1 files changed, 3 insertions, 206 deletions
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c39c267f0b..b3cc8f098b 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -159,24 +159,10 @@ extern "C" {
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
-#define TLS1_2_VERSION                  0x0303
-#define TLS1_2_VERSION_MAJOR            0x03
-#define TLS1_2_VERSION_MINOR            0x03
-#define TLS1_1_VERSION                  0x0302
-#define TLS1_1_VERSION_MAJOR            0x03
-#define TLS1_1_VERSION_MINOR            0x02
 #define TLS1_VERSION                    0x0301
 #define TLS1_VERSION_MAJOR              0x03
 #define TLS1_VERSION_MINOR              0x01
-#define TLS1_get_version(s) \
-                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-#define TLS1_get_client_version(s) \
-                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 #define TLS1_AD_DECRYPTION_FAILED       21
 #define TLS1_AD_RECORD_OVERFLOW         22
 #define TLS1_AD_UNKNOWN_CA              48      /* fatal */
@@ -197,42 +183,17 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY    115     /* fatal */
-/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
+/* ExtensionType values from RFC3546 / RFC4366 */
 #define TLSEXT_TYPE_server_name                 0
 #define TLSEXT_TYPE_max_fragment_length         1
 #define TLSEXT_TYPE_client_certificate_url      2
 #define TLSEXT_TYPE_trusted_ca_keys             3
 #define TLSEXT_TYPE_truncated_hmac              4
 #define TLSEXT_TYPE_status_request              5
-/* ExtensionType values from RFC4681 */
-#define TLSEXT_TYPE_user_mapping                6
-/* ExtensionType values from RFC5878 */
-#define TLSEXT_TYPE_client_authz                7
-#define TLSEXT_TYPE_server_authz                8
-/* ExtensionType values from RFC6091 */
-#define TLSEXT_TYPE_cert_type           9
 /* ExtensionType values from RFC4492 */
 #define TLSEXT_TYPE_elliptic_curves             10
 #define TLSEXT_TYPE_ec_point_formats            11
-/* ExtensionType value from RFC5054 */
-#define TLSEXT_TYPE_srp                         12
-/* ExtensionType values from RFC5246 */
-#define TLSEXT_TYPE_signature_algorithms        13
-/* ExtensionType value from RFC5764 */
-#define TLSEXT_TYPE_use_srtp    14
-/* ExtensionType value from RFC5620 */
-#define TLSEXT_TYPE_heartbeat   15
-/* ExtensionType value from RFC4507 */
 #define TLSEXT_TYPE_session_ticket              35
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
 #if 0 /* will have to be provided externally for now ,
       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
@@ -243,11 +204,6 @@ extern "C" {
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg              13172
-#endif
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
@@ -260,37 +216,12 @@ extern "C" {
 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
 #define TLSEXT_ECPOINTFORMAT_last                       2
-/* Signature and hash algorithms from RFC 5246 */
-#define TLSEXT_signature_anonymous                      0
-#define TLSEXT_signature_rsa                            1
-#define TLSEXT_signature_dsa                            2
-#define TLSEXT_signature_ecdsa                          3
-#define TLSEXT_hash_none                                0
-#define TLSEXT_hash_md5                                 1
-#define TLSEXT_hash_sha1                                2
-#define TLSEXT_hash_sha224                              3
-#define TLSEXT_hash_sha256                              4
-#define TLSEXT_hash_sha384                              5
-#define TLSEXT_hash_sha512                              6
 #ifndef OPENSSL_NO_TLSEXT
 #define TLSEXT_MAXLEN_host_name 255
-const char *SSL_get_servername(const SSL *s, const int type);
+const char *SSL_get_servername(const SSL *s, const int type) ;
-int SSL_get_servername_type(const SSL *s);
+int SSL_get_servername_type(const SSL *s) ;
-/* SSL_export_keying_material exports a value derived from the master secret,
- * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
- * optional context. (Since a zero length context is allowed, the |use_context|
- * flag controls whether a context is included.)
- *
- * It returns 1 on success and zero otherwise.
- */
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen, const unsigned char *p, size_t plen,
-        int use_context);
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -354,16 +285,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_TLSEXT_HB_ENABLED                           0x01
-#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS        0x02
-#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS        0x04
-#define SSL_get_tlsext_heartbeat_pending(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
-#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-#endif
 #endif
 /* PSK ciphersuites from 4279 */
@@ -401,14 +322,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
-#define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
-#define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
@@ -417,16 +330,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
 #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
-#define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
-#define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
-/* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
@@ -442,20 +345,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
 #define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
-#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
-#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
-#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
-#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
-#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
-#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
-#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
-#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
-#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
-#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
-#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
 /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
@@ -487,38 +376,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
 #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
-/* SRP ciphersuites from RFC 5054 */
-#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
-#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
-#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
-#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
-#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
-/* ECDH HMAC based ciphersuites from RFC5289 */
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
-/* ECDH GCM based ciphersuites from RFC5289 */
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
 /* XXX
 * Inconsistency alert:
 * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -586,17 +443,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
 #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
-/* SRP ciphersuite from RFC 5054 */
-#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
@@ -620,55 +466,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
 #define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
-/* TLS v1.2 ciphersuites */
-#define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
-/* ECDH HMAC based ciphersuites from RFC5289 */
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
-/* ECDH GCM based ciphersuites from RFC5289 */
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2

diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index c39c267f0b..b3cc8f098b 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -159,24 +159,10 @@ extern "C" {
159		159
160	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0	160	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161		161
162	#define TLS1_2_VERSION 0x0303
163	#define TLS1_2_VERSION_MAJOR 0x03
164	#define TLS1_2_VERSION_MINOR 0x03
165
166	#define TLS1_1_VERSION 0x0302
167	#define TLS1_1_VERSION_MAJOR 0x03
168	#define TLS1_1_VERSION_MINOR 0x02
169
170	#define TLS1_VERSION 0x0301	162	#define TLS1_VERSION 0x0301
171	#define TLS1_VERSION_MAJOR 0x03	163	#define TLS1_VERSION_MAJOR 0x03
172	#define TLS1_VERSION_MINOR 0x01	164	#define TLS1_VERSION_MINOR 0x01
173		165
174	#define TLS1_get_version(s) \
175	((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
176
177	#define TLS1_get_client_version(s) \
178	((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
179
180	#define TLS1_AD_DECRYPTION_FAILED 21	166	#define TLS1_AD_DECRYPTION_FAILED 21
181	#define TLS1_AD_RECORD_OVERFLOW 22	167	#define TLS1_AD_RECORD_OVERFLOW 22
182	#define TLS1_AD_UNKNOWN_CA 48 /* fatal */	168	#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
@@ -197,42 +183,17 @@ extern "C" {
197	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114	183	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
198	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */	184	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
199		185
200	/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */	186	/* ExtensionType values from RFC3546 / RFC4366 */
201	#define TLSEXT_TYPE_server_name 0	187	#define TLSEXT_TYPE_server_name 0
202	#define TLSEXT_TYPE_max_fragment_length 1	188	#define TLSEXT_TYPE_max_fragment_length 1
203	#define TLSEXT_TYPE_client_certificate_url 2	189	#define TLSEXT_TYPE_client_certificate_url 2
204	#define TLSEXT_TYPE_trusted_ca_keys 3	190	#define TLSEXT_TYPE_trusted_ca_keys 3
205	#define TLSEXT_TYPE_truncated_hmac 4	191	#define TLSEXT_TYPE_truncated_hmac 4
206	#define TLSEXT_TYPE_status_request 5	192	#define TLSEXT_TYPE_status_request 5
207	/* ExtensionType values from RFC4681 */
208	#define TLSEXT_TYPE_user_mapping 6
209
210	/* ExtensionType values from RFC5878 */
211	#define TLSEXT_TYPE_client_authz 7
212	#define TLSEXT_TYPE_server_authz 8
213
214	/* ExtensionType values from RFC6091 */
215	#define TLSEXT_TYPE_cert_type 9
216
217	/* ExtensionType values from RFC4492 */	193	/* ExtensionType values from RFC4492 */
218	#define TLSEXT_TYPE_elliptic_curves 10	194	#define TLSEXT_TYPE_elliptic_curves 10
219	#define TLSEXT_TYPE_ec_point_formats 11	195	#define TLSEXT_TYPE_ec_point_formats 11
220
221	/* ExtensionType value from RFC5054 */
222	#define TLSEXT_TYPE_srp 12
223
224	/* ExtensionType values from RFC5246 */
225	#define TLSEXT_TYPE_signature_algorithms 13
226
227	/* ExtensionType value from RFC5764 */
228	#define TLSEXT_TYPE_use_srtp 14
229
230	/* ExtensionType value from RFC5620 */
231	#define TLSEXT_TYPE_heartbeat 15
232
233	/* ExtensionType value from RFC4507 */
234	#define TLSEXT_TYPE_session_ticket 35	196	#define TLSEXT_TYPE_session_ticket 35
235
236	/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */	197	/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
237	#if 0 /* will have to be provided externally for now ,	198	#if 0 /* will have to be provided externally for now ,
238	* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183	199	* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
@@ -243,11 +204,6 @@ extern "C" {
243	/* Temporary extension type */	204	/* Temporary extension type */
244	#define TLSEXT_TYPE_renegotiate 0xff01	205	#define TLSEXT_TYPE_renegotiate 0xff01
245		206
246	#ifndef OPENSSL_NO_NEXTPROTONEG
247	/* This is not an IANA defined extension number */
248	#define TLSEXT_TYPE_next_proto_neg 13172
249	#endif
250
251	/* NameType value from RFC 3546 */	207	/* NameType value from RFC 3546 */
252	#define TLSEXT_NAMETYPE_host_name 0	208	#define TLSEXT_NAMETYPE_host_name 0
253	/* status request value from RFC 3546 */	209	/* status request value from RFC 3546 */
@@ -260,37 +216,12 @@ extern "C" {
260	#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2	216	#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
261	#define TLSEXT_ECPOINTFORMAT_last 2	217	#define TLSEXT_ECPOINTFORMAT_last 2
262		218
263	/* Signature and hash algorithms from RFC 5246 */
264
265	#define TLSEXT_signature_anonymous 0
266	#define TLSEXT_signature_rsa 1
267	#define TLSEXT_signature_dsa 2
268	#define TLSEXT_signature_ecdsa 3
269
270	#define TLSEXT_hash_none 0
271	#define TLSEXT_hash_md5 1
272	#define TLSEXT_hash_sha1 2
273	#define TLSEXT_hash_sha224 3
274	#define TLSEXT_hash_sha256 4
275	#define TLSEXT_hash_sha384 5
276	#define TLSEXT_hash_sha512 6
277
278	#ifndef OPENSSL_NO_TLSEXT	219	#ifndef OPENSSL_NO_TLSEXT
279		220
280	#define TLSEXT_MAXLEN_host_name 255	221	#define TLSEXT_MAXLEN_host_name 255
281		222
282	const char SSL_get_servername(const SSL s, const int type);	223	const char SSL_get_servername(const SSL s, const int type) ;
283	int SSL_get_servername_type(const SSL *s);	224	int SSL_get_servername_type(const SSL *s) ;
284	/* SSL_export_keying_material exports a value derived from the master secret,
285	* as specified in RFC 5705. It writes \|olen\| bytes to \|out\| given a label and
286	* optional context. (Since a zero length context is allowed, the \|use_context\|
287	* flag controls whether a context is included.)
288	*
289	* It returns 1 on success and zero otherwise.
290	*/
291	int SSL_export_keying_material(SSL s, unsigned char out, size_t olen,
292	const char label, size_t llen, const unsigned char p, size_t plen,
293	int use_context);
294		225
295	#define SSL_set_tlsext_host_name(s,name) \	226	#define SSL_set_tlsext_host_name(s,name) \
296	SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)	227	SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -354,16 +285,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
354	#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \	285	#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
355	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)	286	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
356		287
357	#ifndef OPENSSL_NO_HEARTBEATS
358	#define SSL_TLSEXT_HB_ENABLED 0x01
359	#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
360	#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
361
362	#define SSL_get_tlsext_heartbeat_pending(ssl) \
363	SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
364	#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
365	SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
366	#endif
367	#endif	288	#endif
368		289
369	/* PSK ciphersuites from 4279 */	290	/* PSK ciphersuites from 4279 */
@@ -401,14 +322,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
401	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039	322	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
402	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A	323	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
403		324
404	/* TLS v1.2 ciphersuites */
405	#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
406	#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
407	#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
408	#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
409	#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
410	#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
411
412	/* Camellia ciphersuites from RFC4132 */	325	/* Camellia ciphersuites from RFC4132 */
413	#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041	326	#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
414	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042	327	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
@@ -417,16 +330,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
417	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045	330	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
418	#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046	331	#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
419		332
420	/* TLS v1.2 ciphersuites */
421	#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
422	#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
423	#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
424	#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
425	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
426	#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
427	#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
428
429	/* Camellia ciphersuites from RFC4132 */
430	#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084	333	#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
431	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085	334	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
432	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086	335	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
@@ -442,20 +345,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
442	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A	345	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
443	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B	346	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
444		347
445	/* TLS v1.2 GCM ciphersuites from RFC5288 */
446	#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
447	#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
448	#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
449	#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
450	#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
451	#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
452	#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
453	#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
454	#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
455	#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
456	#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
457	#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
458
459	/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */	348	/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
460	#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001	349	#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
461	#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002	350	#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
@@ -487,38 +376,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
487	#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018	376	#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
488	#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019	377	#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
489		378
490	/* SRP ciphersuites from RFC 5054 */
491	#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
492	#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
493	#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
494	#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
495	#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
496	#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
497	#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
498	#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
499	#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
500
501	/* ECDH HMAC based ciphersuites from RFC5289 */
502
503	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
504	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
505	#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
506	#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
507	#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
508	#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
509	#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
510	#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
511
512	/* ECDH GCM based ciphersuites from RFC5289 */
513	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
514	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
515	#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
516	#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
517	#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
518	#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
519	#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
520	#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
521
522	/* XXX	379	/* XXX
523	* Inconsistency alert:	380	* Inconsistency alert:
524	* The OpenSSL names of ciphers with ephemeral DH here include the string	381	* The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -586,17 +443,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
586	#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"	443	#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
587	#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"	444	#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
588		445
589	/* SRP ciphersuite from RFC 5054 */
590	#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
591	#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
592	#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
593	#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
594	#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
595	#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
596	#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
597	#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
598	#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
599
600	/* Camellia ciphersuites from RFC4132 */	446	/* Camellia ciphersuites from RFC4132 */
601	#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"	447	#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
602	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"	448	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
@@ -620,55 +466,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
620	#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"	466	#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
621	#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"	467	#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
622		468
623	/* TLS v1.2 ciphersuites */
624	#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
625	#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
626	#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
627	#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
628	#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
629	#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
630	#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
631	#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
632	#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
633	#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
634	#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
635	#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
636	#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
637
638	/* TLS v1.2 GCM ciphersuites from RFC5288 */
639	#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
640	#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
641	#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
642	#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
643	#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
644	#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
645	#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
646	#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
647	#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
648	#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
649	#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
650	#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
651
652	/* ECDH HMAC based ciphersuites from RFC5289 */
653
654	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
655	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
656	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
657	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
658	#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
659	#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
660	#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
661	#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
662
663	/* ECDH GCM based ciphersuites from RFC5289 */
664	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
665	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
666	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
667	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
668	#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
669	#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
670	#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
671	#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
672		469
673	#define TLS_CT_RSA_SIGN 1	470	#define TLS_CT_RSA_SIGN 1
674	#define TLS_CT_DSS_SIGN 2	471	#define TLS_CT_DSS_SIGN 2