Drop cipher suites with DSS authentication - there is no good reason to

keep these around. ok beck@
author: jsing <> 2017-05-07 21:05:05 +0000
committer: jsing <> 2017-05-07 21:05:05 +0000
commit: bb8ee877d4fbf2b098d432635f46a7b40826d843 (patch)
tree: 2fc21f4848ae2e1aa7e8d4072706bfc14738256f
parent: b238007c9db07d24cda00ffe301ec662ec5e1cc3 (diff)
download: openbsd-bb8ee877d4fbf2b098d432635f46a7b40826d843.tar.gz
openbsd-bb8ee877d4fbf2b098d432635f46a7b40826d843.tar.bz2
openbsd-bb8ee877d4fbf2b098d432635f46a7b40826d843.zip
1 files changed, 1 insertions, 197 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 697ac6c7c5..98d7c69721 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.143 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.144 2017/05/07 21:05:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -273,38 +273,6 @@ SSL_CIPHER ssl3_ciphers[] = {
         * Ephemeral DH (DHE) ciphers.
         */
-        /* Cipher 12 */
-        {
-                .valid = 1,
-                .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
-                .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 56,
-                .alg_bits = 56,
-        },
-        /* Cipher 13 */
-        {
-                .valid = 1,
-                .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-                .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
        /* Cipher 15 */
        {
                .valid = 1,
@@ -405,22 +373,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 128,
        },
-        /* Cipher 32 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-                .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
        /* Cipher 33 */
        {
                .valid = 1,
@@ -469,22 +421,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher 38 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-                .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
        /* Cipher 39 */
        {
                .valid = 1,
@@ -566,22 +502,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher 40 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
-                .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
 #ifndef OPENSSL_NO_CAMELLIA
        /* Camellia ciphersuites from RFC4132 (128-bit portion) */
@@ -601,22 +521,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 128,
        },
-        /* Cipher 44 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-                .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
        /* Cipher 45 */
        {
                .valid = 1,
@@ -667,22 +571,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 128,
        },
-        /* Cipher 6A */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
-                .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
        /* Cipher 6B */
        {
                .valid = 1,
@@ -785,22 +673,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher 87 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-                .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
        /* Cipher 88 */
        {
                .valid = 1,
@@ -910,42 +782,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher A2 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
-                .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
-                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
-                    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        /* Cipher A3 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
-                .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
-                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
-                    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
        /* Cipher A6 */
        {
                .valid = 1,
@@ -1001,22 +837,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 128,
        },
-        /* Cipher BD */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
-                .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
        /* Cipher BE */
        {
                .valid = 1,
@@ -1065,22 +885,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher C3 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
-                .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aDSS,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
        /* Cipher C4 */
        {
                .valid = 1,
author	jsing <>	2017-05-07 21:05:05 +0000
committer	jsing <>	2017-05-07 21:05:05 +0000
commit	bb8ee877d4fbf2b098d432635f46a7b40826d843 (patch)
tree	2fc21f4848ae2e1aa7e8d4072706bfc14738256f
parent	b238007c9db07d24cda00ffe301ec662ec5e1cc3 (diff)
download	openbsd-bb8ee877d4fbf2b098d432635f46a7b40826d843.tar.gz openbsd-bb8ee877d4fbf2b098d432635f46a7b40826d843.tar.bz2 openbsd-bb8ee877d4fbf2b098d432635f46a7b40826d843.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 697ac6c7c5..98d7c69721 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.143 2017/05/07 04:22:24 beck Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.144 2017/05/07 21:05:05 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -273,38 +273,6 @@ SSL_CIPHER ssl3_ciphers[] = {
273	* Ephemeral DH (DHE) ciphers.	273	* Ephemeral DH (DHE) ciphers.
274	*/	274	*/
275		275
276	/* Cipher 12 */
277	{
278	.valid = 1,
279	.name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
280	.id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
281	.algorithm_mkey = SSL_kDHE,
282	.algorithm_auth = SSL_aDSS,
283	.algorithm_enc = SSL_DES,
284	.algorithm_mac = SSL_SHA1,
285	.algorithm_ssl = SSL_SSLV3,
286	.algo_strength = SSL_LOW,
287	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
288	.strength_bits = 56,
289	.alg_bits = 56,
290	},
291
292	/* Cipher 13 */
293	{
294	.valid = 1,
295	.name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
296	.id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
297	.algorithm_mkey = SSL_kDHE,
298	.algorithm_auth = SSL_aDSS,
299	.algorithm_enc = SSL_3DES,
300	.algorithm_mac = SSL_SHA1,
301	.algorithm_ssl = SSL_SSLV3,
302	.algo_strength = SSL_MEDIUM,
303	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
304	.strength_bits = 112,
305	.alg_bits = 168,
306	},
307
308	/* Cipher 15 */	276	/* Cipher 15 */
309	{	277	{
310	.valid = 1,	278	.valid = 1,
@@ -405,22 +373,6 @@ SSL_CIPHER ssl3_ciphers[] = {
405	.alg_bits = 128,	373	.alg_bits = 128,
406	},	374	},
407		375
408	/* Cipher 32 */
409	{
410	.valid = 1,
411	.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
412	.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
413	.algorithm_mkey = SSL_kDHE,
414	.algorithm_auth = SSL_aDSS,
415	.algorithm_enc = SSL_AES128,
416	.algorithm_mac = SSL_SHA1,
417	.algorithm_ssl = SSL_TLSV1,
418	.algo_strength = SSL_HIGH,
419	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
420	.strength_bits = 128,
421	.alg_bits = 128,
422	},
423
424	/* Cipher 33 */	376	/* Cipher 33 */
425	{	377	{
426	.valid = 1,	378	.valid = 1,
@@ -469,22 +421,6 @@ SSL_CIPHER ssl3_ciphers[] = {
469	.alg_bits = 256,	421	.alg_bits = 256,
470	},	422	},
471		423
472	/* Cipher 38 */
473	{
474	.valid = 1,
475	.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
476	.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
477	.algorithm_mkey = SSL_kDHE,
478	.algorithm_auth = SSL_aDSS,
479	.algorithm_enc = SSL_AES256,
480	.algorithm_mac = SSL_SHA1,
481	.algorithm_ssl = SSL_TLSV1,
482	.algo_strength = SSL_HIGH,
483	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
484	.strength_bits = 256,
485	.alg_bits = 256,
486	},
487
488	/* Cipher 39 */	424	/* Cipher 39 */
489	{	425	{
490	.valid = 1,	426	.valid = 1,
@@ -566,22 +502,6 @@ SSL_CIPHER ssl3_ciphers[] = {
566	.alg_bits = 256,	502	.alg_bits = 256,
567	},	503	},
568		504
569	/* Cipher 40 */
570	{
571	.valid = 1,
572	.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
573	.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
574	.algorithm_mkey = SSL_kDHE,
575	.algorithm_auth = SSL_aDSS,
576	.algorithm_enc = SSL_AES128,
577	.algorithm_mac = SSL_SHA256,
578	.algorithm_ssl = SSL_TLSV1_2,
579	.algo_strength = SSL_HIGH,
580	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
581	.strength_bits = 128,
582	.alg_bits = 128,
583	},
584
585	#ifndef OPENSSL_NO_CAMELLIA	505	#ifndef OPENSSL_NO_CAMELLIA
586	/* Camellia ciphersuites from RFC4132 (128-bit portion) */	506	/* Camellia ciphersuites from RFC4132 (128-bit portion) */
587		507
@@ -601,22 +521,6 @@ SSL_CIPHER ssl3_ciphers[] = {
601	.alg_bits = 128,	521	.alg_bits = 128,
602	},	522	},
603		523
604	/* Cipher 44 */
605	{
606	.valid = 1,
607	.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
608	.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
609	.algorithm_mkey = SSL_kDHE,
610	.algorithm_auth = SSL_aDSS,
611	.algorithm_enc = SSL_CAMELLIA128,
612	.algorithm_mac = SSL_SHA1,
613	.algorithm_ssl = SSL_TLSV1,
614	.algo_strength = SSL_HIGH,
615	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
616	.strength_bits = 128,
617	.alg_bits = 128,
618	},
619
620	/* Cipher 45 */	524	/* Cipher 45 */
621	{	525	{
622	.valid = 1,	526	.valid = 1,
@@ -667,22 +571,6 @@ SSL_CIPHER ssl3_ciphers[] = {
667	.alg_bits = 128,	571	.alg_bits = 128,
668	},	572	},
669		573
670	/* Cipher 6A */
671	{
672	.valid = 1,
673	.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
674	.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
675	.algorithm_mkey = SSL_kDHE,
676	.algorithm_auth = SSL_aDSS,
677	.algorithm_enc = SSL_AES256,
678	.algorithm_mac = SSL_SHA256,
679	.algorithm_ssl = SSL_TLSV1_2,
680	.algo_strength = SSL_HIGH,
681	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
682	.strength_bits = 256,
683	.alg_bits = 256,
684	},
685
686	/* Cipher 6B */	574	/* Cipher 6B */
687	{	575	{
688	.valid = 1,	576	.valid = 1,
@@ -785,22 +673,6 @@ SSL_CIPHER ssl3_ciphers[] = {
785	.alg_bits = 256,	673	.alg_bits = 256,
786	},	674	},
787		675
788	/* Cipher 87 */
789	{
790	.valid = 1,
791	.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
792	.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
793	.algorithm_mkey = SSL_kDHE,
794	.algorithm_auth = SSL_aDSS,
795	.algorithm_enc = SSL_CAMELLIA256,
796	.algorithm_mac = SSL_SHA1,
797	.algorithm_ssl = SSL_TLSV1,
798	.algo_strength = SSL_HIGH,
799	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
800	.strength_bits = 256,
801	.alg_bits = 256,
802	},
803
804	/* Cipher 88 */	676	/* Cipher 88 */
805	{	677	{
806	.valid = 1,	678	.valid = 1,
@@ -910,42 +782,6 @@ SSL_CIPHER ssl3_ciphers[] = {
910	.alg_bits = 256,	782	.alg_bits = 256,
911	},	783	},
912		784
913	/* Cipher A2 */
914	{
915	.valid = 1,
916	.name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
917	.id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
918	.algorithm_mkey = SSL_kDHE,
919	.algorithm_auth = SSL_aDSS,
920	.algorithm_enc = SSL_AES128GCM,
921	.algorithm_mac = SSL_AEAD,
922	.algorithm_ssl = SSL_TLSV1_2,
923	.algo_strength = SSL_HIGH,
924	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|
925	SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4)\|
926	SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
927	.strength_bits = 128,
928	.alg_bits = 128,
929	},
930
931	/* Cipher A3 */
932	{
933	.valid = 1,
934	.name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
935	.id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
936	.algorithm_mkey = SSL_kDHE,
937	.algorithm_auth = SSL_aDSS,
938	.algorithm_enc = SSL_AES256GCM,
939	.algorithm_mac = SSL_AEAD,
940	.algorithm_ssl = SSL_TLSV1_2,
941	.algo_strength = SSL_HIGH,
942	.algorithm2 = SSL_HANDSHAKE_MAC_SHA384\|TLS1_PRF_SHA384\|
943	SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(4)\|
944	SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
945	.strength_bits = 256,
946	.alg_bits = 256,
947	},
948
949	/* Cipher A6 */	785	/* Cipher A6 */
950	{	786	{
951	.valid = 1,	787	.valid = 1,
@@ -1001,22 +837,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1001	.alg_bits = 128,	837	.alg_bits = 128,
1002	},	838	},
1003		839
1004	/* Cipher BD */
1005	{
1006	.valid = 1,
1007	.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1008	.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1009	.algorithm_mkey = SSL_kDHE,
1010	.algorithm_auth = SSL_aDSS,
1011	.algorithm_enc = SSL_CAMELLIA128,
1012	.algorithm_mac = SSL_SHA256,
1013	.algorithm_ssl = SSL_TLSV1_2,
1014	.algo_strength = SSL_HIGH,
1015	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
1016	.strength_bits = 128,
1017	.alg_bits = 128,
1018	},
1019
1020	/* Cipher BE */	840	/* Cipher BE */
1021	{	841	{
1022	.valid = 1,	842	.valid = 1,
@@ -1065,22 +885,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1065	.alg_bits = 256,	885	.alg_bits = 256,
1066	},	886	},
1067		887
1068	/* Cipher C3 */
1069	{
1070	.valid = 1,
1071	.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1072	.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1073	.algorithm_mkey = SSL_kDHE,
1074	.algorithm_auth = SSL_aDSS,
1075	.algorithm_enc = SSL_CAMELLIA256,
1076	.algorithm_mac = SSL_SHA256,
1077	.algorithm_ssl = SSL_TLSV1_2,
1078	.algo_strength = SSL_HIGH,
1079	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
1080	.strength_bits = 256,
1081	.alg_bits = 256,
1082	},
1083
1084	/* Cipher C4 */	888	/* Cipher C4 */
1085	{	889	{
1086	.valid = 1,	890	.valid = 1,