xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision 5956d97f4b3204318ceb6aa9c77bd0bc6ea87a41)
1 /*
2  * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  * Copyright 2005 Nokia. All rights reserved.
5  *
6  * Licensed under the OpenSSL license (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  */
11 
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include "internal/cryptlib.h"
20 
21 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
22 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
23 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
24 
25 /* TLSv1.3 downgrade protection sentinel values */
26 const unsigned char tls11downgrade[] = {
27     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28 };
29 const unsigned char tls12downgrade[] = {
30     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
31 };
32 
33 /* The list of available TLSv1.3 ciphers */
34 static SSL_CIPHER tls13_ciphers[] = {
35     {
36         1,
37         TLS1_3_RFC_AES_128_GCM_SHA256,
38         TLS1_3_RFC_AES_128_GCM_SHA256,
39         TLS1_3_CK_AES_128_GCM_SHA256,
40         SSL_kANY,
41         SSL_aANY,
42         SSL_AES128GCM,
43         SSL_AEAD,
44         TLS1_3_VERSION, TLS1_3_VERSION,
45         0, 0,
46         SSL_HIGH,
47         SSL_HANDSHAKE_MAC_SHA256,
48         128,
49         128,
50     }, {
51         1,
52         TLS1_3_RFC_AES_256_GCM_SHA384,
53         TLS1_3_RFC_AES_256_GCM_SHA384,
54         TLS1_3_CK_AES_256_GCM_SHA384,
55         SSL_kANY,
56         SSL_aANY,
57         SSL_AES256GCM,
58         SSL_AEAD,
59         TLS1_3_VERSION, TLS1_3_VERSION,
60         0, 0,
61         SSL_HIGH,
62         SSL_HANDSHAKE_MAC_SHA384,
63         256,
64         256,
65     },
66 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
67     {
68         1,
69         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
70         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
71         TLS1_3_CK_CHACHA20_POLY1305_SHA256,
72         SSL_kANY,
73         SSL_aANY,
74         SSL_CHACHA20POLY1305,
75         SSL_AEAD,
76         TLS1_3_VERSION, TLS1_3_VERSION,
77         0, 0,
78         SSL_HIGH,
79         SSL_HANDSHAKE_MAC_SHA256,
80         256,
81         256,
82     },
83 #endif
84     {
85         1,
86         TLS1_3_RFC_AES_128_CCM_SHA256,
87         TLS1_3_RFC_AES_128_CCM_SHA256,
88         TLS1_3_CK_AES_128_CCM_SHA256,
89         SSL_kANY,
90         SSL_aANY,
91         SSL_AES128CCM,
92         SSL_AEAD,
93         TLS1_3_VERSION, TLS1_3_VERSION,
94         0, 0,
95         SSL_NOT_DEFAULT | SSL_HIGH,
96         SSL_HANDSHAKE_MAC_SHA256,
97         128,
98         128,
99     }, {
100         1,
101         TLS1_3_RFC_AES_128_CCM_8_SHA256,
102         TLS1_3_RFC_AES_128_CCM_8_SHA256,
103         TLS1_3_CK_AES_128_CCM_8_SHA256,
104         SSL_kANY,
105         SSL_aANY,
106         SSL_AES128CCM8,
107         SSL_AEAD,
108         TLS1_3_VERSION, TLS1_3_VERSION,
109         0, 0,
110         SSL_NOT_DEFAULT | SSL_HIGH,
111         SSL_HANDSHAKE_MAC_SHA256,
112         128,
113         128,
114     }
115 };
116 
117 /*
118  * The list of available ciphers, mostly organized into the following
119  * groups:
120  *      Always there
121  *      EC
122  *      PSK
123  *      SRP (within that: RSA EC PSK)
124  *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
125  *      Weak ciphers
126  */
127 static SSL_CIPHER ssl3_ciphers[] = {
128     {
129      1,
130      SSL3_TXT_RSA_NULL_MD5,
131      SSL3_RFC_RSA_NULL_MD5,
132      SSL3_CK_RSA_NULL_MD5,
133      SSL_kRSA,
134      SSL_aRSA,
135      SSL_eNULL,
136      SSL_MD5,
137      SSL3_VERSION, TLS1_2_VERSION,
138      DTLS1_BAD_VER, DTLS1_2_VERSION,
139      SSL_STRONG_NONE,
140      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
141      0,
142      0,
143      },
144     {
145      1,
146      SSL3_TXT_RSA_NULL_SHA,
147      SSL3_RFC_RSA_NULL_SHA,
148      SSL3_CK_RSA_NULL_SHA,
149      SSL_kRSA,
150      SSL_aRSA,
151      SSL_eNULL,
152      SSL_SHA1,
153      SSL3_VERSION, TLS1_2_VERSION,
154      DTLS1_BAD_VER, DTLS1_2_VERSION,
155      SSL_STRONG_NONE | SSL_FIPS,
156      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
157      0,
158      0,
159      },
160 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
161     {
162      1,
163      SSL3_TXT_RSA_DES_192_CBC3_SHA,
164      SSL3_RFC_RSA_DES_192_CBC3_SHA,
165      SSL3_CK_RSA_DES_192_CBC3_SHA,
166      SSL_kRSA,
167      SSL_aRSA,
168      SSL_3DES,
169      SSL_SHA1,
170      SSL3_VERSION, TLS1_2_VERSION,
171      DTLS1_BAD_VER, DTLS1_2_VERSION,
172      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
173      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
174      112,
175      168,
176      },
177     {
178      1,
179      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
180      SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
181      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
182      SSL_kDHE,
183      SSL_aDSS,
184      SSL_3DES,
185      SSL_SHA1,
186      SSL3_VERSION, TLS1_2_VERSION,
187      DTLS1_BAD_VER, DTLS1_2_VERSION,
188      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
189      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
190      112,
191      168,
192      },
193     {
194      1,
195      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
196      SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
197      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
198      SSL_kDHE,
199      SSL_aRSA,
200      SSL_3DES,
201      SSL_SHA1,
202      SSL3_VERSION, TLS1_2_VERSION,
203      DTLS1_BAD_VER, DTLS1_2_VERSION,
204      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
205      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
206      112,
207      168,
208      },
209     {
210      1,
211      SSL3_TXT_ADH_DES_192_CBC_SHA,
212      SSL3_RFC_ADH_DES_192_CBC_SHA,
213      SSL3_CK_ADH_DES_192_CBC_SHA,
214      SSL_kDHE,
215      SSL_aNULL,
216      SSL_3DES,
217      SSL_SHA1,
218      SSL3_VERSION, TLS1_2_VERSION,
219      DTLS1_BAD_VER, DTLS1_2_VERSION,
220      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
221      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
222      112,
223      168,
224      },
225 #endif
226     {
227      1,
228      TLS1_TXT_RSA_WITH_AES_128_SHA,
229      TLS1_RFC_RSA_WITH_AES_128_SHA,
230      TLS1_CK_RSA_WITH_AES_128_SHA,
231      SSL_kRSA,
232      SSL_aRSA,
233      SSL_AES128,
234      SSL_SHA1,
235      SSL3_VERSION, TLS1_2_VERSION,
236      DTLS1_BAD_VER, DTLS1_2_VERSION,
237      SSL_HIGH | SSL_FIPS,
238      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239      128,
240      128,
241      },
242     {
243      1,
244      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
245      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
246      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
247      SSL_kDHE,
248      SSL_aDSS,
249      SSL_AES128,
250      SSL_SHA1,
251      SSL3_VERSION, TLS1_2_VERSION,
252      DTLS1_BAD_VER, DTLS1_2_VERSION,
253      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
254      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255      128,
256      128,
257      },
258     {
259      1,
260      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
261      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
262      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
263      SSL_kDHE,
264      SSL_aRSA,
265      SSL_AES128,
266      SSL_SHA1,
267      SSL3_VERSION, TLS1_2_VERSION,
268      DTLS1_BAD_VER, DTLS1_2_VERSION,
269      SSL_HIGH | SSL_FIPS,
270      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271      128,
272      128,
273      },
274     {
275      1,
276      TLS1_TXT_ADH_WITH_AES_128_SHA,
277      TLS1_RFC_ADH_WITH_AES_128_SHA,
278      TLS1_CK_ADH_WITH_AES_128_SHA,
279      SSL_kDHE,
280      SSL_aNULL,
281      SSL_AES128,
282      SSL_SHA1,
283      SSL3_VERSION, TLS1_2_VERSION,
284      DTLS1_BAD_VER, DTLS1_2_VERSION,
285      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
286      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287      128,
288      128,
289      },
290     {
291      1,
292      TLS1_TXT_RSA_WITH_AES_256_SHA,
293      TLS1_RFC_RSA_WITH_AES_256_SHA,
294      TLS1_CK_RSA_WITH_AES_256_SHA,
295      SSL_kRSA,
296      SSL_aRSA,
297      SSL_AES256,
298      SSL_SHA1,
299      SSL3_VERSION, TLS1_2_VERSION,
300      DTLS1_BAD_VER, DTLS1_2_VERSION,
301      SSL_HIGH | SSL_FIPS,
302      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303      256,
304      256,
305      },
306     {
307      1,
308      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
309      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
310      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
311      SSL_kDHE,
312      SSL_aDSS,
313      SSL_AES256,
314      SSL_SHA1,
315      SSL3_VERSION, TLS1_2_VERSION,
316      DTLS1_BAD_VER, DTLS1_2_VERSION,
317      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
318      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319      256,
320      256,
321      },
322     {
323      1,
324      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
325      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
326      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
327      SSL_kDHE,
328      SSL_aRSA,
329      SSL_AES256,
330      SSL_SHA1,
331      SSL3_VERSION, TLS1_2_VERSION,
332      DTLS1_BAD_VER, DTLS1_2_VERSION,
333      SSL_HIGH | SSL_FIPS,
334      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335      256,
336      256,
337      },
338     {
339      1,
340      TLS1_TXT_ADH_WITH_AES_256_SHA,
341      TLS1_RFC_ADH_WITH_AES_256_SHA,
342      TLS1_CK_ADH_WITH_AES_256_SHA,
343      SSL_kDHE,
344      SSL_aNULL,
345      SSL_AES256,
346      SSL_SHA1,
347      SSL3_VERSION, TLS1_2_VERSION,
348      DTLS1_BAD_VER, DTLS1_2_VERSION,
349      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
350      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351      256,
352      256,
353      },
354     {
355      1,
356      TLS1_TXT_RSA_WITH_NULL_SHA256,
357      TLS1_RFC_RSA_WITH_NULL_SHA256,
358      TLS1_CK_RSA_WITH_NULL_SHA256,
359      SSL_kRSA,
360      SSL_aRSA,
361      SSL_eNULL,
362      SSL_SHA256,
363      TLS1_2_VERSION, TLS1_2_VERSION,
364      DTLS1_2_VERSION, DTLS1_2_VERSION,
365      SSL_STRONG_NONE | SSL_FIPS,
366      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367      0,
368      0,
369      },
370     {
371      1,
372      TLS1_TXT_RSA_WITH_AES_128_SHA256,
373      TLS1_RFC_RSA_WITH_AES_128_SHA256,
374      TLS1_CK_RSA_WITH_AES_128_SHA256,
375      SSL_kRSA,
376      SSL_aRSA,
377      SSL_AES128,
378      SSL_SHA256,
379      TLS1_2_VERSION, TLS1_2_VERSION,
380      DTLS1_2_VERSION, DTLS1_2_VERSION,
381      SSL_HIGH | SSL_FIPS,
382      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383      128,
384      128,
385      },
386     {
387      1,
388      TLS1_TXT_RSA_WITH_AES_256_SHA256,
389      TLS1_RFC_RSA_WITH_AES_256_SHA256,
390      TLS1_CK_RSA_WITH_AES_256_SHA256,
391      SSL_kRSA,
392      SSL_aRSA,
393      SSL_AES256,
394      SSL_SHA256,
395      TLS1_2_VERSION, TLS1_2_VERSION,
396      DTLS1_2_VERSION, DTLS1_2_VERSION,
397      SSL_HIGH | SSL_FIPS,
398      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399      256,
400      256,
401      },
402     {
403      1,
404      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
405      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
406      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
407      SSL_kDHE,
408      SSL_aDSS,
409      SSL_AES128,
410      SSL_SHA256,
411      TLS1_2_VERSION, TLS1_2_VERSION,
412      DTLS1_2_VERSION, DTLS1_2_VERSION,
413      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
414      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415      128,
416      128,
417      },
418     {
419      1,
420      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
421      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
422      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
423      SSL_kDHE,
424      SSL_aRSA,
425      SSL_AES128,
426      SSL_SHA256,
427      TLS1_2_VERSION, TLS1_2_VERSION,
428      DTLS1_2_VERSION, DTLS1_2_VERSION,
429      SSL_HIGH | SSL_FIPS,
430      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
431      128,
432      128,
433      },
434     {
435      1,
436      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
437      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
438      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
439      SSL_kDHE,
440      SSL_aDSS,
441      SSL_AES256,
442      SSL_SHA256,
443      TLS1_2_VERSION, TLS1_2_VERSION,
444      DTLS1_2_VERSION, DTLS1_2_VERSION,
445      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
446      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
447      256,
448      256,
449      },
450     {
451      1,
452      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
453      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
454      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
455      SSL_kDHE,
456      SSL_aRSA,
457      SSL_AES256,
458      SSL_SHA256,
459      TLS1_2_VERSION, TLS1_2_VERSION,
460      DTLS1_2_VERSION, DTLS1_2_VERSION,
461      SSL_HIGH | SSL_FIPS,
462      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
463      256,
464      256,
465      },
466     {
467      1,
468      TLS1_TXT_ADH_WITH_AES_128_SHA256,
469      TLS1_RFC_ADH_WITH_AES_128_SHA256,
470      TLS1_CK_ADH_WITH_AES_128_SHA256,
471      SSL_kDHE,
472      SSL_aNULL,
473      SSL_AES128,
474      SSL_SHA256,
475      TLS1_2_VERSION, TLS1_2_VERSION,
476      DTLS1_2_VERSION, DTLS1_2_VERSION,
477      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
478      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
479      128,
480      128,
481      },
482     {
483      1,
484      TLS1_TXT_ADH_WITH_AES_256_SHA256,
485      TLS1_RFC_ADH_WITH_AES_256_SHA256,
486      TLS1_CK_ADH_WITH_AES_256_SHA256,
487      SSL_kDHE,
488      SSL_aNULL,
489      SSL_AES256,
490      SSL_SHA256,
491      TLS1_2_VERSION, TLS1_2_VERSION,
492      DTLS1_2_VERSION, DTLS1_2_VERSION,
493      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
494      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
495      256,
496      256,
497      },
498     {
499      1,
500      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
501      TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
502      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
503      SSL_kRSA,
504      SSL_aRSA,
505      SSL_AES128GCM,
506      SSL_AEAD,
507      TLS1_2_VERSION, TLS1_2_VERSION,
508      DTLS1_2_VERSION, DTLS1_2_VERSION,
509      SSL_HIGH | SSL_FIPS,
510      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
511      128,
512      128,
513      },
514     {
515      1,
516      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
517      TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
518      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
519      SSL_kRSA,
520      SSL_aRSA,
521      SSL_AES256GCM,
522      SSL_AEAD,
523      TLS1_2_VERSION, TLS1_2_VERSION,
524      DTLS1_2_VERSION, DTLS1_2_VERSION,
525      SSL_HIGH | SSL_FIPS,
526      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
527      256,
528      256,
529      },
530     {
531      1,
532      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
533      TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
534      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
535      SSL_kDHE,
536      SSL_aRSA,
537      SSL_AES128GCM,
538      SSL_AEAD,
539      TLS1_2_VERSION, TLS1_2_VERSION,
540      DTLS1_2_VERSION, DTLS1_2_VERSION,
541      SSL_HIGH | SSL_FIPS,
542      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
543      128,
544      128,
545      },
546     {
547      1,
548      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
549      TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
550      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
551      SSL_kDHE,
552      SSL_aRSA,
553      SSL_AES256GCM,
554      SSL_AEAD,
555      TLS1_2_VERSION, TLS1_2_VERSION,
556      DTLS1_2_VERSION, DTLS1_2_VERSION,
557      SSL_HIGH | SSL_FIPS,
558      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
559      256,
560      256,
561      },
562     {
563      1,
564      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
565      TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
566      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
567      SSL_kDHE,
568      SSL_aDSS,
569      SSL_AES128GCM,
570      SSL_AEAD,
571      TLS1_2_VERSION, TLS1_2_VERSION,
572      DTLS1_2_VERSION, DTLS1_2_VERSION,
573      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
574      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575      128,
576      128,
577      },
578     {
579      1,
580      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
581      TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
582      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
583      SSL_kDHE,
584      SSL_aDSS,
585      SSL_AES256GCM,
586      SSL_AEAD,
587      TLS1_2_VERSION, TLS1_2_VERSION,
588      DTLS1_2_VERSION, DTLS1_2_VERSION,
589      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
590      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
591      256,
592      256,
593      },
594     {
595      1,
596      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
597      TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
598      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
599      SSL_kDHE,
600      SSL_aNULL,
601      SSL_AES128GCM,
602      SSL_AEAD,
603      TLS1_2_VERSION, TLS1_2_VERSION,
604      DTLS1_2_VERSION, DTLS1_2_VERSION,
605      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
606      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607      128,
608      128,
609      },
610     {
611      1,
612      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
613      TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
614      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
615      SSL_kDHE,
616      SSL_aNULL,
617      SSL_AES256GCM,
618      SSL_AEAD,
619      TLS1_2_VERSION, TLS1_2_VERSION,
620      DTLS1_2_VERSION, DTLS1_2_VERSION,
621      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
622      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
623      256,
624      256,
625      },
626     {
627      1,
628      TLS1_TXT_RSA_WITH_AES_128_CCM,
629      TLS1_RFC_RSA_WITH_AES_128_CCM,
630      TLS1_CK_RSA_WITH_AES_128_CCM,
631      SSL_kRSA,
632      SSL_aRSA,
633      SSL_AES128CCM,
634      SSL_AEAD,
635      TLS1_2_VERSION, TLS1_2_VERSION,
636      DTLS1_2_VERSION, DTLS1_2_VERSION,
637      SSL_NOT_DEFAULT | SSL_HIGH,
638      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639      128,
640      128,
641      },
642     {
643      1,
644      TLS1_TXT_RSA_WITH_AES_256_CCM,
645      TLS1_RFC_RSA_WITH_AES_256_CCM,
646      TLS1_CK_RSA_WITH_AES_256_CCM,
647      SSL_kRSA,
648      SSL_aRSA,
649      SSL_AES256CCM,
650      SSL_AEAD,
651      TLS1_2_VERSION, TLS1_2_VERSION,
652      DTLS1_2_VERSION, DTLS1_2_VERSION,
653      SSL_NOT_DEFAULT | SSL_HIGH,
654      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655      256,
656      256,
657      },
658     {
659      1,
660      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
661      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
662      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
663      SSL_kDHE,
664      SSL_aRSA,
665      SSL_AES128CCM,
666      SSL_AEAD,
667      TLS1_2_VERSION, TLS1_2_VERSION,
668      DTLS1_2_VERSION, DTLS1_2_VERSION,
669      SSL_NOT_DEFAULT | SSL_HIGH,
670      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671      128,
672      128,
673      },
674     {
675      1,
676      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
677      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
678      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
679      SSL_kDHE,
680      SSL_aRSA,
681      SSL_AES256CCM,
682      SSL_AEAD,
683      TLS1_2_VERSION, TLS1_2_VERSION,
684      DTLS1_2_VERSION, DTLS1_2_VERSION,
685      SSL_NOT_DEFAULT | SSL_HIGH,
686      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687      256,
688      256,
689      },
690     {
691      1,
692      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
693      TLS1_RFC_RSA_WITH_AES_128_CCM_8,
694      TLS1_CK_RSA_WITH_AES_128_CCM_8,
695      SSL_kRSA,
696      SSL_aRSA,
697      SSL_AES128CCM8,
698      SSL_AEAD,
699      TLS1_2_VERSION, TLS1_2_VERSION,
700      DTLS1_2_VERSION, DTLS1_2_VERSION,
701      SSL_NOT_DEFAULT | SSL_HIGH,
702      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703      128,
704      128,
705      },
706     {
707      1,
708      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
709      TLS1_RFC_RSA_WITH_AES_256_CCM_8,
710      TLS1_CK_RSA_WITH_AES_256_CCM_8,
711      SSL_kRSA,
712      SSL_aRSA,
713      SSL_AES256CCM8,
714      SSL_AEAD,
715      TLS1_2_VERSION, TLS1_2_VERSION,
716      DTLS1_2_VERSION, DTLS1_2_VERSION,
717      SSL_NOT_DEFAULT | SSL_HIGH,
718      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719      256,
720      256,
721      },
722     {
723      1,
724      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
725      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
726      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
727      SSL_kDHE,
728      SSL_aRSA,
729      SSL_AES128CCM8,
730      SSL_AEAD,
731      TLS1_2_VERSION, TLS1_2_VERSION,
732      DTLS1_2_VERSION, DTLS1_2_VERSION,
733      SSL_NOT_DEFAULT | SSL_HIGH,
734      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735      128,
736      128,
737      },
738     {
739      1,
740      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
741      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
742      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
743      SSL_kDHE,
744      SSL_aRSA,
745      SSL_AES256CCM8,
746      SSL_AEAD,
747      TLS1_2_VERSION, TLS1_2_VERSION,
748      DTLS1_2_VERSION, DTLS1_2_VERSION,
749      SSL_NOT_DEFAULT | SSL_HIGH,
750      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751      256,
752      256,
753      },
754     {
755      1,
756      TLS1_TXT_PSK_WITH_AES_128_CCM,
757      TLS1_RFC_PSK_WITH_AES_128_CCM,
758      TLS1_CK_PSK_WITH_AES_128_CCM,
759      SSL_kPSK,
760      SSL_aPSK,
761      SSL_AES128CCM,
762      SSL_AEAD,
763      TLS1_2_VERSION, TLS1_2_VERSION,
764      DTLS1_2_VERSION, DTLS1_2_VERSION,
765      SSL_NOT_DEFAULT | SSL_HIGH,
766      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767      128,
768      128,
769      },
770     {
771      1,
772      TLS1_TXT_PSK_WITH_AES_256_CCM,
773      TLS1_RFC_PSK_WITH_AES_256_CCM,
774      TLS1_CK_PSK_WITH_AES_256_CCM,
775      SSL_kPSK,
776      SSL_aPSK,
777      SSL_AES256CCM,
778      SSL_AEAD,
779      TLS1_2_VERSION, TLS1_2_VERSION,
780      DTLS1_2_VERSION, DTLS1_2_VERSION,
781      SSL_NOT_DEFAULT | SSL_HIGH,
782      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783      256,
784      256,
785      },
786     {
787      1,
788      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
789      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
790      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
791      SSL_kDHEPSK,
792      SSL_aPSK,
793      SSL_AES128CCM,
794      SSL_AEAD,
795      TLS1_2_VERSION, TLS1_2_VERSION,
796      DTLS1_2_VERSION, DTLS1_2_VERSION,
797      SSL_NOT_DEFAULT | SSL_HIGH,
798      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799      128,
800      128,
801      },
802     {
803      1,
804      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
805      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
806      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
807      SSL_kDHEPSK,
808      SSL_aPSK,
809      SSL_AES256CCM,
810      SSL_AEAD,
811      TLS1_2_VERSION, TLS1_2_VERSION,
812      DTLS1_2_VERSION, DTLS1_2_VERSION,
813      SSL_NOT_DEFAULT | SSL_HIGH,
814      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815      256,
816      256,
817      },
818     {
819      1,
820      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
821      TLS1_RFC_PSK_WITH_AES_128_CCM_8,
822      TLS1_CK_PSK_WITH_AES_128_CCM_8,
823      SSL_kPSK,
824      SSL_aPSK,
825      SSL_AES128CCM8,
826      SSL_AEAD,
827      TLS1_2_VERSION, TLS1_2_VERSION,
828      DTLS1_2_VERSION, DTLS1_2_VERSION,
829      SSL_NOT_DEFAULT | SSL_HIGH,
830      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831      128,
832      128,
833      },
834     {
835      1,
836      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
837      TLS1_RFC_PSK_WITH_AES_256_CCM_8,
838      TLS1_CK_PSK_WITH_AES_256_CCM_8,
839      SSL_kPSK,
840      SSL_aPSK,
841      SSL_AES256CCM8,
842      SSL_AEAD,
843      TLS1_2_VERSION, TLS1_2_VERSION,
844      DTLS1_2_VERSION, DTLS1_2_VERSION,
845      SSL_NOT_DEFAULT | SSL_HIGH,
846      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847      256,
848      256,
849      },
850     {
851      1,
852      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
853      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
854      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
855      SSL_kDHEPSK,
856      SSL_aPSK,
857      SSL_AES128CCM8,
858      SSL_AEAD,
859      TLS1_2_VERSION, TLS1_2_VERSION,
860      DTLS1_2_VERSION, DTLS1_2_VERSION,
861      SSL_NOT_DEFAULT | SSL_HIGH,
862      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863      128,
864      128,
865      },
866     {
867      1,
868      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
869      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
870      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
871      SSL_kDHEPSK,
872      SSL_aPSK,
873      SSL_AES256CCM8,
874      SSL_AEAD,
875      TLS1_2_VERSION, TLS1_2_VERSION,
876      DTLS1_2_VERSION, DTLS1_2_VERSION,
877      SSL_NOT_DEFAULT | SSL_HIGH,
878      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
879      256,
880      256,
881      },
882     {
883      1,
884      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
885      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
886      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
887      SSL_kECDHE,
888      SSL_aECDSA,
889      SSL_AES128CCM,
890      SSL_AEAD,
891      TLS1_2_VERSION, TLS1_2_VERSION,
892      DTLS1_2_VERSION, DTLS1_2_VERSION,
893      SSL_NOT_DEFAULT | SSL_HIGH,
894      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
895      128,
896      128,
897      },
898     {
899      1,
900      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
901      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
902      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
903      SSL_kECDHE,
904      SSL_aECDSA,
905      SSL_AES256CCM,
906      SSL_AEAD,
907      TLS1_2_VERSION, TLS1_2_VERSION,
908      DTLS1_2_VERSION, DTLS1_2_VERSION,
909      SSL_NOT_DEFAULT | SSL_HIGH,
910      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
911      256,
912      256,
913      },
914     {
915      1,
916      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
917      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919      SSL_kECDHE,
920      SSL_aECDSA,
921      SSL_AES128CCM8,
922      SSL_AEAD,
923      TLS1_2_VERSION, TLS1_2_VERSION,
924      DTLS1_2_VERSION, DTLS1_2_VERSION,
925      SSL_NOT_DEFAULT | SSL_HIGH,
926      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
927      128,
928      128,
929      },
930     {
931      1,
932      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
933      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935      SSL_kECDHE,
936      SSL_aECDSA,
937      SSL_AES256CCM8,
938      SSL_AEAD,
939      TLS1_2_VERSION, TLS1_2_VERSION,
940      DTLS1_2_VERSION, DTLS1_2_VERSION,
941      SSL_NOT_DEFAULT | SSL_HIGH,
942      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
943      256,
944      256,
945      },
946     {
947      1,
948      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
949      TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
950      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
951      SSL_kECDHE,
952      SSL_aECDSA,
953      SSL_eNULL,
954      SSL_SHA1,
955      TLS1_VERSION, TLS1_2_VERSION,
956      DTLS1_BAD_VER, DTLS1_2_VERSION,
957      SSL_STRONG_NONE | SSL_FIPS,
958      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959      0,
960      0,
961      },
962 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
963     {
964      1,
965      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966      TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968      SSL_kECDHE,
969      SSL_aECDSA,
970      SSL_3DES,
971      SSL_SHA1,
972      TLS1_VERSION, TLS1_2_VERSION,
973      DTLS1_BAD_VER, DTLS1_2_VERSION,
974      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
975      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
976      112,
977      168,
978      },
979 # endif
980     {
981      1,
982      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985      SSL_kECDHE,
986      SSL_aECDSA,
987      SSL_AES128,
988      SSL_SHA1,
989      TLS1_VERSION, TLS1_2_VERSION,
990      DTLS1_BAD_VER, DTLS1_2_VERSION,
991      SSL_HIGH | SSL_FIPS,
992      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
993      128,
994      128,
995      },
996     {
997      1,
998      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001      SSL_kECDHE,
1002      SSL_aECDSA,
1003      SSL_AES256,
1004      SSL_SHA1,
1005      TLS1_VERSION, TLS1_2_VERSION,
1006      DTLS1_BAD_VER, DTLS1_2_VERSION,
1007      SSL_HIGH | SSL_FIPS,
1008      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1009      256,
1010      256,
1011      },
1012     {
1013      1,
1014      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1015      TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1016      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1017      SSL_kECDHE,
1018      SSL_aRSA,
1019      SSL_eNULL,
1020      SSL_SHA1,
1021      TLS1_VERSION, TLS1_2_VERSION,
1022      DTLS1_BAD_VER, DTLS1_2_VERSION,
1023      SSL_STRONG_NONE | SSL_FIPS,
1024      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1025      0,
1026      0,
1027      },
1028 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1029     {
1030      1,
1031      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032      TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034      SSL_kECDHE,
1035      SSL_aRSA,
1036      SSL_3DES,
1037      SSL_SHA1,
1038      TLS1_VERSION, TLS1_2_VERSION,
1039      DTLS1_BAD_VER, DTLS1_2_VERSION,
1040      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1041      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1042      112,
1043      168,
1044      },
1045 # endif
1046     {
1047      1,
1048      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049      TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051      SSL_kECDHE,
1052      SSL_aRSA,
1053      SSL_AES128,
1054      SSL_SHA1,
1055      TLS1_VERSION, TLS1_2_VERSION,
1056      DTLS1_BAD_VER, DTLS1_2_VERSION,
1057      SSL_HIGH | SSL_FIPS,
1058      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1059      128,
1060      128,
1061      },
1062     {
1063      1,
1064      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065      TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067      SSL_kECDHE,
1068      SSL_aRSA,
1069      SSL_AES256,
1070      SSL_SHA1,
1071      TLS1_VERSION, TLS1_2_VERSION,
1072      DTLS1_BAD_VER, DTLS1_2_VERSION,
1073      SSL_HIGH | SSL_FIPS,
1074      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1075      256,
1076      256,
1077      },
1078     {
1079      1,
1080      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1081      TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1082      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1083      SSL_kECDHE,
1084      SSL_aNULL,
1085      SSL_eNULL,
1086      SSL_SHA1,
1087      TLS1_VERSION, TLS1_2_VERSION,
1088      DTLS1_BAD_VER, DTLS1_2_VERSION,
1089      SSL_STRONG_NONE | SSL_FIPS,
1090      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1091      0,
1092      0,
1093      },
1094 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1095     {
1096      1,
1097      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098      TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100      SSL_kECDHE,
1101      SSL_aNULL,
1102      SSL_3DES,
1103      SSL_SHA1,
1104      TLS1_VERSION, TLS1_2_VERSION,
1105      DTLS1_BAD_VER, DTLS1_2_VERSION,
1106      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1107      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1108      112,
1109      168,
1110      },
1111 # endif
1112     {
1113      1,
1114      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1115      TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1116      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1117      SSL_kECDHE,
1118      SSL_aNULL,
1119      SSL_AES128,
1120      SSL_SHA1,
1121      TLS1_VERSION, TLS1_2_VERSION,
1122      DTLS1_BAD_VER, DTLS1_2_VERSION,
1123      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1124      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1125      128,
1126      128,
1127      },
1128     {
1129      1,
1130      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1131      TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1132      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1133      SSL_kECDHE,
1134      SSL_aNULL,
1135      SSL_AES256,
1136      SSL_SHA1,
1137      TLS1_VERSION, TLS1_2_VERSION,
1138      DTLS1_BAD_VER, DTLS1_2_VERSION,
1139      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1140      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1141      256,
1142      256,
1143      },
1144     {
1145      1,
1146      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149      SSL_kECDHE,
1150      SSL_aECDSA,
1151      SSL_AES128,
1152      SSL_SHA256,
1153      TLS1_2_VERSION, TLS1_2_VERSION,
1154      DTLS1_2_VERSION, DTLS1_2_VERSION,
1155      SSL_HIGH | SSL_FIPS,
1156      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1157      128,
1158      128,
1159      },
1160     {
1161      1,
1162      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165      SSL_kECDHE,
1166      SSL_aECDSA,
1167      SSL_AES256,
1168      SSL_SHA384,
1169      TLS1_2_VERSION, TLS1_2_VERSION,
1170      DTLS1_2_VERSION, DTLS1_2_VERSION,
1171      SSL_HIGH | SSL_FIPS,
1172      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1173      256,
1174      256,
1175      },
1176     {
1177      1,
1178      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1179      TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1180      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1181      SSL_kECDHE,
1182      SSL_aRSA,
1183      SSL_AES128,
1184      SSL_SHA256,
1185      TLS1_2_VERSION, TLS1_2_VERSION,
1186      DTLS1_2_VERSION, DTLS1_2_VERSION,
1187      SSL_HIGH | SSL_FIPS,
1188      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1189      128,
1190      128,
1191      },
1192     {
1193      1,
1194      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1195      TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1196      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1197      SSL_kECDHE,
1198      SSL_aRSA,
1199      SSL_AES256,
1200      SSL_SHA384,
1201      TLS1_2_VERSION, TLS1_2_VERSION,
1202      DTLS1_2_VERSION, DTLS1_2_VERSION,
1203      SSL_HIGH | SSL_FIPS,
1204      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1205      256,
1206      256,
1207      },
1208     {
1209      1,
1210      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213      SSL_kECDHE,
1214      SSL_aECDSA,
1215      SSL_AES128GCM,
1216      SSL_AEAD,
1217      TLS1_2_VERSION, TLS1_2_VERSION,
1218      DTLS1_2_VERSION, DTLS1_2_VERSION,
1219      SSL_HIGH | SSL_FIPS,
1220      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1221      128,
1222      128,
1223      },
1224     {
1225      1,
1226      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229      SSL_kECDHE,
1230      SSL_aECDSA,
1231      SSL_AES256GCM,
1232      SSL_AEAD,
1233      TLS1_2_VERSION, TLS1_2_VERSION,
1234      DTLS1_2_VERSION, DTLS1_2_VERSION,
1235      SSL_HIGH | SSL_FIPS,
1236      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1237      256,
1238      256,
1239      },
1240     {
1241      1,
1242      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243      TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245      SSL_kECDHE,
1246      SSL_aRSA,
1247      SSL_AES128GCM,
1248      SSL_AEAD,
1249      TLS1_2_VERSION, TLS1_2_VERSION,
1250      DTLS1_2_VERSION, DTLS1_2_VERSION,
1251      SSL_HIGH | SSL_FIPS,
1252      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1253      128,
1254      128,
1255      },
1256     {
1257      1,
1258      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259      TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261      SSL_kECDHE,
1262      SSL_aRSA,
1263      SSL_AES256GCM,
1264      SSL_AEAD,
1265      TLS1_2_VERSION, TLS1_2_VERSION,
1266      DTLS1_2_VERSION, DTLS1_2_VERSION,
1267      SSL_HIGH | SSL_FIPS,
1268      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1269      256,
1270      256,
1271      },
1272     {
1273      1,
1274      TLS1_TXT_PSK_WITH_NULL_SHA,
1275      TLS1_RFC_PSK_WITH_NULL_SHA,
1276      TLS1_CK_PSK_WITH_NULL_SHA,
1277      SSL_kPSK,
1278      SSL_aPSK,
1279      SSL_eNULL,
1280      SSL_SHA1,
1281      SSL3_VERSION, TLS1_2_VERSION,
1282      DTLS1_BAD_VER, DTLS1_2_VERSION,
1283      SSL_STRONG_NONE | SSL_FIPS,
1284      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1285      0,
1286      0,
1287      },
1288     {
1289      1,
1290      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1291      TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1292      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1293      SSL_kDHEPSK,
1294      SSL_aPSK,
1295      SSL_eNULL,
1296      SSL_SHA1,
1297      SSL3_VERSION, TLS1_2_VERSION,
1298      DTLS1_BAD_VER, DTLS1_2_VERSION,
1299      SSL_STRONG_NONE | SSL_FIPS,
1300      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1301      0,
1302      0,
1303      },
1304     {
1305      1,
1306      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1307      TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1308      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1309      SSL_kRSAPSK,
1310      SSL_aRSA,
1311      SSL_eNULL,
1312      SSL_SHA1,
1313      SSL3_VERSION, TLS1_2_VERSION,
1314      DTLS1_BAD_VER, DTLS1_2_VERSION,
1315      SSL_STRONG_NONE | SSL_FIPS,
1316      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1317      0,
1318      0,
1319      },
1320 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1321     {
1322      1,
1323      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1324      TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1325      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1326      SSL_kPSK,
1327      SSL_aPSK,
1328      SSL_3DES,
1329      SSL_SHA1,
1330      SSL3_VERSION, TLS1_2_VERSION,
1331      DTLS1_BAD_VER, DTLS1_2_VERSION,
1332      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1333      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1334      112,
1335      168,
1336      },
1337 # endif
1338     {
1339      1,
1340      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1341      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1342      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1343      SSL_kPSK,
1344      SSL_aPSK,
1345      SSL_AES128,
1346      SSL_SHA1,
1347      SSL3_VERSION, TLS1_2_VERSION,
1348      DTLS1_BAD_VER, DTLS1_2_VERSION,
1349      SSL_HIGH | SSL_FIPS,
1350      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1351      128,
1352      128,
1353      },
1354     {
1355      1,
1356      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1357      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1358      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1359      SSL_kPSK,
1360      SSL_aPSK,
1361      SSL_AES256,
1362      SSL_SHA1,
1363      SSL3_VERSION, TLS1_2_VERSION,
1364      DTLS1_BAD_VER, DTLS1_2_VERSION,
1365      SSL_HIGH | SSL_FIPS,
1366      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1367      256,
1368      256,
1369      },
1370 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1371     {
1372      1,
1373      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1374      TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376      SSL_kDHEPSK,
1377      SSL_aPSK,
1378      SSL_3DES,
1379      SSL_SHA1,
1380      SSL3_VERSION, TLS1_2_VERSION,
1381      DTLS1_BAD_VER, DTLS1_2_VERSION,
1382      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1383      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1384      112,
1385      168,
1386      },
1387 # endif
1388     {
1389      1,
1390      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1391      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1392      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1393      SSL_kDHEPSK,
1394      SSL_aPSK,
1395      SSL_AES128,
1396      SSL_SHA1,
1397      SSL3_VERSION, TLS1_2_VERSION,
1398      DTLS1_BAD_VER, DTLS1_2_VERSION,
1399      SSL_HIGH | SSL_FIPS,
1400      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1401      128,
1402      128,
1403      },
1404     {
1405      1,
1406      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1407      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1408      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1409      SSL_kDHEPSK,
1410      SSL_aPSK,
1411      SSL_AES256,
1412      SSL_SHA1,
1413      SSL3_VERSION, TLS1_2_VERSION,
1414      DTLS1_BAD_VER, DTLS1_2_VERSION,
1415      SSL_HIGH | SSL_FIPS,
1416      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1417      256,
1418      256,
1419      },
1420 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1421     {
1422      1,
1423      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1424      TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426      SSL_kRSAPSK,
1427      SSL_aRSA,
1428      SSL_3DES,
1429      SSL_SHA1,
1430      SSL3_VERSION, TLS1_2_VERSION,
1431      DTLS1_BAD_VER, DTLS1_2_VERSION,
1432      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1433      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1434      112,
1435      168,
1436      },
1437 # endif
1438     {
1439      1,
1440      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1441      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1442      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1443      SSL_kRSAPSK,
1444      SSL_aRSA,
1445      SSL_AES128,
1446      SSL_SHA1,
1447      SSL3_VERSION, TLS1_2_VERSION,
1448      DTLS1_BAD_VER, DTLS1_2_VERSION,
1449      SSL_HIGH | SSL_FIPS,
1450      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1451      128,
1452      128,
1453      },
1454     {
1455      1,
1456      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1457      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1458      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1459      SSL_kRSAPSK,
1460      SSL_aRSA,
1461      SSL_AES256,
1462      SSL_SHA1,
1463      SSL3_VERSION, TLS1_2_VERSION,
1464      DTLS1_BAD_VER, DTLS1_2_VERSION,
1465      SSL_HIGH | SSL_FIPS,
1466      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1467      256,
1468      256,
1469      },
1470     {
1471      1,
1472      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1473      TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1474      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1475      SSL_kPSK,
1476      SSL_aPSK,
1477      SSL_AES128GCM,
1478      SSL_AEAD,
1479      TLS1_2_VERSION, TLS1_2_VERSION,
1480      DTLS1_2_VERSION, DTLS1_2_VERSION,
1481      SSL_HIGH | SSL_FIPS,
1482      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1483      128,
1484      128,
1485      },
1486     {
1487      1,
1488      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1489      TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1490      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1491      SSL_kPSK,
1492      SSL_aPSK,
1493      SSL_AES256GCM,
1494      SSL_AEAD,
1495      TLS1_2_VERSION, TLS1_2_VERSION,
1496      DTLS1_2_VERSION, DTLS1_2_VERSION,
1497      SSL_HIGH | SSL_FIPS,
1498      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1499      256,
1500      256,
1501      },
1502     {
1503      1,
1504      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1505      TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507      SSL_kDHEPSK,
1508      SSL_aPSK,
1509      SSL_AES128GCM,
1510      SSL_AEAD,
1511      TLS1_2_VERSION, TLS1_2_VERSION,
1512      DTLS1_2_VERSION, DTLS1_2_VERSION,
1513      SSL_HIGH | SSL_FIPS,
1514      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1515      128,
1516      128,
1517      },
1518     {
1519      1,
1520      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1521      TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523      SSL_kDHEPSK,
1524      SSL_aPSK,
1525      SSL_AES256GCM,
1526      SSL_AEAD,
1527      TLS1_2_VERSION, TLS1_2_VERSION,
1528      DTLS1_2_VERSION, DTLS1_2_VERSION,
1529      SSL_HIGH | SSL_FIPS,
1530      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1531      256,
1532      256,
1533      },
1534     {
1535      1,
1536      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1537      TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539      SSL_kRSAPSK,
1540      SSL_aRSA,
1541      SSL_AES128GCM,
1542      SSL_AEAD,
1543      TLS1_2_VERSION, TLS1_2_VERSION,
1544      DTLS1_2_VERSION, DTLS1_2_VERSION,
1545      SSL_HIGH | SSL_FIPS,
1546      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1547      128,
1548      128,
1549      },
1550     {
1551      1,
1552      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1553      TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555      SSL_kRSAPSK,
1556      SSL_aRSA,
1557      SSL_AES256GCM,
1558      SSL_AEAD,
1559      TLS1_2_VERSION, TLS1_2_VERSION,
1560      DTLS1_2_VERSION, DTLS1_2_VERSION,
1561      SSL_HIGH | SSL_FIPS,
1562      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1563      256,
1564      256,
1565      },
1566     {
1567      1,
1568      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1569      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1570      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1571      SSL_kPSK,
1572      SSL_aPSK,
1573      SSL_AES128,
1574      SSL_SHA256,
1575      TLS1_VERSION, TLS1_2_VERSION,
1576      DTLS1_BAD_VER, DTLS1_2_VERSION,
1577      SSL_HIGH | SSL_FIPS,
1578      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1579      128,
1580      128,
1581      },
1582     {
1583      1,
1584      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1585      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1586      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1587      SSL_kPSK,
1588      SSL_aPSK,
1589      SSL_AES256,
1590      SSL_SHA384,
1591      TLS1_VERSION, TLS1_2_VERSION,
1592      DTLS1_BAD_VER, DTLS1_2_VERSION,
1593      SSL_HIGH | SSL_FIPS,
1594      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1595      256,
1596      256,
1597      },
1598     {
1599      1,
1600      TLS1_TXT_PSK_WITH_NULL_SHA256,
1601      TLS1_RFC_PSK_WITH_NULL_SHA256,
1602      TLS1_CK_PSK_WITH_NULL_SHA256,
1603      SSL_kPSK,
1604      SSL_aPSK,
1605      SSL_eNULL,
1606      SSL_SHA256,
1607      TLS1_VERSION, TLS1_2_VERSION,
1608      DTLS1_BAD_VER, DTLS1_2_VERSION,
1609      SSL_STRONG_NONE | SSL_FIPS,
1610      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1611      0,
1612      0,
1613      },
1614     {
1615      1,
1616      TLS1_TXT_PSK_WITH_NULL_SHA384,
1617      TLS1_RFC_PSK_WITH_NULL_SHA384,
1618      TLS1_CK_PSK_WITH_NULL_SHA384,
1619      SSL_kPSK,
1620      SSL_aPSK,
1621      SSL_eNULL,
1622      SSL_SHA384,
1623      TLS1_VERSION, TLS1_2_VERSION,
1624      DTLS1_BAD_VER, DTLS1_2_VERSION,
1625      SSL_STRONG_NONE | SSL_FIPS,
1626      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1627      0,
1628      0,
1629      },
1630     {
1631      1,
1632      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1633      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635      SSL_kDHEPSK,
1636      SSL_aPSK,
1637      SSL_AES128,
1638      SSL_SHA256,
1639      TLS1_VERSION, TLS1_2_VERSION,
1640      DTLS1_BAD_VER, DTLS1_2_VERSION,
1641      SSL_HIGH | SSL_FIPS,
1642      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1643      128,
1644      128,
1645      },
1646     {
1647      1,
1648      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1649      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651      SSL_kDHEPSK,
1652      SSL_aPSK,
1653      SSL_AES256,
1654      SSL_SHA384,
1655      TLS1_VERSION, TLS1_2_VERSION,
1656      DTLS1_BAD_VER, DTLS1_2_VERSION,
1657      SSL_HIGH | SSL_FIPS,
1658      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1659      256,
1660      256,
1661      },
1662     {
1663      1,
1664      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1665      TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1666      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1667      SSL_kDHEPSK,
1668      SSL_aPSK,
1669      SSL_eNULL,
1670      SSL_SHA256,
1671      TLS1_VERSION, TLS1_2_VERSION,
1672      DTLS1_BAD_VER, DTLS1_2_VERSION,
1673      SSL_STRONG_NONE | SSL_FIPS,
1674      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1675      0,
1676      0,
1677      },
1678     {
1679      1,
1680      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1681      TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1682      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1683      SSL_kDHEPSK,
1684      SSL_aPSK,
1685      SSL_eNULL,
1686      SSL_SHA384,
1687      TLS1_VERSION, TLS1_2_VERSION,
1688      DTLS1_BAD_VER, DTLS1_2_VERSION,
1689      SSL_STRONG_NONE | SSL_FIPS,
1690      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1691      0,
1692      0,
1693      },
1694     {
1695      1,
1696      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1697      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699      SSL_kRSAPSK,
1700      SSL_aRSA,
1701      SSL_AES128,
1702      SSL_SHA256,
1703      TLS1_VERSION, TLS1_2_VERSION,
1704      DTLS1_BAD_VER, DTLS1_2_VERSION,
1705      SSL_HIGH | SSL_FIPS,
1706      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1707      128,
1708      128,
1709      },
1710     {
1711      1,
1712      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1713      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715      SSL_kRSAPSK,
1716      SSL_aRSA,
1717      SSL_AES256,
1718      SSL_SHA384,
1719      TLS1_VERSION, TLS1_2_VERSION,
1720      DTLS1_BAD_VER, DTLS1_2_VERSION,
1721      SSL_HIGH | SSL_FIPS,
1722      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1723      256,
1724      256,
1725      },
1726     {
1727      1,
1728      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1729      TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1730      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1731      SSL_kRSAPSK,
1732      SSL_aRSA,
1733      SSL_eNULL,
1734      SSL_SHA256,
1735      TLS1_VERSION, TLS1_2_VERSION,
1736      DTLS1_BAD_VER, DTLS1_2_VERSION,
1737      SSL_STRONG_NONE | SSL_FIPS,
1738      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1739      0,
1740      0,
1741      },
1742     {
1743      1,
1744      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1745      TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1746      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1747      SSL_kRSAPSK,
1748      SSL_aRSA,
1749      SSL_eNULL,
1750      SSL_SHA384,
1751      TLS1_VERSION, TLS1_2_VERSION,
1752      DTLS1_BAD_VER, DTLS1_2_VERSION,
1753      SSL_STRONG_NONE | SSL_FIPS,
1754      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1755      0,
1756      0,
1757      },
1758 #  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1759     {
1760      1,
1761      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1762      TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764      SSL_kECDHEPSK,
1765      SSL_aPSK,
1766      SSL_3DES,
1767      SSL_SHA1,
1768      TLS1_VERSION, TLS1_2_VERSION,
1769      DTLS1_BAD_VER, DTLS1_2_VERSION,
1770      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1771      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1772      112,
1773      168,
1774      },
1775 #  endif
1776     {
1777      1,
1778      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1779      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781      SSL_kECDHEPSK,
1782      SSL_aPSK,
1783      SSL_AES128,
1784      SSL_SHA1,
1785      TLS1_VERSION, TLS1_2_VERSION,
1786      DTLS1_BAD_VER, DTLS1_2_VERSION,
1787      SSL_HIGH | SSL_FIPS,
1788      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1789      128,
1790      128,
1791      },
1792     {
1793      1,
1794      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1795      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797      SSL_kECDHEPSK,
1798      SSL_aPSK,
1799      SSL_AES256,
1800      SSL_SHA1,
1801      TLS1_VERSION, TLS1_2_VERSION,
1802      DTLS1_BAD_VER, DTLS1_2_VERSION,
1803      SSL_HIGH | SSL_FIPS,
1804      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1805      256,
1806      256,
1807      },
1808     {
1809      1,
1810      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1811      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813      SSL_kECDHEPSK,
1814      SSL_aPSK,
1815      SSL_AES128,
1816      SSL_SHA256,
1817      TLS1_VERSION, TLS1_2_VERSION,
1818      DTLS1_BAD_VER, DTLS1_2_VERSION,
1819      SSL_HIGH | SSL_FIPS,
1820      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1821      128,
1822      128,
1823      },
1824     {
1825      1,
1826      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1827      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829      SSL_kECDHEPSK,
1830      SSL_aPSK,
1831      SSL_AES256,
1832      SSL_SHA384,
1833      TLS1_VERSION, TLS1_2_VERSION,
1834      DTLS1_BAD_VER, DTLS1_2_VERSION,
1835      SSL_HIGH | SSL_FIPS,
1836      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1837      256,
1838      256,
1839      },
1840     {
1841      1,
1842      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1843      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1844      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1845      SSL_kECDHEPSK,
1846      SSL_aPSK,
1847      SSL_eNULL,
1848      SSL_SHA1,
1849      TLS1_VERSION, TLS1_2_VERSION,
1850      DTLS1_BAD_VER, DTLS1_2_VERSION,
1851      SSL_STRONG_NONE | SSL_FIPS,
1852      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1853      0,
1854      0,
1855      },
1856     {
1857      1,
1858      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1859      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1860      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1861      SSL_kECDHEPSK,
1862      SSL_aPSK,
1863      SSL_eNULL,
1864      SSL_SHA256,
1865      TLS1_VERSION, TLS1_2_VERSION,
1866      DTLS1_BAD_VER, DTLS1_2_VERSION,
1867      SSL_STRONG_NONE | SSL_FIPS,
1868      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1869      0,
1870      0,
1871      },
1872     {
1873      1,
1874      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1875      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1876      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1877      SSL_kECDHEPSK,
1878      SSL_aPSK,
1879      SSL_eNULL,
1880      SSL_SHA384,
1881      TLS1_VERSION, TLS1_2_VERSION,
1882      DTLS1_BAD_VER, DTLS1_2_VERSION,
1883      SSL_STRONG_NONE | SSL_FIPS,
1884      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1885      0,
1886      0,
1887      },
1888 
1889 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1890     {
1891      1,
1892      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1893      TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895      SSL_kSRP,
1896      SSL_aSRP,
1897      SSL_3DES,
1898      SSL_SHA1,
1899      SSL3_VERSION, TLS1_2_VERSION,
1900      DTLS1_BAD_VER, DTLS1_2_VERSION,
1901      SSL_NOT_DEFAULT | SSL_MEDIUM,
1902      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1903      112,
1904      168,
1905      },
1906     {
1907      1,
1908      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1909      TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911      SSL_kSRP,
1912      SSL_aRSA,
1913      SSL_3DES,
1914      SSL_SHA1,
1915      SSL3_VERSION, TLS1_2_VERSION,
1916      DTLS1_BAD_VER, DTLS1_2_VERSION,
1917      SSL_NOT_DEFAULT | SSL_MEDIUM,
1918      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1919      112,
1920      168,
1921      },
1922     {
1923      1,
1924      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1925      TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927      SSL_kSRP,
1928      SSL_aDSS,
1929      SSL_3DES,
1930      SSL_SHA1,
1931      SSL3_VERSION, TLS1_2_VERSION,
1932      DTLS1_BAD_VER, DTLS1_2_VERSION,
1933      SSL_NOT_DEFAULT | SSL_MEDIUM,
1934      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1935      112,
1936      168,
1937      },
1938 # endif
1939     {
1940      1,
1941      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1942      TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1943      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1944      SSL_kSRP,
1945      SSL_aSRP,
1946      SSL_AES128,
1947      SSL_SHA1,
1948      SSL3_VERSION, TLS1_2_VERSION,
1949      DTLS1_BAD_VER, DTLS1_2_VERSION,
1950      SSL_HIGH,
1951      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1952      128,
1953      128,
1954      },
1955     {
1956      1,
1957      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1958      TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960      SSL_kSRP,
1961      SSL_aRSA,
1962      SSL_AES128,
1963      SSL_SHA1,
1964      SSL3_VERSION, TLS1_2_VERSION,
1965      DTLS1_BAD_VER, DTLS1_2_VERSION,
1966      SSL_HIGH,
1967      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1968      128,
1969      128,
1970      },
1971     {
1972      1,
1973      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1974      TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976      SSL_kSRP,
1977      SSL_aDSS,
1978      SSL_AES128,
1979      SSL_SHA1,
1980      SSL3_VERSION, TLS1_2_VERSION,
1981      DTLS1_BAD_VER, DTLS1_2_VERSION,
1982      SSL_NOT_DEFAULT | SSL_HIGH,
1983      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1984      128,
1985      128,
1986      },
1987     {
1988      1,
1989      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1990      TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1991      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1992      SSL_kSRP,
1993      SSL_aSRP,
1994      SSL_AES256,
1995      SSL_SHA1,
1996      SSL3_VERSION, TLS1_2_VERSION,
1997      DTLS1_BAD_VER, DTLS1_2_VERSION,
1998      SSL_HIGH,
1999      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2000      256,
2001      256,
2002      },
2003     {
2004      1,
2005      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2006      TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008      SSL_kSRP,
2009      SSL_aRSA,
2010      SSL_AES256,
2011      SSL_SHA1,
2012      SSL3_VERSION, TLS1_2_VERSION,
2013      DTLS1_BAD_VER, DTLS1_2_VERSION,
2014      SSL_HIGH,
2015      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2016      256,
2017      256,
2018      },
2019     {
2020      1,
2021      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2022      TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024      SSL_kSRP,
2025      SSL_aDSS,
2026      SSL_AES256,
2027      SSL_SHA1,
2028      SSL3_VERSION, TLS1_2_VERSION,
2029      DTLS1_BAD_VER, DTLS1_2_VERSION,
2030      SSL_NOT_DEFAULT | SSL_HIGH,
2031      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2032      256,
2033      256,
2034      },
2035 
2036 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2037     {
2038      1,
2039      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2040      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2041      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2042      SSL_kDHE,
2043      SSL_aRSA,
2044      SSL_CHACHA20POLY1305,
2045      SSL_AEAD,
2046      TLS1_2_VERSION, TLS1_2_VERSION,
2047      DTLS1_2_VERSION, DTLS1_2_VERSION,
2048      SSL_HIGH,
2049      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2050      256,
2051      256,
2052      },
2053     {
2054      1,
2055      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2056      TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058      SSL_kECDHE,
2059      SSL_aRSA,
2060      SSL_CHACHA20POLY1305,
2061      SSL_AEAD,
2062      TLS1_2_VERSION, TLS1_2_VERSION,
2063      DTLS1_2_VERSION, DTLS1_2_VERSION,
2064      SSL_HIGH,
2065      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2066      256,
2067      256,
2068      },
2069     {
2070      1,
2071      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2072      TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074      SSL_kECDHE,
2075      SSL_aECDSA,
2076      SSL_CHACHA20POLY1305,
2077      SSL_AEAD,
2078      TLS1_2_VERSION, TLS1_2_VERSION,
2079      DTLS1_2_VERSION, DTLS1_2_VERSION,
2080      SSL_HIGH,
2081      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082      256,
2083      256,
2084      },
2085     {
2086      1,
2087      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2088      TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2089      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2090      SSL_kPSK,
2091      SSL_aPSK,
2092      SSL_CHACHA20POLY1305,
2093      SSL_AEAD,
2094      TLS1_2_VERSION, TLS1_2_VERSION,
2095      DTLS1_2_VERSION, DTLS1_2_VERSION,
2096      SSL_HIGH,
2097      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2098      256,
2099      256,
2100      },
2101     {
2102      1,
2103      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2104      TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106      SSL_kECDHEPSK,
2107      SSL_aPSK,
2108      SSL_CHACHA20POLY1305,
2109      SSL_AEAD,
2110      TLS1_2_VERSION, TLS1_2_VERSION,
2111      DTLS1_2_VERSION, DTLS1_2_VERSION,
2112      SSL_HIGH,
2113      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2114      256,
2115      256,
2116      },
2117     {
2118      1,
2119      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2120      TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2121      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2122      SSL_kDHEPSK,
2123      SSL_aPSK,
2124      SSL_CHACHA20POLY1305,
2125      SSL_AEAD,
2126      TLS1_2_VERSION, TLS1_2_VERSION,
2127      DTLS1_2_VERSION, DTLS1_2_VERSION,
2128      SSL_HIGH,
2129      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2130      256,
2131      256,
2132      },
2133     {
2134      1,
2135      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2136      TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2137      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2138      SSL_kRSAPSK,
2139      SSL_aRSA,
2140      SSL_CHACHA20POLY1305,
2141      SSL_AEAD,
2142      TLS1_2_VERSION, TLS1_2_VERSION,
2143      DTLS1_2_VERSION, DTLS1_2_VERSION,
2144      SSL_HIGH,
2145      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2146      256,
2147      256,
2148      },
2149 #endif                          /* !defined(OPENSSL_NO_CHACHA) &&
2150                                  * !defined(OPENSSL_NO_POLY1305) */
2151 
2152 #ifndef OPENSSL_NO_CAMELLIA
2153     {
2154      1,
2155      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2156      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2157      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2158      SSL_kRSA,
2159      SSL_aRSA,
2160      SSL_CAMELLIA128,
2161      SSL_SHA256,
2162      TLS1_2_VERSION, TLS1_2_VERSION,
2163      DTLS1_2_VERSION, DTLS1_2_VERSION,
2164      SSL_NOT_DEFAULT | SSL_HIGH,
2165      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2166      128,
2167      128,
2168      },
2169     {
2170      1,
2171      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2172      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2173      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2174      SSL_kDHE,
2175      SSL_aDSS,
2176      SSL_CAMELLIA128,
2177      SSL_SHA256,
2178      TLS1_2_VERSION, TLS1_2_VERSION,
2179      DTLS1_2_VERSION, DTLS1_2_VERSION,
2180      SSL_NOT_DEFAULT | SSL_HIGH,
2181      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2182      128,
2183      128,
2184      },
2185     {
2186      1,
2187      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2188      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2189      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2190      SSL_kDHE,
2191      SSL_aRSA,
2192      SSL_CAMELLIA128,
2193      SSL_SHA256,
2194      TLS1_2_VERSION, TLS1_2_VERSION,
2195      DTLS1_2_VERSION, DTLS1_2_VERSION,
2196      SSL_NOT_DEFAULT | SSL_HIGH,
2197      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2198      128,
2199      128,
2200      },
2201     {
2202      1,
2203      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2204      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2205      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2206      SSL_kDHE,
2207      SSL_aNULL,
2208      SSL_CAMELLIA128,
2209      SSL_SHA256,
2210      TLS1_2_VERSION, TLS1_2_VERSION,
2211      DTLS1_2_VERSION, DTLS1_2_VERSION,
2212      SSL_NOT_DEFAULT | SSL_HIGH,
2213      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2214      128,
2215      128,
2216      },
2217     {
2218      1,
2219      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2220      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2221      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2222      SSL_kRSA,
2223      SSL_aRSA,
2224      SSL_CAMELLIA256,
2225      SSL_SHA256,
2226      TLS1_2_VERSION, TLS1_2_VERSION,
2227      DTLS1_2_VERSION, DTLS1_2_VERSION,
2228      SSL_NOT_DEFAULT | SSL_HIGH,
2229      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2230      256,
2231      256,
2232      },
2233     {
2234      1,
2235      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2236      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2237      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2238      SSL_kDHE,
2239      SSL_aDSS,
2240      SSL_CAMELLIA256,
2241      SSL_SHA256,
2242      TLS1_2_VERSION, TLS1_2_VERSION,
2243      DTLS1_2_VERSION, DTLS1_2_VERSION,
2244      SSL_NOT_DEFAULT | SSL_HIGH,
2245      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2246      256,
2247      256,
2248      },
2249     {
2250      1,
2251      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2252      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2253      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2254      SSL_kDHE,
2255      SSL_aRSA,
2256      SSL_CAMELLIA256,
2257      SSL_SHA256,
2258      TLS1_2_VERSION, TLS1_2_VERSION,
2259      DTLS1_2_VERSION, DTLS1_2_VERSION,
2260      SSL_NOT_DEFAULT | SSL_HIGH,
2261      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2262      256,
2263      256,
2264      },
2265     {
2266      1,
2267      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2268      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2269      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2270      SSL_kDHE,
2271      SSL_aNULL,
2272      SSL_CAMELLIA256,
2273      SSL_SHA256,
2274      TLS1_2_VERSION, TLS1_2_VERSION,
2275      DTLS1_2_VERSION, DTLS1_2_VERSION,
2276      SSL_NOT_DEFAULT | SSL_HIGH,
2277      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2278      256,
2279      256,
2280      },
2281     {
2282      1,
2283      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2284      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2285      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2286      SSL_kRSA,
2287      SSL_aRSA,
2288      SSL_CAMELLIA256,
2289      SSL_SHA1,
2290      SSL3_VERSION, TLS1_2_VERSION,
2291      DTLS1_BAD_VER, DTLS1_2_VERSION,
2292      SSL_NOT_DEFAULT | SSL_HIGH,
2293      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2294      256,
2295      256,
2296      },
2297     {
2298      1,
2299      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2300      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2301      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2302      SSL_kDHE,
2303      SSL_aDSS,
2304      SSL_CAMELLIA256,
2305      SSL_SHA1,
2306      SSL3_VERSION, TLS1_2_VERSION,
2307      DTLS1_BAD_VER, DTLS1_2_VERSION,
2308      SSL_NOT_DEFAULT | SSL_HIGH,
2309      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2310      256,
2311      256,
2312      },
2313     {
2314      1,
2315      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2316      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2317      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2318      SSL_kDHE,
2319      SSL_aRSA,
2320      SSL_CAMELLIA256,
2321      SSL_SHA1,
2322      SSL3_VERSION, TLS1_2_VERSION,
2323      DTLS1_BAD_VER, DTLS1_2_VERSION,
2324      SSL_NOT_DEFAULT | SSL_HIGH,
2325      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2326      256,
2327      256,
2328      },
2329     {
2330      1,
2331      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2332      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2333      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2334      SSL_kDHE,
2335      SSL_aNULL,
2336      SSL_CAMELLIA256,
2337      SSL_SHA1,
2338      SSL3_VERSION, TLS1_2_VERSION,
2339      DTLS1_BAD_VER, DTLS1_2_VERSION,
2340      SSL_NOT_DEFAULT | SSL_HIGH,
2341      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2342      256,
2343      256,
2344      },
2345     {
2346      1,
2347      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2348      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2349      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2350      SSL_kRSA,
2351      SSL_aRSA,
2352      SSL_CAMELLIA128,
2353      SSL_SHA1,
2354      SSL3_VERSION, TLS1_2_VERSION,
2355      DTLS1_BAD_VER, DTLS1_2_VERSION,
2356      SSL_NOT_DEFAULT | SSL_HIGH,
2357      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2358      128,
2359      128,
2360      },
2361     {
2362      1,
2363      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2364      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2365      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2366      SSL_kDHE,
2367      SSL_aDSS,
2368      SSL_CAMELLIA128,
2369      SSL_SHA1,
2370      SSL3_VERSION, TLS1_2_VERSION,
2371      DTLS1_BAD_VER, DTLS1_2_VERSION,
2372      SSL_NOT_DEFAULT | SSL_HIGH,
2373      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2374      128,
2375      128,
2376      },
2377     {
2378      1,
2379      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2380      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2381      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2382      SSL_kDHE,
2383      SSL_aRSA,
2384      SSL_CAMELLIA128,
2385      SSL_SHA1,
2386      SSL3_VERSION, TLS1_2_VERSION,
2387      DTLS1_BAD_VER, DTLS1_2_VERSION,
2388      SSL_NOT_DEFAULT | SSL_HIGH,
2389      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2390      128,
2391      128,
2392      },
2393     {
2394      1,
2395      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2396      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2397      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2398      SSL_kDHE,
2399      SSL_aNULL,
2400      SSL_CAMELLIA128,
2401      SSL_SHA1,
2402      SSL3_VERSION, TLS1_2_VERSION,
2403      DTLS1_BAD_VER, DTLS1_2_VERSION,
2404      SSL_NOT_DEFAULT | SSL_HIGH,
2405      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2406      128,
2407      128,
2408      },
2409     {
2410      1,
2411      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2412      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2413      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2414      SSL_kECDHE,
2415      SSL_aECDSA,
2416      SSL_CAMELLIA128,
2417      SSL_SHA256,
2418      TLS1_2_VERSION, TLS1_2_VERSION,
2419      DTLS1_2_VERSION, DTLS1_2_VERSION,
2420      SSL_NOT_DEFAULT | SSL_HIGH,
2421      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2422      128,
2423      128,
2424      },
2425     {
2426      1,
2427      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2428      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2429      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2430      SSL_kECDHE,
2431      SSL_aECDSA,
2432      SSL_CAMELLIA256,
2433      SSL_SHA384,
2434      TLS1_2_VERSION, TLS1_2_VERSION,
2435      DTLS1_2_VERSION, DTLS1_2_VERSION,
2436      SSL_NOT_DEFAULT | SSL_HIGH,
2437      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2438      256,
2439      256,
2440      },
2441     {
2442      1,
2443      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2444      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2445      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2446      SSL_kECDHE,
2447      SSL_aRSA,
2448      SSL_CAMELLIA128,
2449      SSL_SHA256,
2450      TLS1_2_VERSION, TLS1_2_VERSION,
2451      DTLS1_2_VERSION, DTLS1_2_VERSION,
2452      SSL_NOT_DEFAULT | SSL_HIGH,
2453      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2454      128,
2455      128,
2456      },
2457     {
2458      1,
2459      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2460      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2461      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2462      SSL_kECDHE,
2463      SSL_aRSA,
2464      SSL_CAMELLIA256,
2465      SSL_SHA384,
2466      TLS1_2_VERSION, TLS1_2_VERSION,
2467      DTLS1_2_VERSION, DTLS1_2_VERSION,
2468      SSL_NOT_DEFAULT | SSL_HIGH,
2469      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2470      256,
2471      256,
2472      },
2473     {
2474      1,
2475      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2476      TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2478      SSL_kPSK,
2479      SSL_aPSK,
2480      SSL_CAMELLIA128,
2481      SSL_SHA256,
2482      TLS1_VERSION, TLS1_2_VERSION,
2483      DTLS1_BAD_VER, DTLS1_2_VERSION,
2484      SSL_NOT_DEFAULT | SSL_HIGH,
2485      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2486      128,
2487      128,
2488      },
2489     {
2490      1,
2491      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2492      TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2494      SSL_kPSK,
2495      SSL_aPSK,
2496      SSL_CAMELLIA256,
2497      SSL_SHA384,
2498      TLS1_VERSION, TLS1_2_VERSION,
2499      DTLS1_BAD_VER, DTLS1_2_VERSION,
2500      SSL_NOT_DEFAULT | SSL_HIGH,
2501      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2502      256,
2503      256,
2504      },
2505     {
2506      1,
2507      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2508      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2509      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2510      SSL_kDHEPSK,
2511      SSL_aPSK,
2512      SSL_CAMELLIA128,
2513      SSL_SHA256,
2514      TLS1_VERSION, TLS1_2_VERSION,
2515      DTLS1_BAD_VER, DTLS1_2_VERSION,
2516      SSL_NOT_DEFAULT | SSL_HIGH,
2517      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2518      128,
2519      128,
2520      },
2521     {
2522      1,
2523      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2524      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2525      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2526      SSL_kDHEPSK,
2527      SSL_aPSK,
2528      SSL_CAMELLIA256,
2529      SSL_SHA384,
2530      TLS1_VERSION, TLS1_2_VERSION,
2531      DTLS1_BAD_VER, DTLS1_2_VERSION,
2532      SSL_NOT_DEFAULT | SSL_HIGH,
2533      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2534      256,
2535      256,
2536      },
2537     {
2538      1,
2539      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2540      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2541      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2542      SSL_kRSAPSK,
2543      SSL_aRSA,
2544      SSL_CAMELLIA128,
2545      SSL_SHA256,
2546      TLS1_VERSION, TLS1_2_VERSION,
2547      DTLS1_BAD_VER, DTLS1_2_VERSION,
2548      SSL_NOT_DEFAULT | SSL_HIGH,
2549      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2550      128,
2551      128,
2552      },
2553     {
2554      1,
2555      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2556      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2557      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2558      SSL_kRSAPSK,
2559      SSL_aRSA,
2560      SSL_CAMELLIA256,
2561      SSL_SHA384,
2562      TLS1_VERSION, TLS1_2_VERSION,
2563      DTLS1_BAD_VER, DTLS1_2_VERSION,
2564      SSL_NOT_DEFAULT | SSL_HIGH,
2565      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2566      256,
2567      256,
2568      },
2569     {
2570      1,
2571      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2572      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2573      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2574      SSL_kECDHEPSK,
2575      SSL_aPSK,
2576      SSL_CAMELLIA128,
2577      SSL_SHA256,
2578      TLS1_VERSION, TLS1_2_VERSION,
2579      DTLS1_BAD_VER, DTLS1_2_VERSION,
2580      SSL_NOT_DEFAULT | SSL_HIGH,
2581      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2582      128,
2583      128,
2584      },
2585     {
2586      1,
2587      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2588      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2589      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2590      SSL_kECDHEPSK,
2591      SSL_aPSK,
2592      SSL_CAMELLIA256,
2593      SSL_SHA384,
2594      TLS1_VERSION, TLS1_2_VERSION,
2595      DTLS1_BAD_VER, DTLS1_2_VERSION,
2596      SSL_NOT_DEFAULT | SSL_HIGH,
2597      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2598      256,
2599      256,
2600      },
2601 #endif                          /* OPENSSL_NO_CAMELLIA */
2602 
2603 #ifndef OPENSSL_NO_GOST
2604     {
2605      1,
2606      "GOST2001-GOST89-GOST89",
2607      "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2608      0x3000081,
2609      SSL_kGOST,
2610      SSL_aGOST01,
2611      SSL_eGOST2814789CNT,
2612      SSL_GOST89MAC,
2613      TLS1_VERSION, TLS1_2_VERSION,
2614      0, 0,
2615      SSL_HIGH,
2616      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2617      256,
2618      256,
2619      },
2620     {
2621      1,
2622      "GOST2001-NULL-GOST94",
2623      "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2624      0x3000083,
2625      SSL_kGOST,
2626      SSL_aGOST01,
2627      SSL_eNULL,
2628      SSL_GOST94,
2629      TLS1_VERSION, TLS1_2_VERSION,
2630      0, 0,
2631      SSL_STRONG_NONE,
2632      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2633      0,
2634      0,
2635      },
2636     {
2637      1,
2638      "GOST2012-GOST8912-GOST8912",
2639      NULL,
2640      0x0300ff85,
2641      SSL_kGOST,
2642      SSL_aGOST12 | SSL_aGOST01,
2643      SSL_eGOST2814789CNT12,
2644      SSL_GOST89MAC12,
2645      TLS1_VERSION, TLS1_2_VERSION,
2646      0, 0,
2647      SSL_HIGH,
2648      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2649      256,
2650      256,
2651      },
2652     {
2653      1,
2654      "GOST2012-NULL-GOST12",
2655      NULL,
2656      0x0300ff87,
2657      SSL_kGOST,
2658      SSL_aGOST12 | SSL_aGOST01,
2659      SSL_eNULL,
2660      SSL_GOST12_256,
2661      TLS1_VERSION, TLS1_2_VERSION,
2662      0, 0,
2663      SSL_STRONG_NONE,
2664      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2665      0,
2666      0,
2667      },
2668 #endif                          /* OPENSSL_NO_GOST */
2669 
2670 #ifndef OPENSSL_NO_IDEA
2671     {
2672      1,
2673      SSL3_TXT_RSA_IDEA_128_SHA,
2674      SSL3_RFC_RSA_IDEA_128_SHA,
2675      SSL3_CK_RSA_IDEA_128_SHA,
2676      SSL_kRSA,
2677      SSL_aRSA,
2678      SSL_IDEA,
2679      SSL_SHA1,
2680      SSL3_VERSION, TLS1_1_VERSION,
2681      DTLS1_BAD_VER, DTLS1_VERSION,
2682      SSL_NOT_DEFAULT | SSL_MEDIUM,
2683      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2684      128,
2685      128,
2686      },
2687 #endif
2688 
2689 #ifndef OPENSSL_NO_SEED
2690     {
2691      1,
2692      TLS1_TXT_RSA_WITH_SEED_SHA,
2693      TLS1_RFC_RSA_WITH_SEED_SHA,
2694      TLS1_CK_RSA_WITH_SEED_SHA,
2695      SSL_kRSA,
2696      SSL_aRSA,
2697      SSL_SEED,
2698      SSL_SHA1,
2699      SSL3_VERSION, TLS1_2_VERSION,
2700      DTLS1_BAD_VER, DTLS1_2_VERSION,
2701      SSL_NOT_DEFAULT | SSL_MEDIUM,
2702      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2703      128,
2704      128,
2705      },
2706     {
2707      1,
2708      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2709      TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2710      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2711      SSL_kDHE,
2712      SSL_aDSS,
2713      SSL_SEED,
2714      SSL_SHA1,
2715      SSL3_VERSION, TLS1_2_VERSION,
2716      DTLS1_BAD_VER, DTLS1_2_VERSION,
2717      SSL_NOT_DEFAULT | SSL_MEDIUM,
2718      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2719      128,
2720      128,
2721      },
2722     {
2723      1,
2724      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2725      TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2726      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2727      SSL_kDHE,
2728      SSL_aRSA,
2729      SSL_SEED,
2730      SSL_SHA1,
2731      SSL3_VERSION, TLS1_2_VERSION,
2732      DTLS1_BAD_VER, DTLS1_2_VERSION,
2733      SSL_NOT_DEFAULT | SSL_MEDIUM,
2734      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2735      128,
2736      128,
2737      },
2738     {
2739      1,
2740      TLS1_TXT_ADH_WITH_SEED_SHA,
2741      TLS1_RFC_ADH_WITH_SEED_SHA,
2742      TLS1_CK_ADH_WITH_SEED_SHA,
2743      SSL_kDHE,
2744      SSL_aNULL,
2745      SSL_SEED,
2746      SSL_SHA1,
2747      SSL3_VERSION, TLS1_2_VERSION,
2748      DTLS1_BAD_VER, DTLS1_2_VERSION,
2749      SSL_NOT_DEFAULT | SSL_MEDIUM,
2750      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2751      128,
2752      128,
2753      },
2754 #endif                          /* OPENSSL_NO_SEED */
2755 
2756 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2757     {
2758      1,
2759      SSL3_TXT_RSA_RC4_128_MD5,
2760      SSL3_RFC_RSA_RC4_128_MD5,
2761      SSL3_CK_RSA_RC4_128_MD5,
2762      SSL_kRSA,
2763      SSL_aRSA,
2764      SSL_RC4,
2765      SSL_MD5,
2766      SSL3_VERSION, TLS1_2_VERSION,
2767      0, 0,
2768      SSL_NOT_DEFAULT | SSL_MEDIUM,
2769      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2770      128,
2771      128,
2772      },
2773     {
2774      1,
2775      SSL3_TXT_RSA_RC4_128_SHA,
2776      SSL3_RFC_RSA_RC4_128_SHA,
2777      SSL3_CK_RSA_RC4_128_SHA,
2778      SSL_kRSA,
2779      SSL_aRSA,
2780      SSL_RC4,
2781      SSL_SHA1,
2782      SSL3_VERSION, TLS1_2_VERSION,
2783      0, 0,
2784      SSL_NOT_DEFAULT | SSL_MEDIUM,
2785      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2786      128,
2787      128,
2788      },
2789     {
2790      1,
2791      SSL3_TXT_ADH_RC4_128_MD5,
2792      SSL3_RFC_ADH_RC4_128_MD5,
2793      SSL3_CK_ADH_RC4_128_MD5,
2794      SSL_kDHE,
2795      SSL_aNULL,
2796      SSL_RC4,
2797      SSL_MD5,
2798      SSL3_VERSION, TLS1_2_VERSION,
2799      0, 0,
2800      SSL_NOT_DEFAULT | SSL_MEDIUM,
2801      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2802      128,
2803      128,
2804      },
2805     {
2806      1,
2807      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2808      TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2809      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2810      SSL_kECDHEPSK,
2811      SSL_aPSK,
2812      SSL_RC4,
2813      SSL_SHA1,
2814      TLS1_VERSION, TLS1_2_VERSION,
2815      0, 0,
2816      SSL_NOT_DEFAULT | SSL_MEDIUM,
2817      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2818      128,
2819      128,
2820      },
2821     {
2822      1,
2823      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2824      TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2825      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2826      SSL_kECDHE,
2827      SSL_aNULL,
2828      SSL_RC4,
2829      SSL_SHA1,
2830      TLS1_VERSION, TLS1_2_VERSION,
2831      0, 0,
2832      SSL_NOT_DEFAULT | SSL_MEDIUM,
2833      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2834      128,
2835      128,
2836      },
2837     {
2838      1,
2839      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2840      TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2841      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2842      SSL_kECDHE,
2843      SSL_aECDSA,
2844      SSL_RC4,
2845      SSL_SHA1,
2846      TLS1_VERSION, TLS1_2_VERSION,
2847      0, 0,
2848      SSL_NOT_DEFAULT | SSL_MEDIUM,
2849      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850      128,
2851      128,
2852      },
2853     {
2854      1,
2855      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2856      TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2857      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2858      SSL_kECDHE,
2859      SSL_aRSA,
2860      SSL_RC4,
2861      SSL_SHA1,
2862      TLS1_VERSION, TLS1_2_VERSION,
2863      0, 0,
2864      SSL_NOT_DEFAULT | SSL_MEDIUM,
2865      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2866      128,
2867      128,
2868      },
2869     {
2870      1,
2871      TLS1_TXT_PSK_WITH_RC4_128_SHA,
2872      TLS1_RFC_PSK_WITH_RC4_128_SHA,
2873      TLS1_CK_PSK_WITH_RC4_128_SHA,
2874      SSL_kPSK,
2875      SSL_aPSK,
2876      SSL_RC4,
2877      SSL_SHA1,
2878      SSL3_VERSION, TLS1_2_VERSION,
2879      0, 0,
2880      SSL_NOT_DEFAULT | SSL_MEDIUM,
2881      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2882      128,
2883      128,
2884      },
2885     {
2886      1,
2887      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2888      TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2889      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2890      SSL_kRSAPSK,
2891      SSL_aRSA,
2892      SSL_RC4,
2893      SSL_SHA1,
2894      SSL3_VERSION, TLS1_2_VERSION,
2895      0, 0,
2896      SSL_NOT_DEFAULT | SSL_MEDIUM,
2897      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2898      128,
2899      128,
2900      },
2901     {
2902      1,
2903      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2904      TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2905      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2906      SSL_kDHEPSK,
2907      SSL_aPSK,
2908      SSL_RC4,
2909      SSL_SHA1,
2910      SSL3_VERSION, TLS1_2_VERSION,
2911      0, 0,
2912      SSL_NOT_DEFAULT | SSL_MEDIUM,
2913      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914      128,
2915      128,
2916      },
2917 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2918 
2919 #ifndef OPENSSL_NO_ARIA
2920     {
2921      1,
2922      TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2923      TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2924      TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2925      SSL_kRSA,
2926      SSL_aRSA,
2927      SSL_ARIA128GCM,
2928      SSL_AEAD,
2929      TLS1_2_VERSION, TLS1_2_VERSION,
2930      DTLS1_2_VERSION, DTLS1_2_VERSION,
2931      SSL_NOT_DEFAULT | SSL_HIGH,
2932      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2933      128,
2934      128,
2935      },
2936     {
2937      1,
2938      TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2939      TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2940      TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2941      SSL_kRSA,
2942      SSL_aRSA,
2943      SSL_ARIA256GCM,
2944      SSL_AEAD,
2945      TLS1_2_VERSION, TLS1_2_VERSION,
2946      DTLS1_2_VERSION, DTLS1_2_VERSION,
2947      SSL_NOT_DEFAULT | SSL_HIGH,
2948      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2949      256,
2950      256,
2951      },
2952     {
2953      1,
2954      TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2955      TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2956      TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2957      SSL_kDHE,
2958      SSL_aRSA,
2959      SSL_ARIA128GCM,
2960      SSL_AEAD,
2961      TLS1_2_VERSION, TLS1_2_VERSION,
2962      DTLS1_2_VERSION, DTLS1_2_VERSION,
2963      SSL_NOT_DEFAULT | SSL_HIGH,
2964      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2965      128,
2966      128,
2967      },
2968     {
2969      1,
2970      TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2971      TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2972      TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2973      SSL_kDHE,
2974      SSL_aRSA,
2975      SSL_ARIA256GCM,
2976      SSL_AEAD,
2977      TLS1_2_VERSION, TLS1_2_VERSION,
2978      DTLS1_2_VERSION, DTLS1_2_VERSION,
2979      SSL_NOT_DEFAULT | SSL_HIGH,
2980      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2981      256,
2982      256,
2983      },
2984     {
2985      1,
2986      TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2987      TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2988      TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2989      SSL_kDHE,
2990      SSL_aDSS,
2991      SSL_ARIA128GCM,
2992      SSL_AEAD,
2993      TLS1_2_VERSION, TLS1_2_VERSION,
2994      DTLS1_2_VERSION, DTLS1_2_VERSION,
2995      SSL_NOT_DEFAULT | SSL_HIGH,
2996      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2997      128,
2998      128,
2999      },
3000     {
3001      1,
3002      TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3003      TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3004      TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3005      SSL_kDHE,
3006      SSL_aDSS,
3007      SSL_ARIA256GCM,
3008      SSL_AEAD,
3009      TLS1_2_VERSION, TLS1_2_VERSION,
3010      DTLS1_2_VERSION, DTLS1_2_VERSION,
3011      SSL_NOT_DEFAULT | SSL_HIGH,
3012      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3013      256,
3014      256,
3015      },
3016     {
3017      1,
3018      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3019      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3020      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3021      SSL_kECDHE,
3022      SSL_aECDSA,
3023      SSL_ARIA128GCM,
3024      SSL_AEAD,
3025      TLS1_2_VERSION, TLS1_2_VERSION,
3026      DTLS1_2_VERSION, DTLS1_2_VERSION,
3027      SSL_NOT_DEFAULT | SSL_HIGH,
3028      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3029      128,
3030      128,
3031      },
3032     {
3033      1,
3034      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3035      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3036      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3037      SSL_kECDHE,
3038      SSL_aECDSA,
3039      SSL_ARIA256GCM,
3040      SSL_AEAD,
3041      TLS1_2_VERSION, TLS1_2_VERSION,
3042      DTLS1_2_VERSION, DTLS1_2_VERSION,
3043      SSL_NOT_DEFAULT | SSL_HIGH,
3044      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3045      256,
3046      256,
3047      },
3048     {
3049      1,
3050      TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051      TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052      TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053      SSL_kECDHE,
3054      SSL_aRSA,
3055      SSL_ARIA128GCM,
3056      SSL_AEAD,
3057      TLS1_2_VERSION, TLS1_2_VERSION,
3058      DTLS1_2_VERSION, DTLS1_2_VERSION,
3059      SSL_NOT_DEFAULT | SSL_HIGH,
3060      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3061      128,
3062      128,
3063      },
3064     {
3065      1,
3066      TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067      TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068      TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069      SSL_kECDHE,
3070      SSL_aRSA,
3071      SSL_ARIA256GCM,
3072      SSL_AEAD,
3073      TLS1_2_VERSION, TLS1_2_VERSION,
3074      DTLS1_2_VERSION, DTLS1_2_VERSION,
3075      SSL_NOT_DEFAULT | SSL_HIGH,
3076      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3077      256,
3078      256,
3079      },
3080     {
3081      1,
3082      TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3083      TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3084      TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3085      SSL_kPSK,
3086      SSL_aPSK,
3087      SSL_ARIA128GCM,
3088      SSL_AEAD,
3089      TLS1_2_VERSION, TLS1_2_VERSION,
3090      DTLS1_2_VERSION, DTLS1_2_VERSION,
3091      SSL_NOT_DEFAULT | SSL_HIGH,
3092      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3093      128,
3094      128,
3095      },
3096     {
3097      1,
3098      TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3099      TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3100      TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3101      SSL_kPSK,
3102      SSL_aPSK,
3103      SSL_ARIA256GCM,
3104      SSL_AEAD,
3105      TLS1_2_VERSION, TLS1_2_VERSION,
3106      DTLS1_2_VERSION, DTLS1_2_VERSION,
3107      SSL_NOT_DEFAULT | SSL_HIGH,
3108      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3109      256,
3110      256,
3111      },
3112     {
3113      1,
3114      TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3115      TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3116      TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3117      SSL_kDHEPSK,
3118      SSL_aPSK,
3119      SSL_ARIA128GCM,
3120      SSL_AEAD,
3121      TLS1_2_VERSION, TLS1_2_VERSION,
3122      DTLS1_2_VERSION, DTLS1_2_VERSION,
3123      SSL_NOT_DEFAULT | SSL_HIGH,
3124      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3125      128,
3126      128,
3127      },
3128     {
3129      1,
3130      TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3131      TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3132      TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3133      SSL_kDHEPSK,
3134      SSL_aPSK,
3135      SSL_ARIA256GCM,
3136      SSL_AEAD,
3137      TLS1_2_VERSION, TLS1_2_VERSION,
3138      DTLS1_2_VERSION, DTLS1_2_VERSION,
3139      SSL_NOT_DEFAULT | SSL_HIGH,
3140      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3141      256,
3142      256,
3143      },
3144     {
3145      1,
3146      TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3147      TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3148      TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3149      SSL_kRSAPSK,
3150      SSL_aRSA,
3151      SSL_ARIA128GCM,
3152      SSL_AEAD,
3153      TLS1_2_VERSION, TLS1_2_VERSION,
3154      DTLS1_2_VERSION, DTLS1_2_VERSION,
3155      SSL_NOT_DEFAULT | SSL_HIGH,
3156      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3157      128,
3158      128,
3159      },
3160     {
3161      1,
3162      TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3163      TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3164      TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3165      SSL_kRSAPSK,
3166      SSL_aRSA,
3167      SSL_ARIA256GCM,
3168      SSL_AEAD,
3169      TLS1_2_VERSION, TLS1_2_VERSION,
3170      DTLS1_2_VERSION, DTLS1_2_VERSION,
3171      SSL_NOT_DEFAULT | SSL_HIGH,
3172      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3173      256,
3174      256,
3175      },
3176 #endif /* OPENSSL_NO_ARIA */
3177 };
3178 
3179 /*
3180  * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3181  * values stuffed into the ciphers field of the wire protocol for signalling
3182  * purposes.
3183  */
3184 static SSL_CIPHER ssl3_scsvs[] = {
3185     {
3186      0,
3187      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3188      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3189      SSL3_CK_SCSV,
3190      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3191     },
3192     {
3193      0,
3194      "TLS_FALLBACK_SCSV",
3195      "TLS_FALLBACK_SCSV",
3196      SSL3_CK_FALLBACK_SCSV,
3197      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3198     },
3199 };
3200 
3201 static int cipher_compare(const void *a, const void *b)
3202 {
3203     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3204     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3205 
3206     if (ap->id == bp->id)
3207         return 0;
3208     return ap->id < bp->id ? -1 : 1;
3209 }
3210 
3211 void ssl_sort_cipher_list(void)
3212 {
3213     qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3214           cipher_compare);
3215     qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3216           cipher_compare);
3217     qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3218 }
3219 
3220 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3221                                     const char * t, size_t u,
3222                                     const unsigned char * v, size_t w, int x)
3223 {
3224     (void)r;
3225     (void)s;
3226     (void)t;
3227     (void)u;
3228     (void)v;
3229     (void)w;
3230     (void)x;
3231     return ssl_undefined_function(ssl);
3232 }
3233 
3234 const SSL3_ENC_METHOD SSLv3_enc_data = {
3235     ssl3_enc,
3236     n_ssl3_mac,
3237     ssl3_setup_key_block,
3238     ssl3_generate_master_secret,
3239     ssl3_change_cipher_state,
3240     ssl3_final_finish_mac,
3241     SSL3_MD_CLIENT_FINISHED_CONST, 4,
3242     SSL3_MD_SERVER_FINISHED_CONST, 4,
3243     ssl3_alert_code,
3244     ssl_undefined_function_1,
3245     0,
3246     ssl3_set_handshake_header,
3247     tls_close_construct_packet,
3248     ssl3_handshake_write
3249 };
3250 
3251 long ssl3_default_timeout(void)
3252 {
3253     /*
3254      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3255      * http, the cache would over fill
3256      */
3257     return (60 * 60 * 2);
3258 }
3259 
3260 int ssl3_num_ciphers(void)
3261 {
3262     return SSL3_NUM_CIPHERS;
3263 }
3264 
3265 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3266 {
3267     if (u < SSL3_NUM_CIPHERS)
3268         return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3269     else
3270         return NULL;
3271 }
3272 
3273 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3274 {
3275     /* No header in the event of a CCS */
3276     if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3277         return 1;
3278 
3279     /* Set the content type and 3 bytes for the message len */
3280     if (!WPACKET_put_bytes_u8(pkt, htype)
3281             || !WPACKET_start_sub_packet_u24(pkt))
3282         return 0;
3283 
3284     return 1;
3285 }
3286 
3287 int ssl3_handshake_write(SSL *s)
3288 {
3289     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3290 }
3291 
3292 int ssl3_new(SSL *s)
3293 {
3294     SSL3_STATE *s3;
3295 
3296     if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3297         goto err;
3298     s->s3 = s3;
3299 
3300 #ifndef OPENSSL_NO_SRP
3301     if (!SSL_SRP_CTX_init(s))
3302         goto err;
3303 #endif
3304 
3305     if (!s->method->ssl_clear(s))
3306         return 0;
3307 
3308     return 1;
3309  err:
3310     return 0;
3311 }
3312 
3313 void ssl3_free(SSL *s)
3314 {
3315     if (s == NULL || s->s3 == NULL)
3316         return;
3317 
3318     ssl3_cleanup_key_block(s);
3319 
3320 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3321     EVP_PKEY_free(s->s3->peer_tmp);
3322     s->s3->peer_tmp = NULL;
3323     EVP_PKEY_free(s->s3->tmp.pkey);
3324     s->s3->tmp.pkey = NULL;
3325 #endif
3326 
3327     OPENSSL_free(s->s3->tmp.ctype);
3328     sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3329     OPENSSL_free(s->s3->tmp.ciphers_raw);
3330     OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3331     OPENSSL_free(s->s3->tmp.peer_sigalgs);
3332     OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3333     ssl3_free_digest_list(s);
3334     OPENSSL_free(s->s3->alpn_selected);
3335     OPENSSL_free(s->s3->alpn_proposed);
3336 
3337 #ifndef OPENSSL_NO_SRP
3338     SSL_SRP_CTX_free(s);
3339 #endif
3340     OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3341     s->s3 = NULL;
3342 }
3343 
3344 int ssl3_clear(SSL *s)
3345 {
3346     ssl3_cleanup_key_block(s);
3347     OPENSSL_free(s->s3->tmp.ctype);
3348     sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3349     OPENSSL_free(s->s3->tmp.ciphers_raw);
3350     OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3351     OPENSSL_free(s->s3->tmp.peer_sigalgs);
3352     OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3353 
3354 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3355     EVP_PKEY_free(s->s3->tmp.pkey);
3356     EVP_PKEY_free(s->s3->peer_tmp);
3357 #endif                          /* !OPENSSL_NO_EC */
3358 
3359     ssl3_free_digest_list(s);
3360 
3361     OPENSSL_free(s->s3->alpn_selected);
3362     OPENSSL_free(s->s3->alpn_proposed);
3363 
3364     /* NULL/zero-out everything in the s3 struct */
3365     memset(s->s3, 0, sizeof(*s->s3));
3366 
3367     if (!ssl_free_wbio_buffer(s))
3368         return 0;
3369 
3370     s->version = SSL3_VERSION;
3371 
3372 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3373     OPENSSL_free(s->ext.npn);
3374     s->ext.npn = NULL;
3375     s->ext.npn_len = 0;
3376 #endif
3377 
3378     return 1;
3379 }
3380 
3381 #ifndef OPENSSL_NO_SRP
3382 static char *srp_password_from_info_cb(SSL *s, void *arg)
3383 {
3384     return OPENSSL_strdup(s->srp_ctx.info);
3385 }
3386 #endif
3387 
3388 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3389 
3390 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3391 {
3392     int ret = 0;
3393 
3394     switch (cmd) {
3395     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3396         break;
3397     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3398         ret = s->s3->num_renegotiations;
3399         break;
3400     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3401         ret = s->s3->num_renegotiations;
3402         s->s3->num_renegotiations = 0;
3403         break;
3404     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3405         ret = s->s3->total_renegotiations;
3406         break;
3407     case SSL_CTRL_GET_FLAGS:
3408         ret = (int)(s->s3->flags);
3409         break;
3410 #ifndef OPENSSL_NO_DH
3411     case SSL_CTRL_SET_TMP_DH:
3412         {
3413             DH *dh = (DH *)parg;
3414             EVP_PKEY *pkdh = NULL;
3415             if (dh == NULL) {
3416                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3417                 return ret;
3418             }
3419             pkdh = ssl_dh_to_pkey(dh);
3420             if (pkdh == NULL) {
3421                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3422                 return 0;
3423             }
3424             if (!ssl_security(s, SSL_SECOP_TMP_DH,
3425                               EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3426                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3427                 EVP_PKEY_free(pkdh);
3428                 return ret;
3429             }
3430             EVP_PKEY_free(s->cert->dh_tmp);
3431             s->cert->dh_tmp = pkdh;
3432             ret = 1;
3433         }
3434         break;
3435     case SSL_CTRL_SET_TMP_DH_CB:
3436         {
3437             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3438             return ret;
3439         }
3440     case SSL_CTRL_SET_DH_AUTO:
3441         s->cert->dh_tmp_auto = larg;
3442         return 1;
3443 #endif
3444 #ifndef OPENSSL_NO_EC
3445     case SSL_CTRL_SET_TMP_ECDH:
3446         {
3447             const EC_GROUP *group = NULL;
3448             int nid;
3449 
3450             if (parg == NULL) {
3451                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3452                 return 0;
3453             }
3454             group = EC_KEY_get0_group((const EC_KEY *)parg);
3455             if (group == NULL) {
3456                 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3457                 return 0;
3458             }
3459             nid = EC_GROUP_get_curve_name(group);
3460             if (nid == NID_undef)
3461                 return 0;
3462             return tls1_set_groups(&s->ext.supportedgroups,
3463                                    &s->ext.supportedgroups_len,
3464                                    &nid, 1);
3465         }
3466         break;
3467 #endif                          /* !OPENSSL_NO_EC */
3468     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3469         /*
3470          * TODO(OpenSSL1.2)
3471          * This API is only used for a client to set what SNI it will request
3472          * from the server, but we currently allow it to be used on servers
3473          * as well, which is a programming error.  Currently we just clear
3474          * the field in SSL_do_handshake() for server SSLs, but when we can
3475          * make ABI-breaking changes, we may want to make use of this API
3476          * an error on server SSLs.
3477          */
3478         if (larg == TLSEXT_NAMETYPE_host_name) {
3479             size_t len;
3480 
3481             OPENSSL_free(s->ext.hostname);
3482             s->ext.hostname = NULL;
3483 
3484             ret = 1;
3485             if (parg == NULL)
3486                 break;
3487             len = strlen((char *)parg);
3488             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3489                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3490                 return 0;
3491             }
3492             if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3493                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3494                 return 0;
3495             }
3496         } else {
3497             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3498             return 0;
3499         }
3500         break;
3501     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3502         s->ext.debug_arg = parg;
3503         ret = 1;
3504         break;
3505 
3506     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3507         ret = s->ext.status_type;
3508         break;
3509 
3510     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3511         s->ext.status_type = larg;
3512         ret = 1;
3513         break;
3514 
3515     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3516         *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3517         ret = 1;
3518         break;
3519 
3520     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3521         s->ext.ocsp.exts = parg;
3522         ret = 1;
3523         break;
3524 
3525     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3526         *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3527         ret = 1;
3528         break;
3529 
3530     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3531         s->ext.ocsp.ids = parg;
3532         ret = 1;
3533         break;
3534 
3535     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3536         *(unsigned char **)parg = s->ext.ocsp.resp;
3537         if (s->ext.ocsp.resp_len == 0
3538                 || s->ext.ocsp.resp_len > LONG_MAX)
3539             return -1;
3540         return (long)s->ext.ocsp.resp_len;
3541 
3542     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3543         OPENSSL_free(s->ext.ocsp.resp);
3544         s->ext.ocsp.resp = parg;
3545         s->ext.ocsp.resp_len = larg;
3546         ret = 1;
3547         break;
3548 
3549 #ifndef OPENSSL_NO_HEARTBEATS
3550     case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3551     case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3552     case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3553         break;
3554 #endif
3555 
3556     case SSL_CTRL_CHAIN:
3557         if (larg)
3558             return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3559         else
3560             return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3561 
3562     case SSL_CTRL_CHAIN_CERT:
3563         if (larg)
3564             return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3565         else
3566             return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3567 
3568     case SSL_CTRL_GET_CHAIN_CERTS:
3569         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3570         ret = 1;
3571         break;
3572 
3573     case SSL_CTRL_SELECT_CURRENT_CERT:
3574         return ssl_cert_select_current(s->cert, (X509 *)parg);
3575 
3576     case SSL_CTRL_SET_CURRENT_CERT:
3577         if (larg == SSL_CERT_SET_SERVER) {
3578             const SSL_CIPHER *cipher;
3579             if (!s->server)
3580                 return 0;
3581             cipher = s->s3->tmp.new_cipher;
3582             if (cipher == NULL)
3583                 return 0;
3584             /*
3585              * No certificate for unauthenticated ciphersuites or using SRP
3586              * authentication
3587              */
3588             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3589                 return 2;
3590             if (s->s3->tmp.cert == NULL)
3591                 return 0;
3592             s->cert->key = s->s3->tmp.cert;
3593             return 1;
3594         }
3595         return ssl_cert_set_current(s->cert, larg);
3596 
3597 #ifndef OPENSSL_NO_EC
3598     case SSL_CTRL_GET_GROUPS:
3599         {
3600             uint16_t *clist;
3601             size_t clistlen;
3602 
3603             if (!s->session)
3604                 return 0;
3605             clist = s->ext.peer_supportedgroups;
3606             clistlen = s->ext.peer_supportedgroups_len;
3607             if (parg) {
3608                 size_t i;
3609                 int *cptr = parg;
3610 
3611                 for (i = 0; i < clistlen; i++) {
3612                     const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3613 
3614                     if (cinf != NULL)
3615                         cptr[i] = cinf->nid;
3616                     else
3617                         cptr[i] = TLSEXT_nid_unknown | clist[i];
3618                 }
3619             }
3620             return (int)clistlen;
3621         }
3622 
3623     case SSL_CTRL_SET_GROUPS:
3624         return tls1_set_groups(&s->ext.supportedgroups,
3625                                &s->ext.supportedgroups_len, parg, larg);
3626 
3627     case SSL_CTRL_SET_GROUPS_LIST:
3628         return tls1_set_groups_list(&s->ext.supportedgroups,
3629                                     &s->ext.supportedgroups_len, parg);
3630 
3631     case SSL_CTRL_GET_SHARED_GROUP:
3632         {
3633             uint16_t id = tls1_shared_group(s, larg);
3634 
3635             if (larg != -1) {
3636                 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3637 
3638                 return ginf == NULL ? 0 : ginf->nid;
3639             }
3640             return id;
3641         }
3642 #endif
3643     case SSL_CTRL_SET_SIGALGS:
3644         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3645 
3646     case SSL_CTRL_SET_SIGALGS_LIST:
3647         return tls1_set_sigalgs_list(s->cert, parg, 0);
3648 
3649     case SSL_CTRL_SET_CLIENT_SIGALGS:
3650         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3651 
3652     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3653         return tls1_set_sigalgs_list(s->cert, parg, 1);
3654 
3655     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3656         {
3657             const unsigned char **pctype = parg;
3658             if (s->server || !s->s3->tmp.cert_req)
3659                 return 0;
3660             if (pctype)
3661                 *pctype = s->s3->tmp.ctype;
3662             return s->s3->tmp.ctype_len;
3663         }
3664 
3665     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3666         if (!s->server)
3667             return 0;
3668         return ssl3_set_req_cert_type(s->cert, parg, larg);
3669 
3670     case SSL_CTRL_BUILD_CERT_CHAIN:
3671         return ssl_build_cert_chain(s, NULL, larg);
3672 
3673     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3674         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3675 
3676     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3677         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3678 
3679     case SSL_CTRL_GET_VERIFY_CERT_STORE:
3680         return ssl_cert_get_cert_store(s->cert, parg, 0);
3681 
3682     case SSL_CTRL_GET_CHAIN_CERT_STORE:
3683         return ssl_cert_get_cert_store(s->cert, parg, 1);
3684 
3685     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3686         if (s->s3->tmp.peer_sigalg == NULL)
3687             return 0;
3688         *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3689         return 1;
3690 
3691     case SSL_CTRL_GET_SIGNATURE_NID:
3692         if (s->s3->tmp.sigalg == NULL)
3693             return 0;
3694         *(int *)parg = s->s3->tmp.sigalg->hash;
3695         return 1;
3696 
3697     case SSL_CTRL_GET_PEER_TMP_KEY:
3698 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3699         if (s->session == NULL || s->s3->peer_tmp == NULL) {
3700             return 0;
3701         } else {
3702             EVP_PKEY_up_ref(s->s3->peer_tmp);
3703             *(EVP_PKEY **)parg = s->s3->peer_tmp;
3704             return 1;
3705         }
3706 #else
3707         return 0;
3708 #endif
3709 
3710     case SSL_CTRL_GET_TMP_KEY:
3711 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3712         if (s->session == NULL || s->s3->tmp.pkey == NULL) {
3713             return 0;
3714         } else {
3715             EVP_PKEY_up_ref(s->s3->tmp.pkey);
3716             *(EVP_PKEY **)parg = s->s3->tmp.pkey;
3717             return 1;
3718         }
3719 #else
3720         return 0;
3721 #endif
3722 
3723 #ifndef OPENSSL_NO_EC
3724     case SSL_CTRL_GET_EC_POINT_FORMATS:
3725         {
3726             const unsigned char **pformat = parg;
3727 
3728             if (s->ext.peer_ecpointformats == NULL)
3729                 return 0;
3730             *pformat = s->ext.peer_ecpointformats;
3731             return (int)s->ext.peer_ecpointformats_len;
3732         }
3733 #endif
3734 
3735     default:
3736         break;
3737     }
3738     return ret;
3739 }
3740 
3741 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3742 {
3743     int ret = 0;
3744 
3745     switch (cmd) {
3746 #ifndef OPENSSL_NO_DH
3747     case SSL_CTRL_SET_TMP_DH_CB:
3748         {
3749             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3750         }
3751         break;
3752 #endif
3753     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3754         s->ext.debug_cb = (void (*)(SSL *, int, int,
3755                                     const unsigned char *, int, void *))fp;
3756         break;
3757 
3758     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3759         {
3760             s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3761         }
3762         break;
3763     default:
3764         break;
3765     }
3766     return ret;
3767 }
3768 
3769 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3770 {
3771     switch (cmd) {
3772 #ifndef OPENSSL_NO_DH
3773     case SSL_CTRL_SET_TMP_DH:
3774         {
3775             DH *dh = (DH *)parg;
3776             EVP_PKEY *pkdh = NULL;
3777             if (dh == NULL) {
3778                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3779                 return 0;
3780             }
3781             pkdh = ssl_dh_to_pkey(dh);
3782             if (pkdh == NULL) {
3783                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3784                 return 0;
3785             }
3786             if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3787                                   EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3788                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3789                 EVP_PKEY_free(pkdh);
3790                 return 0;
3791             }
3792             EVP_PKEY_free(ctx->cert->dh_tmp);
3793             ctx->cert->dh_tmp = pkdh;
3794             return 1;
3795         }
3796     case SSL_CTRL_SET_TMP_DH_CB:
3797         {
3798             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3799             return 0;
3800         }
3801     case SSL_CTRL_SET_DH_AUTO:
3802         ctx->cert->dh_tmp_auto = larg;
3803         return 1;
3804 #endif
3805 #ifndef OPENSSL_NO_EC
3806     case SSL_CTRL_SET_TMP_ECDH:
3807         {
3808             const EC_GROUP *group = NULL;
3809             int nid;
3810 
3811             if (parg == NULL) {
3812                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3813                 return 0;
3814             }
3815             group = EC_KEY_get0_group((const EC_KEY *)parg);
3816             if (group == NULL) {
3817                 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3818                 return 0;
3819             }
3820             nid = EC_GROUP_get_curve_name(group);
3821             if (nid == NID_undef)
3822                 return 0;
3823             return tls1_set_groups(&ctx->ext.supportedgroups,
3824                                    &ctx->ext.supportedgroups_len,
3825                                    &nid, 1);
3826         }
3827 #endif                          /* !OPENSSL_NO_EC */
3828     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3829         ctx->ext.servername_arg = parg;
3830         break;
3831     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3832     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3833         {
3834             unsigned char *keys = parg;
3835             long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3836                                 sizeof(ctx->ext.secure->tick_hmac_key) +
3837                                 sizeof(ctx->ext.secure->tick_aes_key));
3838             if (keys == NULL)
3839                 return tick_keylen;
3840             if (larg != tick_keylen) {
3841                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3842                 return 0;
3843             }
3844             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3845                 memcpy(ctx->ext.tick_key_name, keys,
3846                        sizeof(ctx->ext.tick_key_name));
3847                 memcpy(ctx->ext.secure->tick_hmac_key,
3848                        keys + sizeof(ctx->ext.tick_key_name),
3849                        sizeof(ctx->ext.secure->tick_hmac_key));
3850                 memcpy(ctx->ext.secure->tick_aes_key,
3851                        keys + sizeof(ctx->ext.tick_key_name) +
3852                        sizeof(ctx->ext.secure->tick_hmac_key),
3853                        sizeof(ctx->ext.secure->tick_aes_key));
3854             } else {
3855                 memcpy(keys, ctx->ext.tick_key_name,
3856                        sizeof(ctx->ext.tick_key_name));
3857                 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3858                        ctx->ext.secure->tick_hmac_key,
3859                        sizeof(ctx->ext.secure->tick_hmac_key));
3860                 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3861                        sizeof(ctx->ext.secure->tick_hmac_key),
3862                        ctx->ext.secure->tick_aes_key,
3863                        sizeof(ctx->ext.secure->tick_aes_key));
3864             }
3865             return 1;
3866         }
3867 
3868     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3869         return ctx->ext.status_type;
3870 
3871     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3872         ctx->ext.status_type = larg;
3873         break;
3874 
3875     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3876         ctx->ext.status_arg = parg;
3877         return 1;
3878 
3879     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3880         *(void**)parg = ctx->ext.status_arg;
3881         break;
3882 
3883     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3884         *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3885         break;
3886 
3887 #ifndef OPENSSL_NO_SRP
3888     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3889         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3890         OPENSSL_free(ctx->srp_ctx.login);
3891         ctx->srp_ctx.login = NULL;
3892         if (parg == NULL)
3893             break;
3894         if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3895             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3896             return 0;
3897         }
3898         if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3899             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3900             return 0;
3901         }
3902         break;
3903     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3904         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3905             srp_password_from_info_cb;
3906         if (ctx->srp_ctx.info != NULL)
3907             OPENSSL_free(ctx->srp_ctx.info);
3908         if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3909             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3910             return 0;
3911         }
3912         break;
3913     case SSL_CTRL_SET_SRP_ARG:
3914         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3915         ctx->srp_ctx.SRP_cb_arg = parg;
3916         break;
3917 
3918     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3919         ctx->srp_ctx.strength = larg;
3920         break;
3921 #endif
3922 
3923 #ifndef OPENSSL_NO_EC
3924     case SSL_CTRL_SET_GROUPS:
3925         return tls1_set_groups(&ctx->ext.supportedgroups,
3926                                &ctx->ext.supportedgroups_len,
3927                                parg, larg);
3928 
3929     case SSL_CTRL_SET_GROUPS_LIST:
3930         return tls1_set_groups_list(&ctx->ext.supportedgroups,
3931                                     &ctx->ext.supportedgroups_len,
3932                                     parg);
3933 #endif
3934     case SSL_CTRL_SET_SIGALGS:
3935         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3936 
3937     case SSL_CTRL_SET_SIGALGS_LIST:
3938         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3939 
3940     case SSL_CTRL_SET_CLIENT_SIGALGS:
3941         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3942 
3943     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3944         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3945 
3946     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3947         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3948 
3949     case SSL_CTRL_BUILD_CERT_CHAIN:
3950         return ssl_build_cert_chain(NULL, ctx, larg);
3951 
3952     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3953         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3954 
3955     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3956         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3957 
3958     case SSL_CTRL_GET_VERIFY_CERT_STORE:
3959         return ssl_cert_get_cert_store(ctx->cert, parg, 0);
3960 
3961     case SSL_CTRL_GET_CHAIN_CERT_STORE:
3962         return ssl_cert_get_cert_store(ctx->cert, parg, 1);
3963 
3964         /* A Thawte special :-) */
3965     case SSL_CTRL_EXTRA_CHAIN_CERT:
3966         if (ctx->extra_certs == NULL) {
3967             if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3968                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3969                 return 0;
3970             }
3971         }
3972         if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3973             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3974             return 0;
3975         }
3976         break;
3977 
3978     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3979         if (ctx->extra_certs == NULL && larg == 0)
3980             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3981         else
3982             *(STACK_OF(X509) **)parg = ctx->extra_certs;
3983         break;
3984 
3985     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3986         sk_X509_pop_free(ctx->extra_certs, X509_free);
3987         ctx->extra_certs = NULL;
3988         break;
3989 
3990     case SSL_CTRL_CHAIN:
3991         if (larg)
3992             return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3993         else
3994             return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3995 
3996     case SSL_CTRL_CHAIN_CERT:
3997         if (larg)
3998             return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3999         else
4000             return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4001 
4002     case SSL_CTRL_GET_CHAIN_CERTS:
4003         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4004         break;
4005 
4006     case SSL_CTRL_SELECT_CURRENT_CERT:
4007         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4008 
4009     case SSL_CTRL_SET_CURRENT_CERT:
4010         return ssl_cert_set_current(ctx->cert, larg);
4011 
4012     default:
4013         return 0;
4014     }
4015     return 1;
4016 }
4017 
4018 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4019 {
4020     switch (cmd) {
4021 #ifndef OPENSSL_NO_DH
4022     case SSL_CTRL_SET_TMP_DH_CB:
4023         {
4024             ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4025         }
4026         break;
4027 #endif
4028     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4029         ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4030         break;
4031 
4032     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4033         ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4034         break;
4035 
4036     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4037         ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4038                                              unsigned char *,
4039                                              EVP_CIPHER_CTX *,
4040                                              HMAC_CTX *, int))fp;
4041         break;
4042 
4043 #ifndef OPENSSL_NO_SRP
4044     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4045         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4046         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4047         break;
4048     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4049         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4050         ctx->srp_ctx.TLS_ext_srp_username_callback =
4051             (int (*)(SSL *, int *, void *))fp;
4052         break;
4053     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4054         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4055         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4056             (char *(*)(SSL *, void *))fp;
4057         break;
4058 #endif
4059     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4060         {
4061             ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4062         }
4063         break;
4064     default:
4065         return 0;
4066     }
4067     return 1;
4068 }
4069 
4070 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4071 {
4072     SSL_CIPHER c;
4073     const SSL_CIPHER *cp;
4074 
4075     c.id = id;
4076     cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4077     if (cp != NULL)
4078         return cp;
4079     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4080     if (cp != NULL)
4081         return cp;
4082     return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4083 }
4084 
4085 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4086 {
4087     SSL_CIPHER *tbl;
4088     SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4089     size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4090                               SSL3_NUM_SCSVS};
4091 
4092     /* this is not efficient, necessary to optimize this? */
4093     for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4094         for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4095             if (tbl->stdname == NULL)
4096                 continue;
4097             if (strcmp(stdname, tbl->stdname) == 0) {
4098                 return tbl;
4099             }
4100         }
4101     }
4102     return NULL;
4103 }
4104 
4105 /*
4106  * This function needs to check if the ciphers required are actually
4107  * available
4108  */
4109 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4110 {
4111     return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4112                                  | ((uint32_t)p[0] << 8L)
4113                                  | (uint32_t)p[1]);
4114 }
4115 
4116 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4117 {
4118     if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4119         *len = 0;
4120         return 1;
4121     }
4122 
4123     if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4124         return 0;
4125 
4126     *len = 2;
4127     return 1;
4128 }
4129 
4130 /*
4131  * ssl3_choose_cipher - choose a cipher from those offered by the client
4132  * @s: SSL connection
4133  * @clnt: ciphers offered by the client
4134  * @srvr: ciphers enabled on the server?
4135  *
4136  * Returns the selected cipher or NULL when no common ciphers.
4137  */
4138 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4139                                      STACK_OF(SSL_CIPHER) *srvr)
4140 {
4141     const SSL_CIPHER *c, *ret = NULL;
4142     STACK_OF(SSL_CIPHER) *prio, *allow;
4143     int i, ii, ok, prefer_sha256 = 0;
4144     unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4145     const EVP_MD *mdsha256 = EVP_sha256();
4146 #ifndef OPENSSL_NO_CHACHA
4147     STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4148 #endif
4149 
4150     /* Let's see which ciphers we can support */
4151 
4152     /*
4153      * Do not set the compare functions, because this may lead to a
4154      * reordering by "id". We want to keep the original ordering. We may pay
4155      * a price in performance during sk_SSL_CIPHER_find(), but would have to
4156      * pay with the price of sk_SSL_CIPHER_dup().
4157      */
4158 
4159 #ifdef CIPHER_DEBUG
4160     fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4161             (void *)srvr);
4162     for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4163         c = sk_SSL_CIPHER_value(srvr, i);
4164         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4165     }
4166     fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4167             (void *)clnt);
4168     for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4169         c = sk_SSL_CIPHER_value(clnt, i);
4170         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4171     }
4172 #endif
4173 
4174     /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4175     if (tls1_suiteb(s)) {
4176         prio = srvr;
4177         allow = clnt;
4178     } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4179         prio = srvr;
4180         allow = clnt;
4181 #ifndef OPENSSL_NO_CHACHA
4182         /* If ChaCha20 is at the top of the client preference list,
4183            and there are ChaCha20 ciphers in the server list, then
4184            temporarily prioritize all ChaCha20 ciphers in the servers list. */
4185         if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4186             c = sk_SSL_CIPHER_value(clnt, 0);
4187             if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4188                 /* ChaCha20 is client preferred, check server... */
4189                 int num = sk_SSL_CIPHER_num(srvr);
4190                 int found = 0;
4191                 for (i = 0; i < num; i++) {
4192                     c = sk_SSL_CIPHER_value(srvr, i);
4193                     if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4194                         found = 1;
4195                         break;
4196                     }
4197                 }
4198                 if (found) {
4199                     prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4200                     /* if reserve fails, then there's likely a memory issue */
4201                     if (prio_chacha != NULL) {
4202                         /* Put all ChaCha20 at the top, starting with the one we just found */
4203                         sk_SSL_CIPHER_push(prio_chacha, c);
4204                         for (i++; i < num; i++) {
4205                             c = sk_SSL_CIPHER_value(srvr, i);
4206                             if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4207                                 sk_SSL_CIPHER_push(prio_chacha, c);
4208                         }
4209                         /* Pull in the rest */
4210                         for (i = 0; i < num; i++) {
4211                             c = sk_SSL_CIPHER_value(srvr, i);
4212                             if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4213                                 sk_SSL_CIPHER_push(prio_chacha, c);
4214                         }
4215                         prio = prio_chacha;
4216                     }
4217                 }
4218             }
4219         }
4220 # endif
4221     } else {
4222         prio = clnt;
4223         allow = srvr;
4224     }
4225 
4226     if (SSL_IS_TLS13(s)) {
4227 #ifndef OPENSSL_NO_PSK
4228         int j;
4229 
4230         /*
4231          * If we allow "old" style PSK callbacks, and we have no certificate (so
4232          * we're not going to succeed without a PSK anyway), and we're in
4233          * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4234          * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4235          * that.
4236          */
4237         if (s->psk_server_callback != NULL) {
4238             for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4239             if (j == SSL_PKEY_NUM) {
4240                 /* There are no certificates */
4241                 prefer_sha256 = 1;
4242             }
4243         }
4244 #endif
4245     } else {
4246         tls1_set_cert_validity(s);
4247         ssl_set_masks(s);
4248     }
4249 
4250     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4251         c = sk_SSL_CIPHER_value(prio, i);
4252 
4253         /* Skip ciphers not supported by the protocol version */
4254         if (!SSL_IS_DTLS(s) &&
4255             ((s->version < c->min_tls) || (s->version > c->max_tls)))
4256             continue;
4257         if (SSL_IS_DTLS(s) &&
4258             (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4259              DTLS_VERSION_GT(s->version, c->max_dtls)))
4260             continue;
4261 
4262         /*
4263          * Since TLS 1.3 ciphersuites can be used with any auth or
4264          * key exchange scheme skip tests.
4265          */
4266         if (!SSL_IS_TLS13(s)) {
4267             mask_k = s->s3->tmp.mask_k;
4268             mask_a = s->s3->tmp.mask_a;
4269 #ifndef OPENSSL_NO_SRP
4270             if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4271                 mask_k |= SSL_kSRP;
4272                 mask_a |= SSL_aSRP;
4273             }
4274 #endif
4275 
4276             alg_k = c->algorithm_mkey;
4277             alg_a = c->algorithm_auth;
4278 
4279 #ifndef OPENSSL_NO_PSK
4280             /* with PSK there must be server callback set */
4281             if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4282                 continue;
4283 #endif                          /* OPENSSL_NO_PSK */
4284 
4285             ok = (alg_k & mask_k) && (alg_a & mask_a);
4286 #ifdef CIPHER_DEBUG
4287             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4288                     alg_a, mask_k, mask_a, (void *)c, c->name);
4289 #endif
4290 
4291 #ifndef OPENSSL_NO_EC
4292             /*
4293              * if we are considering an ECC cipher suite that uses an ephemeral
4294              * EC key check it
4295              */
4296             if (alg_k & SSL_kECDHE)
4297                 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4298 #endif                          /* OPENSSL_NO_EC */
4299 
4300             if (!ok)
4301                 continue;
4302         }
4303         ii = sk_SSL_CIPHER_find(allow, c);
4304         if (ii >= 0) {
4305             /* Check security callback permits this cipher */
4306             if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4307                               c->strength_bits, 0, (void *)c))
4308                 continue;
4309 #if !defined(OPENSSL_NO_EC)
4310             if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4311                 && s->s3->is_probably_safari) {
4312                 if (!ret)
4313                     ret = sk_SSL_CIPHER_value(allow, ii);
4314                 continue;
4315             }
4316 #endif
4317             if (prefer_sha256) {
4318                 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4319 
4320                 if (ssl_md(tmp->algorithm2) == mdsha256) {
4321                     ret = tmp;
4322                     break;
4323                 }
4324                 if (ret == NULL)
4325                     ret = tmp;
4326                 continue;
4327             }
4328             ret = sk_SSL_CIPHER_value(allow, ii);
4329             break;
4330         }
4331     }
4332 #ifndef OPENSSL_NO_CHACHA
4333     sk_SSL_CIPHER_free(prio_chacha);
4334 #endif
4335     return ret;
4336 }
4337 
4338 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4339 {
4340     uint32_t alg_k, alg_a = 0;
4341 
4342     /* If we have custom certificate types set, use them */
4343     if (s->cert->ctype)
4344         return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4345     /* Get mask of algorithms disabled by signature list */
4346     ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4347 
4348     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4349 
4350 #ifndef OPENSSL_NO_GOST
4351     if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4352             return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4353                     && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4354                     && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4355 #endif
4356 
4357     if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4358 #ifndef OPENSSL_NO_DH
4359 # ifndef OPENSSL_NO_RSA
4360         if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4361             return 0;
4362 # endif
4363 # ifndef OPENSSL_NO_DSA
4364         if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4365             return 0;
4366 # endif
4367 #endif                          /* !OPENSSL_NO_DH */
4368     }
4369 #ifndef OPENSSL_NO_RSA
4370     if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4371         return 0;
4372 #endif
4373 #ifndef OPENSSL_NO_DSA
4374     if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4375         return 0;
4376 #endif
4377 #ifndef OPENSSL_NO_EC
4378     /*
4379      * ECDSA certs can be used with RSA cipher suites too so we don't
4380      * need to check for SSL_kECDH or SSL_kECDHE
4381      */
4382     if (s->version >= TLS1_VERSION
4383             && !(alg_a & SSL_aECDSA)
4384             && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4385         return 0;
4386 #endif
4387     return 1;
4388 }
4389 
4390 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4391 {
4392     OPENSSL_free(c->ctype);
4393     c->ctype = NULL;
4394     c->ctype_len = 0;
4395     if (p == NULL || len == 0)
4396         return 1;
4397     if (len > 0xff)
4398         return 0;
4399     c->ctype = OPENSSL_memdup(p, len);
4400     if (c->ctype == NULL)
4401         return 0;
4402     c->ctype_len = len;
4403     return 1;
4404 }
4405 
4406 int ssl3_shutdown(SSL *s)
4407 {
4408     int ret;
4409 
4410     /*
4411      * Don't do anything much if we have not done the handshake or we don't
4412      * want to send messages :-)
4413      */
4414     if (s->quiet_shutdown || SSL_in_before(s)) {
4415         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4416         return 1;
4417     }
4418 
4419     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4420         s->shutdown |= SSL_SENT_SHUTDOWN;
4421         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4422         /*
4423          * our shutdown alert has been sent now, and if it still needs to be
4424          * written, s->s3->alert_dispatch will be true
4425          */
4426         if (s->s3->alert_dispatch)
4427             return -1;        /* return WANT_WRITE */
4428     } else if (s->s3->alert_dispatch) {
4429         /* resend it if not sent */
4430         ret = s->method->ssl_dispatch_alert(s);
4431         if (ret == -1) {
4432             /*
4433              * we only get to return -1 here the 2nd/Nth invocation, we must
4434              * have already signalled return 0 upon a previous invocation,
4435              * return WANT_WRITE
4436              */
4437             return ret;
4438         }
4439     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4440         size_t readbytes;
4441         /*
4442          * If we are waiting for a close from our peer, we are closed
4443          */
4444         s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4445         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4446             return -1;        /* return WANT_READ */
4447         }
4448     }
4449 
4450     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4451         !s->s3->alert_dispatch)
4452         return 1;
4453     else
4454         return 0;
4455 }
4456 
4457 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4458 {
4459     clear_sys_error();
4460     if (s->s3->renegotiate)
4461         ssl3_renegotiate_check(s, 0);
4462 
4463     return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4464                                       written);
4465 }
4466 
4467 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4468                               size_t *readbytes)
4469 {
4470     int ret;
4471 
4472     clear_sys_error();
4473     if (s->s3->renegotiate)
4474         ssl3_renegotiate_check(s, 0);
4475     s->s3->in_read_app_data = 1;
4476     ret =
4477         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4478                                   peek, readbytes);
4479     if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4480         /*
4481          * ssl3_read_bytes decided to call s->handshake_func, which called
4482          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4483          * actually found application data and thinks that application data
4484          * makes sense here; so disable handshake processing and try to read
4485          * application data again.
4486          */
4487         ossl_statem_set_in_handshake(s, 1);
4488         ret =
4489             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4490                                       len, peek, readbytes);
4491         ossl_statem_set_in_handshake(s, 0);
4492     } else
4493         s->s3->in_read_app_data = 0;
4494 
4495     return ret;
4496 }
4497 
4498 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4499 {
4500     return ssl3_read_internal(s, buf, len, 0, readbytes);
4501 }
4502 
4503 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4504 {
4505     return ssl3_read_internal(s, buf, len, 1, readbytes);
4506 }
4507 
4508 int ssl3_renegotiate(SSL *s)
4509 {
4510     if (s->handshake_func == NULL)
4511         return 1;
4512 
4513     s->s3->renegotiate = 1;
4514     return 1;
4515 }
4516 
4517 /*
4518  * Check if we are waiting to do a renegotiation and if so whether now is a
4519  * good time to do it. If |initok| is true then we are being called from inside
4520  * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4521  * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4522  * should do a renegotiation now and sets up the state machine for it. Otherwise
4523  * returns 0.
4524  */
4525 int ssl3_renegotiate_check(SSL *s, int initok)
4526 {
4527     int ret = 0;
4528 
4529     if (s->s3->renegotiate) {
4530         if (!RECORD_LAYER_read_pending(&s->rlayer)
4531             && !RECORD_LAYER_write_pending(&s->rlayer)
4532             && (initok || !SSL_in_init(s))) {
4533             /*
4534              * if we are the server, and we have sent a 'RENEGOTIATE'
4535              * message, we need to set the state machine into the renegotiate
4536              * state.
4537              */
4538             ossl_statem_set_renegotiate(s);
4539             s->s3->renegotiate = 0;
4540             s->s3->num_renegotiations++;
4541             s->s3->total_renegotiations++;
4542             ret = 1;
4543         }
4544     }
4545     return ret;
4546 }
4547 
4548 /*
4549  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4550  * handshake macs if required.
4551  *
4552  * If PSK and using SHA384 for TLS < 1.2 switch to default.
4553  */
4554 long ssl_get_algorithm2(SSL *s)
4555 {
4556     long alg2;
4557     if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4558         return -1;
4559     alg2 = s->s3->tmp.new_cipher->algorithm2;
4560     if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4561         if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4562             return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4563     } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4564         if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4565             return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4566     }
4567     return alg2;
4568 }
4569 
4570 /*
4571  * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4572  * failure, 1 on success.
4573  */
4574 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4575                           DOWNGRADE dgrd)
4576 {
4577     int send_time = 0, ret;
4578 
4579     if (len < 4)
4580         return 0;
4581     if (server)
4582         send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4583     else
4584         send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4585     if (send_time) {
4586         unsigned long Time = (unsigned long)time(NULL);
4587         unsigned char *p = result;
4588 
4589         l2n(Time, p);
4590         ret = RAND_bytes(p, len - 4);
4591     } else {
4592         ret = RAND_bytes(result, len);
4593     }
4594 
4595     if (ret > 0) {
4596         if (!ossl_assert(sizeof(tls11downgrade) < len)
4597                 || !ossl_assert(sizeof(tls12downgrade) < len))
4598              return 0;
4599         if (dgrd == DOWNGRADE_TO_1_2)
4600             memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4601                    sizeof(tls12downgrade));
4602         else if (dgrd == DOWNGRADE_TO_1_1)
4603             memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4604                    sizeof(tls11downgrade));
4605     }
4606 
4607     return ret;
4608 }
4609 
4610 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4611                                int free_pms)
4612 {
4613     unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4614     int ret = 0;
4615 
4616     if (alg_k & SSL_PSK) {
4617 #ifndef OPENSSL_NO_PSK
4618         unsigned char *pskpms, *t;
4619         size_t psklen = s->s3->tmp.psklen;
4620         size_t pskpmslen;
4621 
4622         /* create PSK premaster_secret */
4623 
4624         /* For plain PSK "other_secret" is psklen zeroes */
4625         if (alg_k & SSL_kPSK)
4626             pmslen = psklen;
4627 
4628         pskpmslen = 4 + pmslen + psklen;
4629         pskpms = OPENSSL_malloc(pskpmslen);
4630         if (pskpms == NULL)
4631             goto err;
4632         t = pskpms;
4633         s2n(pmslen, t);
4634         if (alg_k & SSL_kPSK)
4635             memset(t, 0, pmslen);
4636         else
4637             memcpy(t, pms, pmslen);
4638         t += pmslen;
4639         s2n(psklen, t);
4640         memcpy(t, s->s3->tmp.psk, psklen);
4641 
4642         OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4643         s->s3->tmp.psk = NULL;
4644         s->s3->tmp.psklen = 0;
4645         if (!s->method->ssl3_enc->generate_master_secret(s,
4646                     s->session->master_key, pskpms, pskpmslen,
4647                     &s->session->master_key_length)) {
4648             OPENSSL_clear_free(pskpms, pskpmslen);
4649             /* SSLfatal() already called */
4650             goto err;
4651         }
4652         OPENSSL_clear_free(pskpms, pskpmslen);
4653 #else
4654         /* Should never happen */
4655         goto err;
4656 #endif
4657     } else {
4658         if (!s->method->ssl3_enc->generate_master_secret(s,
4659                 s->session->master_key, pms, pmslen,
4660                 &s->session->master_key_length)) {
4661             /* SSLfatal() already called */
4662             goto err;
4663         }
4664     }
4665 
4666     ret = 1;
4667  err:
4668     if (pms) {
4669         if (free_pms)
4670             OPENSSL_clear_free(pms, pmslen);
4671         else
4672             OPENSSL_cleanse(pms, pmslen);
4673     }
4674     if (s->server == 0) {
4675         s->s3->tmp.pms = NULL;
4676         s->s3->tmp.pmslen = 0;
4677     }
4678     return ret;
4679 }
4680 
4681 /* Generate a private key from parameters */
4682 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4683 {
4684     EVP_PKEY_CTX *pctx = NULL;
4685     EVP_PKEY *pkey = NULL;
4686 
4687     if (pm == NULL)
4688         return NULL;
4689     pctx = EVP_PKEY_CTX_new(pm, NULL);
4690     if (pctx == NULL)
4691         goto err;
4692     if (EVP_PKEY_keygen_init(pctx) <= 0)
4693         goto err;
4694     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4695         EVP_PKEY_free(pkey);
4696         pkey = NULL;
4697     }
4698 
4699     err:
4700     EVP_PKEY_CTX_free(pctx);
4701     return pkey;
4702 }
4703 #ifndef OPENSSL_NO_EC
4704 /* Generate a private key from a group ID */
4705 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4706 {
4707     EVP_PKEY_CTX *pctx = NULL;
4708     EVP_PKEY *pkey = NULL;
4709     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4710     uint16_t gtype;
4711 
4712     if (ginf == NULL) {
4713         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4714                  ERR_R_INTERNAL_ERROR);
4715         goto err;
4716     }
4717     gtype = ginf->flags & TLS_CURVE_TYPE;
4718     if (gtype == TLS_CURVE_CUSTOM)
4719         pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4720     else
4721         pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4722     if (pctx == NULL) {
4723         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4724                  ERR_R_MALLOC_FAILURE);
4725         goto err;
4726     }
4727     if (EVP_PKEY_keygen_init(pctx) <= 0) {
4728         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4729                  ERR_R_EVP_LIB);
4730         goto err;
4731     }
4732     if (gtype != TLS_CURVE_CUSTOM
4733             && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4734         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4735                  ERR_R_EVP_LIB);
4736         goto err;
4737     }
4738     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4739         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4740                  ERR_R_EVP_LIB);
4741         EVP_PKEY_free(pkey);
4742         pkey = NULL;
4743     }
4744 
4745  err:
4746     EVP_PKEY_CTX_free(pctx);
4747     return pkey;
4748 }
4749 
4750 /*
4751  * Generate parameters from a group ID
4752  */
4753 EVP_PKEY *ssl_generate_param_group(uint16_t id)
4754 {
4755     EVP_PKEY_CTX *pctx = NULL;
4756     EVP_PKEY *pkey = NULL;
4757     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4758 
4759     if (ginf == NULL)
4760         goto err;
4761 
4762     if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4763         pkey = EVP_PKEY_new();
4764         if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4765             return pkey;
4766         EVP_PKEY_free(pkey);
4767         return NULL;
4768     }
4769 
4770     pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4771     if (pctx == NULL)
4772         goto err;
4773     if (EVP_PKEY_paramgen_init(pctx) <= 0)
4774         goto err;
4775     if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4776         goto err;
4777     if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4778         EVP_PKEY_free(pkey);
4779         pkey = NULL;
4780     }
4781 
4782  err:
4783     EVP_PKEY_CTX_free(pctx);
4784     return pkey;
4785 }
4786 #endif
4787 
4788 /* Derive secrets for ECDH/DH */
4789 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4790 {
4791     int rv = 0;
4792     unsigned char *pms = NULL;
4793     size_t pmslen = 0;
4794     EVP_PKEY_CTX *pctx;
4795 
4796     if (privkey == NULL || pubkey == NULL) {
4797         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4798                  ERR_R_INTERNAL_ERROR);
4799         return 0;
4800     }
4801 
4802     pctx = EVP_PKEY_CTX_new(privkey, NULL);
4803 
4804     if (EVP_PKEY_derive_init(pctx) <= 0
4805         || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4806         || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4807         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4808                  ERR_R_INTERNAL_ERROR);
4809         goto err;
4810     }
4811 
4812     pms = OPENSSL_malloc(pmslen);
4813     if (pms == NULL) {
4814         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4815                  ERR_R_MALLOC_FAILURE);
4816         goto err;
4817     }
4818 
4819     if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4820         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4821                  ERR_R_INTERNAL_ERROR);
4822         goto err;
4823     }
4824 
4825     if (gensecret) {
4826         /* SSLfatal() called as appropriate in the below functions */
4827         if (SSL_IS_TLS13(s)) {
4828             /*
4829              * If we are resuming then we already generated the early secret
4830              * when we created the ClientHello, so don't recreate it.
4831              */
4832             if (!s->hit)
4833                 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4834                                            0,
4835                                            (unsigned char *)&s->early_secret);
4836             else
4837                 rv = 1;
4838 
4839             rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4840         } else {
4841             rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4842         }
4843     } else {
4844         /* Save premaster secret */
4845         s->s3->tmp.pms = pms;
4846         s->s3->tmp.pmslen = pmslen;
4847         pms = NULL;
4848         rv = 1;
4849     }
4850 
4851  err:
4852     OPENSSL_clear_free(pms, pmslen);
4853     EVP_PKEY_CTX_free(pctx);
4854     return rv;
4855 }
4856 
4857 #ifndef OPENSSL_NO_DH
4858 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4859 {
4860     EVP_PKEY *ret;
4861     if (dh == NULL)
4862         return NULL;
4863     ret = EVP_PKEY_new();
4864     if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4865         EVP_PKEY_free(ret);
4866         return NULL;
4867     }
4868     return ret;
4869 }
4870 #endif
4871