[openssl-commits] [openssl] master update
paul.dale at oracle.com
paul.dale at oracle.com
Thu Jul 20 21:21:00 UTC 2017
The branch master has been updated
via bbb4ceb86eb6ea0300f744443c36fb6e980fff9d (commit)
from b8a437ffa09bbf22c04a55015a6d2743cd0b7529 (commit)
- Log -----------------------------------------------------------------
commit bbb4ceb86eb6ea0300f744443c36fb6e980fff9d
Author: Paul Yang <yang.yang at baishancloud.com>
Date: Fri Jun 30 03:06:19 2017 +0800
Support converting cipher name to RFC name and vice versa
Fixes: issue #3747
make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.
A new option '-convert' is also added to 'openssl ciphers' app.
Documentation and test cases are added.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3859)
-----------------------------------------------------------------------
Summary of changes:
apps/ciphers.c | 23 +-
doc/man1/ciphers.pod | 13 +-
doc/man3/SSL_CIPHER_get_name.pod | 18 +
include/openssl/ssl.h | 3 +-
include/openssl/ssl3.h | 14 +-
include/openssl/tls1.h | 167 +++++++-
ssl/s3_lib.c | 206 +++++++++
ssl/ssl_ciph.c | 263 ++++++------
ssl/ssl_locl.h | 4 +-
ssl/statem/statem_clnt.c | 4 +-
ssl/t1_trce.c | 7 +-
test/build.info | 6 +-
test/ciphername_test.c | 469 +++++++++++++++++++++
...{80-test_cipherbytes.t => 80-test_ciphername.t} | 5 +-
util/libssl.num | 3 +-
15 files changed, 1059 insertions(+), 146 deletions(-)
create mode 100644 test/ciphername_test.c
copy test/recipes/{80-test_cipherbytes.t => 80-test_ciphername.t} (84%)
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 3cbcc5e..83cdb55 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -17,6 +17,7 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STDNAME,
+ OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
@@ -47,15 +48,14 @@ const OPTIONS ciphers_options[] = {
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
#endif
-#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
-#endif
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
+ {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{NULL}
};
@@ -82,9 +82,7 @@ int ciphers_main(int argc, char **argv)
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
-#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
-#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
@@ -92,7 +90,7 @@ int ciphers_main(int argc, char **argv)
int srp = 0;
#endif
const char *p;
- char *ciphers = NULL, *prog;
+ char *ciphers = NULL, *prog, *convert = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
@@ -119,9 +117,10 @@ int ciphers_main(int argc, char **argv)
use_supported = 1;
break;
case OPT_STDNAME:
-#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
-#endif
+ break;
+ case OPT_CONVERT:
+ convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
@@ -163,6 +162,12 @@ int ciphers_main(int argc, char **argv)
else if (argc != 0)
goto opthelp;
+ if (convert != NULL) {
+ BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
+ OPENSSL_cipher_name(convert));
+ goto end;
+ }
+
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
@@ -225,14 +230,12 @@ int ciphers_main(int argc, char **argv)
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
-#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
-#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
@@ -246,5 +249,5 @@ int ciphers_main(int argc, char **argv)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
- return (ret);
+ return ret;
}
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 4774a54..0875a87 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -20,6 +20,7 @@ B<openssl> B<ciphers>
[B<-psk>]
[B<-srp>]
[B<-stdname>]
+[B<-convert name>]
[B<cipherlist>]
=head1 DESCRIPTION
@@ -97,8 +98,11 @@ TLSv1.1 were negotiated.
=item B<-stdname>
-Precede each cipher suite by its standard name: only available is OpenSSL
-is built with tracing enabled (B<enable-ssl-trace> argument to Configure).
+Precede each cipher suite by its standard name.
+
+=item B<-convert name>
+
+Convert a standard cipher B<name> to its OpenSSL name.
=item B<cipherlist>
@@ -752,6 +756,11 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(7)>
The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
+The B<-stdname> is only available if OpenSSL is built with tracing enabled
+(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
+
+The B<-convert> was added in OpenSSL 1.1.1.
+
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod
index 157c162..691f9f4 100644
--- a/doc/man3/SSL_CIPHER_get_name.pod
+++ b/doc/man3/SSL_CIPHER_get_name.pod
@@ -3,6 +3,8 @@
=head1 NAME
SSL_CIPHER_get_name,
+SSL_CIPHER_standard_name,
+OPENSSL_cipher_name,
SSL_CIPHER_get_bits,
SSL_CIPHER_get_version,
SSL_CIPHER_description,
@@ -19,6 +21,8 @@ SSL_CIPHER_is_aead
#include <openssl/ssl.h>
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+ const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+ const char *OPENSSL_cipher_name(const char *stdname);
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
@@ -34,6 +38,14 @@ SSL_CIPHER_is_aead
SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
B<cipher> is NULL, it returns "(NONE)".
+SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of
+B<cipher>. If the B<cipher> is NULL, it returns "(NONE)". If the B<cipher>
+has no standard name, it returns B<NULL>.
+
+OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B<stdname>.
+If the B<stdname> is NULL, or B<stdname> has no corresponding OpenSSL name,
+it returns "(NONE)".
+
SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>.
If B<cipher> is NULL, 0 is returned.
@@ -127,6 +139,12 @@ rather than a fixed string, in OpenSSL 1.1.0.
SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1.
+SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before
+OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was
+required to enable this function.
+
+OPENSSL_cipher_name() was added in OpenSSL 1.1.1.
+
=head1 SEE ALSO
L<ssl(7)>, L<SSL_get_current_cipher(3)>,
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5d8442c..5dd210d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1434,6 +1434,8 @@ __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
@@ -2034,7 +2036,6 @@ int SSL_CTX_config(SSL_CTX *ctx, const char *name);
# ifndef OPENSSL_NO_SSL_TRACE
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
-__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
# endif
# ifndef OPENSSL_NO_SOCK
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 0bdd7ed..67e5c09 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -69,6 +69,18 @@ extern "C" {
# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define SSL3_RFC_RSA_NULL_MD5 "SSL_RSA_WITH_NULL_MD5"
+# define SSL3_RFC_RSA_NULL_SHA "SSL_RSA_WITH_NULL_SHA"
+# define SSL3_RFC_RSA_DES_192_CBC3_SHA "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_ADH_DES_192_CBC_SHA "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_RSA_IDEA_128_SHA "SSL_RSA_WITH_IDEA_CBC_SHA"
+# define SSL3_RFC_RSA_RC4_128_MD5 "SSL_RSA_WITH_RC4_128_MD5"
+# define SSL3_RFC_RSA_RC4_128_SHA "SSL_RSA_WITH_RC4_128_SHA"
+# define SSL3_RFC_ADH_RC4_128_MD5 "SSL_DH_anon_WITH_RC4_128_MD5"
+
# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index d929099..3ee0cad 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -598,6 +598,171 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
+# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
+# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
+# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA"
+
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
* ciphers names with "EDH" instead of "DHE". Going forward, we should be
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c3adc87..3e70bce 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -41,6 +41,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_NULL_MD5,
+ SSL3_RFC_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA,
SSL_aRSA,
@@ -56,6 +57,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_NULL_SHA,
+ SSL3_RFC_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -72,6 +74,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
+ SSL3_RFC_RSA_DES_192_CBC3_SHA,
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -87,6 +90,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+ SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
SSL_kDHE,
SSL_aDSS,
@@ -102,6 +106,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+ SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
SSL_kDHE,
SSL_aRSA,
@@ -117,6 +122,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
+ SSL3_RFC_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
@@ -133,6 +139,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
+ TLS1_RFC_RSA_WITH_AES_128_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -148,6 +155,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aDSS,
@@ -163,6 +171,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aRSA,
@@ -178,6 +187,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
+ TLS1_RFC_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
SSL_kDHE,
SSL_aNULL,
@@ -193,6 +203,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA,
+ TLS1_RFC_RSA_WITH_AES_256_SHA,
TLS1_CK_RSA_WITH_AES_256_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -208,6 +219,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aDSS,
@@ -223,6 +235,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aRSA,
@@ -238,6 +251,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA,
+ TLS1_RFC_ADH_WITH_AES_256_SHA,
TLS1_CK_ADH_WITH_AES_256_SHA,
SSL_kDHE,
SSL_aNULL,
@@ -253,6 +267,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_NULL_SHA256,
+ TLS1_RFC_RSA_WITH_NULL_SHA256,
TLS1_CK_RSA_WITH_NULL_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -268,6 +283,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_RSA_WITH_AES_128_SHA256,
TLS1_CK_RSA_WITH_AES_128_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -283,6 +299,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_256_SHA256,
+ TLS1_RFC_RSA_WITH_AES_256_SHA256,
TLS1_CK_RSA_WITH_AES_256_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -298,6 +315,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aDSS,
@@ -313,6 +331,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aRSA,
@@ -328,6 +347,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aDSS,
@@ -343,6 +363,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aRSA,
@@ -358,6 +379,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_AES_128_SHA256,
+ TLS1_RFC_ADH_WITH_AES_128_SHA256,
TLS1_CK_ADH_WITH_AES_128_SHA256,
SSL_kDHE,
SSL_aNULL,
@@ -373,6 +395,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_AES_256_SHA256,
+ TLS1_RFC_ADH_WITH_AES_256_SHA256,
TLS1_CK_ADH_WITH_AES_256_SHA256,
SSL_kDHE,
SSL_aNULL,
@@ -388,6 +411,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -403,6 +427,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
SSL_kRSA,
SSL_aRSA,
@@ -418,6 +443,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aRSA,
@@ -433,6 +459,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aRSA,
@@ -448,6 +475,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aDSS,
@@ -463,6 +491,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aDSS,
@@ -478,6 +507,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
SSL_kDHE,
SSL_aNULL,
@@ -493,6 +523,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
SSL_kDHE,
SSL_aNULL,
@@ -508,6 +539,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_RFC_RSA_WITH_AES_128_CCM,
TLS1_CK_RSA_WITH_AES_128_CCM,
SSL_kRSA,
SSL_aRSA,
@@ -523,6 +555,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_RFC_RSA_WITH_AES_256_CCM,
TLS1_CK_RSA_WITH_AES_256_CCM,
SSL_kRSA,
SSL_aRSA,
@@ -538,6 +571,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
SSL_kDHE,
SSL_aRSA,
@@ -553,6 +587,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
SSL_kDHE,
SSL_aRSA,
@@ -568,6 +603,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_RSA_WITH_AES_128_CCM_8,
TLS1_CK_RSA_WITH_AES_128_CCM_8,
SSL_kRSA,
SSL_aRSA,
@@ -583,6 +619,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_RSA_WITH_AES_256_CCM_8,
TLS1_CK_RSA_WITH_AES_256_CCM_8,
SSL_kRSA,
SSL_aRSA,
@@ -598,6 +635,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
SSL_kDHE,
SSL_aRSA,
@@ -613,6 +651,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
SSL_kDHE,
SSL_aRSA,
@@ -628,6 +667,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_RFC_PSK_WITH_AES_128_CCM,
TLS1_CK_PSK_WITH_AES_128_CCM,
SSL_kPSK,
SSL_aPSK,
@@ -643,6 +683,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_RFC_PSK_WITH_AES_256_CCM,
TLS1_CK_PSK_WITH_AES_256_CCM,
SSL_kPSK,
SSL_aPSK,
@@ -658,6 +699,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
SSL_kDHEPSK,
SSL_aPSK,
@@ -673,6 +715,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
SSL_kDHEPSK,
SSL_aPSK,
@@ -688,6 +731,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_RFC_PSK_WITH_AES_128_CCM_8,
TLS1_CK_PSK_WITH_AES_128_CCM_8,
SSL_kPSK,
SSL_aPSK,
@@ -703,6 +747,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_RFC_PSK_WITH_AES_256_CCM_8,
TLS1_CK_PSK_WITH_AES_256_CCM_8,
SSL_kPSK,
SSL_aPSK,
@@ -718,6 +763,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
@@ -733,6 +779,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
@@ -748,6 +795,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
SSL_kECDHE,
SSL_aECDSA,
@@ -763,6 +811,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
SSL_kECDHE,
SSL_aECDSA,
@@ -778,6 +827,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
@@ -793,6 +843,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
@@ -808,6 +859,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_3_TXT_AES_128_GCM_SHA256,
+ TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
0, 0,
SSL_AES128GCM,
@@ -823,6 +875,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_3_TXT_AES_256_GCM_SHA384,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
TLS1_3_CK_AES_256_GCM_SHA384,
SSL_kANY,
SSL_aANY,
@@ -839,6 +892,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
SSL_kANY,
SSL_aANY,
@@ -855,6 +909,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_3_TXT_AES_128_CCM_SHA256,
+ TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_CK_AES_128_CCM_SHA256,
SSL_kANY,
SSL_aANY,
@@ -870,6 +925,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_3_TXT_AES_128_CCM_8_SHA256,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
TLS1_3_CK_AES_128_CCM_8_SHA256,
SSL_kANY,
SSL_aANY,
@@ -887,6 +943,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -903,6 +960,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -919,6 +977,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -934,6 +993,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -949,6 +1009,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -965,6 +1026,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -981,6 +1043,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -996,6 +1059,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -1011,6 +1075,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
SSL_kECDHE,
SSL_aNULL,
@@ -1027,6 +1092,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
SSL_kECDHE,
SSL_aNULL,
@@ -1043,6 +1109,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aNULL,
@@ -1058,6 +1125,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aNULL,
@@ -1073,6 +1141,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aECDSA,
@@ -1088,6 +1157,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aECDSA,
@@ -1103,6 +1173,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aRSA,
@@ -1118,6 +1189,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aRSA,
@@ -1133,6 +1205,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aECDSA,
@@ -1148,6 +1221,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aECDSA,
@@ -1163,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aRSA,
@@ -1178,6 +1253,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aRSA,
@@ -1196,6 +1272,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA,
+ TLS1_RFC_PSK_WITH_NULL_SHA,
TLS1_CK_PSK_WITH_NULL_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -1211,6 +1288,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
TLS1_CK_DHE_PSK_WITH_NULL_SHA,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1226,6 +1304,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
TLS1_CK_RSA_PSK_WITH_NULL_SHA,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1242,6 +1321,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -1258,6 +1338,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -1273,6 +1354,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -1289,6 +1371,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1305,6 +1388,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1320,6 +1404,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1336,6 +1421,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1352,6 +1438,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1367,6 +1454,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1382,6 +1470,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
SSL_kPSK,
SSL_aPSK,
@@ -1397,6 +1486,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
SSL_kPSK,
SSL_aPSK,
@@ -1412,6 +1502,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1427,6 +1518,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1442,6 +1534,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1457,6 +1550,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1472,6 +1566,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
@@ -1487,6 +1582,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
SSL_kPSK,
SSL_aPSK,
@@ -1502,6 +1598,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_PSK_WITH_NULL_SHA256,
TLS1_CK_PSK_WITH_NULL_SHA256,
SSL_kPSK,
SSL_aPSK,
@@ -1517,6 +1614,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_PSK_WITH_NULL_SHA384,
TLS1_CK_PSK_WITH_NULL_SHA384,
SSL_kPSK,
SSL_aPSK,
@@ -1532,6 +1630,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1547,6 +1646,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1562,6 +1662,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1577,6 +1678,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
@@ -1592,6 +1694,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1607,6 +1710,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1622,6 +1726,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1637,6 +1742,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
@@ -1654,6 +1760,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1670,6 +1777,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1685,6 +1793,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1700,6 +1809,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1715,6 +1825,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1730,6 +1841,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1745,6 +1857,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1760,6 +1873,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -1780,6 +1894,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
@@ -1795,6 +1910,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
@@ -1810,6 +1926,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
@@ -1826,6 +1943,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
@@ -1841,6 +1959,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
@@ -1856,6 +1975,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
@@ -1871,6 +1991,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aSRP,
@@ -1886,6 +2007,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aRSA,
@@ -1901,6 +2023,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+ TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
SSL_kSRP,
SSL_aDSS,
@@ -1920,6 +2043,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kDHE,
SSL_aRSA,
@@ -1938,6 +2062,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aRSA,
@@ -1953,6 +2078,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
SSL_kECDHE,
SSL_aECDSA,
@@ -1971,6 +2097,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
SSL_kPSK,
SSL_aPSK,
@@ -1986,6 +2113,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -2001,6 +2129,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
SSL_kDHEPSK,
SSL_aPSK,
@@ -2016,6 +2145,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+ TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
SSL_kRSAPSK,
SSL_aRSA,
@@ -2036,6 +2166,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -2051,6 +2182,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aDSS,
@@ -2066,6 +2198,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aRSA,
@@ -2081,6 +2214,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kEDH,
SSL_aNULL,
@@ -2096,6 +2230,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -2111,6 +2246,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aDSS,
@@ -2126,6 +2262,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aRSA,
@@ -2141,6 +2278,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+ TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kEDH,
SSL_aNULL,
@@ -2156,6 +2294,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -2171,6 +2310,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aDSS,
@@ -2186,6 +2326,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aRSA,
@@ -2201,6 +2342,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
@@ -2216,6 +2358,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -2231,6 +2374,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aDSS,
@@ -2246,6 +2390,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aRSA,
@@ -2261,6 +2406,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHE,
SSL_aNULL,
@@ -2278,6 +2424,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
SSL_aECDSA,
@@ -2293,6 +2440,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHE,
SSL_aECDSA,
@@ -2308,6 +2456,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHE,
SSL_aRSA,
@@ -2323,6 +2472,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHE,
SSL_aRSA,
@@ -2341,6 +2491,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
@@ -2356,6 +2507,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kPSK,
SSL_aPSK,
@@ -2371,6 +2523,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kDHEPSK,
SSL_aPSK,
@@ -2386,6 +2539,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kDHEPSK,
SSL_aPSK,
@@ -2401,6 +2555,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kRSAPSK,
SSL_aRSA,
@@ -2416,6 +2571,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kRSAPSK,
SSL_aRSA,
@@ -2431,6 +2587,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -2446,6 +2603,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -2466,6 +2624,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
"GOST2001-GOST89-GOST89",
+ "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
0x3000081,
SSL_kGOST,
SSL_aGOST01,
@@ -2481,6 +2640,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
"GOST2001-NULL-GOST94",
+ "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
0x3000083,
SSL_kGOST,
SSL_aGOST01,
@@ -2496,6 +2656,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
"GOST2012-GOST8912-GOST8912",
+ NULL,
0x0300ff85,
SSL_kGOST,
SSL_aGOST12 | SSL_aGOST01,
@@ -2511,6 +2672,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
"GOST2012-NULL-GOST12",
+ NULL,
0x0300ff87,
SSL_kGOST,
SSL_aGOST12 | SSL_aGOST01,
@@ -2529,6 +2691,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
+ SSL3_RFC_RSA_IDEA_128_SHA,
SSL3_CK_RSA_IDEA_128_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -2547,6 +2710,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_WITH_SEED_SHA,
+ TLS1_RFC_RSA_WITH_SEED_SHA,
TLS1_CK_RSA_WITH_SEED_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -2562,6 +2726,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+ TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
TLS1_CK_DHE_DSS_WITH_SEED_SHA,
SSL_kDHE,
SSL_aDSS,
@@ -2577,6 +2742,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+ TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
TLS1_CK_DHE_RSA_WITH_SEED_SHA,
SSL_kDHE,
SSL_aRSA,
@@ -2592,6 +2758,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ADH_WITH_SEED_SHA,
+ TLS1_RFC_ADH_WITH_SEED_SHA,
TLS1_CK_ADH_WITH_SEED_SHA,
SSL_kDHE,
SSL_aNULL,
@@ -2610,6 +2777,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
+ SSL3_RFC_RSA_RC4_128_MD5,
SSL3_CK_RSA_RC4_128_MD5,
SSL_kRSA,
SSL_aRSA,
@@ -2625,6 +2793,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_RC4_128_SHA,
+ SSL3_RFC_RSA_RC4_128_SHA,
SSL3_CK_RSA_RC4_128_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -2640,6 +2809,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
+ SSL3_RFC_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
SSL_kDHE,
SSL_aNULL,
@@ -2657,6 +2827,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
SSL_kECDHEPSK,
SSL_aPSK,
@@ -2672,6 +2843,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aNULL,
@@ -2687,6 +2859,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -2702,6 +2875,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -2720,6 +2894,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_PSK_WITH_RC4_128_SHA,
TLS1_CK_PSK_WITH_RC4_128_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -2735,6 +2910,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
SSL_kRSAPSK,
SSL_aRSA,
@@ -2750,6 +2926,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+ TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
SSL_kDHEPSK,
SSL_aPSK,
@@ -2777,12 +2954,14 @@ static SSL_CIPHER ssl3_scsvs[] = {
{
0,
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
SSL3_CK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
{
0,
"TLS_FALLBACK_SCSV",
+ "TLS_FALLBACK_SCSV",
SSL3_CK_FALLBACK_SCSV,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
},
@@ -3605,6 +3784,33 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
}
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+ SSL_CIPHER *c = NULL;
+ SSL_CIPHER *tbl = ssl3_ciphers;
+ size_t i;
+
+ /* this is not efficient, necessary to optimze this? */
+ for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
+ if (tbl->stdname == NULL)
+ continue;
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
+ }
+ if (c == NULL) {
+ tbl = ssl3_scsvs;
+ for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
+ }
+ }
+ return c;
+}
+
/*
* This function needs to check if the ciphers required are actually
* available
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index e213160..39feb1f 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -188,112 +188,112 @@ typedef struct cipher_order_st {
static const SSL_CIPHER cipher_aliases[] = {
/* "ALL" doesn't include eNULL (must be specifically enabled) */
- {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
+ {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
/* "COMPLEMENTOFALL" */
- {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
/*
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
+ {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
/*
* key exchange aliases (some of those using only a single bit here
* combine multiple key exchange algs according to the RFCs, e.g. kDHE
* combines DHE_DSS and DHE_RSA)
*/
- {0, SSL_TXT_kRSA, 0, SSL_kRSA},
+ {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
- {0, SSL_TXT_kEDH, 0, SSL_kDHE},
- {0, SSL_TXT_kDHE, 0, SSL_kDHE},
- {0, SSL_TXT_DH, 0, SSL_kDHE},
+ {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+ {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+ {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
- {0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
- {0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
- {0, SSL_TXT_ECDH, 0, SSL_kECDHE},
+ {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+ {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+ {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
- {0, SSL_TXT_kPSK, 0, SSL_kPSK},
- {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
- {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
- {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
- {0, SSL_TXT_kSRP, 0, SSL_kSRP},
- {0, SSL_TXT_kGOST, 0, SSL_kGOST},
+ {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+ {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+ {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+ {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+ {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+ {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
/* server authentication aliases */
- {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
- {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
- {0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
- {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
- {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
- {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
- {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
- {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
- {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
- {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
- {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
+ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+ {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+ {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+ {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+ {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+ {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+ {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+ {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+ {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+ {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+ {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
/* aliases combining key exchange and server authentication */
- {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
- {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
- {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
- {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
- {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
- {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
- {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
- {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
- {0, SSL_TXT_PSK, 0, SSL_PSK},
- {0, SSL_TXT_SRP, 0, SSL_kSRP},
+ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+ {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+ {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+ {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+ {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+ {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+ {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+ {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+ {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
/* symmetric encryption aliases */
- {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
- {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
- {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
- {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
- {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
- {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
- {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
- {0, SSL_TXT_AES128, 0, 0, 0,
+ {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+ {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+ {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+ {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+ {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+ {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+ {0, SSL_TXT_AES128, NULL, 0, 0, 0,
SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
- {0, SSL_TXT_AES256, 0, 0, 0,
+ {0, SSL_TXT_AES256, NULL, 0, 0, 0,
SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
- {0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
- {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
- {0, SSL_TXT_AES_CCM, 0, 0, 0,
+ {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+ {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+ {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
- {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
- {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
- {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
- {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
- {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
+ {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+ {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+ {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+ {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+ {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
/* MAC aliases */
- {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
- {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
- {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
- {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
- {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
- {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
- {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
- {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
+ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+ {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+ {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+ {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+ {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+ {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+ {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+ {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
/* protocol version aliases */
- {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
- {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
- {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
- {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+ {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+ {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+ {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
/* strength classes */
- {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
- {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
- {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
+ {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+ {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+ {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
/* FIPS 140-2 approved ciphersuite */
- {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+ {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
- {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
+ {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
- {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
+ {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
};
@@ -310,9 +310,8 @@ static int get_optional_pkey_id(const char *pkey_name)
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
- ameth) > 0) {
+ ameth) > 0)
return pkey_id;
- }
return 0;
}
@@ -407,19 +406,17 @@ int ssl_load_ciphers(void)
* present, disable appropriate auth and key exchange
*/
ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
- if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+ if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
- } else {
+ else
disabled_mac_mask |= SSL_GOST89MAC;
- }
ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
get_optional_pkey_id("gost-mac-12");
- if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
+ if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
- } else {
+ else
disabled_mac_mask |= SSL_GOST89MAC12;
- }
if (!get_optional_pkey_id("gost2001"))
disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
@@ -481,7 +478,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
c = s->cipher;
if (c == NULL)
- return (0);
+ return 0;
if (comp != NULL) {
SSL_COMP ctmp;
#ifndef OPENSSL_NO_COMP
@@ -511,9 +508,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
- if (i == -1)
+ if (i == -1) {
*enc = NULL;
- else {
+ } else {
if (i == SSL_ENC_NULL_IDX)
*enc = EVP_enc_null();
else
@@ -569,9 +566,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
c->algorithm_mac == SSL_SHA256 &&
(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
*enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
+ return 1;
+ } else {
+ return 0;
+ }
}
const EVP_MD *ssl_md(int idx)
@@ -920,7 +918,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
if (number_uses == NULL) {
SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
- return (0);
+ return 0;
}
/*
@@ -942,7 +940,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
tail_p);
OPENSSL_free(number_uses);
- return (1);
+ return 1;
}
static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -959,7 +957,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
retval = 1;
l = rule_str;
- for (;;) {
+ for ( ; ; ) {
ch = *l;
if (ch == '\0')
@@ -1030,8 +1028,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (ch == '+') {
multi = 1;
l++;
- } else
+ } else {
multi = 0;
+ }
/*
* Now search for the cipher alias in the ca_list. Be careful
@@ -1065,8 +1064,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
- } else
+ } else {
alg_mkey = ca_list[j]->algorithm_mkey;
+ }
}
if (ca_list[j]->algorithm_auth) {
@@ -1076,8 +1076,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
- } else
+ } else {
alg_auth = ca_list[j]->algorithm_auth;
+ }
}
if (ca_list[j]->algorithm_enc) {
@@ -1087,8 +1088,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
- } else
+ } else {
alg_enc = ca_list[j]->algorithm_enc;
+ }
}
if (ca_list[j]->algorithm_mac) {
@@ -1098,8 +1100,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
- } else
+ } else {
alg_mac = ca_list[j]->algorithm_mac;
+ }
}
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
@@ -1111,8 +1114,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
- } else
+ } else {
algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+ }
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
@@ -1124,9 +1128,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
- } else
+ } else {
algo_strength |=
ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+ }
}
if (ca_list[j]->valid) {
@@ -1161,9 +1166,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
*/
if (rule == CIPHER_SPECIAL) { /* special command */
ok = 0;
- if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
+ if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
ok = ssl_cipher_strength_sort(head_p, tail_p);
- else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+ } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
int level = buf[9] - '0';
if (level < 0 || level > 5) {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -1172,8 +1177,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
c->sec_level = level;
ok = 1;
}
- } else
+ } else {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+ }
if (ok == 0)
retval = 0;
/*
@@ -1197,7 +1203,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
break; /* done */
}
- return (retval);
+ return retval;
}
#ifndef OPENSSL_NO_EC
@@ -1219,8 +1225,9 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
if (suiteb_flags) {
c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
c->cert_flags |= suiteb_flags;
- } else
+ } else {
suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+ }
if (!suiteb_flags)
return 1;
@@ -1297,7 +1304,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return (NULL); /* Failure */
+ return NULL; /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1415,7 +1422,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (ca_list == NULL) {
OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return (NULL); /* Failure */
+ return NULL; /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1442,7 +1449,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list);
- return (NULL);
+ return NULL;
}
/*
@@ -1451,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
OPENSSL_free(co_list);
- return (NULL);
+ return NULL;
}
/*
@@ -1485,7 +1492,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
- return (cipherstack);
+ return cipherstack;
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
@@ -1500,8 +1507,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
buf = OPENSSL_malloc(len);
if (buf == NULL)
return NULL;
- } else if (len < 128)
+ } else if (len < 128) {
return NULL;
+ }
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
@@ -1677,7 +1685,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
- return (buf);
+ return buf;
}
const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
@@ -1698,8 +1706,27 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
{
if (c != NULL)
- return (c->name);
- return ("(NONE)");
+ return c->name;
+ return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+ if (c != NULL)
+ return c->stdname;
+ return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+ const SSL_CIPHER *c;
+
+ if (stdname == NULL)
+ return "(NONE)";
+ c = ssl3_get_cipher_by_std_name(stdname);
+ return SSL_CIPHER_get_name(c);
}
/* number of bits for symmetric cipher */
@@ -1731,9 +1758,9 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
for (i = 0; i < nn; i++) {
ctmp = sk_SSL_COMP_value(sk, i);
if (ctmp->id == n)
- return (ctmp);
+ return ctmp;
}
- return (NULL);
+ return NULL;
}
#ifdef OPENSSL_NO_COMP
@@ -1757,7 +1784,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
load_builtin_compressions();
- return (ssl_comp_methods);
+ return ssl_comp_methods;
}
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
@@ -1806,7 +1833,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
if (comp == NULL) {
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
- return (1);
+ return 1;
}
comp->id = id;
@@ -1817,16 +1844,16 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_DUPLICATE_COMPRESSION_ID);
- return (1);
+ return 1;
}
if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
- return (1);
+ return 1;
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
- return (0);
+ return 0;
}
#endif
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index aae547a..12cc3ca 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -401,6 +401,7 @@
struct ssl_cipher_st {
uint32_t valid;
const char *name; /* text name */
+ const char *stdname; /* RFC name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 1.0.0: these four used to be portions of a single value
@@ -2151,6 +2152,7 @@ __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index cef0df8..1e96022 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3568,7 +3568,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
if (totlen != 0) {
if (empty_reneg_info_scsv) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
@@ -3577,7 +3577,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
- 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index ce98581..803df27 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1470,11 +1470,6 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
return 1;
}
-const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
-{
- return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
-}
-
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t msglen, SSL *ssl, void *arg)
{
diff --git a/test/build.info b/test/build.info
index 9664443..3d5b15e 100644
--- a/test/build.info
+++ b/test/build.info
@@ -44,7 +44,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
pkey_meth_test uitest cipherbytes_test asn1_encode_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest \
- time_offset_test pemtest ssl_cert_table_internal_test
+ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]=../include
@@ -323,6 +323,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[ssl_cert_table_internal_test]=.. ../include
DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a
+ SOURCE[ciphername_test]=ciphername_test.c
+ INCLUDE[ciphername_test]=.. ../include
+ DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
+
IF[{- !$disabled{psk} -}]
PROGRAMS_NO_INST=dtls_mtu_test
SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
diff --git a/test/ciphername_test.c b/test/ciphername_test.c
new file mode 100644
index 0000000..995c352
--- /dev/null
+++ b/test/ciphername_test.c
@@ -0,0 +1,469 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/err.h>
+#include <openssl/e_os2.h>
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h>
+
+#include "e_os.h"
+#include "testutil.h"
+
+typedef struct cipher_id_name {
+ int id;
+ const char *name;
+} CIPHER_ID_NAME;
+
+/* Cipher suites, copied from t1_trce.c */
+static CIPHER_ID_NAME cipher_names[] = {
+ {0x0000, "SSL_NULL_WITH_NULL_NULL"},
+ {0x0001, "SSL_RSA_WITH_NULL_MD5"},
+ {0x0002, "SSL_RSA_WITH_NULL_SHA"},
+ {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
+ {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},
+ {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},
+ {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+ {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},
+ {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},
+ {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},
+ {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+ {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},
+ {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},
+ {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+ {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},
+ {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+ {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},
+ {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+ {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
+ {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+ {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+ {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+ {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
+ {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
+ {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
+ {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
+ {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
+ {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
+ {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
+ {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
+ {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
+ {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
+ {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
+ {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
+ {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+ {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+ {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+ {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
+ {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+ {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+ {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+ {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+ {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+ {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+ {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
+ {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+ {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+ {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+ {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+ {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+ {0x003B, "TLS_RSA_WITH_NULL_SHA256"},
+ {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+ {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+ {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+ {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+ {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+ {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
+ {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+ {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+ {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+ {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+ {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+ {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+ {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+ {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
+ {0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
+ {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
+ {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
+ {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
+ {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
+ {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
+ {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
+ {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
+ {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
+ {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
+ {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
+ {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
+ {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
+ {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
+ {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
+ {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+ {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+ {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
+ {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
+ {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
+ {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
+ {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
+ {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
+ {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
+ {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
+ {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
+ {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
+ {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
+ {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
+ {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
+ {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
+ {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
+ {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
+ {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
+ {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
+ {0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
+ {0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
+ {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
+ {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
+ {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
+ {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
+ {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
+ {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
+ {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
+ {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
+ {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
+ {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+ {0x5600, "TLS_FALLBACK_SCSV"},
+ {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
+ {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
+ {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
+ {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
+ {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
+ {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
+ {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
+ {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
+ {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
+ {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
+ {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
+ {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
+ {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
+ {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
+ {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+ {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+ {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
+ {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
+ {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
+ {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
+ {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
+ {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
+ {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
+ {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
+ {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
+ {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
+ {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
+ {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
+ {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
+ {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
+ {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
+ {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
+ {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
+ {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+ {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
+ {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
+ {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
+ {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+ {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+ {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
+ {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
+ {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+ {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+ {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
+ {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+ {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+ {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+ {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+ {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+ {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+ {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+ {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+ {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+ {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+ {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+ {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+ {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+ {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+ {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+ {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+ {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+ {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+ {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+ {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+ {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+ {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+ {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+ {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+ {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+ {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+ {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+ {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+ {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+ {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+ {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+ {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+ {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+ {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+ {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+ {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+ {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+ {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+ {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+ {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+ {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+ {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+ {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+ {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+ {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+ {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+ {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+ {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+ {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+ {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+ {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+ {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+ {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+ {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+ {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+ {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+ {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+ {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+ {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+ {0x1301, "TLS_AES_128_GCM_SHA256"},
+ {0x1302, "TLS_AES_256_GCM_SHA384"},
+ {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+ {0x1304, "TLS_AES_128_CCM_SHA256"},
+ {0x1305, "TLS_AES_128_CCM_8_SHA256"},
+ {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+ {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+};
+
+static const char *get_std_name_by_id(int id)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(cipher_names); i++)
+ if (cipher_names[i].id == id)
+ return cipher_names[i].name;
+
+ return NULL;
+}
+
+static int test_cipher_name()
+{
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ const SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *sk = NULL;
+ const char *ciphers = "ALL:eNULL", *p, *q, *r;
+ int i, id = 0, ret = 0;
+
+ /* tests for invalid input */
+ p = SSL_CIPHER_standard_name(NULL);
+ if (!TEST_str_eq(p, "(NONE)")) {
+ TEST_info("test_cipher_name(std) failed: NULL input doesn't return \"(NONE)\"\n");
+ goto err;
+ }
+
+ p = OPENSSL_cipher_name(NULL);
+ if (!TEST_str_eq(p, "(NONE)")) {
+ TEST_info("test_cipher_name(ossl) failed: NULL input doesn't return \"(NONE)\"\n");
+ goto err;
+ }
+
+ p = OPENSSL_cipher_name("This is not a valid cipher");
+ if (!TEST_str_eq(p, "(NONE)")) {
+ TEST_info("test_cipher_name(ossl) failed: invalid input doesn't return \"(NONE)\"\n");
+ goto err;
+ }
+
+ /* tests for valid input */
+ ctx = SSL_CTX_new(TLS_server_method());
+ if (ctx == NULL) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ ssl = SSL_new(ctx);
+ if (ssl == NULL) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ sk = SSL_get_ciphers(ssl);
+ if (sk == NULL) {
+ TEST_info("test_cipher_name failed: internal error\n");
+ goto err;
+ }
+
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ id = SSL_CIPHER_get_id(c) & 0xFFFF;
+ if ((id == 0xFF85) || (id == 0xFF87))
+ /* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */
+ continue;
+ p = SSL_CIPHER_standard_name(c);
+ q = get_std_name_by_id(id);
+ if (!TEST_ptr(p)) {
+ TEST_info("test_cipher_name failed: expected %s, got NULL, cipher %x\n",
+ q, id);
+ goto err;
+ }
+ /* check if p is a valid standard name */
+ if (!TEST_str_eq(p, q)) {
+ TEST_info("test_cipher_name(std) failed: expected %s, got %s, cipher %x\n",
+ q, p, id);
+ goto err;
+ }
+ /* test OPENSSL_cipher_name */
+ q = SSL_CIPHER_get_name(c);
+ r = OPENSSL_cipher_name(p);
+ if (!TEST_str_eq(r, q)) {
+ TEST_info("test_cipher_name(ossl) failed: expected %s, got %s, cipher %x\n",
+ q, r, id);
+ goto err;
+ }
+ }
+ ret = 1;
+err:
+ SSL_CTX_free(ctx);
+ SSL_free(ssl);
+ return ret;
+}
+
+void register_tests()
+{
+ ADD_TEST(test_cipher_name);
+}
diff --git a/test/recipes/80-test_cipherbytes.t b/test/recipes/80-test_ciphername.t
similarity index 84%
copy from test/recipes/80-test_cipherbytes.t
copy to test/recipes/80-test_ciphername.t
index 27d627e..33c3d6e 100644
--- a/test/recipes/80-test_cipherbytes.t
+++ b/test/recipes/80-test_ciphername.t
@@ -1,6 +1,7 @@
#! /usr/bin/perl
#
# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017 BaishanCloud. All rights reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -15,7 +16,7 @@ use OpenSSL::Test::Simple;
use OpenSSL::Test;
use OpenSSL::Test::Utils qw(alldisabled available_protocols);
-setup("test_cipherbytes");
+setup("test_ciphername");
my $no_anytls = alldisabled(available_protocols("tls"));
@@ -23,4 +24,4 @@ my $no_anytls = alldisabled(available_protocols("tls"));
plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build."
if $no_anytls;
-simple_test("test_cipherbytes", "cipherbytes_test", "bytes_to_cipherlist");
+simple_test("test_ciphername", "ciphername_test");
diff --git a/util/libssl.num b/util/libssl.num
index ae16d13..26a225c 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -86,7 +86,7 @@ SSL_CTX_set_cookie_verify_cb 86 1_1_0 EXIST::FUNCTION:
SSL_get_shared_sigalgs 87 1_1_0 EXIST::FUNCTION:
SSL_config 88 1_1_0 EXIST::FUNCTION:
TLSv1_1_client_method 89 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
-SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:SSL_TRACE
+SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:
SSL_CTX_get_verify_mode 91 1_1_0 EXIST::FUNCTION:
SSL_get_all_async_fds 92 1_1_0 EXIST::FUNCTION:
SSL_CTX_check_private_key 93 1_1_0 EXIST::FUNCTION:
@@ -459,3 +459,4 @@ SSL_CIPHER_get_handshake_digest 459 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set1_master_key 460 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set_cipher 461 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set_protocol_version 462 1_1_1 EXIST::FUNCTION:
+OPENSSL_cipher_name 463 1_1_1 EXIST::FUNCTION:
More information about the openssl-commits
mailing list