summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authordjm <>2010-10-01 22:59:01 +0000
committerdjm <>2010-10-01 22:59:01 +0000
commitfe047d8b632246cb2db3234a0a4f32e5c318857b (patch)
tree939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libssl/s3_lib.c
parent2ea67f4aa254b09ded62e6e14fc893bbe6381579 (diff)
downloadopenbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.gz
openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.bz2
openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.zip
resolve conflicts, fix local changes
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c2247
1 files changed, 1475 insertions, 772 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 5aa7bb21da..d6b047c995 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -121,16 +121,46 @@
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
124 150
125#include <stdio.h> 151#include <stdio.h>
126#include <openssl/objects.h> 152#include <openssl/objects.h>
127#include "ssl_locl.h" 153#include "ssl_locl.h"
128#include "kssl_lcl.h" 154#include "kssl_lcl.h"
155#ifndef OPENSSL_NO_TLSEXT
156#ifndef OPENSSL_NO_EC
157#include "../crypto/ec/ec_lcl.h"
158#endif /* OPENSSL_NO_EC */
159#endif /* OPENSSL_NO_TLSEXT */
129#include <openssl/md5.h> 160#include <openssl/md5.h>
130#ifndef OPENSSL_NO_DH 161#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h> 162#include <openssl/dh.h>
132#endif 163#endif
133#include <openssl/pq_compat.h>
134 164
135const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
136 166
@@ -138,217 +168,265 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
138 168
139/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
140OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
141/* The RSA ciphers */ 172/* The RSA ciphers */
142/* Cipher 01 */ 173/* Cipher 01 */
143 { 174 {
144 1, 175 1,
145 SSL3_TXT_RSA_NULL_MD5, 176 SSL3_TXT_RSA_NULL_MD5,
146 SSL3_CK_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5,
147 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, 178 SSL_kRSA,
179 SSL_aRSA,
180 SSL_eNULL,
181 SSL_MD5,
182 SSL_SSLV3,
148 SSL_NOT_EXP|SSL_STRONG_NONE, 183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
149 0, 185 0,
150 0, 186 0,
151 0,
152 SSL_ALL_CIPHERS,
153 SSL_ALL_STRENGTHS,
154 }, 187 },
188
155/* Cipher 02 */ 189/* Cipher 02 */
156 { 190 {
157 1, 191 1,
158 SSL3_TXT_RSA_NULL_SHA, 192 SSL3_TXT_RSA_NULL_SHA,
159 SSL3_CK_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA,
160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, 194 SSL_kRSA,
195 SSL_aRSA,
196 SSL_eNULL,
197 SSL_SHA1,
198 SSL_SSLV3,
161 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
162 0, 201 0,
163 0, 202 0,
164 0,
165 SSL_ALL_CIPHERS,
166 SSL_ALL_STRENGTHS,
167 }, 203 },
204
168/* Cipher 03 */ 205/* Cipher 03 */
169 { 206 {
170 1, 207 1,
171 SSL3_TXT_RSA_RC4_40_MD5, 208 SSL3_TXT_RSA_RC4_40_MD5,
172 SSL3_CK_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5,
173 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_RC4,
213 SSL_MD5,
214 SSL_SSLV3,
174 SSL_EXPORT|SSL_EXP40, 215 SSL_EXPORT|SSL_EXP40,
175 0, 216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
176 40, 217 40,
177 128, 218 128,
178 SSL_ALL_CIPHERS,
179 SSL_ALL_STRENGTHS,
180 }, 219 },
220
181/* Cipher 04 */ 221/* Cipher 04 */
182 { 222 {
183 1, 223 1,
184 SSL3_TXT_RSA_RC4_128_MD5, 224 SSL3_TXT_RSA_RC4_128_MD5,
185 SSL3_CK_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5,
186 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, 226 SSL_kRSA,
227 SSL_aRSA,
228 SSL_RC4,
229 SSL_MD5,
230 SSL_SSLV3,
187 SSL_NOT_EXP|SSL_MEDIUM, 231 SSL_NOT_EXP|SSL_MEDIUM,
188 0, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
189 128, 233 128,
190 128, 234 128,
191 SSL_ALL_CIPHERS,
192 SSL_ALL_STRENGTHS,
193 }, 235 },
236
194/* Cipher 05 */ 237/* Cipher 05 */
195 { 238 {
196 1, 239 1,
197 SSL3_TXT_RSA_RC4_128_SHA, 240 SSL3_TXT_RSA_RC4_128_SHA,
198 SSL3_CK_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA,
199 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, 242 SSL_kRSA,
243 SSL_aRSA,
244 SSL_RC4,
245 SSL_SHA1,
246 SSL_SSLV3,
200 SSL_NOT_EXP|SSL_MEDIUM, 247 SSL_NOT_EXP|SSL_MEDIUM,
201 0, 248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
202 128, 249 128,
203 128, 250 128,
204 SSL_ALL_CIPHERS,
205 SSL_ALL_STRENGTHS,
206 }, 251 },
252
207/* Cipher 06 */ 253/* Cipher 06 */
208 { 254 {
209 1, 255 1,
210 SSL3_TXT_RSA_RC2_40_MD5, 256 SSL3_TXT_RSA_RC2_40_MD5,
211 SSL3_CK_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5,
212 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, 258 SSL_kRSA,
259 SSL_aRSA,
260 SSL_RC2,
261 SSL_MD5,
262 SSL_SSLV3,
213 SSL_EXPORT|SSL_EXP40, 263 SSL_EXPORT|SSL_EXP40,
214 0, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
215 40, 265 40,
216 128, 266 128,
217 SSL_ALL_CIPHERS,
218 SSL_ALL_STRENGTHS,
219 }, 267 },
268
220/* Cipher 07 */ 269/* Cipher 07 */
221#ifndef OPENSSL_NO_IDEA 270#ifndef OPENSSL_NO_IDEA
222 { 271 {
223 1, 272 1,
224 SSL3_TXT_RSA_IDEA_128_SHA, 273 SSL3_TXT_RSA_IDEA_128_SHA,
225 SSL3_CK_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA,
226 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, 275 SSL_kRSA,
276 SSL_aRSA,
277 SSL_IDEA,
278 SSL_SHA1,
279 SSL_SSLV3,
227 SSL_NOT_EXP|SSL_MEDIUM, 280 SSL_NOT_EXP|SSL_MEDIUM,
228 0, 281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
229 128, 282 128,
230 128, 283 128,
231 SSL_ALL_CIPHERS,
232 SSL_ALL_STRENGTHS,
233 }, 284 },
234#endif 285#endif
286
235/* Cipher 08 */ 287/* Cipher 08 */
236 { 288 {
237 1, 289 1,
238 SSL3_TXT_RSA_DES_40_CBC_SHA, 290 SSL3_TXT_RSA_DES_40_CBC_SHA,
239 SSL3_CK_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA,
240 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 292 SSL_kRSA,
293 SSL_aRSA,
294 SSL_DES,
295 SSL_SHA1,
296 SSL_SSLV3,
241 SSL_EXPORT|SSL_EXP40, 297 SSL_EXPORT|SSL_EXP40,
242 0, 298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
243 40, 299 40,
244 56, 300 56,
245 SSL_ALL_CIPHERS,
246 SSL_ALL_STRENGTHS,
247 }, 301 },
302
248/* Cipher 09 */ 303/* Cipher 09 */
249 { 304 {
250 1, 305 1,
251 SSL3_TXT_RSA_DES_64_CBC_SHA, 306 SSL3_TXT_RSA_DES_64_CBC_SHA,
252 SSL3_CK_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA,
253 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 308 SSL_kRSA,
309 SSL_aRSA,
310 SSL_DES,
311 SSL_SHA1,
312 SSL_SSLV3,
254 SSL_NOT_EXP|SSL_LOW, 313 SSL_NOT_EXP|SSL_LOW,
255 0, 314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256 56, 315 56,
257 56, 316 56,
258 SSL_ALL_CIPHERS,
259 SSL_ALL_STRENGTHS,
260 }, 317 },
318
261/* Cipher 0A */ 319/* Cipher 0A */
262 { 320 {
263 1, 321 1,
264 SSL3_TXT_RSA_DES_192_CBC3_SHA, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA,
266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 324 SSL_kRSA,
325 SSL_aRSA,
326 SSL_3DES,
327 SSL_SHA1,
328 SSL_SSLV3,
267 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
268 0, 330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
269 168, 331 168,
270 168, 332 168,
271 SSL_ALL_CIPHERS,
272 SSL_ALL_STRENGTHS,
273 }, 333 },
334
274/* The DH ciphers */ 335/* The DH ciphers */
275/* Cipher 0B */ 336/* Cipher 0B */
276 { 337 {
277 0, 338 0,
278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
279 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
280 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 341 SSL_kDHd,
342 SSL_aDH,
343 SSL_DES,
344 SSL_SHA1,
345 SSL_SSLV3,
281 SSL_EXPORT|SSL_EXP40, 346 SSL_EXPORT|SSL_EXP40,
282 0, 347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
283 40, 348 40,
284 56, 349 56,
285 SSL_ALL_CIPHERS,
286 SSL_ALL_STRENGTHS,
287 }, 350 },
351
288/* Cipher 0C */ 352/* Cipher 0C */
289 { 353 {
290 0, 354 0, /* not implemented (non-ephemeral DH) */
291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
292 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
293 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 357 SSL_kDHd,
358 SSL_aDH,
359 SSL_DES,
360 SSL_SHA1,
361 SSL_SSLV3,
294 SSL_NOT_EXP|SSL_LOW, 362 SSL_NOT_EXP|SSL_LOW,
295 0, 363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
296 56, 364 56,
297 56, 365 56,
298 SSL_ALL_CIPHERS,
299 SSL_ALL_STRENGTHS,
300 }, 366 },
367
301/* Cipher 0D */ 368/* Cipher 0D */
302 { 369 {
303 0, 370 0, /* not implemented (non-ephemeral DH) */
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 373 SSL_kDHd,
374 SSL_aDH,
375 SSL_3DES,
376 SSL_SHA1,
377 SSL_SSLV3,
307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
308 0, 379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
309 168, 380 168,
310 168, 381 168,
311 SSL_ALL_CIPHERS,
312 SSL_ALL_STRENGTHS,
313 }, 382 },
383
314/* Cipher 0E */ 384/* Cipher 0E */
315 { 385 {
316 0, 386 0, /* not implemented (non-ephemeral DH) */
317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
318 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
319 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 389 SSL_kDHr,
390 SSL_aDH,
391 SSL_DES,
392 SSL_SHA1,
393 SSL_SSLV3,
320 SSL_EXPORT|SSL_EXP40, 394 SSL_EXPORT|SSL_EXP40,
321 0, 395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
322 40, 396 40,
323 56, 397 56,
324 SSL_ALL_CIPHERS,
325 SSL_ALL_STRENGTHS,
326 }, 398 },
399
327/* Cipher 0F */ 400/* Cipher 0F */
328 { 401 {
329 0, 402 0, /* not implemented (non-ephemeral DH) */
330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
331 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
332 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 405 SSL_kDHr,
406 SSL_aDH,
407 SSL_DES,
408 SSL_SHA1,
409 SSL_SSLV3,
333 SSL_NOT_EXP|SSL_LOW, 410 SSL_NOT_EXP|SSL_LOW,
334 0, 411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
335 56, 412 56,
336 56, 413 56,
337 SSL_ALL_CIPHERS,
338 SSL_ALL_STRENGTHS,
339 }, 414 },
415
340/* Cipher 10 */ 416/* Cipher 10 */
341 { 417 {
342 0, 418 0, /* not implemented (non-ephemeral DH) */
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 421 SSL_kDHr,
422 SSL_aDH,
423 SSL_3DES,
424 SSL_SHA1,
425 SSL_SSLV3,
346 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
347 0, 427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 168, 428 168,
349 168, 429 168,
350 SSL_ALL_CIPHERS,
351 SSL_ALL_STRENGTHS,
352 }, 430 },
353 431
354/* The Ephemeral DH ciphers */ 432/* The Ephemeral DH ciphers */
@@ -357,158 +435,193 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
357 1, 435 1,
358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
360 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, 438 SSL_kEDH,
439 SSL_aDSS,
440 SSL_DES,
441 SSL_SHA1,
442 SSL_SSLV3,
361 SSL_EXPORT|SSL_EXP40, 443 SSL_EXPORT|SSL_EXP40,
362 0, 444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
363 40, 445 40,
364 56, 446 56,
365 SSL_ALL_CIPHERS,
366 SSL_ALL_STRENGTHS,
367 }, 447 },
448
368/* Cipher 12 */ 449/* Cipher 12 */
369 { 450 {
370 1, 451 1,
371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
373 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, 454 SSL_kEDH,
455 SSL_aDSS,
456 SSL_DES,
457 SSL_SHA1,
458 SSL_SSLV3,
374 SSL_NOT_EXP|SSL_LOW, 459 SSL_NOT_EXP|SSL_LOW,
375 0, 460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
376 56, 461 56,
377 56, 462 56,
378 SSL_ALL_CIPHERS,
379 SSL_ALL_STRENGTHS,
380 }, 463 },
464
381/* Cipher 13 */ 465/* Cipher 13 */
382 { 466 {
383 1, 467 1,
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, 470 SSL_kEDH,
471 SSL_aDSS,
472 SSL_3DES,
473 SSL_SHA1,
474 SSL_SSLV3,
387 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
388 0, 476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
389 168, 477 168,
390 168, 478 168,
391 SSL_ALL_CIPHERS,
392 SSL_ALL_STRENGTHS,
393 }, 479 },
480
394/* Cipher 14 */ 481/* Cipher 14 */
395 { 482 {
396 1, 483 1,
397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
399 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 486 SSL_kEDH,
487 SSL_aRSA,
488 SSL_DES,
489 SSL_SHA1,
490 SSL_SSLV3,
400 SSL_EXPORT|SSL_EXP40, 491 SSL_EXPORT|SSL_EXP40,
401 0, 492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
402 40, 493 40,
403 56, 494 56,
404 SSL_ALL_CIPHERS,
405 SSL_ALL_STRENGTHS,
406 }, 495 },
496
407/* Cipher 15 */ 497/* Cipher 15 */
408 { 498 {
409 1, 499 1,
410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
412 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 502 SSL_kEDH,
503 SSL_aRSA,
504 SSL_DES,
505 SSL_SHA1,
506 SSL_SSLV3,
413 SSL_NOT_EXP|SSL_LOW, 507 SSL_NOT_EXP|SSL_LOW,
414 0, 508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
415 56, 509 56,
416 56, 510 56,
417 SSL_ALL_CIPHERS,
418 SSL_ALL_STRENGTHS,
419 }, 511 },
512
420/* Cipher 16 */ 513/* Cipher 16 */
421 { 514 {
422 1, 515 1,
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 518 SSL_kEDH,
519 SSL_aRSA,
520 SSL_3DES,
521 SSL_SHA1,
522 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 0, 524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168, 525 168,
429 168, 526 168,
430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
432 }, 527 },
528
433/* Cipher 17 */ 529/* Cipher 17 */
434 { 530 {
435 1, 531 1,
436 SSL3_TXT_ADH_RC4_40_MD5, 532 SSL3_TXT_ADH_RC4_40_MD5,
437 SSL3_CK_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5,
438 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 534 SSL_kEDH,
535 SSL_aNULL,
536 SSL_RC4,
537 SSL_MD5,
538 SSL_SSLV3,
439 SSL_EXPORT|SSL_EXP40, 539 SSL_EXPORT|SSL_EXP40,
440 0, 540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
441 40, 541 40,
442 128, 542 128,
443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
445 }, 543 },
544
446/* Cipher 18 */ 545/* Cipher 18 */
447 { 546 {
448 1, 547 1,
449 SSL3_TXT_ADH_RC4_128_MD5, 548 SSL3_TXT_ADH_RC4_128_MD5,
450 SSL3_CK_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5,
451 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 550 SSL_kEDH,
551 SSL_aNULL,
552 SSL_RC4,
553 SSL_MD5,
554 SSL_SSLV3,
452 SSL_NOT_EXP|SSL_MEDIUM, 555 SSL_NOT_EXP|SSL_MEDIUM,
453 0, 556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
454 128, 557 128,
455 128, 558 128,
456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
458 }, 559 },
560
459/* Cipher 19 */ 561/* Cipher 19 */
460 { 562 {
461 1, 563 1,
462 SSL3_TXT_ADH_DES_40_CBC_SHA, 564 SSL3_TXT_ADH_DES_40_CBC_SHA,
463 SSL3_CK_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA,
464 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, 566 SSL_kEDH,
567 SSL_aNULL,
568 SSL_DES,
569 SSL_SHA1,
570 SSL_SSLV3,
465 SSL_EXPORT|SSL_EXP40, 571 SSL_EXPORT|SSL_EXP40,
466 0, 572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
467 40, 573 40,
468 128, 574 128,
469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
471 }, 575 },
576
472/* Cipher 1A */ 577/* Cipher 1A */
473 { 578 {
474 1, 579 1,
475 SSL3_TXT_ADH_DES_64_CBC_SHA, 580 SSL3_TXT_ADH_DES_64_CBC_SHA,
476 SSL3_CK_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA,
477 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, 582 SSL_kEDH,
583 SSL_aNULL,
584 SSL_DES,
585 SSL_SHA1,
586 SSL_SSLV3,
478 SSL_NOT_EXP|SSL_LOW, 587 SSL_NOT_EXP|SSL_LOW,
479 0, 588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
480 56, 589 56,
481 56, 590 56,
482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
484 }, 591 },
592
485/* Cipher 1B */ 593/* Cipher 1B */
486 { 594 {
487 1, 595 1,
488 SSL3_TXT_ADH_DES_192_CBC_SHA, 596 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA,
490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, 598 SSL_kEDH,
599 SSL_aNULL,
600 SSL_3DES,
601 SSL_SHA1,
602 SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
492 0, 604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 168, 605 168,
494 168, 606 168,
495 SSL_ALL_CIPHERS,
496 SSL_ALL_STRENGTHS,
497 }, 607 },
498 608
499/* Fortezza */ 609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0
500/* Cipher 1C */ 611/* Cipher 1C */
501 { 612 {
502 0, 613 0,
503 SSL3_TXT_FZA_DMS_NULL_SHA, 614 SSL3_TXT_FZA_DMS_NULL_SHA,
504 SSL3_CK_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA,
505 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, 616 SSL_kFZA,
617 SSL_aFZA,
618 SSL_eNULL,
619 SSL_SHA1,
620 SSL_SSLV3,
506 SSL_NOT_EXP|SSL_STRONG_NONE, 621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
507 0, 623 0,
508 0, 624 0,
509 0,
510 SSL_ALL_CIPHERS,
511 SSL_ALL_STRENGTHS,
512 }, 625 },
513 626
514/* Cipher 1D */ 627/* Cipher 1D */
@@ -516,45 +629,50 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
516 0, 629 0,
517 SSL3_TXT_FZA_DMS_FZA_SHA, 630 SSL3_TXT_FZA_DMS_FZA_SHA,
518 SSL3_CK_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA,
519 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, 632 SSL_kFZA,
633 SSL_aFZA,
634 SSL_eFZA,
635 SSL_SHA1,
636 SSL_SSLV3,
520 SSL_NOT_EXP|SSL_STRONG_NONE, 637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
521 0, 639 0,
522 0, 640 0,
523 0,
524 SSL_ALL_CIPHERS,
525 SSL_ALL_STRENGTHS,
526 }, 641 },
527 642
528#if 0
529/* Cipher 1E */ 643/* Cipher 1E */
530 { 644 {
531 0, 645 0,
532 SSL3_TXT_FZA_DMS_RC4_SHA, 646 SSL3_TXT_FZA_DMS_RC4_SHA,
533 SSL3_CK_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA,
534 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, 648 SSL_kFZA,
649 SSL_aFZA,
650 SSL_RC4,
651 SSL_SHA1,
652 SSL_SSLV3,
535 SSL_NOT_EXP|SSL_MEDIUM, 653 SSL_NOT_EXP|SSL_MEDIUM,
536 0, 654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
537 128, 655 128,
538 128, 656 128,
539 SSL_ALL_CIPHERS,
540 SSL_ALL_STRENGTHS,
541 }, 657 },
542#endif 658#endif
543 659
544#ifndef OPENSSL_NO_KRB5 660#ifndef OPENSSL_NO_KRB5
545/* The Kerberos ciphers */ 661/* The Kerberos ciphers*/
546/* Cipher 1E */ 662/* Cipher 1E */
547 { 663 {
548 1, 664 1,
549 SSL3_TXT_KRB5_DES_64_CBC_SHA, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
550 SSL3_CK_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA,
551 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 667 SSL_kKRB5,
668 SSL_aKRB5,
669 SSL_DES,
670 SSL_SHA1,
671 SSL_SSLV3,
552 SSL_NOT_EXP|SSL_LOW, 672 SSL_NOT_EXP|SSL_LOW,
553 0, 673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
554 56, 674 56,
555 56, 675 56,
556 SSL_ALL_CIPHERS,
557 SSL_ALL_STRENGTHS,
558 }, 676 },
559 677
560/* Cipher 1F */ 678/* Cipher 1F */
@@ -562,13 +680,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
562 1, 680 1,
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
564 SSL3_CK_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, 683 SSL_kKRB5,
684 SSL_aKRB5,
685 SSL_3DES,
686 SSL_SHA1,
687 SSL_SSLV3,
566 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
567 0, 689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
568 168, 690 168,
569 168, 691 168,
570 SSL_ALL_CIPHERS,
571 SSL_ALL_STRENGTHS,
572 }, 692 },
573 693
574/* Cipher 20 */ 694/* Cipher 20 */
@@ -576,13 +696,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
576 1, 696 1,
577 SSL3_TXT_KRB5_RC4_128_SHA, 697 SSL3_TXT_KRB5_RC4_128_SHA,
578 SSL3_CK_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA,
579 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 699 SSL_kKRB5,
700 SSL_aKRB5,
701 SSL_RC4,
702 SSL_SHA1,
703 SSL_SSLV3,
580 SSL_NOT_EXP|SSL_MEDIUM, 704 SSL_NOT_EXP|SSL_MEDIUM,
581 0, 705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
582 128, 706 128,
583 128, 707 128,
584 SSL_ALL_CIPHERS,
585 SSL_ALL_STRENGTHS,
586 }, 708 },
587 709
588/* Cipher 21 */ 710/* Cipher 21 */
@@ -590,13 +712,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
590 1, 712 1,
591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
592 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
593 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, 715 SSL_kKRB5,
716 SSL_aKRB5,
717 SSL_IDEA,
718 SSL_SHA1,
719 SSL_SSLV3,
594 SSL_NOT_EXP|SSL_MEDIUM, 720 SSL_NOT_EXP|SSL_MEDIUM,
595 0, 721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
596 128, 722 128,
597 128, 723 128,
598 SSL_ALL_CIPHERS,
599 SSL_ALL_STRENGTHS,
600 }, 724 },
601 725
602/* Cipher 22 */ 726/* Cipher 22 */
@@ -604,13 +728,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
604 1, 728 1,
605 SSL3_TXT_KRB5_DES_64_CBC_MD5, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
606 SSL3_CK_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5,
607 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, 731 SSL_kKRB5,
732 SSL_aKRB5,
733 SSL_DES,
734 SSL_MD5,
735 SSL_SSLV3,
608 SSL_NOT_EXP|SSL_LOW, 736 SSL_NOT_EXP|SSL_LOW,
609 0, 737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
610 56, 738 56,
611 56, 739 56,
612 SSL_ALL_CIPHERS,
613 SSL_ALL_STRENGTHS,
614 }, 740 },
615 741
616/* Cipher 23 */ 742/* Cipher 23 */
@@ -618,13 +744,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
618 1, 744 1,
619 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
620 SSL3_CK_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
621 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, 747 SSL_kKRB5,
748 SSL_aKRB5,
749 SSL_3DES,
750 SSL_MD5,
751 SSL_SSLV3,
622 SSL_NOT_EXP|SSL_HIGH, 752 SSL_NOT_EXP|SSL_HIGH,
623 0, 753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
624 168, 754 168,
625 168, 755 168,
626 SSL_ALL_CIPHERS,
627 SSL_ALL_STRENGTHS,
628 }, 756 },
629 757
630/* Cipher 24 */ 758/* Cipher 24 */
@@ -632,13 +760,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
632 1, 760 1,
633 SSL3_TXT_KRB5_RC4_128_MD5, 761 SSL3_TXT_KRB5_RC4_128_MD5,
634 SSL3_CK_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5,
635 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 763 SSL_kKRB5,
764 SSL_aKRB5,
765 SSL_RC4,
766 SSL_MD5,
767 SSL_SSLV3,
636 SSL_NOT_EXP|SSL_MEDIUM, 768 SSL_NOT_EXP|SSL_MEDIUM,
637 0, 769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
638 128, 770 128,
639 128, 771 128,
640 SSL_ALL_CIPHERS,
641 SSL_ALL_STRENGTHS,
642 }, 772 },
643 773
644/* Cipher 25 */ 774/* Cipher 25 */
@@ -646,13 +776,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
646 1, 776 1,
647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
648 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
649 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, 779 SSL_kKRB5,
780 SSL_aKRB5,
781 SSL_IDEA,
782 SSL_MD5,
783 SSL_SSLV3,
650 SSL_NOT_EXP|SSL_MEDIUM, 784 SSL_NOT_EXP|SSL_MEDIUM,
651 0, 785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
652 128, 786 128,
653 128, 787 128,
654 SSL_ALL_CIPHERS,
655 SSL_ALL_STRENGTHS,
656 }, 788 },
657 789
658/* Cipher 26 */ 790/* Cipher 26 */
@@ -660,13 +792,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
660 1, 792 1,
661 SSL3_TXT_KRB5_DES_40_CBC_SHA, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
662 SSL3_CK_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA,
663 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 795 SSL_kKRB5,
796 SSL_aKRB5,
797 SSL_DES,
798 SSL_SHA1,
799 SSL_SSLV3,
664 SSL_EXPORT|SSL_EXP40, 800 SSL_EXPORT|SSL_EXP40,
665 0, 801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
666 40, 802 40,
667 56, 803 56,
668 SSL_ALL_CIPHERS,
669 SSL_ALL_STRENGTHS,
670 }, 804 },
671 805
672/* Cipher 27 */ 806/* Cipher 27 */
@@ -674,13 +808,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
674 1, 808 1,
675 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
676 SSL3_CK_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
677 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, 811 SSL_kKRB5,
812 SSL_aKRB5,
813 SSL_RC2,
814 SSL_SHA1,
815 SSL_SSLV3,
678 SSL_EXPORT|SSL_EXP40, 816 SSL_EXPORT|SSL_EXP40,
679 0, 817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
680 40, 818 40,
681 128, 819 128,
682 SSL_ALL_CIPHERS,
683 SSL_ALL_STRENGTHS,
684 }, 820 },
685 821
686/* Cipher 28 */ 822/* Cipher 28 */
@@ -688,13 +824,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
688 1, 824 1,
689 SSL3_TXT_KRB5_RC4_40_SHA, 825 SSL3_TXT_KRB5_RC4_40_SHA,
690 SSL3_CK_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA,
691 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 827 SSL_kKRB5,
828 SSL_aKRB5,
829 SSL_RC4,
830 SSL_SHA1,
831 SSL_SSLV3,
692 SSL_EXPORT|SSL_EXP40, 832 SSL_EXPORT|SSL_EXP40,
693 0, 833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
694 40, 834 40,
695 128, 835 128,
696 SSL_ALL_CIPHERS,
697 SSL_ALL_STRENGTHS,
698 }, 836 },
699 837
700/* Cipher 29 */ 838/* Cipher 29 */
@@ -702,13 +840,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
702 1, 840 1,
703 SSL3_TXT_KRB5_DES_40_CBC_MD5, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
704 SSL3_CK_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5,
705 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, 843 SSL_kKRB5,
844 SSL_aKRB5,
845 SSL_DES,
846 SSL_MD5,
847 SSL_SSLV3,
706 SSL_EXPORT|SSL_EXP40, 848 SSL_EXPORT|SSL_EXP40,
707 0, 849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
708 40, 850 40,
709 56, 851 56,
710 SSL_ALL_CIPHERS,
711 SSL_ALL_STRENGTHS,
712 }, 852 },
713 853
714/* Cipher 2A */ 854/* Cipher 2A */
@@ -716,13 +856,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
716 1, 856 1,
717 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
718 SSL3_CK_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
719 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, 859 SSL_kKRB5,
860 SSL_aKRB5,
861 SSL_RC2,
862 SSL_MD5,
863 SSL_SSLV3,
720 SSL_EXPORT|SSL_EXP40, 864 SSL_EXPORT|SSL_EXP40,
721 0, 865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 40, 866 40,
723 128, 867 128,
724 SSL_ALL_CIPHERS,
725 SSL_ALL_STRENGTHS,
726 }, 868 },
727 869
728/* Cipher 2B */ 870/* Cipher 2B */
@@ -730,13 +872,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
730 1, 872 1,
731 SSL3_TXT_KRB5_RC4_40_MD5, 873 SSL3_TXT_KRB5_RC4_40_MD5,
732 SSL3_CK_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5,
733 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 875 SSL_kKRB5,
876 SSL_aKRB5,
877 SSL_RC4,
878 SSL_MD5,
879 SSL_SSLV3,
734 SSL_EXPORT|SSL_EXP40, 880 SSL_EXPORT|SSL_EXP40,
735 0, 881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
736 40, 882 40,
737 128, 883 128,
738 SSL_ALL_CIPHERS,
739 SSL_ALL_STRENGTHS,
740 }, 884 },
741#endif /* OPENSSL_NO_KRB5 */ 885#endif /* OPENSSL_NO_KRB5 */
742 886
@@ -746,78 +890,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
746 1, 890 1,
747 TLS1_TXT_RSA_WITH_AES_128_SHA, 891 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA,
749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 893 SSL_kRSA,
894 SSL_aRSA,
895 SSL_AES128,
896 SSL_SHA1,
897 SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
751 0, 899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
752 128, 900 128,
753 128, 901 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 }, 902 },
757/* Cipher 30 */ 903/* Cipher 30 */
758 { 904 {
759 0, 905 0,
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 908 SSL_kDHd,
909 SSL_aDH,
910 SSL_AES128,
911 SSL_SHA1,
912 SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
764 0, 914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
765 128, 915 128,
766 128, 916 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 }, 917 },
770/* Cipher 31 */ 918/* Cipher 31 */
771 { 919 {
772 0, 920 0,
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 923 SSL_kDHr,
924 SSL_aDH,
925 SSL_AES128,
926 SSL_SHA1,
927 SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
777 0, 929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
778 128, 930 128,
779 128, 931 128,
780 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS,
782 }, 932 },
783/* Cipher 32 */ 933/* Cipher 32 */
784 { 934 {
785 1, 935 1,
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 938 SSL_kEDH,
939 SSL_aDSS,
940 SSL_AES128,
941 SSL_SHA1,
942 SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
790 0, 944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
791 128, 945 128,
792 128, 946 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 }, 947 },
796/* Cipher 33 */ 948/* Cipher 33 */
797 { 949 {
798 1, 950 1,
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 953 SSL_kEDH,
954 SSL_aRSA,
955 SSL_AES128,
956 SSL_SHA1,
957 SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
803 0, 959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
804 128, 960 128,
805 128, 961 128,
806 SSL_ALL_CIPHERS,
807 SSL_ALL_STRENGTHS,
808 }, 962 },
809/* Cipher 34 */ 963/* Cipher 34 */
810 { 964 {
811 1, 965 1,
812 TLS1_TXT_ADH_WITH_AES_128_SHA, 966 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA,
814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 968 SSL_kEDH,
969 SSL_aNULL,
970 SSL_AES128,
971 SSL_SHA1,
972 SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
816 0, 974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
817 128, 975 128,
818 128, 976 128,
819 SSL_ALL_CIPHERS,
820 SSL_ALL_STRENGTHS,
821 }, 977 },
822 978
823/* Cipher 35 */ 979/* Cipher 35 */
@@ -825,78 +981,94 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
825 1, 981 1,
826 TLS1_TXT_RSA_WITH_AES_256_SHA, 982 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA,
828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 984 SSL_kRSA,
985 SSL_aRSA,
986 SSL_AES256,
987 SSL_SHA1,
988 SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
830 0, 990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
831 256, 991 256,
832 256, 992 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 }, 993 },
836/* Cipher 36 */ 994/* Cipher 36 */
837 { 995 {
838 0, 996 0,
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 999 SSL_kDHd,
1000 SSL_aDH,
1001 SSL_AES256,
1002 SSL_SHA1,
1003 SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
843 0, 1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
844 256, 1006 256,
845 256, 1007 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 }, 1008 },
1009
849/* Cipher 37 */ 1010/* Cipher 37 */
850 { 1011 {
851 0, 1012 0, /* not implemented (non-ephemeral DH) */
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1015 SSL_kDHr,
1016 SSL_aDH,
1017 SSL_AES256,
1018 SSL_SHA1,
1019 SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
856 0, 1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
857 256, 1022 256,
858 256, 1023 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 }, 1024 },
1025
862/* Cipher 38 */ 1026/* Cipher 38 */
863 { 1027 {
864 1, 1028 1,
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 1031 SSL_kEDH,
1032 SSL_aDSS,
1033 SSL_AES256,
1034 SSL_SHA1,
1035 SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
869 0, 1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
870 256, 1038 256,
871 256, 1039 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 }, 1040 },
1041
875/* Cipher 39 */ 1042/* Cipher 39 */
876 { 1043 {
877 1, 1044 1,
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1047 SSL_kEDH,
1048 SSL_aRSA,
1049 SSL_AES256,
1050 SSL_SHA1,
1051 SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
882 0, 1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
883 256, 1054 256,
884 256, 1055 256,
885 SSL_ALL_CIPHERS,
886 SSL_ALL_STRENGTHS,
887 }, 1056 },
1057
888 /* Cipher 3A */ 1058 /* Cipher 3A */
889 { 1059 {
890 1, 1060 1,
891 TLS1_TXT_ADH_WITH_AES_256_SHA, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA,
893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1063 SSL_kEDH,
1064 SSL_aNULL,
1065 SSL_AES256,
1066 SSL_SHA1,
1067 SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
895 0, 1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
896 256, 1070 256,
897 256, 1071 256,
898 SSL_ALL_CIPHERS,
899 SSL_ALL_STRENGTHS,
900 }, 1072 },
901 1073
902#ifndef OPENSSL_NO_CAMELLIA 1074#ifndef OPENSSL_NO_CAMELLIA
@@ -907,78 +1079,95 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
907 1, 1079 1,
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1080 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1081 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
910 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1082 SSL_kRSA,
1083 SSL_aRSA,
1084 SSL_CAMELLIA128,
1085 SSL_SHA1,
1086 SSL_TLSV1,
911 SSL_NOT_EXP|SSL_HIGH, 1087 SSL_NOT_EXP|SSL_HIGH,
912 0, 1088 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
913 128, 1089 128,
914 128, 1090 128,
915 SSL_ALL_CIPHERS,
916 SSL_ALL_STRENGTHS
917 }, 1091 },
1092
918 /* Cipher 42 */ 1093 /* Cipher 42 */
919 { 1094 {
920 0, /* not implemented (non-ephemeral DH) */ 1095 0, /* not implemented (non-ephemeral DH) */
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1096 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1097 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
923 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1098 SSL_kDHd,
1099 SSL_aDH,
1100 SSL_CAMELLIA128,
1101 SSL_SHA1,
1102 SSL_TLSV1,
924 SSL_NOT_EXP|SSL_HIGH, 1103 SSL_NOT_EXP|SSL_HIGH,
925 0, 1104 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
926 128, 1105 128,
927 128, 1106 128,
928 SSL_ALL_CIPHERS,
929 SSL_ALL_STRENGTHS
930 }, 1107 },
1108
931 /* Cipher 43 */ 1109 /* Cipher 43 */
932 { 1110 {
933 0, /* not implemented (non-ephemeral DH) */ 1111 0, /* not implemented (non-ephemeral DH) */
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1112 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1113 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
936 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1114 SSL_kDHr,
1115 SSL_aDH,
1116 SSL_CAMELLIA128,
1117 SSL_SHA1,
1118 SSL_TLSV1,
937 SSL_NOT_EXP|SSL_HIGH, 1119 SSL_NOT_EXP|SSL_HIGH,
938 0, 1120 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
939 128, 1121 128,
940 128, 1122 128,
941 SSL_ALL_CIPHERS,
942 SSL_ALL_STRENGTHS
943 }, 1123 },
1124
944 /* Cipher 44 */ 1125 /* Cipher 44 */
945 { 1126 {
946 1, 1127 1,
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1128 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1129 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
949 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1130 SSL_kEDH,
1131 SSL_aDSS,
1132 SSL_CAMELLIA128,
1133 SSL_SHA1,
1134 SSL_TLSV1,
950 SSL_NOT_EXP|SSL_HIGH, 1135 SSL_NOT_EXP|SSL_HIGH,
951 0, 1136 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
952 128, 1137 128,
953 128, 1138 128,
954 SSL_ALL_CIPHERS,
955 SSL_ALL_STRENGTHS
956 }, 1139 },
1140
957 /* Cipher 45 */ 1141 /* Cipher 45 */
958 { 1142 {
959 1, 1143 1,
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1144 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1145 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1146 SSL_kEDH,
1147 SSL_aRSA,
1148 SSL_CAMELLIA128,
1149 SSL_SHA1,
1150 SSL_TLSV1,
963 SSL_NOT_EXP|SSL_HIGH, 1151 SSL_NOT_EXP|SSL_HIGH,
964 0, 1152 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
965 128, 1153 128,
966 128, 1154 128,
967 SSL_ALL_CIPHERS,
968 SSL_ALL_STRENGTHS
969 }, 1155 },
1156
970 /* Cipher 46 */ 1157 /* Cipher 46 */
971 { 1158 {
972 1, 1159 1,
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1160 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1161 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
975 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1162 SSL_kEDH,
1163 SSL_aNULL,
1164 SSL_CAMELLIA128,
1165 SSL_SHA1,
1166 SSL_TLSV1,
976 SSL_NOT_EXP|SSL_HIGH, 1167 SSL_NOT_EXP|SSL_HIGH,
977 0, 1168 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
978 128, 1169 128,
979 128, 1170 128,
980 SSL_ALL_CIPHERS,
981 SSL_ALL_STRENGTHS
982 }, 1171 },
983#endif /* OPENSSL_NO_CAMELLIA */ 1172#endif /* OPENSSL_NO_CAMELLIA */
984 1173
@@ -986,98 +1175,174 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
986 /* New TLS Export CipherSuites from expired ID */ 1175 /* New TLS Export CipherSuites from expired ID */
987#if 0 1176#if 0
988 /* Cipher 60 */ 1177 /* Cipher 60 */
989 { 1178 {
990 1, 1179 1,
991 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1180 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
992 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1181 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
993 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, 1182 SSL_kRSA,
994 SSL_EXPORT|SSL_EXP56, 1183 SSL_aRSA,
995 0, 1184 SSL_RC4,
996 56, 1185 SSL_MD5,
997 128, 1186 SSL_TLSV1,
998 SSL_ALL_CIPHERS, 1187 SSL_EXPORT|SSL_EXP56,
999 SSL_ALL_STRENGTHS, 1188 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1000 }, 1189 56,
1190 128,
1191 },
1192
1001 /* Cipher 61 */ 1193 /* Cipher 61 */
1002 { 1194 {
1003 1, 1195 1,
1004 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1196 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1005 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1197 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1006 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, 1198 SSL_kRSA,
1007 SSL_EXPORT|SSL_EXP56, 1199 SSL_aRSA,
1008 0, 1200 SSL_RC2,
1009 56, 1201 SSL_MD5,
1010 128, 1202 SSL_TLSV1,
1011 SSL_ALL_CIPHERS, 1203 SSL_EXPORT|SSL_EXP56,
1012 SSL_ALL_STRENGTHS, 1204 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1013 }, 1205 56,
1206 128,
1207 },
1014#endif 1208#endif
1209
1015 /* Cipher 62 */ 1210 /* Cipher 62 */
1016 { 1211 {
1017 1, 1212 1,
1018 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1213 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1019 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1214 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1020 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, 1215 SSL_kRSA,
1021 SSL_EXPORT|SSL_EXP56, 1216 SSL_aRSA,
1022 0, 1217 SSL_DES,
1023 56, 1218 SSL_SHA1,
1024 56, 1219 SSL_TLSV1,
1025 SSL_ALL_CIPHERS, 1220 SSL_EXPORT|SSL_EXP56,
1026 SSL_ALL_STRENGTHS, 1221 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1027 }, 1222 56,
1223 56,
1224 },
1225
1028 /* Cipher 63 */ 1226 /* Cipher 63 */
1029 { 1227 {
1030 1, 1228 1,
1031 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1229 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1032 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1230 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1033 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, 1231 SSL_kEDH,
1034 SSL_EXPORT|SSL_EXP56, 1232 SSL_aDSS,
1035 0, 1233 SSL_DES,
1036 56, 1234 SSL_SHA1,
1037 56, 1235 SSL_TLSV1,
1038 SSL_ALL_CIPHERS, 1236 SSL_EXPORT|SSL_EXP56,
1039 SSL_ALL_STRENGTHS, 1237 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1040 }, 1238 56,
1239 56,
1240 },
1241
1041 /* Cipher 64 */ 1242 /* Cipher 64 */
1042 { 1243 {
1043 1, 1244 1,
1044 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1245 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1045 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1246 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1046 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1247 SSL_kRSA,
1047 SSL_EXPORT|SSL_EXP56, 1248 SSL_aRSA,
1048 0, 1249 SSL_RC4,
1049 56, 1250 SSL_SHA1,
1050 128, 1251 SSL_TLSV1,
1051 SSL_ALL_CIPHERS, 1252 SSL_EXPORT|SSL_EXP56,
1052 SSL_ALL_STRENGTHS, 1253 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1053 }, 1254 56,
1255 128,
1256 },
1257
1054 /* Cipher 65 */ 1258 /* Cipher 65 */
1055 { 1259 {
1056 1, 1260 1,
1057 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1261 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1058 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1262 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1059 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 1263 SSL_kEDH,
1060 SSL_EXPORT|SSL_EXP56, 1264 SSL_aDSS,
1061 0, 1265 SSL_RC4,
1062 56, 1266 SSL_SHA1,
1063 128, 1267 SSL_TLSV1,
1064 SSL_ALL_CIPHERS, 1268 SSL_EXPORT|SSL_EXP56,
1065 SSL_ALL_STRENGTHS, 1269 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1066 }, 1270 56,
1271 128,
1272 },
1273
1067 /* Cipher 66 */ 1274 /* Cipher 66 */
1068 { 1275 {
1069 1, 1276 1,
1070 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1277 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1071 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1278 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1072 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 1279 SSL_kEDH,
1073 SSL_NOT_EXP|SSL_MEDIUM, 1280 SSL_aDSS,
1074 0, 1281 SSL_RC4,
1075 128, 1282 SSL_SHA1,
1076 128, 1283 SSL_TLSV1,
1077 SSL_ALL_CIPHERS, 1284 SSL_NOT_EXP|SSL_MEDIUM,
1078 SSL_ALL_STRENGTHS 1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1079 }, 1286 128,
1287 128,
1288 },
1080#endif 1289#endif
1290 {
1291 1,
1292 "GOST94-GOST89-GOST89",
1293 0x3000080,
1294 SSL_kGOST,
1295 SSL_aGOST94,
1296 SSL_eGOST2814789CNT,
1297 SSL_GOST89MAC,
1298 SSL_TLSV1,
1299 SSL_NOT_EXP|SSL_HIGH,
1300 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 256,
1302 256
1303 },
1304 {
1305 1,
1306 "GOST2001-GOST89-GOST89",
1307 0x3000081,
1308 SSL_kGOST,
1309 SSL_aGOST01,
1310 SSL_eGOST2814789CNT,
1311 SSL_GOST89MAC,
1312 SSL_TLSV1,
1313 SSL_NOT_EXP|SSL_HIGH,
1314 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 256,
1316 256
1317 },
1318 {
1319 1,
1320 "GOST94-NULL-GOST94",
1321 0x3000082,
1322 SSL_kGOST,
1323 SSL_aGOST94,
1324 SSL_eNULL,
1325 SSL_GOST94,
1326 SSL_TLSV1,
1327 SSL_NOT_EXP|SSL_STRONG_NONE,
1328 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 0,
1330 0
1331 },
1332 {
1333 1,
1334 "GOST2001-NULL-GOST94",
1335 0x3000083,
1336 SSL_kGOST,
1337 SSL_aGOST01,
1338 SSL_eNULL,
1339 SSL_GOST94,
1340 SSL_TLSV1,
1341 SSL_NOT_EXP|SSL_STRONG_NONE,
1342 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 0,
1344 0
1345 },
1081 1346
1082#ifndef OPENSSL_NO_CAMELLIA 1347#ifndef OPENSSL_NO_CAMELLIA
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1348 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -1087,81 +1352,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1087 1, 1352 1,
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1353 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1354 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1090 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1355 SSL_kRSA,
1356 SSL_aRSA,
1357 SSL_CAMELLIA256,
1358 SSL_SHA1,
1359 SSL_TLSV1,
1091 SSL_NOT_EXP|SSL_HIGH, 1360 SSL_NOT_EXP|SSL_HIGH,
1092 0, 1361 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1093 256, 1362 256,
1094 256, 1363 256,
1095 SSL_ALL_CIPHERS,
1096 SSL_ALL_STRENGTHS
1097 }, 1364 },
1098 /* Cipher 85 */ 1365 /* Cipher 85 */
1099 { 1366 {
1100 0, /* not implemented (non-ephemeral DH) */ 1367 0, /* not implemented (non-ephemeral DH) */
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1368 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1369 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1103 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1370 SSL_kDHd,
1371 SSL_aDH,
1372 SSL_CAMELLIA256,
1373 SSL_SHA1,
1374 SSL_TLSV1,
1104 SSL_NOT_EXP|SSL_HIGH, 1375 SSL_NOT_EXP|SSL_HIGH,
1105 0, 1376 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1106 256, 1377 256,
1107 256, 1378 256,
1108 SSL_ALL_CIPHERS,
1109 SSL_ALL_STRENGTHS
1110 }, 1379 },
1380
1111 /* Cipher 86 */ 1381 /* Cipher 86 */
1112 { 1382 {
1113 0, /* not implemented (non-ephemeral DH) */ 1383 0, /* not implemented (non-ephemeral DH) */
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1384 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1385 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1116 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1386 SSL_kDHr,
1387 SSL_aDH,
1388 SSL_CAMELLIA256,
1389 SSL_SHA1,
1390 SSL_TLSV1,
1117 SSL_NOT_EXP|SSL_HIGH, 1391 SSL_NOT_EXP|SSL_HIGH,
1118 0, 1392 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1393 256,
1120 256, 1394 256,
1121 SSL_ALL_CIPHERS,
1122 SSL_ALL_STRENGTHS
1123 }, 1395 },
1396
1124 /* Cipher 87 */ 1397 /* Cipher 87 */
1125 { 1398 {
1126 1, 1399 1,
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1400 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1401 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1129 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1402 SSL_kEDH,
1403 SSL_aDSS,
1404 SSL_CAMELLIA256,
1405 SSL_SHA1,
1406 SSL_TLSV1,
1130 SSL_NOT_EXP|SSL_HIGH, 1407 SSL_NOT_EXP|SSL_HIGH,
1131 0, 1408 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1132 256, 1409 256,
1133 256, 1410 256,
1134 SSL_ALL_CIPHERS,
1135 SSL_ALL_STRENGTHS
1136 }, 1411 },
1412
1137 /* Cipher 88 */ 1413 /* Cipher 88 */
1138 { 1414 {
1139 1, 1415 1,
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1416 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1417 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1142 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1418 SSL_kEDH,
1419 SSL_aRSA,
1420 SSL_CAMELLIA256,
1421 SSL_SHA1,
1422 SSL_TLSV1,
1143 SSL_NOT_EXP|SSL_HIGH, 1423 SSL_NOT_EXP|SSL_HIGH,
1144 0, 1424 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1145 256, 1425 256,
1146 256, 1426 256,
1147 SSL_ALL_CIPHERS,
1148 SSL_ALL_STRENGTHS
1149 }, 1427 },
1428
1150 /* Cipher 89 */ 1429 /* Cipher 89 */
1151 { 1430 {
1152 1, 1431 1,
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1432 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1433 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1155 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1434 SSL_kEDH,
1435 SSL_aNULL,
1436 SSL_CAMELLIA256,
1437 SSL_SHA1,
1438 SSL_TLSV1,
1156 SSL_NOT_EXP|SSL_HIGH, 1439 SSL_NOT_EXP|SSL_HIGH,
1157 0, 1440 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1158 256, 1441 256,
1159 256, 1442 256,
1160 SSL_ALL_CIPHERS,
1161 SSL_ALL_STRENGTHS
1162 }, 1443 },
1163#endif /* OPENSSL_NO_CAMELLIA */ 1444#endif /* OPENSSL_NO_CAMELLIA */
1164 1445
1446#ifndef OPENSSL_NO_PSK
1447 /* Cipher 8A */
1448 {
1449 1,
1450 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 SSL_kPSK,
1453 SSL_aPSK,
1454 SSL_RC4,
1455 SSL_SHA1,
1456 SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_MEDIUM,
1458 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 128,
1460 128,
1461 },
1462
1463 /* Cipher 8B */
1464 {
1465 1,
1466 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 SSL_kPSK,
1469 SSL_aPSK,
1470 SSL_3DES,
1471 SSL_SHA1,
1472 SSL_TLSV1,
1473 SSL_NOT_EXP|SSL_HIGH,
1474 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 168,
1476 168,
1477 },
1478
1479 /* Cipher 8C */
1480 {
1481 1,
1482 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 SSL_kPSK,
1485 SSL_aPSK,
1486 SSL_AES128,
1487 SSL_SHA1,
1488 SSL_TLSV1,
1489 SSL_NOT_EXP|SSL_HIGH,
1490 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 128,
1492 128,
1493 },
1494
1495 /* Cipher 8D */
1496 {
1497 1,
1498 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 SSL_kPSK,
1501 SSL_aPSK,
1502 SSL_AES256,
1503 SSL_SHA1,
1504 SSL_TLSV1,
1505 SSL_NOT_EXP|SSL_HIGH,
1506 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 256,
1508 256,
1509 },
1510#endif /* OPENSSL_NO_PSK */
1511
1165#ifndef OPENSSL_NO_SEED 1512#ifndef OPENSSL_NO_SEED
1166 /* SEED ciphersuites from RFC4162 */ 1513 /* SEED ciphersuites from RFC4162 */
1167 1514
@@ -1170,13 +1517,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1170 1, 1517 1,
1171 TLS1_TXT_RSA_WITH_SEED_SHA, 1518 TLS1_TXT_RSA_WITH_SEED_SHA,
1172 TLS1_CK_RSA_WITH_SEED_SHA, 1519 TLS1_CK_RSA_WITH_SEED_SHA,
1173 SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1520 SSL_kRSA,
1521 SSL_aRSA,
1522 SSL_SEED,
1523 SSL_SHA1,
1524 SSL_TLSV1,
1174 SSL_NOT_EXP|SSL_MEDIUM, 1525 SSL_NOT_EXP|SSL_MEDIUM,
1175 0, 1526 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 128, 1527 128,
1177 128, 1528 128,
1178 SSL_ALL_CIPHERS,
1179 SSL_ALL_STRENGTHS,
1180 }, 1529 },
1181 1530
1182 /* Cipher 97 */ 1531 /* Cipher 97 */
@@ -1184,13 +1533,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1184 0, /* not implemented (non-ephemeral DH) */ 1533 0, /* not implemented (non-ephemeral DH) */
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1534 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1535 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1187 SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1536 SSL_kDHd,
1537 SSL_aDH,
1538 SSL_SEED,
1539 SSL_SHA1,
1540 SSL_TLSV1,
1188 SSL_NOT_EXP|SSL_MEDIUM, 1541 SSL_NOT_EXP|SSL_MEDIUM,
1189 0, 1542 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1190 128, 1543 128,
1191 128, 1544 128,
1192 SSL_ALL_CIPHERS,
1193 SSL_ALL_STRENGTHS,
1194 }, 1545 },
1195 1546
1196 /* Cipher 98 */ 1547 /* Cipher 98 */
@@ -1198,13 +1549,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1198 0, /* not implemented (non-ephemeral DH) */ 1549 0, /* not implemented (non-ephemeral DH) */
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1550 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1551 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1201 SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1552 SSL_kDHr,
1553 SSL_aDH,
1554 SSL_SEED,
1555 SSL_SHA1,
1556 SSL_TLSV1,
1202 SSL_NOT_EXP|SSL_MEDIUM, 1557 SSL_NOT_EXP|SSL_MEDIUM,
1203 0, 1558 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1204 128, 1559 128,
1205 128, 1560 128,
1206 SSL_ALL_CIPHERS,
1207 SSL_ALL_STRENGTHS,
1208 }, 1561 },
1209 1562
1210 /* Cipher 99 */ 1563 /* Cipher 99 */
@@ -1212,13 +1565,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1212 1, 1565 1,
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1566 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1567 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1215 SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1568 SSL_kEDH,
1569 SSL_aDSS,
1570 SSL_SEED,
1571 SSL_SHA1,
1572 SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_MEDIUM, 1573 SSL_NOT_EXP|SSL_MEDIUM,
1217 0, 1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128, 1575 128,
1219 128, 1576 128,
1220 SSL_ALL_CIPHERS,
1221 SSL_ALL_STRENGTHS,
1222 }, 1577 },
1223 1578
1224 /* Cipher 9A */ 1579 /* Cipher 9A */
@@ -1226,13 +1581,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1226 1, 1581 1,
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1582 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1583 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1229 SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1584 SSL_kEDH,
1585 SSL_aRSA,
1586 SSL_SEED,
1587 SSL_SHA1,
1588 SSL_TLSV1,
1230 SSL_NOT_EXP|SSL_MEDIUM, 1589 SSL_NOT_EXP|SSL_MEDIUM,
1231 0, 1590 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1232 128, 1591 128,
1233 128, 1592 128,
1234 SSL_ALL_CIPHERS,
1235 SSL_ALL_STRENGTHS,
1236 }, 1593 },
1237 1594
1238 /* Cipher 9B */ 1595 /* Cipher 9B */
@@ -1240,376 +1597,487 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1240 1, 1597 1,
1241 TLS1_TXT_ADH_WITH_SEED_SHA, 1598 TLS1_TXT_ADH_WITH_SEED_SHA,
1242 TLS1_CK_ADH_WITH_SEED_SHA, 1599 TLS1_CK_ADH_WITH_SEED_SHA,
1243 SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1600 SSL_kEDH,
1601 SSL_aNULL,
1602 SSL_SEED,
1603 SSL_SHA1,
1604 SSL_TLSV1,
1244 SSL_NOT_EXP|SSL_MEDIUM, 1605 SSL_NOT_EXP|SSL_MEDIUM,
1245 0, 1606 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1246 128, 1607 128,
1247 128, 1608 128,
1248 SSL_ALL_CIPHERS,
1249 SSL_ALL_STRENGTHS,
1250 }, 1609 },
1251 1610
1252#endif /* OPENSSL_NO_SEED */ 1611#endif /* OPENSSL_NO_SEED */
1253 1612
1254#ifndef OPENSSL_NO_ECDH 1613#ifndef OPENSSL_NO_ECDH
1255 /* Cipher C001 */ 1614 /* Cipher C001 */
1256 { 1615 {
1257 1, 1616 1,
1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1617 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1618 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1619 SSL_kECDHe,
1261 SSL_NOT_EXP, 1620 SSL_aECDH,
1262 0, 1621 SSL_eNULL,
1263 0, 1622 SSL_SHA1,
1264 0, 1623 SSL_TLSV1,
1265 SSL_ALL_CIPHERS, 1624 SSL_NOT_EXP|SSL_STRONG_NONE,
1266 SSL_ALL_STRENGTHS, 1625 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1267 }, 1626 0,
1627 0,
1628 },
1268 1629
1269 /* Cipher C002 */ 1630 /* Cipher C002 */
1270 { 1631 {
1271 1, 1632 1,
1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1633 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1634 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1635 SSL_kECDHe,
1275 SSL_NOT_EXP, 1636 SSL_aECDH,
1276 0, 1637 SSL_RC4,
1277 128, 1638 SSL_SHA1,
1278 128, 1639 SSL_TLSV1,
1279 SSL_ALL_CIPHERS, 1640 SSL_NOT_EXP|SSL_MEDIUM,
1280 SSL_ALL_STRENGTHS, 1641 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1281 }, 1642 128,
1643 128,
1644 },
1282 1645
1283 /* Cipher C003 */ 1646 /* Cipher C003 */
1284 { 1647 {
1285 1, 1648 1,
1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1649 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1650 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1651 SSL_kECDHe,
1289 SSL_NOT_EXP|SSL_HIGH, 1652 SSL_aECDH,
1290 0, 1653 SSL_3DES,
1291 168, 1654 SSL_SHA1,
1292 168, 1655 SSL_TLSV1,
1293 SSL_ALL_CIPHERS, 1656 SSL_NOT_EXP|SSL_HIGH,
1294 SSL_ALL_STRENGTHS, 1657 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1295 }, 1658 168,
1659 168,
1660 },
1296 1661
1297 /* Cipher C004 */ 1662 /* Cipher C004 */
1298 { 1663 {
1299 1, 1664 1,
1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1665 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1666 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1667 SSL_kECDHe,
1303 SSL_NOT_EXP|SSL_HIGH, 1668 SSL_aECDH,
1304 0, 1669 SSL_AES128,
1305 128, 1670 SSL_SHA1,
1306 128, 1671 SSL_TLSV1,
1307 SSL_ALL_CIPHERS, 1672 SSL_NOT_EXP|SSL_HIGH,
1308 SSL_ALL_STRENGTHS, 1673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1309 }, 1674 128,
1675 128,
1676 },
1310 1677
1311 /* Cipher C005 */ 1678 /* Cipher C005 */
1312 { 1679 {
1313 1, 1680 1,
1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1681 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1682 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1683 SSL_kECDHe,
1317 SSL_NOT_EXP|SSL_HIGH, 1684 SSL_aECDH,
1318 0, 1685 SSL_AES256,
1319 256, 1686 SSL_SHA1,
1320 256, 1687 SSL_TLSV1,
1321 SSL_ALL_CIPHERS, 1688 SSL_NOT_EXP|SSL_HIGH,
1322 SSL_ALL_STRENGTHS, 1689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1323 }, 1690 256,
1691 256,
1692 },
1324 1693
1325 /* Cipher C006 */ 1694 /* Cipher C006 */
1326 { 1695 {
1327 1, 1696 1,
1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1697 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1698 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1699 SSL_kEECDH,
1331 SSL_NOT_EXP, 1700 SSL_aECDSA,
1332 0, 1701 SSL_eNULL,
1333 0, 1702 SSL_SHA1,
1334 0, 1703 SSL_TLSV1,
1335 SSL_ALL_CIPHERS, 1704 SSL_NOT_EXP|SSL_STRONG_NONE,
1336 SSL_ALL_STRENGTHS, 1705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1337 }, 1706 0,
1707 0,
1708 },
1338 1709
1339 /* Cipher C007 */ 1710 /* Cipher C007 */
1340 { 1711 {
1341 1, 1712 1,
1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1713 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1714 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1715 SSL_kEECDH,
1345 SSL_NOT_EXP, 1716 SSL_aECDSA,
1346 0, 1717 SSL_RC4,
1347 128, 1718 SSL_SHA1,
1348 128, 1719 SSL_TLSV1,
1349 SSL_ALL_CIPHERS, 1720 SSL_NOT_EXP|SSL_MEDIUM,
1350 SSL_ALL_STRENGTHS, 1721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 }, 1722 128,
1723 128,
1724 },
1352 1725
1353 /* Cipher C008 */ 1726 /* Cipher C008 */
1354 { 1727 {
1355 1, 1728 1,
1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1729 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1730 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1731 SSL_kEECDH,
1359 SSL_NOT_EXP|SSL_HIGH, 1732 SSL_aECDSA,
1360 0, 1733 SSL_3DES,
1361 168, 1734 SSL_SHA1,
1362 168, 1735 SSL_TLSV1,
1363 SSL_ALL_CIPHERS, 1736 SSL_NOT_EXP|SSL_HIGH,
1364 SSL_ALL_STRENGTHS, 1737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1365 }, 1738 168,
1739 168,
1740 },
1366 1741
1367 /* Cipher C009 */ 1742 /* Cipher C009 */
1368 { 1743 {
1369 1, 1744 1,
1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1745 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1746 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1747 SSL_kEECDH,
1373 SSL_NOT_EXP|SSL_HIGH, 1748 SSL_aECDSA,
1374 0, 1749 SSL_AES128,
1375 128, 1750 SSL_SHA1,
1376 128, 1751 SSL_TLSV1,
1377 SSL_ALL_CIPHERS, 1752 SSL_NOT_EXP|SSL_HIGH,
1378 SSL_ALL_STRENGTHS, 1753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1379 }, 1754 128,
1755 128,
1756 },
1380 1757
1381 /* Cipher C00A */ 1758 /* Cipher C00A */
1382 { 1759 {
1383 1, 1760 1,
1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1761 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1762 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1763 SSL_kEECDH,
1387 SSL_NOT_EXP|SSL_HIGH, 1764 SSL_aECDSA,
1388 0, 1765 SSL_AES256,
1389 256, 1766 SSL_SHA1,
1390 256, 1767 SSL_TLSV1,
1391 SSL_ALL_CIPHERS, 1768 SSL_NOT_EXP|SSL_HIGH,
1392 SSL_ALL_STRENGTHS, 1769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 }, 1770 256,
1771 256,
1772 },
1394 1773
1395 /* Cipher C00B */ 1774 /* Cipher C00B */
1396 { 1775 {
1397 1, 1776 1,
1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1777 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1778 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1779 SSL_kECDHr,
1401 SSL_NOT_EXP, 1780 SSL_aECDH,
1402 0, 1781 SSL_eNULL,
1403 0, 1782 SSL_SHA1,
1404 0, 1783 SSL_TLSV1,
1405 SSL_ALL_CIPHERS, 1784 SSL_NOT_EXP|SSL_STRONG_NONE,
1406 SSL_ALL_STRENGTHS, 1785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1407 }, 1786 0,
1787 0,
1788 },
1408 1789
1409 /* Cipher C00C */ 1790 /* Cipher C00C */
1410 { 1791 {
1411 1, 1792 1,
1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1793 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1794 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1795 SSL_kECDHr,
1415 SSL_NOT_EXP, 1796 SSL_aECDH,
1416 0, 1797 SSL_RC4,
1417 128, 1798 SSL_SHA1,
1418 128, 1799 SSL_TLSV1,
1419 SSL_ALL_CIPHERS, 1800 SSL_NOT_EXP|SSL_MEDIUM,
1420 SSL_ALL_STRENGTHS, 1801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1421 }, 1802 128,
1803 128,
1804 },
1422 1805
1423 /* Cipher C00D */ 1806 /* Cipher C00D */
1424 { 1807 {
1425 1, 1808 1,
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1809 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1810 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1811 SSL_kECDHr,
1429 SSL_NOT_EXP|SSL_HIGH, 1812 SSL_aECDH,
1430 0, 1813 SSL_3DES,
1431 168, 1814 SSL_SHA1,
1432 168, 1815 SSL_TLSV1,
1433 SSL_ALL_CIPHERS, 1816 SSL_NOT_EXP|SSL_HIGH,
1434 SSL_ALL_STRENGTHS, 1817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1435 }, 1818 168,
1819 168,
1820 },
1436 1821
1437 /* Cipher C00E */ 1822 /* Cipher C00E */
1438 { 1823 {
1439 1, 1824 1,
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1825 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1826 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1827 SSL_kECDHr,
1443 SSL_NOT_EXP|SSL_HIGH, 1828 SSL_aECDH,
1444 0, 1829 SSL_AES128,
1445 128, 1830 SSL_SHA1,
1446 128, 1831 SSL_TLSV1,
1447 SSL_ALL_CIPHERS, 1832 SSL_NOT_EXP|SSL_HIGH,
1448 SSL_ALL_STRENGTHS, 1833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 }, 1834 128,
1835 128,
1836 },
1450 1837
1451 /* Cipher C00F */ 1838 /* Cipher C00F */
1452 { 1839 {
1453 1, 1840 1,
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1841 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1842 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1843 SSL_kECDHr,
1457 SSL_NOT_EXP|SSL_HIGH, 1844 SSL_aECDH,
1458 0, 1845 SSL_AES256,
1459 256, 1846 SSL_SHA1,
1460 256, 1847 SSL_TLSV1,
1461 SSL_ALL_CIPHERS, 1848 SSL_NOT_EXP|SSL_HIGH,
1462 SSL_ALL_STRENGTHS, 1849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1463 }, 1850 256,
1851 256,
1852 },
1464 1853
1465 /* Cipher C010 */ 1854 /* Cipher C010 */
1466 { 1855 {
1467 1, 1856 1,
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1857 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1858 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1859 SSL_kEECDH,
1471 SSL_NOT_EXP, 1860 SSL_aRSA,
1472 0, 1861 SSL_eNULL,
1473 0, 1862 SSL_SHA1,
1474 0, 1863 SSL_TLSV1,
1475 SSL_ALL_CIPHERS, 1864 SSL_NOT_EXP|SSL_STRONG_NONE,
1476 SSL_ALL_STRENGTHS, 1865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1477 }, 1866 0,
1867 0,
1868 },
1478 1869
1479 /* Cipher C011 */ 1870 /* Cipher C011 */
1480 { 1871 {
1481 1, 1872 1,
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1873 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1874 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1875 SSL_kEECDH,
1485 SSL_NOT_EXP, 1876 SSL_aRSA,
1486 0, 1877 SSL_RC4,
1487 128, 1878 SSL_SHA1,
1488 128, 1879 SSL_TLSV1,
1489 SSL_ALL_CIPHERS, 1880 SSL_NOT_EXP|SSL_MEDIUM,
1490 SSL_ALL_STRENGTHS, 1881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 }, 1882 128,
1883 128,
1884 },
1492 1885
1493 /* Cipher C012 */ 1886 /* Cipher C012 */
1494 { 1887 {
1495 1, 1888 1,
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1889 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1890 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1891 SSL_kEECDH,
1499 SSL_NOT_EXP|SSL_HIGH, 1892 SSL_aRSA,
1500 0, 1893 SSL_3DES,
1501 168, 1894 SSL_SHA1,
1502 168, 1895 SSL_TLSV1,
1503 SSL_ALL_CIPHERS, 1896 SSL_NOT_EXP|SSL_HIGH,
1504 SSL_ALL_STRENGTHS, 1897 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1505 }, 1898 168,
1899 168,
1900 },
1506 1901
1507 /* Cipher C013 */ 1902 /* Cipher C013 */
1508 { 1903 {
1509 1, 1904 1,
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1905 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1906 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1907 SSL_kEECDH,
1513 SSL_NOT_EXP|SSL_HIGH, 1908 SSL_aRSA,
1514 0, 1909 SSL_AES128,
1515 128, 1910 SSL_SHA1,
1516 128, 1911 SSL_TLSV1,
1517 SSL_ALL_CIPHERS, 1912 SSL_NOT_EXP|SSL_HIGH,
1518 SSL_ALL_STRENGTHS, 1913 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1519 }, 1914 128,
1915 128,
1916 },
1520 1917
1521 /* Cipher C014 */ 1918 /* Cipher C014 */
1522 { 1919 {
1523 1, 1920 1,
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1921 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1922 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1923 SSL_kEECDH,
1527 SSL_NOT_EXP|SSL_HIGH, 1924 SSL_aRSA,
1528 0, 1925 SSL_AES256,
1529 256, 1926 SSL_SHA1,
1530 256, 1927 SSL_TLSV1,
1531 SSL_ALL_CIPHERS, 1928 SSL_NOT_EXP|SSL_HIGH,
1532 SSL_ALL_STRENGTHS, 1929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1533 }, 1930 256,
1931 256,
1932 },
1534 1933
1535 /* Cipher C015 */ 1934 /* Cipher C015 */
1536 { 1935 {
1537 1, 1936 1,
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1937 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1938 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1939 SSL_kEECDH,
1541 SSL_NOT_EXP, 1940 SSL_aNULL,
1542 0, 1941 SSL_eNULL,
1543 0, 1942 SSL_SHA1,
1544 0, 1943 SSL_TLSV1,
1545 SSL_ALL_CIPHERS, 1944 SSL_NOT_EXP|SSL_STRONG_NONE,
1546 SSL_ALL_STRENGTHS, 1945 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1547 }, 1946 0,
1947 0,
1948 },
1548 1949
1549 /* Cipher C016 */ 1950 /* Cipher C016 */
1550 { 1951 {
1551 1, 1952 1,
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1953 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1954 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, 1955 SSL_kEECDH,
1555 SSL_NOT_EXP, 1956 SSL_aNULL,
1556 0, 1957 SSL_RC4,
1557 128, 1958 SSL_SHA1,
1558 128, 1959 SSL_TLSV1,
1559 SSL_ALL_CIPHERS, 1960 SSL_NOT_EXP|SSL_MEDIUM,
1560 SSL_ALL_STRENGTHS, 1961 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1561 }, 1962 128,
1963 128,
1964 },
1562 1965
1563 /* Cipher C017 */ 1966 /* Cipher C017 */
1564 { 1967 {
1565 1, 1968 1,
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1969 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1970 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, 1971 SSL_kEECDH,
1569 SSL_NOT_EXP|SSL_HIGH, 1972 SSL_aNULL,
1570 0, 1973 SSL_3DES,
1571 168, 1974 SSL_SHA1,
1572 168, 1975 SSL_TLSV1,
1573 SSL_ALL_CIPHERS, 1976 SSL_NOT_EXP|SSL_HIGH,
1574 SSL_ALL_STRENGTHS, 1977 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 }, 1978 168,
1979 168,
1980 },
1576 1981
1577 /* Cipher C018 */ 1982 /* Cipher C018 */
1578 { 1983 {
1579 1, 1984 1,
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1985 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1986 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1987 SSL_kEECDH,
1583 SSL_NOT_EXP|SSL_HIGH, 1988 SSL_aNULL,
1584 0, 1989 SSL_AES128,
1585 128, 1990 SSL_SHA1,
1586 128, 1991 SSL_TLSV1,
1587 SSL_ALL_CIPHERS, 1992 SSL_NOT_EXP|SSL_HIGH,
1588 SSL_ALL_STRENGTHS, 1993 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1589 }, 1994 128,
1995 128,
1996 },
1590 1997
1591 /* Cipher C019 */ 1998 /* Cipher C019 */
1592 { 1999 {
1593 1, 2000 1,
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2001 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2002 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 2003 SSL_kEECDH,
1597 SSL_NOT_EXP|SSL_HIGH, 2004 SSL_aNULL,
1598 0, 2005 SSL_AES256,
1599 256, 2006 SSL_SHA1,
1600 256, 2007 SSL_TLSV1,
1601 SSL_ALL_CIPHERS, 2008 SSL_NOT_EXP|SSL_HIGH,
1602 SSL_ALL_STRENGTHS, 2009 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1603 }, 2010 256,
2011 256,
2012 },
1604#endif /* OPENSSL_NO_ECDH */ 2013#endif /* OPENSSL_NO_ECDH */
1605 2014
2015#ifdef TEMP_GOST_TLS
2016/* Cipher FF00 */
2017 {
2018 1,
2019 "GOST-MD5",
2020 0x0300ff00,
2021 SSL_kRSA,
2022 SSL_aRSA,
2023 SSL_eGOST2814789CNT,
2024 SSL_MD5,
2025 SSL_TLSV1,
2026 SSL_NOT_EXP|SSL_HIGH,
2027 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 256,
2029 256,
2030 },
2031 {
2032 1,
2033 "GOST-GOST94",
2034 0x0300ff01,
2035 SSL_kRSA,
2036 SSL_aRSA,
2037 SSL_eGOST2814789CNT,
2038 SSL_GOST94,
2039 SSL_TLSV1,
2040 SSL_NOT_EXP|SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 256,
2043 256
2044 },
2045 {
2046 1,
2047 "GOST-GOST89MAC",
2048 0x0300ff02,
2049 SSL_kRSA,
2050 SSL_aRSA,
2051 SSL_eGOST2814789CNT,
2052 SSL_GOST89MAC,
2053 SSL_TLSV1,
2054 SSL_NOT_EXP|SSL_HIGH,
2055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 256,
2057 256
2058 },
2059 {
2060 1,
2061 "GOST-GOST89STREAM",
2062 0x0300ff03,
2063 SSL_kRSA,
2064 SSL_aRSA,
2065 SSL_eGOST2814789CNT,
2066 SSL_GOST89MAC,
2067 SSL_TLSV1,
2068 SSL_NOT_EXP|SSL_HIGH,
2069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 256,
2071 256
2072 },
2073#endif
1606 2074
1607/* end of list */ 2075/* end of list */
1608 }; 2076 };
1609 2077
1610SSL3_ENC_METHOD SSLv3_enc_data={ 2078SSL3_ENC_METHOD SSLv3_enc_data={
1611 ssl3_enc, 2079 ssl3_enc,
1612 ssl3_mac, 2080 n_ssl3_mac,
1613 ssl3_setup_key_block, 2081 ssl3_setup_key_block,
1614 ssl3_generate_master_secret, 2082 ssl3_generate_master_secret,
1615 ssl3_change_cipher_state, 2083 ssl3_change_cipher_state,
@@ -1628,17 +2096,12 @@ long ssl3_default_timeout(void)
1628 return(60*60*2); 2096 return(60*60*2);
1629 } 2097 }
1630 2098
1631IMPLEMENT_ssl3_meth_func(sslv3_base_method,
1632 ssl_undefined_function,
1633 ssl_undefined_function,
1634 ssl_bad_method)
1635
1636int ssl3_num_ciphers(void) 2099int ssl3_num_ciphers(void)
1637 { 2100 {
1638 return(SSL3_NUM_CIPHERS); 2101 return(SSL3_NUM_CIPHERS);
1639 } 2102 }
1640 2103
1641SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2104const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1642 { 2105 {
1643 if (u < SSL3_NUM_CIPHERS) 2106 if (u < SSL3_NUM_CIPHERS)
1644 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2107 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -1660,10 +2123,8 @@ int ssl3_new(SSL *s)
1660 2123
1661 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2124 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1662 memset(s3,0,sizeof *s3); 2125 memset(s3,0,sizeof *s3);
1663 EVP_MD_CTX_init(&s3->finish_dgst1); 2126 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
1664 EVP_MD_CTX_init(&s3->finish_dgst2); 2127 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
1665 pq_64bit_init(&(s3->rrec.seq_num));
1666 pq_64bit_init(&(s3->wrec.seq_num));
1667 2128
1668 s->s3=s3; 2129 s->s3=s3;
1669 2130
@@ -1678,11 +2139,18 @@ void ssl3_free(SSL *s)
1678 if(s == NULL) 2139 if(s == NULL)
1679 return; 2140 return;
1680 2141
2142#ifdef TLSEXT_TYPE_opaque_prf_input
2143 if (s->s3->client_opaque_prf_input != NULL)
2144 OPENSSL_free(s->s3->client_opaque_prf_input);
2145 if (s->s3->server_opaque_prf_input != NULL)
2146 OPENSSL_free(s->s3->server_opaque_prf_input);
2147#endif
2148
1681 ssl3_cleanup_key_block(s); 2149 ssl3_cleanup_key_block(s);
1682 if (s->s3->rbuf.buf != NULL) 2150 if (s->s3->rbuf.buf != NULL)
1683 OPENSSL_free(s->s3->rbuf.buf); 2151 ssl3_release_read_buffer(s);
1684 if (s->s3->wbuf.buf != NULL) 2152 if (s->s3->wbuf.buf != NULL)
1685 OPENSSL_free(s->s3->wbuf.buf); 2153 ssl3_release_write_buffer(s);
1686 if (s->s3->rrec.comp != NULL) 2154 if (s->s3->rrec.comp != NULL)
1687 OPENSSL_free(s->s3->rrec.comp); 2155 OPENSSL_free(s->s3->rrec.comp);
1688#ifndef OPENSSL_NO_DH 2156#ifndef OPENSSL_NO_DH
@@ -1696,11 +2164,10 @@ void ssl3_free(SSL *s)
1696 2164
1697 if (s->s3->tmp.ca_names != NULL) 2165 if (s->s3->tmp.ca_names != NULL)
1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2166 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1699 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 2167 if (s->s3->handshake_buffer) {
1700 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 2168 BIO_free(s->s3->handshake_buffer);
1701 pq_64bit_free(&(s->s3->rrec.seq_num)); 2169 }
1702 pq_64bit_free(&(s->s3->wrec.seq_num)); 2170 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
1703
1704 OPENSSL_cleanse(s->s3,sizeof *s->s3); 2171 OPENSSL_cleanse(s->s3,sizeof *s->s3);
1705 OPENSSL_free(s->s3); 2172 OPENSSL_free(s->s3);
1706 s->s3=NULL; 2173 s->s3=NULL;
@@ -1711,6 +2178,15 @@ void ssl3_clear(SSL *s)
1711 unsigned char *rp,*wp; 2178 unsigned char *rp,*wp;
1712 size_t rlen, wlen; 2179 size_t rlen, wlen;
1713 2180
2181#ifdef TLSEXT_TYPE_opaque_prf_input
2182 if (s->s3->client_opaque_prf_input != NULL)
2183 OPENSSL_free(s->s3->client_opaque_prf_input);
2184 s->s3->client_opaque_prf_input = NULL;
2185 if (s->s3->server_opaque_prf_input != NULL)
2186 OPENSSL_free(s->s3->server_opaque_prf_input);
2187 s->s3->server_opaque_prf_input = NULL;
2188#endif
2189
1714 ssl3_cleanup_key_block(s); 2190 ssl3_cleanup_key_block(s);
1715 if (s->s3->tmp.ca_names != NULL) 2191 if (s->s3->tmp.ca_names != NULL)
1716 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2192 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
@@ -1733,10 +2209,13 @@ void ssl3_clear(SSL *s)
1733 wp = s->s3->wbuf.buf; 2209 wp = s->s3->wbuf.buf;
1734 rlen = s->s3->rbuf.len; 2210 rlen = s->s3->rbuf.len;
1735 wlen = s->s3->wbuf.len; 2211 wlen = s->s3->wbuf.len;
1736 2212 if (s->s3->handshake_buffer) {
1737 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 2213 BIO_free(s->s3->handshake_buffer);
1738 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 2214 s->s3->handshake_buffer = NULL;
1739 2215 }
2216 if (s->s3->handshake_dgst) {
2217 ssl3_free_digest_list(s);
2218 }
1740 memset(s->s3,0,sizeof *s->s3); 2219 memset(s->s3,0,sizeof *s->s3);
1741 s->s3->rbuf.buf = rp; 2220 s->s3->rbuf.buf = rp;
1742 s->s3->wbuf.buf = wp; 2221 s->s3->wbuf.buf = wp;
@@ -1936,7 +2415,31 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1936 s->tlsext_debug_arg=parg; 2415 s->tlsext_debug_arg=parg;
1937 ret = 1; 2416 ret = 1;
1938 break; 2417 break;
1939 2418
2419#ifdef TLSEXT_TYPE_opaque_prf_input
2420 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2421 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2422 * (including the cert chain and everything) */
2423 {
2424 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2425 break;
2426 }
2427 if (s->tlsext_opaque_prf_input != NULL)
2428 OPENSSL_free(s->tlsext_opaque_prf_input);
2429 if ((size_t)larg == 0)
2430 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2431 else
2432 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2433 if (s->tlsext_opaque_prf_input != NULL)
2434 {
2435 s->tlsext_opaque_prf_input_len = (size_t)larg;
2436 ret = 1;
2437 }
2438 else
2439 s->tlsext_opaque_prf_input_len = 0;
2440 break;
2441#endif
2442
1940 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2443 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
1941 s->tlsext_status_type=larg; 2444 s->tlsext_status_type=larg;
1942 ret = 1; 2445 ret = 1;
@@ -2194,13 +2697,20 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2194 } 2697 }
2195 return 1; 2698 return 1;
2196 } 2699 }
2197 2700
2701#ifdef TLSEXT_TYPE_opaque_prf_input
2702 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2703 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2704 return 1;
2705#endif
2706
2198 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2707 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2199 ctx->tlsext_status_arg=parg; 2708 ctx->tlsext_status_arg=parg;
2200 return 1; 2709 return 1;
2201 break; 2710 break;
2202 2711
2203#endif /* !OPENSSL_NO_TLSEXT */ 2712#endif /* !OPENSSL_NO_TLSEXT */
2713
2204 /* A Thawte special :-) */ 2714 /* A Thawte special :-) */
2205 case SSL_CTRL_EXTRA_CHAIN_CERT: 2715 case SSL_CTRL_EXTRA_CHAIN_CERT:
2206 if (ctx->extra_certs == NULL) 2716 if (ctx->extra_certs == NULL)
@@ -2250,7 +2760,13 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2250 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2760 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2251 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 2761 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2252 break; 2762 break;
2253 2763
2764#ifdef TLSEXT_TYPE_opaque_prf_input
2765 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2766 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2767 break;
2768#endif
2769
2254 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2770 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2255 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 2771 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2256 break; 2772 break;
@@ -2271,17 +2787,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2271 2787
2272/* This function needs to check if the ciphers required are actually 2788/* This function needs to check if the ciphers required are actually
2273 * available */ 2789 * available */
2274SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 2790const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2275 { 2791 {
2276 SSL_CIPHER c,*cp; 2792 SSL_CIPHER c;
2793 const SSL_CIPHER *cp;
2277 unsigned long id; 2794 unsigned long id;
2278 2795
2279 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 2796 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2280 c.id=id; 2797 c.id=id;
2281 cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, 2798 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2282 (char *)ssl3_ciphers,
2283 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
2284 FP_ICC ssl_cipher_id_cmp);
2285 if (cp == NULL || cp->valid == 0) 2799 if (cp == NULL || cp->valid == 0)
2286 return NULL; 2800 return NULL;
2287 else 2801 else
@@ -2307,10 +2821,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2307 { 2821 {
2308 SSL_CIPHER *c,*ret=NULL; 2822 SSL_CIPHER *c,*ret=NULL;
2309 STACK_OF(SSL_CIPHER) *prio, *allow; 2823 STACK_OF(SSL_CIPHER) *prio, *allow;
2310 int i,j,ok; 2824 int i,ii,ok;
2311 2825#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2826 unsigned int j;
2827 int ec_ok, ec_nid;
2828 unsigned char ec_search1 = 0, ec_search2 = 0;
2829#endif
2312 CERT *cert; 2830 CERT *cert;
2313 unsigned long alg,mask,emask; 2831 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2314 2832
2315 /* Let's see which ciphers we can support */ 2833 /* Let's see which ciphers we can support */
2316 cert=s->cert; 2834 cert=s->cert;
@@ -2326,73 +2844,237 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2326#endif 2844#endif
2327 2845
2328#ifdef CIPHER_DEBUG 2846#ifdef CIPHER_DEBUG
2329 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); 2847 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2330 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 2848 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2331 { 2849 {
2332 c=sk_SSL_CIPHER_value(srvr,i); 2850 c=sk_SSL_CIPHER_value(srvr,i);
2333 printf("%p:%s\n",c,c->name); 2851 printf("%p:%s\n",(void *)c,c->name);
2334 } 2852 }
2335 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); 2853 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2336 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 2854 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2337 { 2855 {
2338 c=sk_SSL_CIPHER_value(clnt,i); 2856 c=sk_SSL_CIPHER_value(clnt,i);
2339 printf("%p:%s\n",c,c->name); 2857 printf("%p:%s\n",(void *)c,c->name);
2340 } 2858 }
2341#endif 2859#endif
2342 2860
2343 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 2861 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2344 { 2862 {
2345 prio = srvr; 2863 prio = srvr;
2346 allow = clnt; 2864 allow = clnt;
2347 } 2865 }
2348 else 2866 else
2349 { 2867 {
2350 prio = clnt; 2868 prio = clnt;
2351 allow = srvr; 2869 allow = srvr;
2352 } 2870 }
2353 2871
2354 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 2872 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2355 { 2873 {
2356 c=sk_SSL_CIPHER_value(prio,i); 2874 c=sk_SSL_CIPHER_value(prio,i);
2357 2875
2358 ssl_set_cert_masks(cert,c); 2876 ssl_set_cert_masks(cert,c);
2359 mask=cert->mask; 2877 mask_k = cert->mask_k;
2360 emask=cert->export_mask; 2878 mask_a = cert->mask_a;
2879 emask_k = cert->export_mask_k;
2880 emask_a = cert->export_mask_a;
2361 2881
2362#ifdef KSSL_DEBUG 2882#ifdef KSSL_DEBUG
2363 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); 2883/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2364#endif /* KSSL_DEBUG */ 2884#endif /* KSSL_DEBUG */
2365 2885
2366 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 2886 alg_k=c->algorithm_mkey;
2887 alg_a=c->algorithm_auth;
2888
2367#ifndef OPENSSL_NO_KRB5 2889#ifndef OPENSSL_NO_KRB5
2368 if (alg & SSL_KRB5) 2890 if (alg_k & SSL_kKRB5)
2369 { 2891 {
2370 if ( !kssl_keytab_is_available(s->kssl_ctx) ) 2892 if ( !kssl_keytab_is_available(s->kssl_ctx) )
2371 continue; 2893 continue;
2372 } 2894 }
2373#endif /* OPENSSL_NO_KRB5 */ 2895#endif /* OPENSSL_NO_KRB5 */
2896#ifndef OPENSSL_NO_PSK
2897 /* with PSK there must be server callback set */
2898 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2899 continue;
2900#endif /* OPENSSL_NO_PSK */
2901
2374 if (SSL_C_IS_EXPORT(c)) 2902 if (SSL_C_IS_EXPORT(c))
2375 { 2903 {
2376 ok=((alg & emask) == alg)?1:0; 2904 ok = (alg_k & emask_k) && (alg_a & emask_a);
2377#ifdef CIPHER_DEBUG 2905#ifdef CIPHER_DEBUG
2378 printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, 2906 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2379 c,c->name); 2907 (void *)c,c->name);
2380#endif 2908#endif
2381 } 2909 }
2382 else 2910 else
2383 { 2911 {
2384 ok=((alg & mask) == alg)?1:0; 2912 ok = (alg_k & mask_k) && (alg_a & mask_a);
2385#ifdef CIPHER_DEBUG 2913#ifdef CIPHER_DEBUG
2386 printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, 2914 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2387 c->name); 2915 c->name);
2388#endif 2916#endif
2389 } 2917 }
2390 2918
2919#ifndef OPENSSL_NO_TLSEXT
2920#ifndef OPENSSL_NO_EC
2921 if (
2922 /* if we are considering an ECC cipher suite that uses our certificate */
2923 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2924 /* and we have an ECC certificate */
2925 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2926 /* and the client specified a Supported Point Formats extension */
2927 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2928 /* and our certificate's point is compressed */
2929 && (
2930 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2931 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2932 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2933 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2934 && (
2935 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2936 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2937 )
2938 )
2939 )
2940 {
2941 ec_ok = 0;
2942 /* if our certificate's curve is over a field type that the client does not support
2943 * then do not allow this cipher suite to be negotiated */
2944 if (
2945 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2946 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2947 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2948 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2949 )
2950 {
2951 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2952 {
2953 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2954 {
2955 ec_ok = 1;
2956 break;
2957 }
2958 }
2959 }
2960 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2961 {
2962 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2963 {
2964 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2965 {
2966 ec_ok = 1;
2967 break;
2968 }
2969 }
2970 }
2971 ok = ok && ec_ok;
2972 }
2973 if (
2974 /* if we are considering an ECC cipher suite that uses our certificate */
2975 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2976 /* and we have an ECC certificate */
2977 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2978 /* and the client specified an EllipticCurves extension */
2979 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2980 )
2981 {
2982 ec_ok = 0;
2983 if (
2984 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2985 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2986 )
2987 {
2988 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2989 if ((ec_nid == 0)
2990 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2991 )
2992 {
2993 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2994 {
2995 ec_search1 = 0xFF;
2996 ec_search2 = 0x01;
2997 }
2998 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2999 {
3000 ec_search1 = 0xFF;
3001 ec_search2 = 0x02;
3002 }
3003 }
3004 else
3005 {
3006 ec_search1 = 0x00;
3007 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3008 }
3009 if ((ec_search1 != 0) || (ec_search2 != 0))
3010 {
3011 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3012 {
3013 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3014 {
3015 ec_ok = 1;
3016 break;
3017 }
3018 }
3019 }
3020 }
3021 ok = ok && ec_ok;
3022 }
3023 if (
3024 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3025 (alg_k & SSL_kEECDH)
3026 /* and we have an ephemeral EC key */
3027 && (s->cert->ecdh_tmp != NULL)
3028 /* and the client specified an EllipticCurves extension */
3029 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3030 )
3031 {
3032 ec_ok = 0;
3033 if (s->cert->ecdh_tmp->group != NULL)
3034 {
3035 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3036 if ((ec_nid == 0)
3037 && (s->cert->ecdh_tmp->group->meth != NULL)
3038 )
3039 {
3040 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3041 {
3042 ec_search1 = 0xFF;
3043 ec_search2 = 0x01;
3044 }
3045 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3046 {
3047 ec_search1 = 0xFF;
3048 ec_search2 = 0x02;
3049 }
3050 }
3051 else
3052 {
3053 ec_search1 = 0x00;
3054 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3055 }
3056 if ((ec_search1 != 0) || (ec_search2 != 0))
3057 {
3058 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3059 {
3060 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3061 {
3062 ec_ok = 1;
3063 break;
3064 }
3065 }
3066 }
3067 }
3068 ok = ok && ec_ok;
3069 }
3070#endif /* OPENSSL_NO_EC */
3071#endif /* OPENSSL_NO_TLSEXT */
3072
2391 if (!ok) continue; 3073 if (!ok) continue;
2392 j=sk_SSL_CIPHER_find(allow,c); 3074 ii=sk_SSL_CIPHER_find(allow,c);
2393 if (j >= 0) 3075 if (ii >= 0)
2394 { 3076 {
2395 ret=sk_SSL_CIPHER_value(allow,j); 3077 ret=sk_SSL_CIPHER_value(allow,ii);
2396 break; 3078 break;
2397 } 3079 }
2398 } 3080 }
@@ -2402,12 +3084,24 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2402int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3084int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2403 { 3085 {
2404 int ret=0; 3086 int ret=0;
2405 unsigned long alg; 3087 unsigned long alg_k;
3088
3089 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2406 3090
2407 alg=s->s3->tmp.new_cipher->algorithms; 3091#ifndef OPENSSL_NO_GOST
3092 if (s->version >= TLS1_VERSION)
3093 {
3094 if (alg_k & SSL_kGOST)
3095 {
3096 p[ret++]=TLS_CT_GOST94_SIGN;
3097 p[ret++]=TLS_CT_GOST01_SIGN;
3098 return(ret);
3099 }
3100 }
3101#endif
2408 3102
2409#ifndef OPENSSL_NO_DH 3103#ifndef OPENSSL_NO_DH
2410 if (alg & (SSL_kDHr|SSL_kEDH)) 3104 if (alg_k & (SSL_kDHr|SSL_kEDH))
2411 { 3105 {
2412# ifndef OPENSSL_NO_RSA 3106# ifndef OPENSSL_NO_RSA
2413 p[ret++]=SSL3_CT_RSA_FIXED_DH; 3107 p[ret++]=SSL3_CT_RSA_FIXED_DH;
@@ -2417,7 +3111,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2417# endif 3111# endif
2418 } 3112 }
2419 if ((s->version == SSL3_VERSION) && 3113 if ((s->version == SSL3_VERSION) &&
2420 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 3114 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
2421 { 3115 {
2422# ifndef OPENSSL_NO_RSA 3116# ifndef OPENSSL_NO_RSA
2423 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 3117 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
@@ -2434,10 +3128,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2434 p[ret++]=SSL3_CT_DSS_SIGN; 3128 p[ret++]=SSL3_CT_DSS_SIGN;
2435#endif 3129#endif
2436#ifndef OPENSSL_NO_ECDH 3130#ifndef OPENSSL_NO_ECDH
2437 /* We should ask for fixed ECDH certificates only 3131 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
2438 * for SSL_kECDH (and not SSL_kECDHE)
2439 */
2440 if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2441 { 3132 {
2442 p[ret++]=TLS_CT_RSA_FIXED_ECDH; 3133 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2443 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 3134 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
@@ -2446,7 +3137,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2446 3137
2447#ifndef OPENSSL_NO_ECDSA 3138#ifndef OPENSSL_NO_ECDSA
2448 /* ECDSA certs can be used with RSA cipher suites as well 3139 /* ECDSA certs can be used with RSA cipher suites as well
2449 * so we don't need to check for SSL_kECDH or SSL_kECDHE 3140 * so we don't need to check for SSL_kECDH or SSL_kEECDH
2450 */ 3141 */
2451 if (s->version >= TLS1_VERSION) 3142 if (s->version >= TLS1_VERSION)
2452 { 3143 {
@@ -2458,6 +3149,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2458 3149
2459int ssl3_shutdown(SSL *s) 3150int ssl3_shutdown(SSL *s)
2460 { 3151 {
3152 int ret;
2461 3153
2462 /* Don't do anything much if we have not done the handshake or 3154 /* Don't do anything much if we have not done the handshake or
2463 * we don't want to send messages :-) */ 3155 * we don't want to send messages :-) */
@@ -2475,18 +3167,32 @@ int ssl3_shutdown(SSL *s)
2475#endif 3167#endif
2476 /* our shutdown alert has been sent now, and if it still needs 3168 /* our shutdown alert has been sent now, and if it still needs
2477 * to be written, s->s3->alert_dispatch will be true */ 3169 * to be written, s->s3->alert_dispatch will be true */
3170 if (s->s3->alert_dispatch)
3171 return(-1); /* return WANT_WRITE */
2478 } 3172 }
2479 else if (s->s3->alert_dispatch) 3173 else if (s->s3->alert_dispatch)
2480 { 3174 {
2481 /* resend it if not sent */ 3175 /* resend it if not sent */
2482#if 1 3176#if 1
2483 s->method->ssl_dispatch_alert(s); 3177 ret=s->method->ssl_dispatch_alert(s);
3178 if(ret == -1)
3179 {
3180 /* we only get to return -1 here the 2nd/Nth
3181 * invocation, we must have already signalled
3182 * return 0 upon a previous invoation,
3183 * return WANT_WRITE */
3184 return(ret);
3185 }
2484#endif 3186#endif
2485 } 3187 }
2486 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 3188 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
2487 { 3189 {
2488 /* If we are waiting for a close from our peer, we are closed */ 3190 /* If we are waiting for a close from our peer, we are closed */
2489 s->method->ssl_read_bytes(s,0,NULL,0,0); 3191 s->method->ssl_read_bytes(s,0,NULL,0,0);
3192 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3193 {
3194 return(-1); /* return WANT_READ */
3195 }
2490 } 3196 }
2491 3197
2492 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 3198 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -2592,9 +3298,6 @@ int ssl3_renegotiate(SSL *s)
2592 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 3298 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2593 return(0); 3299 return(0);
2594 3300
2595 if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
2596 return(0);
2597
2598 s->s3->renegotiate=1; 3301 s->s3->renegotiate=1;
2599 return(1); 3302 return(1);
2600 } 3303 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:16:02 +0000