,
881 .algorithm_auth = SSL_aDSS, 881 .algorithm_auth = SSL_aDSS,
882 .algorithm_enc = SSL_AES128, 882 .algorithm_enc = SSL_AES128,
883 .algorithm_mac = SSL_SHA256, 883 .algorithm_mac = SSL_SHA256,
@@ -944,7 +944,7 @@ SSL_CIPHER ssl3_ciphers[] = {
944 .valid = 1, 944 .valid = 1,
945 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 945 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
946 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 946 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
947 .algorithm_mkey = SSL_kEDH, 947 .algorithm_mkey = SSL_kDHE,
948 .algorithm_auth = SSL_aDSS, 948 .algorithm_auth = SSL_aDSS,
949 .algorithm_enc = SSL_CAMELLIA128, 949 .algorithm_enc = SSL_CAMELLIA128,
950 .algorithm_mac = SSL_SHA1, 950 .algorithm_mac = SSL_SHA1,
@@ -960,7 +960,7 @@ SSL_CIPHER ssl3_ciphers[] = {
960 .valid = 1, 960 .valid = 1,
961 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 961 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 962 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
963 .algorithm_mkey = SSL_kEDH, 963 .algorithm_mkey = SSL_kDHE,
964 .algorithm_auth = SSL_aRSA, 964 .algorithm_auth = SSL_aRSA,
965 .algorithm_enc = SSL_CAMELLIA128, 965 .algorithm_enc = SSL_CAMELLIA128,
966 .algorithm_mac = SSL_SHA1, 966 .algorithm_mac = SSL_SHA1,
@@ -976,7 +976,7 @@ SSL_CIPHER ssl3_ciphers[] = {
976 .valid = 1, 976 .valid = 1,
977 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 977 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
978 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 978 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
979 .algorithm_mkey = SSL_kEDH, 979 .algorithm_mkey = SSL_kDHE,
980 .algorithm_auth = SSL_aNULL, 980 .algorithm_auth = SSL_aNULL,
981 .algorithm_enc = SSL_CAMELLIA128, 981 .algorithm_enc = SSL_CAMELLIA128,
982 .algorithm_mac = SSL_SHA1, 982 .algorithm_mac = SSL_SHA1,
@@ -994,7 +994,7 @@ SSL_CIPHER ssl3_ciphers[] = {
994 .valid = 1, 994 .valid = 1,
995 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 995 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
996 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 996 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
997 .algorithm_mkey = SSL_kEDH, 997 .algorithm_mkey = SSL_kDHE,
998 .algorithm_auth = SSL_aRSA, 998 .algorithm_auth = SSL_aRSA,
999 .algorithm_enc = SSL_AES128, 999 .algorithm_enc = SSL_AES128,
1000 .algorithm_mac = SSL_SHA256, 1000 .algorithm_mac = SSL_SHA256,
@@ -1042,7 +1042,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1042 .valid = 1, 1042 .valid = 1,
1043 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1043 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1044 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1044 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1045 .algorithm_mkey = SSL_kEDH, 1045 .algorithm_mkey = SSL_kDHE,
1046 .algorithm_auth = SSL_aDSS, 1046 .algorithm_auth = SSL_aDSS,
1047 .algorithm_enc = SSL_AES256, 1047 .algorithm_enc = SSL_AES256,
1048 .algorithm_mac = SSL_SHA256, 1048 .algorithm_mac = SSL_SHA256,
@@ -1058,7 +1058,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1058 .valid = 1, 1058 .valid = 1,
1059 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1059 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1060 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1060 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1061 .algorithm_mkey = SSL_kEDH, 1061 .algorithm_mkey = SSL_kDHE,
1062 .algorithm_auth = SSL_aRSA, 1062 .algorithm_auth = SSL_aRSA,
1063 .algorithm_enc = SSL_AES256, 1063 .algorithm_enc = SSL_AES256,
1064 .algorithm_mac = SSL_SHA256, 1064 .algorithm_mac = SSL_SHA256,
@@ -1074,7 +1074,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1074 .valid = 1, 1074 .valid = 1,
1075 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 1075 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
1076 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 1076 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
1077 .algorithm_mkey = SSL_kEDH, 1077 .algorithm_mkey = SSL_kDHE,
1078 .algorithm_auth = SSL_aNULL, 1078 .algorithm_auth = SSL_aNULL,
1079 .algorithm_enc = SSL_AES128, 1079 .algorithm_enc = SSL_AES128,
1080 .algorithm_mac = SSL_SHA256, 1080 .algorithm_mac = SSL_SHA256,
@@ -1090,7 +1090,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1090 .valid = 1, 1090 .valid = 1,
1091 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 1091 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
1092 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 1092 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
1093 .algorithm_mkey = SSL_kEDH, 1093 .algorithm_mkey = SSL_kDHE,
1094 .algorithm_auth = SSL_aNULL, 1094 .algorithm_auth = SSL_aNULL,
1095 .algorithm_enc = SSL_AES256, 1095 .algorithm_enc = SSL_AES256,
1096 .algorithm_mac = SSL_SHA256, 1096 .algorithm_mac = SSL_SHA256,
@@ -1218,7 +1218,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1218 .valid = 1, 1218 .valid = 1,
1219 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1219 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1220 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1220 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1221 .algorithm_mkey = SSL_kEDH, 1221 .algorithm_mkey = SSL_kDHE,
1222 .algorithm_auth = SSL_aDSS, 1222 .algorithm_auth = SSL_aDSS,
1223 .algorithm_enc = SSL_CAMELLIA256, 1223 .algorithm_enc = SSL_CAMELLIA256,
1224 .algorithm_mac = SSL_SHA1, 1224 .algorithm_mac = SSL_SHA1,
@@ -1234,7 +1234,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1234 .valid = 1, 1234 .valid = 1,
1235 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1235 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1236 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1236 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1237 .algorithm_mkey = SSL_kEDH, 1237 .algorithm_mkey = SSL_kDHE,
1238 .algorithm_auth = SSL_aRSA, 1238 .algorithm_auth = SSL_aRSA,
1239 .algorithm_enc = SSL_CAMELLIA256, 1239 .algorithm_enc = SSL_CAMELLIA256,
1240 .algorithm_mac = SSL_SHA1, 1240 .algorithm_mac = SSL_SHA1,
@@ -1250,7 +1250,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1250 .valid = 1, 1250 .valid = 1,
1251 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1251 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1252 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1252 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1253 .algorithm_mkey = SSL_kEDH, 1253 .algorithm_mkey = SSL_kDHE,
1254 .algorithm_auth = SSL_aNULL, 1254 .algorithm_auth = SSL_aNULL,
1255 .algorithm_enc = SSL_CAMELLIA256, 1255 .algorithm_enc = SSL_CAMELLIA256,
1256 .algorithm_mac = SSL_SHA1, 1256 .algorithm_mac = SSL_SHA1,
@@ -1306,7 +1306,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1306 .valid = 1, 1306 .valid = 1,
1307 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1307 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1308 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1308 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1309 .algorithm_mkey = SSL_kEDH, 1309 .algorithm_mkey = SSL_kDHE,
1310 .algorithm_auth = SSL_aRSA, 1310 .algorithm_auth = SSL_aRSA,
1311 .algorithm_enc = SSL_AES128GCM, 1311 .algorithm_enc = SSL_AES128GCM,
1312 .algorithm_mac = SSL_AEAD, 1312 .algorithm_mac = SSL_AEAD,
@@ -1324,7 +1324,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1324 .valid = 1, 1324 .valid = 1,
1325 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1325 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1326 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1326 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1327 .algorithm_mkey = SSL_kEDH, 1327 .algorithm_mkey = SSL_kDHE,
1328 .algorithm_auth = SSL_aRSA, 1328 .algorithm_auth = SSL_aRSA,
1329 .algorithm_enc = SSL_AES256GCM, 1329 .algorithm_enc = SSL_AES256GCM,
1330 .algorithm_mac = SSL_AEAD, 1330 .algorithm_mac = SSL_AEAD,
@@ -1378,7 +1378,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1378 .valid = 1, 1378 .valid = 1,
1379 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1379 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1380 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1380 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1381 .algorithm_mkey = SSL_kEDH, 1381 .algorithm_mkey = SSL_kDHE,
1382 .algorithm_auth = SSL_aDSS, 1382 .algorithm_auth = SSL_aDSS,
1383 .algorithm_enc = SSL_AES128GCM, 1383 .algorithm_enc = SSL_AES128GCM,
1384 .algorithm_mac = SSL_AEAD, 1384 .algorithm_mac = SSL_AEAD,
@@ -1396,7 +1396,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1396 .valid = 1, 1396 .valid = 1,
1397 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1397 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1398 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1398 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1399 .algorithm_mkey = SSL_kEDH, 1399 .algorithm_mkey = SSL_kDHE,
1400 .algorithm_auth = SSL_aDSS, 1400 .algorithm_auth = SSL_aDSS,
1401 .algorithm_enc = SSL_AES256GCM, 1401 .algorithm_enc = SSL_AES256GCM,
1402 .algorithm_mac = SSL_AEAD, 1402 .algorithm_mac = SSL_AEAD,
@@ -1450,7 +1450,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1450 .valid = 1, 1450 .valid = 1,
1451 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1451 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1452 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1452 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1453 .algorithm_mkey = SSL_kEDH, 1453 .algorithm_mkey = SSL_kDHE,
1454 .algorithm_auth = SSL_aNULL, 1454 .algorithm_auth = SSL_aNULL,
1455 .algorithm_enc = SSL_AES128GCM, 1455 .algorithm_enc = SSL_AES128GCM,
1456 .algorithm_mac = SSL_AEAD, 1456 .algorithm_mac = SSL_AEAD,
@@ -1468,7 +1468,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1468 .valid = 1, 1468 .valid = 1,
1469 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 1469 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1470 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 1470 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
1471 .algorithm_mkey = SSL_kEDH, 1471 .algorithm_mkey = SSL_kDHE,
1472 .algorithm_auth = SSL_aNULL, 1472 .algorithm_auth = SSL_aNULL,
1473 .algorithm_enc = SSL_AES256GCM, 1473 .algorithm_enc = SSL_AES256GCM,
1474 .algorithm_mac = SSL_AEAD, 1474 .algorithm_mac = SSL_AEAD,
@@ -1566,7 +1566,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1566 .valid = 1, 1566 .valid = 1,
1567 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1567 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1568 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1568 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1569 .algorithm_mkey = SSL_kEECDH, 1569 .algorithm_mkey = SSL_kECDHE,
1570 .algorithm_auth = SSL_aECDSA, 1570 .algorithm_auth = SSL_aECDSA,
1571 .algorithm_enc = SSL_eNULL, 1571 .algorithm_enc = SSL_eNULL,
1572 .algorithm_mac = SSL_SHA1, 1572 .algorithm_mac = SSL_SHA1,
@@ -1582,7 +1582,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1582 .valid = 1, 1582 .valid = 1,
1583 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1583 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1584 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1584 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1585 .algorithm_mkey = SSL_kEECDH, 1585 .algorithm_mkey = SSL_kECDHE,
1586 .algorithm_auth = SSL_aECDSA, 1586 .algorithm_auth = SSL_aECDSA,
1587 .algorithm_enc = SSL_RC4, 1587 .algorithm_enc = SSL_RC4,
1588 .algorithm_mac = SSL_SHA1, 1588 .algorithm_mac = SSL_SHA1,
@@ -1598,7 +1598,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1598 .valid = 1, 1598 .valid = 1,
1599 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1599 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1600 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1600 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1601 .algorithm_mkey = SSL_kEECDH, 1601 .algorithm_mkey = SSL_kECDHE,
1602 .algorithm_auth = SSL_aECDSA, 1602 .algorithm_auth = SSL_aECDSA,
1603 .algorithm_enc = SSL_3DES, 1603 .algorithm_enc = SSL_3DES,
1604 .algorithm_mac = SSL_SHA1, 1604 .algorithm_mac = SSL_SHA1,
@@ -1614,7 +1614,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1614 .valid = 1, 1614 .valid = 1,
1615 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1615 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1616 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1616 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1617 .algorithm_mkey = SSL_kEECDH, 1617 .algorithm_mkey = SSL_kECDHE,
1618 .algorithm_auth = SSL_aECDSA, 1618 .algorithm_auth = SSL_aECDSA,
1619 .algorithm_enc = SSL_AES128, 1619 .algorithm_enc = SSL_AES128,
1620 .algorithm_mac = SSL_SHA1, 1620 .algorithm_mac = SSL_SHA1,
@@ -1630,7 +1630,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1630 .valid = 1, 1630 .valid = 1,
1631 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1631 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1632 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1632 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1633 .algorithm_mkey = SSL_kEECDH, 1633 .algorithm_mkey = SSL_kECDHE,
1634 .algorithm_auth = SSL_aECDSA, 1634 .algorithm_auth = SSL_aECDSA,
1635 .algorithm_enc = SSL_AES256, 1635 .algorithm_enc = SSL_AES256,
1636 .algorithm_mac = SSL_SHA1, 1636 .algorithm_mac = SSL_SHA1,
@@ -1726,7 +1726,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1726 .valid = 1, 1726 .valid = 1,
1727 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1727 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1728 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1728 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1729 .algorithm_mkey = SSL_kEECDH, 1729 .algorithm_mkey = SSL_kECDHE,
1730 .algorithm_auth = SSL_aRSA, 1730 .algorithm_auth = SSL_aRSA,
1731 .algorithm_enc = SSL_eNULL, 1731 .algorithm_enc = SSL_eNULL,
1732 .algorithm_mac = SSL_SHA1, 1732 .algorithm_mac = SSL_SHA1,
@@ -1742,7 +1742,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1742 .valid = 1, 1742 .valid = 1,
1743 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1743 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1744 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1744 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1745 .algorithm_mkey = SSL_kEECDH, 1745 .algorithm_mkey = SSL_kECDHE,
1746 .algorithm_auth = SSL_aRSA, 1746 .algorithm_auth = SSL_aRSA,
1747 .algorithm_enc = SSL_RC4, 1747 .algorithm_enc = SSL_RC4,
1748 .algorithm_mac = SSL_SHA1, 1748 .algorithm_mac = SSL_SHA1,
@@ -1758,7 +1758,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1758 .valid = 1, 1758 .valid = 1,
1759 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1759 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1760 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1760 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1761 .algorithm_mkey = SSL_kEECDH, 1761 .algorithm_mkey = SSL_kECDHE,
1762 .algorithm_auth = SSL_aRSA, 1762 .algorithm_auth = SSL_aRSA,
1763 .algorithm_enc = SSL_3DES, 1763 .algorithm_enc = SSL_3DES,
1764 .algorithm_mac = SSL_SHA1, 1764 .algorithm_mac = SSL_SHA1,
@@ -1774,7 +1774,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1774 .valid = 1, 1774 .valid = 1,
1775 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1775 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1776 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1776 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1777 .algorithm_mkey = SSL_kEECDH, 1777 .algorithm_mkey = SSL_kECDHE,
1778 .algorithm_auth = SSL_aRSA, 1778 .algorithm_auth = SSL_aRSA,
1779 .algorithm_enc = SSL_AES128, 1779 .algorithm_enc = SSL_AES128,
1780 .algorithm_mac = SSL_SHA1, 1780 .algorithm_mac = SSL_SHA1,
@@ -1790,7 +1790,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1790 .valid = 1, 1790 .valid = 1,
1791 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1791 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1792 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1792 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1793 .algorithm_mkey = SSL_kEECDH, 1793 .algorithm_mkey = SSL_kECDHE,
1794 .algorithm_auth = SSL_aRSA, 1794 .algorithm_auth = SSL_aRSA,
1795 .algorithm_enc = SSL_AES256, 1795 .algorithm_enc = SSL_AES256,
1796 .algorithm_mac = SSL_SHA1, 1796 .algorithm_mac = SSL_SHA1,
@@ -1806,7 +1806,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1806 .valid = 1, 1806 .valid = 1,
1807 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1807 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1808 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1808 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1809 .algorithm_mkey = SSL_kEECDH, 1809 .algorithm_mkey = SSL_kECDHE,
1810 .algorithm_auth = SSL_aNULL, 1810 .algorithm_auth = SSL_aNULL,
1811 .algorithm_enc = SSL_eNULL, 1811 .algorithm_enc = SSL_eNULL,
1812 .algorithm_mac = SSL_SHA1, 1812 .algorithm_mac = SSL_SHA1,
@@ -1822,7 +1822,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1822 .valid = 1, 1822 .valid = 1,
1823 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1823 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1824 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1824 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1825 .algorithm_mkey = SSL_kEECDH, 1825 .algorithm_mkey = SSL_kECDHE,
1826 .algorithm_auth = SSL_aNULL, 1826 .algorithm_auth = SSL_aNULL,
1827 .algorithm_enc = SSL_RC4, 1827 .algorithm_enc = SSL_RC4,
1828 .algorithm_mac = SSL_SHA1, 1828 .algorithm_mac = SSL_SHA1,
@@ -1838,7 +1838,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1838 .valid = 1, 1838 .valid = 1,
1839 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1839 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1840 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1840 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1841 .algorithm_mkey = SSL_kEECDH, 1841 .algorithm_mkey = SSL_kECDHE,
1842 .algorithm_auth = SSL_aNULL, 1842 .algorithm_auth = SSL_aNULL,
1843 .algorithm_enc = SSL_3DES, 1843 .algorithm_enc = SSL_3DES,
1844 .algorithm_mac = SSL_SHA1, 1844 .algorithm_mac = SSL_SHA1,
@@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1854 .valid = 1, 1854 .valid = 1,
1855 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1855 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1856 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1856 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1857 .algorithm_mkey = SSL_kEECDH, 1857 .algorithm_mkey = SSL_kECDHE,
1858 .algorithm_auth = SSL_aNULL, 1858 .algorithm_auth = SSL_aNULL,
1859 .algorithm_enc = SSL_AES128, 1859 .algorithm_enc = SSL_AES128,
1860 .algorithm_mac = SSL_SHA1, 1860 .algorithm_mac = SSL_SHA1,
@@ -1870,7 +1870,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1870 .valid = 1, 1870 .valid = 1,
1871 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1871 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1872 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1872 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1873 .algorithm_mkey = SSL_kEECDH, 1873 .algorithm_mkey = SSL_kECDHE,
1874 .algorithm_auth = SSL_aNULL, 1874 .algorithm_auth = SSL_aNULL,
1875 .algorithm_enc = SSL_AES256, 1875 .algorithm_enc = SSL_AES256,
1876 .algorithm_mac = SSL_SHA1, 1876 .algorithm_mac = SSL_SHA1,
@@ -1889,7 +1889,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1889 .valid = 1, 1889 .valid = 1,
1890 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1890 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1891 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1891 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1892 .algorithm_mkey = SSL_kEECDH, 1892 .algorithm_mkey = SSL_kECDHE,
1893 .algorithm_auth = SSL_aECDSA, 1893 .algorithm_auth = SSL_aECDSA,
1894 .algorithm_enc = SSL_AES128, 1894 .algorithm_enc = SSL_AES128,
1895 .algorithm_mac = SSL_SHA256, 1895 .algorithm_mac = SSL_SHA256,
@@ -1905,7 +1905,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1905 .valid = 1, 1905 .valid = 1,
1906 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1906 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1907 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1907 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1908 .algorithm_mkey = SSL_kEECDH, 1908 .algorithm_mkey = SSL_kECDHE,
1909 .algorithm_auth = SSL_aECDSA, 1909 .algorithm_auth = SSL_aECDSA,
1910 .algorithm_enc = SSL_AES256, 1910 .algorithm_enc = SSL_AES256,
1911 .algorithm_mac = SSL_SHA384, 1911 .algorithm_mac = SSL_SHA384,
@@ -1953,7 +1953,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1953 .valid = 1, 1953 .valid = 1,
1954 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1954 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1955 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1955 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1956 .algorithm_mkey = SSL_kEECDH, 1956 .algorithm_mkey = SSL_kECDHE,
1957 .algorithm_auth = SSL_aRSA, 1957 .algorithm_auth = SSL_aRSA,
1958 .algorithm_enc = SSL_AES128, 1958 .algorithm_enc = SSL_AES128,
1959 .algorithm_mac = SSL_SHA256, 1959 .algorithm_mac = SSL_SHA256,
@@ -1969,7 +1969,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1969 .valid = 1, 1969 .valid = 1,
1970 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1970 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1971 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1971 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1972 .algorithm_mkey = SSL_kEECDH, 1972 .algorithm_mkey = SSL_kECDHE,
1973 .algorithm_auth = SSL_aRSA, 1973 .algorithm_auth = SSL_aRSA,
1974 .algorithm_enc = SSL_AES256, 1974 .algorithm_enc = SSL_AES256,
1975 .algorithm_mac = SSL_SHA384, 1975 .algorithm_mac = SSL_SHA384,
@@ -2019,7 +2019,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2019 .valid = 1, 2019 .valid = 1,
2020 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2020 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2021 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2021 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2022 .algorithm_mkey = SSL_kEECDH, 2022 .algorithm_mkey = SSL_kECDHE,
2023 .algorithm_auth = SSL_aECDSA, 2023 .algorithm_auth = SSL_aECDSA,
2024 .algorithm_enc = SSL_AES128GCM, 2024 .algorithm_enc = SSL_AES128GCM,
2025 .algorithm_mac = SSL_AEAD, 2025 .algorithm_mac = SSL_AEAD,
@@ -2037,7 +2037,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2037 .valid = 1, 2037 .valid = 1,
2038 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2038 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2039 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2039 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2040 .algorithm_mkey = SSL_kEECDH, 2040 .algorithm_mkey = SSL_kECDHE,
2041 .algorithm_auth = SSL_aECDSA, 2041 .algorithm_auth = SSL_aECDSA,
2042 .algorithm_enc = SSL_AES256GCM, 2042 .algorithm_enc = SSL_AES256GCM,
2043 .algorithm_mac = SSL_AEAD, 2043 .algorithm_mac = SSL_AEAD,
@@ -2091,7 +2091,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2091 .valid = 1, 2091 .valid = 1,
2092 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2092 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2093 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2093 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2094 .algorithm_mkey = SSL_kEECDH, 2094 .algorithm_mkey = SSL_kECDHE,
2095 .algorithm_auth = SSL_aRSA, 2095 .algorithm_auth = SSL_aRSA,
2096 .algorithm_enc = SSL_AES128GCM, 2096 .algorithm_enc = SSL_AES128GCM,
2097 .algorithm_mac = SSL_AEAD, 2097 .algorithm_mac = SSL_AEAD,
@@ -2109,7 +2109,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2109 .valid = 1, 2109 .valid = 1,
2110 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2110 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2111 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2111 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2112 .algorithm_mkey = SSL_kEECDH, 2112 .algorithm_mkey = SSL_kECDHE,
2113 .algorithm_auth = SSL_aRSA, 2113 .algorithm_auth = SSL_aRSA,
2114 .algorithm_enc = SSL_AES256GCM, 2114 .algorithm_enc = SSL_AES256GCM,
2115 .algorithm_mac = SSL_AEAD, 2115 .algorithm_mac = SSL_AEAD,
@@ -2224,7 +2224,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2224 .valid = 1, 2224 .valid = 1,
2225 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 2225 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2226 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 2226 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
2227 .algorithm_mkey = SSL_kEECDH, 2227 .algorithm_mkey = SSL_kECDHE,
2228 .algorithm_auth = SSL_aRSA, 2228 .algorithm_auth = SSL_aRSA,
2229 .algorithm_enc = SSL_CHACHA20POLY1305, 2229 .algorithm_enc = SSL_CHACHA20POLY1305,
2230 .algorithm_mac = SSL_AEAD, 2230 .algorithm_mac = SSL_AEAD,
@@ -2240,7 +2240,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2240 .valid = 1, 2240 .valid = 1,
2241 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 2241 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2242 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 2242 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
2243 .algorithm_mkey = SSL_kEECDH, 2243 .algorithm_mkey = SSL_kECDHE,
2244 .algorithm_auth = SSL_aECDSA, 2244 .algorithm_auth = SSL_aECDSA,
2245 .algorithm_enc = SSL_CHACHA20POLY1305, 2245 .algorithm_enc = SSL_CHACHA20POLY1305,
2246 .algorithm_mac = SSL_AEAD, 2246 .algorithm_mac = SSL_AEAD,
@@ -2256,7 +2256,7 @@ SSL_CIPHER ssl3_ciphers[] = {
2256 .valid = 1, 2256 .valid = 1,
2257 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 2257 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2258 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 2258 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
2259 .algorithm_mkey = SSL_kEDH, 2259 .algorithm_mkey = SSL_kDHE,
2260 .algorithm_auth = SSL_aRSA, 2260 .algorithm_auth = SSL_aRSA,
2261 .algorithm_enc = SSL_CHACHA20POLY1305, 2261 .algorithm_enc = SSL_CHACHA20POLY1305,
2262 .algorithm_mac = SSL_AEAD, 2262 .algorithm_mac = SSL_AEAD,
@@ -3069,7 +3069,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3069 * if we are considering an ECC cipher suite that uses an 3069 * if we are considering an ECC cipher suite that uses an
3070 * ephemeral EC key 3070 * ephemeral EC key
3071 */ 3071 */
3072 (alg_k & SSL_kEECDH) 3072 (alg_k & SSL_kECDHE)
3073 /* and we have an ephemeral EC key */ 3073 /* and we have an ephemeral EC key */
3074 && (s->cert->ecdh_tmp != NULL) 3074 && (s->cert->ecdh_tmp != NULL)
3075 /* and the client specified an EllipticCurves extension */ 3075 /* and the client specified an EllipticCurves extension */
@@ -3108,7 +3108,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3108 continue; 3108 continue;
3109 ii = sk_SSL_CIPHER_find(allow, c); 3109 ii = sk_SSL_CIPHER_find(allow, c);
3110 if (ii >= 0) { 3110 if (ii >= 0) {
3111 if ((alg_k & SSL_kEECDH) && 3111 if ((alg_k & SSL_kECDHE) &&
3112 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 3112 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
3113 if (!ret) 3113 if (!ret)
3114 ret = sk_SSL_CIPHER_value(allow, ii); 3114 ret = sk_SSL_CIPHER_value(allow, ii);
@@ -3139,12 +3139,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3139 } 3139 }
3140#endif 3140#endif
3141 3141
3142 if (alg_k & (SSL_kDHr|SSL_kEDH)) { 3142 if (alg_k & (SSL_kDHr|SSL_kDHE)) {
3143 p[ret++] = SSL3_CT_RSA_FIXED_DH; 3143 p[ret++] = SSL3_CT_RSA_FIXED_DH;
3144 p[ret++] = SSL3_CT_DSS_FIXED_DH; 3144 p[ret++] = SSL3_CT_DSS_FIXED_DH;
3145 } 3145 }
3146 if ((s->version == SSL3_VERSION) && 3146 if ((s->version == SSL3_VERSION) &&
3147 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { 3147 (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) {
3148 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 3148 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3149 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 3149 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3150 } 3150 }
@@ -3157,7 +3157,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3157 3157
3158 /* 3158 /*
3159 * ECDSA certs can be used with RSA cipher suites as well 3159 * ECDSA certs can be used with RSA cipher suites as well
3160 * so we don't need to check for SSL_kECDH or SSL_kEECDH 3160 * so we don't need to check for SSL_kECDH or SSL_kECDHE
3161 */ 3161 */
3162 if (s->version >= TLS1_VERSION) { 3162 if (s->version >= TLS1_VERSION) {
3163 p[ret++] = TLS_CT_ECDSA_SIGN; 3163 p[ret++] = TLS_CT_ECDSA_SIGN;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index e0a7d78995..8d47a16b55 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -422,8 +422,8 @@ ssl3_accept(SSL *s)
422 * public key for key exchange. 422 * public key for key exchange.
423 */ 423 */
424 if (s->s3->tmp.use_rsa_tmp || 424 if (s->s3->tmp.use_rsa_tmp ||
425 (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) || 425 (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) ||
426 (alg_k & SSL_kEECDH) || 426 (alg_k & SSL_kECDHE) ||
427 ((alg_k & SSL_kRSA) && 427 ((alg_k & SSL_kRSA) &&
428 (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == 428 (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
429 NULL))) { 429 NULL))) {
@@ -1416,7 +1416,7 @@ ssl3_send_server_key_exchange(SSL *s)
1416 r[1] = rsa->e; 1416 r[1] = rsa->e;
1417 s->s3->tmp.use_rsa_tmp = 1; 1417 s->s3->tmp.use_rsa_tmp = 1;
1418 } else 1418 } else
1419 if (type & SSL_kEDH) { 1419 if (type & SSL_kDHE) {
1420 dhp = cert->dh_tmp; 1420 dhp = cert->dh_tmp;
1421 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) 1421 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1422 dhp = s->cert->dh_tmp_cb(s, 0, 0); 1422 dhp = s->cert->dh_tmp_cb(s, 0, 0);
@@ -1463,7 +1463,7 @@ ssl3_send_server_key_exchange(SSL *s)
1463 r[1] = dh->g; 1463 r[1] = dh->g;
1464 r[2] = dh->pub_key; 1464 r[2] = dh->pub_key;
1465 } else 1465 } else
1466 if (type & SSL_kEECDH) { 1466 if (type & SSL_kECDHE) {
1467 const EC_GROUP *group; 1467 const EC_GROUP *group;
1468 1468
1469 ecdhp = cert->ecdh_tmp; 1469 ecdhp = cert->ecdh_tmp;
@@ -1614,7 +1614,7 @@ ssl3_send_server_key_exchange(SSL *s)
1614 p += nr[i]; 1614 p += nr[i];
1615 } 1615 }
1616 1616
1617 if (type & SSL_kEECDH) { 1617 if (type & SSL_kECDHE) {
1618 /* 1618 /*
1619 * XXX: For now, we only support named (not generic) 1619 * XXX: For now, we only support named (not generic)
1620 * curves. 1620 * curves.
@@ -1968,7 +1968,7 @@ ssl3_get_client_key_exchange(SSL *s)
1968 p, i); 1968 p, i);
1969 OPENSSL_cleanse(p, i); 1969 OPENSSL_cleanse(p, i);
1970 } else 1970 } else
1971 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1971 if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
1972 if (2 > n) 1972 if (2 > n)
1973 goto truncated; 1973 goto truncated;
1974 n2s(p, i); 1974 n2s(p, i);
@@ -2026,7 +2026,7 @@ ssl3_get_client_key_exchange(SSL *s)
2026 OPENSSL_cleanse(p, i); 2026 OPENSSL_cleanse(p, i);
2027 } else 2027 } else
2028 2028
2029 if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 2029 if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2030 int ret = 1; 2030 int ret = 1;
2031 int field_size = 0; 2031 int field_size = 0;
2032 const EC_KEY *tkey; 2032 const EC_KEY *tkey;
@@ -2072,7 +2072,7 @@ ssl3_get_client_key_exchange(SSL *s)
2072 if (n == 0L) { 2072 if (n == 0L) {
2073 /* Client Publickey was in Client Certificate */ 2073 /* Client Publickey was in Client Certificate */
2074 2074
2075 if (alg_k & SSL_kEECDH) { 2075 if (alg_k & SSL_kECDHE) {
2076 al = SSL_AD_HANDSHAKE_FAILURE; 2076 al = SSL_AD_HANDSHAKE_FAILURE;
2077 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2077 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2078 SSL_R_MISSING_TMP_ECDH_KEY); 2078 SSL_R_MISSING_TMP_ECDH_KEY);
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index a2dec527ca..70c91bf600 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = {
233 */ 233 */
234 { 234 {
235 .name = SSL_TXT_CMPDEF, 235 .name = SSL_TXT_CMPDEF,
236 .algorithm_mkey = SSL_kEDH|SSL_kEECDH, 236 .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
237 .algorithm_auth = SSL_aNULL, 237 .algorithm_auth = SSL_aNULL,
238 .algorithm_enc = ~SSL_eNULL, 238 .algorithm_enc = ~SSL_eNULL,
239 }, 239 },
@@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = {
265 }, 265 },
266 { 266 {
267 .name = SSL_TXT_kEDH, 267 .name = SSL_TXT_kEDH,
268 .algorithm_mkey = SSL_kEDH, 268 .algorithm_mkey = SSL_kDHE,
269 }, 269 },
270 { 270 {
271 .name = SSL_TXT_DH, 271 .name = SSL_TXT_DH,
272 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH, 272 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE,
273 }, 273 },
274 274
275 { 275 {
@@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = {
286 }, 286 },
287 { 287 {
288 .name = SSL_TXT_kEECDH, 288 .name = SSL_TXT_kEECDH,
289 .algorithm_mkey = SSL_kEECDH, 289 .algorithm_mkey = SSL_kECDHE,
290 }, 290 },
291 { 291 {
292 .name = SSL_TXT_ECDH, 292 .name = SSL_TXT_ECDH,
293 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 293 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
294 }, 294 },
295 295
296 { 296 {
@@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = {
348 /* aliases combining key exchange and server authentication */ 348 /* aliases combining key exchange and server authentication */
349 { 349 {
350 .name = SSL_TXT_EDH, 350 .name = SSL_TXT_EDH,
351 .algorithm_mkey = SSL_kEDH, 351 .algorithm_mkey = SSL_kDHE,
352 .algorithm_auth = ~SSL_aNULL, 352 .algorithm_auth = ~SSL_aNULL,
353 }, 353 },
354 { 354 {
355 .name = SSL_TXT_EECDH, 355 .name = SSL_TXT_EECDH,
356 .algorithm_mkey = SSL_kEECDH, 356 .algorithm_mkey = SSL_kECDHE,
357 .algorithm_auth = ~SSL_aNULL, 357 .algorithm_auth = ~SSL_aNULL,
358 }, 358 },
359 { 359 {
@@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = {
367 }, 367 },
368 { 368 {
369 .name = SSL_TXT_ADH, 369 .name = SSL_TXT_ADH,
370 .algorithm_mkey = SSL_kEDH, 370 .algorithm_mkey = SSL_kDHE,
371 .algorithm_auth = SSL_aNULL, 371 .algorithm_auth = SSL_aNULL,
372 }, 372 },
373 { 373 {
374 .name = SSL_TXT_AECDH, 374 .name = SSL_TXT_AECDH,
375 .algorithm_mkey = SSL_kEECDH, 375 .algorithm_mkey = SSL_kECDHE,
376 .algorithm_auth = SSL_aNULL, 376 .algorithm_auth = SSL_aNULL,
377 }, 377 },
378 378
@@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1451 /* Now arrange all ciphers by preference: */ 1451 /* Now arrange all ciphers by preference: */
1452 1452
1453 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ 1453 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1454 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1454 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1455 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1455 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1456 1456
1457 /* 1457 /*
1458 * CHACHA20 is fast and safe on all hardware and is thus our preferred 1458 * CHACHA20 is fast and safe on all hardware and is thus our preferred
@@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1609 case SSL_kDHd: 1609 case SSL_kDHd:
1610 kx = "DH/DSS"; 1610 kx = "DH/DSS";
1611 break; 1611 break;
1612 case SSL_kEDH: 1612 case SSL_kDHE:
1613 kx = "DH"; 1613 kx = "DH";
1614 break; 1614 break;
1615 case SSL_kECDHr: 1615 case SSL_kECDHr:
@@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1618 case SSL_kECDHe: 1618 case SSL_kECDHe:
1619 kx = "ECDH/ECDSA"; 1619 kx = "ECDH/ECDSA";
1620 break; 1620 break;
1621 case SSL_kEECDH: 1621 case SSL_kECDHE:
1622 kx = "ECDH"; 1622 kx = "ECDH";
1623 break; 1623 break;
1624 default: 1624 default:
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index b563071cda..6b62713bca 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1973,7 +1973,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1973 mask_k|=SSL_kRSA; 1973 mask_k|=SSL_kRSA;
1974 1974
1975 if (dh_tmp) 1975 if (dh_tmp)
1976 mask_k|=SSL_kEDH; 1976 mask_k|=SSL_kDHE;
1977 1977
1978 if (dh_rsa) 1978 if (dh_rsa)
1979 mask_k|=SSL_kDHr; 1979 mask_k|=SSL_kDHr;
@@ -2022,7 +2022,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2022 } 2022 }
2023 2023
2024 if (have_ecdh_tmp) { 2024 if (have_ecdh_tmp) {
2025 mask_k|=SSL_kEECDH; 2025 mask_k|=SSL_kECDHE;
2026 } 2026 }
2027 2027
2028 2028
@@ -2108,10 +2108,10 @@ ssl_get_server_send_pkey(const SSL *s)
2108 2108
2109 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { 2109 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2110 /* 2110 /*
2111 * We don't need to look at SSL_kEECDH 2111 * We don't need to look at SSL_kECDHE
2112 * since no certificate is needed for 2112 * since no certificate is needed for
2113 * anon ECDH and for authenticated 2113 * anon ECDH and for authenticated
2114 * EECDH, the check for the auth 2114 * ECDHE, the check for the auth
2115 * algorithm will set i correctly 2115 * algorithm will set i correctly
2116 * NOTE: For ECDH-RSA, we need an ECC 2116 * NOTE: For ECDH-RSA, we need an ECC
2117 * not an RSA cert but for EECDH-RSA 2117 * not an RSA cert but for EECDH-RSA
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 22ba8d926e..34e6337856 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -256,10 +256,10 @@
256#define SSL_kRSA 0x00000001L /* RSA key exchange */ 256#define SSL_kRSA 0x00000001L /* RSA key exchange */
257#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ 257#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
258#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ 258#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
259#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ 259#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
260#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ 260#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
261#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ 261#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
262#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ 262#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
263#define SSL_kGOST 0x00000200L /* GOST key exchange */ 263#define SSL_kGOST 0x00000200L /* GOST key exchange */
264 264
265/* Bits for algorithm_auth (server authentication) */ 265/* Bits for algorithm_auth (server authentication) */
@@ -397,7 +397,7 @@
397/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 397/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
398 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 398 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
399 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) 399 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
400 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN 400 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
401 * SSL_aRSA <- RSA_ENC | RSA_SIGN 401 * SSL_aRSA <- RSA_ENC | RSA_SIGN
402 * SSL_aDSS <- DSA_SIGN 402 * SSL_aDSS <- DSA_SIGN
403 */ 403 */
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 03af6e29ef..46b47a95b7 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1477,7 +1477,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1477 1477
1478 alg_k = c->algorithm_mkey; 1478 alg_k = c->algorithm_mkey;
1479 alg_a = c->algorithm_auth; 1479 alg_a = c->algorithm_auth;
1480 if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || 1480 if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
1481 (alg_a & SSL_aECDSA))) { 1481 (alg_a & SSL_aECDSA))) {
1482 using_ecc = 1; 1482 using_ecc = 1;
1483 break; 1483 break;
@@ -1524,7 +1524,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1524 1524
1525 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1525 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1526 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1526 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1527 int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); 1527 int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
1528 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1528 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1529 1529
1530 if (using_ecc) { 1530 if (using_ecc) {
@@ -1650,7 +1650,7 @@ ssl_check_serverhello_tlsext(SSL *s)
1650 (s->tlsext_ecpointformatlist_length > 0) && 1650 (s->tlsext_ecpointformatlist_length > 0) &&
1651 (s->session->tlsext_ecpointformatlist != NULL) && 1651 (s->session->tlsext_ecpointformatlist != NULL) &&
1652 (s->session->tlsext_ecpointformatlist_length > 0) && 1652 (s->session->tlsext_ecpointformatlist_length > 0) &&
1653 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { 1653 ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
1654 /* we are using an ECC cipher */ 1654 /* we are using an ECC cipher */
1655 size_t i; 1655 size_t i;
1656 unsigned char *list; 1656 unsigned char *list;
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index a2dec527ca..70c91bf600 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = {
233 */ 233 */
234 { 234 {
235 .name = SSL_TXT_CMPDEF, 235 .name = SSL_TXT_CMPDEF,
236 .algorithm_mkey = SSL_kEDH|SSL_kEECDH, 236 .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
237 .algorithm_auth = SSL_aNULL, 237 .algorithm_auth = SSL_aNULL,
238 .algorithm_enc = ~SSL_eNULL, 238 .algorithm_enc = ~SSL_eNULL,
239 }, 239 },
@@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = {
265 }, 265 },
266 { 266 {
267 .name = SSL_TXT_kEDH, 267 .name = SSL_TXT_kEDH,
268 .algorithm_mkey = SSL_kEDH, 268 .algorithm_mkey = SSL_kDHE,
269 }, 269 },
270 { 270 {
271 .name = SSL_TXT_DH, 271 .name = SSL_TXT_DH,
272 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH, 272 .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE,
273 }, 273 },
274 274
275 { 275 {
@@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = {
286 }, 286 },
287 { 287 {
288 .name = SSL_TXT_kEECDH, 288 .name = SSL_TXT_kEECDH,
289 .algorithm_mkey = SSL_kEECDH, 289 .algorithm_mkey = SSL_kECDHE,
290 }, 290 },
291 { 291 {
292 .name = SSL_TXT_ECDH, 292 .name = SSL_TXT_ECDH,
293 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 293 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
294 }, 294 },
295 295
296 { 296 {
@@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = {
348 /* aliases combining key exchange and server authentication */ 348 /* aliases combining key exchange and server authentication */
349 { 349 {
350 .name = SSL_TXT_EDH, 350 .name = SSL_TXT_EDH,
351 .algorithm_mkey = SSL_kEDH, 351 .algorithm_mkey = SSL_kDHE,
352 .algorithm_auth = ~SSL_aNULL, 352 .algorithm_auth = ~SSL_aNULL,
353 }, 353 },
354 { 354 {
355 .name = SSL_TXT_EECDH, 355 .name = SSL_TXT_EECDH,
356 .algorithm_mkey = SSL_kEECDH, 356 .algorithm_mkey = SSL_kECDHE,
357 .algorithm_auth = ~SSL_aNULL, 357 .algorithm_auth = ~SSL_aNULL,
358 }, 358 },
359 { 359 {
@@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = {
367 }, 367 },
368 { 368 {
369 .name = SSL_TXT_ADH, 369 .name = SSL_TXT_ADH,
370 .algorithm_mkey = SSL_kEDH, 370 .algorithm_mkey = SSL_kDHE,
371 .algorithm_auth = SSL_aNULL, 371 .algorithm_auth = SSL_aNULL,
372 }, 372 },
373 { 373 {
374 .name = SSL_TXT_AECDH, 374 .name = SSL_TXT_AECDH,
375 .algorithm_mkey = SSL_kEECDH, 375 .algorithm_mkey = SSL_kECDHE,
376 .algorithm_auth = SSL_aNULL, 376 .algorithm_auth = SSL_aNULL,
377 }, 377 },
378 378
@@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1451 /* Now arrange all ciphers by preference: */ 1451 /* Now arrange all ciphers by preference: */
1452 1452
1453 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ 1453 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1454 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1454 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1455 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1455 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1456 1456
1457 /* 1457 /*
1458 * CHACHA20 is fast and safe on all hardware and is thus our preferred 1458 * CHACHA20 is fast and safe on all hardware and is thus our preferred
@@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1609 case SSL_kDHd: 1609 case SSL_kDHd:
1610 kx = "DH/DSS"; 1610 kx = "DH/DSS";
1611 break; 1611 break;
1612 case SSL_kEDH: 1612 case SSL_kDHE:
1613 kx = "DH"; 1613 kx = "DH";
1614 break; 1614 break;
1615 case SSL_kECDHr: 1615 case SSL_kECDHr:
@@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1618 case SSL_kECDHe: 1618 case SSL_kECDHe:
1619 kx = "ECDH/ECDSA"; 1619 kx = "ECDH/ECDSA";
1620 break; 1620 break;
1621 case SSL_kEECDH: 1621 case SSL_kECDHE:
1622 kx = "ECDH"; 1622 kx = "ECDH";
1623 break; 1623 break;
1624 default: 1624 default:
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b563071cda..6b62713bca 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1973,7 +1973,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1973 mask_k|=SSL_kRSA; 1973 mask_k|=SSL_kRSA;
1974 1974
1975 if (dh_tmp) 1975 if (dh_tmp)
1976 mask_k|=SSL_kEDH; 1976 mask_k|=SSL_kDHE;
1977 1977
1978 if (dh_rsa) 1978 if (dh_rsa)
1979 mask_k|=SSL_kDHr; 1979 mask_k|=SSL_kDHr;
@@ -2022,7 +2022,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2022 } 2022 }
2023 2023
2024 if (have_ecdh_tmp) { 2024 if (have_ecdh_tmp) {
2025 mask_k|=SSL_kEECDH; 2025 mask_k|=SSL_kECDHE;
2026 } 2026 }
2027 2027
2028 2028
@@ -2108,10 +2108,10 @@ ssl_get_server_send_pkey(const SSL *s)
2108 2108
2109 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { 2109 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2110 /* 2110 /*
2111 * We don't need to look at SSL_kEECDH 2111 * We don't need to look at SSL_kECDHE
2112 * since no certificate is needed for 2112 * since no certificate is needed for
2113 * anon ECDH and for authenticated 2113 * anon ECDH and for authenticated
2114 * EECDH, the check for the auth 2114 * ECDHE, the check for the auth
2115 * algorithm will set i correctly 2115 * algorithm will set i correctly
2116 * NOTE: For ECDH-RSA, we need an ECC 2116 * NOTE: For ECDH-RSA, we need an ECC
2117 * not an RSA cert but for EECDH-RSA 2117 * not an RSA cert but for EECDH-RSA
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 22ba8d926e..34e6337856 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -256,10 +256,10 @@
256#define SSL_kRSA 0x00000001L /* RSA key exchange */ 256#define SSL_kRSA 0x00000001L /* RSA key exchange */
257#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ 257#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
258#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ 258#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
259#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ 259#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
260#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ 260#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
261#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ 261#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
262#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ 262#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
263#define SSL_kGOST 0x00000200L /* GOST key exchange */ 263#define SSL_kGOST 0x00000200L /* GOST key exchange */
264 264
265/* Bits for algorithm_auth (server authentication) */ 265/* Bits for algorithm_auth (server authentication) */
@@ -397,7 +397,7 @@
397/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 397/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
398 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 398 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
399 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) 399 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
400 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN 400 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
401 * SSL_aRSA <- RSA_ENC | RSA_SIGN 401 * SSL_aRSA <- RSA_ENC | RSA_SIGN
402 * SSL_aDSS <- DSA_SIGN 402 * SSL_aDSS <- DSA_SIGN
403 */ 403 */
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 03af6e29ef..46b47a95b7 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1477,7 +1477,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1477 1477
1478 alg_k = c->algorithm_mkey; 1478 alg_k = c->algorithm_mkey;
1479 alg_a = c->algorithm_auth; 1479 alg_a = c->algorithm_auth;
1480 if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || 1480 if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
1481 (alg_a & SSL_aECDSA))) { 1481 (alg_a & SSL_aECDSA))) {
1482 using_ecc = 1; 1482 using_ecc = 1;
1483 break; 1483 break;
@@ -1524,7 +1524,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1524 1524
1525 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1525 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1526 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1526 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1527 int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); 1527 int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
1528 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1528 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1529 1529
1530 if (using_ecc) { 1530 if (using_ecc) {
@@ -1650,7 +1650,7 @@ ssl_check_serverhello_tlsext(SSL *s)
1650 (s->tlsext_ecpointformatlist_length > 0) && 1650 (s->tlsext_ecpointformatlist_length > 0) &&
1651 (s->session->tlsext_ecpointformatlist != NULL) && 1651 (s->session->tlsext_ecpointformatlist != NULL) &&
1652 (s->session->tlsext_ecpointformatlist_length > 0) && 1652 (s->session->tlsext_ecpointformatlist_length > 0) &&
1653 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { 1653 ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
1654 /* we are using an ECC cipher */ 1654 /* we are using an ECC cipher */
1655 size_t i; 1655 size_t i;
1656 unsigned char *list; 1656 unsigned char *list;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-16 19:11:14 +0000