1 files changed, 206 insertions, 3 deletions
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index b3cc8f098b..c39c267f0b 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -159,10 +159,24 @@ extern "C" {
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
+#define TLS1_2_VERSION                  0x0303
+#define TLS1_2_VERSION_MAJOR            0x03
+#define TLS1_2_VERSION_MINOR            0x03
+#define TLS1_1_VERSION                  0x0302
+#define TLS1_1_VERSION_MAJOR            0x03
+#define TLS1_1_VERSION_MINOR            0x02
 #define TLS1_VERSION                    0x0301
 #define TLS1_VERSION_MAJOR              0x03
 #define TLS1_VERSION_MINOR              0x01
+#define TLS1_get_version(s) \
+                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+#define TLS1_get_client_version(s) \
+                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 #define TLS1_AD_DECRYPTION_FAILED       21
 #define TLS1_AD_RECORD_OVERFLOW         22
 #define TLS1_AD_UNKNOWN_CA              48      /* fatal */
@@ -183,17 +197,42 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY    115     /* fatal */
-/* ExtensionType values from RFC3546 / RFC4366 */
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
 #define TLSEXT_TYPE_server_name                 0
 #define TLSEXT_TYPE_max_fragment_length         1
 #define TLSEXT_TYPE_client_certificate_url      2
 #define TLSEXT_TYPE_trusted_ca_keys             3
 #define TLSEXT_TYPE_truncated_hmac              4
 #define TLSEXT_TYPE_status_request              5
+/* ExtensionType values from RFC4681 */
+#define TLSEXT_TYPE_user_mapping                6
+/* ExtensionType values from RFC5878 */
+#define TLSEXT_TYPE_client_authz                7
+#define TLSEXT_TYPE_server_authz                8
+/* ExtensionType values from RFC6091 */
+#define TLSEXT_TYPE_cert_type           9
 /* ExtensionType values from RFC4492 */
 #define TLSEXT_TYPE_elliptic_curves             10
 #define TLSEXT_TYPE_ec_point_formats            11
+/* ExtensionType value from RFC5054 */
+#define TLSEXT_TYPE_srp                         12
+/* ExtensionType values from RFC5246 */
+#define TLSEXT_TYPE_signature_algorithms        13
+/* ExtensionType value from RFC5764 */
+#define TLSEXT_TYPE_use_srtp    14
+/* ExtensionType value from RFC5620 */
+#define TLSEXT_TYPE_heartbeat   15
+/* ExtensionType value from RFC4507 */
 #define TLSEXT_TYPE_session_ticket              35
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
 #if 0 /* will have to be provided externally for now ,
       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
@@ -204,6 +243,11 @@ extern "C" {
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is not an IANA defined extension number */
+#define TLSEXT_TYPE_next_proto_neg              13172
+#endif
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
@@ -216,12 +260,37 @@ extern "C" {
 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
 #define TLSEXT_ECPOINTFORMAT_last                       2
+/* Signature and hash algorithms from RFC 5246 */
+#define TLSEXT_signature_anonymous                      0
+#define TLSEXT_signature_rsa                            1
+#define TLSEXT_signature_dsa                            2
+#define TLSEXT_signature_ecdsa                          3
+#define TLSEXT_hash_none                                0
+#define TLSEXT_hash_md5                                 1
+#define TLSEXT_hash_sha1                                2
+#define TLSEXT_hash_sha224                              3
+#define TLSEXT_hash_sha256                              4
+#define TLSEXT_hash_sha384                              5
+#define TLSEXT_hash_sha512                              6
 #ifndef OPENSSL_NO_TLSEXT
 #define TLSEXT_MAXLEN_host_name 255
-const char *SSL_get_servername(const SSL *s, const int type) ;
+const char *SSL_get_servername(const SSL *s, const int type);
-int SSL_get_servername_type(const SSL *s) ;
+int SSL_get_servername_type(const SSL *s);
+/* SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.)
+ *
+ * It returns 1 on success and zero otherwise.
+ */
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+        const char *label, size_t llen, const unsigned char *p, size_t plen,
+        int use_context);
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -285,6 +354,16 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_TLSEXT_HB_ENABLED                           0x01
+#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS        0x02
+#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS        0x04
+#define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+#endif
 #endif
 /* PSK ciphersuites from 4279 */
@@ -322,6 +401,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+/* TLS v1.2 ciphersuites */
+#define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
+#define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
+#define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
@@ -330,6 +417,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
 #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+/* TLS v1.2 ciphersuites */
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
+#define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
+#define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
+/* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
@@ -345,6 +442,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
 #define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
+#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
+#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
+#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
+#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
+#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
+#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
+#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
+#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
+#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
+#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
+#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
 /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
@@ -376,6 +487,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
 #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
+/* SRP ciphersuites from RFC 5054 */
+#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
+#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
+#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
+#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
+#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
+#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
+#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
+#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
+#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
+/* ECDH HMAC based ciphersuites from RFC5289 */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+/* ECDH GCM based ciphersuites from RFC5289 */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
 /* XXX
 * Inconsistency alert:
 * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -443,6 +586,17 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
 #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
+/* SRP ciphersuite from RFC 5054 */
+#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
@@ -466,6 +620,55 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
 #define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
+/* TLS v1.2 ciphersuites */
+#define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
+#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
+/* ECDH HMAC based ciphersuites from RFC5289 */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+/* ECDH GCM based ciphersuites from RFC5289 */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2

diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index b3cc8f098b..c39c267f0b 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -159,10 +159,24 @@ extern "C" {
159		159
160	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0	160	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161		161
		162	#define TLS1_2_VERSION 0x0303
		163	#define TLS1_2_VERSION_MAJOR 0x03
		164	#define TLS1_2_VERSION_MINOR 0x03
		165
		166	#define TLS1_1_VERSION 0x0302
		167	#define TLS1_1_VERSION_MAJOR 0x03
		168	#define TLS1_1_VERSION_MINOR 0x02
		169
162	#define TLS1_VERSION 0x0301	170	#define TLS1_VERSION 0x0301
163	#define TLS1_VERSION_MAJOR 0x03	171	#define TLS1_VERSION_MAJOR 0x03
164	#define TLS1_VERSION_MINOR 0x01	172	#define TLS1_VERSION_MINOR 0x01
165		173
		174	#define TLS1_get_version(s) \
		175	((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
		176
		177	#define TLS1_get_client_version(s) \
		178	((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
		179
166	#define TLS1_AD_DECRYPTION_FAILED 21	180	#define TLS1_AD_DECRYPTION_FAILED 21
167	#define TLS1_AD_RECORD_OVERFLOW 22	181	#define TLS1_AD_RECORD_OVERFLOW 22
168	#define TLS1_AD_UNKNOWN_CA 48 /* fatal */	182	#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
@@ -183,17 +197,42 @@ extern "C" {
183	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114	197	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
184	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */	198	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
185		199
186	/* ExtensionType values from RFC3546 / RFC4366 */	200	/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
187	#define TLSEXT_TYPE_server_name 0	201	#define TLSEXT_TYPE_server_name 0
188	#define TLSEXT_TYPE_max_fragment_length 1	202	#define TLSEXT_TYPE_max_fragment_length 1
189	#define TLSEXT_TYPE_client_certificate_url 2	203	#define TLSEXT_TYPE_client_certificate_url 2
190	#define TLSEXT_TYPE_trusted_ca_keys 3	204	#define TLSEXT_TYPE_trusted_ca_keys 3
191	#define TLSEXT_TYPE_truncated_hmac 4	205	#define TLSEXT_TYPE_truncated_hmac 4
192	#define TLSEXT_TYPE_status_request 5	206	#define TLSEXT_TYPE_status_request 5
		207	/* ExtensionType values from RFC4681 */
		208	#define TLSEXT_TYPE_user_mapping 6
		209
		210	/* ExtensionType values from RFC5878 */
		211	#define TLSEXT_TYPE_client_authz 7
		212	#define TLSEXT_TYPE_server_authz 8
		213
		214	/* ExtensionType values from RFC6091 */
		215	#define TLSEXT_TYPE_cert_type 9
		216
193	/* ExtensionType values from RFC4492 */	217	/* ExtensionType values from RFC4492 */
194	#define TLSEXT_TYPE_elliptic_curves 10	218	#define TLSEXT_TYPE_elliptic_curves 10
195	#define TLSEXT_TYPE_ec_point_formats 11	219	#define TLSEXT_TYPE_ec_point_formats 11
		220
		221	/* ExtensionType value from RFC5054 */
		222	#define TLSEXT_TYPE_srp 12
		223
		224	/* ExtensionType values from RFC5246 */
		225	#define TLSEXT_TYPE_signature_algorithms 13
		226
		227	/* ExtensionType value from RFC5764 */
		228	#define TLSEXT_TYPE_use_srtp 14
		229
		230	/* ExtensionType value from RFC5620 */
		231	#define TLSEXT_TYPE_heartbeat 15
		232
		233	/* ExtensionType value from RFC4507 */
196	#define TLSEXT_TYPE_session_ticket 35	234	#define TLSEXT_TYPE_session_ticket 35
		235
197	/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */	236	/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
198	#if 0 /* will have to be provided externally for now ,	237	#if 0 /* will have to be provided externally for now ,
199	* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183	238	* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
@@ -204,6 +243,11 @@ extern "C" {
204	/* Temporary extension type */	243	/* Temporary extension type */
205	#define TLSEXT_TYPE_renegotiate 0xff01	244	#define TLSEXT_TYPE_renegotiate 0xff01
206		245
		246	#ifndef OPENSSL_NO_NEXTPROTONEG
		247	/* This is not an IANA defined extension number */
		248	#define TLSEXT_TYPE_next_proto_neg 13172
		249	#endif
		250
207	/* NameType value from RFC 3546 */	251	/* NameType value from RFC 3546 */
208	#define TLSEXT_NAMETYPE_host_name 0	252	#define TLSEXT_NAMETYPE_host_name 0
209	/* status request value from RFC 3546 */	253	/* status request value from RFC 3546 */
@@ -216,12 +260,37 @@ extern "C" {
216	#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2	260	#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
217	#define TLSEXT_ECPOINTFORMAT_last 2	261	#define TLSEXT_ECPOINTFORMAT_last 2
218		262
		263	/* Signature and hash algorithms from RFC 5246 */
		264
		265	#define TLSEXT_signature_anonymous 0
		266	#define TLSEXT_signature_rsa 1
		267	#define TLSEXT_signature_dsa 2
		268	#define TLSEXT_signature_ecdsa 3
		269
		270	#define TLSEXT_hash_none 0
		271	#define TLSEXT_hash_md5 1
		272	#define TLSEXT_hash_sha1 2
		273	#define TLSEXT_hash_sha224 3
		274	#define TLSEXT_hash_sha256 4
		275	#define TLSEXT_hash_sha384 5
		276	#define TLSEXT_hash_sha512 6
		277
219	#ifndef OPENSSL_NO_TLSEXT	278	#ifndef OPENSSL_NO_TLSEXT
220		279
221	#define TLSEXT_MAXLEN_host_name 255	280	#define TLSEXT_MAXLEN_host_name 255
222		281
223	const char SSL_get_servername(const SSL s, const int type) ;	282	const char SSL_get_servername(const SSL s, const int type);
224	int SSL_get_servername_type(const SSL *s) ;	283	int SSL_get_servername_type(const SSL *s);
		284	/* SSL_export_keying_material exports a value derived from the master secret,
		285	* as specified in RFC 5705. It writes \|olen\| bytes to \|out\| given a label and
		286	* optional context. (Since a zero length context is allowed, the \|use_context\|
		287	* flag controls whether a context is included.)
		288	*
		289	* It returns 1 on success and zero otherwise.
		290	*/
		291	int SSL_export_keying_material(SSL s, unsigned char out, size_t olen,
		292	const char label, size_t llen, const unsigned char p, size_t plen,
		293	int use_context);
225		294
226	#define SSL_set_tlsext_host_name(s,name) \	295	#define SSL_set_tlsext_host_name(s,name) \
227	SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)	296	SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -285,6 +354,16 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
285	#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \	354	#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
286	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)	355	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
287		356
		357	#ifndef OPENSSL_NO_HEARTBEATS
		358	#define SSL_TLSEXT_HB_ENABLED 0x01
		359	#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
		360	#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
		361
		362	#define SSL_get_tlsext_heartbeat_pending(ssl) \
		363	SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
		364	#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
		365	SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
		366	#endif
288	#endif	367	#endif
289		368
290	/* PSK ciphersuites from 4279 */	369	/* PSK ciphersuites from 4279 */
@@ -322,6 +401,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
322	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039	401	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
323	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A	402	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
324		403
		404	/* TLS v1.2 ciphersuites */
		405	#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
		406	#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
		407	#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
		408	#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
		409	#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
		410	#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
		411
325	/* Camellia ciphersuites from RFC4132 */	412	/* Camellia ciphersuites from RFC4132 */
326	#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041	413	#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
327	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042	414	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
@@ -330,6 +417,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
330	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045	417	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
331	#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046	418	#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
332		419
		420	/* TLS v1.2 ciphersuites */
		421	#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
		422	#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
		423	#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
		424	#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
		425	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
		426	#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
		427	#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
		428
		429	/* Camellia ciphersuites from RFC4132 */
333	#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084	430	#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
334	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085	431	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
335	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086	432	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
@@ -345,6 +442,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
345	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A	442	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
346	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B	443	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
347		444
		445	/* TLS v1.2 GCM ciphersuites from RFC5288 */
		446	#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
		447	#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
		448	#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
		449	#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
		450	#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
		451	#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
		452	#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
		453	#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
		454	#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
		455	#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
		456	#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
		457	#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
		458
348	/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */	459	/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
349	#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001	460	#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
350	#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002	461	#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
@@ -376,6 +487,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
376	#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018	487	#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
377	#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019	488	#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
378		489
		490	/* SRP ciphersuites from RFC 5054 */
		491	#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
		492	#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
		493	#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
		494	#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
		495	#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
		496	#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
		497	#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
		498	#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
		499	#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
		500
		501	/* ECDH HMAC based ciphersuites from RFC5289 */
		502
		503	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
		504	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
		505	#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
		506	#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
		507	#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
		508	#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
		509	#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
		510	#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
		511
		512	/* ECDH GCM based ciphersuites from RFC5289 */
		513	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
		514	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
		515	#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
		516	#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
		517	#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
		518	#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
		519	#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
		520	#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
		521
379	/* XXX	522	/* XXX
380	* Inconsistency alert:	523	* Inconsistency alert:
381	* The OpenSSL names of ciphers with ephemeral DH here include the string	524	* The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -443,6 +586,17 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
443	#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"	586	#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
444	#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"	587	#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
445		588
		589	/* SRP ciphersuite from RFC 5054 */
		590	#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
		591	#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
		592	#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
		593	#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
		594	#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
		595	#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
		596	#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
		597	#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
		598	#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
		599
446	/* Camellia ciphersuites from RFC4132 */	600	/* Camellia ciphersuites from RFC4132 */
447	#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"	601	#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
448	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"	602	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
@@ -466,6 +620,55 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
466	#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"	620	#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
467	#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"	621	#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
468		622
		623	/* TLS v1.2 ciphersuites */
		624	#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
		625	#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
		626	#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
		627	#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
		628	#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
		629	#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
		630	#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
		631	#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
		632	#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
		633	#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
		634	#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
		635	#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
		636	#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
		637
		638	/* TLS v1.2 GCM ciphersuites from RFC5288 */
		639	#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
		640	#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
		641	#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
		642	#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
		643	#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
		644	#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
		645	#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
		646	#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
		647	#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
		648	#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
		649	#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
		650	#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
		651
		652	/* ECDH HMAC based ciphersuites from RFC5289 */
		653
		654	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
		655	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
		656	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
		657	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
		658	#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
		659	#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
		660	#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
		661	#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
		662
		663	/* ECDH GCM based ciphersuites from RFC5289 */
		664	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
		665	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
		666	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
		667	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
		668	#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
		669	#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
		670	#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
		671	#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
469		672
470	#define TLS_CT_RSA_SIGN 1	673	#define TLS_CT_RSA_SIGN 1
471	#define TLS_CT_DSS_SIGN 2	674	#define TLS_CT_DSS_SIGN 2