1/** 2 * \file ssl_ciphersuites.c 3 * 4 * \brief SSL ciphersuites for Mbed TLS 5 * 6 * Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 */ 9 10#include "common.h" 11 12#if defined(MBEDTLS_SSL_TLS_C) 13 14#include "mbedtls/platform.h" 15 16#include "mbedtls/ssl_ciphersuites.h" 17#include "mbedtls/ssl.h" 18#include "ssl_misc.h" 19#if defined(MBEDTLS_USE_PSA_CRYPTO) 20#include "mbedtls/psa_util.h" 21#endif 22 23#include <string.h> 24 25/* 26 * Ordered from most preferred to least preferred in terms of security. 27 * 28 * Current rule (except weak and null which come last): 29 * 1. By key exchange: 30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK 31 * 2. By key length and cipher: 32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 34 * 4. By hash function used when relevant 35 * 5. By key exchange/auth again: EC > non-EC 36 */ 37static const int ciphersuite_preference[] = 38{ 39#if defined(MBEDTLS_SSL_CIPHERSUITES) 40 MBEDTLS_SSL_CIPHERSUITES, 41#else 42#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 43 /* TLS 1.3 ciphersuites */ 44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, 45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384, 46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256, 47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256, 48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, 49#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 50 51 /* Chacha-Poly ephemeral suites */ 52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 55 56 /* All AES-256 ephemeral suites */ 57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, 62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, 69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, 70 71 /* All CAMELLIA-256 ephemeral suites */ 72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 79 80 /* All ARIA-256 ephemeral suites */ 81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 87 88 /* All AES-128 ephemeral suites */ 89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, 94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, 102 103 /* All CAMELLIA-128 ephemeral suites */ 104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 111 112 /* All ARIA-128 ephemeral suites */ 113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 119 120 /* The PSK ephemeral suites */ 121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 122 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 123 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, 125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 126 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 128 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, 130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 131 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, 133 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 134 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 135 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 136 137 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, 139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 140 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 141 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 142 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, 144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 145 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, 147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 148 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 149 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 150 151 /* The ECJPAKE suite */ 152 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, 153 154 /* All AES-256 suites */ 155 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, 156 MBEDTLS_TLS_RSA_WITH_AES_256_CCM, 157 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 158 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 159 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 160 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 161 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 162 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 163 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 164 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, 166 167 /* All CAMELLIA-256 suites */ 168 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 169 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 170 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 171 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 172 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 173 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 174 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 175 176 /* All ARIA-256 suites */ 177 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 178 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 179 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 180 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 181 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 182 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 183 184 /* All AES-128 suites */ 185 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 186 MBEDTLS_TLS_RSA_WITH_AES_128_CCM, 187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, 188 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, 189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 191 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 194 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, 196 197 /* All CAMELLIA-128 suites */ 198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 200 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 202 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 204 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 205 206 /* All ARIA-128 suites */ 207 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 208 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 209 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 210 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 211 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 212 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 213 214 /* The RSA PSK suites */ 215 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, 216 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 217 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 218 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 219 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 220 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 221 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 222 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 223 224 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 225 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 226 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 227 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 228 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 229 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 230 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 231 232 /* The PSK suites */ 233 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, 234 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, 235 MBEDTLS_TLS_PSK_WITH_AES_256_CCM, 236 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, 237 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 238 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 239 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 240 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, 241 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 242 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 243 244 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, 245 MBEDTLS_TLS_PSK_WITH_AES_128_CCM, 246 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, 247 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, 248 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 250 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, 251 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 252 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 253 254 /* NULL suites */ 255 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 256 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, 257 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, 258 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, 259 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, 260 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, 261 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, 262 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, 263 264 MBEDTLS_TLS_RSA_WITH_NULL_SHA256, 265 MBEDTLS_TLS_RSA_WITH_NULL_SHA, 266 MBEDTLS_TLS_RSA_WITH_NULL_MD5, 267 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, 268 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, 269 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, 270 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, 271 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, 272 MBEDTLS_TLS_PSK_WITH_NULL_SHA384, 273 MBEDTLS_TLS_PSK_WITH_NULL_SHA256, 274 MBEDTLS_TLS_PSK_WITH_NULL_SHA, 275 276#endif /* MBEDTLS_SSL_CIPHERSUITES */ 277 0 278}; 279 280static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 281{ 282#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 283#if defined(MBEDTLS_SSL_HAVE_AES) 284#if defined(MBEDTLS_SSL_HAVE_GCM) 285#if defined(MBEDTLS_MD_CAN_SHA384) 286 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", 287 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, 288 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 289 0, 290 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 291#endif /* MBEDTLS_MD_CAN_SHA384 */ 292#if defined(MBEDTLS_MD_CAN_SHA256) 293 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", 294 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, 295 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 296 0, 297 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 298#endif /* MBEDTLS_MD_CAN_SHA256 */ 299#endif /* MBEDTLS_SSL_HAVE_GCM */ 300#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) 301 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", 302 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, 303 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 304 0, 305 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 306 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", 307 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, 308 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 309 MBEDTLS_CIPHERSUITE_SHORT_TAG, 310 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 311#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */ 312#endif /* MBEDTLS_SSL_HAVE_AES */ 313#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) 314 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, 315 "TLS1-3-CHACHA20-POLY1305-SHA256", 316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 317 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 318 0, 319 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 320#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ 321#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 322 323#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \ 324 defined(MBEDTLS_MD_CAN_SHA256) && \ 325 defined(MBEDTLS_SSL_PROTO_TLS1_2) 326#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 327 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 328 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 329 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 330 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 331 0, 332 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 333#endif 334#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 335 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 336 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", 337 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 338 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 339 0, 340 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 341#endif 342#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 343 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 344 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 345 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 346 MBEDTLS_KEY_EXCHANGE_DHE_RSA, 347 0, 348 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 349#endif 350#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 351 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, 352 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", 353 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 354 MBEDTLS_KEY_EXCHANGE_PSK, 355 0, 356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 357#endif 358#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 359 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 360 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", 361 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 362 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 363 0, 364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 365#endif 366#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 367 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 368 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", 369 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 370 MBEDTLS_KEY_EXCHANGE_DHE_PSK, 371 0, 372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 373#endif 374#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 375 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, 376 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", 377 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 378 MBEDTLS_KEY_EXCHANGE_RSA_PSK, 379 0, 380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 381#endif 382#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && 383 MBEDTLS_MD_CAN_SHA256 && 384 MBEDTLS_SSL_PROTO_TLS1_2 */ 385#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 386#if defined(MBEDTLS_SSL_HAVE_AES) 387#if defined(MBEDTLS_MD_CAN_SHA1) 388#if defined(MBEDTLS_SSL_HAVE_CBC) 389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 390 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 391 0, 392 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 393 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", 394 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 395 0, 396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 397#endif /* MBEDTLS_SSL_HAVE_CBC */ 398#endif /* MBEDTLS_MD_CAN_SHA1 */ 399#if defined(MBEDTLS_MD_CAN_SHA256) 400#if defined(MBEDTLS_SSL_HAVE_CBC) 401 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 402 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 403 0, 404 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 405#endif /* MBEDTLS_SSL_HAVE_CBC */ 406#if defined(MBEDTLS_SSL_HAVE_GCM) 407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 408 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 409 0, 410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 411#endif /* MBEDTLS_SSL_HAVE_GCM */ 412#endif /* MBEDTLS_MD_CAN_SHA256 */ 413#if defined(MBEDTLS_MD_CAN_SHA384) 414#if defined(MBEDTLS_SSL_HAVE_CBC) 415 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 416 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 417 0, 418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 419#endif /* MBEDTLS_SSL_HAVE_CBC */ 420#if defined(MBEDTLS_SSL_HAVE_GCM) 421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 422 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 423 0, 424 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 425#endif /* MBEDTLS_SSL_HAVE_GCM */ 426#endif /* MBEDTLS_MD_CAN_SHA384 */ 427#if defined(MBEDTLS_SSL_HAVE_CCM) 428 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", 429 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 430 0, 431 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", 433 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 434 MBEDTLS_CIPHERSUITE_SHORT_TAG, 435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 436 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", 437 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 438 0, 439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 440 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", 441 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 442 MBEDTLS_CIPHERSUITE_SHORT_TAG, 443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 444#endif /* MBEDTLS_SSL_HAVE_CCM */ 445#endif /* MBEDTLS_SSL_HAVE_AES */ 446 447#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 448#if defined(MBEDTLS_SSL_HAVE_CBC) 449#if defined(MBEDTLS_MD_CAN_SHA256) 450 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 451 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 452 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 453 0, 454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 455#endif /* MBEDTLS_MD_CAN_SHA256 */ 456#if defined(MBEDTLS_MD_CAN_SHA384) 457 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 458 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 459 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 460 0, 461 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 462#endif /* MBEDTLS_MD_CAN_SHA384 */ 463#endif /* MBEDTLS_SSL_HAVE_CBC */ 464 465#if defined(MBEDTLS_SSL_HAVE_GCM) 466#if defined(MBEDTLS_MD_CAN_SHA256) 467 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 468 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 469 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 470 0, 471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 472#endif /* MBEDTLS_MD_CAN_SHA256 */ 473#if defined(MBEDTLS_MD_CAN_SHA384) 474 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 475 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 476 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 477 0, 478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 479#endif /* MBEDTLS_MD_CAN_SHA384 */ 480#endif /* MBEDTLS_SSL_HAVE_GCM */ 481#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 482 483#if defined(MBEDTLS_CIPHER_NULL_CIPHER) 484#if defined(MBEDTLS_MD_CAN_SHA1) 485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", 486 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 487 MBEDTLS_CIPHERSUITE_WEAK, 488 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 489#endif /* MBEDTLS_MD_CAN_SHA1 */ 490#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 491#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 492 493#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 494#if defined(MBEDTLS_SSL_HAVE_AES) 495#if defined(MBEDTLS_MD_CAN_SHA1) 496#if defined(MBEDTLS_SSL_HAVE_CBC) 497 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 498 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 499 0, 500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 501 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 502 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 503 0, 504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 505#endif /* MBEDTLS_SSL_HAVE_CBC */ 506#endif /* MBEDTLS_MD_CAN_SHA1 */ 507#if defined(MBEDTLS_MD_CAN_SHA256) 508#if defined(MBEDTLS_SSL_HAVE_CBC) 509 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 510 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 511 0, 512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 513#endif /* MBEDTLS_SSL_HAVE_CBC */ 514#if defined(MBEDTLS_SSL_HAVE_GCM) 515 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 516 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 517 0, 518 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 519#endif /* MBEDTLS_SSL_HAVE_GCM */ 520#endif /* MBEDTLS_MD_CAN_SHA256 */ 521#if defined(MBEDTLS_MD_CAN_SHA384) 522#if defined(MBEDTLS_SSL_HAVE_CBC) 523 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 524 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 525 0, 526 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 527#endif /* MBEDTLS_SSL_HAVE_CBC */ 528#if defined(MBEDTLS_SSL_HAVE_GCM) 529 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 530 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 531 0, 532 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 533#endif /* MBEDTLS_SSL_HAVE_GCM */ 534#endif /* MBEDTLS_MD_CAN_SHA384 */ 535#endif /* MBEDTLS_SSL_HAVE_AES */ 536 537#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 538#if defined(MBEDTLS_SSL_HAVE_CBC) 539#if defined(MBEDTLS_MD_CAN_SHA256) 540 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 541 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 542 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 543 0, 544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 545#endif /* MBEDTLS_MD_CAN_SHA256 */ 546#if defined(MBEDTLS_MD_CAN_SHA384) 547 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 548 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", 549 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 550 0, 551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 552#endif /* MBEDTLS_MD_CAN_SHA384 */ 553#endif /* MBEDTLS_SSL_HAVE_CBC */ 554 555#if defined(MBEDTLS_SSL_HAVE_GCM) 556#if defined(MBEDTLS_MD_CAN_SHA256) 557 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 558 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 559 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 560 0, 561 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 562#endif /* MBEDTLS_MD_CAN_SHA256 */ 563#if defined(MBEDTLS_MD_CAN_SHA384) 564 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 565 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 566 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 567 0, 568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 569#endif /* MBEDTLS_MD_CAN_SHA384 */ 570#endif /* MBEDTLS_SSL_HAVE_GCM */ 571#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 572 573#if defined(MBEDTLS_CIPHER_NULL_CIPHER) 574#if defined(MBEDTLS_MD_CAN_SHA1) 575 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", 576 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 577 MBEDTLS_CIPHERSUITE_WEAK, 578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 579#endif /* MBEDTLS_MD_CAN_SHA1 */ 580#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 581#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 582 583#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 584#if defined(MBEDTLS_SSL_HAVE_AES) 585#if defined(MBEDTLS_MD_CAN_SHA384) && \ 586 defined(MBEDTLS_SSL_HAVE_GCM) 587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 588 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 589 0, 590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 591#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ 592 593#if defined(MBEDTLS_MD_CAN_SHA256) 594#if defined(MBEDTLS_SSL_HAVE_GCM) 595 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 596 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 597 0, 598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 599#endif /* MBEDTLS_SSL_HAVE_GCM */ 600 601#if defined(MBEDTLS_SSL_HAVE_CBC) 602 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 603 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 604 0, 605 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 606 607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 608 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 609 0, 610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 611#endif /* MBEDTLS_SSL_HAVE_CBC */ 612#endif /* MBEDTLS_MD_CAN_SHA256 */ 613 614#if defined(MBEDTLS_SSL_HAVE_CBC) 615#if defined(MBEDTLS_MD_CAN_SHA1) 616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 617 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 618 0, 619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 620 621 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 622 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 623 0, 624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 625#endif /* MBEDTLS_MD_CAN_SHA1 */ 626#endif /* MBEDTLS_SSL_HAVE_CBC */ 627#if defined(MBEDTLS_SSL_HAVE_CCM) 628 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", 629 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 630 0, 631 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", 633 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 634 MBEDTLS_CIPHERSUITE_SHORT_TAG, 635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 636 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", 637 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 638 0, 639 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 640 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", 641 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 642 MBEDTLS_CIPHERSUITE_SHORT_TAG, 643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 644#endif /* MBEDTLS_SSL_HAVE_CCM */ 645#endif /* MBEDTLS_SSL_HAVE_AES */ 646 647#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 648#if defined(MBEDTLS_SSL_HAVE_CBC) 649#if defined(MBEDTLS_MD_CAN_SHA256) 650 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 651 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 652 0, 653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 654 655 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 656 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 657 0, 658 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 659#endif /* MBEDTLS_MD_CAN_SHA256 */ 660 661#if defined(MBEDTLS_MD_CAN_SHA1) 662 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 663 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 664 0, 665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 666 667 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 668 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 669 0, 670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 671#endif /* MBEDTLS_MD_CAN_SHA1 */ 672#endif /* MBEDTLS_SSL_HAVE_CBC */ 673#if defined(MBEDTLS_SSL_HAVE_GCM) 674#if defined(MBEDTLS_MD_CAN_SHA256) 675 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 676 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 677 0, 678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 679#endif /* MBEDTLS_MD_CAN_SHA256 */ 680 681#if defined(MBEDTLS_MD_CAN_SHA384) 682 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 683 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 684 0, 685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 686#endif /* MBEDTLS_MD_CAN_SHA384 */ 687#endif /* MBEDTLS_SSL_HAVE_GCM */ 688#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 689 690#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 691 692#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 693#if defined(MBEDTLS_SSL_HAVE_AES) 694#if defined(MBEDTLS_MD_CAN_SHA384) && \ 695 defined(MBEDTLS_SSL_HAVE_GCM) 696 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", 697 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 698 0, 699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 700#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ 701 702#if defined(MBEDTLS_MD_CAN_SHA256) 703#if defined(MBEDTLS_SSL_HAVE_GCM) 704 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", 705 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 706 0, 707 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 708#endif /* MBEDTLS_SSL_HAVE_GCM */ 709 710#if defined(MBEDTLS_SSL_HAVE_CBC) 711 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", 712 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 713 0, 714 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 715 716 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", 717 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 718 0, 719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 720#endif /* MBEDTLS_SSL_HAVE_CBC */ 721#endif /* MBEDTLS_MD_CAN_SHA256 */ 722 723#if defined(MBEDTLS_MD_CAN_SHA1) 724#if defined(MBEDTLS_SSL_HAVE_CBC) 725 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", 726 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 727 0, 728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 729 730 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", 731 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 732 0, 733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 734#endif /* MBEDTLS_SSL_HAVE_CBC */ 735#endif /* MBEDTLS_MD_CAN_SHA1 */ 736#if defined(MBEDTLS_SSL_HAVE_CCM) 737 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", 738 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 739 0, 740 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 741 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", 742 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 743 MBEDTLS_CIPHERSUITE_SHORT_TAG, 744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 745 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", 746 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 747 0, 748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 749 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", 750 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 751 MBEDTLS_CIPHERSUITE_SHORT_TAG, 752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 753#endif /* MBEDTLS_SSL_HAVE_CCM */ 754#endif /* MBEDTLS_SSL_HAVE_AES */ 755 756#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 757#if defined(MBEDTLS_SSL_HAVE_CBC) 758#if defined(MBEDTLS_MD_CAN_SHA256) 759 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 760 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 761 0, 762 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 763 764 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 765 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 766 0, 767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 768#endif /* MBEDTLS_MD_CAN_SHA256 */ 769 770#if defined(MBEDTLS_MD_CAN_SHA1) 771 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 772 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 773 0, 774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 775 776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 777 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 778 0, 779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 780#endif /* MBEDTLS_MD_CAN_SHA1 */ 781#endif /* MBEDTLS_SSL_HAVE_CBC */ 782 783#if defined(MBEDTLS_SSL_HAVE_GCM) 784#if defined(MBEDTLS_MD_CAN_SHA256) 785 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", 786 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 787 0, 788 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 789#endif /* MBEDTLS_MD_CAN_SHA256 */ 790 791#if defined(MBEDTLS_MD_CAN_SHA384) 792 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", 793 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 794 0, 795 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 796#endif /* MBEDTLS_MD_CAN_SHA384 */ 797#endif /* MBEDTLS_SSL_HAVE_GCM */ 798#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 799 800#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 801 802#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 803#if defined(MBEDTLS_SSL_HAVE_AES) 804#if defined(MBEDTLS_MD_CAN_SHA1) 805#if defined(MBEDTLS_SSL_HAVE_CBC) 806 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", 807 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 808 0, 809 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 810 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", 811 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 812 0, 813 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 814#endif /* MBEDTLS_SSL_HAVE_CBC */ 815#endif /* MBEDTLS_MD_CAN_SHA1 */ 816#if defined(MBEDTLS_MD_CAN_SHA256) 817#if defined(MBEDTLS_SSL_HAVE_CBC) 818 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", 819 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 820 0, 821 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 822#endif /* MBEDTLS_SSL_HAVE_CBC */ 823#if defined(MBEDTLS_SSL_HAVE_GCM) 824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", 825 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 826 0, 827 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 828#endif /* MBEDTLS_SSL_HAVE_GCM */ 829#endif /* MBEDTLS_MD_CAN_SHA256 */ 830#if defined(MBEDTLS_MD_CAN_SHA384) 831#if defined(MBEDTLS_SSL_HAVE_CBC) 832 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", 833 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 834 0, 835 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 836#endif /* MBEDTLS_SSL_HAVE_CBC */ 837#if defined(MBEDTLS_SSL_HAVE_GCM) 838 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", 839 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 840 0, 841 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 842#endif /* MBEDTLS_SSL_HAVE_GCM */ 843#endif /* MBEDTLS_MD_CAN_SHA384 */ 844#endif /* MBEDTLS_SSL_HAVE_AES */ 845 846#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 847#if defined(MBEDTLS_SSL_HAVE_CBC) 848#if defined(MBEDTLS_MD_CAN_SHA256) 849 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 850 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", 851 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 852 0, 853 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 854#endif /* MBEDTLS_MD_CAN_SHA256 */ 855#if defined(MBEDTLS_MD_CAN_SHA384) 856 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 857 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", 858 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 859 0, 860 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 861#endif /* MBEDTLS_MD_CAN_SHA384 */ 862#endif /* MBEDTLS_SSL_HAVE_CBC */ 863 864#if defined(MBEDTLS_SSL_HAVE_GCM) 865#if defined(MBEDTLS_MD_CAN_SHA256) 866 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 867 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", 868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 869 0, 870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 871#endif /* MBEDTLS_MD_CAN_SHA256 */ 872#if defined(MBEDTLS_MD_CAN_SHA384) 873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 874 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", 875 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 876 0, 877 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 878#endif /* MBEDTLS_MD_CAN_SHA384 */ 879#endif /* MBEDTLS_SSL_HAVE_GCM */ 880#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 881 882#if defined(MBEDTLS_CIPHER_NULL_CIPHER) 883#if defined(MBEDTLS_MD_CAN_SHA1) 884 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", 885 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 886 MBEDTLS_CIPHERSUITE_WEAK, 887 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 888#endif /* MBEDTLS_MD_CAN_SHA1 */ 889#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 890#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 891 892#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 893#if defined(MBEDTLS_SSL_HAVE_AES) 894#if defined(MBEDTLS_MD_CAN_SHA1) 895#if defined(MBEDTLS_SSL_HAVE_CBC) 896 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", 897 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 898 0, 899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 900 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", 901 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 902 0, 903 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 904#endif /* MBEDTLS_SSL_HAVE_CBC */ 905#endif /* MBEDTLS_MD_CAN_SHA1 */ 906#if defined(MBEDTLS_MD_CAN_SHA256) 907#if defined(MBEDTLS_SSL_HAVE_CBC) 908 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", 909 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 910 0, 911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 912#endif /* MBEDTLS_SSL_HAVE_CBC */ 913#if defined(MBEDTLS_SSL_HAVE_GCM) 914 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", 915 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 916 0, 917 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 918#endif /* MBEDTLS_SSL_HAVE_GCM */ 919#endif /* MBEDTLS_MD_CAN_SHA256 */ 920#if defined(MBEDTLS_MD_CAN_SHA384) 921#if defined(MBEDTLS_SSL_HAVE_CBC) 922 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", 923 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 924 0, 925 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 926#endif /* MBEDTLS_SSL_HAVE_CBC */ 927#if defined(MBEDTLS_SSL_HAVE_GCM) 928 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", 929 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 930 0, 931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 932#endif /* MBEDTLS_SSL_HAVE_GCM */ 933#endif /* MBEDTLS_MD_CAN_SHA384 */ 934#endif /* MBEDTLS_SSL_HAVE_AES */ 935 936#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 937#if defined(MBEDTLS_SSL_HAVE_CBC) 938#if defined(MBEDTLS_MD_CAN_SHA256) 939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 940 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 941 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 942 0, 943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 944#endif /* MBEDTLS_MD_CAN_SHA256 */ 945#if defined(MBEDTLS_MD_CAN_SHA384) 946 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 947 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 948 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 949 0, 950 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 951#endif /* MBEDTLS_MD_CAN_SHA384 */ 952#endif /* MBEDTLS_SSL_HAVE_CBC */ 953 954#if defined(MBEDTLS_SSL_HAVE_GCM) 955#if defined(MBEDTLS_MD_CAN_SHA256) 956 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 957 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 958 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 959 0, 960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 961#endif /* MBEDTLS_MD_CAN_SHA256 */ 962#if defined(MBEDTLS_MD_CAN_SHA384) 963 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 964 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 965 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 966 0, 967 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 968#endif /* MBEDTLS_MD_CAN_SHA384 */ 969#endif /* MBEDTLS_SSL_HAVE_GCM */ 970#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 971 972#if defined(MBEDTLS_CIPHER_NULL_CIPHER) 973#if defined(MBEDTLS_MD_CAN_SHA1) 974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", 975 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 976 MBEDTLS_CIPHERSUITE_WEAK, 977 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 978#endif /* MBEDTLS_MD_CAN_SHA1 */ 979#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 980#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 981 982#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 983#if defined(MBEDTLS_SSL_HAVE_AES) 984#if defined(MBEDTLS_SSL_HAVE_GCM) 985#if defined(MBEDTLS_MD_CAN_SHA256) 986 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", 987 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 988 0, 989 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 990#endif /* MBEDTLS_MD_CAN_SHA256 */ 991 992#if defined(MBEDTLS_MD_CAN_SHA384) 993 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", 994 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 995 0, 996 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 997#endif /* MBEDTLS_MD_CAN_SHA384 */ 998#endif /* MBEDTLS_SSL_HAVE_GCM */ 999 1000#if defined(MBEDTLS_SSL_HAVE_CBC) 1001#if defined(MBEDTLS_MD_CAN_SHA256) 1002 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", 1003 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1004 0, 1005 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1006#endif /* MBEDTLS_MD_CAN_SHA256 */ 1007 1008#if defined(MBEDTLS_MD_CAN_SHA384) 1009 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", 1010 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1011 0, 1012 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1013#endif /* MBEDTLS_MD_CAN_SHA384 */ 1014 1015#if defined(MBEDTLS_MD_CAN_SHA1) 1016 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", 1017 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1018 0, 1019 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1020 1021 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", 1022 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1023 0, 1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1025#endif /* MBEDTLS_MD_CAN_SHA1 */ 1026#endif /* MBEDTLS_SSL_HAVE_CBC */ 1027#if defined(MBEDTLS_SSL_HAVE_CCM) 1028 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", 1029 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1030 0, 1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", 1033 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1034 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1036 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", 1037 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1038 0, 1039 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1040 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", 1041 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1042 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1043 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1044#endif /* MBEDTLS_SSL_HAVE_CCM */ 1045#endif /* MBEDTLS_SSL_HAVE_AES */ 1046 1047#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1048#if defined(MBEDTLS_SSL_HAVE_CBC) 1049#if defined(MBEDTLS_MD_CAN_SHA256) 1050 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1051 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1052 0, 1053 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1054#endif /* MBEDTLS_MD_CAN_SHA256 */ 1055 1056#if defined(MBEDTLS_MD_CAN_SHA384) 1057 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1058 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1059 0, 1060 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1061#endif /* MBEDTLS_MD_CAN_SHA384 */ 1062#endif /* MBEDTLS_SSL_HAVE_CBC */ 1063 1064#if defined(MBEDTLS_SSL_HAVE_GCM) 1065#if defined(MBEDTLS_MD_CAN_SHA256) 1066 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1067 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1068 0, 1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1070#endif /* MBEDTLS_MD_CAN_SHA256 */ 1071 1072#if defined(MBEDTLS_MD_CAN_SHA384) 1073 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1074 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1075 0, 1076 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1077#endif /* MBEDTLS_MD_CAN_SHA384 */ 1078#endif /* MBEDTLS_SSL_HAVE_GCM */ 1079#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1080 1081#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1082 1083#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1084#if defined(MBEDTLS_SSL_HAVE_AES) 1085#if defined(MBEDTLS_SSL_HAVE_GCM) 1086#if defined(MBEDTLS_MD_CAN_SHA256) 1087 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", 1088 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1089 0, 1090 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1091#endif /* MBEDTLS_MD_CAN_SHA256 */ 1092 1093#if defined(MBEDTLS_MD_CAN_SHA384) 1094 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", 1095 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1096 0, 1097 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1098#endif /* MBEDTLS_MD_CAN_SHA384 */ 1099#endif /* MBEDTLS_SSL_HAVE_GCM */ 1100 1101#if defined(MBEDTLS_SSL_HAVE_CBC) 1102#if defined(MBEDTLS_MD_CAN_SHA256) 1103 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", 1104 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1105 0, 1106 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1107#endif /* MBEDTLS_MD_CAN_SHA256 */ 1108 1109#if defined(MBEDTLS_MD_CAN_SHA384) 1110 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", 1111 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1112 0, 1113 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1114#endif /* MBEDTLS_MD_CAN_SHA384 */ 1115 1116#if defined(MBEDTLS_MD_CAN_SHA1) 1117 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", 1118 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1119 0, 1120 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1121 1122 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", 1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1124 0, 1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1126#endif /* MBEDTLS_MD_CAN_SHA1 */ 1127#endif /* MBEDTLS_SSL_HAVE_CBC */ 1128#if defined(MBEDTLS_SSL_HAVE_CCM) 1129 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", 1130 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1131 0, 1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", 1134 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1135 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1137 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", 1138 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1139 0, 1140 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1141 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", 1142 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1143 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1144 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1145#endif /* MBEDTLS_SSL_HAVE_CCM */ 1146#endif /* MBEDTLS_SSL_HAVE_AES */ 1147 1148#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1149#if defined(MBEDTLS_SSL_HAVE_CBC) 1150#if defined(MBEDTLS_MD_CAN_SHA256) 1151 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1152 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1153 0, 1154 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1155#endif /* MBEDTLS_MD_CAN_SHA256 */ 1156 1157#if defined(MBEDTLS_MD_CAN_SHA384) 1158 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1159 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1160 0, 1161 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1162#endif /* MBEDTLS_MD_CAN_SHA384 */ 1163#endif /* MBEDTLS_SSL_HAVE_CBC */ 1164 1165#if defined(MBEDTLS_SSL_HAVE_GCM) 1166#if defined(MBEDTLS_MD_CAN_SHA256) 1167 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1168 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1169 0, 1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1171#endif /* MBEDTLS_MD_CAN_SHA256 */ 1172 1173#if defined(MBEDTLS_MD_CAN_SHA384) 1174 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1175 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1176 0, 1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1178#endif /* MBEDTLS_MD_CAN_SHA384 */ 1179#endif /* MBEDTLS_SSL_HAVE_GCM */ 1180#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1181 1182#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1183 1184#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1185#if defined(MBEDTLS_SSL_HAVE_AES) 1186 1187#if defined(MBEDTLS_SSL_HAVE_CBC) 1188#if defined(MBEDTLS_MD_CAN_SHA256) 1189 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", 1190 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1191 0, 1192 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1193#endif /* MBEDTLS_MD_CAN_SHA256 */ 1194 1195#if defined(MBEDTLS_MD_CAN_SHA384) 1196 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", 1197 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1198 0, 1199 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1200#endif /* MBEDTLS_MD_CAN_SHA384 */ 1201 1202#if defined(MBEDTLS_MD_CAN_SHA1) 1203 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", 1204 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1205 0, 1206 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1207 1208 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", 1209 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1210 0, 1211 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1212#endif /* MBEDTLS_MD_CAN_SHA1 */ 1213#endif /* MBEDTLS_SSL_HAVE_CBC */ 1214#endif /* MBEDTLS_SSL_HAVE_AES */ 1215 1216#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1217#if defined(MBEDTLS_SSL_HAVE_CBC) 1218#if defined(MBEDTLS_MD_CAN_SHA256) 1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 1220 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1221 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1222 0, 1223 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1224#endif /* MBEDTLS_MD_CAN_SHA256 */ 1225 1226#if defined(MBEDTLS_MD_CAN_SHA384) 1227 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 1228 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1229 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1230 0, 1231 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1232#endif /* MBEDTLS_MD_CAN_SHA384 */ 1233#endif /* MBEDTLS_SSL_HAVE_CBC */ 1234#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1235 1236#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1237 1238#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1239#if defined(MBEDTLS_SSL_HAVE_AES) 1240#if defined(MBEDTLS_SSL_HAVE_GCM) 1241#if defined(MBEDTLS_MD_CAN_SHA256) 1242 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", 1243 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1244 0, 1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1246#endif /* MBEDTLS_MD_CAN_SHA256 */ 1247 1248#if defined(MBEDTLS_MD_CAN_SHA384) 1249 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", 1250 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1251 0, 1252 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1253#endif /* MBEDTLS_MD_CAN_SHA384 */ 1254#endif /* MBEDTLS_SSL_HAVE_GCM */ 1255 1256#if defined(MBEDTLS_SSL_HAVE_CBC) 1257#if defined(MBEDTLS_MD_CAN_SHA256) 1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", 1259 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1260 0, 1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1262#endif /* MBEDTLS_MD_CAN_SHA256 */ 1263 1264#if defined(MBEDTLS_MD_CAN_SHA384) 1265 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", 1266 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1267 0, 1268 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1269#endif /* MBEDTLS_MD_CAN_SHA384 */ 1270 1271#if defined(MBEDTLS_MD_CAN_SHA1) 1272 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", 1273 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1274 0, 1275 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1276 1277 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", 1278 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1279 0, 1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1281#endif /* MBEDTLS_MD_CAN_SHA1 */ 1282#endif /* MBEDTLS_SSL_HAVE_CBC */ 1283#endif /* MBEDTLS_SSL_HAVE_AES */ 1284 1285#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1286#if defined(MBEDTLS_SSL_HAVE_CBC) 1287#if defined(MBEDTLS_MD_CAN_SHA256) 1288 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1289 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1290 0, 1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1292#endif /* MBEDTLS_MD_CAN_SHA256 */ 1293 1294#if defined(MBEDTLS_MD_CAN_SHA384) 1295 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1296 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1297 0, 1298 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1299#endif /* MBEDTLS_MD_CAN_SHA384 */ 1300#endif /* MBEDTLS_SSL_HAVE_CBC */ 1301 1302#if defined(MBEDTLS_SSL_HAVE_GCM) 1303#if defined(MBEDTLS_MD_CAN_SHA256) 1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1305 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1306 0, 1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1308#endif /* MBEDTLS_MD_CAN_SHA256 */ 1309 1310#if defined(MBEDTLS_MD_CAN_SHA384) 1311 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1312 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1313 0, 1314 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1315#endif /* MBEDTLS_MD_CAN_SHA384 */ 1316#endif /* MBEDTLS_SSL_HAVE_GCM */ 1317#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1318 1319#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1320 1321#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1322#if defined(MBEDTLS_SSL_HAVE_AES) 1323#if defined(MBEDTLS_SSL_HAVE_CCM) 1324 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", 1325 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, 1326 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1327 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1328#endif /* MBEDTLS_SSL_HAVE_CCM */ 1329#endif /* MBEDTLS_SSL_HAVE_AES */ 1330#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1331 1332#if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1333#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1334#if defined(MBEDTLS_MD_CAN_MD5) 1335 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", 1336 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 1337 MBEDTLS_CIPHERSUITE_WEAK, 1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1339#endif 1340 1341#if defined(MBEDTLS_MD_CAN_SHA1) 1342 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", 1343 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1344 MBEDTLS_CIPHERSUITE_WEAK, 1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1346#endif 1347 1348#if defined(MBEDTLS_MD_CAN_SHA256) 1349 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", 1350 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1351 MBEDTLS_CIPHERSUITE_WEAK, 1352 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1353#endif 1354#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1355 1356#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1357#if defined(MBEDTLS_MD_CAN_SHA1) 1358 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", 1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1360 MBEDTLS_CIPHERSUITE_WEAK, 1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1362#endif /* MBEDTLS_MD_CAN_SHA1 */ 1363 1364#if defined(MBEDTLS_MD_CAN_SHA256) 1365 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", 1366 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1367 MBEDTLS_CIPHERSUITE_WEAK, 1368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1369#endif 1370 1371#if defined(MBEDTLS_MD_CAN_SHA384) 1372 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", 1373 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1374 MBEDTLS_CIPHERSUITE_WEAK, 1375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1376#endif /* MBEDTLS_MD_CAN_SHA384 */ 1377#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1378 1379#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1380#if defined(MBEDTLS_MD_CAN_SHA1) 1381 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", 1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1383 MBEDTLS_CIPHERSUITE_WEAK, 1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1385#endif /* MBEDTLS_MD_CAN_SHA1 */ 1386 1387#if defined(MBEDTLS_MD_CAN_SHA256) 1388 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", 1389 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1390 MBEDTLS_CIPHERSUITE_WEAK, 1391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1392#endif 1393 1394#if defined(MBEDTLS_MD_CAN_SHA384) 1395 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", 1396 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1397 MBEDTLS_CIPHERSUITE_WEAK, 1398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1399#endif /* MBEDTLS_MD_CAN_SHA384 */ 1400#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1401 1402#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1403#if defined(MBEDTLS_MD_CAN_SHA1) 1404 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", 1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1406 MBEDTLS_CIPHERSUITE_WEAK, 1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1408#endif /* MBEDTLS_MD_CAN_SHA1 */ 1409 1410#if defined(MBEDTLS_MD_CAN_SHA256) 1411 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", 1412 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1413 MBEDTLS_CIPHERSUITE_WEAK, 1414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1415#endif 1416 1417#if defined(MBEDTLS_MD_CAN_SHA384) 1418 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", 1419 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1420 MBEDTLS_CIPHERSUITE_WEAK, 1421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1422#endif /* MBEDTLS_MD_CAN_SHA384 */ 1423#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1424 1425#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1426#if defined(MBEDTLS_MD_CAN_SHA1) 1427 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", 1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1429 MBEDTLS_CIPHERSUITE_WEAK, 1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1431#endif /* MBEDTLS_MD_CAN_SHA1 */ 1432 1433#if defined(MBEDTLS_MD_CAN_SHA256) 1434 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", 1435 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1436 MBEDTLS_CIPHERSUITE_WEAK, 1437 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1438#endif 1439 1440#if defined(MBEDTLS_MD_CAN_SHA384) 1441 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", 1442 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1443 MBEDTLS_CIPHERSUITE_WEAK, 1444 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1445#endif /* MBEDTLS_MD_CAN_SHA384 */ 1446#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1447#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1448 1449#if defined(MBEDTLS_SSL_HAVE_ARIA) 1450 1451#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1452 1453#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1454 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 1455 "TLS-RSA-WITH-ARIA-256-GCM-SHA384", 1456 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 1457 0, 1458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1459#endif 1460#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1461 defined(MBEDTLS_MD_CAN_SHA384)) 1462 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 1463 "TLS-RSA-WITH-ARIA-256-CBC-SHA384", 1464 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 1465 0, 1466 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1467#endif 1468#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1469 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 1470 "TLS-RSA-WITH-ARIA-128-GCM-SHA256", 1471 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1472 0, 1473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1474#endif 1475#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1476 defined(MBEDTLS_MD_CAN_SHA256)) 1477 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 1478 "TLS-RSA-WITH-ARIA-128-CBC-SHA256", 1479 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1480 0, 1481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1482#endif 1483 1484#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1485 1486#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1487 1488#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1489 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 1490 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", 1491 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1492 0, 1493 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1494#endif 1495#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1496 defined(MBEDTLS_MD_CAN_SHA384)) 1497 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 1498 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", 1499 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1500 0, 1501 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1502#endif 1503#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1504 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 1505 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", 1506 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1507 0, 1508 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1509#endif 1510#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1511 defined(MBEDTLS_MD_CAN_SHA256)) 1512 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 1513 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", 1514 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1515 0, 1516 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1517#endif 1518 1519#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1520 1521#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1522 1523#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1524 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 1525 "TLS-PSK-WITH-ARIA-256-GCM-SHA384", 1526 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1527 0, 1528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1529#endif 1530#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1531 defined(MBEDTLS_MD_CAN_SHA384)) 1532 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 1533 "TLS-PSK-WITH-ARIA-256-CBC-SHA384", 1534 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1535 0, 1536 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1537#endif 1538#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1539 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 1540 "TLS-PSK-WITH-ARIA-128-GCM-SHA256", 1541 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1542 0, 1543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1544#endif 1545#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1546 defined(MBEDTLS_MD_CAN_SHA256)) 1547 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 1548 "TLS-PSK-WITH-ARIA-128-CBC-SHA256", 1549 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1550 0, 1551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1552#endif 1553 1554#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1555 1556#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 1557 1558#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1559 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 1560 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", 1561 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1562 0, 1563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1564#endif 1565#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1566 defined(MBEDTLS_MD_CAN_SHA384)) 1567 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 1568 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", 1569 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1570 0, 1571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1572#endif 1573#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1574 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 1575 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", 1576 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1577 0, 1578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1579#endif 1580#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1581 defined(MBEDTLS_MD_CAN_SHA256)) 1582 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 1583 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", 1584 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1585 0, 1586 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1587#endif 1588 1589#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 1590 1591#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 1592 1593#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1594 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 1595 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", 1596 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1597 0, 1598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1599#endif 1600#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1601 defined(MBEDTLS_MD_CAN_SHA384)) 1602 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 1603 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", 1604 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1605 0, 1606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1607#endif 1608#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1609 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 1610 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", 1611 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1612 0, 1613 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1614#endif 1615#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1616 defined(MBEDTLS_MD_CAN_SHA256)) 1617 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 1618 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", 1619 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1620 0, 1621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1622#endif 1623 1624#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 1625 1626#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1627 1628#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1629 defined(MBEDTLS_MD_CAN_SHA384)) 1630 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 1631 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", 1632 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1633 0, 1634 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1635#endif 1636#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1637 defined(MBEDTLS_MD_CAN_SHA256)) 1638 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 1639 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", 1640 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1641 0, 1642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1643#endif 1644 1645#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1646 1647#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 1648 1649#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1650 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 1651 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", 1652 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1653 0, 1654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1655#endif 1656#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1657 defined(MBEDTLS_MD_CAN_SHA384)) 1658 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 1659 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", 1660 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1661 0, 1662 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1663#endif 1664#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1665 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 1666 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", 1667 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1668 0, 1669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1670#endif 1671#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1672 defined(MBEDTLS_MD_CAN_SHA256)) 1673 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 1674 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", 1675 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1676 0, 1677 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1678#endif 1679 1680#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 1681 1682#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 1683 1684#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1685 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 1686 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", 1687 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1688 0, 1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1690#endif 1691#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1692 defined(MBEDTLS_MD_CAN_SHA384)) 1693 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 1694 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", 1695 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1696 0, 1697 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1698#endif 1699#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1700 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 1701 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", 1702 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1703 0, 1704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1705#endif 1706#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1707 defined(MBEDTLS_MD_CAN_SHA256)) 1708 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 1709 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", 1710 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1711 0, 1712 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1713#endif 1714 1715#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 1716 1717#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 1718 1719#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1720 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 1721 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", 1722 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1723 0, 1724 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1725#endif 1726#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1727 defined(MBEDTLS_MD_CAN_SHA384)) 1728 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 1729 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", 1730 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1731 0, 1732 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1733#endif 1734#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1735 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 1736 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", 1737 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1738 0, 1739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1740#endif 1741#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1742 defined(MBEDTLS_MD_CAN_SHA256)) 1743 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 1744 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", 1745 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1746 0, 1747 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1748#endif 1749 1750#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 1751 1752#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1753 1754#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1755 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 1756 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", 1757 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1758 0, 1759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1760#endif 1761#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1762 defined(MBEDTLS_MD_CAN_SHA384)) 1763 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 1764 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", 1765 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1766 0, 1767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1768#endif 1769#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1770 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 1771 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", 1772 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1773 0, 1774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1775#endif 1776#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1777 defined(MBEDTLS_MD_CAN_SHA256)) 1778 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 1779 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", 1780 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1781 0, 1782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1783#endif 1784 1785#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1786 1787#endif /* MBEDTLS_SSL_HAVE_ARIA */ 1788 1789 1790 { 0, "", 1791 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 1792 0, 0, 0 } 1793}; 1794 1795#if defined(MBEDTLS_SSL_CIPHERSUITES) 1796const int *mbedtls_ssl_list_ciphersuites(void) 1797{ 1798 return ciphersuite_preference; 1799} 1800#else 1801#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ 1802 sizeof(ciphersuite_definitions[0]) 1803static int supported_ciphersuites[MAX_CIPHERSUITES]; 1804static int supported_init = 0; 1805 1806MBEDTLS_CHECK_RETURN_CRITICAL 1807static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) 1808{ 1809 (void) cs_info; 1810 1811 return 0; 1812} 1813 1814const int *mbedtls_ssl_list_ciphersuites(void) 1815{ 1816 /* 1817 * On initial call filter out all ciphersuites not supported by current 1818 * build based on presence in the ciphersuite_definitions. 1819 */ 1820 if (supported_init == 0) { 1821 const int *p; 1822 int *q; 1823 1824 for (p = ciphersuite_preference, q = supported_ciphersuites; 1825 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; 1826 p++) { 1827 const mbedtls_ssl_ciphersuite_t *cs_info; 1828 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && 1829 !ciphersuite_is_removed(cs_info)) { 1830 *(q++) = *p; 1831 } 1832 } 1833 *q = 0; 1834 1835 supported_init = 1; 1836 } 1837 1838 return supported_ciphersuites; 1839} 1840#endif /* MBEDTLS_SSL_CIPHERSUITES */ 1841 1842const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( 1843 const char *ciphersuite_name) 1844{ 1845 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1846 1847 if (NULL == ciphersuite_name) { 1848 return NULL; 1849 } 1850 1851 while (cur->id != 0) { 1852 if (0 == strcmp(cur->name, ciphersuite_name)) { 1853 return cur; 1854 } 1855 1856 cur++; 1857 } 1858 1859 return NULL; 1860} 1861 1862const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) 1863{ 1864 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1865 1866 while (cur->id != 0) { 1867 if (cur->id == ciphersuite) { 1868 return cur; 1869 } 1870 1871 cur++; 1872 } 1873 1874 return NULL; 1875} 1876 1877const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) 1878{ 1879 const mbedtls_ssl_ciphersuite_t *cur; 1880 1881 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); 1882 1883 if (cur == NULL) { 1884 return "unknown"; 1885 } 1886 1887 return cur->name; 1888} 1889 1890int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) 1891{ 1892 const mbedtls_ssl_ciphersuite_t *cur; 1893 1894 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); 1895 1896 if (cur == NULL) { 1897 return 0; 1898 } 1899 1900 return cur->id; 1901} 1902 1903size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) 1904{ 1905#if defined(MBEDTLS_USE_PSA_CRYPTO) 1906 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1907 psa_key_type_t key_type; 1908 psa_algorithm_t alg; 1909 size_t key_bits; 1910 1911 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, 1912 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, 1913 &alg, &key_type, &key_bits); 1914 1915 if (status != PSA_SUCCESS) { 1916 return 0; 1917 } 1918 1919 return key_bits; 1920#else 1921 const mbedtls_cipher_info_t * const cipher_info = 1922 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher); 1923 1924 return mbedtls_cipher_info_get_key_bitlen(cipher_info); 1925#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1926} 1927 1928#if defined(MBEDTLS_PK_C) 1929mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) 1930{ 1931 switch (info->key_exchange) { 1932 case MBEDTLS_KEY_EXCHANGE_RSA: 1933 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1934 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1935 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1936 return MBEDTLS_PK_RSA; 1937 1938 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1939 return MBEDTLS_PK_ECDSA; 1940 1941 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1942 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1943 return MBEDTLS_PK_ECKEY; 1944 1945 default: 1946 return MBEDTLS_PK_NONE; 1947 } 1948} 1949 1950#if defined(MBEDTLS_USE_PSA_CRYPTO) 1951psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) 1952{ 1953 switch (info->key_exchange) { 1954 case MBEDTLS_KEY_EXCHANGE_RSA: 1955 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1956 return PSA_ALG_RSA_PKCS1V15_CRYPT; 1957 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1958 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1959 return PSA_ALG_RSA_PKCS1V15_SIGN( 1960 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); 1961 1962 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1963 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); 1964 1965 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1966 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1967 return PSA_ALG_ECDH; 1968 1969 default: 1970 return PSA_ALG_NONE; 1971 } 1972} 1973 1974psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) 1975{ 1976 switch (info->key_exchange) { 1977 case MBEDTLS_KEY_EXCHANGE_RSA: 1978 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1979 return PSA_KEY_USAGE_DECRYPT; 1980 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1981 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1982 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1983 return PSA_KEY_USAGE_SIGN_HASH; 1984 1985 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1986 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1987 return PSA_KEY_USAGE_DERIVE; 1988 1989 default: 1990 return 0; 1991 } 1992} 1993#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1994 1995mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) 1996{ 1997 switch (info->key_exchange) { 1998 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1999 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 2000 return MBEDTLS_PK_RSA; 2001 2002 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 2003 return MBEDTLS_PK_ECDSA; 2004 2005 default: 2006 return MBEDTLS_PK_NONE; 2007 } 2008} 2009 2010#endif /* MBEDTLS_PK_C */ 2011 2012#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ 2013 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ 2014 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 2015int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) 2016{ 2017 switch (info->key_exchange) { 2018 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 2019 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 2020 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 2021 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 2022 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 2023 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 2024 return 1; 2025 2026 default: 2027 return 0; 2028 } 2029} 2030#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || 2031 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || 2032 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ 2033 2034#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) 2035int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) 2036{ 2037 switch (info->key_exchange) { 2038 case MBEDTLS_KEY_EXCHANGE_PSK: 2039 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 2040 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 2041 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 2042 return 1; 2043 2044 default: 2045 return 0; 2046 } 2047} 2048#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ 2049 2050#endif /* MBEDTLS_SSL_TLS_C */ 2051