1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4e1051a39Sopenharmony_ci * Copyright 2005 Nokia. All rights reserved. 5e1051a39Sopenharmony_ci * 6e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 7e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 8e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 9e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 10e1051a39Sopenharmony_ci */ 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ci#include <stdio.h> 13e1051a39Sopenharmony_ci#include <openssl/objects.h> 14e1051a39Sopenharmony_ci#include "internal/nelem.h" 15e1051a39Sopenharmony_ci#include "ssl_local.h" 16e1051a39Sopenharmony_ci#include <openssl/md5.h> 17e1051a39Sopenharmony_ci#include <openssl/dh.h> 18e1051a39Sopenharmony_ci#include <openssl/rand.h> 19e1051a39Sopenharmony_ci#include <openssl/trace.h> 20e1051a39Sopenharmony_ci#include <openssl/x509v3.h> 21e1051a39Sopenharmony_ci#include <openssl/core_names.h> 22e1051a39Sopenharmony_ci#include "internal/cryptlib.h" 23e1051a39Sopenharmony_ci 24e1051a39Sopenharmony_ci#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) 25e1051a39Sopenharmony_ci#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) 26e1051a39Sopenharmony_ci#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) 27e1051a39Sopenharmony_ci 28e1051a39Sopenharmony_ci/* TLSv1.3 downgrade protection sentinel values */ 29e1051a39Sopenharmony_ciconst unsigned char tls11downgrade[] = { 30e1051a39Sopenharmony_ci 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 31e1051a39Sopenharmony_ci}; 32e1051a39Sopenharmony_ciconst unsigned char tls12downgrade[] = { 33e1051a39Sopenharmony_ci 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 34e1051a39Sopenharmony_ci}; 35e1051a39Sopenharmony_ci 36e1051a39Sopenharmony_ci/* The list of available TLSv1.3 ciphers */ 37e1051a39Sopenharmony_cistatic SSL_CIPHER tls13_ciphers[] = { 38e1051a39Sopenharmony_ci { 39e1051a39Sopenharmony_ci 1, 40e1051a39Sopenharmony_ci TLS1_3_RFC_AES_128_GCM_SHA256, 41e1051a39Sopenharmony_ci TLS1_3_RFC_AES_128_GCM_SHA256, 42e1051a39Sopenharmony_ci TLS1_3_CK_AES_128_GCM_SHA256, 43e1051a39Sopenharmony_ci SSL_kANY, 44e1051a39Sopenharmony_ci SSL_aANY, 45e1051a39Sopenharmony_ci SSL_AES128GCM, 46e1051a39Sopenharmony_ci SSL_AEAD, 47e1051a39Sopenharmony_ci TLS1_3_VERSION, TLS1_3_VERSION, 48e1051a39Sopenharmony_ci 0, 0, 49e1051a39Sopenharmony_ci SSL_HIGH, 50e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256, 51e1051a39Sopenharmony_ci 128, 52e1051a39Sopenharmony_ci 128, 53e1051a39Sopenharmony_ci }, { 54e1051a39Sopenharmony_ci 1, 55e1051a39Sopenharmony_ci TLS1_3_RFC_AES_256_GCM_SHA384, 56e1051a39Sopenharmony_ci TLS1_3_RFC_AES_256_GCM_SHA384, 57e1051a39Sopenharmony_ci TLS1_3_CK_AES_256_GCM_SHA384, 58e1051a39Sopenharmony_ci SSL_kANY, 59e1051a39Sopenharmony_ci SSL_aANY, 60e1051a39Sopenharmony_ci SSL_AES256GCM, 61e1051a39Sopenharmony_ci SSL_AEAD, 62e1051a39Sopenharmony_ci TLS1_3_VERSION, TLS1_3_VERSION, 63e1051a39Sopenharmony_ci 0, 0, 64e1051a39Sopenharmony_ci SSL_HIGH, 65e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384, 66e1051a39Sopenharmony_ci 256, 67e1051a39Sopenharmony_ci 256, 68e1051a39Sopenharmony_ci }, 69e1051a39Sopenharmony_ci { 70e1051a39Sopenharmony_ci 1, 71e1051a39Sopenharmony_ci TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 72e1051a39Sopenharmony_ci TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 73e1051a39Sopenharmony_ci TLS1_3_CK_CHACHA20_POLY1305_SHA256, 74e1051a39Sopenharmony_ci SSL_kANY, 75e1051a39Sopenharmony_ci SSL_aANY, 76e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 77e1051a39Sopenharmony_ci SSL_AEAD, 78e1051a39Sopenharmony_ci TLS1_3_VERSION, TLS1_3_VERSION, 79e1051a39Sopenharmony_ci 0, 0, 80e1051a39Sopenharmony_ci SSL_HIGH, 81e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256, 82e1051a39Sopenharmony_ci 256, 83e1051a39Sopenharmony_ci 256, 84e1051a39Sopenharmony_ci }, 85e1051a39Sopenharmony_ci { 86e1051a39Sopenharmony_ci 1, 87e1051a39Sopenharmony_ci TLS1_3_RFC_AES_128_CCM_SHA256, 88e1051a39Sopenharmony_ci TLS1_3_RFC_AES_128_CCM_SHA256, 89e1051a39Sopenharmony_ci TLS1_3_CK_AES_128_CCM_SHA256, 90e1051a39Sopenharmony_ci SSL_kANY, 91e1051a39Sopenharmony_ci SSL_aANY, 92e1051a39Sopenharmony_ci SSL_AES128CCM, 93e1051a39Sopenharmony_ci SSL_AEAD, 94e1051a39Sopenharmony_ci TLS1_3_VERSION, TLS1_3_VERSION, 95e1051a39Sopenharmony_ci 0, 0, 96e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 97e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256, 98e1051a39Sopenharmony_ci 128, 99e1051a39Sopenharmony_ci 128, 100e1051a39Sopenharmony_ci }, { 101e1051a39Sopenharmony_ci 1, 102e1051a39Sopenharmony_ci TLS1_3_RFC_AES_128_CCM_8_SHA256, 103e1051a39Sopenharmony_ci TLS1_3_RFC_AES_128_CCM_8_SHA256, 104e1051a39Sopenharmony_ci TLS1_3_CK_AES_128_CCM_8_SHA256, 105e1051a39Sopenharmony_ci SSL_kANY, 106e1051a39Sopenharmony_ci SSL_aANY, 107e1051a39Sopenharmony_ci SSL_AES128CCM8, 108e1051a39Sopenharmony_ci SSL_AEAD, 109e1051a39Sopenharmony_ci TLS1_3_VERSION, TLS1_3_VERSION, 110e1051a39Sopenharmony_ci 0, 0, 111e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 112e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256, 113e1051a39Sopenharmony_ci 128, 114e1051a39Sopenharmony_ci 128, 115e1051a39Sopenharmony_ci } 116e1051a39Sopenharmony_ci}; 117e1051a39Sopenharmony_ci 118e1051a39Sopenharmony_ci/* 119e1051a39Sopenharmony_ci * The list of available ciphers, mostly organized into the following 120e1051a39Sopenharmony_ci * groups: 121e1051a39Sopenharmony_ci * Always there 122e1051a39Sopenharmony_ci * EC 123e1051a39Sopenharmony_ci * PSK 124e1051a39Sopenharmony_ci * SRP (within that: RSA EC PSK) 125e1051a39Sopenharmony_ci * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED 126e1051a39Sopenharmony_ci * Weak ciphers 127e1051a39Sopenharmony_ci */ 128e1051a39Sopenharmony_cistatic SSL_CIPHER ssl3_ciphers[] = { 129e1051a39Sopenharmony_ci { 130e1051a39Sopenharmony_ci 1, 131e1051a39Sopenharmony_ci SSL3_TXT_RSA_NULL_MD5, 132e1051a39Sopenharmony_ci SSL3_RFC_RSA_NULL_MD5, 133e1051a39Sopenharmony_ci SSL3_CK_RSA_NULL_MD5, 134e1051a39Sopenharmony_ci SSL_kRSA, 135e1051a39Sopenharmony_ci SSL_aRSA, 136e1051a39Sopenharmony_ci SSL_eNULL, 137e1051a39Sopenharmony_ci SSL_MD5, 138e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 139e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 140e1051a39Sopenharmony_ci SSL_STRONG_NONE, 141e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 142e1051a39Sopenharmony_ci 0, 143e1051a39Sopenharmony_ci 0, 144e1051a39Sopenharmony_ci }, 145e1051a39Sopenharmony_ci { 146e1051a39Sopenharmony_ci 1, 147e1051a39Sopenharmony_ci SSL3_TXT_RSA_NULL_SHA, 148e1051a39Sopenharmony_ci SSL3_RFC_RSA_NULL_SHA, 149e1051a39Sopenharmony_ci SSL3_CK_RSA_NULL_SHA, 150e1051a39Sopenharmony_ci SSL_kRSA, 151e1051a39Sopenharmony_ci SSL_aRSA, 152e1051a39Sopenharmony_ci SSL_eNULL, 153e1051a39Sopenharmony_ci SSL_SHA1, 154e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 155e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 156e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 157e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 158e1051a39Sopenharmony_ci 0, 159e1051a39Sopenharmony_ci 0, 160e1051a39Sopenharmony_ci }, 161e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 162e1051a39Sopenharmony_ci { 163e1051a39Sopenharmony_ci 1, 164e1051a39Sopenharmony_ci SSL3_TXT_RSA_DES_192_CBC3_SHA, 165e1051a39Sopenharmony_ci SSL3_RFC_RSA_DES_192_CBC3_SHA, 166e1051a39Sopenharmony_ci SSL3_CK_RSA_DES_192_CBC3_SHA, 167e1051a39Sopenharmony_ci SSL_kRSA, 168e1051a39Sopenharmony_ci SSL_aRSA, 169e1051a39Sopenharmony_ci SSL_3DES, 170e1051a39Sopenharmony_ci SSL_SHA1, 171e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 172e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 173e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 174e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 175e1051a39Sopenharmony_ci 112, 176e1051a39Sopenharmony_ci 168, 177e1051a39Sopenharmony_ci }, 178e1051a39Sopenharmony_ci { 179e1051a39Sopenharmony_ci 1, 180e1051a39Sopenharmony_ci SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, 181e1051a39Sopenharmony_ci SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, 182e1051a39Sopenharmony_ci SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, 183e1051a39Sopenharmony_ci SSL_kDHE, 184e1051a39Sopenharmony_ci SSL_aDSS, 185e1051a39Sopenharmony_ci SSL_3DES, 186e1051a39Sopenharmony_ci SSL_SHA1, 187e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 188e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 189e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 190e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 191e1051a39Sopenharmony_ci 112, 192e1051a39Sopenharmony_ci 168, 193e1051a39Sopenharmony_ci }, 194e1051a39Sopenharmony_ci { 195e1051a39Sopenharmony_ci 1, 196e1051a39Sopenharmony_ci SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, 197e1051a39Sopenharmony_ci SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, 198e1051a39Sopenharmony_ci SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, 199e1051a39Sopenharmony_ci SSL_kDHE, 200e1051a39Sopenharmony_ci SSL_aRSA, 201e1051a39Sopenharmony_ci SSL_3DES, 202e1051a39Sopenharmony_ci SSL_SHA1, 203e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 204e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 205e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 206e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 207e1051a39Sopenharmony_ci 112, 208e1051a39Sopenharmony_ci 168, 209e1051a39Sopenharmony_ci }, 210e1051a39Sopenharmony_ci { 211e1051a39Sopenharmony_ci 1, 212e1051a39Sopenharmony_ci SSL3_TXT_ADH_DES_192_CBC_SHA, 213e1051a39Sopenharmony_ci SSL3_RFC_ADH_DES_192_CBC_SHA, 214e1051a39Sopenharmony_ci SSL3_CK_ADH_DES_192_CBC_SHA, 215e1051a39Sopenharmony_ci SSL_kDHE, 216e1051a39Sopenharmony_ci SSL_aNULL, 217e1051a39Sopenharmony_ci SSL_3DES, 218e1051a39Sopenharmony_ci SSL_SHA1, 219e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 220e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 221e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 222e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 223e1051a39Sopenharmony_ci 112, 224e1051a39Sopenharmony_ci 168, 225e1051a39Sopenharmony_ci }, 226e1051a39Sopenharmony_ci#endif 227e1051a39Sopenharmony_ci { 228e1051a39Sopenharmony_ci 1, 229e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_128_SHA, 230e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_128_SHA, 231e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_128_SHA, 232e1051a39Sopenharmony_ci SSL_kRSA, 233e1051a39Sopenharmony_ci SSL_aRSA, 234e1051a39Sopenharmony_ci SSL_AES128, 235e1051a39Sopenharmony_ci SSL_SHA1, 236e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 237e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 238e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 239e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 240e1051a39Sopenharmony_ci 128, 241e1051a39Sopenharmony_ci 128, 242e1051a39Sopenharmony_ci }, 243e1051a39Sopenharmony_ci { 244e1051a39Sopenharmony_ci 1, 245e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 246e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, 247e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 248e1051a39Sopenharmony_ci SSL_kDHE, 249e1051a39Sopenharmony_ci SSL_aDSS, 250e1051a39Sopenharmony_ci SSL_AES128, 251e1051a39Sopenharmony_ci SSL_SHA1, 252e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 253e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 254e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 255e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256e1051a39Sopenharmony_ci 128, 257e1051a39Sopenharmony_ci 128, 258e1051a39Sopenharmony_ci }, 259e1051a39Sopenharmony_ci { 260e1051a39Sopenharmony_ci 1, 261e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 262e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, 263e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 264e1051a39Sopenharmony_ci SSL_kDHE, 265e1051a39Sopenharmony_ci SSL_aRSA, 266e1051a39Sopenharmony_ci SSL_AES128, 267e1051a39Sopenharmony_ci SSL_SHA1, 268e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 269e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 270e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 271e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 272e1051a39Sopenharmony_ci 128, 273e1051a39Sopenharmony_ci 128, 274e1051a39Sopenharmony_ci }, 275e1051a39Sopenharmony_ci { 276e1051a39Sopenharmony_ci 1, 277e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_AES_128_SHA, 278e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_AES_128_SHA, 279e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_AES_128_SHA, 280e1051a39Sopenharmony_ci SSL_kDHE, 281e1051a39Sopenharmony_ci SSL_aNULL, 282e1051a39Sopenharmony_ci SSL_AES128, 283e1051a39Sopenharmony_ci SSL_SHA1, 284e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 285e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 286e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 287e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 288e1051a39Sopenharmony_ci 128, 289e1051a39Sopenharmony_ci 128, 290e1051a39Sopenharmony_ci }, 291e1051a39Sopenharmony_ci { 292e1051a39Sopenharmony_ci 1, 293e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_256_SHA, 294e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_256_SHA, 295e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_256_SHA, 296e1051a39Sopenharmony_ci SSL_kRSA, 297e1051a39Sopenharmony_ci SSL_aRSA, 298e1051a39Sopenharmony_ci SSL_AES256, 299e1051a39Sopenharmony_ci SSL_SHA1, 300e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 301e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 302e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 303e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 304e1051a39Sopenharmony_ci 256, 305e1051a39Sopenharmony_ci 256, 306e1051a39Sopenharmony_ci }, 307e1051a39Sopenharmony_ci { 308e1051a39Sopenharmony_ci 1, 309e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 310e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, 311e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 312e1051a39Sopenharmony_ci SSL_kDHE, 313e1051a39Sopenharmony_ci SSL_aDSS, 314e1051a39Sopenharmony_ci SSL_AES256, 315e1051a39Sopenharmony_ci SSL_SHA1, 316e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 317e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 318e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 319e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 320e1051a39Sopenharmony_ci 256, 321e1051a39Sopenharmony_ci 256, 322e1051a39Sopenharmony_ci }, 323e1051a39Sopenharmony_ci { 324e1051a39Sopenharmony_ci 1, 325e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 326e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, 327e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 328e1051a39Sopenharmony_ci SSL_kDHE, 329e1051a39Sopenharmony_ci SSL_aRSA, 330e1051a39Sopenharmony_ci SSL_AES256, 331e1051a39Sopenharmony_ci SSL_SHA1, 332e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 333e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 334e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 335e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 336e1051a39Sopenharmony_ci 256, 337e1051a39Sopenharmony_ci 256, 338e1051a39Sopenharmony_ci }, 339e1051a39Sopenharmony_ci { 340e1051a39Sopenharmony_ci 1, 341e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_AES_256_SHA, 342e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_AES_256_SHA, 343e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_AES_256_SHA, 344e1051a39Sopenharmony_ci SSL_kDHE, 345e1051a39Sopenharmony_ci SSL_aNULL, 346e1051a39Sopenharmony_ci SSL_AES256, 347e1051a39Sopenharmony_ci SSL_SHA1, 348e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 349e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 350e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 351e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 352e1051a39Sopenharmony_ci 256, 353e1051a39Sopenharmony_ci 256, 354e1051a39Sopenharmony_ci }, 355e1051a39Sopenharmony_ci { 356e1051a39Sopenharmony_ci 1, 357e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_NULL_SHA256, 358e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_NULL_SHA256, 359e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_NULL_SHA256, 360e1051a39Sopenharmony_ci SSL_kRSA, 361e1051a39Sopenharmony_ci SSL_aRSA, 362e1051a39Sopenharmony_ci SSL_eNULL, 363e1051a39Sopenharmony_ci SSL_SHA256, 364e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 365e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 366e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 367e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 368e1051a39Sopenharmony_ci 0, 369e1051a39Sopenharmony_ci 0, 370e1051a39Sopenharmony_ci }, 371e1051a39Sopenharmony_ci { 372e1051a39Sopenharmony_ci 1, 373e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_128_SHA256, 374e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_128_SHA256, 375e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_128_SHA256, 376e1051a39Sopenharmony_ci SSL_kRSA, 377e1051a39Sopenharmony_ci SSL_aRSA, 378e1051a39Sopenharmony_ci SSL_AES128, 379e1051a39Sopenharmony_ci SSL_SHA256, 380e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 381e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 382e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 383e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 384e1051a39Sopenharmony_ci 128, 385e1051a39Sopenharmony_ci 128, 386e1051a39Sopenharmony_ci }, 387e1051a39Sopenharmony_ci { 388e1051a39Sopenharmony_ci 1, 389e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_256_SHA256, 390e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_256_SHA256, 391e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_256_SHA256, 392e1051a39Sopenharmony_ci SSL_kRSA, 393e1051a39Sopenharmony_ci SSL_aRSA, 394e1051a39Sopenharmony_ci SSL_AES256, 395e1051a39Sopenharmony_ci SSL_SHA256, 396e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 397e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 398e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 399e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 400e1051a39Sopenharmony_ci 256, 401e1051a39Sopenharmony_ci 256, 402e1051a39Sopenharmony_ci }, 403e1051a39Sopenharmony_ci { 404e1051a39Sopenharmony_ci 1, 405e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 406e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, 407e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 408e1051a39Sopenharmony_ci SSL_kDHE, 409e1051a39Sopenharmony_ci SSL_aDSS, 410e1051a39Sopenharmony_ci SSL_AES128, 411e1051a39Sopenharmony_ci SSL_SHA256, 412e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 413e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 414e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 415e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 416e1051a39Sopenharmony_ci 128, 417e1051a39Sopenharmony_ci 128, 418e1051a39Sopenharmony_ci }, 419e1051a39Sopenharmony_ci { 420e1051a39Sopenharmony_ci 1, 421e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 422e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, 423e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 424e1051a39Sopenharmony_ci SSL_kDHE, 425e1051a39Sopenharmony_ci SSL_aRSA, 426e1051a39Sopenharmony_ci SSL_AES128, 427e1051a39Sopenharmony_ci SSL_SHA256, 428e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 429e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 430e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 431e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 432e1051a39Sopenharmony_ci 128, 433e1051a39Sopenharmony_ci 128, 434e1051a39Sopenharmony_ci }, 435e1051a39Sopenharmony_ci { 436e1051a39Sopenharmony_ci 1, 437e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 438e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, 439e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 440e1051a39Sopenharmony_ci SSL_kDHE, 441e1051a39Sopenharmony_ci SSL_aDSS, 442e1051a39Sopenharmony_ci SSL_AES256, 443e1051a39Sopenharmony_ci SSL_SHA256, 444e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 445e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 446e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 447e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 448e1051a39Sopenharmony_ci 256, 449e1051a39Sopenharmony_ci 256, 450e1051a39Sopenharmony_ci }, 451e1051a39Sopenharmony_ci { 452e1051a39Sopenharmony_ci 1, 453e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 454e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, 455e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 456e1051a39Sopenharmony_ci SSL_kDHE, 457e1051a39Sopenharmony_ci SSL_aRSA, 458e1051a39Sopenharmony_ci SSL_AES256, 459e1051a39Sopenharmony_ci SSL_SHA256, 460e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 461e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 462e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 463e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 464e1051a39Sopenharmony_ci 256, 465e1051a39Sopenharmony_ci 256, 466e1051a39Sopenharmony_ci }, 467e1051a39Sopenharmony_ci { 468e1051a39Sopenharmony_ci 1, 469e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_AES_128_SHA256, 470e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_AES_128_SHA256, 471e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_AES_128_SHA256, 472e1051a39Sopenharmony_ci SSL_kDHE, 473e1051a39Sopenharmony_ci SSL_aNULL, 474e1051a39Sopenharmony_ci SSL_AES128, 475e1051a39Sopenharmony_ci SSL_SHA256, 476e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 477e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 478e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 479e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 480e1051a39Sopenharmony_ci 128, 481e1051a39Sopenharmony_ci 128, 482e1051a39Sopenharmony_ci }, 483e1051a39Sopenharmony_ci { 484e1051a39Sopenharmony_ci 1, 485e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_AES_256_SHA256, 486e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_AES_256_SHA256, 487e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_AES_256_SHA256, 488e1051a39Sopenharmony_ci SSL_kDHE, 489e1051a39Sopenharmony_ci SSL_aNULL, 490e1051a39Sopenharmony_ci SSL_AES256, 491e1051a39Sopenharmony_ci SSL_SHA256, 492e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 493e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 494e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 495e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 496e1051a39Sopenharmony_ci 256, 497e1051a39Sopenharmony_ci 256, 498e1051a39Sopenharmony_ci }, 499e1051a39Sopenharmony_ci { 500e1051a39Sopenharmony_ci 1, 501e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 502e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, 503e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 504e1051a39Sopenharmony_ci SSL_kRSA, 505e1051a39Sopenharmony_ci SSL_aRSA, 506e1051a39Sopenharmony_ci SSL_AES128GCM, 507e1051a39Sopenharmony_ci SSL_AEAD, 508e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 509e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 510e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 511e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 512e1051a39Sopenharmony_ci 128, 513e1051a39Sopenharmony_ci 128, 514e1051a39Sopenharmony_ci }, 515e1051a39Sopenharmony_ci { 516e1051a39Sopenharmony_ci 1, 517e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 518e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, 519e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 520e1051a39Sopenharmony_ci SSL_kRSA, 521e1051a39Sopenharmony_ci SSL_aRSA, 522e1051a39Sopenharmony_ci SSL_AES256GCM, 523e1051a39Sopenharmony_ci SSL_AEAD, 524e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 525e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 526e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 527e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 528e1051a39Sopenharmony_ci 256, 529e1051a39Sopenharmony_ci 256, 530e1051a39Sopenharmony_ci }, 531e1051a39Sopenharmony_ci { 532e1051a39Sopenharmony_ci 1, 533e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 534e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, 535e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 536e1051a39Sopenharmony_ci SSL_kDHE, 537e1051a39Sopenharmony_ci SSL_aRSA, 538e1051a39Sopenharmony_ci SSL_AES128GCM, 539e1051a39Sopenharmony_ci SSL_AEAD, 540e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 541e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 542e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 543e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 544e1051a39Sopenharmony_ci 128, 545e1051a39Sopenharmony_ci 128, 546e1051a39Sopenharmony_ci }, 547e1051a39Sopenharmony_ci { 548e1051a39Sopenharmony_ci 1, 549e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 550e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, 551e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 552e1051a39Sopenharmony_ci SSL_kDHE, 553e1051a39Sopenharmony_ci SSL_aRSA, 554e1051a39Sopenharmony_ci SSL_AES256GCM, 555e1051a39Sopenharmony_ci SSL_AEAD, 556e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 557e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 558e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 559e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 560e1051a39Sopenharmony_ci 256, 561e1051a39Sopenharmony_ci 256, 562e1051a39Sopenharmony_ci }, 563e1051a39Sopenharmony_ci { 564e1051a39Sopenharmony_ci 1, 565e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 566e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, 567e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 568e1051a39Sopenharmony_ci SSL_kDHE, 569e1051a39Sopenharmony_ci SSL_aDSS, 570e1051a39Sopenharmony_ci SSL_AES128GCM, 571e1051a39Sopenharmony_ci SSL_AEAD, 572e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 573e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 574e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 575e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 576e1051a39Sopenharmony_ci 128, 577e1051a39Sopenharmony_ci 128, 578e1051a39Sopenharmony_ci }, 579e1051a39Sopenharmony_ci { 580e1051a39Sopenharmony_ci 1, 581e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 582e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, 583e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 584e1051a39Sopenharmony_ci SSL_kDHE, 585e1051a39Sopenharmony_ci SSL_aDSS, 586e1051a39Sopenharmony_ci SSL_AES256GCM, 587e1051a39Sopenharmony_ci SSL_AEAD, 588e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 589e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 590e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 591e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 592e1051a39Sopenharmony_ci 256, 593e1051a39Sopenharmony_ci 256, 594e1051a39Sopenharmony_ci }, 595e1051a39Sopenharmony_ci { 596e1051a39Sopenharmony_ci 1, 597e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 598e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, 599e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 600e1051a39Sopenharmony_ci SSL_kDHE, 601e1051a39Sopenharmony_ci SSL_aNULL, 602e1051a39Sopenharmony_ci SSL_AES128GCM, 603e1051a39Sopenharmony_ci SSL_AEAD, 604e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 605e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 606e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 607e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 608e1051a39Sopenharmony_ci 128, 609e1051a39Sopenharmony_ci 128, 610e1051a39Sopenharmony_ci }, 611e1051a39Sopenharmony_ci { 612e1051a39Sopenharmony_ci 1, 613e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 614e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, 615e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 616e1051a39Sopenharmony_ci SSL_kDHE, 617e1051a39Sopenharmony_ci SSL_aNULL, 618e1051a39Sopenharmony_ci SSL_AES256GCM, 619e1051a39Sopenharmony_ci SSL_AEAD, 620e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 621e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 622e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 623e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 624e1051a39Sopenharmony_ci 256, 625e1051a39Sopenharmony_ci 256, 626e1051a39Sopenharmony_ci }, 627e1051a39Sopenharmony_ci { 628e1051a39Sopenharmony_ci 1, 629e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_128_CCM, 630e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_128_CCM, 631e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_128_CCM, 632e1051a39Sopenharmony_ci SSL_kRSA, 633e1051a39Sopenharmony_ci SSL_aRSA, 634e1051a39Sopenharmony_ci SSL_AES128CCM, 635e1051a39Sopenharmony_ci SSL_AEAD, 636e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 637e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 638e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 639e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 640e1051a39Sopenharmony_ci 128, 641e1051a39Sopenharmony_ci 128, 642e1051a39Sopenharmony_ci }, 643e1051a39Sopenharmony_ci { 644e1051a39Sopenharmony_ci 1, 645e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_256_CCM, 646e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_256_CCM, 647e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_256_CCM, 648e1051a39Sopenharmony_ci SSL_kRSA, 649e1051a39Sopenharmony_ci SSL_aRSA, 650e1051a39Sopenharmony_ci SSL_AES256CCM, 651e1051a39Sopenharmony_ci SSL_AEAD, 652e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 653e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 654e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 655e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 656e1051a39Sopenharmony_ci 256, 657e1051a39Sopenharmony_ci 256, 658e1051a39Sopenharmony_ci }, 659e1051a39Sopenharmony_ci { 660e1051a39Sopenharmony_ci 1, 661e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, 662e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, 663e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_128_CCM, 664e1051a39Sopenharmony_ci SSL_kDHE, 665e1051a39Sopenharmony_ci SSL_aRSA, 666e1051a39Sopenharmony_ci SSL_AES128CCM, 667e1051a39Sopenharmony_ci SSL_AEAD, 668e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 669e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 670e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 671e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 672e1051a39Sopenharmony_ci 128, 673e1051a39Sopenharmony_ci 128, 674e1051a39Sopenharmony_ci }, 675e1051a39Sopenharmony_ci { 676e1051a39Sopenharmony_ci 1, 677e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, 678e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, 679e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_256_CCM, 680e1051a39Sopenharmony_ci SSL_kDHE, 681e1051a39Sopenharmony_ci SSL_aRSA, 682e1051a39Sopenharmony_ci SSL_AES256CCM, 683e1051a39Sopenharmony_ci SSL_AEAD, 684e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 685e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 686e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 687e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 688e1051a39Sopenharmony_ci 256, 689e1051a39Sopenharmony_ci 256, 690e1051a39Sopenharmony_ci }, 691e1051a39Sopenharmony_ci { 692e1051a39Sopenharmony_ci 1, 693e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_128_CCM_8, 694e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_128_CCM_8, 695e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_128_CCM_8, 696e1051a39Sopenharmony_ci SSL_kRSA, 697e1051a39Sopenharmony_ci SSL_aRSA, 698e1051a39Sopenharmony_ci SSL_AES128CCM8, 699e1051a39Sopenharmony_ci SSL_AEAD, 700e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 701e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 702e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 703e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 704e1051a39Sopenharmony_ci 128, 705e1051a39Sopenharmony_ci 128, 706e1051a39Sopenharmony_ci }, 707e1051a39Sopenharmony_ci { 708e1051a39Sopenharmony_ci 1, 709e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_AES_256_CCM_8, 710e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_AES_256_CCM_8, 711e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_AES_256_CCM_8, 712e1051a39Sopenharmony_ci SSL_kRSA, 713e1051a39Sopenharmony_ci SSL_aRSA, 714e1051a39Sopenharmony_ci SSL_AES256CCM8, 715e1051a39Sopenharmony_ci SSL_AEAD, 716e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 717e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 718e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 719e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 720e1051a39Sopenharmony_ci 256, 721e1051a39Sopenharmony_ci 256, 722e1051a39Sopenharmony_ci }, 723e1051a39Sopenharmony_ci { 724e1051a39Sopenharmony_ci 1, 725e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, 726e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, 727e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, 728e1051a39Sopenharmony_ci SSL_kDHE, 729e1051a39Sopenharmony_ci SSL_aRSA, 730e1051a39Sopenharmony_ci SSL_AES128CCM8, 731e1051a39Sopenharmony_ci SSL_AEAD, 732e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 733e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 734e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 735e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 736e1051a39Sopenharmony_ci 128, 737e1051a39Sopenharmony_ci 128, 738e1051a39Sopenharmony_ci }, 739e1051a39Sopenharmony_ci { 740e1051a39Sopenharmony_ci 1, 741e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, 742e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, 743e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, 744e1051a39Sopenharmony_ci SSL_kDHE, 745e1051a39Sopenharmony_ci SSL_aRSA, 746e1051a39Sopenharmony_ci SSL_AES256CCM8, 747e1051a39Sopenharmony_ci SSL_AEAD, 748e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 749e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 750e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 751e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 752e1051a39Sopenharmony_ci 256, 753e1051a39Sopenharmony_ci 256, 754e1051a39Sopenharmony_ci }, 755e1051a39Sopenharmony_ci { 756e1051a39Sopenharmony_ci 1, 757e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_128_CCM, 758e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_128_CCM, 759e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_128_CCM, 760e1051a39Sopenharmony_ci SSL_kPSK, 761e1051a39Sopenharmony_ci SSL_aPSK, 762e1051a39Sopenharmony_ci SSL_AES128CCM, 763e1051a39Sopenharmony_ci SSL_AEAD, 764e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 765e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 766e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 767e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 768e1051a39Sopenharmony_ci 128, 769e1051a39Sopenharmony_ci 128, 770e1051a39Sopenharmony_ci }, 771e1051a39Sopenharmony_ci { 772e1051a39Sopenharmony_ci 1, 773e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_256_CCM, 774e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_256_CCM, 775e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_256_CCM, 776e1051a39Sopenharmony_ci SSL_kPSK, 777e1051a39Sopenharmony_ci SSL_aPSK, 778e1051a39Sopenharmony_ci SSL_AES256CCM, 779e1051a39Sopenharmony_ci SSL_AEAD, 780e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 781e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 782e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 783e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 784e1051a39Sopenharmony_ci 256, 785e1051a39Sopenharmony_ci 256, 786e1051a39Sopenharmony_ci }, 787e1051a39Sopenharmony_ci { 788e1051a39Sopenharmony_ci 1, 789e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, 790e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, 791e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_128_CCM, 792e1051a39Sopenharmony_ci SSL_kDHEPSK, 793e1051a39Sopenharmony_ci SSL_aPSK, 794e1051a39Sopenharmony_ci SSL_AES128CCM, 795e1051a39Sopenharmony_ci SSL_AEAD, 796e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 797e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 798e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 799e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 800e1051a39Sopenharmony_ci 128, 801e1051a39Sopenharmony_ci 128, 802e1051a39Sopenharmony_ci }, 803e1051a39Sopenharmony_ci { 804e1051a39Sopenharmony_ci 1, 805e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, 806e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, 807e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_256_CCM, 808e1051a39Sopenharmony_ci SSL_kDHEPSK, 809e1051a39Sopenharmony_ci SSL_aPSK, 810e1051a39Sopenharmony_ci SSL_AES256CCM, 811e1051a39Sopenharmony_ci SSL_AEAD, 812e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 813e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 814e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 815e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 816e1051a39Sopenharmony_ci 256, 817e1051a39Sopenharmony_ci 256, 818e1051a39Sopenharmony_ci }, 819e1051a39Sopenharmony_ci { 820e1051a39Sopenharmony_ci 1, 821e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_128_CCM_8, 822e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_128_CCM_8, 823e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_128_CCM_8, 824e1051a39Sopenharmony_ci SSL_kPSK, 825e1051a39Sopenharmony_ci SSL_aPSK, 826e1051a39Sopenharmony_ci SSL_AES128CCM8, 827e1051a39Sopenharmony_ci SSL_AEAD, 828e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 829e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 830e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 831e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 832e1051a39Sopenharmony_ci 128, 833e1051a39Sopenharmony_ci 128, 834e1051a39Sopenharmony_ci }, 835e1051a39Sopenharmony_ci { 836e1051a39Sopenharmony_ci 1, 837e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_256_CCM_8, 838e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_256_CCM_8, 839e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_256_CCM_8, 840e1051a39Sopenharmony_ci SSL_kPSK, 841e1051a39Sopenharmony_ci SSL_aPSK, 842e1051a39Sopenharmony_ci SSL_AES256CCM8, 843e1051a39Sopenharmony_ci SSL_AEAD, 844e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 845e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 846e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 847e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 848e1051a39Sopenharmony_ci 256, 849e1051a39Sopenharmony_ci 256, 850e1051a39Sopenharmony_ci }, 851e1051a39Sopenharmony_ci { 852e1051a39Sopenharmony_ci 1, 853e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, 854e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, 855e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, 856e1051a39Sopenharmony_ci SSL_kDHEPSK, 857e1051a39Sopenharmony_ci SSL_aPSK, 858e1051a39Sopenharmony_ci SSL_AES128CCM8, 859e1051a39Sopenharmony_ci SSL_AEAD, 860e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 861e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 862e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 863e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 864e1051a39Sopenharmony_ci 128, 865e1051a39Sopenharmony_ci 128, 866e1051a39Sopenharmony_ci }, 867e1051a39Sopenharmony_ci { 868e1051a39Sopenharmony_ci 1, 869e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, 870e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, 871e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, 872e1051a39Sopenharmony_ci SSL_kDHEPSK, 873e1051a39Sopenharmony_ci SSL_aPSK, 874e1051a39Sopenharmony_ci SSL_AES256CCM8, 875e1051a39Sopenharmony_ci SSL_AEAD, 876e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 877e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 878e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 879e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 880e1051a39Sopenharmony_ci 256, 881e1051a39Sopenharmony_ci 256, 882e1051a39Sopenharmony_ci }, 883e1051a39Sopenharmony_ci { 884e1051a39Sopenharmony_ci 1, 885e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, 886e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, 887e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, 888e1051a39Sopenharmony_ci SSL_kECDHE, 889e1051a39Sopenharmony_ci SSL_aECDSA, 890e1051a39Sopenharmony_ci SSL_AES128CCM, 891e1051a39Sopenharmony_ci SSL_AEAD, 892e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 893e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 894e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 895e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 896e1051a39Sopenharmony_ci 128, 897e1051a39Sopenharmony_ci 128, 898e1051a39Sopenharmony_ci }, 899e1051a39Sopenharmony_ci { 900e1051a39Sopenharmony_ci 1, 901e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, 902e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, 903e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, 904e1051a39Sopenharmony_ci SSL_kECDHE, 905e1051a39Sopenharmony_ci SSL_aECDSA, 906e1051a39Sopenharmony_ci SSL_AES256CCM, 907e1051a39Sopenharmony_ci SSL_AEAD, 908e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 909e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 910e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 911e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 912e1051a39Sopenharmony_ci 256, 913e1051a39Sopenharmony_ci 256, 914e1051a39Sopenharmony_ci }, 915e1051a39Sopenharmony_ci { 916e1051a39Sopenharmony_ci 1, 917e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, 918e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, 919e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, 920e1051a39Sopenharmony_ci SSL_kECDHE, 921e1051a39Sopenharmony_ci SSL_aECDSA, 922e1051a39Sopenharmony_ci SSL_AES128CCM8, 923e1051a39Sopenharmony_ci SSL_AEAD, 924e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 925e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 926e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 927e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 928e1051a39Sopenharmony_ci 128, 929e1051a39Sopenharmony_ci 128, 930e1051a39Sopenharmony_ci }, 931e1051a39Sopenharmony_ci { 932e1051a39Sopenharmony_ci 1, 933e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, 934e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, 935e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, 936e1051a39Sopenharmony_ci SSL_kECDHE, 937e1051a39Sopenharmony_ci SSL_aECDSA, 938e1051a39Sopenharmony_ci SSL_AES256CCM8, 939e1051a39Sopenharmony_ci SSL_AEAD, 940e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 941e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 942e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 943e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 944e1051a39Sopenharmony_ci 256, 945e1051a39Sopenharmony_ci 256, 946e1051a39Sopenharmony_ci }, 947e1051a39Sopenharmony_ci { 948e1051a39Sopenharmony_ci 1, 949e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 950e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, 951e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 952e1051a39Sopenharmony_ci SSL_kECDHE, 953e1051a39Sopenharmony_ci SSL_aECDSA, 954e1051a39Sopenharmony_ci SSL_eNULL, 955e1051a39Sopenharmony_ci SSL_SHA1, 956e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 957e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 958e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 959e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 960e1051a39Sopenharmony_ci 0, 961e1051a39Sopenharmony_ci 0, 962e1051a39Sopenharmony_ci }, 963e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 964e1051a39Sopenharmony_ci { 965e1051a39Sopenharmony_ci 1, 966e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 967e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 968e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 969e1051a39Sopenharmony_ci SSL_kECDHE, 970e1051a39Sopenharmony_ci SSL_aECDSA, 971e1051a39Sopenharmony_ci SSL_3DES, 972e1051a39Sopenharmony_ci SSL_SHA1, 973e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 974e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 975e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 976e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 977e1051a39Sopenharmony_ci 112, 978e1051a39Sopenharmony_ci 168, 979e1051a39Sopenharmony_ci }, 980e1051a39Sopenharmony_ci# endif 981e1051a39Sopenharmony_ci { 982e1051a39Sopenharmony_ci 1, 983e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 984e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 985e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 986e1051a39Sopenharmony_ci SSL_kECDHE, 987e1051a39Sopenharmony_ci SSL_aECDSA, 988e1051a39Sopenharmony_ci SSL_AES128, 989e1051a39Sopenharmony_ci SSL_SHA1, 990e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 991e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 992e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 993e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 994e1051a39Sopenharmony_ci 128, 995e1051a39Sopenharmony_ci 128, 996e1051a39Sopenharmony_ci }, 997e1051a39Sopenharmony_ci { 998e1051a39Sopenharmony_ci 1, 999e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1000e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1001e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1002e1051a39Sopenharmony_ci SSL_kECDHE, 1003e1051a39Sopenharmony_ci SSL_aECDSA, 1004e1051a39Sopenharmony_ci SSL_AES256, 1005e1051a39Sopenharmony_ci SSL_SHA1, 1006e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1007e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1008e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1009e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1010e1051a39Sopenharmony_ci 256, 1011e1051a39Sopenharmony_ci 256, 1012e1051a39Sopenharmony_ci }, 1013e1051a39Sopenharmony_ci { 1014e1051a39Sopenharmony_ci 1, 1015e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1016e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, 1017e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1018e1051a39Sopenharmony_ci SSL_kECDHE, 1019e1051a39Sopenharmony_ci SSL_aRSA, 1020e1051a39Sopenharmony_ci SSL_eNULL, 1021e1051a39Sopenharmony_ci SSL_SHA1, 1022e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1023e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1024e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1025e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1026e1051a39Sopenharmony_ci 0, 1027e1051a39Sopenharmony_ci 0, 1028e1051a39Sopenharmony_ci }, 1029e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1030e1051a39Sopenharmony_ci { 1031e1051a39Sopenharmony_ci 1, 1032e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1033e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1034e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1035e1051a39Sopenharmony_ci SSL_kECDHE, 1036e1051a39Sopenharmony_ci SSL_aRSA, 1037e1051a39Sopenharmony_ci SSL_3DES, 1038e1051a39Sopenharmony_ci SSL_SHA1, 1039e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1040e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1041e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 1042e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1043e1051a39Sopenharmony_ci 112, 1044e1051a39Sopenharmony_ci 168, 1045e1051a39Sopenharmony_ci }, 1046e1051a39Sopenharmony_ci# endif 1047e1051a39Sopenharmony_ci { 1048e1051a39Sopenharmony_ci 1, 1049e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1050e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1051e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1052e1051a39Sopenharmony_ci SSL_kECDHE, 1053e1051a39Sopenharmony_ci SSL_aRSA, 1054e1051a39Sopenharmony_ci SSL_AES128, 1055e1051a39Sopenharmony_ci SSL_SHA1, 1056e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1057e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1058e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1059e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1060e1051a39Sopenharmony_ci 128, 1061e1051a39Sopenharmony_ci 128, 1062e1051a39Sopenharmony_ci }, 1063e1051a39Sopenharmony_ci { 1064e1051a39Sopenharmony_ci 1, 1065e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1066e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1067e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1068e1051a39Sopenharmony_ci SSL_kECDHE, 1069e1051a39Sopenharmony_ci SSL_aRSA, 1070e1051a39Sopenharmony_ci SSL_AES256, 1071e1051a39Sopenharmony_ci SSL_SHA1, 1072e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1073e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1074e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1075e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1076e1051a39Sopenharmony_ci 256, 1077e1051a39Sopenharmony_ci 256, 1078e1051a39Sopenharmony_ci }, 1079e1051a39Sopenharmony_ci { 1080e1051a39Sopenharmony_ci 1, 1081e1051a39Sopenharmony_ci TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1082e1051a39Sopenharmony_ci TLS1_RFC_ECDH_anon_WITH_NULL_SHA, 1083e1051a39Sopenharmony_ci TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1084e1051a39Sopenharmony_ci SSL_kECDHE, 1085e1051a39Sopenharmony_ci SSL_aNULL, 1086e1051a39Sopenharmony_ci SSL_eNULL, 1087e1051a39Sopenharmony_ci SSL_SHA1, 1088e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1089e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1090e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1091e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1092e1051a39Sopenharmony_ci 0, 1093e1051a39Sopenharmony_ci 0, 1094e1051a39Sopenharmony_ci }, 1095e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1096e1051a39Sopenharmony_ci { 1097e1051a39Sopenharmony_ci 1, 1098e1051a39Sopenharmony_ci TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1099e1051a39Sopenharmony_ci TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, 1100e1051a39Sopenharmony_ci TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1101e1051a39Sopenharmony_ci SSL_kECDHE, 1102e1051a39Sopenharmony_ci SSL_aNULL, 1103e1051a39Sopenharmony_ci SSL_3DES, 1104e1051a39Sopenharmony_ci SSL_SHA1, 1105e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1106e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1107e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 1108e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1109e1051a39Sopenharmony_ci 112, 1110e1051a39Sopenharmony_ci 168, 1111e1051a39Sopenharmony_ci }, 1112e1051a39Sopenharmony_ci# endif 1113e1051a39Sopenharmony_ci { 1114e1051a39Sopenharmony_ci 1, 1115e1051a39Sopenharmony_ci TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1116e1051a39Sopenharmony_ci TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, 1117e1051a39Sopenharmony_ci TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1118e1051a39Sopenharmony_ci SSL_kECDHE, 1119e1051a39Sopenharmony_ci SSL_aNULL, 1120e1051a39Sopenharmony_ci SSL_AES128, 1121e1051a39Sopenharmony_ci SSL_SHA1, 1122e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1123e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1124e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 1125e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1126e1051a39Sopenharmony_ci 128, 1127e1051a39Sopenharmony_ci 128, 1128e1051a39Sopenharmony_ci }, 1129e1051a39Sopenharmony_ci { 1130e1051a39Sopenharmony_ci 1, 1131e1051a39Sopenharmony_ci TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1132e1051a39Sopenharmony_ci TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, 1133e1051a39Sopenharmony_ci TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1134e1051a39Sopenharmony_ci SSL_kECDHE, 1135e1051a39Sopenharmony_ci SSL_aNULL, 1136e1051a39Sopenharmony_ci SSL_AES256, 1137e1051a39Sopenharmony_ci SSL_SHA1, 1138e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1139e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1140e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, 1141e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1142e1051a39Sopenharmony_ci 256, 1143e1051a39Sopenharmony_ci 256, 1144e1051a39Sopenharmony_ci }, 1145e1051a39Sopenharmony_ci { 1146e1051a39Sopenharmony_ci 1, 1147e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1148e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, 1149e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1150e1051a39Sopenharmony_ci SSL_kECDHE, 1151e1051a39Sopenharmony_ci SSL_aECDSA, 1152e1051a39Sopenharmony_ci SSL_AES128, 1153e1051a39Sopenharmony_ci SSL_SHA256, 1154e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1155e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1156e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1157e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1158e1051a39Sopenharmony_ci 128, 1159e1051a39Sopenharmony_ci 128, 1160e1051a39Sopenharmony_ci }, 1161e1051a39Sopenharmony_ci { 1162e1051a39Sopenharmony_ci 1, 1163e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1164e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, 1165e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1166e1051a39Sopenharmony_ci SSL_kECDHE, 1167e1051a39Sopenharmony_ci SSL_aECDSA, 1168e1051a39Sopenharmony_ci SSL_AES256, 1169e1051a39Sopenharmony_ci SSL_SHA384, 1170e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1171e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1172e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1173e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1174e1051a39Sopenharmony_ci 256, 1175e1051a39Sopenharmony_ci 256, 1176e1051a39Sopenharmony_ci }, 1177e1051a39Sopenharmony_ci { 1178e1051a39Sopenharmony_ci 1, 1179e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1180e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, 1181e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1182e1051a39Sopenharmony_ci SSL_kECDHE, 1183e1051a39Sopenharmony_ci SSL_aRSA, 1184e1051a39Sopenharmony_ci SSL_AES128, 1185e1051a39Sopenharmony_ci SSL_SHA256, 1186e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1187e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1188e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1189e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1190e1051a39Sopenharmony_ci 128, 1191e1051a39Sopenharmony_ci 128, 1192e1051a39Sopenharmony_ci }, 1193e1051a39Sopenharmony_ci { 1194e1051a39Sopenharmony_ci 1, 1195e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1196e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, 1197e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1198e1051a39Sopenharmony_ci SSL_kECDHE, 1199e1051a39Sopenharmony_ci SSL_aRSA, 1200e1051a39Sopenharmony_ci SSL_AES256, 1201e1051a39Sopenharmony_ci SSL_SHA384, 1202e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1203e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1204e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1205e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1206e1051a39Sopenharmony_ci 256, 1207e1051a39Sopenharmony_ci 256, 1208e1051a39Sopenharmony_ci }, 1209e1051a39Sopenharmony_ci { 1210e1051a39Sopenharmony_ci 1, 1211e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1212e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1213e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1214e1051a39Sopenharmony_ci SSL_kECDHE, 1215e1051a39Sopenharmony_ci SSL_aECDSA, 1216e1051a39Sopenharmony_ci SSL_AES128GCM, 1217e1051a39Sopenharmony_ci SSL_AEAD, 1218e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1219e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1220e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1221e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1222e1051a39Sopenharmony_ci 128, 1223e1051a39Sopenharmony_ci 128, 1224e1051a39Sopenharmony_ci }, 1225e1051a39Sopenharmony_ci { 1226e1051a39Sopenharmony_ci 1, 1227e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1228e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1229e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1230e1051a39Sopenharmony_ci SSL_kECDHE, 1231e1051a39Sopenharmony_ci SSL_aECDSA, 1232e1051a39Sopenharmony_ci SSL_AES256GCM, 1233e1051a39Sopenharmony_ci SSL_AEAD, 1234e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1235e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1236e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1237e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1238e1051a39Sopenharmony_ci 256, 1239e1051a39Sopenharmony_ci 256, 1240e1051a39Sopenharmony_ci }, 1241e1051a39Sopenharmony_ci { 1242e1051a39Sopenharmony_ci 1, 1243e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1244e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1245e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1246e1051a39Sopenharmony_ci SSL_kECDHE, 1247e1051a39Sopenharmony_ci SSL_aRSA, 1248e1051a39Sopenharmony_ci SSL_AES128GCM, 1249e1051a39Sopenharmony_ci SSL_AEAD, 1250e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1251e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1252e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1253e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1254e1051a39Sopenharmony_ci 128, 1255e1051a39Sopenharmony_ci 128, 1256e1051a39Sopenharmony_ci }, 1257e1051a39Sopenharmony_ci { 1258e1051a39Sopenharmony_ci 1, 1259e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1260e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1261e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1262e1051a39Sopenharmony_ci SSL_kECDHE, 1263e1051a39Sopenharmony_ci SSL_aRSA, 1264e1051a39Sopenharmony_ci SSL_AES256GCM, 1265e1051a39Sopenharmony_ci SSL_AEAD, 1266e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1267e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1268e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1269e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1270e1051a39Sopenharmony_ci 256, 1271e1051a39Sopenharmony_ci 256, 1272e1051a39Sopenharmony_ci }, 1273e1051a39Sopenharmony_ci { 1274e1051a39Sopenharmony_ci 1, 1275e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_NULL_SHA, 1276e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_NULL_SHA, 1277e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_NULL_SHA, 1278e1051a39Sopenharmony_ci SSL_kPSK, 1279e1051a39Sopenharmony_ci SSL_aPSK, 1280e1051a39Sopenharmony_ci SSL_eNULL, 1281e1051a39Sopenharmony_ci SSL_SHA1, 1282e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1283e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1284e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1285e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1286e1051a39Sopenharmony_ci 0, 1287e1051a39Sopenharmony_ci 0, 1288e1051a39Sopenharmony_ci }, 1289e1051a39Sopenharmony_ci { 1290e1051a39Sopenharmony_ci 1, 1291e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_NULL_SHA, 1292e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_NULL_SHA, 1293e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_NULL_SHA, 1294e1051a39Sopenharmony_ci SSL_kDHEPSK, 1295e1051a39Sopenharmony_ci SSL_aPSK, 1296e1051a39Sopenharmony_ci SSL_eNULL, 1297e1051a39Sopenharmony_ci SSL_SHA1, 1298e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1299e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1300e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1301e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1302e1051a39Sopenharmony_ci 0, 1303e1051a39Sopenharmony_ci 0, 1304e1051a39Sopenharmony_ci }, 1305e1051a39Sopenharmony_ci { 1306e1051a39Sopenharmony_ci 1, 1307e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_NULL_SHA, 1308e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_NULL_SHA, 1309e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_NULL_SHA, 1310e1051a39Sopenharmony_ci SSL_kRSAPSK, 1311e1051a39Sopenharmony_ci SSL_aRSA, 1312e1051a39Sopenharmony_ci SSL_eNULL, 1313e1051a39Sopenharmony_ci SSL_SHA1, 1314e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1315e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1316e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1317e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1318e1051a39Sopenharmony_ci 0, 1319e1051a39Sopenharmony_ci 0, 1320e1051a39Sopenharmony_ci }, 1321e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1322e1051a39Sopenharmony_ci { 1323e1051a39Sopenharmony_ci 1, 1324e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1325e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, 1326e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1327e1051a39Sopenharmony_ci SSL_kPSK, 1328e1051a39Sopenharmony_ci SSL_aPSK, 1329e1051a39Sopenharmony_ci SSL_3DES, 1330e1051a39Sopenharmony_ci SSL_SHA1, 1331e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1332e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1333e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 1334e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1335e1051a39Sopenharmony_ci 112, 1336e1051a39Sopenharmony_ci 168, 1337e1051a39Sopenharmony_ci }, 1338e1051a39Sopenharmony_ci# endif 1339e1051a39Sopenharmony_ci { 1340e1051a39Sopenharmony_ci 1, 1341e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1342e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, 1343e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1344e1051a39Sopenharmony_ci SSL_kPSK, 1345e1051a39Sopenharmony_ci SSL_aPSK, 1346e1051a39Sopenharmony_ci SSL_AES128, 1347e1051a39Sopenharmony_ci SSL_SHA1, 1348e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1349e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1350e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1351e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1352e1051a39Sopenharmony_ci 128, 1353e1051a39Sopenharmony_ci 128, 1354e1051a39Sopenharmony_ci }, 1355e1051a39Sopenharmony_ci { 1356e1051a39Sopenharmony_ci 1, 1357e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1358e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, 1359e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1360e1051a39Sopenharmony_ci SSL_kPSK, 1361e1051a39Sopenharmony_ci SSL_aPSK, 1362e1051a39Sopenharmony_ci SSL_AES256, 1363e1051a39Sopenharmony_ci SSL_SHA1, 1364e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1365e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1366e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1367e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1368e1051a39Sopenharmony_ci 256, 1369e1051a39Sopenharmony_ci 256, 1370e1051a39Sopenharmony_ci }, 1371e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1372e1051a39Sopenharmony_ci { 1373e1051a39Sopenharmony_ci 1, 1374e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 1375e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 1376e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 1377e1051a39Sopenharmony_ci SSL_kDHEPSK, 1378e1051a39Sopenharmony_ci SSL_aPSK, 1379e1051a39Sopenharmony_ci SSL_3DES, 1380e1051a39Sopenharmony_ci SSL_SHA1, 1381e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1382e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1383e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 1384e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1385e1051a39Sopenharmony_ci 112, 1386e1051a39Sopenharmony_ci 168, 1387e1051a39Sopenharmony_ci }, 1388e1051a39Sopenharmony_ci# endif 1389e1051a39Sopenharmony_ci { 1390e1051a39Sopenharmony_ci 1, 1391e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, 1392e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, 1393e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, 1394e1051a39Sopenharmony_ci SSL_kDHEPSK, 1395e1051a39Sopenharmony_ci SSL_aPSK, 1396e1051a39Sopenharmony_ci SSL_AES128, 1397e1051a39Sopenharmony_ci SSL_SHA1, 1398e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1399e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1400e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1401e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1402e1051a39Sopenharmony_ci 128, 1403e1051a39Sopenharmony_ci 128, 1404e1051a39Sopenharmony_ci }, 1405e1051a39Sopenharmony_ci { 1406e1051a39Sopenharmony_ci 1, 1407e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, 1408e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, 1409e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, 1410e1051a39Sopenharmony_ci SSL_kDHEPSK, 1411e1051a39Sopenharmony_ci SSL_aPSK, 1412e1051a39Sopenharmony_ci SSL_AES256, 1413e1051a39Sopenharmony_ci SSL_SHA1, 1414e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1415e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1416e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1417e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1418e1051a39Sopenharmony_ci 256, 1419e1051a39Sopenharmony_ci 256, 1420e1051a39Sopenharmony_ci }, 1421e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1422e1051a39Sopenharmony_ci { 1423e1051a39Sopenharmony_ci 1, 1424e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 1425e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 1426e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 1427e1051a39Sopenharmony_ci SSL_kRSAPSK, 1428e1051a39Sopenharmony_ci SSL_aRSA, 1429e1051a39Sopenharmony_ci SSL_3DES, 1430e1051a39Sopenharmony_ci SSL_SHA1, 1431e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1432e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1433e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 1434e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1435e1051a39Sopenharmony_ci 112, 1436e1051a39Sopenharmony_ci 168, 1437e1051a39Sopenharmony_ci }, 1438e1051a39Sopenharmony_ci# endif 1439e1051a39Sopenharmony_ci { 1440e1051a39Sopenharmony_ci 1, 1441e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, 1442e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, 1443e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, 1444e1051a39Sopenharmony_ci SSL_kRSAPSK, 1445e1051a39Sopenharmony_ci SSL_aRSA, 1446e1051a39Sopenharmony_ci SSL_AES128, 1447e1051a39Sopenharmony_ci SSL_SHA1, 1448e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1449e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1450e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1451e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1452e1051a39Sopenharmony_ci 128, 1453e1051a39Sopenharmony_ci 128, 1454e1051a39Sopenharmony_ci }, 1455e1051a39Sopenharmony_ci { 1456e1051a39Sopenharmony_ci 1, 1457e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, 1458e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, 1459e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, 1460e1051a39Sopenharmony_ci SSL_kRSAPSK, 1461e1051a39Sopenharmony_ci SSL_aRSA, 1462e1051a39Sopenharmony_ci SSL_AES256, 1463e1051a39Sopenharmony_ci SSL_SHA1, 1464e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1465e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1466e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1467e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1468e1051a39Sopenharmony_ci 256, 1469e1051a39Sopenharmony_ci 256, 1470e1051a39Sopenharmony_ci }, 1471e1051a39Sopenharmony_ci { 1472e1051a39Sopenharmony_ci 1, 1473e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, 1474e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, 1475e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, 1476e1051a39Sopenharmony_ci SSL_kPSK, 1477e1051a39Sopenharmony_ci SSL_aPSK, 1478e1051a39Sopenharmony_ci SSL_AES128GCM, 1479e1051a39Sopenharmony_ci SSL_AEAD, 1480e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1481e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1482e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1483e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1484e1051a39Sopenharmony_ci 128, 1485e1051a39Sopenharmony_ci 128, 1486e1051a39Sopenharmony_ci }, 1487e1051a39Sopenharmony_ci { 1488e1051a39Sopenharmony_ci 1, 1489e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, 1490e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, 1491e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, 1492e1051a39Sopenharmony_ci SSL_kPSK, 1493e1051a39Sopenharmony_ci SSL_aPSK, 1494e1051a39Sopenharmony_ci SSL_AES256GCM, 1495e1051a39Sopenharmony_ci SSL_AEAD, 1496e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1497e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1498e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1499e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1500e1051a39Sopenharmony_ci 256, 1501e1051a39Sopenharmony_ci 256, 1502e1051a39Sopenharmony_ci }, 1503e1051a39Sopenharmony_ci { 1504e1051a39Sopenharmony_ci 1, 1505e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, 1506e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, 1507e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, 1508e1051a39Sopenharmony_ci SSL_kDHEPSK, 1509e1051a39Sopenharmony_ci SSL_aPSK, 1510e1051a39Sopenharmony_ci SSL_AES128GCM, 1511e1051a39Sopenharmony_ci SSL_AEAD, 1512e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1513e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1514e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1515e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1516e1051a39Sopenharmony_ci 128, 1517e1051a39Sopenharmony_ci 128, 1518e1051a39Sopenharmony_ci }, 1519e1051a39Sopenharmony_ci { 1520e1051a39Sopenharmony_ci 1, 1521e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, 1522e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, 1523e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, 1524e1051a39Sopenharmony_ci SSL_kDHEPSK, 1525e1051a39Sopenharmony_ci SSL_aPSK, 1526e1051a39Sopenharmony_ci SSL_AES256GCM, 1527e1051a39Sopenharmony_ci SSL_AEAD, 1528e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1529e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1530e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1531e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1532e1051a39Sopenharmony_ci 256, 1533e1051a39Sopenharmony_ci 256, 1534e1051a39Sopenharmony_ci }, 1535e1051a39Sopenharmony_ci { 1536e1051a39Sopenharmony_ci 1, 1537e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, 1538e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, 1539e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, 1540e1051a39Sopenharmony_ci SSL_kRSAPSK, 1541e1051a39Sopenharmony_ci SSL_aRSA, 1542e1051a39Sopenharmony_ci SSL_AES128GCM, 1543e1051a39Sopenharmony_ci SSL_AEAD, 1544e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1545e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1546e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1547e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1548e1051a39Sopenharmony_ci 128, 1549e1051a39Sopenharmony_ci 128, 1550e1051a39Sopenharmony_ci }, 1551e1051a39Sopenharmony_ci { 1552e1051a39Sopenharmony_ci 1, 1553e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, 1554e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, 1555e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, 1556e1051a39Sopenharmony_ci SSL_kRSAPSK, 1557e1051a39Sopenharmony_ci SSL_aRSA, 1558e1051a39Sopenharmony_ci SSL_AES256GCM, 1559e1051a39Sopenharmony_ci SSL_AEAD, 1560e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 1561e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 1562e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1563e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1564e1051a39Sopenharmony_ci 256, 1565e1051a39Sopenharmony_ci 256, 1566e1051a39Sopenharmony_ci }, 1567e1051a39Sopenharmony_ci { 1568e1051a39Sopenharmony_ci 1, 1569e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, 1570e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, 1571e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, 1572e1051a39Sopenharmony_ci SSL_kPSK, 1573e1051a39Sopenharmony_ci SSL_aPSK, 1574e1051a39Sopenharmony_ci SSL_AES128, 1575e1051a39Sopenharmony_ci SSL_SHA256, 1576e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1577e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1578e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1579e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1580e1051a39Sopenharmony_ci 128, 1581e1051a39Sopenharmony_ci 128, 1582e1051a39Sopenharmony_ci }, 1583e1051a39Sopenharmony_ci { 1584e1051a39Sopenharmony_ci 1, 1585e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, 1586e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, 1587e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, 1588e1051a39Sopenharmony_ci SSL_kPSK, 1589e1051a39Sopenharmony_ci SSL_aPSK, 1590e1051a39Sopenharmony_ci SSL_AES256, 1591e1051a39Sopenharmony_ci SSL_SHA384, 1592e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1593e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1594e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1595e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1596e1051a39Sopenharmony_ci 256, 1597e1051a39Sopenharmony_ci 256, 1598e1051a39Sopenharmony_ci }, 1599e1051a39Sopenharmony_ci { 1600e1051a39Sopenharmony_ci 1, 1601e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_NULL_SHA256, 1602e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_NULL_SHA256, 1603e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_NULL_SHA256, 1604e1051a39Sopenharmony_ci SSL_kPSK, 1605e1051a39Sopenharmony_ci SSL_aPSK, 1606e1051a39Sopenharmony_ci SSL_eNULL, 1607e1051a39Sopenharmony_ci SSL_SHA256, 1608e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1609e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1610e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1611e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1612e1051a39Sopenharmony_ci 0, 1613e1051a39Sopenharmony_ci 0, 1614e1051a39Sopenharmony_ci }, 1615e1051a39Sopenharmony_ci { 1616e1051a39Sopenharmony_ci 1, 1617e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_NULL_SHA384, 1618e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_NULL_SHA384, 1619e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_NULL_SHA384, 1620e1051a39Sopenharmony_ci SSL_kPSK, 1621e1051a39Sopenharmony_ci SSL_aPSK, 1622e1051a39Sopenharmony_ci SSL_eNULL, 1623e1051a39Sopenharmony_ci SSL_SHA384, 1624e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1625e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1626e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1627e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1628e1051a39Sopenharmony_ci 0, 1629e1051a39Sopenharmony_ci 0, 1630e1051a39Sopenharmony_ci }, 1631e1051a39Sopenharmony_ci { 1632e1051a39Sopenharmony_ci 1, 1633e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, 1634e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, 1635e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, 1636e1051a39Sopenharmony_ci SSL_kDHEPSK, 1637e1051a39Sopenharmony_ci SSL_aPSK, 1638e1051a39Sopenharmony_ci SSL_AES128, 1639e1051a39Sopenharmony_ci SSL_SHA256, 1640e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1641e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1642e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1643e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1644e1051a39Sopenharmony_ci 128, 1645e1051a39Sopenharmony_ci 128, 1646e1051a39Sopenharmony_ci }, 1647e1051a39Sopenharmony_ci { 1648e1051a39Sopenharmony_ci 1, 1649e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, 1650e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, 1651e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, 1652e1051a39Sopenharmony_ci SSL_kDHEPSK, 1653e1051a39Sopenharmony_ci SSL_aPSK, 1654e1051a39Sopenharmony_ci SSL_AES256, 1655e1051a39Sopenharmony_ci SSL_SHA384, 1656e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1657e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1658e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1659e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1660e1051a39Sopenharmony_ci 256, 1661e1051a39Sopenharmony_ci 256, 1662e1051a39Sopenharmony_ci }, 1663e1051a39Sopenharmony_ci { 1664e1051a39Sopenharmony_ci 1, 1665e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, 1666e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, 1667e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_NULL_SHA256, 1668e1051a39Sopenharmony_ci SSL_kDHEPSK, 1669e1051a39Sopenharmony_ci SSL_aPSK, 1670e1051a39Sopenharmony_ci SSL_eNULL, 1671e1051a39Sopenharmony_ci SSL_SHA256, 1672e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1673e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1674e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1675e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1676e1051a39Sopenharmony_ci 0, 1677e1051a39Sopenharmony_ci 0, 1678e1051a39Sopenharmony_ci }, 1679e1051a39Sopenharmony_ci { 1680e1051a39Sopenharmony_ci 1, 1681e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, 1682e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, 1683e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_NULL_SHA384, 1684e1051a39Sopenharmony_ci SSL_kDHEPSK, 1685e1051a39Sopenharmony_ci SSL_aPSK, 1686e1051a39Sopenharmony_ci SSL_eNULL, 1687e1051a39Sopenharmony_ci SSL_SHA384, 1688e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1689e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1690e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1691e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1692e1051a39Sopenharmony_ci 0, 1693e1051a39Sopenharmony_ci 0, 1694e1051a39Sopenharmony_ci }, 1695e1051a39Sopenharmony_ci { 1696e1051a39Sopenharmony_ci 1, 1697e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, 1698e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, 1699e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, 1700e1051a39Sopenharmony_ci SSL_kRSAPSK, 1701e1051a39Sopenharmony_ci SSL_aRSA, 1702e1051a39Sopenharmony_ci SSL_AES128, 1703e1051a39Sopenharmony_ci SSL_SHA256, 1704e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1705e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1706e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1707e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1708e1051a39Sopenharmony_ci 128, 1709e1051a39Sopenharmony_ci 128, 1710e1051a39Sopenharmony_ci }, 1711e1051a39Sopenharmony_ci { 1712e1051a39Sopenharmony_ci 1, 1713e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, 1714e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, 1715e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, 1716e1051a39Sopenharmony_ci SSL_kRSAPSK, 1717e1051a39Sopenharmony_ci SSL_aRSA, 1718e1051a39Sopenharmony_ci SSL_AES256, 1719e1051a39Sopenharmony_ci SSL_SHA384, 1720e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1721e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1722e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1723e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1724e1051a39Sopenharmony_ci 256, 1725e1051a39Sopenharmony_ci 256, 1726e1051a39Sopenharmony_ci }, 1727e1051a39Sopenharmony_ci { 1728e1051a39Sopenharmony_ci 1, 1729e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, 1730e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, 1731e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_NULL_SHA256, 1732e1051a39Sopenharmony_ci SSL_kRSAPSK, 1733e1051a39Sopenharmony_ci SSL_aRSA, 1734e1051a39Sopenharmony_ci SSL_eNULL, 1735e1051a39Sopenharmony_ci SSL_SHA256, 1736e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1737e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1738e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1739e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1740e1051a39Sopenharmony_ci 0, 1741e1051a39Sopenharmony_ci 0, 1742e1051a39Sopenharmony_ci }, 1743e1051a39Sopenharmony_ci { 1744e1051a39Sopenharmony_ci 1, 1745e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, 1746e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, 1747e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_NULL_SHA384, 1748e1051a39Sopenharmony_ci SSL_kRSAPSK, 1749e1051a39Sopenharmony_ci SSL_aRSA, 1750e1051a39Sopenharmony_ci SSL_eNULL, 1751e1051a39Sopenharmony_ci SSL_SHA384, 1752e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1753e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1754e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1755e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1756e1051a39Sopenharmony_ci 0, 1757e1051a39Sopenharmony_ci 0, 1758e1051a39Sopenharmony_ci }, 1759e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1760e1051a39Sopenharmony_ci { 1761e1051a39Sopenharmony_ci 1, 1762e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 1763e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 1764e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 1765e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1766e1051a39Sopenharmony_ci SSL_aPSK, 1767e1051a39Sopenharmony_ci SSL_3DES, 1768e1051a39Sopenharmony_ci SSL_SHA1, 1769e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1770e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1771e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, 1772e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1773e1051a39Sopenharmony_ci 112, 1774e1051a39Sopenharmony_ci 168, 1775e1051a39Sopenharmony_ci }, 1776e1051a39Sopenharmony_ci# endif 1777e1051a39Sopenharmony_ci { 1778e1051a39Sopenharmony_ci 1, 1779e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, 1780e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, 1781e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, 1782e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1783e1051a39Sopenharmony_ci SSL_aPSK, 1784e1051a39Sopenharmony_ci SSL_AES128, 1785e1051a39Sopenharmony_ci SSL_SHA1, 1786e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1787e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1788e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1789e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1790e1051a39Sopenharmony_ci 128, 1791e1051a39Sopenharmony_ci 128, 1792e1051a39Sopenharmony_ci }, 1793e1051a39Sopenharmony_ci { 1794e1051a39Sopenharmony_ci 1, 1795e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, 1796e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, 1797e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, 1798e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1799e1051a39Sopenharmony_ci SSL_aPSK, 1800e1051a39Sopenharmony_ci SSL_AES256, 1801e1051a39Sopenharmony_ci SSL_SHA1, 1802e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1803e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1804e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1805e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1806e1051a39Sopenharmony_ci 256, 1807e1051a39Sopenharmony_ci 256, 1808e1051a39Sopenharmony_ci }, 1809e1051a39Sopenharmony_ci { 1810e1051a39Sopenharmony_ci 1, 1811e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 1812e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 1813e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 1814e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1815e1051a39Sopenharmony_ci SSL_aPSK, 1816e1051a39Sopenharmony_ci SSL_AES128, 1817e1051a39Sopenharmony_ci SSL_SHA256, 1818e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1819e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1820e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1821e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1822e1051a39Sopenharmony_ci 128, 1823e1051a39Sopenharmony_ci 128, 1824e1051a39Sopenharmony_ci }, 1825e1051a39Sopenharmony_ci { 1826e1051a39Sopenharmony_ci 1, 1827e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 1828e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 1829e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 1830e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1831e1051a39Sopenharmony_ci SSL_aPSK, 1832e1051a39Sopenharmony_ci SSL_AES256, 1833e1051a39Sopenharmony_ci SSL_SHA384, 1834e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1835e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1836e1051a39Sopenharmony_ci SSL_HIGH | SSL_FIPS, 1837e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1838e1051a39Sopenharmony_ci 256, 1839e1051a39Sopenharmony_ci 256, 1840e1051a39Sopenharmony_ci }, 1841e1051a39Sopenharmony_ci { 1842e1051a39Sopenharmony_ci 1, 1843e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, 1844e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, 1845e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, 1846e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1847e1051a39Sopenharmony_ci SSL_aPSK, 1848e1051a39Sopenharmony_ci SSL_eNULL, 1849e1051a39Sopenharmony_ci SSL_SHA1, 1850e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1851e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1852e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1853e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1854e1051a39Sopenharmony_ci 0, 1855e1051a39Sopenharmony_ci 0, 1856e1051a39Sopenharmony_ci }, 1857e1051a39Sopenharmony_ci { 1858e1051a39Sopenharmony_ci 1, 1859e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, 1860e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, 1861e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, 1862e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1863e1051a39Sopenharmony_ci SSL_aPSK, 1864e1051a39Sopenharmony_ci SSL_eNULL, 1865e1051a39Sopenharmony_ci SSL_SHA256, 1866e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1867e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1868e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1869e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1870e1051a39Sopenharmony_ci 0, 1871e1051a39Sopenharmony_ci 0, 1872e1051a39Sopenharmony_ci }, 1873e1051a39Sopenharmony_ci { 1874e1051a39Sopenharmony_ci 1, 1875e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, 1876e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, 1877e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, 1878e1051a39Sopenharmony_ci SSL_kECDHEPSK, 1879e1051a39Sopenharmony_ci SSL_aPSK, 1880e1051a39Sopenharmony_ci SSL_eNULL, 1881e1051a39Sopenharmony_ci SSL_SHA384, 1882e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 1883e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1884e1051a39Sopenharmony_ci SSL_STRONG_NONE | SSL_FIPS, 1885e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1886e1051a39Sopenharmony_ci 0, 1887e1051a39Sopenharmony_ci 0, 1888e1051a39Sopenharmony_ci }, 1889e1051a39Sopenharmony_ci 1890e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 1891e1051a39Sopenharmony_ci { 1892e1051a39Sopenharmony_ci 1, 1893e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 1894e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 1895e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 1896e1051a39Sopenharmony_ci SSL_kSRP, 1897e1051a39Sopenharmony_ci SSL_aSRP, 1898e1051a39Sopenharmony_ci SSL_3DES, 1899e1051a39Sopenharmony_ci SSL_SHA1, 1900e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1901e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1902e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 1903e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1904e1051a39Sopenharmony_ci 112, 1905e1051a39Sopenharmony_ci 168, 1906e1051a39Sopenharmony_ci }, 1907e1051a39Sopenharmony_ci { 1908e1051a39Sopenharmony_ci 1, 1909e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 1910e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 1911e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 1912e1051a39Sopenharmony_ci SSL_kSRP, 1913e1051a39Sopenharmony_ci SSL_aRSA, 1914e1051a39Sopenharmony_ci SSL_3DES, 1915e1051a39Sopenharmony_ci SSL_SHA1, 1916e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1917e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1918e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 1919e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1920e1051a39Sopenharmony_ci 112, 1921e1051a39Sopenharmony_ci 168, 1922e1051a39Sopenharmony_ci }, 1923e1051a39Sopenharmony_ci { 1924e1051a39Sopenharmony_ci 1, 1925e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 1926e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 1927e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 1928e1051a39Sopenharmony_ci SSL_kSRP, 1929e1051a39Sopenharmony_ci SSL_aDSS, 1930e1051a39Sopenharmony_ci SSL_3DES, 1931e1051a39Sopenharmony_ci SSL_SHA1, 1932e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1933e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1934e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 1935e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1936e1051a39Sopenharmony_ci 112, 1937e1051a39Sopenharmony_ci 168, 1938e1051a39Sopenharmony_ci }, 1939e1051a39Sopenharmony_ci# endif 1940e1051a39Sopenharmony_ci { 1941e1051a39Sopenharmony_ci 1, 1942e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 1943e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, 1944e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 1945e1051a39Sopenharmony_ci SSL_kSRP, 1946e1051a39Sopenharmony_ci SSL_aSRP, 1947e1051a39Sopenharmony_ci SSL_AES128, 1948e1051a39Sopenharmony_ci SSL_SHA1, 1949e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1950e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1951e1051a39Sopenharmony_ci SSL_HIGH, 1952e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1953e1051a39Sopenharmony_ci 128, 1954e1051a39Sopenharmony_ci 128, 1955e1051a39Sopenharmony_ci }, 1956e1051a39Sopenharmony_ci { 1957e1051a39Sopenharmony_ci 1, 1958e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 1959e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 1960e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 1961e1051a39Sopenharmony_ci SSL_kSRP, 1962e1051a39Sopenharmony_ci SSL_aRSA, 1963e1051a39Sopenharmony_ci SSL_AES128, 1964e1051a39Sopenharmony_ci SSL_SHA1, 1965e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1966e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1967e1051a39Sopenharmony_ci SSL_HIGH, 1968e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1969e1051a39Sopenharmony_ci 128, 1970e1051a39Sopenharmony_ci 128, 1971e1051a39Sopenharmony_ci }, 1972e1051a39Sopenharmony_ci { 1973e1051a39Sopenharmony_ci 1, 1974e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 1975e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 1976e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 1977e1051a39Sopenharmony_ci SSL_kSRP, 1978e1051a39Sopenharmony_ci SSL_aDSS, 1979e1051a39Sopenharmony_ci SSL_AES128, 1980e1051a39Sopenharmony_ci SSL_SHA1, 1981e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1982e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1983e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 1984e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1985e1051a39Sopenharmony_ci 128, 1986e1051a39Sopenharmony_ci 128, 1987e1051a39Sopenharmony_ci }, 1988e1051a39Sopenharmony_ci { 1989e1051a39Sopenharmony_ci 1, 1990e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 1991e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, 1992e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 1993e1051a39Sopenharmony_ci SSL_kSRP, 1994e1051a39Sopenharmony_ci SSL_aSRP, 1995e1051a39Sopenharmony_ci SSL_AES256, 1996e1051a39Sopenharmony_ci SSL_SHA1, 1997e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 1998e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 1999e1051a39Sopenharmony_ci SSL_HIGH, 2000e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2001e1051a39Sopenharmony_ci 256, 2002e1051a39Sopenharmony_ci 256, 2003e1051a39Sopenharmony_ci }, 2004e1051a39Sopenharmony_ci { 2005e1051a39Sopenharmony_ci 1, 2006e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2007e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2008e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2009e1051a39Sopenharmony_ci SSL_kSRP, 2010e1051a39Sopenharmony_ci SSL_aRSA, 2011e1051a39Sopenharmony_ci SSL_AES256, 2012e1051a39Sopenharmony_ci SSL_SHA1, 2013e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2014e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2015e1051a39Sopenharmony_ci SSL_HIGH, 2016e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2017e1051a39Sopenharmony_ci 256, 2018e1051a39Sopenharmony_ci 256, 2019e1051a39Sopenharmony_ci }, 2020e1051a39Sopenharmony_ci { 2021e1051a39Sopenharmony_ci 1, 2022e1051a39Sopenharmony_ci TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2023e1051a39Sopenharmony_ci TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2024e1051a39Sopenharmony_ci TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2025e1051a39Sopenharmony_ci SSL_kSRP, 2026e1051a39Sopenharmony_ci SSL_aDSS, 2027e1051a39Sopenharmony_ci SSL_AES256, 2028e1051a39Sopenharmony_ci SSL_SHA1, 2029e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2030e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2031e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2032e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2033e1051a39Sopenharmony_ci 256, 2034e1051a39Sopenharmony_ci 256, 2035e1051a39Sopenharmony_ci }, 2036e1051a39Sopenharmony_ci 2037e1051a39Sopenharmony_ci { 2038e1051a39Sopenharmony_ci 1, 2039e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 2040e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, 2041e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, 2042e1051a39Sopenharmony_ci SSL_kDHE, 2043e1051a39Sopenharmony_ci SSL_aRSA, 2044e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2045e1051a39Sopenharmony_ci SSL_AEAD, 2046e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2047e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2048e1051a39Sopenharmony_ci SSL_HIGH, 2049e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2050e1051a39Sopenharmony_ci 256, 2051e1051a39Sopenharmony_ci 256, 2052e1051a39Sopenharmony_ci }, 2053e1051a39Sopenharmony_ci { 2054e1051a39Sopenharmony_ci 1, 2055e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 2056e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, 2057e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, 2058e1051a39Sopenharmony_ci SSL_kECDHE, 2059e1051a39Sopenharmony_ci SSL_aRSA, 2060e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2061e1051a39Sopenharmony_ci SSL_AEAD, 2062e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2063e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2064e1051a39Sopenharmony_ci SSL_HIGH, 2065e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2066e1051a39Sopenharmony_ci 256, 2067e1051a39Sopenharmony_ci 256, 2068e1051a39Sopenharmony_ci }, 2069e1051a39Sopenharmony_ci { 2070e1051a39Sopenharmony_ci 1, 2071e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 2072e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 2073e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 2074e1051a39Sopenharmony_ci SSL_kECDHE, 2075e1051a39Sopenharmony_ci SSL_aECDSA, 2076e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2077e1051a39Sopenharmony_ci SSL_AEAD, 2078e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2079e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2080e1051a39Sopenharmony_ci SSL_HIGH, 2081e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2082e1051a39Sopenharmony_ci 256, 2083e1051a39Sopenharmony_ci 256, 2084e1051a39Sopenharmony_ci }, 2085e1051a39Sopenharmony_ci { 2086e1051a39Sopenharmony_ci 1, 2087e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, 2088e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, 2089e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_CHACHA20_POLY1305, 2090e1051a39Sopenharmony_ci SSL_kPSK, 2091e1051a39Sopenharmony_ci SSL_aPSK, 2092e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2093e1051a39Sopenharmony_ci SSL_AEAD, 2094e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2095e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2096e1051a39Sopenharmony_ci SSL_HIGH, 2097e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2098e1051a39Sopenharmony_ci 256, 2099e1051a39Sopenharmony_ci 256, 2100e1051a39Sopenharmony_ci }, 2101e1051a39Sopenharmony_ci { 2102e1051a39Sopenharmony_ci 1, 2103e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, 2104e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, 2105e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, 2106e1051a39Sopenharmony_ci SSL_kECDHEPSK, 2107e1051a39Sopenharmony_ci SSL_aPSK, 2108e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2109e1051a39Sopenharmony_ci SSL_AEAD, 2110e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2111e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2112e1051a39Sopenharmony_ci SSL_HIGH, 2113e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2114e1051a39Sopenharmony_ci 256, 2115e1051a39Sopenharmony_ci 256, 2116e1051a39Sopenharmony_ci }, 2117e1051a39Sopenharmony_ci { 2118e1051a39Sopenharmony_ci 1, 2119e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, 2120e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, 2121e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, 2122e1051a39Sopenharmony_ci SSL_kDHEPSK, 2123e1051a39Sopenharmony_ci SSL_aPSK, 2124e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2125e1051a39Sopenharmony_ci SSL_AEAD, 2126e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2127e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2128e1051a39Sopenharmony_ci SSL_HIGH, 2129e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2130e1051a39Sopenharmony_ci 256, 2131e1051a39Sopenharmony_ci 256, 2132e1051a39Sopenharmony_ci }, 2133e1051a39Sopenharmony_ci { 2134e1051a39Sopenharmony_ci 1, 2135e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, 2136e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, 2137e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, 2138e1051a39Sopenharmony_ci SSL_kRSAPSK, 2139e1051a39Sopenharmony_ci SSL_aRSA, 2140e1051a39Sopenharmony_ci SSL_CHACHA20POLY1305, 2141e1051a39Sopenharmony_ci SSL_AEAD, 2142e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2143e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2144e1051a39Sopenharmony_ci SSL_HIGH, 2145e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2146e1051a39Sopenharmony_ci 256, 2147e1051a39Sopenharmony_ci 256, 2148e1051a39Sopenharmony_ci }, 2149e1051a39Sopenharmony_ci 2150e1051a39Sopenharmony_ci { 2151e1051a39Sopenharmony_ci 1, 2152e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2153e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2154e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2155e1051a39Sopenharmony_ci SSL_kRSA, 2156e1051a39Sopenharmony_ci SSL_aRSA, 2157e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2158e1051a39Sopenharmony_ci SSL_SHA256, 2159e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2160e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2161e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2162e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2163e1051a39Sopenharmony_ci 128, 2164e1051a39Sopenharmony_ci 128, 2165e1051a39Sopenharmony_ci }, 2166e1051a39Sopenharmony_ci { 2167e1051a39Sopenharmony_ci 1, 2168e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 2169e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 2170e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 2171e1051a39Sopenharmony_ci SSL_kDHE, 2172e1051a39Sopenharmony_ci SSL_aDSS, 2173e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2174e1051a39Sopenharmony_ci SSL_SHA256, 2175e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2176e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2177e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2178e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2179e1051a39Sopenharmony_ci 128, 2180e1051a39Sopenharmony_ci 128, 2181e1051a39Sopenharmony_ci }, 2182e1051a39Sopenharmony_ci { 2183e1051a39Sopenharmony_ci 1, 2184e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2185e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2186e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2187e1051a39Sopenharmony_ci SSL_kDHE, 2188e1051a39Sopenharmony_ci SSL_aRSA, 2189e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2190e1051a39Sopenharmony_ci SSL_SHA256, 2191e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2192e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2193e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2194e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2195e1051a39Sopenharmony_ci 128, 2196e1051a39Sopenharmony_ci 128, 2197e1051a39Sopenharmony_ci }, 2198e1051a39Sopenharmony_ci { 2199e1051a39Sopenharmony_ci 1, 2200e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 2201e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, 2202e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, 2203e1051a39Sopenharmony_ci SSL_kDHE, 2204e1051a39Sopenharmony_ci SSL_aNULL, 2205e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2206e1051a39Sopenharmony_ci SSL_SHA256, 2207e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2208e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2209e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2210e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2211e1051a39Sopenharmony_ci 128, 2212e1051a39Sopenharmony_ci 128, 2213e1051a39Sopenharmony_ci }, 2214e1051a39Sopenharmony_ci { 2215e1051a39Sopenharmony_ci 1, 2216e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 2217e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, 2218e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, 2219e1051a39Sopenharmony_ci SSL_kRSA, 2220e1051a39Sopenharmony_ci SSL_aRSA, 2221e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2222e1051a39Sopenharmony_ci SSL_SHA256, 2223e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2224e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2225e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2226e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2227e1051a39Sopenharmony_ci 256, 2228e1051a39Sopenharmony_ci 256, 2229e1051a39Sopenharmony_ci }, 2230e1051a39Sopenharmony_ci { 2231e1051a39Sopenharmony_ci 1, 2232e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 2233e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 2234e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 2235e1051a39Sopenharmony_ci SSL_kDHE, 2236e1051a39Sopenharmony_ci SSL_aDSS, 2237e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2238e1051a39Sopenharmony_ci SSL_SHA256, 2239e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2240e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2241e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2242e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2243e1051a39Sopenharmony_ci 256, 2244e1051a39Sopenharmony_ci 256, 2245e1051a39Sopenharmony_ci }, 2246e1051a39Sopenharmony_ci { 2247e1051a39Sopenharmony_ci 1, 2248e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 2249e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 2250e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 2251e1051a39Sopenharmony_ci SSL_kDHE, 2252e1051a39Sopenharmony_ci SSL_aRSA, 2253e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2254e1051a39Sopenharmony_ci SSL_SHA256, 2255e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2256e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2257e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2258e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2259e1051a39Sopenharmony_ci 256, 2260e1051a39Sopenharmony_ci 256, 2261e1051a39Sopenharmony_ci }, 2262e1051a39Sopenharmony_ci { 2263e1051a39Sopenharmony_ci 1, 2264e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 2265e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, 2266e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, 2267e1051a39Sopenharmony_ci SSL_kDHE, 2268e1051a39Sopenharmony_ci SSL_aNULL, 2269e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2270e1051a39Sopenharmony_ci SSL_SHA256, 2271e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2272e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2273e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2274e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2275e1051a39Sopenharmony_ci 256, 2276e1051a39Sopenharmony_ci 256, 2277e1051a39Sopenharmony_ci }, 2278e1051a39Sopenharmony_ci { 2279e1051a39Sopenharmony_ci 1, 2280e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 2281e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, 2282e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 2283e1051a39Sopenharmony_ci SSL_kRSA, 2284e1051a39Sopenharmony_ci SSL_aRSA, 2285e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2286e1051a39Sopenharmony_ci SSL_SHA1, 2287e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2288e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2289e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2290e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2291e1051a39Sopenharmony_ci 256, 2292e1051a39Sopenharmony_ci 256, 2293e1051a39Sopenharmony_ci }, 2294e1051a39Sopenharmony_ci { 2295e1051a39Sopenharmony_ci 1, 2296e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 2297e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 2298e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 2299e1051a39Sopenharmony_ci SSL_kDHE, 2300e1051a39Sopenharmony_ci SSL_aDSS, 2301e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2302e1051a39Sopenharmony_ci SSL_SHA1, 2303e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2304e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2305e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2306e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2307e1051a39Sopenharmony_ci 256, 2308e1051a39Sopenharmony_ci 256, 2309e1051a39Sopenharmony_ci }, 2310e1051a39Sopenharmony_ci { 2311e1051a39Sopenharmony_ci 1, 2312e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 2313e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 2314e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 2315e1051a39Sopenharmony_ci SSL_kDHE, 2316e1051a39Sopenharmony_ci SSL_aRSA, 2317e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2318e1051a39Sopenharmony_ci SSL_SHA1, 2319e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2320e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2321e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2322e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2323e1051a39Sopenharmony_ci 256, 2324e1051a39Sopenharmony_ci 256, 2325e1051a39Sopenharmony_ci }, 2326e1051a39Sopenharmony_ci { 2327e1051a39Sopenharmony_ci 1, 2328e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 2329e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, 2330e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 2331e1051a39Sopenharmony_ci SSL_kDHE, 2332e1051a39Sopenharmony_ci SSL_aNULL, 2333e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2334e1051a39Sopenharmony_ci SSL_SHA1, 2335e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2336e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2337e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2338e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2339e1051a39Sopenharmony_ci 256, 2340e1051a39Sopenharmony_ci 256, 2341e1051a39Sopenharmony_ci }, 2342e1051a39Sopenharmony_ci { 2343e1051a39Sopenharmony_ci 1, 2344e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 2345e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, 2346e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 2347e1051a39Sopenharmony_ci SSL_kRSA, 2348e1051a39Sopenharmony_ci SSL_aRSA, 2349e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2350e1051a39Sopenharmony_ci SSL_SHA1, 2351e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2352e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2353e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2354e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2355e1051a39Sopenharmony_ci 128, 2356e1051a39Sopenharmony_ci 128, 2357e1051a39Sopenharmony_ci }, 2358e1051a39Sopenharmony_ci { 2359e1051a39Sopenharmony_ci 1, 2360e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 2361e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 2362e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 2363e1051a39Sopenharmony_ci SSL_kDHE, 2364e1051a39Sopenharmony_ci SSL_aDSS, 2365e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2366e1051a39Sopenharmony_ci SSL_SHA1, 2367e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2368e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2369e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2370e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2371e1051a39Sopenharmony_ci 128, 2372e1051a39Sopenharmony_ci 128, 2373e1051a39Sopenharmony_ci }, 2374e1051a39Sopenharmony_ci { 2375e1051a39Sopenharmony_ci 1, 2376e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 2377e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 2378e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 2379e1051a39Sopenharmony_ci SSL_kDHE, 2380e1051a39Sopenharmony_ci SSL_aRSA, 2381e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2382e1051a39Sopenharmony_ci SSL_SHA1, 2383e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2384e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2385e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2386e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2387e1051a39Sopenharmony_ci 128, 2388e1051a39Sopenharmony_ci 128, 2389e1051a39Sopenharmony_ci }, 2390e1051a39Sopenharmony_ci { 2391e1051a39Sopenharmony_ci 1, 2392e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 2393e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, 2394e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 2395e1051a39Sopenharmony_ci SSL_kDHE, 2396e1051a39Sopenharmony_ci SSL_aNULL, 2397e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2398e1051a39Sopenharmony_ci SSL_SHA1, 2399e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2400e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2401e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2402e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2403e1051a39Sopenharmony_ci 128, 2404e1051a39Sopenharmony_ci 128, 2405e1051a39Sopenharmony_ci }, 2406e1051a39Sopenharmony_ci { 2407e1051a39Sopenharmony_ci 1, 2408e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 2409e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 2410e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 2411e1051a39Sopenharmony_ci SSL_kECDHE, 2412e1051a39Sopenharmony_ci SSL_aECDSA, 2413e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2414e1051a39Sopenharmony_ci SSL_SHA256, 2415e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2416e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2417e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2418e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2419e1051a39Sopenharmony_ci 128, 2420e1051a39Sopenharmony_ci 128, 2421e1051a39Sopenharmony_ci }, 2422e1051a39Sopenharmony_ci { 2423e1051a39Sopenharmony_ci 1, 2424e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 2425e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 2426e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 2427e1051a39Sopenharmony_ci SSL_kECDHE, 2428e1051a39Sopenharmony_ci SSL_aECDSA, 2429e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2430e1051a39Sopenharmony_ci SSL_SHA384, 2431e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2432e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2433e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2434e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2435e1051a39Sopenharmony_ci 256, 2436e1051a39Sopenharmony_ci 256, 2437e1051a39Sopenharmony_ci }, 2438e1051a39Sopenharmony_ci { 2439e1051a39Sopenharmony_ci 1, 2440e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2441e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2442e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 2443e1051a39Sopenharmony_ci SSL_kECDHE, 2444e1051a39Sopenharmony_ci SSL_aRSA, 2445e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2446e1051a39Sopenharmony_ci SSL_SHA256, 2447e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2448e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2449e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2450e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2451e1051a39Sopenharmony_ci 128, 2452e1051a39Sopenharmony_ci 128, 2453e1051a39Sopenharmony_ci }, 2454e1051a39Sopenharmony_ci { 2455e1051a39Sopenharmony_ci 1, 2456e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 2457e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 2458e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 2459e1051a39Sopenharmony_ci SSL_kECDHE, 2460e1051a39Sopenharmony_ci SSL_aRSA, 2461e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2462e1051a39Sopenharmony_ci SSL_SHA384, 2463e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2464e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2465e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2466e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2467e1051a39Sopenharmony_ci 256, 2468e1051a39Sopenharmony_ci 256, 2469e1051a39Sopenharmony_ci }, 2470e1051a39Sopenharmony_ci { 2471e1051a39Sopenharmony_ci 1, 2472e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2473e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2474e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2475e1051a39Sopenharmony_ci SSL_kPSK, 2476e1051a39Sopenharmony_ci SSL_aPSK, 2477e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2478e1051a39Sopenharmony_ci SSL_SHA256, 2479e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2480e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2481e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2482e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2483e1051a39Sopenharmony_ci 128, 2484e1051a39Sopenharmony_ci 128, 2485e1051a39Sopenharmony_ci }, 2486e1051a39Sopenharmony_ci { 2487e1051a39Sopenharmony_ci 1, 2488e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2489e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2490e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2491e1051a39Sopenharmony_ci SSL_kPSK, 2492e1051a39Sopenharmony_ci SSL_aPSK, 2493e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2494e1051a39Sopenharmony_ci SSL_SHA384, 2495e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2496e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2497e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2498e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2499e1051a39Sopenharmony_ci 256, 2500e1051a39Sopenharmony_ci 256, 2501e1051a39Sopenharmony_ci }, 2502e1051a39Sopenharmony_ci { 2503e1051a39Sopenharmony_ci 1, 2504e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2505e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2506e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2507e1051a39Sopenharmony_ci SSL_kDHEPSK, 2508e1051a39Sopenharmony_ci SSL_aPSK, 2509e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2510e1051a39Sopenharmony_ci SSL_SHA256, 2511e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2512e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2513e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2514e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2515e1051a39Sopenharmony_ci 128, 2516e1051a39Sopenharmony_ci 128, 2517e1051a39Sopenharmony_ci }, 2518e1051a39Sopenharmony_ci { 2519e1051a39Sopenharmony_ci 1, 2520e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2521e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2522e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2523e1051a39Sopenharmony_ci SSL_kDHEPSK, 2524e1051a39Sopenharmony_ci SSL_aPSK, 2525e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2526e1051a39Sopenharmony_ci SSL_SHA384, 2527e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2528e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2529e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2530e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2531e1051a39Sopenharmony_ci 256, 2532e1051a39Sopenharmony_ci 256, 2533e1051a39Sopenharmony_ci }, 2534e1051a39Sopenharmony_ci { 2535e1051a39Sopenharmony_ci 1, 2536e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2537e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2538e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2539e1051a39Sopenharmony_ci SSL_kRSAPSK, 2540e1051a39Sopenharmony_ci SSL_aRSA, 2541e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2542e1051a39Sopenharmony_ci SSL_SHA256, 2543e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2544e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2545e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2546e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2547e1051a39Sopenharmony_ci 128, 2548e1051a39Sopenharmony_ci 128, 2549e1051a39Sopenharmony_ci }, 2550e1051a39Sopenharmony_ci { 2551e1051a39Sopenharmony_ci 1, 2552e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2553e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2554e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2555e1051a39Sopenharmony_ci SSL_kRSAPSK, 2556e1051a39Sopenharmony_ci SSL_aRSA, 2557e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2558e1051a39Sopenharmony_ci SSL_SHA384, 2559e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2560e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2561e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2562e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2563e1051a39Sopenharmony_ci 256, 2564e1051a39Sopenharmony_ci 256, 2565e1051a39Sopenharmony_ci }, 2566e1051a39Sopenharmony_ci { 2567e1051a39Sopenharmony_ci 1, 2568e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2569e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2570e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 2571e1051a39Sopenharmony_ci SSL_kECDHEPSK, 2572e1051a39Sopenharmony_ci SSL_aPSK, 2573e1051a39Sopenharmony_ci SSL_CAMELLIA128, 2574e1051a39Sopenharmony_ci SSL_SHA256, 2575e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2576e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2577e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2578e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2579e1051a39Sopenharmony_ci 128, 2580e1051a39Sopenharmony_ci 128, 2581e1051a39Sopenharmony_ci }, 2582e1051a39Sopenharmony_ci { 2583e1051a39Sopenharmony_ci 1, 2584e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2585e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2586e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 2587e1051a39Sopenharmony_ci SSL_kECDHEPSK, 2588e1051a39Sopenharmony_ci SSL_aPSK, 2589e1051a39Sopenharmony_ci SSL_CAMELLIA256, 2590e1051a39Sopenharmony_ci SSL_SHA384, 2591e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2592e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2593e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2594e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2595e1051a39Sopenharmony_ci 256, 2596e1051a39Sopenharmony_ci 256, 2597e1051a39Sopenharmony_ci }, 2598e1051a39Sopenharmony_ci 2599e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_GOST 2600e1051a39Sopenharmony_ci { 2601e1051a39Sopenharmony_ci 1, 2602e1051a39Sopenharmony_ci "GOST2001-GOST89-GOST89", 2603e1051a39Sopenharmony_ci "TLS_GOSTR341001_WITH_28147_CNT_IMIT", 2604e1051a39Sopenharmony_ci 0x3000081, 2605e1051a39Sopenharmony_ci SSL_kGOST, 2606e1051a39Sopenharmony_ci SSL_aGOST01, 2607e1051a39Sopenharmony_ci SSL_eGOST2814789CNT, 2608e1051a39Sopenharmony_ci SSL_GOST89MAC, 2609e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2610e1051a39Sopenharmony_ci 0, 0, 2611e1051a39Sopenharmony_ci SSL_HIGH, 2612e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 2613e1051a39Sopenharmony_ci 256, 2614e1051a39Sopenharmony_ci 256, 2615e1051a39Sopenharmony_ci }, 2616e1051a39Sopenharmony_ci { 2617e1051a39Sopenharmony_ci 1, 2618e1051a39Sopenharmony_ci "GOST2001-NULL-GOST94", 2619e1051a39Sopenharmony_ci "TLS_GOSTR341001_WITH_NULL_GOSTR3411", 2620e1051a39Sopenharmony_ci 0x3000083, 2621e1051a39Sopenharmony_ci SSL_kGOST, 2622e1051a39Sopenharmony_ci SSL_aGOST01, 2623e1051a39Sopenharmony_ci SSL_eNULL, 2624e1051a39Sopenharmony_ci SSL_GOST94, 2625e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2626e1051a39Sopenharmony_ci 0, 0, 2627e1051a39Sopenharmony_ci SSL_STRONG_NONE, 2628e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 2629e1051a39Sopenharmony_ci 0, 2630e1051a39Sopenharmony_ci 0, 2631e1051a39Sopenharmony_ci }, 2632e1051a39Sopenharmony_ci { 2633e1051a39Sopenharmony_ci 1, 2634e1051a39Sopenharmony_ci "IANA-GOST2012-GOST8912-GOST8912", 2635e1051a39Sopenharmony_ci NULL, 2636e1051a39Sopenharmony_ci 0x0300c102, 2637e1051a39Sopenharmony_ci SSL_kGOST, 2638e1051a39Sopenharmony_ci SSL_aGOST12 | SSL_aGOST01, 2639e1051a39Sopenharmony_ci SSL_eGOST2814789CNT12, 2640e1051a39Sopenharmony_ci SSL_GOST89MAC12, 2641e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2642e1051a39Sopenharmony_ci 0, 0, 2643e1051a39Sopenharmony_ci SSL_HIGH, 2644e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 2645e1051a39Sopenharmony_ci 256, 2646e1051a39Sopenharmony_ci 256, 2647e1051a39Sopenharmony_ci }, 2648e1051a39Sopenharmony_ci { 2649e1051a39Sopenharmony_ci 1, 2650e1051a39Sopenharmony_ci "LEGACY-GOST2012-GOST8912-GOST8912", 2651e1051a39Sopenharmony_ci NULL, 2652e1051a39Sopenharmony_ci 0x0300ff85, 2653e1051a39Sopenharmony_ci SSL_kGOST, 2654e1051a39Sopenharmony_ci SSL_aGOST12 | SSL_aGOST01, 2655e1051a39Sopenharmony_ci SSL_eGOST2814789CNT12, 2656e1051a39Sopenharmony_ci SSL_GOST89MAC12, 2657e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2658e1051a39Sopenharmony_ci 0, 0, 2659e1051a39Sopenharmony_ci SSL_HIGH, 2660e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 2661e1051a39Sopenharmony_ci 256, 2662e1051a39Sopenharmony_ci 256, 2663e1051a39Sopenharmony_ci }, 2664e1051a39Sopenharmony_ci { 2665e1051a39Sopenharmony_ci 1, 2666e1051a39Sopenharmony_ci "GOST2012-NULL-GOST12", 2667e1051a39Sopenharmony_ci NULL, 2668e1051a39Sopenharmony_ci 0x0300ff87, 2669e1051a39Sopenharmony_ci SSL_kGOST, 2670e1051a39Sopenharmony_ci SSL_aGOST12 | SSL_aGOST01, 2671e1051a39Sopenharmony_ci SSL_eNULL, 2672e1051a39Sopenharmony_ci SSL_GOST12_256, 2673e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2674e1051a39Sopenharmony_ci 0, 0, 2675e1051a39Sopenharmony_ci SSL_STRONG_NONE, 2676e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 2677e1051a39Sopenharmony_ci 0, 2678e1051a39Sopenharmony_ci 0, 2679e1051a39Sopenharmony_ci }, 2680e1051a39Sopenharmony_ci { 2681e1051a39Sopenharmony_ci 1, 2682e1051a39Sopenharmony_ci "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", 2683e1051a39Sopenharmony_ci NULL, 2684e1051a39Sopenharmony_ci 0x0300C100, 2685e1051a39Sopenharmony_ci SSL_kGOST18, 2686e1051a39Sopenharmony_ci SSL_aGOST12, 2687e1051a39Sopenharmony_ci SSL_KUZNYECHIK, 2688e1051a39Sopenharmony_ci SSL_KUZNYECHIKOMAC, 2689e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2690e1051a39Sopenharmony_ci 0, 0, 2691e1051a39Sopenharmony_ci SSL_HIGH, 2692e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, 2693e1051a39Sopenharmony_ci 256, 2694e1051a39Sopenharmony_ci 256, 2695e1051a39Sopenharmony_ci }, 2696e1051a39Sopenharmony_ci { 2697e1051a39Sopenharmony_ci 1, 2698e1051a39Sopenharmony_ci "GOST2012-MAGMA-MAGMAOMAC", 2699e1051a39Sopenharmony_ci NULL, 2700e1051a39Sopenharmony_ci 0x0300C101, 2701e1051a39Sopenharmony_ci SSL_kGOST18, 2702e1051a39Sopenharmony_ci SSL_aGOST12, 2703e1051a39Sopenharmony_ci SSL_MAGMA, 2704e1051a39Sopenharmony_ci SSL_MAGMAOMAC, 2705e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2706e1051a39Sopenharmony_ci 0, 0, 2707e1051a39Sopenharmony_ci SSL_HIGH, 2708e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, 2709e1051a39Sopenharmony_ci 256, 2710e1051a39Sopenharmony_ci 256, 2711e1051a39Sopenharmony_ci }, 2712e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_GOST */ 2713e1051a39Sopenharmony_ci 2714e1051a39Sopenharmony_ci { 2715e1051a39Sopenharmony_ci 1, 2716e1051a39Sopenharmony_ci SSL3_TXT_RSA_IDEA_128_SHA, 2717e1051a39Sopenharmony_ci SSL3_RFC_RSA_IDEA_128_SHA, 2718e1051a39Sopenharmony_ci SSL3_CK_RSA_IDEA_128_SHA, 2719e1051a39Sopenharmony_ci SSL_kRSA, 2720e1051a39Sopenharmony_ci SSL_aRSA, 2721e1051a39Sopenharmony_ci SSL_IDEA, 2722e1051a39Sopenharmony_ci SSL_SHA1, 2723e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_1_VERSION, 2724e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_VERSION, 2725e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2726e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2727e1051a39Sopenharmony_ci 128, 2728e1051a39Sopenharmony_ci 128, 2729e1051a39Sopenharmony_ci }, 2730e1051a39Sopenharmony_ci 2731e1051a39Sopenharmony_ci { 2732e1051a39Sopenharmony_ci 1, 2733e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_SEED_SHA, 2734e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_SEED_SHA, 2735e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_SEED_SHA, 2736e1051a39Sopenharmony_ci SSL_kRSA, 2737e1051a39Sopenharmony_ci SSL_aRSA, 2738e1051a39Sopenharmony_ci SSL_SEED, 2739e1051a39Sopenharmony_ci SSL_SHA1, 2740e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2741e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2742e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2743e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2744e1051a39Sopenharmony_ci 128, 2745e1051a39Sopenharmony_ci 128, 2746e1051a39Sopenharmony_ci }, 2747e1051a39Sopenharmony_ci { 2748e1051a39Sopenharmony_ci 1, 2749e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 2750e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_SEED_SHA, 2751e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_SEED_SHA, 2752e1051a39Sopenharmony_ci SSL_kDHE, 2753e1051a39Sopenharmony_ci SSL_aDSS, 2754e1051a39Sopenharmony_ci SSL_SEED, 2755e1051a39Sopenharmony_ci SSL_SHA1, 2756e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2757e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2758e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2759e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2760e1051a39Sopenharmony_ci 128, 2761e1051a39Sopenharmony_ci 128, 2762e1051a39Sopenharmony_ci }, 2763e1051a39Sopenharmony_ci { 2764e1051a39Sopenharmony_ci 1, 2765e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 2766e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_SEED_SHA, 2767e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_SEED_SHA, 2768e1051a39Sopenharmony_ci SSL_kDHE, 2769e1051a39Sopenharmony_ci SSL_aRSA, 2770e1051a39Sopenharmony_ci SSL_SEED, 2771e1051a39Sopenharmony_ci SSL_SHA1, 2772e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2773e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2774e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2775e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2776e1051a39Sopenharmony_ci 128, 2777e1051a39Sopenharmony_ci 128, 2778e1051a39Sopenharmony_ci }, 2779e1051a39Sopenharmony_ci { 2780e1051a39Sopenharmony_ci 1, 2781e1051a39Sopenharmony_ci TLS1_TXT_ADH_WITH_SEED_SHA, 2782e1051a39Sopenharmony_ci TLS1_RFC_ADH_WITH_SEED_SHA, 2783e1051a39Sopenharmony_ci TLS1_CK_ADH_WITH_SEED_SHA, 2784e1051a39Sopenharmony_ci SSL_kDHE, 2785e1051a39Sopenharmony_ci SSL_aNULL, 2786e1051a39Sopenharmony_ci SSL_SEED, 2787e1051a39Sopenharmony_ci SSL_SHA1, 2788e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2789e1051a39Sopenharmony_ci DTLS1_BAD_VER, DTLS1_2_VERSION, 2790e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2791e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2792e1051a39Sopenharmony_ci 128, 2793e1051a39Sopenharmony_ci 128, 2794e1051a39Sopenharmony_ci }, 2795e1051a39Sopenharmony_ci 2796e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 2797e1051a39Sopenharmony_ci { 2798e1051a39Sopenharmony_ci 1, 2799e1051a39Sopenharmony_ci SSL3_TXT_RSA_RC4_128_MD5, 2800e1051a39Sopenharmony_ci SSL3_RFC_RSA_RC4_128_MD5, 2801e1051a39Sopenharmony_ci SSL3_CK_RSA_RC4_128_MD5, 2802e1051a39Sopenharmony_ci SSL_kRSA, 2803e1051a39Sopenharmony_ci SSL_aRSA, 2804e1051a39Sopenharmony_ci SSL_RC4, 2805e1051a39Sopenharmony_ci SSL_MD5, 2806e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2807e1051a39Sopenharmony_ci 0, 0, 2808e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2809e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2810e1051a39Sopenharmony_ci 128, 2811e1051a39Sopenharmony_ci 128, 2812e1051a39Sopenharmony_ci }, 2813e1051a39Sopenharmony_ci { 2814e1051a39Sopenharmony_ci 1, 2815e1051a39Sopenharmony_ci SSL3_TXT_RSA_RC4_128_SHA, 2816e1051a39Sopenharmony_ci SSL3_RFC_RSA_RC4_128_SHA, 2817e1051a39Sopenharmony_ci SSL3_CK_RSA_RC4_128_SHA, 2818e1051a39Sopenharmony_ci SSL_kRSA, 2819e1051a39Sopenharmony_ci SSL_aRSA, 2820e1051a39Sopenharmony_ci SSL_RC4, 2821e1051a39Sopenharmony_ci SSL_SHA1, 2822e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2823e1051a39Sopenharmony_ci 0, 0, 2824e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2825e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2826e1051a39Sopenharmony_ci 128, 2827e1051a39Sopenharmony_ci 128, 2828e1051a39Sopenharmony_ci }, 2829e1051a39Sopenharmony_ci { 2830e1051a39Sopenharmony_ci 1, 2831e1051a39Sopenharmony_ci SSL3_TXT_ADH_RC4_128_MD5, 2832e1051a39Sopenharmony_ci SSL3_RFC_ADH_RC4_128_MD5, 2833e1051a39Sopenharmony_ci SSL3_CK_ADH_RC4_128_MD5, 2834e1051a39Sopenharmony_ci SSL_kDHE, 2835e1051a39Sopenharmony_ci SSL_aNULL, 2836e1051a39Sopenharmony_ci SSL_RC4, 2837e1051a39Sopenharmony_ci SSL_MD5, 2838e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2839e1051a39Sopenharmony_ci 0, 0, 2840e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2841e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2842e1051a39Sopenharmony_ci 128, 2843e1051a39Sopenharmony_ci 128, 2844e1051a39Sopenharmony_ci }, 2845e1051a39Sopenharmony_ci { 2846e1051a39Sopenharmony_ci 1, 2847e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, 2848e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, 2849e1051a39Sopenharmony_ci TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, 2850e1051a39Sopenharmony_ci SSL_kECDHEPSK, 2851e1051a39Sopenharmony_ci SSL_aPSK, 2852e1051a39Sopenharmony_ci SSL_RC4, 2853e1051a39Sopenharmony_ci SSL_SHA1, 2854e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2855e1051a39Sopenharmony_ci 0, 0, 2856e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2857e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2858e1051a39Sopenharmony_ci 128, 2859e1051a39Sopenharmony_ci 128, 2860e1051a39Sopenharmony_ci }, 2861e1051a39Sopenharmony_ci { 2862e1051a39Sopenharmony_ci 1, 2863e1051a39Sopenharmony_ci TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2864e1051a39Sopenharmony_ci TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, 2865e1051a39Sopenharmony_ci TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2866e1051a39Sopenharmony_ci SSL_kECDHE, 2867e1051a39Sopenharmony_ci SSL_aNULL, 2868e1051a39Sopenharmony_ci SSL_RC4, 2869e1051a39Sopenharmony_ci SSL_SHA1, 2870e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2871e1051a39Sopenharmony_ci 0, 0, 2872e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2873e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2874e1051a39Sopenharmony_ci 128, 2875e1051a39Sopenharmony_ci 128, 2876e1051a39Sopenharmony_ci }, 2877e1051a39Sopenharmony_ci { 2878e1051a39Sopenharmony_ci 1, 2879e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2880e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, 2881e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2882e1051a39Sopenharmony_ci SSL_kECDHE, 2883e1051a39Sopenharmony_ci SSL_aECDSA, 2884e1051a39Sopenharmony_ci SSL_RC4, 2885e1051a39Sopenharmony_ci SSL_SHA1, 2886e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2887e1051a39Sopenharmony_ci 0, 0, 2888e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2889e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2890e1051a39Sopenharmony_ci 128, 2891e1051a39Sopenharmony_ci 128, 2892e1051a39Sopenharmony_ci }, 2893e1051a39Sopenharmony_ci { 2894e1051a39Sopenharmony_ci 1, 2895e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2896e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, 2897e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2898e1051a39Sopenharmony_ci SSL_kECDHE, 2899e1051a39Sopenharmony_ci SSL_aRSA, 2900e1051a39Sopenharmony_ci SSL_RC4, 2901e1051a39Sopenharmony_ci SSL_SHA1, 2902e1051a39Sopenharmony_ci TLS1_VERSION, TLS1_2_VERSION, 2903e1051a39Sopenharmony_ci 0, 0, 2904e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2905e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2906e1051a39Sopenharmony_ci 128, 2907e1051a39Sopenharmony_ci 128, 2908e1051a39Sopenharmony_ci }, 2909e1051a39Sopenharmony_ci { 2910e1051a39Sopenharmony_ci 1, 2911e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_RC4_128_SHA, 2912e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_RC4_128_SHA, 2913e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_RC4_128_SHA, 2914e1051a39Sopenharmony_ci SSL_kPSK, 2915e1051a39Sopenharmony_ci SSL_aPSK, 2916e1051a39Sopenharmony_ci SSL_RC4, 2917e1051a39Sopenharmony_ci SSL_SHA1, 2918e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2919e1051a39Sopenharmony_ci 0, 0, 2920e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2921e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2922e1051a39Sopenharmony_ci 128, 2923e1051a39Sopenharmony_ci 128, 2924e1051a39Sopenharmony_ci }, 2925e1051a39Sopenharmony_ci { 2926e1051a39Sopenharmony_ci 1, 2927e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, 2928e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, 2929e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, 2930e1051a39Sopenharmony_ci SSL_kRSAPSK, 2931e1051a39Sopenharmony_ci SSL_aRSA, 2932e1051a39Sopenharmony_ci SSL_RC4, 2933e1051a39Sopenharmony_ci SSL_SHA1, 2934e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2935e1051a39Sopenharmony_ci 0, 0, 2936e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2937e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2938e1051a39Sopenharmony_ci 128, 2939e1051a39Sopenharmony_ci 128, 2940e1051a39Sopenharmony_ci }, 2941e1051a39Sopenharmony_ci { 2942e1051a39Sopenharmony_ci 1, 2943e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, 2944e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, 2945e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, 2946e1051a39Sopenharmony_ci SSL_kDHEPSK, 2947e1051a39Sopenharmony_ci SSL_aPSK, 2948e1051a39Sopenharmony_ci SSL_RC4, 2949e1051a39Sopenharmony_ci SSL_SHA1, 2950e1051a39Sopenharmony_ci SSL3_VERSION, TLS1_2_VERSION, 2951e1051a39Sopenharmony_ci 0, 0, 2952e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_MEDIUM, 2953e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2954e1051a39Sopenharmony_ci 128, 2955e1051a39Sopenharmony_ci 128, 2956e1051a39Sopenharmony_ci }, 2957e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ 2958e1051a39Sopenharmony_ci 2959e1051a39Sopenharmony_ci { 2960e1051a39Sopenharmony_ci 1, 2961e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, 2962e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, 2963e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, 2964e1051a39Sopenharmony_ci SSL_kRSA, 2965e1051a39Sopenharmony_ci SSL_aRSA, 2966e1051a39Sopenharmony_ci SSL_ARIA128GCM, 2967e1051a39Sopenharmony_ci SSL_AEAD, 2968e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2969e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2970e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2971e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2972e1051a39Sopenharmony_ci 128, 2973e1051a39Sopenharmony_ci 128, 2974e1051a39Sopenharmony_ci }, 2975e1051a39Sopenharmony_ci { 2976e1051a39Sopenharmony_ci 1, 2977e1051a39Sopenharmony_ci TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, 2978e1051a39Sopenharmony_ci TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, 2979e1051a39Sopenharmony_ci TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, 2980e1051a39Sopenharmony_ci SSL_kRSA, 2981e1051a39Sopenharmony_ci SSL_aRSA, 2982e1051a39Sopenharmony_ci SSL_ARIA256GCM, 2983e1051a39Sopenharmony_ci SSL_AEAD, 2984e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 2985e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 2986e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 2987e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2988e1051a39Sopenharmony_ci 256, 2989e1051a39Sopenharmony_ci 256, 2990e1051a39Sopenharmony_ci }, 2991e1051a39Sopenharmony_ci { 2992e1051a39Sopenharmony_ci 1, 2993e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 2994e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 2995e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 2996e1051a39Sopenharmony_ci SSL_kDHE, 2997e1051a39Sopenharmony_ci SSL_aRSA, 2998e1051a39Sopenharmony_ci SSL_ARIA128GCM, 2999e1051a39Sopenharmony_ci SSL_AEAD, 3000e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3001e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3002e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3003e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3004e1051a39Sopenharmony_ci 128, 3005e1051a39Sopenharmony_ci 128, 3006e1051a39Sopenharmony_ci }, 3007e1051a39Sopenharmony_ci { 3008e1051a39Sopenharmony_ci 1, 3009e1051a39Sopenharmony_ci TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 3010e1051a39Sopenharmony_ci TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 3011e1051a39Sopenharmony_ci TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 3012e1051a39Sopenharmony_ci SSL_kDHE, 3013e1051a39Sopenharmony_ci SSL_aRSA, 3014e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3015e1051a39Sopenharmony_ci SSL_AEAD, 3016e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3017e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3018e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3019e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3020e1051a39Sopenharmony_ci 256, 3021e1051a39Sopenharmony_ci 256, 3022e1051a39Sopenharmony_ci }, 3023e1051a39Sopenharmony_ci { 3024e1051a39Sopenharmony_ci 1, 3025e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, 3026e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, 3027e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, 3028e1051a39Sopenharmony_ci SSL_kDHE, 3029e1051a39Sopenharmony_ci SSL_aDSS, 3030e1051a39Sopenharmony_ci SSL_ARIA128GCM, 3031e1051a39Sopenharmony_ci SSL_AEAD, 3032e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3033e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3034e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3035e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3036e1051a39Sopenharmony_ci 128, 3037e1051a39Sopenharmony_ci 128, 3038e1051a39Sopenharmony_ci }, 3039e1051a39Sopenharmony_ci { 3040e1051a39Sopenharmony_ci 1, 3041e1051a39Sopenharmony_ci TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, 3042e1051a39Sopenharmony_ci TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, 3043e1051a39Sopenharmony_ci TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, 3044e1051a39Sopenharmony_ci SSL_kDHE, 3045e1051a39Sopenharmony_ci SSL_aDSS, 3046e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3047e1051a39Sopenharmony_ci SSL_AEAD, 3048e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3049e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3050e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3051e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3052e1051a39Sopenharmony_ci 256, 3053e1051a39Sopenharmony_ci 256, 3054e1051a39Sopenharmony_ci }, 3055e1051a39Sopenharmony_ci { 3056e1051a39Sopenharmony_ci 1, 3057e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 3058e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 3059e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 3060e1051a39Sopenharmony_ci SSL_kECDHE, 3061e1051a39Sopenharmony_ci SSL_aECDSA, 3062e1051a39Sopenharmony_ci SSL_ARIA128GCM, 3063e1051a39Sopenharmony_ci SSL_AEAD, 3064e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3065e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3066e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3067e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3068e1051a39Sopenharmony_ci 128, 3069e1051a39Sopenharmony_ci 128, 3070e1051a39Sopenharmony_ci }, 3071e1051a39Sopenharmony_ci { 3072e1051a39Sopenharmony_ci 1, 3073e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 3074e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 3075e1051a39Sopenharmony_ci TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 3076e1051a39Sopenharmony_ci SSL_kECDHE, 3077e1051a39Sopenharmony_ci SSL_aECDSA, 3078e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3079e1051a39Sopenharmony_ci SSL_AEAD, 3080e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3081e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3082e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3083e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3084e1051a39Sopenharmony_ci 256, 3085e1051a39Sopenharmony_ci 256, 3086e1051a39Sopenharmony_ci }, 3087e1051a39Sopenharmony_ci { 3088e1051a39Sopenharmony_ci 1, 3089e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 3090e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 3091e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 3092e1051a39Sopenharmony_ci SSL_kECDHE, 3093e1051a39Sopenharmony_ci SSL_aRSA, 3094e1051a39Sopenharmony_ci SSL_ARIA128GCM, 3095e1051a39Sopenharmony_ci SSL_AEAD, 3096e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3097e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3098e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3099e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3100e1051a39Sopenharmony_ci 128, 3101e1051a39Sopenharmony_ci 128, 3102e1051a39Sopenharmony_ci }, 3103e1051a39Sopenharmony_ci { 3104e1051a39Sopenharmony_ci 1, 3105e1051a39Sopenharmony_ci TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 3106e1051a39Sopenharmony_ci TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 3107e1051a39Sopenharmony_ci TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 3108e1051a39Sopenharmony_ci SSL_kECDHE, 3109e1051a39Sopenharmony_ci SSL_aRSA, 3110e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3111e1051a39Sopenharmony_ci SSL_AEAD, 3112e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3113e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3114e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3115e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3116e1051a39Sopenharmony_ci 256, 3117e1051a39Sopenharmony_ci 256, 3118e1051a39Sopenharmony_ci }, 3119e1051a39Sopenharmony_ci { 3120e1051a39Sopenharmony_ci 1, 3121e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, 3122e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, 3123e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, 3124e1051a39Sopenharmony_ci SSL_kPSK, 3125e1051a39Sopenharmony_ci SSL_aPSK, 3126e1051a39Sopenharmony_ci SSL_ARIA128GCM, 3127e1051a39Sopenharmony_ci SSL_AEAD, 3128e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3129e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3130e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3131e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3132e1051a39Sopenharmony_ci 128, 3133e1051a39Sopenharmony_ci 128, 3134e1051a39Sopenharmony_ci }, 3135e1051a39Sopenharmony_ci { 3136e1051a39Sopenharmony_ci 1, 3137e1051a39Sopenharmony_ci TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, 3138e1051a39Sopenharmony_ci TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, 3139e1051a39Sopenharmony_ci TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, 3140e1051a39Sopenharmony_ci SSL_kPSK, 3141e1051a39Sopenharmony_ci SSL_aPSK, 3142e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3143e1051a39Sopenharmony_ci SSL_AEAD, 3144e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3145e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3146e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3147e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3148e1051a39Sopenharmony_ci 256, 3149e1051a39Sopenharmony_ci 256, 3150e1051a39Sopenharmony_ci }, 3151e1051a39Sopenharmony_ci { 3152e1051a39Sopenharmony_ci 1, 3153e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 3154e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 3155e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 3156e1051a39Sopenharmony_ci SSL_kDHEPSK, 3157e1051a39Sopenharmony_ci SSL_aPSK, 3158e1051a39Sopenharmony_ci SSL_ARIA128GCM, 3159e1051a39Sopenharmony_ci SSL_AEAD, 3160e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3161e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3162e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3163e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3164e1051a39Sopenharmony_ci 128, 3165e1051a39Sopenharmony_ci 128, 3166e1051a39Sopenharmony_ci }, 3167e1051a39Sopenharmony_ci { 3168e1051a39Sopenharmony_ci 1, 3169e1051a39Sopenharmony_ci TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 3170e1051a39Sopenharmony_ci TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 3171e1051a39Sopenharmony_ci TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 3172e1051a39Sopenharmony_ci SSL_kDHEPSK, 3173e1051a39Sopenharmony_ci SSL_aPSK, 3174e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3175e1051a39Sopenharmony_ci SSL_AEAD, 3176e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3177e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3178e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3179e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3180e1051a39Sopenharmony_ci 256, 3181e1051a39Sopenharmony_ci 256, 3182e1051a39Sopenharmony_ci }, 3183e1051a39Sopenharmony_ci { 3184e1051a39Sopenharmony_ci 1, 3185e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 3186e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 3187e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 3188e1051a39Sopenharmony_ci SSL_kRSAPSK, 3189e1051a39Sopenharmony_ci SSL_aRSA, 3190e1051a39Sopenharmony_ci SSL_ARIA128GCM, 3191e1051a39Sopenharmony_ci SSL_AEAD, 3192e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3193e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3194e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3195e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 3196e1051a39Sopenharmony_ci 128, 3197e1051a39Sopenharmony_ci 128, 3198e1051a39Sopenharmony_ci }, 3199e1051a39Sopenharmony_ci { 3200e1051a39Sopenharmony_ci 1, 3201e1051a39Sopenharmony_ci TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 3202e1051a39Sopenharmony_ci TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 3203e1051a39Sopenharmony_ci TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 3204e1051a39Sopenharmony_ci SSL_kRSAPSK, 3205e1051a39Sopenharmony_ci SSL_aRSA, 3206e1051a39Sopenharmony_ci SSL_ARIA256GCM, 3207e1051a39Sopenharmony_ci SSL_AEAD, 3208e1051a39Sopenharmony_ci TLS1_2_VERSION, TLS1_2_VERSION, 3209e1051a39Sopenharmony_ci DTLS1_2_VERSION, DTLS1_2_VERSION, 3210e1051a39Sopenharmony_ci SSL_NOT_DEFAULT | SSL_HIGH, 3211e1051a39Sopenharmony_ci SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 3212e1051a39Sopenharmony_ci 256, 3213e1051a39Sopenharmony_ci 256, 3214e1051a39Sopenharmony_ci }, 3215e1051a39Sopenharmony_ci}; 3216e1051a39Sopenharmony_ci 3217e1051a39Sopenharmony_ci/* 3218e1051a39Sopenharmony_ci * The list of known Signalling Cipher-Suite Value "ciphers", non-valid 3219e1051a39Sopenharmony_ci * values stuffed into the ciphers field of the wire protocol for signalling 3220e1051a39Sopenharmony_ci * purposes. 3221e1051a39Sopenharmony_ci */ 3222e1051a39Sopenharmony_cistatic SSL_CIPHER ssl3_scsvs[] = { 3223e1051a39Sopenharmony_ci { 3224e1051a39Sopenharmony_ci 0, 3225e1051a39Sopenharmony_ci "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 3226e1051a39Sopenharmony_ci "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 3227e1051a39Sopenharmony_ci SSL3_CK_SCSV, 3228e1051a39Sopenharmony_ci 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3229e1051a39Sopenharmony_ci }, 3230e1051a39Sopenharmony_ci { 3231e1051a39Sopenharmony_ci 0, 3232e1051a39Sopenharmony_ci "TLS_FALLBACK_SCSV", 3233e1051a39Sopenharmony_ci "TLS_FALLBACK_SCSV", 3234e1051a39Sopenharmony_ci SSL3_CK_FALLBACK_SCSV, 3235e1051a39Sopenharmony_ci 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3236e1051a39Sopenharmony_ci }, 3237e1051a39Sopenharmony_ci}; 3238e1051a39Sopenharmony_ci 3239e1051a39Sopenharmony_cistatic int cipher_compare(const void *a, const void *b) 3240e1051a39Sopenharmony_ci{ 3241e1051a39Sopenharmony_ci const SSL_CIPHER *ap = (const SSL_CIPHER *)a; 3242e1051a39Sopenharmony_ci const SSL_CIPHER *bp = (const SSL_CIPHER *)b; 3243e1051a39Sopenharmony_ci 3244e1051a39Sopenharmony_ci if (ap->id == bp->id) 3245e1051a39Sopenharmony_ci return 0; 3246e1051a39Sopenharmony_ci return ap->id < bp->id ? -1 : 1; 3247e1051a39Sopenharmony_ci} 3248e1051a39Sopenharmony_ci 3249e1051a39Sopenharmony_civoid ssl_sort_cipher_list(void) 3250e1051a39Sopenharmony_ci{ 3251e1051a39Sopenharmony_ci qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]), 3252e1051a39Sopenharmony_ci cipher_compare); 3253e1051a39Sopenharmony_ci qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]), 3254e1051a39Sopenharmony_ci cipher_compare); 3255e1051a39Sopenharmony_ci qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); 3256e1051a39Sopenharmony_ci} 3257e1051a39Sopenharmony_ci 3258e1051a39Sopenharmony_cistatic int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, 3259e1051a39Sopenharmony_ci const char * t, size_t u, 3260e1051a39Sopenharmony_ci const unsigned char * v, size_t w, int x) 3261e1051a39Sopenharmony_ci{ 3262e1051a39Sopenharmony_ci (void)r; 3263e1051a39Sopenharmony_ci (void)s; 3264e1051a39Sopenharmony_ci (void)t; 3265e1051a39Sopenharmony_ci (void)u; 3266e1051a39Sopenharmony_ci (void)v; 3267e1051a39Sopenharmony_ci (void)w; 3268e1051a39Sopenharmony_ci (void)x; 3269e1051a39Sopenharmony_ci return ssl_undefined_function(ssl); 3270e1051a39Sopenharmony_ci} 3271e1051a39Sopenharmony_ci 3272e1051a39Sopenharmony_ciconst SSL3_ENC_METHOD SSLv3_enc_data = { 3273e1051a39Sopenharmony_ci ssl3_enc, 3274e1051a39Sopenharmony_ci n_ssl3_mac, 3275e1051a39Sopenharmony_ci ssl3_setup_key_block, 3276e1051a39Sopenharmony_ci ssl3_generate_master_secret, 3277e1051a39Sopenharmony_ci ssl3_change_cipher_state, 3278e1051a39Sopenharmony_ci ssl3_final_finish_mac, 3279e1051a39Sopenharmony_ci SSL3_MD_CLIENT_FINISHED_CONST, 4, 3280e1051a39Sopenharmony_ci SSL3_MD_SERVER_FINISHED_CONST, 4, 3281e1051a39Sopenharmony_ci ssl3_alert_code, 3282e1051a39Sopenharmony_ci ssl_undefined_function_1, 3283e1051a39Sopenharmony_ci 0, 3284e1051a39Sopenharmony_ci ssl3_set_handshake_header, 3285e1051a39Sopenharmony_ci tls_close_construct_packet, 3286e1051a39Sopenharmony_ci ssl3_handshake_write 3287e1051a39Sopenharmony_ci}; 3288e1051a39Sopenharmony_ci 3289e1051a39Sopenharmony_cilong ssl3_default_timeout(void) 3290e1051a39Sopenharmony_ci{ 3291e1051a39Sopenharmony_ci /* 3292e1051a39Sopenharmony_ci * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for 3293e1051a39Sopenharmony_ci * http, the cache would over fill 3294e1051a39Sopenharmony_ci */ 3295e1051a39Sopenharmony_ci return (60 * 60 * 2); 3296e1051a39Sopenharmony_ci} 3297e1051a39Sopenharmony_ci 3298e1051a39Sopenharmony_ciint ssl3_num_ciphers(void) 3299e1051a39Sopenharmony_ci{ 3300e1051a39Sopenharmony_ci return SSL3_NUM_CIPHERS; 3301e1051a39Sopenharmony_ci} 3302e1051a39Sopenharmony_ci 3303e1051a39Sopenharmony_ciconst SSL_CIPHER *ssl3_get_cipher(unsigned int u) 3304e1051a39Sopenharmony_ci{ 3305e1051a39Sopenharmony_ci if (u < SSL3_NUM_CIPHERS) 3306e1051a39Sopenharmony_ci return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]); 3307e1051a39Sopenharmony_ci else 3308e1051a39Sopenharmony_ci return NULL; 3309e1051a39Sopenharmony_ci} 3310e1051a39Sopenharmony_ci 3311e1051a39Sopenharmony_ciint ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) 3312e1051a39Sopenharmony_ci{ 3313e1051a39Sopenharmony_ci /* No header in the event of a CCS */ 3314e1051a39Sopenharmony_ci if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) 3315e1051a39Sopenharmony_ci return 1; 3316e1051a39Sopenharmony_ci 3317e1051a39Sopenharmony_ci /* Set the content type and 3 bytes for the message len */ 3318e1051a39Sopenharmony_ci if (!WPACKET_put_bytes_u8(pkt, htype) 3319e1051a39Sopenharmony_ci || !WPACKET_start_sub_packet_u24(pkt)) 3320e1051a39Sopenharmony_ci return 0; 3321e1051a39Sopenharmony_ci 3322e1051a39Sopenharmony_ci return 1; 3323e1051a39Sopenharmony_ci} 3324e1051a39Sopenharmony_ci 3325e1051a39Sopenharmony_ciint ssl3_handshake_write(SSL *s) 3326e1051a39Sopenharmony_ci{ 3327e1051a39Sopenharmony_ci return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 3328e1051a39Sopenharmony_ci} 3329e1051a39Sopenharmony_ci 3330e1051a39Sopenharmony_ciint ssl3_new(SSL *s) 3331e1051a39Sopenharmony_ci{ 3332e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SRP 3333e1051a39Sopenharmony_ci if (!ssl_srp_ctx_init_intern(s)) 3334e1051a39Sopenharmony_ci return 0; 3335e1051a39Sopenharmony_ci#endif 3336e1051a39Sopenharmony_ci 3337e1051a39Sopenharmony_ci if (!s->method->ssl_clear(s)) 3338e1051a39Sopenharmony_ci return 0; 3339e1051a39Sopenharmony_ci 3340e1051a39Sopenharmony_ci return 1; 3341e1051a39Sopenharmony_ci} 3342e1051a39Sopenharmony_ci 3343e1051a39Sopenharmony_civoid ssl3_free(SSL *s) 3344e1051a39Sopenharmony_ci{ 3345e1051a39Sopenharmony_ci if (s == NULL) 3346e1051a39Sopenharmony_ci return; 3347e1051a39Sopenharmony_ci 3348e1051a39Sopenharmony_ci ssl3_cleanup_key_block(s); 3349e1051a39Sopenharmony_ci 3350e1051a39Sopenharmony_ci EVP_PKEY_free(s->s3.peer_tmp); 3351e1051a39Sopenharmony_ci s->s3.peer_tmp = NULL; 3352e1051a39Sopenharmony_ci EVP_PKEY_free(s->s3.tmp.pkey); 3353e1051a39Sopenharmony_ci s->s3.tmp.pkey = NULL; 3354e1051a39Sopenharmony_ci 3355e1051a39Sopenharmony_ci ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); 3356e1051a39Sopenharmony_ci ssl_evp_md_free(s->s3.tmp.new_hash); 3357e1051a39Sopenharmony_ci 3358e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.ctype); 3359e1051a39Sopenharmony_ci sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); 3360e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.ciphers_raw); 3361e1051a39Sopenharmony_ci OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); 3362e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.peer_sigalgs); 3363e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); 3364e1051a39Sopenharmony_ci ssl3_free_digest_list(s); 3365e1051a39Sopenharmony_ci OPENSSL_free(s->s3.alpn_selected); 3366e1051a39Sopenharmony_ci OPENSSL_free(s->s3.alpn_proposed); 3367e1051a39Sopenharmony_ci 3368e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_PSK 3369e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.psk); 3370e1051a39Sopenharmony_ci#endif 3371e1051a39Sopenharmony_ci 3372e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SRP 3373e1051a39Sopenharmony_ci ssl_srp_ctx_free_intern(s); 3374e1051a39Sopenharmony_ci#endif 3375e1051a39Sopenharmony_ci memset(&s->s3, 0, sizeof(s->s3)); 3376e1051a39Sopenharmony_ci} 3377e1051a39Sopenharmony_ci 3378e1051a39Sopenharmony_ciint ssl3_clear(SSL *s) 3379e1051a39Sopenharmony_ci{ 3380e1051a39Sopenharmony_ci ssl3_cleanup_key_block(s); 3381e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.ctype); 3382e1051a39Sopenharmony_ci sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); 3383e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.ciphers_raw); 3384e1051a39Sopenharmony_ci OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); 3385e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.peer_sigalgs); 3386e1051a39Sopenharmony_ci OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); 3387e1051a39Sopenharmony_ci 3388e1051a39Sopenharmony_ci EVP_PKEY_free(s->s3.tmp.pkey); 3389e1051a39Sopenharmony_ci EVP_PKEY_free(s->s3.peer_tmp); 3390e1051a39Sopenharmony_ci 3391e1051a39Sopenharmony_ci ssl3_free_digest_list(s); 3392e1051a39Sopenharmony_ci 3393e1051a39Sopenharmony_ci OPENSSL_free(s->s3.alpn_selected); 3394e1051a39Sopenharmony_ci OPENSSL_free(s->s3.alpn_proposed); 3395e1051a39Sopenharmony_ci 3396e1051a39Sopenharmony_ci /* NULL/zero-out everything in the s3 struct */ 3397e1051a39Sopenharmony_ci memset(&s->s3, 0, sizeof(s->s3)); 3398e1051a39Sopenharmony_ci 3399e1051a39Sopenharmony_ci if (!ssl_free_wbio_buffer(s)) 3400e1051a39Sopenharmony_ci return 0; 3401e1051a39Sopenharmony_ci 3402e1051a39Sopenharmony_ci s->version = SSL3_VERSION; 3403e1051a39Sopenharmony_ci 3404e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_NEXTPROTONEG) 3405e1051a39Sopenharmony_ci OPENSSL_free(s->ext.npn); 3406e1051a39Sopenharmony_ci s->ext.npn = NULL; 3407e1051a39Sopenharmony_ci s->ext.npn_len = 0; 3408e1051a39Sopenharmony_ci#endif 3409e1051a39Sopenharmony_ci 3410e1051a39Sopenharmony_ci return 1; 3411e1051a39Sopenharmony_ci} 3412e1051a39Sopenharmony_ci 3413e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SRP 3414e1051a39Sopenharmony_cistatic char *srp_password_from_info_cb(SSL *s, void *arg) 3415e1051a39Sopenharmony_ci{ 3416e1051a39Sopenharmony_ci return OPENSSL_strdup(s->srp_ctx.info); 3417e1051a39Sopenharmony_ci} 3418e1051a39Sopenharmony_ci#endif 3419e1051a39Sopenharmony_ci 3420e1051a39Sopenharmony_cistatic int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); 3421e1051a39Sopenharmony_ci 3422e1051a39Sopenharmony_cilong ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3423e1051a39Sopenharmony_ci{ 3424e1051a39Sopenharmony_ci int ret = 0; 3425e1051a39Sopenharmony_ci 3426e1051a39Sopenharmony_ci switch (cmd) { 3427e1051a39Sopenharmony_ci case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3428e1051a39Sopenharmony_ci break; 3429e1051a39Sopenharmony_ci case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3430e1051a39Sopenharmony_ci ret = s->s3.num_renegotiations; 3431e1051a39Sopenharmony_ci break; 3432e1051a39Sopenharmony_ci case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3433e1051a39Sopenharmony_ci ret = s->s3.num_renegotiations; 3434e1051a39Sopenharmony_ci s->s3.num_renegotiations = 0; 3435e1051a39Sopenharmony_ci break; 3436e1051a39Sopenharmony_ci case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3437e1051a39Sopenharmony_ci ret = s->s3.total_renegotiations; 3438e1051a39Sopenharmony_ci break; 3439e1051a39Sopenharmony_ci case SSL_CTRL_GET_FLAGS: 3440e1051a39Sopenharmony_ci ret = (int)(s->s3.flags); 3441e1051a39Sopenharmony_ci break; 3442e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_DEPRECATED_3_0) 3443e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_DH: 3444e1051a39Sopenharmony_ci { 3445e1051a39Sopenharmony_ci EVP_PKEY *pkdh = NULL; 3446e1051a39Sopenharmony_ci if (parg == NULL) { 3447e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 3448e1051a39Sopenharmony_ci return 0; 3449e1051a39Sopenharmony_ci } 3450e1051a39Sopenharmony_ci pkdh = ssl_dh_to_pkey(parg); 3451e1051a39Sopenharmony_ci if (pkdh == NULL) { 3452e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3453e1051a39Sopenharmony_ci return 0; 3454e1051a39Sopenharmony_ci } 3455e1051a39Sopenharmony_ci if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { 3456e1051a39Sopenharmony_ci EVP_PKEY_free(pkdh); 3457e1051a39Sopenharmony_ci return 0; 3458e1051a39Sopenharmony_ci } 3459e1051a39Sopenharmony_ci return 1; 3460e1051a39Sopenharmony_ci } 3461e1051a39Sopenharmony_ci break; 3462e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_DH_CB: 3463e1051a39Sopenharmony_ci { 3464e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3465e1051a39Sopenharmony_ci return ret; 3466e1051a39Sopenharmony_ci } 3467e1051a39Sopenharmony_ci#endif 3468e1051a39Sopenharmony_ci case SSL_CTRL_SET_DH_AUTO: 3469e1051a39Sopenharmony_ci s->cert->dh_tmp_auto = larg; 3470e1051a39Sopenharmony_ci return 1; 3471e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_DEPRECATED_3_0) 3472e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_ECDH: 3473e1051a39Sopenharmony_ci { 3474e1051a39Sopenharmony_ci if (parg == NULL) { 3475e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 3476e1051a39Sopenharmony_ci return 0; 3477e1051a39Sopenharmony_ci } 3478e1051a39Sopenharmony_ci return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, 3479e1051a39Sopenharmony_ci &s->ext.supportedgroups_len, 3480e1051a39Sopenharmony_ci parg); 3481e1051a39Sopenharmony_ci } 3482e1051a39Sopenharmony_ci#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 3483e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3484e1051a39Sopenharmony_ci /* 3485e1051a39Sopenharmony_ci * This API is only used for a client to set what SNI it will request 3486e1051a39Sopenharmony_ci * from the server, but we currently allow it to be used on servers 3487e1051a39Sopenharmony_ci * as well, which is a programming error. Currently we just clear 3488e1051a39Sopenharmony_ci * the field in SSL_do_handshake() for server SSLs, but when we can 3489e1051a39Sopenharmony_ci * make ABI-breaking changes, we may want to make use of this API 3490e1051a39Sopenharmony_ci * an error on server SSLs. 3491e1051a39Sopenharmony_ci */ 3492e1051a39Sopenharmony_ci if (larg == TLSEXT_NAMETYPE_host_name) { 3493e1051a39Sopenharmony_ci size_t len; 3494e1051a39Sopenharmony_ci 3495e1051a39Sopenharmony_ci OPENSSL_free(s->ext.hostname); 3496e1051a39Sopenharmony_ci s->ext.hostname = NULL; 3497e1051a39Sopenharmony_ci 3498e1051a39Sopenharmony_ci ret = 1; 3499e1051a39Sopenharmony_ci if (parg == NULL) 3500e1051a39Sopenharmony_ci break; 3501e1051a39Sopenharmony_ci len = strlen((char *)parg); 3502e1051a39Sopenharmony_ci if (len == 0 || len > TLSEXT_MAXLEN_host_name) { 3503e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3504e1051a39Sopenharmony_ci return 0; 3505e1051a39Sopenharmony_ci } 3506e1051a39Sopenharmony_ci if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { 3507e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 3508e1051a39Sopenharmony_ci return 0; 3509e1051a39Sopenharmony_ci } 3510e1051a39Sopenharmony_ci } else { 3511e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3512e1051a39Sopenharmony_ci return 0; 3513e1051a39Sopenharmony_ci } 3514e1051a39Sopenharmony_ci break; 3515e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3516e1051a39Sopenharmony_ci s->ext.debug_arg = parg; 3517e1051a39Sopenharmony_ci ret = 1; 3518e1051a39Sopenharmony_ci break; 3519e1051a39Sopenharmony_ci 3520e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: 3521e1051a39Sopenharmony_ci ret = s->ext.status_type; 3522e1051a39Sopenharmony_ci break; 3523e1051a39Sopenharmony_ci 3524e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3525e1051a39Sopenharmony_ci s->ext.status_type = larg; 3526e1051a39Sopenharmony_ci ret = 1; 3527e1051a39Sopenharmony_ci break; 3528e1051a39Sopenharmony_ci 3529e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 3530e1051a39Sopenharmony_ci *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts; 3531e1051a39Sopenharmony_ci ret = 1; 3532e1051a39Sopenharmony_ci break; 3533e1051a39Sopenharmony_ci 3534e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 3535e1051a39Sopenharmony_ci s->ext.ocsp.exts = parg; 3536e1051a39Sopenharmony_ci ret = 1; 3537e1051a39Sopenharmony_ci break; 3538e1051a39Sopenharmony_ci 3539e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 3540e1051a39Sopenharmony_ci *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids; 3541e1051a39Sopenharmony_ci ret = 1; 3542e1051a39Sopenharmony_ci break; 3543e1051a39Sopenharmony_ci 3544e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 3545e1051a39Sopenharmony_ci s->ext.ocsp.ids = parg; 3546e1051a39Sopenharmony_ci ret = 1; 3547e1051a39Sopenharmony_ci break; 3548e1051a39Sopenharmony_ci 3549e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3550e1051a39Sopenharmony_ci *(unsigned char **)parg = s->ext.ocsp.resp; 3551e1051a39Sopenharmony_ci if (s->ext.ocsp.resp_len == 0 3552e1051a39Sopenharmony_ci || s->ext.ocsp.resp_len > LONG_MAX) 3553e1051a39Sopenharmony_ci return -1; 3554e1051a39Sopenharmony_ci return (long)s->ext.ocsp.resp_len; 3555e1051a39Sopenharmony_ci 3556e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3557e1051a39Sopenharmony_ci OPENSSL_free(s->ext.ocsp.resp); 3558e1051a39Sopenharmony_ci s->ext.ocsp.resp = parg; 3559e1051a39Sopenharmony_ci s->ext.ocsp.resp_len = larg; 3560e1051a39Sopenharmony_ci ret = 1; 3561e1051a39Sopenharmony_ci break; 3562e1051a39Sopenharmony_ci 3563e1051a39Sopenharmony_ci case SSL_CTRL_CHAIN: 3564e1051a39Sopenharmony_ci if (larg) 3565e1051a39Sopenharmony_ci return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); 3566e1051a39Sopenharmony_ci else 3567e1051a39Sopenharmony_ci return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg); 3568e1051a39Sopenharmony_ci 3569e1051a39Sopenharmony_ci case SSL_CTRL_CHAIN_CERT: 3570e1051a39Sopenharmony_ci if (larg) 3571e1051a39Sopenharmony_ci return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg); 3572e1051a39Sopenharmony_ci else 3573e1051a39Sopenharmony_ci return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg); 3574e1051a39Sopenharmony_ci 3575e1051a39Sopenharmony_ci case SSL_CTRL_GET_CHAIN_CERTS: 3576e1051a39Sopenharmony_ci *(STACK_OF(X509) **)parg = s->cert->key->chain; 3577e1051a39Sopenharmony_ci ret = 1; 3578e1051a39Sopenharmony_ci break; 3579e1051a39Sopenharmony_ci 3580e1051a39Sopenharmony_ci case SSL_CTRL_SELECT_CURRENT_CERT: 3581e1051a39Sopenharmony_ci return ssl_cert_select_current(s->cert, (X509 *)parg); 3582e1051a39Sopenharmony_ci 3583e1051a39Sopenharmony_ci case SSL_CTRL_SET_CURRENT_CERT: 3584e1051a39Sopenharmony_ci if (larg == SSL_CERT_SET_SERVER) { 3585e1051a39Sopenharmony_ci const SSL_CIPHER *cipher; 3586e1051a39Sopenharmony_ci if (!s->server) 3587e1051a39Sopenharmony_ci return 0; 3588e1051a39Sopenharmony_ci cipher = s->s3.tmp.new_cipher; 3589e1051a39Sopenharmony_ci if (cipher == NULL) 3590e1051a39Sopenharmony_ci return 0; 3591e1051a39Sopenharmony_ci /* 3592e1051a39Sopenharmony_ci * No certificate for unauthenticated ciphersuites or using SRP 3593e1051a39Sopenharmony_ci * authentication 3594e1051a39Sopenharmony_ci */ 3595e1051a39Sopenharmony_ci if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) 3596e1051a39Sopenharmony_ci return 2; 3597e1051a39Sopenharmony_ci if (s->s3.tmp.cert == NULL) 3598e1051a39Sopenharmony_ci return 0; 3599e1051a39Sopenharmony_ci s->cert->key = s->s3.tmp.cert; 3600e1051a39Sopenharmony_ci return 1; 3601e1051a39Sopenharmony_ci } 3602e1051a39Sopenharmony_ci return ssl_cert_set_current(s->cert, larg); 3603e1051a39Sopenharmony_ci 3604e1051a39Sopenharmony_ci case SSL_CTRL_GET_GROUPS: 3605e1051a39Sopenharmony_ci { 3606e1051a39Sopenharmony_ci uint16_t *clist; 3607e1051a39Sopenharmony_ci size_t clistlen; 3608e1051a39Sopenharmony_ci 3609e1051a39Sopenharmony_ci if (!s->session) 3610e1051a39Sopenharmony_ci return 0; 3611e1051a39Sopenharmony_ci clist = s->ext.peer_supportedgroups; 3612e1051a39Sopenharmony_ci clistlen = s->ext.peer_supportedgroups_len; 3613e1051a39Sopenharmony_ci if (parg) { 3614e1051a39Sopenharmony_ci size_t i; 3615e1051a39Sopenharmony_ci int *cptr = parg; 3616e1051a39Sopenharmony_ci 3617e1051a39Sopenharmony_ci for (i = 0; i < clistlen; i++) { 3618e1051a39Sopenharmony_ci const TLS_GROUP_INFO *cinf 3619e1051a39Sopenharmony_ci = tls1_group_id_lookup(s->ctx, clist[i]); 3620e1051a39Sopenharmony_ci 3621e1051a39Sopenharmony_ci if (cinf != NULL) 3622e1051a39Sopenharmony_ci cptr[i] = tls1_group_id2nid(cinf->group_id, 1); 3623e1051a39Sopenharmony_ci else 3624e1051a39Sopenharmony_ci cptr[i] = TLSEXT_nid_unknown | clist[i]; 3625e1051a39Sopenharmony_ci } 3626e1051a39Sopenharmony_ci } 3627e1051a39Sopenharmony_ci return (int)clistlen; 3628e1051a39Sopenharmony_ci } 3629e1051a39Sopenharmony_ci 3630e1051a39Sopenharmony_ci case SSL_CTRL_SET_GROUPS: 3631e1051a39Sopenharmony_ci return tls1_set_groups(&s->ext.supportedgroups, 3632e1051a39Sopenharmony_ci &s->ext.supportedgroups_len, parg, larg); 3633e1051a39Sopenharmony_ci 3634e1051a39Sopenharmony_ci case SSL_CTRL_SET_GROUPS_LIST: 3635e1051a39Sopenharmony_ci return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups, 3636e1051a39Sopenharmony_ci &s->ext.supportedgroups_len, parg); 3637e1051a39Sopenharmony_ci 3638e1051a39Sopenharmony_ci case SSL_CTRL_GET_SHARED_GROUP: 3639e1051a39Sopenharmony_ci { 3640e1051a39Sopenharmony_ci uint16_t id = tls1_shared_group(s, larg); 3641e1051a39Sopenharmony_ci 3642e1051a39Sopenharmony_ci if (larg != -1) 3643e1051a39Sopenharmony_ci return tls1_group_id2nid(id, 1); 3644e1051a39Sopenharmony_ci return id; 3645e1051a39Sopenharmony_ci } 3646e1051a39Sopenharmony_ci case SSL_CTRL_GET_NEGOTIATED_GROUP: 3647e1051a39Sopenharmony_ci { 3648e1051a39Sopenharmony_ci unsigned int id; 3649e1051a39Sopenharmony_ci 3650e1051a39Sopenharmony_ci if (SSL_IS_TLS13(s) && s->s3.did_kex) 3651e1051a39Sopenharmony_ci id = s->s3.group_id; 3652e1051a39Sopenharmony_ci else 3653e1051a39Sopenharmony_ci id = s->session->kex_group; 3654e1051a39Sopenharmony_ci ret = tls1_group_id2nid(id, 1); 3655e1051a39Sopenharmony_ci break; 3656e1051a39Sopenharmony_ci } 3657e1051a39Sopenharmony_ci case SSL_CTRL_SET_SIGALGS: 3658e1051a39Sopenharmony_ci return tls1_set_sigalgs(s->cert, parg, larg, 0); 3659e1051a39Sopenharmony_ci 3660e1051a39Sopenharmony_ci case SSL_CTRL_SET_SIGALGS_LIST: 3661e1051a39Sopenharmony_ci return tls1_set_sigalgs_list(s->cert, parg, 0); 3662e1051a39Sopenharmony_ci 3663e1051a39Sopenharmony_ci case SSL_CTRL_SET_CLIENT_SIGALGS: 3664e1051a39Sopenharmony_ci return tls1_set_sigalgs(s->cert, parg, larg, 1); 3665e1051a39Sopenharmony_ci 3666e1051a39Sopenharmony_ci case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 3667e1051a39Sopenharmony_ci return tls1_set_sigalgs_list(s->cert, parg, 1); 3668e1051a39Sopenharmony_ci 3669e1051a39Sopenharmony_ci case SSL_CTRL_GET_CLIENT_CERT_TYPES: 3670e1051a39Sopenharmony_ci { 3671e1051a39Sopenharmony_ci const unsigned char **pctype = parg; 3672e1051a39Sopenharmony_ci if (s->server || !s->s3.tmp.cert_req) 3673e1051a39Sopenharmony_ci return 0; 3674e1051a39Sopenharmony_ci if (pctype) 3675e1051a39Sopenharmony_ci *pctype = s->s3.tmp.ctype; 3676e1051a39Sopenharmony_ci return s->s3.tmp.ctype_len; 3677e1051a39Sopenharmony_ci } 3678e1051a39Sopenharmony_ci 3679e1051a39Sopenharmony_ci case SSL_CTRL_SET_CLIENT_CERT_TYPES: 3680e1051a39Sopenharmony_ci if (!s->server) 3681e1051a39Sopenharmony_ci return 0; 3682e1051a39Sopenharmony_ci return ssl3_set_req_cert_type(s->cert, parg, larg); 3683e1051a39Sopenharmony_ci 3684e1051a39Sopenharmony_ci case SSL_CTRL_BUILD_CERT_CHAIN: 3685e1051a39Sopenharmony_ci return ssl_build_cert_chain(s, NULL, larg); 3686e1051a39Sopenharmony_ci 3687e1051a39Sopenharmony_ci case SSL_CTRL_SET_VERIFY_CERT_STORE: 3688e1051a39Sopenharmony_ci return ssl_cert_set_cert_store(s->cert, parg, 0, larg); 3689e1051a39Sopenharmony_ci 3690e1051a39Sopenharmony_ci case SSL_CTRL_SET_CHAIN_CERT_STORE: 3691e1051a39Sopenharmony_ci return ssl_cert_set_cert_store(s->cert, parg, 1, larg); 3692e1051a39Sopenharmony_ci 3693e1051a39Sopenharmony_ci case SSL_CTRL_GET_VERIFY_CERT_STORE: 3694e1051a39Sopenharmony_ci return ssl_cert_get_cert_store(s->cert, parg, 0); 3695e1051a39Sopenharmony_ci 3696e1051a39Sopenharmony_ci case SSL_CTRL_GET_CHAIN_CERT_STORE: 3697e1051a39Sopenharmony_ci return ssl_cert_get_cert_store(s->cert, parg, 1); 3698e1051a39Sopenharmony_ci 3699e1051a39Sopenharmony_ci case SSL_CTRL_GET_PEER_SIGNATURE_NID: 3700e1051a39Sopenharmony_ci if (s->s3.tmp.peer_sigalg == NULL) 3701e1051a39Sopenharmony_ci return 0; 3702e1051a39Sopenharmony_ci *(int *)parg = s->s3.tmp.peer_sigalg->hash; 3703e1051a39Sopenharmony_ci return 1; 3704e1051a39Sopenharmony_ci 3705e1051a39Sopenharmony_ci case SSL_CTRL_GET_SIGNATURE_NID: 3706e1051a39Sopenharmony_ci if (s->s3.tmp.sigalg == NULL) 3707e1051a39Sopenharmony_ci return 0; 3708e1051a39Sopenharmony_ci *(int *)parg = s->s3.tmp.sigalg->hash; 3709e1051a39Sopenharmony_ci return 1; 3710e1051a39Sopenharmony_ci 3711e1051a39Sopenharmony_ci case SSL_CTRL_GET_PEER_TMP_KEY: 3712e1051a39Sopenharmony_ci if (s->session == NULL || s->s3.peer_tmp == NULL) { 3713e1051a39Sopenharmony_ci return 0; 3714e1051a39Sopenharmony_ci } else { 3715e1051a39Sopenharmony_ci EVP_PKEY_up_ref(s->s3.peer_tmp); 3716e1051a39Sopenharmony_ci *(EVP_PKEY **)parg = s->s3.peer_tmp; 3717e1051a39Sopenharmony_ci return 1; 3718e1051a39Sopenharmony_ci } 3719e1051a39Sopenharmony_ci 3720e1051a39Sopenharmony_ci case SSL_CTRL_GET_TMP_KEY: 3721e1051a39Sopenharmony_ci if (s->session == NULL || s->s3.tmp.pkey == NULL) { 3722e1051a39Sopenharmony_ci return 0; 3723e1051a39Sopenharmony_ci } else { 3724e1051a39Sopenharmony_ci EVP_PKEY_up_ref(s->s3.tmp.pkey); 3725e1051a39Sopenharmony_ci *(EVP_PKEY **)parg = s->s3.tmp.pkey; 3726e1051a39Sopenharmony_ci return 1; 3727e1051a39Sopenharmony_ci } 3728e1051a39Sopenharmony_ci 3729e1051a39Sopenharmony_ci case SSL_CTRL_GET_EC_POINT_FORMATS: 3730e1051a39Sopenharmony_ci { 3731e1051a39Sopenharmony_ci const unsigned char **pformat = parg; 3732e1051a39Sopenharmony_ci 3733e1051a39Sopenharmony_ci if (s->ext.peer_ecpointformats == NULL) 3734e1051a39Sopenharmony_ci return 0; 3735e1051a39Sopenharmony_ci *pformat = s->ext.peer_ecpointformats; 3736e1051a39Sopenharmony_ci return (int)s->ext.peer_ecpointformats_len; 3737e1051a39Sopenharmony_ci } 3738e1051a39Sopenharmony_ci 3739e1051a39Sopenharmony_ci default: 3740e1051a39Sopenharmony_ci break; 3741e1051a39Sopenharmony_ci } 3742e1051a39Sopenharmony_ci return ret; 3743e1051a39Sopenharmony_ci} 3744e1051a39Sopenharmony_ci 3745e1051a39Sopenharmony_cilong ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 3746e1051a39Sopenharmony_ci{ 3747e1051a39Sopenharmony_ci int ret = 0; 3748e1051a39Sopenharmony_ci 3749e1051a39Sopenharmony_ci switch (cmd) { 3750e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_DEPRECATED_3_0) 3751e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_DH_CB: 3752e1051a39Sopenharmony_ci s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3753e1051a39Sopenharmony_ci ret = 1; 3754e1051a39Sopenharmony_ci break; 3755e1051a39Sopenharmony_ci#endif 3756e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3757e1051a39Sopenharmony_ci s->ext.debug_cb = (void (*)(SSL *, int, int, 3758e1051a39Sopenharmony_ci const unsigned char *, int, void *))fp; 3759e1051a39Sopenharmony_ci ret = 1; 3760e1051a39Sopenharmony_ci break; 3761e1051a39Sopenharmony_ci 3762e1051a39Sopenharmony_ci case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: 3763e1051a39Sopenharmony_ci s->not_resumable_session_cb = (int (*)(SSL *, int))fp; 3764e1051a39Sopenharmony_ci ret = 1; 3765e1051a39Sopenharmony_ci break; 3766e1051a39Sopenharmony_ci default: 3767e1051a39Sopenharmony_ci break; 3768e1051a39Sopenharmony_ci } 3769e1051a39Sopenharmony_ci return ret; 3770e1051a39Sopenharmony_ci} 3771e1051a39Sopenharmony_ci 3772e1051a39Sopenharmony_cilong ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3773e1051a39Sopenharmony_ci{ 3774e1051a39Sopenharmony_ci switch (cmd) { 3775e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_DEPRECATED_3_0) 3776e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_DH: 3777e1051a39Sopenharmony_ci { 3778e1051a39Sopenharmony_ci EVP_PKEY *pkdh = NULL; 3779e1051a39Sopenharmony_ci if (parg == NULL) { 3780e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 3781e1051a39Sopenharmony_ci return 0; 3782e1051a39Sopenharmony_ci } 3783e1051a39Sopenharmony_ci pkdh = ssl_dh_to_pkey(parg); 3784e1051a39Sopenharmony_ci if (pkdh == NULL) { 3785e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3786e1051a39Sopenharmony_ci return 0; 3787e1051a39Sopenharmony_ci } 3788e1051a39Sopenharmony_ci if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) { 3789e1051a39Sopenharmony_ci EVP_PKEY_free(pkdh); 3790e1051a39Sopenharmony_ci return 0; 3791e1051a39Sopenharmony_ci } 3792e1051a39Sopenharmony_ci return 1; 3793e1051a39Sopenharmony_ci } 3794e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_DH_CB: 3795e1051a39Sopenharmony_ci { 3796e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3797e1051a39Sopenharmony_ci return 0; 3798e1051a39Sopenharmony_ci } 3799e1051a39Sopenharmony_ci#endif 3800e1051a39Sopenharmony_ci case SSL_CTRL_SET_DH_AUTO: 3801e1051a39Sopenharmony_ci ctx->cert->dh_tmp_auto = larg; 3802e1051a39Sopenharmony_ci return 1; 3803e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_DEPRECATED_3_0) 3804e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_ECDH: 3805e1051a39Sopenharmony_ci { 3806e1051a39Sopenharmony_ci if (parg == NULL) { 3807e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 3808e1051a39Sopenharmony_ci return 0; 3809e1051a39Sopenharmony_ci } 3810e1051a39Sopenharmony_ci return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, 3811e1051a39Sopenharmony_ci &ctx->ext.supportedgroups_len, 3812e1051a39Sopenharmony_ci parg); 3813e1051a39Sopenharmony_ci } 3814e1051a39Sopenharmony_ci#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 3815e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3816e1051a39Sopenharmony_ci ctx->ext.servername_arg = parg; 3817e1051a39Sopenharmony_ci break; 3818e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3819e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3820e1051a39Sopenharmony_ci { 3821e1051a39Sopenharmony_ci unsigned char *keys = parg; 3822e1051a39Sopenharmony_ci long tick_keylen = (sizeof(ctx->ext.tick_key_name) + 3823e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_hmac_key) + 3824e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_aes_key)); 3825e1051a39Sopenharmony_ci if (keys == NULL) 3826e1051a39Sopenharmony_ci return tick_keylen; 3827e1051a39Sopenharmony_ci if (larg != tick_keylen) { 3828e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3829e1051a39Sopenharmony_ci return 0; 3830e1051a39Sopenharmony_ci } 3831e1051a39Sopenharmony_ci if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 3832e1051a39Sopenharmony_ci memcpy(ctx->ext.tick_key_name, keys, 3833e1051a39Sopenharmony_ci sizeof(ctx->ext.tick_key_name)); 3834e1051a39Sopenharmony_ci memcpy(ctx->ext.secure->tick_hmac_key, 3835e1051a39Sopenharmony_ci keys + sizeof(ctx->ext.tick_key_name), 3836e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_hmac_key)); 3837e1051a39Sopenharmony_ci memcpy(ctx->ext.secure->tick_aes_key, 3838e1051a39Sopenharmony_ci keys + sizeof(ctx->ext.tick_key_name) + 3839e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_hmac_key), 3840e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_aes_key)); 3841e1051a39Sopenharmony_ci } else { 3842e1051a39Sopenharmony_ci memcpy(keys, ctx->ext.tick_key_name, 3843e1051a39Sopenharmony_ci sizeof(ctx->ext.tick_key_name)); 3844e1051a39Sopenharmony_ci memcpy(keys + sizeof(ctx->ext.tick_key_name), 3845e1051a39Sopenharmony_ci ctx->ext.secure->tick_hmac_key, 3846e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_hmac_key)); 3847e1051a39Sopenharmony_ci memcpy(keys + sizeof(ctx->ext.tick_key_name) + 3848e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_hmac_key), 3849e1051a39Sopenharmony_ci ctx->ext.secure->tick_aes_key, 3850e1051a39Sopenharmony_ci sizeof(ctx->ext.secure->tick_aes_key)); 3851e1051a39Sopenharmony_ci } 3852e1051a39Sopenharmony_ci return 1; 3853e1051a39Sopenharmony_ci } 3854e1051a39Sopenharmony_ci 3855e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: 3856e1051a39Sopenharmony_ci return ctx->ext.status_type; 3857e1051a39Sopenharmony_ci 3858e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3859e1051a39Sopenharmony_ci ctx->ext.status_type = larg; 3860e1051a39Sopenharmony_ci break; 3861e1051a39Sopenharmony_ci 3862e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3863e1051a39Sopenharmony_ci ctx->ext.status_arg = parg; 3864e1051a39Sopenharmony_ci return 1; 3865e1051a39Sopenharmony_ci 3866e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: 3867e1051a39Sopenharmony_ci *(void**)parg = ctx->ext.status_arg; 3868e1051a39Sopenharmony_ci break; 3869e1051a39Sopenharmony_ci 3870e1051a39Sopenharmony_ci case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: 3871e1051a39Sopenharmony_ci *(int (**)(SSL*, void*))parg = ctx->ext.status_cb; 3872e1051a39Sopenharmony_ci break; 3873e1051a39Sopenharmony_ci 3874e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SRP 3875e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: 3876e1051a39Sopenharmony_ci ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3877e1051a39Sopenharmony_ci OPENSSL_free(ctx->srp_ctx.login); 3878e1051a39Sopenharmony_ci ctx->srp_ctx.login = NULL; 3879e1051a39Sopenharmony_ci if (parg == NULL) 3880e1051a39Sopenharmony_ci break; 3881e1051a39Sopenharmony_ci if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { 3882e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME); 3883e1051a39Sopenharmony_ci return 0; 3884e1051a39Sopenharmony_ci } 3885e1051a39Sopenharmony_ci if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) { 3886e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 3887e1051a39Sopenharmony_ci return 0; 3888e1051a39Sopenharmony_ci } 3889e1051a39Sopenharmony_ci break; 3890e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3891e1051a39Sopenharmony_ci ctx->srp_ctx.SRP_give_srp_client_pwd_callback = 3892e1051a39Sopenharmony_ci srp_password_from_info_cb; 3893e1051a39Sopenharmony_ci if (ctx->srp_ctx.info != NULL) 3894e1051a39Sopenharmony_ci OPENSSL_free(ctx->srp_ctx.info); 3895e1051a39Sopenharmony_ci if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) { 3896e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 3897e1051a39Sopenharmony_ci return 0; 3898e1051a39Sopenharmony_ci } 3899e1051a39Sopenharmony_ci break; 3900e1051a39Sopenharmony_ci case SSL_CTRL_SET_SRP_ARG: 3901e1051a39Sopenharmony_ci ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3902e1051a39Sopenharmony_ci ctx->srp_ctx.SRP_cb_arg = parg; 3903e1051a39Sopenharmony_ci break; 3904e1051a39Sopenharmony_ci 3905e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3906e1051a39Sopenharmony_ci ctx->srp_ctx.strength = larg; 3907e1051a39Sopenharmony_ci break; 3908e1051a39Sopenharmony_ci#endif 3909e1051a39Sopenharmony_ci 3910e1051a39Sopenharmony_ci case SSL_CTRL_SET_GROUPS: 3911e1051a39Sopenharmony_ci return tls1_set_groups(&ctx->ext.supportedgroups, 3912e1051a39Sopenharmony_ci &ctx->ext.supportedgroups_len, 3913e1051a39Sopenharmony_ci parg, larg); 3914e1051a39Sopenharmony_ci 3915e1051a39Sopenharmony_ci case SSL_CTRL_SET_GROUPS_LIST: 3916e1051a39Sopenharmony_ci return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups, 3917e1051a39Sopenharmony_ci &ctx->ext.supportedgroups_len, 3918e1051a39Sopenharmony_ci parg); 3919e1051a39Sopenharmony_ci 3920e1051a39Sopenharmony_ci case SSL_CTRL_SET_SIGALGS: 3921e1051a39Sopenharmony_ci return tls1_set_sigalgs(ctx->cert, parg, larg, 0); 3922e1051a39Sopenharmony_ci 3923e1051a39Sopenharmony_ci case SSL_CTRL_SET_SIGALGS_LIST: 3924e1051a39Sopenharmony_ci return tls1_set_sigalgs_list(ctx->cert, parg, 0); 3925e1051a39Sopenharmony_ci 3926e1051a39Sopenharmony_ci case SSL_CTRL_SET_CLIENT_SIGALGS: 3927e1051a39Sopenharmony_ci return tls1_set_sigalgs(ctx->cert, parg, larg, 1); 3928e1051a39Sopenharmony_ci 3929e1051a39Sopenharmony_ci case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 3930e1051a39Sopenharmony_ci return tls1_set_sigalgs_list(ctx->cert, parg, 1); 3931e1051a39Sopenharmony_ci 3932e1051a39Sopenharmony_ci case SSL_CTRL_SET_CLIENT_CERT_TYPES: 3933e1051a39Sopenharmony_ci return ssl3_set_req_cert_type(ctx->cert, parg, larg); 3934e1051a39Sopenharmony_ci 3935e1051a39Sopenharmony_ci case SSL_CTRL_BUILD_CERT_CHAIN: 3936e1051a39Sopenharmony_ci return ssl_build_cert_chain(NULL, ctx, larg); 3937e1051a39Sopenharmony_ci 3938e1051a39Sopenharmony_ci case SSL_CTRL_SET_VERIFY_CERT_STORE: 3939e1051a39Sopenharmony_ci return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg); 3940e1051a39Sopenharmony_ci 3941e1051a39Sopenharmony_ci case SSL_CTRL_SET_CHAIN_CERT_STORE: 3942e1051a39Sopenharmony_ci return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); 3943e1051a39Sopenharmony_ci 3944e1051a39Sopenharmony_ci case SSL_CTRL_GET_VERIFY_CERT_STORE: 3945e1051a39Sopenharmony_ci return ssl_cert_get_cert_store(ctx->cert, parg, 0); 3946e1051a39Sopenharmony_ci 3947e1051a39Sopenharmony_ci case SSL_CTRL_GET_CHAIN_CERT_STORE: 3948e1051a39Sopenharmony_ci return ssl_cert_get_cert_store(ctx->cert, parg, 1); 3949e1051a39Sopenharmony_ci 3950e1051a39Sopenharmony_ci /* A Thawte special :-) */ 3951e1051a39Sopenharmony_ci case SSL_CTRL_EXTRA_CHAIN_CERT: 3952e1051a39Sopenharmony_ci if (ctx->extra_certs == NULL) { 3953e1051a39Sopenharmony_ci if ((ctx->extra_certs = sk_X509_new_null()) == NULL) { 3954e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3955e1051a39Sopenharmony_ci return 0; 3956e1051a39Sopenharmony_ci } 3957e1051a39Sopenharmony_ci } 3958e1051a39Sopenharmony_ci if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) { 3959e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3960e1051a39Sopenharmony_ci return 0; 3961e1051a39Sopenharmony_ci } 3962e1051a39Sopenharmony_ci break; 3963e1051a39Sopenharmony_ci 3964e1051a39Sopenharmony_ci case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3965e1051a39Sopenharmony_ci if (ctx->extra_certs == NULL && larg == 0) 3966e1051a39Sopenharmony_ci *(STACK_OF(X509) **)parg = ctx->cert->key->chain; 3967e1051a39Sopenharmony_ci else 3968e1051a39Sopenharmony_ci *(STACK_OF(X509) **)parg = ctx->extra_certs; 3969e1051a39Sopenharmony_ci break; 3970e1051a39Sopenharmony_ci 3971e1051a39Sopenharmony_ci case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3972e1051a39Sopenharmony_ci sk_X509_pop_free(ctx->extra_certs, X509_free); 3973e1051a39Sopenharmony_ci ctx->extra_certs = NULL; 3974e1051a39Sopenharmony_ci break; 3975e1051a39Sopenharmony_ci 3976e1051a39Sopenharmony_ci case SSL_CTRL_CHAIN: 3977e1051a39Sopenharmony_ci if (larg) 3978e1051a39Sopenharmony_ci return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg); 3979e1051a39Sopenharmony_ci else 3980e1051a39Sopenharmony_ci return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg); 3981e1051a39Sopenharmony_ci 3982e1051a39Sopenharmony_ci case SSL_CTRL_CHAIN_CERT: 3983e1051a39Sopenharmony_ci if (larg) 3984e1051a39Sopenharmony_ci return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg); 3985e1051a39Sopenharmony_ci else 3986e1051a39Sopenharmony_ci return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg); 3987e1051a39Sopenharmony_ci 3988e1051a39Sopenharmony_ci case SSL_CTRL_GET_CHAIN_CERTS: 3989e1051a39Sopenharmony_ci *(STACK_OF(X509) **)parg = ctx->cert->key->chain; 3990e1051a39Sopenharmony_ci break; 3991e1051a39Sopenharmony_ci 3992e1051a39Sopenharmony_ci case SSL_CTRL_SELECT_CURRENT_CERT: 3993e1051a39Sopenharmony_ci return ssl_cert_select_current(ctx->cert, (X509 *)parg); 3994e1051a39Sopenharmony_ci 3995e1051a39Sopenharmony_ci case SSL_CTRL_SET_CURRENT_CERT: 3996e1051a39Sopenharmony_ci return ssl_cert_set_current(ctx->cert, larg); 3997e1051a39Sopenharmony_ci 3998e1051a39Sopenharmony_ci default: 3999e1051a39Sopenharmony_ci return 0; 4000e1051a39Sopenharmony_ci } 4001e1051a39Sopenharmony_ci return 1; 4002e1051a39Sopenharmony_ci} 4003e1051a39Sopenharmony_ci 4004e1051a39Sopenharmony_cilong ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 4005e1051a39Sopenharmony_ci{ 4006e1051a39Sopenharmony_ci switch (cmd) { 4007e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_DEPRECATED_3_0) 4008e1051a39Sopenharmony_ci case SSL_CTRL_SET_TMP_DH_CB: 4009e1051a39Sopenharmony_ci { 4010e1051a39Sopenharmony_ci ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 4011e1051a39Sopenharmony_ci } 4012e1051a39Sopenharmony_ci break; 4013e1051a39Sopenharmony_ci#endif 4014e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 4015e1051a39Sopenharmony_ci ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp; 4016e1051a39Sopenharmony_ci break; 4017e1051a39Sopenharmony_ci 4018e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 4019e1051a39Sopenharmony_ci ctx->ext.status_cb = (int (*)(SSL *, void *))fp; 4020e1051a39Sopenharmony_ci break; 4021e1051a39Sopenharmony_ci 4022e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_DEPRECATED_3_0 4023e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 4024e1051a39Sopenharmony_ci ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, 4025e1051a39Sopenharmony_ci unsigned char *, 4026e1051a39Sopenharmony_ci EVP_CIPHER_CTX *, 4027e1051a39Sopenharmony_ci HMAC_CTX *, int))fp; 4028e1051a39Sopenharmony_ci break; 4029e1051a39Sopenharmony_ci#endif 4030e1051a39Sopenharmony_ci 4031e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SRP 4032e1051a39Sopenharmony_ci case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 4033e1051a39Sopenharmony_ci ctx->srp_ctx.srp_Mask |= SSL_kSRP; 4034e1051a39Sopenharmony_ci ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp; 4035e1051a39Sopenharmony_ci break; 4036e1051a39Sopenharmony_ci case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 4037e1051a39Sopenharmony_ci ctx->srp_ctx.srp_Mask |= SSL_kSRP; 4038e1051a39Sopenharmony_ci ctx->srp_ctx.TLS_ext_srp_username_callback = 4039e1051a39Sopenharmony_ci (int (*)(SSL *, int *, void *))fp; 4040e1051a39Sopenharmony_ci break; 4041e1051a39Sopenharmony_ci case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 4042e1051a39Sopenharmony_ci ctx->srp_ctx.srp_Mask |= SSL_kSRP; 4043e1051a39Sopenharmony_ci ctx->srp_ctx.SRP_give_srp_client_pwd_callback = 4044e1051a39Sopenharmony_ci (char *(*)(SSL *, void *))fp; 4045e1051a39Sopenharmony_ci break; 4046e1051a39Sopenharmony_ci#endif 4047e1051a39Sopenharmony_ci case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: 4048e1051a39Sopenharmony_ci { 4049e1051a39Sopenharmony_ci ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp; 4050e1051a39Sopenharmony_ci } 4051e1051a39Sopenharmony_ci break; 4052e1051a39Sopenharmony_ci default: 4053e1051a39Sopenharmony_ci return 0; 4054e1051a39Sopenharmony_ci } 4055e1051a39Sopenharmony_ci return 1; 4056e1051a39Sopenharmony_ci} 4057e1051a39Sopenharmony_ci 4058e1051a39Sopenharmony_ciint SSL_CTX_set_tlsext_ticket_key_evp_cb 4059e1051a39Sopenharmony_ci (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, 4060e1051a39Sopenharmony_ci EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)) 4061e1051a39Sopenharmony_ci{ 4062e1051a39Sopenharmony_ci ctx->ext.ticket_key_evp_cb = fp; 4063e1051a39Sopenharmony_ci return 1; 4064e1051a39Sopenharmony_ci} 4065e1051a39Sopenharmony_ci 4066e1051a39Sopenharmony_ciconst SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) 4067e1051a39Sopenharmony_ci{ 4068e1051a39Sopenharmony_ci SSL_CIPHER c; 4069e1051a39Sopenharmony_ci const SSL_CIPHER *cp; 4070e1051a39Sopenharmony_ci 4071e1051a39Sopenharmony_ci c.id = id; 4072e1051a39Sopenharmony_ci cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS); 4073e1051a39Sopenharmony_ci if (cp != NULL) 4074e1051a39Sopenharmony_ci return cp; 4075e1051a39Sopenharmony_ci cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 4076e1051a39Sopenharmony_ci if (cp != NULL) 4077e1051a39Sopenharmony_ci return cp; 4078e1051a39Sopenharmony_ci return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS); 4079e1051a39Sopenharmony_ci} 4080e1051a39Sopenharmony_ci 4081e1051a39Sopenharmony_ciconst SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) 4082e1051a39Sopenharmony_ci{ 4083e1051a39Sopenharmony_ci SSL_CIPHER *tbl; 4084e1051a39Sopenharmony_ci SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs}; 4085e1051a39Sopenharmony_ci size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, 4086e1051a39Sopenharmony_ci SSL3_NUM_SCSVS}; 4087e1051a39Sopenharmony_ci 4088e1051a39Sopenharmony_ci /* this is not efficient, necessary to optimize this? */ 4089e1051a39Sopenharmony_ci for (j = 0; j < OSSL_NELEM(alltabs); j++) { 4090e1051a39Sopenharmony_ci for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) { 4091e1051a39Sopenharmony_ci if (tbl->stdname == NULL) 4092e1051a39Sopenharmony_ci continue; 4093e1051a39Sopenharmony_ci if (strcmp(stdname, tbl->stdname) == 0) { 4094e1051a39Sopenharmony_ci return tbl; 4095e1051a39Sopenharmony_ci } 4096e1051a39Sopenharmony_ci } 4097e1051a39Sopenharmony_ci } 4098e1051a39Sopenharmony_ci return NULL; 4099e1051a39Sopenharmony_ci} 4100e1051a39Sopenharmony_ci 4101e1051a39Sopenharmony_ci/* 4102e1051a39Sopenharmony_ci * This function needs to check if the ciphers required are actually 4103e1051a39Sopenharmony_ci * available 4104e1051a39Sopenharmony_ci */ 4105e1051a39Sopenharmony_ciconst SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 4106e1051a39Sopenharmony_ci{ 4107e1051a39Sopenharmony_ci return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG 4108e1051a39Sopenharmony_ci | ((uint32_t)p[0] << 8L) 4109e1051a39Sopenharmony_ci | (uint32_t)p[1]); 4110e1051a39Sopenharmony_ci} 4111e1051a39Sopenharmony_ci 4112e1051a39Sopenharmony_ciint ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) 4113e1051a39Sopenharmony_ci{ 4114e1051a39Sopenharmony_ci if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) { 4115e1051a39Sopenharmony_ci *len = 0; 4116e1051a39Sopenharmony_ci return 1; 4117e1051a39Sopenharmony_ci } 4118e1051a39Sopenharmony_ci 4119e1051a39Sopenharmony_ci if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff)) 4120e1051a39Sopenharmony_ci return 0; 4121e1051a39Sopenharmony_ci 4122e1051a39Sopenharmony_ci *len = 2; 4123e1051a39Sopenharmony_ci return 1; 4124e1051a39Sopenharmony_ci} 4125e1051a39Sopenharmony_ci 4126e1051a39Sopenharmony_ci/* 4127e1051a39Sopenharmony_ci * ssl3_choose_cipher - choose a cipher from those offered by the client 4128e1051a39Sopenharmony_ci * @s: SSL connection 4129e1051a39Sopenharmony_ci * @clnt: ciphers offered by the client 4130e1051a39Sopenharmony_ci * @srvr: ciphers enabled on the server? 4131e1051a39Sopenharmony_ci * 4132e1051a39Sopenharmony_ci * Returns the selected cipher or NULL when no common ciphers. 4133e1051a39Sopenharmony_ci */ 4134e1051a39Sopenharmony_ciconst SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 4135e1051a39Sopenharmony_ci STACK_OF(SSL_CIPHER) *srvr) 4136e1051a39Sopenharmony_ci{ 4137e1051a39Sopenharmony_ci const SSL_CIPHER *c, *ret = NULL; 4138e1051a39Sopenharmony_ci STACK_OF(SSL_CIPHER) *prio, *allow; 4139e1051a39Sopenharmony_ci int i, ii, ok, prefer_sha256 = 0; 4140e1051a39Sopenharmony_ci unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0; 4141e1051a39Sopenharmony_ci STACK_OF(SSL_CIPHER) *prio_chacha = NULL; 4142e1051a39Sopenharmony_ci 4143e1051a39Sopenharmony_ci /* Let's see which ciphers we can support */ 4144e1051a39Sopenharmony_ci 4145e1051a39Sopenharmony_ci /* 4146e1051a39Sopenharmony_ci * Do not set the compare functions, because this may lead to a 4147e1051a39Sopenharmony_ci * reordering by "id". We want to keep the original ordering. We may pay 4148e1051a39Sopenharmony_ci * a price in performance during sk_SSL_CIPHER_find(), but would have to 4149e1051a39Sopenharmony_ci * pay with the price of sk_SSL_CIPHER_dup(). 4150e1051a39Sopenharmony_ci */ 4151e1051a39Sopenharmony_ci 4152e1051a39Sopenharmony_ci OSSL_TRACE_BEGIN(TLS_CIPHER) { 4153e1051a39Sopenharmony_ci BIO_printf(trc_out, "Server has %d from %p:\n", 4154e1051a39Sopenharmony_ci sk_SSL_CIPHER_num(srvr), (void *)srvr); 4155e1051a39Sopenharmony_ci for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { 4156e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(srvr, i); 4157e1051a39Sopenharmony_ci BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name); 4158e1051a39Sopenharmony_ci } 4159e1051a39Sopenharmony_ci BIO_printf(trc_out, "Client sent %d from %p:\n", 4160e1051a39Sopenharmony_ci sk_SSL_CIPHER_num(clnt), (void *)clnt); 4161e1051a39Sopenharmony_ci for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { 4162e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(clnt, i); 4163e1051a39Sopenharmony_ci BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name); 4164e1051a39Sopenharmony_ci } 4165e1051a39Sopenharmony_ci } OSSL_TRACE_END(TLS_CIPHER); 4166e1051a39Sopenharmony_ci 4167e1051a39Sopenharmony_ci /* SUITE-B takes precedence over server preference and ChaCha priortiy */ 4168e1051a39Sopenharmony_ci if (tls1_suiteb(s)) { 4169e1051a39Sopenharmony_ci prio = srvr; 4170e1051a39Sopenharmony_ci allow = clnt; 4171e1051a39Sopenharmony_ci } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 4172e1051a39Sopenharmony_ci prio = srvr; 4173e1051a39Sopenharmony_ci allow = clnt; 4174e1051a39Sopenharmony_ci 4175e1051a39Sopenharmony_ci /* If ChaCha20 is at the top of the client preference list, 4176e1051a39Sopenharmony_ci and there are ChaCha20 ciphers in the server list, then 4177e1051a39Sopenharmony_ci temporarily prioritize all ChaCha20 ciphers in the servers list. */ 4178e1051a39Sopenharmony_ci if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) { 4179e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(clnt, 0); 4180e1051a39Sopenharmony_ci if (c->algorithm_enc == SSL_CHACHA20POLY1305) { 4181e1051a39Sopenharmony_ci /* ChaCha20 is client preferred, check server... */ 4182e1051a39Sopenharmony_ci int num = sk_SSL_CIPHER_num(srvr); 4183e1051a39Sopenharmony_ci int found = 0; 4184e1051a39Sopenharmony_ci for (i = 0; i < num; i++) { 4185e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(srvr, i); 4186e1051a39Sopenharmony_ci if (c->algorithm_enc == SSL_CHACHA20POLY1305) { 4187e1051a39Sopenharmony_ci found = 1; 4188e1051a39Sopenharmony_ci break; 4189e1051a39Sopenharmony_ci } 4190e1051a39Sopenharmony_ci } 4191e1051a39Sopenharmony_ci if (found) { 4192e1051a39Sopenharmony_ci prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num); 4193e1051a39Sopenharmony_ci /* if reserve fails, then there's likely a memory issue */ 4194e1051a39Sopenharmony_ci if (prio_chacha != NULL) { 4195e1051a39Sopenharmony_ci /* Put all ChaCha20 at the top, starting with the one we just found */ 4196e1051a39Sopenharmony_ci sk_SSL_CIPHER_push(prio_chacha, c); 4197e1051a39Sopenharmony_ci for (i++; i < num; i++) { 4198e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(srvr, i); 4199e1051a39Sopenharmony_ci if (c->algorithm_enc == SSL_CHACHA20POLY1305) 4200e1051a39Sopenharmony_ci sk_SSL_CIPHER_push(prio_chacha, c); 4201e1051a39Sopenharmony_ci } 4202e1051a39Sopenharmony_ci /* Pull in the rest */ 4203e1051a39Sopenharmony_ci for (i = 0; i < num; i++) { 4204e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(srvr, i); 4205e1051a39Sopenharmony_ci if (c->algorithm_enc != SSL_CHACHA20POLY1305) 4206e1051a39Sopenharmony_ci sk_SSL_CIPHER_push(prio_chacha, c); 4207e1051a39Sopenharmony_ci } 4208e1051a39Sopenharmony_ci prio = prio_chacha; 4209e1051a39Sopenharmony_ci } 4210e1051a39Sopenharmony_ci } 4211e1051a39Sopenharmony_ci } 4212e1051a39Sopenharmony_ci } 4213e1051a39Sopenharmony_ci } else { 4214e1051a39Sopenharmony_ci prio = clnt; 4215e1051a39Sopenharmony_ci allow = srvr; 4216e1051a39Sopenharmony_ci } 4217e1051a39Sopenharmony_ci 4218e1051a39Sopenharmony_ci if (SSL_IS_TLS13(s)) { 4219e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_PSK 4220e1051a39Sopenharmony_ci int j; 4221e1051a39Sopenharmony_ci 4222e1051a39Sopenharmony_ci /* 4223e1051a39Sopenharmony_ci * If we allow "old" style PSK callbacks, and we have no certificate (so 4224e1051a39Sopenharmony_ci * we're not going to succeed without a PSK anyway), and we're in 4225e1051a39Sopenharmony_ci * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the 4226e1051a39Sopenharmony_ci * TLSv1.3 spec). Therefore we should prioritise ciphersuites using 4227e1051a39Sopenharmony_ci * that. 4228e1051a39Sopenharmony_ci */ 4229e1051a39Sopenharmony_ci if (s->psk_server_callback != NULL) { 4230e1051a39Sopenharmony_ci for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++); 4231e1051a39Sopenharmony_ci if (j == SSL_PKEY_NUM) { 4232e1051a39Sopenharmony_ci /* There are no certificates */ 4233e1051a39Sopenharmony_ci prefer_sha256 = 1; 4234e1051a39Sopenharmony_ci } 4235e1051a39Sopenharmony_ci } 4236e1051a39Sopenharmony_ci#endif 4237e1051a39Sopenharmony_ci } else { 4238e1051a39Sopenharmony_ci tls1_set_cert_validity(s); 4239e1051a39Sopenharmony_ci ssl_set_masks(s); 4240e1051a39Sopenharmony_ci } 4241e1051a39Sopenharmony_ci 4242e1051a39Sopenharmony_ci for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 4243e1051a39Sopenharmony_ci c = sk_SSL_CIPHER_value(prio, i); 4244e1051a39Sopenharmony_ci 4245e1051a39Sopenharmony_ci /* Skip ciphers not supported by the protocol version */ 4246e1051a39Sopenharmony_ci if (!SSL_IS_DTLS(s) && 4247e1051a39Sopenharmony_ci ((s->version < c->min_tls) || (s->version > c->max_tls))) 4248e1051a39Sopenharmony_ci continue; 4249e1051a39Sopenharmony_ci if (SSL_IS_DTLS(s) && 4250e1051a39Sopenharmony_ci (DTLS_VERSION_LT(s->version, c->min_dtls) || 4251e1051a39Sopenharmony_ci DTLS_VERSION_GT(s->version, c->max_dtls))) 4252e1051a39Sopenharmony_ci continue; 4253e1051a39Sopenharmony_ci 4254e1051a39Sopenharmony_ci /* 4255e1051a39Sopenharmony_ci * Since TLS 1.3 ciphersuites can be used with any auth or 4256e1051a39Sopenharmony_ci * key exchange scheme skip tests. 4257e1051a39Sopenharmony_ci */ 4258e1051a39Sopenharmony_ci if (!SSL_IS_TLS13(s)) { 4259e1051a39Sopenharmony_ci mask_k = s->s3.tmp.mask_k; 4260e1051a39Sopenharmony_ci mask_a = s->s3.tmp.mask_a; 4261e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SRP 4262e1051a39Sopenharmony_ci if (s->srp_ctx.srp_Mask & SSL_kSRP) { 4263e1051a39Sopenharmony_ci mask_k |= SSL_kSRP; 4264e1051a39Sopenharmony_ci mask_a |= SSL_aSRP; 4265e1051a39Sopenharmony_ci } 4266e1051a39Sopenharmony_ci#endif 4267e1051a39Sopenharmony_ci 4268e1051a39Sopenharmony_ci alg_k = c->algorithm_mkey; 4269e1051a39Sopenharmony_ci alg_a = c->algorithm_auth; 4270e1051a39Sopenharmony_ci 4271e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_PSK 4272e1051a39Sopenharmony_ci /* with PSK there must be server callback set */ 4273e1051a39Sopenharmony_ci if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) 4274e1051a39Sopenharmony_ci continue; 4275e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_PSK */ 4276e1051a39Sopenharmony_ci 4277e1051a39Sopenharmony_ci ok = (alg_k & mask_k) && (alg_a & mask_a); 4278e1051a39Sopenharmony_ci OSSL_TRACE7(TLS_CIPHER, 4279e1051a39Sopenharmony_ci "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", 4280e1051a39Sopenharmony_ci ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); 4281e1051a39Sopenharmony_ci 4282e1051a39Sopenharmony_ci /* 4283e1051a39Sopenharmony_ci * if we are considering an ECC cipher suite that uses an ephemeral 4284e1051a39Sopenharmony_ci * EC key check it 4285e1051a39Sopenharmony_ci */ 4286e1051a39Sopenharmony_ci if (alg_k & SSL_kECDHE) 4287e1051a39Sopenharmony_ci ok = ok && tls1_check_ec_tmp_key(s, c->id); 4288e1051a39Sopenharmony_ci 4289e1051a39Sopenharmony_ci if (!ok) 4290e1051a39Sopenharmony_ci continue; 4291e1051a39Sopenharmony_ci } 4292e1051a39Sopenharmony_ci ii = sk_SSL_CIPHER_find(allow, c); 4293e1051a39Sopenharmony_ci if (ii >= 0) { 4294e1051a39Sopenharmony_ci /* Check security callback permits this cipher */ 4295e1051a39Sopenharmony_ci if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, 4296e1051a39Sopenharmony_ci c->strength_bits, 0, (void *)c)) 4297e1051a39Sopenharmony_ci continue; 4298e1051a39Sopenharmony_ci 4299e1051a39Sopenharmony_ci if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) 4300e1051a39Sopenharmony_ci && s->s3.is_probably_safari) { 4301e1051a39Sopenharmony_ci if (!ret) 4302e1051a39Sopenharmony_ci ret = sk_SSL_CIPHER_value(allow, ii); 4303e1051a39Sopenharmony_ci continue; 4304e1051a39Sopenharmony_ci } 4305e1051a39Sopenharmony_ci 4306e1051a39Sopenharmony_ci if (prefer_sha256) { 4307e1051a39Sopenharmony_ci const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); 4308e1051a39Sopenharmony_ci const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2); 4309e1051a39Sopenharmony_ci 4310e1051a39Sopenharmony_ci if (md != NULL 4311e1051a39Sopenharmony_ci && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { 4312e1051a39Sopenharmony_ci ret = tmp; 4313e1051a39Sopenharmony_ci break; 4314e1051a39Sopenharmony_ci } 4315e1051a39Sopenharmony_ci if (ret == NULL) 4316e1051a39Sopenharmony_ci ret = tmp; 4317e1051a39Sopenharmony_ci continue; 4318e1051a39Sopenharmony_ci } 4319e1051a39Sopenharmony_ci ret = sk_SSL_CIPHER_value(allow, ii); 4320e1051a39Sopenharmony_ci break; 4321e1051a39Sopenharmony_ci } 4322e1051a39Sopenharmony_ci } 4323e1051a39Sopenharmony_ci 4324e1051a39Sopenharmony_ci sk_SSL_CIPHER_free(prio_chacha); 4325e1051a39Sopenharmony_ci 4326e1051a39Sopenharmony_ci return ret; 4327e1051a39Sopenharmony_ci} 4328e1051a39Sopenharmony_ci 4329e1051a39Sopenharmony_ciint ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) 4330e1051a39Sopenharmony_ci{ 4331e1051a39Sopenharmony_ci uint32_t alg_k, alg_a = 0; 4332e1051a39Sopenharmony_ci 4333e1051a39Sopenharmony_ci /* If we have custom certificate types set, use them */ 4334e1051a39Sopenharmony_ci if (s->cert->ctype) 4335e1051a39Sopenharmony_ci return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len); 4336e1051a39Sopenharmony_ci /* Get mask of algorithms disabled by signature list */ 4337e1051a39Sopenharmony_ci ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); 4338e1051a39Sopenharmony_ci 4339e1051a39Sopenharmony_ci alg_k = s->s3.tmp.new_cipher->algorithm_mkey; 4340e1051a39Sopenharmony_ci 4341e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_GOST 4342e1051a39Sopenharmony_ci if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) 4343e1051a39Sopenharmony_ci if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) 4344e1051a39Sopenharmony_ci || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) 4345e1051a39Sopenharmony_ci || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN) 4346e1051a39Sopenharmony_ci || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN) 4347e1051a39Sopenharmony_ci || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN)) 4348e1051a39Sopenharmony_ci return 0; 4349e1051a39Sopenharmony_ci 4350e1051a39Sopenharmony_ci if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18)) 4351e1051a39Sopenharmony_ci if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) 4352e1051a39Sopenharmony_ci || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)) 4353e1051a39Sopenharmony_ci return 0; 4354e1051a39Sopenharmony_ci#endif 4355e1051a39Sopenharmony_ci 4356e1051a39Sopenharmony_ci if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { 4357e1051a39Sopenharmony_ci if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) 4358e1051a39Sopenharmony_ci return 0; 4359e1051a39Sopenharmony_ci if (!(alg_a & SSL_aDSS) 4360e1051a39Sopenharmony_ci && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) 4361e1051a39Sopenharmony_ci return 0; 4362e1051a39Sopenharmony_ci } 4363e1051a39Sopenharmony_ci if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) 4364e1051a39Sopenharmony_ci return 0; 4365e1051a39Sopenharmony_ci if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) 4366e1051a39Sopenharmony_ci return 0; 4367e1051a39Sopenharmony_ci 4368e1051a39Sopenharmony_ci /* 4369e1051a39Sopenharmony_ci * ECDSA certs can be used with RSA cipher suites too so we don't 4370e1051a39Sopenharmony_ci * need to check for SSL_kECDH or SSL_kECDHE 4371e1051a39Sopenharmony_ci */ 4372e1051a39Sopenharmony_ci if (s->version >= TLS1_VERSION 4373e1051a39Sopenharmony_ci && !(alg_a & SSL_aECDSA) 4374e1051a39Sopenharmony_ci && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) 4375e1051a39Sopenharmony_ci return 0; 4376e1051a39Sopenharmony_ci 4377e1051a39Sopenharmony_ci return 1; 4378e1051a39Sopenharmony_ci} 4379e1051a39Sopenharmony_ci 4380e1051a39Sopenharmony_cistatic int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) 4381e1051a39Sopenharmony_ci{ 4382e1051a39Sopenharmony_ci OPENSSL_free(c->ctype); 4383e1051a39Sopenharmony_ci c->ctype = NULL; 4384e1051a39Sopenharmony_ci c->ctype_len = 0; 4385e1051a39Sopenharmony_ci if (p == NULL || len == 0) 4386e1051a39Sopenharmony_ci return 1; 4387e1051a39Sopenharmony_ci if (len > 0xff) 4388e1051a39Sopenharmony_ci return 0; 4389e1051a39Sopenharmony_ci c->ctype = OPENSSL_memdup(p, len); 4390e1051a39Sopenharmony_ci if (c->ctype == NULL) 4391e1051a39Sopenharmony_ci return 0; 4392e1051a39Sopenharmony_ci c->ctype_len = len; 4393e1051a39Sopenharmony_ci return 1; 4394e1051a39Sopenharmony_ci} 4395e1051a39Sopenharmony_ci 4396e1051a39Sopenharmony_ciint ssl3_shutdown(SSL *s) 4397e1051a39Sopenharmony_ci{ 4398e1051a39Sopenharmony_ci int ret; 4399e1051a39Sopenharmony_ci 4400e1051a39Sopenharmony_ci /* 4401e1051a39Sopenharmony_ci * Don't do anything much if we have not done the handshake or we don't 4402e1051a39Sopenharmony_ci * want to send messages :-) 4403e1051a39Sopenharmony_ci */ 4404e1051a39Sopenharmony_ci if (s->quiet_shutdown || SSL_in_before(s)) { 4405e1051a39Sopenharmony_ci s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 4406e1051a39Sopenharmony_ci return 1; 4407e1051a39Sopenharmony_ci } 4408e1051a39Sopenharmony_ci 4409e1051a39Sopenharmony_ci if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 4410e1051a39Sopenharmony_ci s->shutdown |= SSL_SENT_SHUTDOWN; 4411e1051a39Sopenharmony_ci ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 4412e1051a39Sopenharmony_ci /* 4413e1051a39Sopenharmony_ci * our shutdown alert has been sent now, and if it still needs to be 4414e1051a39Sopenharmony_ci * written, s->s3.alert_dispatch will be true 4415e1051a39Sopenharmony_ci */ 4416e1051a39Sopenharmony_ci if (s->s3.alert_dispatch) 4417e1051a39Sopenharmony_ci return -1; /* return WANT_WRITE */ 4418e1051a39Sopenharmony_ci } else if (s->s3.alert_dispatch) { 4419e1051a39Sopenharmony_ci /* resend it if not sent */ 4420e1051a39Sopenharmony_ci ret = s->method->ssl_dispatch_alert(s); 4421e1051a39Sopenharmony_ci if (ret == -1) { 4422e1051a39Sopenharmony_ci /* 4423e1051a39Sopenharmony_ci * we only get to return -1 here the 2nd/Nth invocation, we must 4424e1051a39Sopenharmony_ci * have already signalled return 0 upon a previous invocation, 4425e1051a39Sopenharmony_ci * return WANT_WRITE 4426e1051a39Sopenharmony_ci */ 4427e1051a39Sopenharmony_ci return ret; 4428e1051a39Sopenharmony_ci } 4429e1051a39Sopenharmony_ci } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 4430e1051a39Sopenharmony_ci size_t readbytes; 4431e1051a39Sopenharmony_ci /* 4432e1051a39Sopenharmony_ci * If we are waiting for a close from our peer, we are closed 4433e1051a39Sopenharmony_ci */ 4434e1051a39Sopenharmony_ci s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); 4435e1051a39Sopenharmony_ci if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 4436e1051a39Sopenharmony_ci return -1; /* return WANT_READ */ 4437e1051a39Sopenharmony_ci } 4438e1051a39Sopenharmony_ci } 4439e1051a39Sopenharmony_ci 4440e1051a39Sopenharmony_ci if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && 4441e1051a39Sopenharmony_ci !s->s3.alert_dispatch) 4442e1051a39Sopenharmony_ci return 1; 4443e1051a39Sopenharmony_ci else 4444e1051a39Sopenharmony_ci return 0; 4445e1051a39Sopenharmony_ci} 4446e1051a39Sopenharmony_ci 4447e1051a39Sopenharmony_ciint ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) 4448e1051a39Sopenharmony_ci{ 4449e1051a39Sopenharmony_ci clear_sys_error(); 4450e1051a39Sopenharmony_ci if (s->s3.renegotiate) 4451e1051a39Sopenharmony_ci ssl3_renegotiate_check(s, 0); 4452e1051a39Sopenharmony_ci 4453e1051a39Sopenharmony_ci return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, 4454e1051a39Sopenharmony_ci written); 4455e1051a39Sopenharmony_ci} 4456e1051a39Sopenharmony_ci 4457e1051a39Sopenharmony_cistatic int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, 4458e1051a39Sopenharmony_ci size_t *readbytes) 4459e1051a39Sopenharmony_ci{ 4460e1051a39Sopenharmony_ci int ret; 4461e1051a39Sopenharmony_ci 4462e1051a39Sopenharmony_ci clear_sys_error(); 4463e1051a39Sopenharmony_ci if (s->s3.renegotiate) 4464e1051a39Sopenharmony_ci ssl3_renegotiate_check(s, 0); 4465e1051a39Sopenharmony_ci s->s3.in_read_app_data = 1; 4466e1051a39Sopenharmony_ci ret = 4467e1051a39Sopenharmony_ci s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, 4468e1051a39Sopenharmony_ci peek, readbytes); 4469e1051a39Sopenharmony_ci if ((ret == -1) && (s->s3.in_read_app_data == 2)) { 4470e1051a39Sopenharmony_ci /* 4471e1051a39Sopenharmony_ci * ssl3_read_bytes decided to call s->handshake_func, which called 4472e1051a39Sopenharmony_ci * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes 4473e1051a39Sopenharmony_ci * actually found application data and thinks that application data 4474e1051a39Sopenharmony_ci * makes sense here; so disable handshake processing and try to read 4475e1051a39Sopenharmony_ci * application data again. 4476e1051a39Sopenharmony_ci */ 4477e1051a39Sopenharmony_ci ossl_statem_set_in_handshake(s, 1); 4478e1051a39Sopenharmony_ci ret = 4479e1051a39Sopenharmony_ci s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, 4480e1051a39Sopenharmony_ci len, peek, readbytes); 4481e1051a39Sopenharmony_ci ossl_statem_set_in_handshake(s, 0); 4482e1051a39Sopenharmony_ci } else 4483e1051a39Sopenharmony_ci s->s3.in_read_app_data = 0; 4484e1051a39Sopenharmony_ci 4485e1051a39Sopenharmony_ci return ret; 4486e1051a39Sopenharmony_ci} 4487e1051a39Sopenharmony_ci 4488e1051a39Sopenharmony_ciint ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes) 4489e1051a39Sopenharmony_ci{ 4490e1051a39Sopenharmony_ci return ssl3_read_internal(s, buf, len, 0, readbytes); 4491e1051a39Sopenharmony_ci} 4492e1051a39Sopenharmony_ci 4493e1051a39Sopenharmony_ciint ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes) 4494e1051a39Sopenharmony_ci{ 4495e1051a39Sopenharmony_ci return ssl3_read_internal(s, buf, len, 1, readbytes); 4496e1051a39Sopenharmony_ci} 4497e1051a39Sopenharmony_ci 4498e1051a39Sopenharmony_ciint ssl3_renegotiate(SSL *s) 4499e1051a39Sopenharmony_ci{ 4500e1051a39Sopenharmony_ci if (s->handshake_func == NULL) 4501e1051a39Sopenharmony_ci return 1; 4502e1051a39Sopenharmony_ci 4503e1051a39Sopenharmony_ci s->s3.renegotiate = 1; 4504e1051a39Sopenharmony_ci return 1; 4505e1051a39Sopenharmony_ci} 4506e1051a39Sopenharmony_ci 4507e1051a39Sopenharmony_ci/* 4508e1051a39Sopenharmony_ci * Check if we are waiting to do a renegotiation and if so whether now is a 4509e1051a39Sopenharmony_ci * good time to do it. If |initok| is true then we are being called from inside 4510e1051a39Sopenharmony_ci * the state machine so ignore the result of SSL_in_init(s). Otherwise we 4511e1051a39Sopenharmony_ci * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we 4512e1051a39Sopenharmony_ci * should do a renegotiation now and sets up the state machine for it. Otherwise 4513e1051a39Sopenharmony_ci * returns 0. 4514e1051a39Sopenharmony_ci */ 4515e1051a39Sopenharmony_ciint ssl3_renegotiate_check(SSL *s, int initok) 4516e1051a39Sopenharmony_ci{ 4517e1051a39Sopenharmony_ci int ret = 0; 4518e1051a39Sopenharmony_ci 4519e1051a39Sopenharmony_ci if (s->s3.renegotiate) { 4520e1051a39Sopenharmony_ci if (!RECORD_LAYER_read_pending(&s->rlayer) 4521e1051a39Sopenharmony_ci && !RECORD_LAYER_write_pending(&s->rlayer) 4522e1051a39Sopenharmony_ci && (initok || !SSL_in_init(s))) { 4523e1051a39Sopenharmony_ci /* 4524e1051a39Sopenharmony_ci * if we are the server, and we have sent a 'RENEGOTIATE' 4525e1051a39Sopenharmony_ci * message, we need to set the state machine into the renegotiate 4526e1051a39Sopenharmony_ci * state. 4527e1051a39Sopenharmony_ci */ 4528e1051a39Sopenharmony_ci ossl_statem_set_renegotiate(s); 4529e1051a39Sopenharmony_ci s->s3.renegotiate = 0; 4530e1051a39Sopenharmony_ci s->s3.num_renegotiations++; 4531e1051a39Sopenharmony_ci s->s3.total_renegotiations++; 4532e1051a39Sopenharmony_ci ret = 1; 4533e1051a39Sopenharmony_ci } 4534e1051a39Sopenharmony_ci } 4535e1051a39Sopenharmony_ci return ret; 4536e1051a39Sopenharmony_ci} 4537e1051a39Sopenharmony_ci 4538e1051a39Sopenharmony_ci/* 4539e1051a39Sopenharmony_ci * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and 4540e1051a39Sopenharmony_ci * handshake macs if required. 4541e1051a39Sopenharmony_ci * 4542e1051a39Sopenharmony_ci * If PSK and using SHA384 for TLS < 1.2 switch to default. 4543e1051a39Sopenharmony_ci */ 4544e1051a39Sopenharmony_cilong ssl_get_algorithm2(SSL *s) 4545e1051a39Sopenharmony_ci{ 4546e1051a39Sopenharmony_ci long alg2; 4547e1051a39Sopenharmony_ci if (s->s3.tmp.new_cipher == NULL) 4548e1051a39Sopenharmony_ci return -1; 4549e1051a39Sopenharmony_ci alg2 = s->s3.tmp.new_cipher->algorithm2; 4550e1051a39Sopenharmony_ci if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { 4551e1051a39Sopenharmony_ci if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) 4552e1051a39Sopenharmony_ci return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4553e1051a39Sopenharmony_ci } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) { 4554e1051a39Sopenharmony_ci if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384)) 4555e1051a39Sopenharmony_ci return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; 4556e1051a39Sopenharmony_ci } 4557e1051a39Sopenharmony_ci return alg2; 4558e1051a39Sopenharmony_ci} 4559e1051a39Sopenharmony_ci 4560e1051a39Sopenharmony_ci/* 4561e1051a39Sopenharmony_ci * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on 4562e1051a39Sopenharmony_ci * failure, 1 on success. 4563e1051a39Sopenharmony_ci */ 4564e1051a39Sopenharmony_ciint ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, 4565e1051a39Sopenharmony_ci DOWNGRADE dgrd) 4566e1051a39Sopenharmony_ci{ 4567e1051a39Sopenharmony_ci int send_time = 0, ret; 4568e1051a39Sopenharmony_ci 4569e1051a39Sopenharmony_ci if (len < 4) 4570e1051a39Sopenharmony_ci return 0; 4571e1051a39Sopenharmony_ci if (server) 4572e1051a39Sopenharmony_ci send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; 4573e1051a39Sopenharmony_ci else 4574e1051a39Sopenharmony_ci send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; 4575e1051a39Sopenharmony_ci if (send_time) { 4576e1051a39Sopenharmony_ci unsigned long Time = (unsigned long)time(NULL); 4577e1051a39Sopenharmony_ci unsigned char *p = result; 4578e1051a39Sopenharmony_ci 4579e1051a39Sopenharmony_ci l2n(Time, p); 4580e1051a39Sopenharmony_ci ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0); 4581e1051a39Sopenharmony_ci } else { 4582e1051a39Sopenharmony_ci ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0); 4583e1051a39Sopenharmony_ci } 4584e1051a39Sopenharmony_ci 4585e1051a39Sopenharmony_ci if (ret > 0) { 4586e1051a39Sopenharmony_ci if (!ossl_assert(sizeof(tls11downgrade) < len) 4587e1051a39Sopenharmony_ci || !ossl_assert(sizeof(tls12downgrade) < len)) 4588e1051a39Sopenharmony_ci return 0; 4589e1051a39Sopenharmony_ci if (dgrd == DOWNGRADE_TO_1_2) 4590e1051a39Sopenharmony_ci memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, 4591e1051a39Sopenharmony_ci sizeof(tls12downgrade)); 4592e1051a39Sopenharmony_ci else if (dgrd == DOWNGRADE_TO_1_1) 4593e1051a39Sopenharmony_ci memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, 4594e1051a39Sopenharmony_ci sizeof(tls11downgrade)); 4595e1051a39Sopenharmony_ci } 4596e1051a39Sopenharmony_ci 4597e1051a39Sopenharmony_ci return ret; 4598e1051a39Sopenharmony_ci} 4599e1051a39Sopenharmony_ci 4600e1051a39Sopenharmony_ciint ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, 4601e1051a39Sopenharmony_ci int free_pms) 4602e1051a39Sopenharmony_ci{ 4603e1051a39Sopenharmony_ci unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; 4604e1051a39Sopenharmony_ci int ret = 0; 4605e1051a39Sopenharmony_ci 4606e1051a39Sopenharmony_ci if (alg_k & SSL_PSK) { 4607e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_PSK 4608e1051a39Sopenharmony_ci unsigned char *pskpms, *t; 4609e1051a39Sopenharmony_ci size_t psklen = s->s3.tmp.psklen; 4610e1051a39Sopenharmony_ci size_t pskpmslen; 4611e1051a39Sopenharmony_ci 4612e1051a39Sopenharmony_ci /* create PSK premaster_secret */ 4613e1051a39Sopenharmony_ci 4614e1051a39Sopenharmony_ci /* For plain PSK "other_secret" is psklen zeroes */ 4615e1051a39Sopenharmony_ci if (alg_k & SSL_kPSK) 4616e1051a39Sopenharmony_ci pmslen = psklen; 4617e1051a39Sopenharmony_ci 4618e1051a39Sopenharmony_ci pskpmslen = 4 + pmslen + psklen; 4619e1051a39Sopenharmony_ci pskpms = OPENSSL_malloc(pskpmslen); 4620e1051a39Sopenharmony_ci if (pskpms == NULL) 4621e1051a39Sopenharmony_ci goto err; 4622e1051a39Sopenharmony_ci t = pskpms; 4623e1051a39Sopenharmony_ci s2n(pmslen, t); 4624e1051a39Sopenharmony_ci if (alg_k & SSL_kPSK) 4625e1051a39Sopenharmony_ci memset(t, 0, pmslen); 4626e1051a39Sopenharmony_ci else 4627e1051a39Sopenharmony_ci memcpy(t, pms, pmslen); 4628e1051a39Sopenharmony_ci t += pmslen; 4629e1051a39Sopenharmony_ci s2n(psklen, t); 4630e1051a39Sopenharmony_ci memcpy(t, s->s3.tmp.psk, psklen); 4631e1051a39Sopenharmony_ci 4632e1051a39Sopenharmony_ci OPENSSL_clear_free(s->s3.tmp.psk, psklen); 4633e1051a39Sopenharmony_ci s->s3.tmp.psk = NULL; 4634e1051a39Sopenharmony_ci s->s3.tmp.psklen = 0; 4635e1051a39Sopenharmony_ci if (!s->method->ssl3_enc->generate_master_secret(s, 4636e1051a39Sopenharmony_ci s->session->master_key, pskpms, pskpmslen, 4637e1051a39Sopenharmony_ci &s->session->master_key_length)) { 4638e1051a39Sopenharmony_ci OPENSSL_clear_free(pskpms, pskpmslen); 4639e1051a39Sopenharmony_ci /* SSLfatal() already called */ 4640e1051a39Sopenharmony_ci goto err; 4641e1051a39Sopenharmony_ci } 4642e1051a39Sopenharmony_ci OPENSSL_clear_free(pskpms, pskpmslen); 4643e1051a39Sopenharmony_ci#else 4644e1051a39Sopenharmony_ci /* Should never happen */ 4645e1051a39Sopenharmony_ci goto err; 4646e1051a39Sopenharmony_ci#endif 4647e1051a39Sopenharmony_ci } else { 4648e1051a39Sopenharmony_ci if (!s->method->ssl3_enc->generate_master_secret(s, 4649e1051a39Sopenharmony_ci s->session->master_key, pms, pmslen, 4650e1051a39Sopenharmony_ci &s->session->master_key_length)) { 4651e1051a39Sopenharmony_ci /* SSLfatal() already called */ 4652e1051a39Sopenharmony_ci goto err; 4653e1051a39Sopenharmony_ci } 4654e1051a39Sopenharmony_ci } 4655e1051a39Sopenharmony_ci 4656e1051a39Sopenharmony_ci ret = 1; 4657e1051a39Sopenharmony_ci err: 4658e1051a39Sopenharmony_ci if (pms) { 4659e1051a39Sopenharmony_ci if (free_pms) 4660e1051a39Sopenharmony_ci OPENSSL_clear_free(pms, pmslen); 4661e1051a39Sopenharmony_ci else 4662e1051a39Sopenharmony_ci OPENSSL_cleanse(pms, pmslen); 4663e1051a39Sopenharmony_ci } 4664e1051a39Sopenharmony_ci if (s->server == 0) { 4665e1051a39Sopenharmony_ci s->s3.tmp.pms = NULL; 4666e1051a39Sopenharmony_ci s->s3.tmp.pmslen = 0; 4667e1051a39Sopenharmony_ci } 4668e1051a39Sopenharmony_ci return ret; 4669e1051a39Sopenharmony_ci} 4670e1051a39Sopenharmony_ci 4671e1051a39Sopenharmony_ci/* Generate a private key from parameters */ 4672e1051a39Sopenharmony_ciEVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) 4673e1051a39Sopenharmony_ci{ 4674e1051a39Sopenharmony_ci EVP_PKEY_CTX *pctx = NULL; 4675e1051a39Sopenharmony_ci EVP_PKEY *pkey = NULL; 4676e1051a39Sopenharmony_ci 4677e1051a39Sopenharmony_ci if (pm == NULL) 4678e1051a39Sopenharmony_ci return NULL; 4679e1051a39Sopenharmony_ci pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq); 4680e1051a39Sopenharmony_ci if (pctx == NULL) 4681e1051a39Sopenharmony_ci goto err; 4682e1051a39Sopenharmony_ci if (EVP_PKEY_keygen_init(pctx) <= 0) 4683e1051a39Sopenharmony_ci goto err; 4684e1051a39Sopenharmony_ci if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { 4685e1051a39Sopenharmony_ci EVP_PKEY_free(pkey); 4686e1051a39Sopenharmony_ci pkey = NULL; 4687e1051a39Sopenharmony_ci } 4688e1051a39Sopenharmony_ci 4689e1051a39Sopenharmony_ci err: 4690e1051a39Sopenharmony_ci EVP_PKEY_CTX_free(pctx); 4691e1051a39Sopenharmony_ci return pkey; 4692e1051a39Sopenharmony_ci} 4693e1051a39Sopenharmony_ci 4694e1051a39Sopenharmony_ci/* Generate a private key from a group ID */ 4695e1051a39Sopenharmony_ciEVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) 4696e1051a39Sopenharmony_ci{ 4697e1051a39Sopenharmony_ci const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id); 4698e1051a39Sopenharmony_ci EVP_PKEY_CTX *pctx = NULL; 4699e1051a39Sopenharmony_ci EVP_PKEY *pkey = NULL; 4700e1051a39Sopenharmony_ci 4701e1051a39Sopenharmony_ci if (ginf == NULL) { 4702e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4703e1051a39Sopenharmony_ci goto err; 4704e1051a39Sopenharmony_ci } 4705e1051a39Sopenharmony_ci 4706e1051a39Sopenharmony_ci pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, 4707e1051a39Sopenharmony_ci s->ctx->propq); 4708e1051a39Sopenharmony_ci 4709e1051a39Sopenharmony_ci if (pctx == NULL) { 4710e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 4711e1051a39Sopenharmony_ci goto err; 4712e1051a39Sopenharmony_ci } 4713e1051a39Sopenharmony_ci if (EVP_PKEY_keygen_init(pctx) <= 0) { 4714e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); 4715e1051a39Sopenharmony_ci goto err; 4716e1051a39Sopenharmony_ci } 4717e1051a39Sopenharmony_ci if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) { 4718e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); 4719e1051a39Sopenharmony_ci goto err; 4720e1051a39Sopenharmony_ci } 4721e1051a39Sopenharmony_ci if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { 4722e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); 4723e1051a39Sopenharmony_ci EVP_PKEY_free(pkey); 4724e1051a39Sopenharmony_ci pkey = NULL; 4725e1051a39Sopenharmony_ci } 4726e1051a39Sopenharmony_ci 4727e1051a39Sopenharmony_ci err: 4728e1051a39Sopenharmony_ci EVP_PKEY_CTX_free(pctx); 4729e1051a39Sopenharmony_ci return pkey; 4730e1051a39Sopenharmony_ci} 4731e1051a39Sopenharmony_ci 4732e1051a39Sopenharmony_ci/* 4733e1051a39Sopenharmony_ci * Generate parameters from a group ID 4734e1051a39Sopenharmony_ci */ 4735e1051a39Sopenharmony_ciEVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) 4736e1051a39Sopenharmony_ci{ 4737e1051a39Sopenharmony_ci EVP_PKEY_CTX *pctx = NULL; 4738e1051a39Sopenharmony_ci EVP_PKEY *pkey = NULL; 4739e1051a39Sopenharmony_ci const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id); 4740e1051a39Sopenharmony_ci 4741e1051a39Sopenharmony_ci if (ginf == NULL) 4742e1051a39Sopenharmony_ci goto err; 4743e1051a39Sopenharmony_ci 4744e1051a39Sopenharmony_ci pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, 4745e1051a39Sopenharmony_ci s->ctx->propq); 4746e1051a39Sopenharmony_ci 4747e1051a39Sopenharmony_ci if (pctx == NULL) 4748e1051a39Sopenharmony_ci goto err; 4749e1051a39Sopenharmony_ci if (EVP_PKEY_paramgen_init(pctx) <= 0) 4750e1051a39Sopenharmony_ci goto err; 4751e1051a39Sopenharmony_ci if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) { 4752e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); 4753e1051a39Sopenharmony_ci goto err; 4754e1051a39Sopenharmony_ci } 4755e1051a39Sopenharmony_ci if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) { 4756e1051a39Sopenharmony_ci EVP_PKEY_free(pkey); 4757e1051a39Sopenharmony_ci pkey = NULL; 4758e1051a39Sopenharmony_ci } 4759e1051a39Sopenharmony_ci 4760e1051a39Sopenharmony_ci err: 4761e1051a39Sopenharmony_ci EVP_PKEY_CTX_free(pctx); 4762e1051a39Sopenharmony_ci return pkey; 4763e1051a39Sopenharmony_ci} 4764e1051a39Sopenharmony_ci 4765e1051a39Sopenharmony_ci/* Generate secrets from pms */ 4766e1051a39Sopenharmony_ciint ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen) 4767e1051a39Sopenharmony_ci{ 4768e1051a39Sopenharmony_ci int rv = 0; 4769e1051a39Sopenharmony_ci 4770e1051a39Sopenharmony_ci /* SSLfatal() called as appropriate in the below functions */ 4771e1051a39Sopenharmony_ci if (SSL_IS_TLS13(s)) { 4772e1051a39Sopenharmony_ci /* 4773e1051a39Sopenharmony_ci * If we are resuming then we already generated the early secret 4774e1051a39Sopenharmony_ci * when we created the ClientHello, so don't recreate it. 4775e1051a39Sopenharmony_ci */ 4776e1051a39Sopenharmony_ci if (!s->hit) 4777e1051a39Sopenharmony_ci rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 4778e1051a39Sopenharmony_ci 0, 4779e1051a39Sopenharmony_ci (unsigned char *)&s->early_secret); 4780e1051a39Sopenharmony_ci else 4781e1051a39Sopenharmony_ci rv = 1; 4782e1051a39Sopenharmony_ci 4783e1051a39Sopenharmony_ci rv = rv && tls13_generate_handshake_secret(s, pms, pmslen); 4784e1051a39Sopenharmony_ci } else { 4785e1051a39Sopenharmony_ci rv = ssl_generate_master_secret(s, pms, pmslen, 0); 4786e1051a39Sopenharmony_ci } 4787e1051a39Sopenharmony_ci 4788e1051a39Sopenharmony_ci return rv; 4789e1051a39Sopenharmony_ci} 4790e1051a39Sopenharmony_ci 4791e1051a39Sopenharmony_ci/* Derive secrets for ECDH/DH */ 4792e1051a39Sopenharmony_ciint ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) 4793e1051a39Sopenharmony_ci{ 4794e1051a39Sopenharmony_ci int rv = 0; 4795e1051a39Sopenharmony_ci unsigned char *pms = NULL; 4796e1051a39Sopenharmony_ci size_t pmslen = 0; 4797e1051a39Sopenharmony_ci EVP_PKEY_CTX *pctx; 4798e1051a39Sopenharmony_ci 4799e1051a39Sopenharmony_ci if (privkey == NULL || pubkey == NULL) { 4800e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4801e1051a39Sopenharmony_ci return 0; 4802e1051a39Sopenharmony_ci } 4803e1051a39Sopenharmony_ci 4804e1051a39Sopenharmony_ci pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); 4805e1051a39Sopenharmony_ci 4806e1051a39Sopenharmony_ci if (EVP_PKEY_derive_init(pctx) <= 0 4807e1051a39Sopenharmony_ci || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0 4808e1051a39Sopenharmony_ci || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) { 4809e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4810e1051a39Sopenharmony_ci goto err; 4811e1051a39Sopenharmony_ci } 4812e1051a39Sopenharmony_ci 4813e1051a39Sopenharmony_ci if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) 4814e1051a39Sopenharmony_ci EVP_PKEY_CTX_set_dh_pad(pctx, 1); 4815e1051a39Sopenharmony_ci 4816e1051a39Sopenharmony_ci pms = OPENSSL_malloc(pmslen); 4817e1051a39Sopenharmony_ci if (pms == NULL) { 4818e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 4819e1051a39Sopenharmony_ci goto err; 4820e1051a39Sopenharmony_ci } 4821e1051a39Sopenharmony_ci 4822e1051a39Sopenharmony_ci if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) { 4823e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4824e1051a39Sopenharmony_ci goto err; 4825e1051a39Sopenharmony_ci } 4826e1051a39Sopenharmony_ci 4827e1051a39Sopenharmony_ci if (gensecret) { 4828e1051a39Sopenharmony_ci /* SSLfatal() called as appropriate in the below functions */ 4829e1051a39Sopenharmony_ci rv = ssl_gensecret(s, pms, pmslen); 4830e1051a39Sopenharmony_ci } else { 4831e1051a39Sopenharmony_ci /* Save premaster secret */ 4832e1051a39Sopenharmony_ci s->s3.tmp.pms = pms; 4833e1051a39Sopenharmony_ci s->s3.tmp.pmslen = pmslen; 4834e1051a39Sopenharmony_ci pms = NULL; 4835e1051a39Sopenharmony_ci rv = 1; 4836e1051a39Sopenharmony_ci } 4837e1051a39Sopenharmony_ci 4838e1051a39Sopenharmony_ci err: 4839e1051a39Sopenharmony_ci OPENSSL_clear_free(pms, pmslen); 4840e1051a39Sopenharmony_ci EVP_PKEY_CTX_free(pctx); 4841e1051a39Sopenharmony_ci return rv; 4842e1051a39Sopenharmony_ci} 4843e1051a39Sopenharmony_ci 4844e1051a39Sopenharmony_ci/* Decapsulate secrets for KEM */ 4845e1051a39Sopenharmony_ciint ssl_decapsulate(SSL *s, EVP_PKEY *privkey, 4846e1051a39Sopenharmony_ci const unsigned char *ct, size_t ctlen, 4847e1051a39Sopenharmony_ci int gensecret) 4848e1051a39Sopenharmony_ci{ 4849e1051a39Sopenharmony_ci int rv = 0; 4850e1051a39Sopenharmony_ci unsigned char *pms = NULL; 4851e1051a39Sopenharmony_ci size_t pmslen = 0; 4852e1051a39Sopenharmony_ci EVP_PKEY_CTX *pctx; 4853e1051a39Sopenharmony_ci 4854e1051a39Sopenharmony_ci if (privkey == NULL) { 4855e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4856e1051a39Sopenharmony_ci return 0; 4857e1051a39Sopenharmony_ci } 4858e1051a39Sopenharmony_ci 4859e1051a39Sopenharmony_ci pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); 4860e1051a39Sopenharmony_ci 4861e1051a39Sopenharmony_ci if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0 4862e1051a39Sopenharmony_ci || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { 4863e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4864e1051a39Sopenharmony_ci goto err; 4865e1051a39Sopenharmony_ci } 4866e1051a39Sopenharmony_ci 4867e1051a39Sopenharmony_ci pms = OPENSSL_malloc(pmslen); 4868e1051a39Sopenharmony_ci if (pms == NULL) { 4869e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 4870e1051a39Sopenharmony_ci goto err; 4871e1051a39Sopenharmony_ci } 4872e1051a39Sopenharmony_ci 4873e1051a39Sopenharmony_ci if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) { 4874e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4875e1051a39Sopenharmony_ci goto err; 4876e1051a39Sopenharmony_ci } 4877e1051a39Sopenharmony_ci 4878e1051a39Sopenharmony_ci if (gensecret) { 4879e1051a39Sopenharmony_ci /* SSLfatal() called as appropriate in the below functions */ 4880e1051a39Sopenharmony_ci rv = ssl_gensecret(s, pms, pmslen); 4881e1051a39Sopenharmony_ci } else { 4882e1051a39Sopenharmony_ci /* Save premaster secret */ 4883e1051a39Sopenharmony_ci s->s3.tmp.pms = pms; 4884e1051a39Sopenharmony_ci s->s3.tmp.pmslen = pmslen; 4885e1051a39Sopenharmony_ci pms = NULL; 4886e1051a39Sopenharmony_ci rv = 1; 4887e1051a39Sopenharmony_ci } 4888e1051a39Sopenharmony_ci 4889e1051a39Sopenharmony_ci err: 4890e1051a39Sopenharmony_ci OPENSSL_clear_free(pms, pmslen); 4891e1051a39Sopenharmony_ci EVP_PKEY_CTX_free(pctx); 4892e1051a39Sopenharmony_ci return rv; 4893e1051a39Sopenharmony_ci} 4894e1051a39Sopenharmony_ci 4895e1051a39Sopenharmony_ciint ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, 4896e1051a39Sopenharmony_ci unsigned char **ctp, size_t *ctlenp, 4897e1051a39Sopenharmony_ci int gensecret) 4898e1051a39Sopenharmony_ci{ 4899e1051a39Sopenharmony_ci int rv = 0; 4900e1051a39Sopenharmony_ci unsigned char *pms = NULL, *ct = NULL; 4901e1051a39Sopenharmony_ci size_t pmslen = 0, ctlen = 0; 4902e1051a39Sopenharmony_ci EVP_PKEY_CTX *pctx; 4903e1051a39Sopenharmony_ci 4904e1051a39Sopenharmony_ci if (pubkey == NULL) { 4905e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4906e1051a39Sopenharmony_ci return 0; 4907e1051a39Sopenharmony_ci } 4908e1051a39Sopenharmony_ci 4909e1051a39Sopenharmony_ci pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq); 4910e1051a39Sopenharmony_ci 4911e1051a39Sopenharmony_ci if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0 4912e1051a39Sopenharmony_ci || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 4913e1051a39Sopenharmony_ci || pmslen == 0 || ctlen == 0) { 4914e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4915e1051a39Sopenharmony_ci goto err; 4916e1051a39Sopenharmony_ci } 4917e1051a39Sopenharmony_ci 4918e1051a39Sopenharmony_ci pms = OPENSSL_malloc(pmslen); 4919e1051a39Sopenharmony_ci ct = OPENSSL_malloc(ctlen); 4920e1051a39Sopenharmony_ci if (pms == NULL || ct == NULL) { 4921e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 4922e1051a39Sopenharmony_ci goto err; 4923e1051a39Sopenharmony_ci } 4924e1051a39Sopenharmony_ci 4925e1051a39Sopenharmony_ci if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) { 4926e1051a39Sopenharmony_ci SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4927e1051a39Sopenharmony_ci goto err; 4928e1051a39Sopenharmony_ci } 4929e1051a39Sopenharmony_ci 4930e1051a39Sopenharmony_ci if (gensecret) { 4931e1051a39Sopenharmony_ci /* SSLfatal() called as appropriate in the below functions */ 4932e1051a39Sopenharmony_ci rv = ssl_gensecret(s, pms, pmslen); 4933e1051a39Sopenharmony_ci } else { 4934e1051a39Sopenharmony_ci /* Save premaster secret */ 4935e1051a39Sopenharmony_ci s->s3.tmp.pms = pms; 4936e1051a39Sopenharmony_ci s->s3.tmp.pmslen = pmslen; 4937e1051a39Sopenharmony_ci pms = NULL; 4938e1051a39Sopenharmony_ci rv = 1; 4939e1051a39Sopenharmony_ci } 4940e1051a39Sopenharmony_ci 4941e1051a39Sopenharmony_ci if (rv > 0) { 4942e1051a39Sopenharmony_ci /* Pass ownership of ct to caller */ 4943e1051a39Sopenharmony_ci *ctp = ct; 4944e1051a39Sopenharmony_ci *ctlenp = ctlen; 4945e1051a39Sopenharmony_ci ct = NULL; 4946e1051a39Sopenharmony_ci } 4947e1051a39Sopenharmony_ci 4948e1051a39Sopenharmony_ci err: 4949e1051a39Sopenharmony_ci OPENSSL_clear_free(pms, pmslen); 4950e1051a39Sopenharmony_ci OPENSSL_free(ct); 4951e1051a39Sopenharmony_ci EVP_PKEY_CTX_free(pctx); 4952e1051a39Sopenharmony_ci return rv; 4953e1051a39Sopenharmony_ci} 4954e1051a39Sopenharmony_ci 4955e1051a39Sopenharmony_ciconst char *SSL_group_to_name(SSL *s, int nid) { 4956e1051a39Sopenharmony_ci int group_id = 0; 4957e1051a39Sopenharmony_ci const TLS_GROUP_INFO *cinf = NULL; 4958e1051a39Sopenharmony_ci 4959e1051a39Sopenharmony_ci /* first convert to real group id for internal and external IDs */ 4960e1051a39Sopenharmony_ci if (nid & TLSEXT_nid_unknown) 4961e1051a39Sopenharmony_ci group_id = nid & 0xFFFF; 4962e1051a39Sopenharmony_ci else 4963e1051a39Sopenharmony_ci group_id = tls1_nid2group_id(nid); 4964e1051a39Sopenharmony_ci 4965e1051a39Sopenharmony_ci /* then look up */ 4966e1051a39Sopenharmony_ci cinf = tls1_group_id_lookup(s->ctx, group_id); 4967e1051a39Sopenharmony_ci 4968e1051a39Sopenharmony_ci if (cinf != NULL) 4969e1051a39Sopenharmony_ci return cinf->tlsname; 4970e1051a39Sopenharmony_ci return NULL; 4971e1051a39Sopenharmony_ci} 4972