1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "internal/e_os.h"
13
14 #include <openssl/objects.h>
15 #include "internal/nelem.h"
16 #include "ssl_local.h"
17 #include <openssl/md5.h>
18 #include <openssl/dh.h>
19 #include <openssl/rand.h>
20 #include <openssl/trace.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/core_names.h>
23 #include "internal/cryptlib.h"
24 #include "internal/ssl_unwrap.h"
25
26 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
27 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
28 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
29
30 /* TLSv1.3 downgrade protection sentinel values */
31 const unsigned char tls11downgrade[] = {
32 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
33 };
34 const unsigned char tls12downgrade[] = {
35 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36 };
37
38 /* The list of available TLSv1.3 ciphers */
39 static SSL_CIPHER tls13_ciphers[] = {
40 {
41 1,
42 TLS1_3_RFC_AES_128_GCM_SHA256,
43 TLS1_3_RFC_AES_128_GCM_SHA256,
44 TLS1_3_CK_AES_128_GCM_SHA256,
45 SSL_kANY,
46 SSL_aANY,
47 SSL_AES128GCM,
48 SSL_AEAD,
49 TLS1_3_VERSION,
50 TLS1_3_VERSION,
51 0,
52 0,
53 SSL_HIGH,
54 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
55 128,
56 128,
57 },
58 {
59 1,
60 TLS1_3_RFC_AES_256_GCM_SHA384,
61 TLS1_3_RFC_AES_256_GCM_SHA384,
62 TLS1_3_CK_AES_256_GCM_SHA384,
63 SSL_kANY,
64 SSL_aANY,
65 SSL_AES256GCM,
66 SSL_AEAD,
67 TLS1_3_VERSION,
68 TLS1_3_VERSION,
69 0,
70 0,
71 SSL_HIGH,
72 SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
73 256,
74 256,
75 },
76 {
77 1,
78 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
79 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
80 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
81 SSL_kANY,
82 SSL_aANY,
83 SSL_CHACHA20POLY1305,
84 SSL_AEAD,
85 TLS1_3_VERSION,
86 TLS1_3_VERSION,
87 0,
88 0,
89 SSL_HIGH,
90 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
91 256,
92 256,
93 },
94 {
95 1,
96 TLS1_3_RFC_AES_128_CCM_SHA256,
97 TLS1_3_RFC_AES_128_CCM_SHA256,
98 TLS1_3_CK_AES_128_CCM_SHA256,
99 SSL_kANY,
100 SSL_aANY,
101 SSL_AES128CCM,
102 SSL_AEAD,
103 TLS1_3_VERSION,
104 TLS1_3_VERSION,
105 0,
106 0,
107 SSL_NOT_DEFAULT | SSL_HIGH,
108 SSL_HANDSHAKE_MAC_SHA256,
109 128,
110 128,
111 },
112 {
113 1,
114 TLS1_3_RFC_AES_128_CCM_8_SHA256,
115 TLS1_3_RFC_AES_128_CCM_8_SHA256,
116 TLS1_3_CK_AES_128_CCM_8_SHA256,
117 SSL_kANY,
118 SSL_aANY,
119 SSL_AES128CCM8,
120 SSL_AEAD,
121 TLS1_3_VERSION,
122 TLS1_3_VERSION,
123 0,
124 0,
125 SSL_NOT_DEFAULT | SSL_MEDIUM,
126 SSL_HANDSHAKE_MAC_SHA256,
127 64, /* CCM8 uses a short tag, so we have a low security strength */
128 128,
129 },
130 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
131 {
132 1,
133 TLS1_3_RFC_SHA256_SHA256,
134 TLS1_3_RFC_SHA256_SHA256,
135 TLS1_3_CK_SHA256_SHA256,
136 SSL_kANY,
137 SSL_aANY,
138 SSL_eNULL,
139 SSL_SHA256,
140 TLS1_3_VERSION,
141 TLS1_3_VERSION,
142 0,
143 0,
144 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
145 SSL_HANDSHAKE_MAC_SHA256,
146 0,
147 256,
148 },
149 {
150 1,
151 TLS1_3_RFC_SHA384_SHA384,
152 TLS1_3_RFC_SHA384_SHA384,
153 TLS1_3_CK_SHA384_SHA384,
154 SSL_kANY,
155 SSL_aANY,
156 SSL_eNULL,
157 SSL_SHA384,
158 TLS1_3_VERSION,
159 TLS1_3_VERSION,
160 0,
161 0,
162 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
163 SSL_HANDSHAKE_MAC_SHA384,
164 0,
165 384,
166 },
167 #endif
168 };
169
170 /*
171 * The list of available ciphers, mostly organized into the following
172 * groups:
173 * Always there
174 * EC
175 * PSK
176 * SRP (within that: RSA EC PSK)
177 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
178 * Weak ciphers
179 */
180 static SSL_CIPHER ssl3_ciphers[] = {
181 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
182 {
183 1,
184 SSL3_TXT_RSA_NULL_MD5,
185 SSL3_RFC_RSA_NULL_MD5,
186 SSL3_CK_RSA_NULL_MD5,
187 SSL_kRSA,
188 SSL_aRSA,
189 SSL_eNULL,
190 SSL_MD5,
191 SSL3_VERSION,
192 TLS1_2_VERSION,
193 DTLS1_BAD_VER,
194 DTLS1_2_VERSION,
195 SSL_STRONG_NONE,
196 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
197 0,
198 0,
199 },
200 {
201 1,
202 SSL3_TXT_RSA_NULL_SHA,
203 SSL3_RFC_RSA_NULL_SHA,
204 SSL3_CK_RSA_NULL_SHA,
205 SSL_kRSA,
206 SSL_aRSA,
207 SSL_eNULL,
208 SSL_SHA1,
209 SSL3_VERSION,
210 TLS1_2_VERSION,
211 DTLS1_BAD_VER,
212 DTLS1_2_VERSION,
213 SSL_STRONG_NONE | SSL_FIPS,
214 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
215 0,
216 0,
217 },
218 #endif
219 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
220 {
221 1,
222 SSL3_TXT_RSA_DES_192_CBC3_SHA,
223 SSL3_RFC_RSA_DES_192_CBC3_SHA,
224 SSL3_CK_RSA_DES_192_CBC3_SHA,
225 SSL_kRSA,
226 SSL_aRSA,
227 SSL_3DES,
228 SSL_SHA1,
229 SSL3_VERSION,
230 TLS1_2_VERSION,
231 DTLS1_BAD_VER,
232 DTLS1_2_VERSION,
233 SSL_NOT_DEFAULT | SSL_MEDIUM,
234 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
235 112,
236 168,
237 },
238 {
239 1,
240 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
241 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
242 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
243 SSL_kDHE,
244 SSL_aDSS,
245 SSL_3DES,
246 SSL_SHA1,
247 SSL3_VERSION,
248 TLS1_2_VERSION,
249 DTLS1_BAD_VER,
250 DTLS1_2_VERSION,
251 SSL_NOT_DEFAULT | SSL_MEDIUM,
252 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
253 112,
254 168,
255 },
256 {
257 1,
258 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
259 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
260 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
261 SSL_kDHE,
262 SSL_aRSA,
263 SSL_3DES,
264 SSL_SHA1,
265 SSL3_VERSION,
266 TLS1_2_VERSION,
267 DTLS1_BAD_VER,
268 DTLS1_2_VERSION,
269 SSL_NOT_DEFAULT | SSL_MEDIUM,
270 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 112,
272 168,
273 },
274 {
275 1,
276 SSL3_TXT_ADH_DES_192_CBC_SHA,
277 SSL3_RFC_ADH_DES_192_CBC_SHA,
278 SSL3_CK_ADH_DES_192_CBC_SHA,
279 SSL_kDHE,
280 SSL_aNULL,
281 SSL_3DES,
282 SSL_SHA1,
283 SSL3_VERSION,
284 TLS1_2_VERSION,
285 DTLS1_BAD_VER,
286 DTLS1_2_VERSION,
287 SSL_NOT_DEFAULT | SSL_MEDIUM,
288 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
289 112,
290 168,
291 },
292 #endif
293 {
294 1,
295 TLS1_TXT_RSA_WITH_AES_128_SHA,
296 TLS1_RFC_RSA_WITH_AES_128_SHA,
297 TLS1_CK_RSA_WITH_AES_128_SHA,
298 SSL_kRSA,
299 SSL_aRSA,
300 SSL_AES128,
301 SSL_SHA1,
302 SSL3_VERSION,
303 TLS1_2_VERSION,
304 DTLS1_BAD_VER,
305 DTLS1_2_VERSION,
306 SSL_HIGH | SSL_FIPS,
307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 128,
309 128,
310 },
311 {
312 1,
313 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
314 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
315 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
316 SSL_kDHE,
317 SSL_aDSS,
318 SSL_AES128,
319 SSL_SHA1,
320 SSL3_VERSION,
321 TLS1_2_VERSION,
322 DTLS1_BAD_VER,
323 DTLS1_2_VERSION,
324 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
326 128,
327 128,
328 },
329 {
330 1,
331 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
332 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
333 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
334 SSL_kDHE,
335 SSL_aRSA,
336 SSL_AES128,
337 SSL_SHA1,
338 SSL3_VERSION,
339 TLS1_2_VERSION,
340 DTLS1_BAD_VER,
341 DTLS1_2_VERSION,
342 SSL_HIGH | SSL_FIPS,
343 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
344 128,
345 128,
346 },
347 {
348 1,
349 TLS1_TXT_ADH_WITH_AES_128_SHA,
350 TLS1_RFC_ADH_WITH_AES_128_SHA,
351 TLS1_CK_ADH_WITH_AES_128_SHA,
352 SSL_kDHE,
353 SSL_aNULL,
354 SSL_AES128,
355 SSL_SHA1,
356 SSL3_VERSION,
357 TLS1_2_VERSION,
358 DTLS1_BAD_VER,
359 DTLS1_2_VERSION,
360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
362 128,
363 128,
364 },
365 {
366 1,
367 TLS1_TXT_RSA_WITH_AES_256_SHA,
368 TLS1_RFC_RSA_WITH_AES_256_SHA,
369 TLS1_CK_RSA_WITH_AES_256_SHA,
370 SSL_kRSA,
371 SSL_aRSA,
372 SSL_AES256,
373 SSL_SHA1,
374 SSL3_VERSION,
375 TLS1_2_VERSION,
376 DTLS1_BAD_VER,
377 DTLS1_2_VERSION,
378 SSL_HIGH | SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
380 256,
381 256,
382 },
383 {
384 1,
385 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
386 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
387 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
388 SSL_kDHE,
389 SSL_aDSS,
390 SSL_AES256,
391 SSL_SHA1,
392 SSL3_VERSION,
393 TLS1_2_VERSION,
394 DTLS1_BAD_VER,
395 DTLS1_2_VERSION,
396 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
398 256,
399 256,
400 },
401 {
402 1,
403 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
404 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
405 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
406 SSL_kDHE,
407 SSL_aRSA,
408 SSL_AES256,
409 SSL_SHA1,
410 SSL3_VERSION,
411 TLS1_2_VERSION,
412 DTLS1_BAD_VER,
413 DTLS1_2_VERSION,
414 SSL_HIGH | SSL_FIPS,
415 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416 256,
417 256,
418 },
419 {
420 1,
421 TLS1_TXT_ADH_WITH_AES_256_SHA,
422 TLS1_RFC_ADH_WITH_AES_256_SHA,
423 TLS1_CK_ADH_WITH_AES_256_SHA,
424 SSL_kDHE,
425 SSL_aNULL,
426 SSL_AES256,
427 SSL_SHA1,
428 SSL3_VERSION,
429 TLS1_2_VERSION,
430 DTLS1_BAD_VER,
431 DTLS1_2_VERSION,
432 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
434 256,
435 256,
436 },
437 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
438 {
439 1,
440 TLS1_TXT_RSA_WITH_NULL_SHA256,
441 TLS1_RFC_RSA_WITH_NULL_SHA256,
442 TLS1_CK_RSA_WITH_NULL_SHA256,
443 SSL_kRSA,
444 SSL_aRSA,
445 SSL_eNULL,
446 SSL_SHA256,
447 TLS1_2_VERSION,
448 TLS1_2_VERSION,
449 DTLS1_2_VERSION,
450 DTLS1_2_VERSION,
451 SSL_STRONG_NONE | SSL_FIPS,
452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453 0,
454 0,
455 },
456 #endif
457 {
458 1,
459 TLS1_TXT_RSA_WITH_AES_128_SHA256,
460 TLS1_RFC_RSA_WITH_AES_128_SHA256,
461 TLS1_CK_RSA_WITH_AES_128_SHA256,
462 SSL_kRSA,
463 SSL_aRSA,
464 SSL_AES128,
465 SSL_SHA256,
466 TLS1_2_VERSION,
467 TLS1_2_VERSION,
468 DTLS1_2_VERSION,
469 DTLS1_2_VERSION,
470 SSL_HIGH | SSL_FIPS,
471 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
472 128,
473 128,
474 },
475 {
476 1,
477 TLS1_TXT_RSA_WITH_AES_256_SHA256,
478 TLS1_RFC_RSA_WITH_AES_256_SHA256,
479 TLS1_CK_RSA_WITH_AES_256_SHA256,
480 SSL_kRSA,
481 SSL_aRSA,
482 SSL_AES256,
483 SSL_SHA256,
484 TLS1_2_VERSION,
485 TLS1_2_VERSION,
486 DTLS1_2_VERSION,
487 DTLS1_2_VERSION,
488 SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
490 256,
491 256,
492 },
493 {
494 1,
495 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
496 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
497 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
498 SSL_kDHE,
499 SSL_aDSS,
500 SSL_AES128,
501 SSL_SHA256,
502 TLS1_2_VERSION,
503 TLS1_2_VERSION,
504 DTLS1_2_VERSION,
505 DTLS1_2_VERSION,
506 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
507 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
508 128,
509 128,
510 },
511 {
512 1,
513 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
514 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
515 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
516 SSL_kDHE,
517 SSL_aRSA,
518 SSL_AES128,
519 SSL_SHA256,
520 TLS1_2_VERSION,
521 TLS1_2_VERSION,
522 DTLS1_2_VERSION,
523 DTLS1_2_VERSION,
524 SSL_HIGH | SSL_FIPS,
525 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
526 128,
527 128,
528 },
529 {
530 1,
531 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
532 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
533 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
534 SSL_kDHE,
535 SSL_aDSS,
536 SSL_AES256,
537 SSL_SHA256,
538 TLS1_2_VERSION,
539 TLS1_2_VERSION,
540 DTLS1_2_VERSION,
541 DTLS1_2_VERSION,
542 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
543 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
544 256,
545 256,
546 },
547 {
548 1,
549 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
550 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
551 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
552 SSL_kDHE,
553 SSL_aRSA,
554 SSL_AES256,
555 SSL_SHA256,
556 TLS1_2_VERSION,
557 TLS1_2_VERSION,
558 DTLS1_2_VERSION,
559 DTLS1_2_VERSION,
560 SSL_HIGH | SSL_FIPS,
561 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
562 256,
563 256,
564 },
565 {
566 1,
567 TLS1_TXT_ADH_WITH_AES_128_SHA256,
568 TLS1_RFC_ADH_WITH_AES_128_SHA256,
569 TLS1_CK_ADH_WITH_AES_128_SHA256,
570 SSL_kDHE,
571 SSL_aNULL,
572 SSL_AES128,
573 SSL_SHA256,
574 TLS1_2_VERSION,
575 TLS1_2_VERSION,
576 DTLS1_2_VERSION,
577 DTLS1_2_VERSION,
578 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
579 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
580 128,
581 128,
582 },
583 {
584 1,
585 TLS1_TXT_ADH_WITH_AES_256_SHA256,
586 TLS1_RFC_ADH_WITH_AES_256_SHA256,
587 TLS1_CK_ADH_WITH_AES_256_SHA256,
588 SSL_kDHE,
589 SSL_aNULL,
590 SSL_AES256,
591 SSL_SHA256,
592 TLS1_2_VERSION,
593 TLS1_2_VERSION,
594 DTLS1_2_VERSION,
595 DTLS1_2_VERSION,
596 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
597 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
598 256,
599 256,
600 },
601 {
602 1,
603 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
604 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
605 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
606 SSL_kRSA,
607 SSL_aRSA,
608 SSL_AES128GCM,
609 SSL_AEAD,
610 TLS1_2_VERSION,
611 TLS1_2_VERSION,
612 DTLS1_2_VERSION,
613 DTLS1_2_VERSION,
614 SSL_HIGH | SSL_FIPS,
615 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
616 128,
617 128,
618 },
619 {
620 1,
621 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
622 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
623 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
624 SSL_kRSA,
625 SSL_aRSA,
626 SSL_AES256GCM,
627 SSL_AEAD,
628 TLS1_2_VERSION,
629 TLS1_2_VERSION,
630 DTLS1_2_VERSION,
631 DTLS1_2_VERSION,
632 SSL_HIGH | SSL_FIPS,
633 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
634 256,
635 256,
636 },
637 {
638 1,
639 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
640 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
641 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
642 SSL_kDHE,
643 SSL_aRSA,
644 SSL_AES128GCM,
645 SSL_AEAD,
646 TLS1_2_VERSION,
647 TLS1_2_VERSION,
648 DTLS1_2_VERSION,
649 DTLS1_2_VERSION,
650 SSL_HIGH | SSL_FIPS,
651 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
652 128,
653 128,
654 },
655 {
656 1,
657 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
658 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
659 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
660 SSL_kDHE,
661 SSL_aRSA,
662 SSL_AES256GCM,
663 SSL_AEAD,
664 TLS1_2_VERSION,
665 TLS1_2_VERSION,
666 DTLS1_2_VERSION,
667 DTLS1_2_VERSION,
668 SSL_HIGH | SSL_FIPS,
669 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
670 256,
671 256,
672 },
673 {
674 1,
675 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
676 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
677 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
678 SSL_kDHE,
679 SSL_aDSS,
680 SSL_AES128GCM,
681 SSL_AEAD,
682 TLS1_2_VERSION,
683 TLS1_2_VERSION,
684 DTLS1_2_VERSION,
685 DTLS1_2_VERSION,
686 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
687 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688 128,
689 128,
690 },
691 {
692 1,
693 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
694 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
695 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
696 SSL_kDHE,
697 SSL_aDSS,
698 SSL_AES256GCM,
699 SSL_AEAD,
700 TLS1_2_VERSION,
701 TLS1_2_VERSION,
702 DTLS1_2_VERSION,
703 DTLS1_2_VERSION,
704 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
705 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
706 256,
707 256,
708 },
709 {
710 1,
711 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
712 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
713 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
714 SSL_kDHE,
715 SSL_aNULL,
716 SSL_AES128GCM,
717 SSL_AEAD,
718 TLS1_2_VERSION,
719 TLS1_2_VERSION,
720 DTLS1_2_VERSION,
721 DTLS1_2_VERSION,
722 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
723 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
724 128,
725 128,
726 },
727 {
728 1,
729 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
730 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
731 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
732 SSL_kDHE,
733 SSL_aNULL,
734 SSL_AES256GCM,
735 SSL_AEAD,
736 TLS1_2_VERSION,
737 TLS1_2_VERSION,
738 DTLS1_2_VERSION,
739 DTLS1_2_VERSION,
740 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
741 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
742 256,
743 256,
744 },
745 {
746 1,
747 TLS1_TXT_RSA_WITH_AES_128_CCM,
748 TLS1_RFC_RSA_WITH_AES_128_CCM,
749 TLS1_CK_RSA_WITH_AES_128_CCM,
750 SSL_kRSA,
751 SSL_aRSA,
752 SSL_AES128CCM,
753 SSL_AEAD,
754 TLS1_2_VERSION,
755 TLS1_2_VERSION,
756 DTLS1_2_VERSION,
757 DTLS1_2_VERSION,
758 SSL_NOT_DEFAULT | SSL_HIGH,
759 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
760 128,
761 128,
762 },
763 {
764 1,
765 TLS1_TXT_RSA_WITH_AES_256_CCM,
766 TLS1_RFC_RSA_WITH_AES_256_CCM,
767 TLS1_CK_RSA_WITH_AES_256_CCM,
768 SSL_kRSA,
769 SSL_aRSA,
770 SSL_AES256CCM,
771 SSL_AEAD,
772 TLS1_2_VERSION,
773 TLS1_2_VERSION,
774 DTLS1_2_VERSION,
775 DTLS1_2_VERSION,
776 SSL_NOT_DEFAULT | SSL_HIGH,
777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
778 256,
779 256,
780 },
781 {
782 1,
783 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
784 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
785 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
786 SSL_kDHE,
787 SSL_aRSA,
788 SSL_AES128CCM,
789 SSL_AEAD,
790 TLS1_2_VERSION,
791 TLS1_2_VERSION,
792 DTLS1_2_VERSION,
793 DTLS1_2_VERSION,
794 SSL_NOT_DEFAULT | SSL_HIGH,
795 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
796 128,
797 128,
798 },
799 {
800 1,
801 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
802 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
803 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
804 SSL_kDHE,
805 SSL_aRSA,
806 SSL_AES256CCM,
807 SSL_AEAD,
808 TLS1_2_VERSION,
809 TLS1_2_VERSION,
810 DTLS1_2_VERSION,
811 DTLS1_2_VERSION,
812 SSL_NOT_DEFAULT | SSL_HIGH,
813 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
814 256,
815 256,
816 },
817 {
818 1,
819 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
820 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
821 TLS1_CK_RSA_WITH_AES_128_CCM_8,
822 SSL_kRSA,
823 SSL_aRSA,
824 SSL_AES128CCM8,
825 SSL_AEAD,
826 TLS1_2_VERSION,
827 TLS1_2_VERSION,
828 DTLS1_2_VERSION,
829 DTLS1_2_VERSION,
830 SSL_NOT_DEFAULT | SSL_MEDIUM,
831 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
832 64, /* CCM8 uses a short tag, so we have a low security strength */
833 128,
834 },
835 {
836 1,
837 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
838 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
839 TLS1_CK_RSA_WITH_AES_256_CCM_8,
840 SSL_kRSA,
841 SSL_aRSA,
842 SSL_AES256CCM8,
843 SSL_AEAD,
844 TLS1_2_VERSION,
845 TLS1_2_VERSION,
846 DTLS1_2_VERSION,
847 DTLS1_2_VERSION,
848 SSL_NOT_DEFAULT | SSL_MEDIUM,
849 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
850 64, /* CCM8 uses a short tag, so we have a low security strength */
851 256,
852 },
853 {
854 1,
855 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
856 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
857 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
858 SSL_kDHE,
859 SSL_aRSA,
860 SSL_AES128CCM8,
861 SSL_AEAD,
862 TLS1_2_VERSION,
863 TLS1_2_VERSION,
864 DTLS1_2_VERSION,
865 DTLS1_2_VERSION,
866 SSL_NOT_DEFAULT | SSL_MEDIUM,
867 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
868 64, /* CCM8 uses a short tag, so we have a low security strength */
869 128,
870 },
871 {
872 1,
873 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
874 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
875 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
876 SSL_kDHE,
877 SSL_aRSA,
878 SSL_AES256CCM8,
879 SSL_AEAD,
880 TLS1_2_VERSION,
881 TLS1_2_VERSION,
882 DTLS1_2_VERSION,
883 DTLS1_2_VERSION,
884 SSL_NOT_DEFAULT | SSL_MEDIUM,
885 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
886 64, /* CCM8 uses a short tag, so we have a low security strength */
887 256,
888 },
889 {
890 1,
891 TLS1_TXT_PSK_WITH_AES_128_CCM,
892 TLS1_RFC_PSK_WITH_AES_128_CCM,
893 TLS1_CK_PSK_WITH_AES_128_CCM,
894 SSL_kPSK,
895 SSL_aPSK,
896 SSL_AES128CCM,
897 SSL_AEAD,
898 TLS1_2_VERSION,
899 TLS1_2_VERSION,
900 DTLS1_2_VERSION,
901 DTLS1_2_VERSION,
902 SSL_NOT_DEFAULT | SSL_HIGH,
903 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
904 128,
905 128,
906 },
907 {
908 1,
909 TLS1_TXT_PSK_WITH_AES_256_CCM,
910 TLS1_RFC_PSK_WITH_AES_256_CCM,
911 TLS1_CK_PSK_WITH_AES_256_CCM,
912 SSL_kPSK,
913 SSL_aPSK,
914 SSL_AES256CCM,
915 SSL_AEAD,
916 TLS1_2_VERSION,
917 TLS1_2_VERSION,
918 DTLS1_2_VERSION,
919 DTLS1_2_VERSION,
920 SSL_NOT_DEFAULT | SSL_HIGH,
921 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
922 256,
923 256,
924 },
925 {
926 1,
927 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
928 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
929 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
930 SSL_kDHEPSK,
931 SSL_aPSK,
932 SSL_AES128CCM,
933 SSL_AEAD,
934 TLS1_2_VERSION,
935 TLS1_2_VERSION,
936 DTLS1_2_VERSION,
937 DTLS1_2_VERSION,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
940 128,
941 128,
942 },
943 {
944 1,
945 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
946 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
947 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
948 SSL_kDHEPSK,
949 SSL_aPSK,
950 SSL_AES256CCM,
951 SSL_AEAD,
952 TLS1_2_VERSION,
953 TLS1_2_VERSION,
954 DTLS1_2_VERSION,
955 DTLS1_2_VERSION,
956 SSL_NOT_DEFAULT | SSL_HIGH,
957 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
958 256,
959 256,
960 },
961 {
962 1,
963 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
964 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
965 TLS1_CK_PSK_WITH_AES_128_CCM_8,
966 SSL_kPSK,
967 SSL_aPSK,
968 SSL_AES128CCM8,
969 SSL_AEAD,
970 TLS1_2_VERSION,
971 TLS1_2_VERSION,
972 DTLS1_2_VERSION,
973 DTLS1_2_VERSION,
974 SSL_NOT_DEFAULT | SSL_MEDIUM,
975 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
976 64, /* CCM8 uses a short tag, so we have a low security strength */
977 128,
978 },
979 {
980 1,
981 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
982 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
983 TLS1_CK_PSK_WITH_AES_256_CCM_8,
984 SSL_kPSK,
985 SSL_aPSK,
986 SSL_AES256CCM8,
987 SSL_AEAD,
988 TLS1_2_VERSION,
989 TLS1_2_VERSION,
990 DTLS1_2_VERSION,
991 DTLS1_2_VERSION,
992 SSL_NOT_DEFAULT | SSL_MEDIUM,
993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
994 64, /* CCM8 uses a short tag, so we have a low security strength */
995 256,
996 },
997 {
998 1,
999 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
1000 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
1001 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
1002 SSL_kDHEPSK,
1003 SSL_aPSK,
1004 SSL_AES128CCM8,
1005 SSL_AEAD,
1006 TLS1_2_VERSION,
1007 TLS1_2_VERSION,
1008 DTLS1_2_VERSION,
1009 DTLS1_2_VERSION,
1010 SSL_NOT_DEFAULT | SSL_MEDIUM,
1011 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1012 64, /* CCM8 uses a short tag, so we have a low security strength */
1013 128,
1014 },
1015 {
1016 1,
1017 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
1018 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
1019 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
1020 SSL_kDHEPSK,
1021 SSL_aPSK,
1022 SSL_AES256CCM8,
1023 SSL_AEAD,
1024 TLS1_2_VERSION,
1025 TLS1_2_VERSION,
1026 DTLS1_2_VERSION,
1027 DTLS1_2_VERSION,
1028 SSL_NOT_DEFAULT | SSL_MEDIUM,
1029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1030 64, /* CCM8 uses a short tag, so we have a low security strength */
1031 256,
1032 },
1033 {
1034 1,
1035 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
1036 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
1037 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
1038 SSL_kECDHE,
1039 SSL_aECDSA,
1040 SSL_AES128CCM,
1041 SSL_AEAD,
1042 TLS1_2_VERSION,
1043 TLS1_2_VERSION,
1044 DTLS1_2_VERSION,
1045 DTLS1_2_VERSION,
1046 SSL_NOT_DEFAULT | SSL_HIGH,
1047 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1048 128,
1049 128,
1050 },
1051 {
1052 1,
1053 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
1054 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
1055 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
1056 SSL_kECDHE,
1057 SSL_aECDSA,
1058 SSL_AES256CCM,
1059 SSL_AEAD,
1060 TLS1_2_VERSION,
1061 TLS1_2_VERSION,
1062 DTLS1_2_VERSION,
1063 DTLS1_2_VERSION,
1064 SSL_NOT_DEFAULT | SSL_HIGH,
1065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1066 256,
1067 256,
1068 },
1069 {
1070 1,
1071 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
1072 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
1073 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
1074 SSL_kECDHE,
1075 SSL_aECDSA,
1076 SSL_AES128CCM8,
1077 SSL_AEAD,
1078 TLS1_2_VERSION,
1079 TLS1_2_VERSION,
1080 DTLS1_2_VERSION,
1081 DTLS1_2_VERSION,
1082 SSL_NOT_DEFAULT | SSL_MEDIUM,
1083 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1084 64, /* CCM8 uses a short tag, so we have a low security strength */
1085 128,
1086 },
1087 {
1088 1,
1089 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
1090 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
1091 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
1092 SSL_kECDHE,
1093 SSL_aECDSA,
1094 SSL_AES256CCM8,
1095 SSL_AEAD,
1096 TLS1_2_VERSION,
1097 TLS1_2_VERSION,
1098 DTLS1_2_VERSION,
1099 DTLS1_2_VERSION,
1100 SSL_NOT_DEFAULT | SSL_MEDIUM,
1101 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1102 64, /* CCM8 uses a short tag, so we have a low security strength */
1103 256,
1104 },
1105 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1106 {
1107 1,
1108 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1109 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
1110 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1111 SSL_kECDHE,
1112 SSL_aECDSA,
1113 SSL_eNULL,
1114 SSL_SHA1,
1115 TLS1_VERSION,
1116 TLS1_2_VERSION,
1117 DTLS1_BAD_VER,
1118 DTLS1_2_VERSION,
1119 SSL_STRONG_NONE | SSL_FIPS,
1120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1121 0,
1122 0,
1123 },
1124 #endif
1125 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1126 {
1127 1,
1128 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1129 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1130 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1131 SSL_kECDHE,
1132 SSL_aECDSA,
1133 SSL_3DES,
1134 SSL_SHA1,
1135 TLS1_VERSION,
1136 TLS1_2_VERSION,
1137 DTLS1_BAD_VER,
1138 DTLS1_2_VERSION,
1139 SSL_NOT_DEFAULT | SSL_MEDIUM,
1140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1141 112,
1142 168,
1143 },
1144 #endif
1145 {
1146 1,
1147 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1148 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1149 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1150 SSL_kECDHE,
1151 SSL_aECDSA,
1152 SSL_AES128,
1153 SSL_SHA1,
1154 TLS1_VERSION,
1155 TLS1_2_VERSION,
1156 DTLS1_BAD_VER,
1157 DTLS1_2_VERSION,
1158 SSL_HIGH | SSL_FIPS,
1159 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1160 128,
1161 128,
1162 },
1163 {
1164 1,
1165 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1166 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1167 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1168 SSL_kECDHE,
1169 SSL_aECDSA,
1170 SSL_AES256,
1171 SSL_SHA1,
1172 TLS1_VERSION,
1173 TLS1_2_VERSION,
1174 DTLS1_BAD_VER,
1175 DTLS1_2_VERSION,
1176 SSL_HIGH | SSL_FIPS,
1177 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1178 256,
1179 256,
1180 },
1181 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1182 {
1183 1,
1184 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1185 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1186 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1187 SSL_kECDHE,
1188 SSL_aRSA,
1189 SSL_eNULL,
1190 SSL_SHA1,
1191 TLS1_VERSION,
1192 TLS1_2_VERSION,
1193 DTLS1_BAD_VER,
1194 DTLS1_2_VERSION,
1195 SSL_STRONG_NONE | SSL_FIPS,
1196 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1197 0,
1198 0,
1199 },
1200 #endif
1201 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1202 {
1203 1,
1204 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1205 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1206 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1207 SSL_kECDHE,
1208 SSL_aRSA,
1209 SSL_3DES,
1210 SSL_SHA1,
1211 TLS1_VERSION,
1212 TLS1_2_VERSION,
1213 DTLS1_BAD_VER,
1214 DTLS1_2_VERSION,
1215 SSL_NOT_DEFAULT | SSL_MEDIUM,
1216 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1217 112,
1218 168,
1219 },
1220 #endif
1221 {
1222 1,
1223 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1224 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1225 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1226 SSL_kECDHE,
1227 SSL_aRSA,
1228 SSL_AES128,
1229 SSL_SHA1,
1230 TLS1_VERSION,
1231 TLS1_2_VERSION,
1232 DTLS1_BAD_VER,
1233 DTLS1_2_VERSION,
1234 SSL_HIGH | SSL_FIPS,
1235 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1236 128,
1237 128,
1238 },
1239 {
1240 1,
1241 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1242 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1243 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1244 SSL_kECDHE,
1245 SSL_aRSA,
1246 SSL_AES256,
1247 SSL_SHA1,
1248 TLS1_VERSION,
1249 TLS1_2_VERSION,
1250 DTLS1_BAD_VER,
1251 DTLS1_2_VERSION,
1252 SSL_HIGH | SSL_FIPS,
1253 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1254 256,
1255 256,
1256 },
1257 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1258 {
1259 1,
1260 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1261 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1262 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1263 SSL_kECDHE,
1264 SSL_aNULL,
1265 SSL_eNULL,
1266 SSL_SHA1,
1267 TLS1_VERSION,
1268 TLS1_2_VERSION,
1269 DTLS1_BAD_VER,
1270 DTLS1_2_VERSION,
1271 SSL_STRONG_NONE | SSL_FIPS,
1272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1273 0,
1274 0,
1275 },
1276 #endif
1277 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1278 {
1279 1,
1280 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1281 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1282 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1283 SSL_kECDHE,
1284 SSL_aNULL,
1285 SSL_3DES,
1286 SSL_SHA1,
1287 TLS1_VERSION,
1288 TLS1_2_VERSION,
1289 DTLS1_BAD_VER,
1290 DTLS1_2_VERSION,
1291 SSL_NOT_DEFAULT | SSL_MEDIUM,
1292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1293 112,
1294 168,
1295 },
1296 #endif
1297 {
1298 1,
1299 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1300 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1301 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1302 SSL_kECDHE,
1303 SSL_aNULL,
1304 SSL_AES128,
1305 SSL_SHA1,
1306 TLS1_VERSION,
1307 TLS1_2_VERSION,
1308 DTLS1_BAD_VER,
1309 DTLS1_2_VERSION,
1310 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1311 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1312 128,
1313 128,
1314 },
1315 {
1316 1,
1317 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1318 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1319 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1320 SSL_kECDHE,
1321 SSL_aNULL,
1322 SSL_AES256,
1323 SSL_SHA1,
1324 TLS1_VERSION,
1325 TLS1_2_VERSION,
1326 DTLS1_BAD_VER,
1327 DTLS1_2_VERSION,
1328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1330 256,
1331 256,
1332 },
1333 {
1334 1,
1335 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1336 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1337 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1338 SSL_kECDHE,
1339 SSL_aECDSA,
1340 SSL_AES128,
1341 SSL_SHA256,
1342 TLS1_2_VERSION,
1343 TLS1_2_VERSION,
1344 DTLS1_2_VERSION,
1345 DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1348 128,
1349 128,
1350 },
1351 {
1352 1,
1353 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1354 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1355 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1356 SSL_kECDHE,
1357 SSL_aECDSA,
1358 SSL_AES256,
1359 SSL_SHA384,
1360 TLS1_2_VERSION,
1361 TLS1_2_VERSION,
1362 DTLS1_2_VERSION,
1363 DTLS1_2_VERSION,
1364 SSL_HIGH | SSL_FIPS,
1365 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1366 256,
1367 256,
1368 },
1369 {
1370 1,
1371 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1372 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1373 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1374 SSL_kECDHE,
1375 SSL_aRSA,
1376 SSL_AES128,
1377 SSL_SHA256,
1378 TLS1_2_VERSION,
1379 TLS1_2_VERSION,
1380 DTLS1_2_VERSION,
1381 DTLS1_2_VERSION,
1382 SSL_HIGH | SSL_FIPS,
1383 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1384 128,
1385 128,
1386 },
1387 {
1388 1,
1389 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1390 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1391 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1392 SSL_kECDHE,
1393 SSL_aRSA,
1394 SSL_AES256,
1395 SSL_SHA384,
1396 TLS1_2_VERSION,
1397 TLS1_2_VERSION,
1398 DTLS1_2_VERSION,
1399 DTLS1_2_VERSION,
1400 SSL_HIGH | SSL_FIPS,
1401 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1402 256,
1403 256,
1404 },
1405 {
1406 1,
1407 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1408 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1409 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1410 SSL_kECDHE,
1411 SSL_aECDSA,
1412 SSL_AES128GCM,
1413 SSL_AEAD,
1414 TLS1_2_VERSION,
1415 TLS1_2_VERSION,
1416 DTLS1_2_VERSION,
1417 DTLS1_2_VERSION,
1418 SSL_HIGH | SSL_FIPS,
1419 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1420 128,
1421 128,
1422 },
1423 {
1424 1,
1425 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1426 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1427 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1428 SSL_kECDHE,
1429 SSL_aECDSA,
1430 SSL_AES256GCM,
1431 SSL_AEAD,
1432 TLS1_2_VERSION,
1433 TLS1_2_VERSION,
1434 DTLS1_2_VERSION,
1435 DTLS1_2_VERSION,
1436 SSL_HIGH | SSL_FIPS,
1437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1438 256,
1439 256,
1440 },
1441 {
1442 1,
1443 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1444 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1445 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1446 SSL_kECDHE,
1447 SSL_aRSA,
1448 SSL_AES128GCM,
1449 SSL_AEAD,
1450 TLS1_2_VERSION,
1451 TLS1_2_VERSION,
1452 DTLS1_2_VERSION,
1453 DTLS1_2_VERSION,
1454 SSL_HIGH | SSL_FIPS,
1455 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1456 128,
1457 128,
1458 },
1459 {
1460 1,
1461 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1462 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1463 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1464 SSL_kECDHE,
1465 SSL_aRSA,
1466 SSL_AES256GCM,
1467 SSL_AEAD,
1468 TLS1_2_VERSION,
1469 TLS1_2_VERSION,
1470 DTLS1_2_VERSION,
1471 DTLS1_2_VERSION,
1472 SSL_HIGH | SSL_FIPS,
1473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1474 256,
1475 256,
1476 },
1477 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1478 {
1479 1,
1480 TLS1_TXT_PSK_WITH_NULL_SHA,
1481 TLS1_RFC_PSK_WITH_NULL_SHA,
1482 TLS1_CK_PSK_WITH_NULL_SHA,
1483 SSL_kPSK,
1484 SSL_aPSK,
1485 SSL_eNULL,
1486 SSL_SHA1,
1487 SSL3_VERSION,
1488 TLS1_2_VERSION,
1489 DTLS1_BAD_VER,
1490 DTLS1_2_VERSION,
1491 SSL_STRONG_NONE | SSL_FIPS,
1492 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1493 0,
1494 0,
1495 },
1496 {
1497 1,
1498 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1499 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1500 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1501 SSL_kDHEPSK,
1502 SSL_aPSK,
1503 SSL_eNULL,
1504 SSL_SHA1,
1505 SSL3_VERSION,
1506 TLS1_2_VERSION,
1507 DTLS1_BAD_VER,
1508 DTLS1_2_VERSION,
1509 SSL_STRONG_NONE | SSL_FIPS,
1510 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1511 0,
1512 0,
1513 },
1514 {
1515 1,
1516 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1517 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1518 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1519 SSL_kRSAPSK,
1520 SSL_aRSA,
1521 SSL_eNULL,
1522 SSL_SHA1,
1523 SSL3_VERSION,
1524 TLS1_2_VERSION,
1525 DTLS1_BAD_VER,
1526 DTLS1_2_VERSION,
1527 SSL_STRONG_NONE | SSL_FIPS,
1528 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1529 0,
1530 0,
1531 },
1532 #endif
1533 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1534 {
1535 1,
1536 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1537 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1538 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1539 SSL_kPSK,
1540 SSL_aPSK,
1541 SSL_3DES,
1542 SSL_SHA1,
1543 SSL3_VERSION,
1544 TLS1_2_VERSION,
1545 DTLS1_BAD_VER,
1546 DTLS1_2_VERSION,
1547 SSL_NOT_DEFAULT | SSL_MEDIUM,
1548 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1549 112,
1550 168,
1551 },
1552 #endif
1553 {
1554 1,
1555 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1556 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1557 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1558 SSL_kPSK,
1559 SSL_aPSK,
1560 SSL_AES128,
1561 SSL_SHA1,
1562 SSL3_VERSION,
1563 TLS1_2_VERSION,
1564 DTLS1_BAD_VER,
1565 DTLS1_2_VERSION,
1566 SSL_HIGH | SSL_FIPS,
1567 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1568 128,
1569 128,
1570 },
1571 {
1572 1,
1573 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1574 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1575 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1576 SSL_kPSK,
1577 SSL_aPSK,
1578 SSL_AES256,
1579 SSL_SHA1,
1580 SSL3_VERSION,
1581 TLS1_2_VERSION,
1582 DTLS1_BAD_VER,
1583 DTLS1_2_VERSION,
1584 SSL_HIGH | SSL_FIPS,
1585 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586 256,
1587 256,
1588 },
1589 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1590 {
1591 1,
1592 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1593 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1594 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1595 SSL_kDHEPSK,
1596 SSL_aPSK,
1597 SSL_3DES,
1598 SSL_SHA1,
1599 SSL3_VERSION,
1600 TLS1_2_VERSION,
1601 DTLS1_BAD_VER,
1602 DTLS1_2_VERSION,
1603 SSL_NOT_DEFAULT | SSL_MEDIUM,
1604 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1605 112,
1606 168,
1607 },
1608 #endif
1609 {
1610 1,
1611 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1612 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1613 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1614 SSL_kDHEPSK,
1615 SSL_aPSK,
1616 SSL_AES128,
1617 SSL_SHA1,
1618 SSL3_VERSION,
1619 TLS1_2_VERSION,
1620 DTLS1_BAD_VER,
1621 DTLS1_2_VERSION,
1622 SSL_HIGH | SSL_FIPS,
1623 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1624 128,
1625 128,
1626 },
1627 {
1628 1,
1629 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1630 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1631 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1632 SSL_kDHEPSK,
1633 SSL_aPSK,
1634 SSL_AES256,
1635 SSL_SHA1,
1636 SSL3_VERSION,
1637 TLS1_2_VERSION,
1638 DTLS1_BAD_VER,
1639 DTLS1_2_VERSION,
1640 SSL_HIGH | SSL_FIPS,
1641 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1642 256,
1643 256,
1644 },
1645 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1646 {
1647 1,
1648 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1649 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1650 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1651 SSL_kRSAPSK,
1652 SSL_aRSA,
1653 SSL_3DES,
1654 SSL_SHA1,
1655 SSL3_VERSION,
1656 TLS1_2_VERSION,
1657 DTLS1_BAD_VER,
1658 DTLS1_2_VERSION,
1659 SSL_NOT_DEFAULT | SSL_MEDIUM,
1660 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1661 112,
1662 168,
1663 },
1664 #endif
1665 {
1666 1,
1667 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1668 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1669 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1670 SSL_kRSAPSK,
1671 SSL_aRSA,
1672 SSL_AES128,
1673 SSL_SHA1,
1674 SSL3_VERSION,
1675 TLS1_2_VERSION,
1676 DTLS1_BAD_VER,
1677 DTLS1_2_VERSION,
1678 SSL_HIGH | SSL_FIPS,
1679 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1680 128,
1681 128,
1682 },
1683 {
1684 1,
1685 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1686 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1687 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1688 SSL_kRSAPSK,
1689 SSL_aRSA,
1690 SSL_AES256,
1691 SSL_SHA1,
1692 SSL3_VERSION,
1693 TLS1_2_VERSION,
1694 DTLS1_BAD_VER,
1695 DTLS1_2_VERSION,
1696 SSL_HIGH | SSL_FIPS,
1697 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1698 256,
1699 256,
1700 },
1701 {
1702 1,
1703 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1704 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1705 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1706 SSL_kPSK,
1707 SSL_aPSK,
1708 SSL_AES128GCM,
1709 SSL_AEAD,
1710 TLS1_2_VERSION,
1711 TLS1_2_VERSION,
1712 DTLS1_2_VERSION,
1713 DTLS1_2_VERSION,
1714 SSL_HIGH | SSL_FIPS,
1715 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1716 128,
1717 128,
1718 },
1719 {
1720 1,
1721 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1722 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1723 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1724 SSL_kPSK,
1725 SSL_aPSK,
1726 SSL_AES256GCM,
1727 SSL_AEAD,
1728 TLS1_2_VERSION,
1729 TLS1_2_VERSION,
1730 DTLS1_2_VERSION,
1731 DTLS1_2_VERSION,
1732 SSL_HIGH | SSL_FIPS,
1733 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1734 256,
1735 256,
1736 },
1737 {
1738 1,
1739 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1740 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1741 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1742 SSL_kDHEPSK,
1743 SSL_aPSK,
1744 SSL_AES128GCM,
1745 SSL_AEAD,
1746 TLS1_2_VERSION,
1747 TLS1_2_VERSION,
1748 DTLS1_2_VERSION,
1749 DTLS1_2_VERSION,
1750 SSL_HIGH | SSL_FIPS,
1751 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1752 128,
1753 128,
1754 },
1755 {
1756 1,
1757 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1758 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1759 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1760 SSL_kDHEPSK,
1761 SSL_aPSK,
1762 SSL_AES256GCM,
1763 SSL_AEAD,
1764 TLS1_2_VERSION,
1765 TLS1_2_VERSION,
1766 DTLS1_2_VERSION,
1767 DTLS1_2_VERSION,
1768 SSL_HIGH | SSL_FIPS,
1769 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1770 256,
1771 256,
1772 },
1773 {
1774 1,
1775 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1776 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1777 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1778 SSL_kRSAPSK,
1779 SSL_aRSA,
1780 SSL_AES128GCM,
1781 SSL_AEAD,
1782 TLS1_2_VERSION,
1783 TLS1_2_VERSION,
1784 DTLS1_2_VERSION,
1785 DTLS1_2_VERSION,
1786 SSL_HIGH | SSL_FIPS,
1787 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1788 128,
1789 128,
1790 },
1791 {
1792 1,
1793 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1794 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1795 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1796 SSL_kRSAPSK,
1797 SSL_aRSA,
1798 SSL_AES256GCM,
1799 SSL_AEAD,
1800 TLS1_2_VERSION,
1801 TLS1_2_VERSION,
1802 DTLS1_2_VERSION,
1803 DTLS1_2_VERSION,
1804 SSL_HIGH | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1806 256,
1807 256,
1808 },
1809 {
1810 1,
1811 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1813 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1814 SSL_kPSK,
1815 SSL_aPSK,
1816 SSL_AES128,
1817 SSL_SHA256,
1818 TLS1_VERSION,
1819 TLS1_2_VERSION,
1820 DTLS1_BAD_VER,
1821 DTLS1_2_VERSION,
1822 SSL_HIGH | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1824 128,
1825 128,
1826 },
1827 {
1828 1,
1829 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1831 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1832 SSL_kPSK,
1833 SSL_aPSK,
1834 SSL_AES256,
1835 SSL_SHA384,
1836 TLS1_VERSION,
1837 TLS1_2_VERSION,
1838 DTLS1_BAD_VER,
1839 DTLS1_2_VERSION,
1840 SSL_HIGH | SSL_FIPS,
1841 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1842 256,
1843 256,
1844 },
1845 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1846 {
1847 1,
1848 TLS1_TXT_PSK_WITH_NULL_SHA256,
1849 TLS1_RFC_PSK_WITH_NULL_SHA256,
1850 TLS1_CK_PSK_WITH_NULL_SHA256,
1851 SSL_kPSK,
1852 SSL_aPSK,
1853 SSL_eNULL,
1854 SSL_SHA256,
1855 TLS1_VERSION,
1856 TLS1_2_VERSION,
1857 DTLS1_BAD_VER,
1858 DTLS1_2_VERSION,
1859 SSL_STRONG_NONE | SSL_FIPS,
1860 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1861 0,
1862 0,
1863 },
1864 {
1865 1,
1866 TLS1_TXT_PSK_WITH_NULL_SHA384,
1867 TLS1_RFC_PSK_WITH_NULL_SHA384,
1868 TLS1_CK_PSK_WITH_NULL_SHA384,
1869 SSL_kPSK,
1870 SSL_aPSK,
1871 SSL_eNULL,
1872 SSL_SHA384,
1873 TLS1_VERSION,
1874 TLS1_2_VERSION,
1875 DTLS1_BAD_VER,
1876 DTLS1_2_VERSION,
1877 SSL_STRONG_NONE | SSL_FIPS,
1878 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1879 0,
1880 0,
1881 },
1882 #endif
1883 {
1884 1,
1885 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1886 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1887 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1888 SSL_kDHEPSK,
1889 SSL_aPSK,
1890 SSL_AES128,
1891 SSL_SHA256,
1892 TLS1_VERSION,
1893 TLS1_2_VERSION,
1894 DTLS1_BAD_VER,
1895 DTLS1_2_VERSION,
1896 SSL_HIGH | SSL_FIPS,
1897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1898 128,
1899 128,
1900 },
1901 {
1902 1,
1903 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1904 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1905 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1906 SSL_kDHEPSK,
1907 SSL_aPSK,
1908 SSL_AES256,
1909 SSL_SHA384,
1910 TLS1_VERSION,
1911 TLS1_2_VERSION,
1912 DTLS1_BAD_VER,
1913 DTLS1_2_VERSION,
1914 SSL_HIGH | SSL_FIPS,
1915 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1916 256,
1917 256,
1918 },
1919 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1920 {
1921 1,
1922 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1923 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1924 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1925 SSL_kDHEPSK,
1926 SSL_aPSK,
1927 SSL_eNULL,
1928 SSL_SHA256,
1929 TLS1_VERSION,
1930 TLS1_2_VERSION,
1931 DTLS1_BAD_VER,
1932 DTLS1_2_VERSION,
1933 SSL_STRONG_NONE | SSL_FIPS,
1934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1935 0,
1936 0,
1937 },
1938 {
1939 1,
1940 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1941 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1942 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1943 SSL_kDHEPSK,
1944 SSL_aPSK,
1945 SSL_eNULL,
1946 SSL_SHA384,
1947 TLS1_VERSION,
1948 TLS1_2_VERSION,
1949 DTLS1_BAD_VER,
1950 DTLS1_2_VERSION,
1951 SSL_STRONG_NONE | SSL_FIPS,
1952 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1953 0,
1954 0,
1955 },
1956 #endif
1957 {
1958 1,
1959 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1960 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1961 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1962 SSL_kRSAPSK,
1963 SSL_aRSA,
1964 SSL_AES128,
1965 SSL_SHA256,
1966 TLS1_VERSION,
1967 TLS1_2_VERSION,
1968 DTLS1_BAD_VER,
1969 DTLS1_2_VERSION,
1970 SSL_HIGH | SSL_FIPS,
1971 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1972 128,
1973 128,
1974 },
1975 {
1976 1,
1977 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1978 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1979 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1980 SSL_kRSAPSK,
1981 SSL_aRSA,
1982 SSL_AES256,
1983 SSL_SHA384,
1984 TLS1_VERSION,
1985 TLS1_2_VERSION,
1986 DTLS1_BAD_VER,
1987 DTLS1_2_VERSION,
1988 SSL_HIGH | SSL_FIPS,
1989 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1990 256,
1991 256,
1992 },
1993 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1994 {
1995 1,
1996 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1997 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1998 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1999 SSL_kRSAPSK,
2000 SSL_aRSA,
2001 SSL_eNULL,
2002 SSL_SHA256,
2003 TLS1_VERSION,
2004 TLS1_2_VERSION,
2005 DTLS1_BAD_VER,
2006 DTLS1_2_VERSION,
2007 SSL_STRONG_NONE | SSL_FIPS,
2008 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2009 0,
2010 0,
2011 },
2012 {
2013 1,
2014 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
2015 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
2016 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
2017 SSL_kRSAPSK,
2018 SSL_aRSA,
2019 SSL_eNULL,
2020 SSL_SHA384,
2021 TLS1_VERSION,
2022 TLS1_2_VERSION,
2023 DTLS1_BAD_VER,
2024 DTLS1_2_VERSION,
2025 SSL_STRONG_NONE | SSL_FIPS,
2026 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2027 0,
2028 0,
2029 },
2030 #endif
2031 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2032 {
2033 1,
2034 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2035 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2036 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2037 SSL_kECDHEPSK,
2038 SSL_aPSK,
2039 SSL_3DES,
2040 SSL_SHA1,
2041 TLS1_VERSION,
2042 TLS1_2_VERSION,
2043 DTLS1_BAD_VER,
2044 DTLS1_2_VERSION,
2045 SSL_NOT_DEFAULT | SSL_MEDIUM,
2046 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2047 112,
2048 168,
2049 },
2050 #endif
2051 {
2052 1,
2053 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2054 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2055 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2056 SSL_kECDHEPSK,
2057 SSL_aPSK,
2058 SSL_AES128,
2059 SSL_SHA1,
2060 TLS1_VERSION,
2061 TLS1_2_VERSION,
2062 DTLS1_BAD_VER,
2063 DTLS1_2_VERSION,
2064 SSL_HIGH | SSL_FIPS,
2065 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2066 128,
2067 128,
2068 },
2069 {
2070 1,
2071 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2072 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2073 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2074 SSL_kECDHEPSK,
2075 SSL_aPSK,
2076 SSL_AES256,
2077 SSL_SHA1,
2078 TLS1_VERSION,
2079 TLS1_2_VERSION,
2080 DTLS1_BAD_VER,
2081 DTLS1_2_VERSION,
2082 SSL_HIGH | SSL_FIPS,
2083 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2084 256,
2085 256,
2086 },
2087 {
2088 1,
2089 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2090 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2091 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2092 SSL_kECDHEPSK,
2093 SSL_aPSK,
2094 SSL_AES128,
2095 SSL_SHA256,
2096 TLS1_VERSION,
2097 TLS1_2_VERSION,
2098 DTLS1_BAD_VER,
2099 DTLS1_2_VERSION,
2100 SSL_HIGH | SSL_FIPS,
2101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2102 128,
2103 128,
2104 },
2105 {
2106 1,
2107 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2108 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2109 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2110 SSL_kECDHEPSK,
2111 SSL_aPSK,
2112 SSL_AES256,
2113 SSL_SHA384,
2114 TLS1_VERSION,
2115 TLS1_2_VERSION,
2116 DTLS1_BAD_VER,
2117 DTLS1_2_VERSION,
2118 SSL_HIGH | SSL_FIPS,
2119 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2120 256,
2121 256,
2122 },
2123 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2124 {
2125 1,
2126 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
2127 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
2128 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
2129 SSL_kECDHEPSK,
2130 SSL_aPSK,
2131 SSL_eNULL,
2132 SSL_SHA1,
2133 TLS1_VERSION,
2134 TLS1_2_VERSION,
2135 DTLS1_BAD_VER,
2136 DTLS1_2_VERSION,
2137 SSL_STRONG_NONE | SSL_FIPS,
2138 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2139 0,
2140 0,
2141 },
2142 {
2143 1,
2144 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
2145 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
2146 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
2147 SSL_kECDHEPSK,
2148 SSL_aPSK,
2149 SSL_eNULL,
2150 SSL_SHA256,
2151 TLS1_VERSION,
2152 TLS1_2_VERSION,
2153 DTLS1_BAD_VER,
2154 DTLS1_2_VERSION,
2155 SSL_STRONG_NONE | SSL_FIPS,
2156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2157 0,
2158 0,
2159 },
2160 {
2161 1,
2162 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
2163 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
2164 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
2165 SSL_kECDHEPSK,
2166 SSL_aPSK,
2167 SSL_eNULL,
2168 SSL_SHA384,
2169 TLS1_VERSION,
2170 TLS1_2_VERSION,
2171 DTLS1_BAD_VER,
2172 DTLS1_2_VERSION,
2173 SSL_STRONG_NONE | SSL_FIPS,
2174 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2175 0,
2176 0,
2177 },
2178 #endif
2179 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2180 {
2181 1,
2182 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2183 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2184 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2185 SSL_kSRP,
2186 SSL_aSRP,
2187 SSL_3DES,
2188 SSL_SHA1,
2189 SSL3_VERSION,
2190 TLS1_2_VERSION,
2191 DTLS1_BAD_VER,
2192 DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_MEDIUM,
2194 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2195 112,
2196 168,
2197 },
2198 {
2199 1,
2200 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2201 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2202 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2203 SSL_kSRP,
2204 SSL_aRSA,
2205 SSL_3DES,
2206 SSL_SHA1,
2207 SSL3_VERSION,
2208 TLS1_2_VERSION,
2209 DTLS1_BAD_VER,
2210 DTLS1_2_VERSION,
2211 SSL_NOT_DEFAULT | SSL_MEDIUM,
2212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2213 112,
2214 168,
2215 },
2216 {
2217 1,
2218 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2219 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2220 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2221 SSL_kSRP,
2222 SSL_aDSS,
2223 SSL_3DES,
2224 SSL_SHA1,
2225 SSL3_VERSION,
2226 TLS1_2_VERSION,
2227 DTLS1_BAD_VER,
2228 DTLS1_2_VERSION,
2229 SSL_NOT_DEFAULT | SSL_MEDIUM,
2230 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2231 112,
2232 168,
2233 },
2234 #endif
2235 {
2236 1,
2237 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2238 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
2239 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2240 SSL_kSRP,
2241 SSL_aSRP,
2242 SSL_AES128,
2243 SSL_SHA1,
2244 SSL3_VERSION,
2245 TLS1_2_VERSION,
2246 DTLS1_BAD_VER,
2247 DTLS1_2_VERSION,
2248 SSL_HIGH,
2249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2250 128,
2251 128,
2252 },
2253 {
2254 1,
2255 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2256 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2257 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2258 SSL_kSRP,
2259 SSL_aRSA,
2260 SSL_AES128,
2261 SSL_SHA1,
2262 SSL3_VERSION,
2263 TLS1_2_VERSION,
2264 DTLS1_BAD_VER,
2265 DTLS1_2_VERSION,
2266 SSL_HIGH,
2267 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2268 128,
2269 128,
2270 },
2271 {
2272 1,
2273 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2274 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2275 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2276 SSL_kSRP,
2277 SSL_aDSS,
2278 SSL_AES128,
2279 SSL_SHA1,
2280 SSL3_VERSION,
2281 TLS1_2_VERSION,
2282 DTLS1_BAD_VER,
2283 DTLS1_2_VERSION,
2284 SSL_NOT_DEFAULT | SSL_HIGH,
2285 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2286 128,
2287 128,
2288 },
2289 {
2290 1,
2291 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2292 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2293 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2294 SSL_kSRP,
2295 SSL_aSRP,
2296 SSL_AES256,
2297 SSL_SHA1,
2298 SSL3_VERSION,
2299 TLS1_2_VERSION,
2300 DTLS1_BAD_VER,
2301 DTLS1_2_VERSION,
2302 SSL_HIGH,
2303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2304 256,
2305 256,
2306 },
2307 {
2308 1,
2309 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2310 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2311 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2312 SSL_kSRP,
2313 SSL_aRSA,
2314 SSL_AES256,
2315 SSL_SHA1,
2316 SSL3_VERSION,
2317 TLS1_2_VERSION,
2318 DTLS1_BAD_VER,
2319 DTLS1_2_VERSION,
2320 SSL_HIGH,
2321 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2322 256,
2323 256,
2324 },
2325 {
2326 1,
2327 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2328 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2329 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2330 SSL_kSRP,
2331 SSL_aDSS,
2332 SSL_AES256,
2333 SSL_SHA1,
2334 SSL3_VERSION,
2335 TLS1_2_VERSION,
2336 DTLS1_BAD_VER,
2337 DTLS1_2_VERSION,
2338 SSL_NOT_DEFAULT | SSL_HIGH,
2339 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2340 256,
2341 256,
2342 },
2343
2344 {
2345 1,
2346 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2347 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2348 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2349 SSL_kDHE,
2350 SSL_aRSA,
2351 SSL_CHACHA20POLY1305,
2352 SSL_AEAD,
2353 TLS1_2_VERSION,
2354 TLS1_2_VERSION,
2355 DTLS1_2_VERSION,
2356 DTLS1_2_VERSION,
2357 SSL_HIGH,
2358 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2359 256,
2360 256,
2361 },
2362 {
2363 1,
2364 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2365 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2366 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2367 SSL_kECDHE,
2368 SSL_aRSA,
2369 SSL_CHACHA20POLY1305,
2370 SSL_AEAD,
2371 TLS1_2_VERSION,
2372 TLS1_2_VERSION,
2373 DTLS1_2_VERSION,
2374 DTLS1_2_VERSION,
2375 SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2377 256,
2378 256,
2379 },
2380 {
2381 1,
2382 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2383 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2384 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2385 SSL_kECDHE,
2386 SSL_aECDSA,
2387 SSL_CHACHA20POLY1305,
2388 SSL_AEAD,
2389 TLS1_2_VERSION,
2390 TLS1_2_VERSION,
2391 DTLS1_2_VERSION,
2392 DTLS1_2_VERSION,
2393 SSL_HIGH,
2394 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2395 256,
2396 256,
2397 },
2398 {
2399 1,
2400 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2401 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2402 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2403 SSL_kPSK,
2404 SSL_aPSK,
2405 SSL_CHACHA20POLY1305,
2406 SSL_AEAD,
2407 TLS1_2_VERSION,
2408 TLS1_2_VERSION,
2409 DTLS1_2_VERSION,
2410 DTLS1_2_VERSION,
2411 SSL_HIGH,
2412 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2413 256,
2414 256,
2415 },
2416 {
2417 1,
2418 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2419 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2420 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2421 SSL_kECDHEPSK,
2422 SSL_aPSK,
2423 SSL_CHACHA20POLY1305,
2424 SSL_AEAD,
2425 TLS1_2_VERSION,
2426 TLS1_2_VERSION,
2427 DTLS1_2_VERSION,
2428 DTLS1_2_VERSION,
2429 SSL_HIGH,
2430 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2431 256,
2432 256,
2433 },
2434 {
2435 1,
2436 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2437 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2438 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2439 SSL_kDHEPSK,
2440 SSL_aPSK,
2441 SSL_CHACHA20POLY1305,
2442 SSL_AEAD,
2443 TLS1_2_VERSION,
2444 TLS1_2_VERSION,
2445 DTLS1_2_VERSION,
2446 DTLS1_2_VERSION,
2447 SSL_HIGH,
2448 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2449 256,
2450 256,
2451 },
2452 {
2453 1,
2454 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2455 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2456 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2457 SSL_kRSAPSK,
2458 SSL_aRSA,
2459 SSL_CHACHA20POLY1305,
2460 SSL_AEAD,
2461 TLS1_2_VERSION,
2462 TLS1_2_VERSION,
2463 DTLS1_2_VERSION,
2464 DTLS1_2_VERSION,
2465 SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2467 256,
2468 256,
2469 },
2470
2471 {
2472 1,
2473 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2474 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2475 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2476 SSL_kRSA,
2477 SSL_aRSA,
2478 SSL_CAMELLIA128,
2479 SSL_SHA256,
2480 TLS1_2_VERSION,
2481 TLS1_2_VERSION,
2482 DTLS1_2_VERSION,
2483 DTLS1_2_VERSION,
2484 SSL_NOT_DEFAULT | SSL_HIGH,
2485 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2486 128,
2487 128,
2488 },
2489 {
2490 1,
2491 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2492 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2493 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2494 SSL_kDHE,
2495 SSL_aDSS,
2496 SSL_CAMELLIA128,
2497 SSL_SHA256,
2498 TLS1_2_VERSION,
2499 TLS1_2_VERSION,
2500 DTLS1_2_VERSION,
2501 DTLS1_2_VERSION,
2502 SSL_NOT_DEFAULT | SSL_HIGH,
2503 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2504 128,
2505 128,
2506 },
2507 {
2508 1,
2509 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2510 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2511 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2512 SSL_kDHE,
2513 SSL_aRSA,
2514 SSL_CAMELLIA128,
2515 SSL_SHA256,
2516 TLS1_2_VERSION,
2517 TLS1_2_VERSION,
2518 DTLS1_2_VERSION,
2519 DTLS1_2_VERSION,
2520 SSL_NOT_DEFAULT | SSL_HIGH,
2521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2522 128,
2523 128,
2524 },
2525 {
2526 1,
2527 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2528 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2529 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2530 SSL_kDHE,
2531 SSL_aNULL,
2532 SSL_CAMELLIA128,
2533 SSL_SHA256,
2534 TLS1_2_VERSION,
2535 TLS1_2_VERSION,
2536 DTLS1_2_VERSION,
2537 DTLS1_2_VERSION,
2538 SSL_NOT_DEFAULT | SSL_HIGH,
2539 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2540 128,
2541 128,
2542 },
2543 {
2544 1,
2545 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2546 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2547 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2548 SSL_kRSA,
2549 SSL_aRSA,
2550 SSL_CAMELLIA256,
2551 SSL_SHA256,
2552 TLS1_2_VERSION,
2553 TLS1_2_VERSION,
2554 DTLS1_2_VERSION,
2555 DTLS1_2_VERSION,
2556 SSL_NOT_DEFAULT | SSL_HIGH,
2557 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2558 256,
2559 256,
2560 },
2561 {
2562 1,
2563 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2564 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2565 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2566 SSL_kDHE,
2567 SSL_aDSS,
2568 SSL_CAMELLIA256,
2569 SSL_SHA256,
2570 TLS1_2_VERSION,
2571 TLS1_2_VERSION,
2572 DTLS1_2_VERSION,
2573 DTLS1_2_VERSION,
2574 SSL_NOT_DEFAULT | SSL_HIGH,
2575 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2576 256,
2577 256,
2578 },
2579 {
2580 1,
2581 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2582 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2583 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2584 SSL_kDHE,
2585 SSL_aRSA,
2586 SSL_CAMELLIA256,
2587 SSL_SHA256,
2588 TLS1_2_VERSION,
2589 TLS1_2_VERSION,
2590 DTLS1_2_VERSION,
2591 DTLS1_2_VERSION,
2592 SSL_NOT_DEFAULT | SSL_HIGH,
2593 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2594 256,
2595 256,
2596 },
2597 {
2598 1,
2599 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2600 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2601 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2602 SSL_kDHE,
2603 SSL_aNULL,
2604 SSL_CAMELLIA256,
2605 SSL_SHA256,
2606 TLS1_2_VERSION,
2607 TLS1_2_VERSION,
2608 DTLS1_2_VERSION,
2609 DTLS1_2_VERSION,
2610 SSL_NOT_DEFAULT | SSL_HIGH,
2611 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2612 256,
2613 256,
2614 },
2615 {
2616 1,
2617 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2618 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2619 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2620 SSL_kRSA,
2621 SSL_aRSA,
2622 SSL_CAMELLIA256,
2623 SSL_SHA1,
2624 SSL3_VERSION,
2625 TLS1_2_VERSION,
2626 DTLS1_BAD_VER,
2627 DTLS1_2_VERSION,
2628 SSL_NOT_DEFAULT | SSL_HIGH,
2629 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2630 256,
2631 256,
2632 },
2633 {
2634 1,
2635 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2636 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2637 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2638 SSL_kDHE,
2639 SSL_aDSS,
2640 SSL_CAMELLIA256,
2641 SSL_SHA1,
2642 SSL3_VERSION,
2643 TLS1_2_VERSION,
2644 DTLS1_BAD_VER,
2645 DTLS1_2_VERSION,
2646 SSL_NOT_DEFAULT | SSL_HIGH,
2647 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2648 256,
2649 256,
2650 },
2651 {
2652 1,
2653 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2654 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2655 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2656 SSL_kDHE,
2657 SSL_aRSA,
2658 SSL_CAMELLIA256,
2659 SSL_SHA1,
2660 SSL3_VERSION,
2661 TLS1_2_VERSION,
2662 DTLS1_BAD_VER,
2663 DTLS1_2_VERSION,
2664 SSL_NOT_DEFAULT | SSL_HIGH,
2665 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2666 256,
2667 256,
2668 },
2669 {
2670 1,
2671 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2672 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2673 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2674 SSL_kDHE,
2675 SSL_aNULL,
2676 SSL_CAMELLIA256,
2677 SSL_SHA1,
2678 SSL3_VERSION,
2679 TLS1_2_VERSION,
2680 DTLS1_BAD_VER,
2681 DTLS1_2_VERSION,
2682 SSL_NOT_DEFAULT | SSL_HIGH,
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2684 256,
2685 256,
2686 },
2687 {
2688 1,
2689 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2690 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2691 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2692 SSL_kRSA,
2693 SSL_aRSA,
2694 SSL_CAMELLIA128,
2695 SSL_SHA1,
2696 SSL3_VERSION,
2697 TLS1_2_VERSION,
2698 DTLS1_BAD_VER,
2699 DTLS1_2_VERSION,
2700 SSL_NOT_DEFAULT | SSL_HIGH,
2701 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2702 128,
2703 128,
2704 },
2705 {
2706 1,
2707 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2708 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2709 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2710 SSL_kDHE,
2711 SSL_aDSS,
2712 SSL_CAMELLIA128,
2713 SSL_SHA1,
2714 SSL3_VERSION,
2715 TLS1_2_VERSION,
2716 DTLS1_BAD_VER,
2717 DTLS1_2_VERSION,
2718 SSL_NOT_DEFAULT | SSL_HIGH,
2719 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2720 128,
2721 128,
2722 },
2723 {
2724 1,
2725 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2726 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2727 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2728 SSL_kDHE,
2729 SSL_aRSA,
2730 SSL_CAMELLIA128,
2731 SSL_SHA1,
2732 SSL3_VERSION,
2733 TLS1_2_VERSION,
2734 DTLS1_BAD_VER,
2735 DTLS1_2_VERSION,
2736 SSL_NOT_DEFAULT | SSL_HIGH,
2737 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2738 128,
2739 128,
2740 },
2741 {
2742 1,
2743 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2744 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2745 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2746 SSL_kDHE,
2747 SSL_aNULL,
2748 SSL_CAMELLIA128,
2749 SSL_SHA1,
2750 SSL3_VERSION,
2751 TLS1_2_VERSION,
2752 DTLS1_BAD_VER,
2753 DTLS1_2_VERSION,
2754 SSL_NOT_DEFAULT | SSL_HIGH,
2755 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2756 128,
2757 128,
2758 },
2759 {
2760 1,
2761 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2762 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2763 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2764 SSL_kECDHE,
2765 SSL_aECDSA,
2766 SSL_CAMELLIA128,
2767 SSL_SHA256,
2768 TLS1_2_VERSION,
2769 TLS1_2_VERSION,
2770 DTLS1_2_VERSION,
2771 DTLS1_2_VERSION,
2772 SSL_NOT_DEFAULT | SSL_HIGH,
2773 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2774 128,
2775 128,
2776 },
2777 {
2778 1,
2779 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2780 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2781 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2782 SSL_kECDHE,
2783 SSL_aECDSA,
2784 SSL_CAMELLIA256,
2785 SSL_SHA384,
2786 TLS1_2_VERSION,
2787 TLS1_2_VERSION,
2788 DTLS1_2_VERSION,
2789 DTLS1_2_VERSION,
2790 SSL_NOT_DEFAULT | SSL_HIGH,
2791 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2792 256,
2793 256,
2794 },
2795 {
2796 1,
2797 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2798 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2799 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2800 SSL_kECDHE,
2801 SSL_aRSA,
2802 SSL_CAMELLIA128,
2803 SSL_SHA256,
2804 TLS1_2_VERSION,
2805 TLS1_2_VERSION,
2806 DTLS1_2_VERSION,
2807 DTLS1_2_VERSION,
2808 SSL_NOT_DEFAULT | SSL_HIGH,
2809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2810 128,
2811 128,
2812 },
2813 {
2814 1,
2815 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2816 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2817 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2818 SSL_kECDHE,
2819 SSL_aRSA,
2820 SSL_CAMELLIA256,
2821 SSL_SHA384,
2822 TLS1_2_VERSION,
2823 TLS1_2_VERSION,
2824 DTLS1_2_VERSION,
2825 DTLS1_2_VERSION,
2826 SSL_NOT_DEFAULT | SSL_HIGH,
2827 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2828 256,
2829 256,
2830 },
2831 {
2832 1,
2833 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2834 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2835 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2836 SSL_kPSK,
2837 SSL_aPSK,
2838 SSL_CAMELLIA128,
2839 SSL_SHA256,
2840 TLS1_VERSION,
2841 TLS1_2_VERSION,
2842 DTLS1_BAD_VER,
2843 DTLS1_2_VERSION,
2844 SSL_NOT_DEFAULT | SSL_HIGH,
2845 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2846 128,
2847 128,
2848 },
2849 {
2850 1,
2851 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2852 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2853 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2854 SSL_kPSK,
2855 SSL_aPSK,
2856 SSL_CAMELLIA256,
2857 SSL_SHA384,
2858 TLS1_VERSION,
2859 TLS1_2_VERSION,
2860 DTLS1_BAD_VER,
2861 DTLS1_2_VERSION,
2862 SSL_NOT_DEFAULT | SSL_HIGH,
2863 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2864 256,
2865 256,
2866 },
2867 {
2868 1,
2869 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2870 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2871 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2872 SSL_kDHEPSK,
2873 SSL_aPSK,
2874 SSL_CAMELLIA128,
2875 SSL_SHA256,
2876 TLS1_VERSION,
2877 TLS1_2_VERSION,
2878 DTLS1_BAD_VER,
2879 DTLS1_2_VERSION,
2880 SSL_NOT_DEFAULT | SSL_HIGH,
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2882 128,
2883 128,
2884 },
2885 {
2886 1,
2887 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2888 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2889 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2890 SSL_kDHEPSK,
2891 SSL_aPSK,
2892 SSL_CAMELLIA256,
2893 SSL_SHA384,
2894 TLS1_VERSION,
2895 TLS1_2_VERSION,
2896 DTLS1_BAD_VER,
2897 DTLS1_2_VERSION,
2898 SSL_NOT_DEFAULT | SSL_HIGH,
2899 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2900 256,
2901 256,
2902 },
2903 {
2904 1,
2905 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2906 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2907 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2908 SSL_kRSAPSK,
2909 SSL_aRSA,
2910 SSL_CAMELLIA128,
2911 SSL_SHA256,
2912 TLS1_VERSION,
2913 TLS1_2_VERSION,
2914 DTLS1_BAD_VER,
2915 DTLS1_2_VERSION,
2916 SSL_NOT_DEFAULT | SSL_HIGH,
2917 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2918 128,
2919 128,
2920 },
2921 {
2922 1,
2923 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2924 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2925 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2926 SSL_kRSAPSK,
2927 SSL_aRSA,
2928 SSL_CAMELLIA256,
2929 SSL_SHA384,
2930 TLS1_VERSION,
2931 TLS1_2_VERSION,
2932 DTLS1_BAD_VER,
2933 DTLS1_2_VERSION,
2934 SSL_NOT_DEFAULT | SSL_HIGH,
2935 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2936 256,
2937 256,
2938 },
2939 {
2940 1,
2941 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2942 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2943 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2944 SSL_kECDHEPSK,
2945 SSL_aPSK,
2946 SSL_CAMELLIA128,
2947 SSL_SHA256,
2948 TLS1_VERSION,
2949 TLS1_2_VERSION,
2950 DTLS1_BAD_VER,
2951 DTLS1_2_VERSION,
2952 SSL_NOT_DEFAULT | SSL_HIGH,
2953 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2954 128,
2955 128,
2956 },
2957 {
2958 1,
2959 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2960 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2961 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2962 SSL_kECDHEPSK,
2963 SSL_aPSK,
2964 SSL_CAMELLIA256,
2965 SSL_SHA384,
2966 TLS1_VERSION,
2967 TLS1_2_VERSION,
2968 DTLS1_BAD_VER,
2969 DTLS1_2_VERSION,
2970 SSL_NOT_DEFAULT | SSL_HIGH,
2971 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2972 256,
2973 256,
2974 },
2975
2976 #ifndef OPENSSL_NO_GOST
2977 {
2978 1,
2979 "GOST2001-GOST89-GOST89",
2980 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2981 0x3000081,
2982 SSL_kGOST,
2983 SSL_aGOST01,
2984 SSL_eGOST2814789CNT,
2985 SSL_GOST89MAC,
2986 TLS1_VERSION,
2987 TLS1_2_VERSION,
2988 0,
2989 0,
2990 SSL_HIGH,
2991 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2992 256,
2993 256,
2994 },
2995 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2996 {
2997 1,
2998 "GOST2001-NULL-GOST94",
2999 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
3000 0x3000083,
3001 SSL_kGOST,
3002 SSL_aGOST01,
3003 SSL_eNULL,
3004 SSL_GOST94,
3005 TLS1_VERSION,
3006 TLS1_2_VERSION,
3007 0,
3008 0,
3009 SSL_STRONG_NONE,
3010 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
3011 0,
3012 0,
3013 },
3014 #endif
3015 {
3016 1,
3017 "IANA-GOST2012-GOST8912-GOST8912",
3018 NULL,
3019 0x0300c102,
3020 SSL_kGOST,
3021 SSL_aGOST12 | SSL_aGOST01,
3022 SSL_eGOST2814789CNT12,
3023 SSL_GOST89MAC12,
3024 TLS1_VERSION,
3025 TLS1_2_VERSION,
3026 0,
3027 0,
3028 SSL_HIGH,
3029 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3030 256,
3031 256,
3032 },
3033 {
3034 1,
3035 "LEGACY-GOST2012-GOST8912-GOST8912",
3036 NULL,
3037 0x0300ff85,
3038 SSL_kGOST,
3039 SSL_aGOST12 | SSL_aGOST01,
3040 SSL_eGOST2814789CNT12,
3041 SSL_GOST89MAC12,
3042 TLS1_VERSION,
3043 TLS1_2_VERSION,
3044 0,
3045 0,
3046 SSL_HIGH,
3047 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3048 256,
3049 256,
3050 },
3051 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
3052 {
3053 1,
3054 "GOST2012-NULL-GOST12",
3055 NULL,
3056 0x0300ff87,
3057 SSL_kGOST,
3058 SSL_aGOST12 | SSL_aGOST01,
3059 SSL_eNULL,
3060 SSL_GOST12_256,
3061 TLS1_VERSION,
3062 TLS1_2_VERSION,
3063 0,
3064 0,
3065 SSL_STRONG_NONE,
3066 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3067 0,
3068 0,
3069 },
3070 #endif
3071 {
3072 1,
3073 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
3074 NULL,
3075 0x0300C100,
3076 SSL_kGOST18,
3077 SSL_aGOST12,
3078 SSL_KUZNYECHIK,
3079 SSL_KUZNYECHIKOMAC,
3080 TLS1_2_VERSION,
3081 TLS1_2_VERSION,
3082 0,
3083 0,
3084 SSL_HIGH,
3085 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
3086 256,
3087 256,
3088 },
3089 {
3090 1,
3091 "GOST2012-MAGMA-MAGMAOMAC",
3092 NULL,
3093 0x0300C101,
3094 SSL_kGOST18,
3095 SSL_aGOST12,
3096 SSL_MAGMA,
3097 SSL_MAGMAOMAC,
3098 TLS1_2_VERSION,
3099 TLS1_2_VERSION,
3100 0,
3101 0,
3102 SSL_HIGH,
3103 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
3104 256,
3105 256,
3106 },
3107 #endif /* OPENSSL_NO_GOST */
3108
3109 {
3110 1,
3111 SSL3_TXT_RSA_IDEA_128_SHA,
3112 SSL3_RFC_RSA_IDEA_128_SHA,
3113 SSL3_CK_RSA_IDEA_128_SHA,
3114 SSL_kRSA,
3115 SSL_aRSA,
3116 SSL_IDEA,
3117 SSL_SHA1,
3118 SSL3_VERSION,
3119 TLS1_1_VERSION,
3120 DTLS1_BAD_VER,
3121 DTLS1_VERSION,
3122 SSL_NOT_DEFAULT | SSL_MEDIUM,
3123 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3124 128,
3125 128,
3126 },
3127
3128 {
3129 1,
3130 TLS1_TXT_RSA_WITH_SEED_SHA,
3131 TLS1_RFC_RSA_WITH_SEED_SHA,
3132 TLS1_CK_RSA_WITH_SEED_SHA,
3133 SSL_kRSA,
3134 SSL_aRSA,
3135 SSL_SEED,
3136 SSL_SHA1,
3137 SSL3_VERSION,
3138 TLS1_2_VERSION,
3139 DTLS1_BAD_VER,
3140 DTLS1_2_VERSION,
3141 SSL_NOT_DEFAULT | SSL_MEDIUM,
3142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3143 128,
3144 128,
3145 },
3146 {
3147 1,
3148 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
3149 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
3150 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
3151 SSL_kDHE,
3152 SSL_aDSS,
3153 SSL_SEED,
3154 SSL_SHA1,
3155 SSL3_VERSION,
3156 TLS1_2_VERSION,
3157 DTLS1_BAD_VER,
3158 DTLS1_2_VERSION,
3159 SSL_NOT_DEFAULT | SSL_MEDIUM,
3160 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3161 128,
3162 128,
3163 },
3164 {
3165 1,
3166 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
3167 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
3168 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
3169 SSL_kDHE,
3170 SSL_aRSA,
3171 SSL_SEED,
3172 SSL_SHA1,
3173 SSL3_VERSION,
3174 TLS1_2_VERSION,
3175 DTLS1_BAD_VER,
3176 DTLS1_2_VERSION,
3177 SSL_NOT_DEFAULT | SSL_MEDIUM,
3178 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3179 128,
3180 128,
3181 },
3182 {
3183 1,
3184 TLS1_TXT_ADH_WITH_SEED_SHA,
3185 TLS1_RFC_ADH_WITH_SEED_SHA,
3186 TLS1_CK_ADH_WITH_SEED_SHA,
3187 SSL_kDHE,
3188 SSL_aNULL,
3189 SSL_SEED,
3190 SSL_SHA1,
3191 SSL3_VERSION,
3192 TLS1_2_VERSION,
3193 DTLS1_BAD_VER,
3194 DTLS1_2_VERSION,
3195 SSL_NOT_DEFAULT | SSL_MEDIUM,
3196 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3197 128,
3198 128,
3199 },
3200
3201 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
3202 {
3203 1,
3204 SSL3_TXT_RSA_RC4_128_MD5,
3205 SSL3_RFC_RSA_RC4_128_MD5,
3206 SSL3_CK_RSA_RC4_128_MD5,
3207 SSL_kRSA,
3208 SSL_aRSA,
3209 SSL_RC4,
3210 SSL_MD5,
3211 SSL3_VERSION,
3212 TLS1_2_VERSION,
3213 0,
3214 0,
3215 SSL_NOT_DEFAULT | SSL_MEDIUM,
3216 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3217 80,
3218 128,
3219 },
3220 {
3221 1,
3222 SSL3_TXT_RSA_RC4_128_SHA,
3223 SSL3_RFC_RSA_RC4_128_SHA,
3224 SSL3_CK_RSA_RC4_128_SHA,
3225 SSL_kRSA,
3226 SSL_aRSA,
3227 SSL_RC4,
3228 SSL_SHA1,
3229 SSL3_VERSION,
3230 TLS1_2_VERSION,
3231 0,
3232 0,
3233 SSL_NOT_DEFAULT | SSL_MEDIUM,
3234 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3235 80,
3236 128,
3237 },
3238 {
3239 1,
3240 SSL3_TXT_ADH_RC4_128_MD5,
3241 SSL3_RFC_ADH_RC4_128_MD5,
3242 SSL3_CK_ADH_RC4_128_MD5,
3243 SSL_kDHE,
3244 SSL_aNULL,
3245 SSL_RC4,
3246 SSL_MD5,
3247 SSL3_VERSION,
3248 TLS1_2_VERSION,
3249 0,
3250 0,
3251 SSL_NOT_DEFAULT | SSL_MEDIUM,
3252 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3253 80,
3254 128,
3255 },
3256 {
3257 1,
3258 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
3259 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
3260 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
3261 SSL_kECDHEPSK,
3262 SSL_aPSK,
3263 SSL_RC4,
3264 SSL_SHA1,
3265 TLS1_VERSION,
3266 TLS1_2_VERSION,
3267 0,
3268 0,
3269 SSL_NOT_DEFAULT | SSL_MEDIUM,
3270 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3271 80,
3272 128,
3273 },
3274 {
3275 1,
3276 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
3277 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
3278 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
3279 SSL_kECDHE,
3280 SSL_aNULL,
3281 SSL_RC4,
3282 SSL_SHA1,
3283 TLS1_VERSION,
3284 TLS1_2_VERSION,
3285 0,
3286 0,
3287 SSL_NOT_DEFAULT | SSL_MEDIUM,
3288 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3289 80,
3290 128,
3291 },
3292 {
3293 1,
3294 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
3295 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
3296 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
3297 SSL_kECDHE,
3298 SSL_aECDSA,
3299 SSL_RC4,
3300 SSL_SHA1,
3301 TLS1_VERSION,
3302 TLS1_2_VERSION,
3303 0,
3304 0,
3305 SSL_NOT_DEFAULT | SSL_MEDIUM,
3306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3307 80,
3308 128,
3309 },
3310 {
3311 1,
3312 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
3313 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
3314 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
3315 SSL_kECDHE,
3316 SSL_aRSA,
3317 SSL_RC4,
3318 SSL_SHA1,
3319 TLS1_VERSION,
3320 TLS1_2_VERSION,
3321 0,
3322 0,
3323 SSL_NOT_DEFAULT | SSL_MEDIUM,
3324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3325 80,
3326 128,
3327 },
3328 {
3329 1,
3330 TLS1_TXT_PSK_WITH_RC4_128_SHA,
3331 TLS1_RFC_PSK_WITH_RC4_128_SHA,
3332 TLS1_CK_PSK_WITH_RC4_128_SHA,
3333 SSL_kPSK,
3334 SSL_aPSK,
3335 SSL_RC4,
3336 SSL_SHA1,
3337 SSL3_VERSION,
3338 TLS1_2_VERSION,
3339 0,
3340 0,
3341 SSL_NOT_DEFAULT | SSL_MEDIUM,
3342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3343 80,
3344 128,
3345 },
3346 {
3347 1,
3348 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
3349 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
3350 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
3351 SSL_kRSAPSK,
3352 SSL_aRSA,
3353 SSL_RC4,
3354 SSL_SHA1,
3355 SSL3_VERSION,
3356 TLS1_2_VERSION,
3357 0,
3358 0,
3359 SSL_NOT_DEFAULT | SSL_MEDIUM,
3360 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3361 80,
3362 128,
3363 },
3364 {
3365 1,
3366 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3367 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3368 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3369 SSL_kDHEPSK,
3370 SSL_aPSK,
3371 SSL_RC4,
3372 SSL_SHA1,
3373 SSL3_VERSION,
3374 TLS1_2_VERSION,
3375 0,
3376 0,
3377 SSL_NOT_DEFAULT | SSL_MEDIUM,
3378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3379 80,
3380 128,
3381 },
3382 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3383
3384 {
3385 1,
3386 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3387 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3388 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3389 SSL_kRSA,
3390 SSL_aRSA,
3391 SSL_ARIA128GCM,
3392 SSL_AEAD,
3393 TLS1_2_VERSION,
3394 TLS1_2_VERSION,
3395 DTLS1_2_VERSION,
3396 DTLS1_2_VERSION,
3397 SSL_NOT_DEFAULT | SSL_HIGH,
3398 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3399 128,
3400 128,
3401 },
3402 {
3403 1,
3404 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3405 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3406 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3407 SSL_kRSA,
3408 SSL_aRSA,
3409 SSL_ARIA256GCM,
3410 SSL_AEAD,
3411 TLS1_2_VERSION,
3412 TLS1_2_VERSION,
3413 DTLS1_2_VERSION,
3414 DTLS1_2_VERSION,
3415 SSL_NOT_DEFAULT | SSL_HIGH,
3416 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3417 256,
3418 256,
3419 },
3420 {
3421 1,
3422 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3423 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3424 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3425 SSL_kDHE,
3426 SSL_aRSA,
3427 SSL_ARIA128GCM,
3428 SSL_AEAD,
3429 TLS1_2_VERSION,
3430 TLS1_2_VERSION,
3431 DTLS1_2_VERSION,
3432 DTLS1_2_VERSION,
3433 SSL_NOT_DEFAULT | SSL_HIGH,
3434 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3435 128,
3436 128,
3437 },
3438 {
3439 1,
3440 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3441 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3442 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3443 SSL_kDHE,
3444 SSL_aRSA,
3445 SSL_ARIA256GCM,
3446 SSL_AEAD,
3447 TLS1_2_VERSION,
3448 TLS1_2_VERSION,
3449 DTLS1_2_VERSION,
3450 DTLS1_2_VERSION,
3451 SSL_NOT_DEFAULT | SSL_HIGH,
3452 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3453 256,
3454 256,
3455 },
3456 {
3457 1,
3458 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3459 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3460 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3461 SSL_kDHE,
3462 SSL_aDSS,
3463 SSL_ARIA128GCM,
3464 SSL_AEAD,
3465 TLS1_2_VERSION,
3466 TLS1_2_VERSION,
3467 DTLS1_2_VERSION,
3468 DTLS1_2_VERSION,
3469 SSL_NOT_DEFAULT | SSL_HIGH,
3470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3471 128,
3472 128,
3473 },
3474 {
3475 1,
3476 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3477 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3478 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3479 SSL_kDHE,
3480 SSL_aDSS,
3481 SSL_ARIA256GCM,
3482 SSL_AEAD,
3483 TLS1_2_VERSION,
3484 TLS1_2_VERSION,
3485 DTLS1_2_VERSION,
3486 DTLS1_2_VERSION,
3487 SSL_NOT_DEFAULT | SSL_HIGH,
3488 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3489 256,
3490 256,
3491 },
3492 {
3493 1,
3494 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3495 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3496 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3497 SSL_kECDHE,
3498 SSL_aECDSA,
3499 SSL_ARIA128GCM,
3500 SSL_AEAD,
3501 TLS1_2_VERSION,
3502 TLS1_2_VERSION,
3503 DTLS1_2_VERSION,
3504 DTLS1_2_VERSION,
3505 SSL_NOT_DEFAULT | SSL_HIGH,
3506 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3507 128,
3508 128,
3509 },
3510 {
3511 1,
3512 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3513 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3514 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3515 SSL_kECDHE,
3516 SSL_aECDSA,
3517 SSL_ARIA256GCM,
3518 SSL_AEAD,
3519 TLS1_2_VERSION,
3520 TLS1_2_VERSION,
3521 DTLS1_2_VERSION,
3522 DTLS1_2_VERSION,
3523 SSL_NOT_DEFAULT | SSL_HIGH,
3524 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3525 256,
3526 256,
3527 },
3528 {
3529 1,
3530 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3531 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3532 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3533 SSL_kECDHE,
3534 SSL_aRSA,
3535 SSL_ARIA128GCM,
3536 SSL_AEAD,
3537 TLS1_2_VERSION,
3538 TLS1_2_VERSION,
3539 DTLS1_2_VERSION,
3540 DTLS1_2_VERSION,
3541 SSL_NOT_DEFAULT | SSL_HIGH,
3542 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3543 128,
3544 128,
3545 },
3546 {
3547 1,
3548 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3549 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3550 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3551 SSL_kECDHE,
3552 SSL_aRSA,
3553 SSL_ARIA256GCM,
3554 SSL_AEAD,
3555 TLS1_2_VERSION,
3556 TLS1_2_VERSION,
3557 DTLS1_2_VERSION,
3558 DTLS1_2_VERSION,
3559 SSL_NOT_DEFAULT | SSL_HIGH,
3560 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3561 256,
3562 256,
3563 },
3564 {
3565 1,
3566 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3567 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3568 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3569 SSL_kPSK,
3570 SSL_aPSK,
3571 SSL_ARIA128GCM,
3572 SSL_AEAD,
3573 TLS1_2_VERSION,
3574 TLS1_2_VERSION,
3575 DTLS1_2_VERSION,
3576 DTLS1_2_VERSION,
3577 SSL_NOT_DEFAULT | SSL_HIGH,
3578 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3579 128,
3580 128,
3581 },
3582 {
3583 1,
3584 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3585 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3586 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3587 SSL_kPSK,
3588 SSL_aPSK,
3589 SSL_ARIA256GCM,
3590 SSL_AEAD,
3591 TLS1_2_VERSION,
3592 TLS1_2_VERSION,
3593 DTLS1_2_VERSION,
3594 DTLS1_2_VERSION,
3595 SSL_NOT_DEFAULT | SSL_HIGH,
3596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3597 256,
3598 256,
3599 },
3600 {
3601 1,
3602 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3603 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3604 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3605 SSL_kDHEPSK,
3606 SSL_aPSK,
3607 SSL_ARIA128GCM,
3608 SSL_AEAD,
3609 TLS1_2_VERSION,
3610 TLS1_2_VERSION,
3611 DTLS1_2_VERSION,
3612 DTLS1_2_VERSION,
3613 SSL_NOT_DEFAULT | SSL_HIGH,
3614 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3615 128,
3616 128,
3617 },
3618 {
3619 1,
3620 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3621 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3622 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3623 SSL_kDHEPSK,
3624 SSL_aPSK,
3625 SSL_ARIA256GCM,
3626 SSL_AEAD,
3627 TLS1_2_VERSION,
3628 TLS1_2_VERSION,
3629 DTLS1_2_VERSION,
3630 DTLS1_2_VERSION,
3631 SSL_NOT_DEFAULT | SSL_HIGH,
3632 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3633 256,
3634 256,
3635 },
3636 {
3637 1,
3638 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3639 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3640 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3641 SSL_kRSAPSK,
3642 SSL_aRSA,
3643 SSL_ARIA128GCM,
3644 SSL_AEAD,
3645 TLS1_2_VERSION,
3646 TLS1_2_VERSION,
3647 DTLS1_2_VERSION,
3648 DTLS1_2_VERSION,
3649 SSL_NOT_DEFAULT | SSL_HIGH,
3650 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3651 128,
3652 128,
3653 },
3654 {
3655 1,
3656 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3657 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3658 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3659 SSL_kRSAPSK,
3660 SSL_aRSA,
3661 SSL_ARIA256GCM,
3662 SSL_AEAD,
3663 TLS1_2_VERSION,
3664 TLS1_2_VERSION,
3665 DTLS1_2_VERSION,
3666 DTLS1_2_VERSION,
3667 SSL_NOT_DEFAULT | SSL_HIGH,
3668 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3669 256,
3670 256,
3671 },
3672 };
3673
3674 /*
3675 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3676 * values stuffed into the ciphers field of the wire protocol for signalling
3677 * purposes.
3678 */
3679 static SSL_CIPHER ssl3_scsvs[] = {
3680 {
3681 0,
3682 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3683 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3684 SSL3_CK_SCSV,
3685 0,
3686 0,
3687 0,
3688 0,
3689 0,
3690 0,
3691 0,
3692 0,
3693 0,
3694 0,
3695 0,
3696 0,
3697 },
3698 {
3699 0,
3700 "TLS_FALLBACK_SCSV",
3701 "TLS_FALLBACK_SCSV",
3702 SSL3_CK_FALLBACK_SCSV,
3703 0,
3704 0,
3705 0,
3706 0,
3707 0,
3708 0,
3709 0,
3710 0,
3711 0,
3712 0,
3713 0,
3714 0,
3715 },
3716 };
3717
cipher_compare(const void * a,const void * b)3718 static int cipher_compare(const void *a, const void *b)
3719 {
3720 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3721 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3722
3723 if (ap->id == bp->id)
3724 return 0;
3725 return ap->id < bp->id ? -1 : 1;
3726 }
3727
ssl_sort_cipher_list(void)3728 void ssl_sort_cipher_list(void)
3729 {
3730 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3731 cipher_compare);
3732 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3733 cipher_compare);
3734 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3735 }
3736
sslcon_undefined_function_1(SSL_CONNECTION * sc,unsigned char * r,size_t s,const char * t,size_t u,const unsigned char * v,size_t w,int x)3737 static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3738 size_t s, const char *t, size_t u,
3739 const unsigned char *v, size_t w, int x)
3740 {
3741 (void)r;
3742 (void)s;
3743 (void)t;
3744 (void)u;
3745 (void)v;
3746 (void)w;
3747 (void)x;
3748 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3749 }
3750
3751 const SSL3_ENC_METHOD SSLv3_enc_data = {
3752 ssl3_setup_key_block,
3753 ssl3_generate_master_secret,
3754 ssl3_change_cipher_state,
3755 ssl3_final_finish_mac,
3756 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3757 SSL3_MD_SERVER_FINISHED_CONST, 4,
3758 ssl3_alert_code,
3759 sslcon_undefined_function_1,
3760 0,
3761 ssl3_set_handshake_header,
3762 tls_close_construct_packet,
3763 ssl3_handshake_write
3764 };
3765
ssl3_default_timeout(void)3766 OSSL_TIME ssl3_default_timeout(void)
3767 {
3768 /*
3769 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3770 * http, the cache would over fill
3771 */
3772 return ossl_seconds2time(60 * 60 * 2);
3773 }
3774
ssl3_num_ciphers(void)3775 int ssl3_num_ciphers(void)
3776 {
3777 return SSL3_NUM_CIPHERS;
3778 }
3779
ssl3_get_cipher(unsigned int u)3780 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3781 {
3782 if (u < SSL3_NUM_CIPHERS)
3783 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3784 else
3785 return NULL;
3786 }
3787
ssl3_set_handshake_header(SSL_CONNECTION * s,WPACKET * pkt,int htype)3788 int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3789 {
3790 /* No header in the event of a CCS */
3791 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3792 return 1;
3793
3794 /* Set the content type and 3 bytes for the message len */
3795 if (!WPACKET_put_bytes_u8(pkt, htype)
3796 || !WPACKET_start_sub_packet_u24(pkt))
3797 return 0;
3798
3799 return 1;
3800 }
3801
ssl3_handshake_write(SSL_CONNECTION * s)3802 int ssl3_handshake_write(SSL_CONNECTION *s)
3803 {
3804 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3805 }
3806
ssl3_new(SSL * s)3807 int ssl3_new(SSL *s)
3808 {
3809 #ifndef OPENSSL_NO_SRP
3810 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3811
3812 if (sc == NULL)
3813 return 0;
3814
3815 if (!ssl_srp_ctx_init_intern(sc))
3816 return 0;
3817 #endif
3818
3819 if (!s->method->ssl_clear(s))
3820 return 0;
3821
3822 return 1;
3823 }
3824
ssl3_free(SSL * s)3825 void ssl3_free(SSL *s)
3826 {
3827 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3828 size_t i;
3829
3830 if (sc == NULL)
3831 return;
3832
3833 ssl3_cleanup_key_block(sc);
3834
3835 EVP_PKEY_free(sc->s3.peer_tmp);
3836 sc->s3.peer_tmp = NULL;
3837
3838 for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3839 if (sc->s3.tmp.ks_pkey[i] != NULL) {
3840 if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3841 sc->s3.tmp.pkey = NULL;
3842
3843 EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3844 sc->s3.tmp.ks_pkey[i] = NULL;
3845 }
3846 sc->s3.tmp.num_ks_pkey = 0;
3847
3848 if (sc->s3.tmp.pkey != NULL) {
3849 EVP_PKEY_free(sc->s3.tmp.pkey);
3850 sc->s3.tmp.pkey = NULL;
3851 }
3852
3853 ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3854 ssl_evp_md_free(sc->s3.tmp.new_hash);
3855
3856 OPENSSL_free(sc->s3.tmp.ctype);
3857 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3858 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3859 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3860 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3861 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3862 OPENSSL_free(sc->s3.tmp.valid_flags);
3863 ssl3_free_digest_list(sc);
3864 OPENSSL_free(sc->s3.alpn_selected);
3865 OPENSSL_free(sc->s3.alpn_proposed);
3866 ossl_quic_tls_free(sc->qtls);
3867
3868 #ifndef OPENSSL_NO_PSK
3869 OPENSSL_free(sc->s3.tmp.psk);
3870 #endif
3871
3872 #ifndef OPENSSL_NO_SRP
3873 ssl_srp_ctx_free_intern(sc);
3874 #endif
3875 memset(&sc->s3, 0, sizeof(sc->s3));
3876 }
3877
ssl3_clear(SSL * s)3878 int ssl3_clear(SSL *s)
3879 {
3880 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3881 int flags;
3882 size_t i;
3883
3884 if (sc == NULL)
3885 return 0;
3886
3887 ssl3_cleanup_key_block(sc);
3888 OPENSSL_free(sc->s3.tmp.ctype);
3889 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3890 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3891 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3892 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3893 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3894 OPENSSL_free(sc->s3.tmp.valid_flags);
3895
3896 EVP_PKEY_free(sc->s3.peer_tmp);
3897
3898 for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3899 if (sc->s3.tmp.ks_pkey[i] != NULL) {
3900 if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3901 sc->s3.tmp.pkey = NULL;
3902
3903 EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3904 sc->s3.tmp.ks_pkey[i] = NULL;
3905 }
3906 sc->s3.tmp.num_ks_pkey = 0;
3907
3908 if (sc->s3.tmp.pkey != NULL) {
3909 EVP_PKEY_free(sc->s3.tmp.pkey);
3910 sc->s3.tmp.pkey = NULL;
3911 }
3912
3913 ssl3_free_digest_list(sc);
3914
3915 OPENSSL_free(sc->s3.alpn_selected);
3916 OPENSSL_free(sc->s3.alpn_proposed);
3917
3918 /*
3919 * NULL/zero-out everything in the s3 struct, but remember if we are doing
3920 * QUIC.
3921 */
3922 flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3923 memset(&sc->s3, 0, sizeof(sc->s3));
3924 sc->s3.flags |= flags;
3925
3926 if (!ssl_free_wbio_buffer(sc))
3927 return 0;
3928
3929 sc->version = SSL3_VERSION;
3930
3931 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3932 OPENSSL_free(sc->ext.npn);
3933 sc->ext.npn = NULL;
3934 sc->ext.npn_len = 0;
3935 #endif
3936
3937 return 1;
3938 }
3939
3940 #ifndef OPENSSL_NO_SRP
srp_password_from_info_cb(SSL * s,void * arg)3941 static char *srp_password_from_info_cb(SSL *s, void *arg)
3942 {
3943 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3944
3945 if (sc == NULL)
3946 return NULL;
3947
3948 return OPENSSL_strdup(sc->srp_ctx.info);
3949 }
3950 #endif
3951
3952 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3953
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)3954 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3955 {
3956 int ret = 0;
3957 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3958
3959 if (sc == NULL)
3960 return ret;
3961
3962 switch (cmd) {
3963 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3964 break;
3965 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3966 ret = sc->s3.num_renegotiations;
3967 break;
3968 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3969 ret = sc->s3.num_renegotiations;
3970 sc->s3.num_renegotiations = 0;
3971 break;
3972 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3973 ret = sc->s3.total_renegotiations;
3974 break;
3975 case SSL_CTRL_GET_FLAGS:
3976 ret = (int)(sc->s3.flags);
3977 break;
3978 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3979 case SSL_CTRL_SET_TMP_DH: {
3980 EVP_PKEY *pkdh = NULL;
3981 if (parg == NULL) {
3982 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3983 return 0;
3984 }
3985 pkdh = ssl_dh_to_pkey(parg);
3986 if (pkdh == NULL) {
3987 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3988 return 0;
3989 }
3990 if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3991 EVP_PKEY_free(pkdh);
3992 return 0;
3993 }
3994 return 1;
3995 } break;
3996 case SSL_CTRL_SET_TMP_DH_CB: {
3997 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3998 return ret;
3999 }
4000 #endif
4001 case SSL_CTRL_SET_DH_AUTO:
4002 sc->cert->dh_tmp_auto = larg;
4003 return 1;
4004 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4005 case SSL_CTRL_SET_TMP_ECDH: {
4006 if (parg == NULL) {
4007 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4008 return 0;
4009 }
4010 return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
4011 &sc->ext.supportedgroups_len,
4012 &sc->ext.keyshares,
4013 &sc->ext.keyshares_len,
4014 &sc->ext.tuples,
4015 &sc->ext.tuples_len,
4016 parg);
4017 }
4018 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4019 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
4020 /*
4021 * This API is only used for a client to set what SNI it will request
4022 * from the server, but we currently allow it to be used on servers
4023 * as well, which is a programming error. Currently we just clear
4024 * the field in SSL_do_handshake() for server SSLs, but when we can
4025 * make ABI-breaking changes, we may want to make use of this API
4026 * an error on server SSLs.
4027 */
4028 if (larg == TLSEXT_NAMETYPE_host_name) {
4029 size_t len;
4030
4031 OPENSSL_free(sc->ext.hostname);
4032 sc->ext.hostname = NULL;
4033
4034 ret = 1;
4035 if (parg == NULL)
4036 break;
4037 len = strlen((char *)parg);
4038 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
4039 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
4040 return 0;
4041 }
4042 if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
4043 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4044 return 0;
4045 }
4046 } else {
4047 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
4048 return 0;
4049 }
4050 break;
4051 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
4052 sc->ext.debug_arg = parg;
4053 ret = 1;
4054 break;
4055
4056 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4057 ret = sc->ext.status_type;
4058 break;
4059
4060 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4061 sc->ext.status_type = larg;
4062 ret = 1;
4063 break;
4064
4065 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
4066 *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
4067 ret = 1;
4068 break;
4069
4070 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
4071 sc->ext.ocsp.exts = parg;
4072 ret = 1;
4073 break;
4074
4075 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
4076 *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
4077 ret = 1;
4078 break;
4079
4080 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
4081 sc->ext.ocsp.ids = parg;
4082 ret = 1;
4083 break;
4084
4085 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
4086 *(unsigned char **)parg = sc->ext.ocsp.resp;
4087 if (sc->ext.ocsp.resp_len == 0
4088 || sc->ext.ocsp.resp_len > LONG_MAX)
4089 return -1;
4090 return (long)sc->ext.ocsp.resp_len;
4091
4092 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
4093 OPENSSL_free(sc->ext.ocsp.resp);
4094 sc->ext.ocsp.resp = parg;
4095 sc->ext.ocsp.resp_len = larg;
4096 ret = 1;
4097 break;
4098
4099 case SSL_CTRL_CHAIN:
4100 if (larg)
4101 return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
4102 else
4103 return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
4104
4105 case SSL_CTRL_CHAIN_CERT:
4106 if (larg)
4107 return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
4108 else
4109 return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
4110
4111 case SSL_CTRL_GET_CHAIN_CERTS:
4112 *(STACK_OF(X509) **)parg = sc->cert->key->chain;
4113 ret = 1;
4114 break;
4115
4116 case SSL_CTRL_SELECT_CURRENT_CERT:
4117 return ssl_cert_select_current(sc->cert, (X509 *)parg);
4118
4119 case SSL_CTRL_SET_CURRENT_CERT:
4120 if (larg == SSL_CERT_SET_SERVER) {
4121 const SSL_CIPHER *cipher;
4122 if (!sc->server)
4123 return 0;
4124 cipher = sc->s3.tmp.new_cipher;
4125 if (cipher == NULL)
4126 return 0;
4127 /*
4128 * No certificate for unauthenticated ciphersuites or using SRP
4129 * authentication
4130 */
4131 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
4132 return 2;
4133 if (sc->s3.tmp.cert == NULL)
4134 return 0;
4135 sc->cert->key = sc->s3.tmp.cert;
4136 return 1;
4137 }
4138 return ssl_cert_set_current(sc->cert, larg);
4139
4140 case SSL_CTRL_GET_GROUPS: {
4141 uint16_t *clist;
4142 size_t clistlen;
4143
4144 if (!sc->session)
4145 return 0;
4146 clist = sc->ext.peer_supportedgroups;
4147 clistlen = sc->ext.peer_supportedgroups_len;
4148 if (parg) {
4149 size_t i;
4150 int *cptr = parg;
4151
4152 for (i = 0; i < clistlen; i++) {
4153 const TLS_GROUP_INFO *cinf
4154 = tls1_group_id_lookup(s->ctx, clist[i]);
4155
4156 if (cinf != NULL)
4157 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
4158 else
4159 cptr[i] = TLSEXT_nid_unknown | clist[i];
4160 }
4161 }
4162 return (int)clistlen;
4163 }
4164
4165 case SSL_CTRL_SET_GROUPS:
4166 return tls1_set_groups(&sc->ext.supportedgroups,
4167 &sc->ext.supportedgroups_len,
4168 &sc->ext.keyshares,
4169 &sc->ext.keyshares_len,
4170 &sc->ext.tuples,
4171 &sc->ext.tuples_len,
4172 parg, larg);
4173
4174 case SSL_CTRL_SET_GROUPS_LIST:
4175 return tls1_set_groups_list(s->ctx,
4176 &sc->ext.supportedgroups,
4177 &sc->ext.supportedgroups_len,
4178 &sc->ext.keyshares,
4179 &sc->ext.keyshares_len,
4180 &sc->ext.tuples,
4181 &sc->ext.tuples_len,
4182 parg);
4183
4184 case SSL_CTRL_GET_SHARED_GROUP: {
4185 uint16_t id = tls1_shared_group(sc, larg);
4186
4187 if (larg != -1)
4188 return tls1_group_id2nid(id, 1);
4189 return id;
4190 }
4191 case SSL_CTRL_GET_NEGOTIATED_GROUP: {
4192 unsigned int id;
4193
4194 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
4195 id = sc->s3.group_id;
4196 else
4197 id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
4198 ret = tls1_group_id2nid(id, 1);
4199 break;
4200 }
4201 case SSL_CTRL_SET_SIGALGS:
4202 return tls1_set_sigalgs(sc->cert, parg, larg, 0);
4203
4204 case SSL_CTRL_SET_SIGALGS_LIST:
4205 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
4206
4207 case SSL_CTRL_SET_CLIENT_SIGALGS:
4208 return tls1_set_sigalgs(sc->cert, parg, larg, 1);
4209
4210 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4211 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
4212
4213 case SSL_CTRL_GET_CLIENT_CERT_TYPES: {
4214 const unsigned char **pctype = parg;
4215 if (sc->server || !sc->s3.tmp.cert_req)
4216 return 0;
4217 if (pctype)
4218 *pctype = sc->s3.tmp.ctype;
4219 return sc->s3.tmp.ctype_len;
4220 }
4221
4222 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4223 if (!sc->server)
4224 return 0;
4225 return ssl3_set_req_cert_type(sc->cert, parg, larg);
4226
4227 case SSL_CTRL_BUILD_CERT_CHAIN:
4228 return ssl_build_cert_chain(sc, NULL, larg);
4229
4230 case SSL_CTRL_SET_VERIFY_CERT_STORE:
4231 return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
4232
4233 case SSL_CTRL_SET_CHAIN_CERT_STORE:
4234 return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
4235
4236 case SSL_CTRL_GET_VERIFY_CERT_STORE:
4237 return ssl_cert_get_cert_store(sc->cert, parg, 0);
4238
4239 case SSL_CTRL_GET_CHAIN_CERT_STORE:
4240 return ssl_cert_get_cert_store(sc->cert, parg, 1);
4241
4242 case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
4243 if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
4244 return 0;
4245 *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
4246 return 1;
4247
4248 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
4249 if (sc->s3.tmp.peer_sigalg == NULL)
4250 return 0;
4251 *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
4252 return 1;
4253
4254 case SSL_CTRL_GET_SIGNATURE_NAME:
4255 if (parg == NULL || sc->s3.tmp.sigalg == NULL)
4256 return 0;
4257 *(const char **)parg = sc->s3.tmp.sigalg->name;
4258 return 1;
4259
4260 case SSL_CTRL_GET_SIGNATURE_NID:
4261 if (sc->s3.tmp.sigalg == NULL)
4262 return 0;
4263 *(int *)parg = sc->s3.tmp.sigalg->hash;
4264 return 1;
4265
4266 case SSL_CTRL_GET_PEER_TMP_KEY:
4267 if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
4268 return 0;
4269 } else {
4270 if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
4271 return 0;
4272
4273 *(EVP_PKEY **)parg = sc->s3.peer_tmp;
4274 return 1;
4275 }
4276
4277 case SSL_CTRL_GET_TMP_KEY:
4278 if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
4279 return 0;
4280 } else {
4281 if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
4282 return 0;
4283
4284 *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
4285 return 1;
4286 }
4287
4288 case SSL_CTRL_GET_EC_POINT_FORMATS: {
4289 const unsigned char **pformat = parg;
4290
4291 if (sc->ext.peer_ecpointformats == NULL)
4292 return 0;
4293 *pformat = sc->ext.peer_ecpointformats;
4294 return (int)sc->ext.peer_ecpointformats_len;
4295 }
4296
4297 case SSL_CTRL_GET_IANA_GROUPS: {
4298 if (parg != NULL) {
4299 *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
4300 }
4301 return (int)sc->ext.peer_supportedgroups_len;
4302 }
4303
4304 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
4305 sc->msg_callback_arg = parg;
4306 return 1;
4307
4308 default:
4309 break;
4310 }
4311 return ret;
4312 }
4313
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))4314 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
4315 {
4316 int ret = 0;
4317 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4318
4319 if (sc == NULL)
4320 return ret;
4321
4322 switch (cmd) {
4323 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4324 case SSL_CTRL_SET_TMP_DH_CB:
4325 sc->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
4326 ret = 1;
4327 break;
4328 #endif
4329 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
4330 sc->ext.debug_cb = (void (*)(SSL *, int, int,
4331 const unsigned char *, int, void *))fp;
4332 ret = 1;
4333 break;
4334
4335 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4336 sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4337 ret = 1;
4338 break;
4339
4340 case SSL_CTRL_SET_MSG_CALLBACK:
4341 sc->msg_callback = (ossl_msg_cb)fp;
4342 return 1;
4343 default:
4344 break;
4345 }
4346 return ret;
4347 }
4348
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)4349 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
4350 {
4351 switch (cmd) {
4352 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4353 case SSL_CTRL_SET_TMP_DH: {
4354 EVP_PKEY *pkdh = NULL;
4355 if (parg == NULL) {
4356 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4357 return 0;
4358 }
4359 pkdh = ssl_dh_to_pkey(parg);
4360 if (pkdh == NULL) {
4361 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
4362 return 0;
4363 }
4364 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
4365 EVP_PKEY_free(pkdh);
4366 return 0;
4367 }
4368 return 1;
4369 }
4370 case SSL_CTRL_SET_TMP_DH_CB: {
4371 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
4372 return 0;
4373 }
4374 #endif
4375 case SSL_CTRL_SET_DH_AUTO:
4376 ctx->cert->dh_tmp_auto = larg;
4377 return 1;
4378 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4379 case SSL_CTRL_SET_TMP_ECDH: {
4380 if (parg == NULL) {
4381 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4382 return 0;
4383 }
4384 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
4385 &ctx->ext.supportedgroups_len,
4386 &ctx->ext.keyshares,
4387 &ctx->ext.keyshares_len,
4388 &ctx->ext.tuples,
4389 &ctx->ext.tuples_len,
4390 parg);
4391 }
4392 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4393 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
4394 ctx->ext.servername_arg = parg;
4395 break;
4396 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
4397 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {
4398 unsigned char *keys = parg;
4399 long tick_keylen = (sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key) + sizeof(ctx->ext.secure->tick_aes_key));
4400 if (keys == NULL)
4401 return tick_keylen;
4402 if (larg != tick_keylen) {
4403 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
4404 return 0;
4405 }
4406 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4407 memcpy(ctx->ext.tick_key_name, keys,
4408 sizeof(ctx->ext.tick_key_name));
4409 memcpy(ctx->ext.secure->tick_hmac_key,
4410 keys + sizeof(ctx->ext.tick_key_name),
4411 sizeof(ctx->ext.secure->tick_hmac_key));
4412 memcpy(ctx->ext.secure->tick_aes_key,
4413 keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key),
4414 sizeof(ctx->ext.secure->tick_aes_key));
4415 } else {
4416 memcpy(keys, ctx->ext.tick_key_name,
4417 sizeof(ctx->ext.tick_key_name));
4418 memcpy(keys + sizeof(ctx->ext.tick_key_name),
4419 ctx->ext.secure->tick_hmac_key,
4420 sizeof(ctx->ext.secure->tick_hmac_key));
4421 memcpy(keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key),
4422 ctx->ext.secure->tick_aes_key,
4423 sizeof(ctx->ext.secure->tick_aes_key));
4424 }
4425 return 1;
4426 }
4427
4428 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4429 return ctx->ext.status_type;
4430
4431 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4432 ctx->ext.status_type = larg;
4433 break;
4434
4435 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4436 ctx->ext.status_arg = parg;
4437 return 1;
4438
4439 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4440 *(void **)parg = ctx->ext.status_arg;
4441 break;
4442
4443 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4444 *(int (**)(SSL *, void *))parg = ctx->ext.status_cb;
4445 break;
4446
4447 #ifndef OPENSSL_NO_SRP
4448 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4449 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4450 OPENSSL_free(ctx->srp_ctx.login);
4451 ctx->srp_ctx.login = NULL;
4452 if (parg == NULL)
4453 break;
4454 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4455 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4456 return 0;
4457 }
4458 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4459 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4460 return 0;
4461 }
4462 break;
4463 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4464 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
4465 if (ctx->srp_ctx.info != NULL)
4466 OPENSSL_free(ctx->srp_ctx.info);
4467 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4468 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4469 return 0;
4470 }
4471 break;
4472 case SSL_CTRL_SET_SRP_ARG:
4473 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4474 ctx->srp_ctx.SRP_cb_arg = parg;
4475 break;
4476
4477 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4478 ctx->srp_ctx.strength = larg;
4479 break;
4480 #endif
4481
4482 case SSL_CTRL_SET_GROUPS:
4483 return tls1_set_groups(&ctx->ext.supportedgroups,
4484 &ctx->ext.supportedgroups_len,
4485 &ctx->ext.keyshares,
4486 &ctx->ext.keyshares_len,
4487 &ctx->ext.tuples,
4488 &ctx->ext.tuples_len,
4489 parg, larg);
4490
4491 case SSL_CTRL_SET_GROUPS_LIST:
4492 return tls1_set_groups_list(ctx,
4493 &ctx->ext.supportedgroups,
4494 &ctx->ext.supportedgroups_len,
4495 &ctx->ext.keyshares,
4496 &ctx->ext.keyshares_len,
4497 &ctx->ext.tuples,
4498 &ctx->ext.tuples_len,
4499 parg);
4500
4501 case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4502 return tls1_get0_implemented_groups(ctx->min_proto_version,
4503 ctx->max_proto_version,
4504 ctx->group_list,
4505 ctx->group_list_len, larg, parg);
4506
4507 case SSL_CTRL_SET_SIGALGS:
4508 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4509
4510 case SSL_CTRL_SET_SIGALGS_LIST:
4511 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4512
4513 case SSL_CTRL_SET_CLIENT_SIGALGS:
4514 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4515
4516 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4517 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4518
4519 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4520 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4521
4522 case SSL_CTRL_BUILD_CERT_CHAIN:
4523 return ssl_build_cert_chain(NULL, ctx, larg);
4524
4525 case SSL_CTRL_SET_VERIFY_CERT_STORE:
4526 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4527
4528 case SSL_CTRL_SET_CHAIN_CERT_STORE:
4529 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4530
4531 case SSL_CTRL_GET_VERIFY_CERT_STORE:
4532 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4533
4534 case SSL_CTRL_GET_CHAIN_CERT_STORE:
4535 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4536
4537 /* A Thawte special :-) */
4538 case SSL_CTRL_EXTRA_CHAIN_CERT:
4539 if (ctx->extra_certs == NULL) {
4540 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4541 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4542 return 0;
4543 }
4544 }
4545 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4546 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4547 return 0;
4548 }
4549 break;
4550
4551 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4552 if (ctx->extra_certs == NULL && larg == 0)
4553 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4554 else
4555 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4556 break;
4557
4558 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4559 OSSL_STACK_OF_X509_free(ctx->extra_certs);
4560 ctx->extra_certs = NULL;
4561 break;
4562
4563 case SSL_CTRL_CHAIN:
4564 if (larg)
4565 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4566 else
4567 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4568
4569 case SSL_CTRL_CHAIN_CERT:
4570 if (larg)
4571 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4572 else
4573 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4574
4575 case SSL_CTRL_GET_CHAIN_CERTS:
4576 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4577 break;
4578
4579 case SSL_CTRL_SELECT_CURRENT_CERT:
4580 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4581
4582 case SSL_CTRL_SET_CURRENT_CERT:
4583 return ssl_cert_set_current(ctx->cert, larg);
4584
4585 default:
4586 return 0;
4587 }
4588 return 1;
4589 }
4590
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))4591 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
4592 {
4593 switch (cmd) {
4594 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4595 case SSL_CTRL_SET_TMP_DH_CB: {
4596 ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
4597 } break;
4598 #endif
4599 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4600 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4601 break;
4602
4603 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4604 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4605 break;
4606
4607 #ifndef OPENSSL_NO_DEPRECATED_3_0
4608 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4609 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4610 unsigned char *,
4611 EVP_CIPHER_CTX *,
4612 HMAC_CTX *, int))fp;
4613 break;
4614 #endif
4615
4616 #ifndef OPENSSL_NO_SRP
4617 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4618 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4619 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4620 break;
4621 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4622 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4623 ctx->srp_ctx.TLS_ext_srp_username_callback = (int (*)(SSL *, int *, void *))fp;
4624 break;
4625 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4626 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4627 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = (char *(*)(SSL *, void *))fp;
4628 break;
4629 #endif
4630 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: {
4631 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4632 } break;
4633 default:
4634 return 0;
4635 }
4636 return 1;
4637 }
4638
SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX * ctx,int (* fp)(SSL *,unsigned char *,unsigned char *,EVP_CIPHER_CTX *,EVP_MAC_CTX *,int))4639 int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4640 {
4641 ctx->ext.ticket_key_evp_cb = fp;
4642 return 1;
4643 }
4644
ssl3_get_cipher_by_id(uint32_t id)4645 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4646 {
4647 SSL_CIPHER c;
4648 const SSL_CIPHER *cp;
4649
4650 c.id = id;
4651 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4652 if (cp != NULL)
4653 return cp;
4654 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4655 if (cp != NULL)
4656 return cp;
4657 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4658 }
4659
ssl3_get_cipher_by_std_name(const char * stdname)4660 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4661 {
4662 SSL_CIPHER *tbl;
4663 SSL_CIPHER *alltabs[] = { tls13_ciphers, ssl3_ciphers, ssl3_scsvs };
4664 size_t i, j, tblsize[] = { TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, SSL3_NUM_SCSVS };
4665
4666 /* this is not efficient, necessary to optimize this? */
4667 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4668 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4669 if (tbl->stdname == NULL)
4670 continue;
4671 if (strcmp(stdname, tbl->stdname) == 0) {
4672 return tbl;
4673 }
4674 }
4675 }
4676 return NULL;
4677 }
4678
4679 /*
4680 * This function needs to check if the ciphers required are actually
4681 * available
4682 */
ssl3_get_cipher_by_char(const unsigned char * p)4683 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4684 {
4685 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4686 | ((uint32_t)p[0] << 8L)
4687 | (uint32_t)p[1]);
4688 }
4689
ssl3_put_cipher_by_char(const SSL_CIPHER * c,WPACKET * pkt,size_t * len)4690 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4691 {
4692 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4693 *len = 0;
4694 return 1;
4695 }
4696
4697 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4698 return 0;
4699
4700 *len = 2;
4701 return 1;
4702 }
4703
4704 /*
4705 * ssl3_choose_cipher - choose a cipher from those offered by the client
4706 * @s: SSL connection
4707 * @clnt: ciphers offered by the client
4708 * @srvr: ciphers enabled on the server?
4709 *
4710 * Returns the selected cipher or NULL when no common ciphers.
4711 */
ssl3_choose_cipher(SSL_CONNECTION * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)4712 const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4713 STACK_OF(SSL_CIPHER) *srvr)
4714 {
4715 const SSL_CIPHER *c, *ret = NULL;
4716 STACK_OF(SSL_CIPHER) *prio, *allow;
4717 int i, ii, ok, prefer_sha256 = 0;
4718 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4719 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4720
4721 /* Let's see which ciphers we can support */
4722
4723 /*
4724 * Do not set the compare functions, because this may lead to a
4725 * reordering by "id". We want to keep the original ordering. We may pay
4726 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4727 * pay with the price of sk_SSL_CIPHER_dup().
4728 */
4729
4730 OSSL_TRACE_BEGIN(TLS_CIPHER)
4731 {
4732 BIO_printf(trc_out, "Server has %d from %p:\n",
4733 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4734 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4735 c = sk_SSL_CIPHER_value(srvr, i);
4736 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4737 }
4738 BIO_printf(trc_out, "Client sent %d from %p:\n",
4739 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4740 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4741 c = sk_SSL_CIPHER_value(clnt, i);
4742 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4743 }
4744 }
4745 OSSL_TRACE_END(TLS_CIPHER);
4746
4747 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4748 if (tls1_suiteb(s)) {
4749 prio = srvr;
4750 allow = clnt;
4751 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4752 prio = srvr;
4753 allow = clnt;
4754
4755 /* If ChaCha20 is at the top of the client preference list,
4756 and there are ChaCha20 ciphers in the server list, then
4757 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4758 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4759 c = sk_SSL_CIPHER_value(clnt, 0);
4760 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4761 /* ChaCha20 is client preferred, check server... */
4762 int num = sk_SSL_CIPHER_num(srvr);
4763 int found = 0;
4764 for (i = 0; i < num; i++) {
4765 c = sk_SSL_CIPHER_value(srvr, i);
4766 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4767 found = 1;
4768 break;
4769 }
4770 }
4771 if (found) {
4772 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4773 /* if reserve fails, then there's likely a memory issue */
4774 if (prio_chacha != NULL) {
4775 /* Put all ChaCha20 at the top, starting with the one we just found */
4776 sk_SSL_CIPHER_push(prio_chacha, c);
4777 for (i++; i < num; i++) {
4778 c = sk_SSL_CIPHER_value(srvr, i);
4779 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4780 sk_SSL_CIPHER_push(prio_chacha, c);
4781 }
4782 /* Pull in the rest */
4783 for (i = 0; i < num; i++) {
4784 c = sk_SSL_CIPHER_value(srvr, i);
4785 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4786 sk_SSL_CIPHER_push(prio_chacha, c);
4787 }
4788 prio = prio_chacha;
4789 }
4790 }
4791 }
4792 }
4793 } else {
4794 prio = clnt;
4795 allow = srvr;
4796 }
4797
4798 if (SSL_CONNECTION_IS_TLS13(s)) {
4799 #ifndef OPENSSL_NO_PSK
4800 size_t j;
4801
4802 /*
4803 * If we allow "old" style PSK callbacks, and we have no certificate (so
4804 * we're not going to succeed without a PSK anyway), and we're in
4805 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4806 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4807 * that.
4808 */
4809 if (s->psk_server_callback != NULL) {
4810 for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++)
4811 ;
4812 if (j == s->ssl_pkey_num) {
4813 /* There are no certificates */
4814 prefer_sha256 = 1;
4815 }
4816 }
4817 #endif
4818 } else {
4819 tls1_set_cert_validity(s);
4820 ssl_set_masks(s);
4821 }
4822
4823 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4824 int minversion, maxversion;
4825
4826 c = sk_SSL_CIPHER_value(prio, i);
4827 minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4828 maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4829
4830 /* Skip ciphers not supported by the protocol version */
4831 if (ssl_version_cmp(s, s->version, minversion) < 0
4832 || ssl_version_cmp(s, s->version, maxversion) > 0)
4833 continue;
4834
4835 /*
4836 * Since TLS 1.3 ciphersuites can be used with any auth or
4837 * key exchange scheme skip tests.
4838 */
4839 if (!SSL_CONNECTION_IS_TLS13(s)) {
4840 mask_k = s->s3.tmp.mask_k;
4841 mask_a = s->s3.tmp.mask_a;
4842 #ifndef OPENSSL_NO_SRP
4843 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4844 mask_k |= SSL_kSRP;
4845 mask_a |= SSL_aSRP;
4846 }
4847 #endif
4848
4849 alg_k = c->algorithm_mkey;
4850 alg_a = c->algorithm_auth;
4851
4852 #ifndef OPENSSL_NO_PSK
4853 /* with PSK there must be server callback set */
4854 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4855 continue;
4856 #endif /* OPENSSL_NO_PSK */
4857
4858 ok = (alg_k & mask_k) && (alg_a & mask_a);
4859 OSSL_TRACE7(TLS_CIPHER,
4860 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4861 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4862
4863 /*
4864 * if we are considering an ECC cipher suite that uses an ephemeral
4865 * EC key check it
4866 */
4867 if (alg_k & SSL_kECDHE)
4868 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4869
4870 if (!ok)
4871 continue;
4872 }
4873 ii = sk_SSL_CIPHER_find(allow, c);
4874 if (ii >= 0) {
4875 /* Check security callback permits this cipher */
4876 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4877 c->strength_bits, 0, (void *)c))
4878 continue;
4879
4880 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4881 && s->s3.is_probably_safari) {
4882 if (!ret)
4883 ret = sk_SSL_CIPHER_value(allow, ii);
4884 continue;
4885 }
4886
4887 if (prefer_sha256) {
4888 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4889 const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4890 tmp->algorithm2);
4891
4892 if (md != NULL
4893 && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4894 ret = tmp;
4895 break;
4896 }
4897 if (ret == NULL)
4898 ret = tmp;
4899 continue;
4900 }
4901 ret = sk_SSL_CIPHER_value(allow, ii);
4902 break;
4903 }
4904 }
4905
4906 sk_SSL_CIPHER_free(prio_chacha);
4907
4908 return ret;
4909 }
4910
ssl3_get_req_cert_type(SSL_CONNECTION * s,WPACKET * pkt)4911 int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4912 {
4913 uint32_t alg_k, alg_a = 0;
4914
4915 /* If we have custom certificate types set, use them */
4916 if (s->cert->ctype)
4917 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4918 /* Get mask of algorithms disabled by signature list */
4919 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4920
4921 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4922
4923 #ifndef OPENSSL_NO_GOST
4924 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4925 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4926 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4927 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4928 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4929 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4930 return 0;
4931
4932 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4933 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4934 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4935 return 0;
4936 #endif
4937
4938 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4939 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4940 return 0;
4941 if (!(alg_a & SSL_aDSS)
4942 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4943 return 0;
4944 }
4945 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4946 return 0;
4947 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4948 return 0;
4949
4950 /*
4951 * ECDSA certs can be used with RSA cipher suites too so we don't
4952 * need to check for SSL_kECDH or SSL_kECDHE
4953 */
4954 if (s->version >= TLS1_VERSION
4955 && !(alg_a & SSL_aECDSA)
4956 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4957 return 0;
4958
4959 return 1;
4960 }
4961
ssl3_set_req_cert_type(CERT * c,const unsigned char * p,size_t len)4962 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4963 {
4964 OPENSSL_free(c->ctype);
4965 c->ctype = NULL;
4966 c->ctype_len = 0;
4967 if (p == NULL || len == 0)
4968 return 1;
4969 if (len > 0xff)
4970 return 0;
4971 c->ctype = OPENSSL_memdup(p, len);
4972 if (c->ctype == NULL)
4973 return 0;
4974 c->ctype_len = len;
4975 return 1;
4976 }
4977
ssl3_shutdown(SSL * s)4978 int ssl3_shutdown(SSL *s)
4979 {
4980 int ret;
4981 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4982
4983 if (sc == NULL)
4984 return 0;
4985
4986 /*
4987 * Don't do anything much if we have not done the handshake or we don't
4988 * want to send messages :-)
4989 */
4990 if (sc->quiet_shutdown || SSL_in_before(s)) {
4991 sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4992 return 1;
4993 }
4994
4995 if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4996 sc->shutdown |= SSL_SENT_SHUTDOWN;
4997 ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4998 /*
4999 * our shutdown alert has been sent now, and if it still needs to be
5000 * written, s->s3.alert_dispatch will be > 0
5001 */
5002 if (sc->s3.alert_dispatch > 0)
5003 return -1; /* return WANT_WRITE */
5004 } else if (sc->s3.alert_dispatch > 0) {
5005 /* resend it if not sent */
5006 ret = s->method->ssl_dispatch_alert(s);
5007 if (ret == -1) {
5008 /*
5009 * we only get to return -1 here the 2nd/Nth invocation, we must
5010 * have already signalled return 0 upon a previous invocation,
5011 * return WANT_WRITE
5012 */
5013 return ret;
5014 }
5015 } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
5016 size_t readbytes;
5017 /*
5018 * If we are waiting for a close from our peer, we are closed
5019 */
5020 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
5021 if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
5022 return -1; /* return WANT_READ */
5023 }
5024 }
5025
5026 if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
5027 && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
5028 return 1;
5029 else
5030 return 0;
5031 }
5032
ssl3_write(SSL * s,const void * buf,size_t len,size_t * written)5033 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
5034 {
5035 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5036
5037 if (sc == NULL)
5038 return 0;
5039
5040 clear_sys_error();
5041 if (sc->s3.renegotiate)
5042 ssl3_renegotiate_check(s, 0);
5043
5044 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
5045 written);
5046 }
5047
ssl3_read_internal(SSL * s,void * buf,size_t len,int peek,size_t * readbytes)5048 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
5049 size_t *readbytes)
5050 {
5051 int ret;
5052 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5053
5054 if (sc == NULL)
5055 return 0;
5056
5057 clear_sys_error();
5058 if (sc->s3.renegotiate)
5059 ssl3_renegotiate_check(s, 0);
5060 sc->s3.in_read_app_data = 1;
5061 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
5062 peek, readbytes);
5063 if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
5064 /*
5065 * ssl3_read_bytes decided to call s->handshake_func, which called
5066 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
5067 * actually found application data and thinks that application data
5068 * makes sense here; so disable handshake processing and try to read
5069 * application data again.
5070 */
5071 ossl_statem_set_in_handshake(sc, 1);
5072 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
5073 len, peek, readbytes);
5074 ossl_statem_set_in_handshake(sc, 0);
5075 } else
5076 sc->s3.in_read_app_data = 0;
5077
5078 return ret;
5079 }
5080
ssl3_read(SSL * s,void * buf,size_t len,size_t * readbytes)5081 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
5082 {
5083 return ssl3_read_internal(s, buf, len, 0, readbytes);
5084 }
5085
ssl3_peek(SSL * s,void * buf,size_t len,size_t * readbytes)5086 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
5087 {
5088 return ssl3_read_internal(s, buf, len, 1, readbytes);
5089 }
5090
ssl3_renegotiate(SSL * s)5091 int ssl3_renegotiate(SSL *s)
5092 {
5093 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5094
5095 if (sc == NULL)
5096 return 0;
5097
5098 if (sc->handshake_func == NULL)
5099 return 1;
5100
5101 sc->s3.renegotiate = 1;
5102 return 1;
5103 }
5104
5105 /*
5106 * Check if we are waiting to do a renegotiation and if so whether now is a
5107 * good time to do it. If |initok| is true then we are being called from inside
5108 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
5109 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
5110 * should do a renegotiation now and sets up the state machine for it. Otherwise
5111 * returns 0.
5112 */
ssl3_renegotiate_check(SSL * s,int initok)5113 int ssl3_renegotiate_check(SSL *s, int initok)
5114 {
5115 int ret = 0;
5116 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5117
5118 if (sc == NULL)
5119 return 0;
5120
5121 if (sc->s3.renegotiate) {
5122 if (!RECORD_LAYER_read_pending(&sc->rlayer)
5123 && !RECORD_LAYER_write_pending(&sc->rlayer)
5124 && (initok || !SSL_in_init(s))) {
5125 /*
5126 * if we are the server, and we have sent a 'RENEGOTIATE'
5127 * message, we need to set the state machine into the renegotiate
5128 * state.
5129 */
5130 ossl_statem_set_renegotiate(sc);
5131 sc->s3.renegotiate = 0;
5132 sc->s3.num_renegotiations++;
5133 sc->s3.total_renegotiations++;
5134 ret = 1;
5135 }
5136 }
5137 return ret;
5138 }
5139
5140 /*
5141 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
5142 * handshake macs if required.
5143 *
5144 * If PSK and using SHA384 for TLS < 1.2 switch to default.
5145 */
ssl_get_algorithm2(SSL_CONNECTION * s)5146 long ssl_get_algorithm2(SSL_CONNECTION *s)
5147 {
5148 long alg2;
5149 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
5150
5151 if (s->s3.tmp.new_cipher == NULL)
5152 return -1;
5153 alg2 = s->s3.tmp.new_cipher->algorithm2;
5154 if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
5155 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
5156 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
5157 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
5158 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
5159 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
5160 }
5161 return alg2;
5162 }
5163
5164 /*
5165 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
5166 * failure, 1 on success.
5167 */
ssl_fill_hello_random(SSL_CONNECTION * s,int server,unsigned char * result,size_t len,DOWNGRADE dgrd)5168 int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
5169 unsigned char *result, size_t len,
5170 DOWNGRADE dgrd)
5171 {
5172 int send_time = 0, ret;
5173
5174 if (len < 4)
5175 return 0;
5176 if (server)
5177 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
5178 else
5179 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
5180 if (send_time) {
5181 unsigned long Time = (unsigned long)time(NULL);
5182 unsigned char *p = result;
5183
5184 l2n(Time, p);
5185 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
5186 } else {
5187 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
5188 }
5189
5190 if (ret > 0) {
5191 if (!ossl_assert(sizeof(tls11downgrade) < len)
5192 || !ossl_assert(sizeof(tls12downgrade) < len))
5193 return 0;
5194 if (dgrd == DOWNGRADE_TO_1_2)
5195 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
5196 sizeof(tls12downgrade));
5197 else if (dgrd == DOWNGRADE_TO_1_1)
5198 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
5199 sizeof(tls11downgrade));
5200 }
5201
5202 return ret;
5203 }
5204
ssl_generate_master_secret(SSL_CONNECTION * s,unsigned char * pms,size_t pmslen,int free_pms)5205 int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
5206 size_t pmslen, int free_pms)
5207 {
5208 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
5209 int ret = 0;
5210 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
5211
5212 if (alg_k & SSL_PSK) {
5213 #ifndef OPENSSL_NO_PSK
5214 unsigned char *pskpms, *t;
5215 size_t psklen = s->s3.tmp.psklen;
5216 size_t pskpmslen;
5217
5218 /* create PSK premaster_secret */
5219
5220 /* For plain PSK "other_secret" is psklen zeroes */
5221 if (alg_k & SSL_kPSK)
5222 pmslen = psklen;
5223
5224 pskpmslen = 4 + pmslen + psklen;
5225 pskpms = OPENSSL_malloc(pskpmslen);
5226 if (pskpms == NULL)
5227 goto err;
5228 t = pskpms;
5229 s2n(pmslen, t);
5230 if (alg_k & SSL_kPSK)
5231 memset(t, 0, pmslen);
5232 else
5233 memcpy(t, pms, pmslen);
5234 t += pmslen;
5235 s2n(psklen, t);
5236 memcpy(t, s->s3.tmp.psk, psklen);
5237
5238 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
5239 s->s3.tmp.psk = NULL;
5240 s->s3.tmp.psklen = 0;
5241 if (!ssl->method->ssl3_enc->generate_master_secret(s,
5242 s->session->master_key, pskpms, pskpmslen,
5243 &s->session->master_key_length)) {
5244 OPENSSL_clear_free(pskpms, pskpmslen);
5245 /* SSLfatal() already called */
5246 goto err;
5247 }
5248 OPENSSL_clear_free(pskpms, pskpmslen);
5249 #else
5250 /* Should never happen */
5251 goto err;
5252 #endif
5253 } else {
5254 if (!ssl->method->ssl3_enc->generate_master_secret(s,
5255 s->session->master_key, pms, pmslen,
5256 &s->session->master_key_length)) {
5257 /* SSLfatal() already called */
5258 goto err;
5259 }
5260 }
5261
5262 ret = 1;
5263 err:
5264 if (pms) {
5265 if (free_pms)
5266 OPENSSL_clear_free(pms, pmslen);
5267 else
5268 OPENSSL_cleanse(pms, pmslen);
5269 }
5270 if (s->server == 0) {
5271 s->s3.tmp.pms = NULL;
5272 s->s3.tmp.pmslen = 0;
5273 }
5274 return ret;
5275 }
5276
5277 /* Generate a private key from parameters */
ssl_generate_pkey(SSL_CONNECTION * s,EVP_PKEY * pm)5278 EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
5279 {
5280 EVP_PKEY_CTX *pctx = NULL;
5281 EVP_PKEY *pkey = NULL;
5282 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5283
5284 if (pm == NULL)
5285 return NULL;
5286 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
5287 if (pctx == NULL)
5288 goto err;
5289 if (EVP_PKEY_keygen_init(pctx) <= 0)
5290 goto err;
5291 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
5292 EVP_PKEY_free(pkey);
5293 pkey = NULL;
5294 }
5295
5296 err:
5297 EVP_PKEY_CTX_free(pctx);
5298 return pkey;
5299 }
5300
5301 /* Generate a private key from a group ID */
ssl_generate_pkey_group(SSL_CONNECTION * s,uint16_t id)5302 EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
5303 {
5304 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5305 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
5306 EVP_PKEY_CTX *pctx = NULL;
5307 EVP_PKEY *pkey = NULL;
5308
5309 if (ginf == NULL) {
5310 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5311 goto err;
5312 }
5313
5314 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
5315 sctx->propq);
5316
5317 if (pctx == NULL) {
5318 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5319 goto err;
5320 }
5321 if (EVP_PKEY_keygen_init(pctx) <= 0) {
5322 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5323 goto err;
5324 }
5325 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
5326 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5327 goto err;
5328 }
5329 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
5330 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5331 EVP_PKEY_free(pkey);
5332 pkey = NULL;
5333 }
5334
5335 err:
5336 EVP_PKEY_CTX_free(pctx);
5337 return pkey;
5338 }
5339
5340 /*
5341 * Generate parameters from a group ID
5342 */
ssl_generate_param_group(SSL_CONNECTION * s,uint16_t id)5343 EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
5344 {
5345 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5346 EVP_PKEY_CTX *pctx = NULL;
5347 EVP_PKEY *pkey = NULL;
5348 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
5349
5350 if (ginf == NULL)
5351 goto err;
5352
5353 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
5354 sctx->propq);
5355
5356 if (pctx == NULL)
5357 goto err;
5358 if (EVP_PKEY_paramgen_init(pctx) <= 0)
5359 goto err;
5360 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
5361 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5362 goto err;
5363 }
5364 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
5365 EVP_PKEY_free(pkey);
5366 pkey = NULL;
5367 }
5368
5369 err:
5370 EVP_PKEY_CTX_free(pctx);
5371 return pkey;
5372 }
5373
5374 /* Generate secrets from pms */
ssl_gensecret(SSL_CONNECTION * s,unsigned char * pms,size_t pmslen)5375 int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
5376 {
5377 int rv = 0;
5378
5379 /* SSLfatal() called as appropriate in the below functions */
5380 if (SSL_CONNECTION_IS_TLS13(s)) {
5381 /*
5382 * If we are resuming then we already generated the early secret
5383 * when we created the ClientHello, so don't recreate it.
5384 */
5385 if (!s->hit)
5386 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
5387 0,
5388 (unsigned char *)&s->early_secret);
5389 else
5390 rv = 1;
5391
5392 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
5393 } else {
5394 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5395 }
5396
5397 return rv;
5398 }
5399
5400 /* Derive secrets for ECDH/DH */
ssl_derive(SSL_CONNECTION * s,EVP_PKEY * privkey,EVP_PKEY * pubkey,int gensecret)5401 int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5402 {
5403 int rv = 0;
5404 unsigned char *pms = NULL;
5405 size_t pmslen = 0;
5406 EVP_PKEY_CTX *pctx;
5407 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5408
5409 if (privkey == NULL || pubkey == NULL) {
5410 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5411 return 0;
5412 }
5413
5414 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5415
5416 if (EVP_PKEY_derive_init(pctx) <= 0
5417 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5418 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5419 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5420 goto err;
5421 }
5422
5423 if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
5424 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5425
5426 pms = OPENSSL_malloc(pmslen);
5427 if (pms == NULL) {
5428 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5429 goto err;
5430 }
5431
5432 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5433 /*
5434 * the public key was probably a weak key
5435 */
5436 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5437 goto err;
5438 }
5439
5440 if (gensecret) {
5441 /* SSLfatal() called as appropriate in the below functions */
5442 rv = ssl_gensecret(s, pms, pmslen);
5443 } else {
5444 /* Save premaster secret */
5445 s->s3.tmp.pms = pms;
5446 s->s3.tmp.pmslen = pmslen;
5447 pms = NULL;
5448 rv = 1;
5449 }
5450
5451 err:
5452 OPENSSL_clear_free(pms, pmslen);
5453 EVP_PKEY_CTX_free(pctx);
5454 return rv;
5455 }
5456
5457 /* Decapsulate secrets for KEM */
ssl_decapsulate(SSL_CONNECTION * s,EVP_PKEY * privkey,const unsigned char * ct,size_t ctlen,int gensecret)5458 int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5459 const unsigned char *ct, size_t ctlen,
5460 int gensecret)
5461 {
5462 int rv = 0;
5463 unsigned char *pms = NULL;
5464 size_t pmslen = 0;
5465 EVP_PKEY_CTX *pctx;
5466 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5467
5468 if (privkey == NULL) {
5469 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5470 return 0;
5471 }
5472
5473 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5474
5475 if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5476 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5477 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5478 goto err;
5479 }
5480
5481 pms = OPENSSL_malloc(pmslen);
5482 if (pms == NULL) {
5483 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5484 goto err;
5485 }
5486
5487 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5488 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5489 goto err;
5490 }
5491
5492 if (gensecret) {
5493 /* SSLfatal() called as appropriate in the below functions */
5494 rv = ssl_gensecret(s, pms, pmslen);
5495 } else {
5496 /* Save premaster secret */
5497 s->s3.tmp.pms = pms;
5498 s->s3.tmp.pmslen = pmslen;
5499 pms = NULL;
5500 rv = 1;
5501 }
5502
5503 err:
5504 OPENSSL_clear_free(pms, pmslen);
5505 EVP_PKEY_CTX_free(pctx);
5506 return rv;
5507 }
5508
ssl_encapsulate(SSL_CONNECTION * s,EVP_PKEY * pubkey,unsigned char ** ctp,size_t * ctlenp,int gensecret)5509 int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5510 unsigned char **ctp, size_t *ctlenp,
5511 int gensecret)
5512 {
5513 int rv = 0;
5514 unsigned char *pms = NULL, *ct = NULL;
5515 size_t pmslen = 0, ctlen = 0;
5516 EVP_PKEY_CTX *pctx;
5517 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5518
5519 if (pubkey == NULL) {
5520 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5521 return 0;
5522 }
5523
5524 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5525
5526 if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5527 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5528 || pmslen == 0 || ctlen == 0) {
5529 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5530 goto err;
5531 }
5532
5533 pms = OPENSSL_malloc(pmslen);
5534 ct = OPENSSL_malloc(ctlen);
5535 if (pms == NULL || ct == NULL) {
5536 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5537 goto err;
5538 }
5539
5540 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5541 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5542 goto err;
5543 }
5544
5545 if (gensecret) {
5546 /* SSLfatal() called as appropriate in the below functions */
5547 rv = ssl_gensecret(s, pms, pmslen);
5548 } else {
5549 /* Save premaster secret */
5550 s->s3.tmp.pms = pms;
5551 s->s3.tmp.pmslen = pmslen;
5552 pms = NULL;
5553 rv = 1;
5554 }
5555
5556 if (rv > 0) {
5557 /* Pass ownership of ct to caller */
5558 *ctp = ct;
5559 *ctlenp = ctlen;
5560 ct = NULL;
5561 }
5562
5563 err:
5564 OPENSSL_clear_free(pms, pmslen);
5565 OPENSSL_free(ct);
5566 EVP_PKEY_CTX_free(pctx);
5567 return rv;
5568 }
5569
SSL_get0_group_name(SSL * s)5570 const char *SSL_get0_group_name(SSL *s)
5571 {
5572 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5573 unsigned int id;
5574
5575 if (sc == NULL)
5576 return NULL;
5577
5578 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5579 id = sc->s3.group_id;
5580 else
5581 id = sc->session->kex_group;
5582
5583 return tls1_group_id2name(s->ctx, id);
5584 }
5585
SSL_group_to_name(SSL * s,int nid)5586 const char *SSL_group_to_name(SSL *s, int nid)
5587 {
5588 int group_id = 0;
5589 const TLS_GROUP_INFO *cinf = NULL;
5590
5591 /* first convert to real group id for internal and external IDs */
5592 if (nid & TLSEXT_nid_unknown)
5593 group_id = nid & 0xFFFF;
5594 else
5595 group_id = tls1_nid2group_id(nid);
5596
5597 /* then look up */
5598 cinf = tls1_group_id_lookup(s->ctx, group_id);
5599
5600 if (cinf != NULL)
5601 return cinf->tlsname;
5602 return NULL;
5603 }
5604