summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-05-23 16:33:35 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-05-23 16:33:35 +0000
commit0e587a35e0237ed126ccc22143cb6e3af00b714d (patch)
treea8feac048f08fa810068cba5c71640ccf066ccdc /lib/libssl
parent0fad6330c64d44506f56040f61c9c93dce928fd0 (diff)
Clean up the SSL cipher initialisation and use C99 initialisers for
clarity, grepability and to protect from future field reordering/removal. ok miod@
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/s3_lib.c3421
1 files changed, 1712 insertions, 1709 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 0bb74760f2d..f14cbd0c99c 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -168,725 +168,725 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
/* list of available SSLv3 ciphers (sorted by id) */
SSL_CIPHER ssl3_ciphers[] = {
-/* The RSA ciphers */
-/* Cipher 01 */
- {
- 1,
- SSL3_TXT_RSA_NULL_MD5,
- SSL3_CK_RSA_NULL_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eNULL,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
- },
-
-/* Cipher 02 */
- {
- 1,
- SSL3_TXT_RSA_NULL_SHA,
- SSL3_CK_RSA_NULL_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
- },
-
-/* Cipher 03 */
- {
- 1,
- SSL3_TXT_RSA_RC4_40_MD5,
- SSL3_CK_RSA_RC4_40_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 04 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
- SSL3_CK_RSA_RC4_128_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 05 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
- SSL3_CK_RSA_RC4_128_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 06 */
- {
- 1,
- SSL3_TXT_RSA_RC2_40_MD5,
- SSL3_CK_RSA_RC2_40_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC2,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 07 */
+ /* The RSA ciphers */
+ /* Cipher 01 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_NULL_MD5,
+ .id = SSL3_CK_RSA_NULL_MD5,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
+ },
+
+ /* Cipher 02 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_NULL_SHA,
+ .id = SSL3_CK_RSA_NULL_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
+ },
+
+ /* Cipher 03 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_RC4_40_MD5,
+ .id = SSL3_CK_RSA_RC4_40_MD5,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 04 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_RC4_128_MD5,
+ .id = SSL3_CK_RSA_RC4_128_MD5,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 05 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_RC4_128_SHA,
+ .id = SSL3_CK_RSA_RC4_128_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 06 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_RC2_40_MD5,
+ .id = SSL3_CK_RSA_RC2_40_MD5,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_RC2,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
{
- 1,
- SSL3_TXT_RSA_IDEA_128_SHA,
- SSL3_CK_RSA_IDEA_128_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_IDEA,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = SSL3_TXT_RSA_IDEA_128_SHA,
+ .id = SSL3_CK_RSA_IDEA_128_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_IDEA,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
#endif
-/* Cipher 08 */
- {
- 1,
- SSL3_TXT_RSA_DES_40_CBC_SHA,
- SSL3_CK_RSA_DES_40_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 09 */
- {
- 1,
- SSL3_TXT_RSA_DES_64_CBC_SHA,
- SSL3_CK_RSA_DES_64_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 0A */
- {
- 1,
- SSL3_TXT_RSA_DES_192_CBC3_SHA,
- SSL3_CK_RSA_DES_192_CBC3_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
- },
-
-/* The DH ciphers */
-/* Cipher 0B */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
- SSL3_CK_DH_DSS_DES_40_CBC_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 0C */
- {
- 0, /* not implemented (non-ephemeral DH) */
- SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
- SSL3_CK_DH_DSS_DES_64_CBC_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 0D */
- {
- 0, /* not implemented (non-ephemeral DH) */
- SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
- },
-
-/* Cipher 0E */
- {
- 0, /* not implemented (non-ephemeral DH) */
- SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
- SSL3_CK_DH_RSA_DES_40_CBC_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 0F */
- {
- 0, /* not implemented (non-ephemeral DH) */
- SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
- SSL3_CK_DH_RSA_DES_64_CBC_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 10 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
- },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 12 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 13 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
- },
-
-/* Cipher 14 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 56,
- },
-
-/* Cipher 15 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 16 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
- },
-
-/* Cipher 17 */
- {
- 1,
- SSL3_TXT_ADH_RC4_40_MD5,
- SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH,
- SSL_aNULL,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 18 */
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
- SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH,
- SSL_aNULL,
- SSL_RC4,
- SSL_MD5,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 19 */
- {
- 1,
- SSL3_TXT_ADH_DES_40_CBC_SHA,
- SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 40,
- 128,
- },
-
-/* Cipher 1A */
- {
- 1,
- SSL3_TXT_ADH_DES_64_CBC_SHA,
- SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 56,
- 56,
- },
-
-/* Cipher 1B */
- {
- 1,
- SSL3_TXT_ADH_DES_192_CBC_SHA,
- SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
- },
-
-/* New AES ciphersuites */
-/* Cipher 2F */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_128_SHA,
- TLS1_CK_RSA_WITH_AES_128_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-/* Cipher 30 */
- {
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-/* Cipher 31 */
- {
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-/* Cipher 32 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-/* Cipher 33 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-/* Cipher 34 */
- {
- 1,
- TLS1_TXT_ADH_WITH_AES_128_SHA,
- TLS1_CK_ADH_WITH_AES_128_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
- },
-
-/* Cipher 35 */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_256_SHA,
- TLS1_CK_RSA_WITH_AES_256_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-/* Cipher 36 */
- {
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
-/* Cipher 37 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
-/* Cipher 38 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
-
-/* Cipher 39 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ /* Cipher 08 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_DES_40_CBC_SHA,
+ .id = SSL3_CK_RSA_DES_40_CBC_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 09 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_DES_64_CBC_SHA,
+ .id = SSL3_CK_RSA_DES_64_CBC_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_LOW,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 56,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 0A */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
+ .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
+ },
+
+ /* The DH ciphers */
+ /* Cipher 0B */
+ {
+ .valid = 0,
+ .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+ .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 0C */
+ {
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+ .id = SSL3_CK_DH_DSS_DES_64_CBC_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_LOW,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 56,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 0D */
+ {
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+ .id = SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
+ },
+
+ /* Cipher 0E */
+ {
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+ .id = SSL3_CK_DH_RSA_DES_40_CBC_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 0F */
+ {
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+ .id = SSL3_CK_DH_RSA_DES_64_CBC_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_LOW,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 56,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 10 */
+ {
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+ .id = SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
+ },
+
+ /* The Ephemeral DH ciphers */
+ /* Cipher 11 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+ .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 12 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+ .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_LOW,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 56,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 13 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+ .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
+ },
+
+ /* Cipher 14 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+ .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 15 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+ .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_LOW,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 56,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 16 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+ .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
+ },
+
+ /* Cipher 17 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_ADH_RC4_40_MD5,
+ .id = SSL3_CK_ADH_RC4_40_MD5,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 18 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_ADH_RC4_128_MD5,
+ .id = SSL3_CK_ADH_RC4_128_MD5,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 19 */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_ADH_DES_40_CBC_SHA,
+ .id = SSL3_CK_ADH_DES_40_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_EXPORT|SSL_EXP40,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 40,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 1A */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
+ .id = SSL3_CK_ADH_DES_64_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_LOW,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 56,
+ .alg_bits = 56,
+ },
+
+ /* Cipher 1B */
+ {
+ .valid = 1,
+ .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
+ .id = SSL3_CK_ADH_DES_192_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_SSLV3,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
+ },
+
+ /* New AES ciphersuites */
+ /* Cipher 2F */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
+ .id = TLS1_CK_RSA_WITH_AES_128_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+ /* Cipher 30 */
+ {
+ .valid = 0,
+ .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+ .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+ /* Cipher 31 */
+ {
+ .valid = 0,
+ .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+ .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+ /* Cipher 32 */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+ .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+ /* Cipher 33 */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+ .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+ /* Cipher 34 */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
+ .id = TLS1_CK_ADH_WITH_AES_128_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 35 */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
+ .id = TLS1_CK_RSA_WITH_AES_256_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+ /* Cipher 36 */
+ {
+ .valid = 0,
+ .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+ .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+
+ /* Cipher 37 */
+ {
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+ .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+
+ /* Cipher 38 */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+ .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+
+ /* Cipher 39 */
+ {
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+ .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 3A */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_256_SHA,
- TLS1_CK_ADH_WITH_AES_256_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
+ .id = TLS1_CK_ADH_WITH_AES_256_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* TLS v1.2 ciphersuites */
/* Cipher 3B */
{
- 1,
- TLS1_TXT_RSA_WITH_NULL_SHA256,
- TLS1_CK_RSA_WITH_NULL_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eNULL,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
+ .id = TLS1_CK_RSA_WITH_NULL_SHA256,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
},
/* Cipher 3C */
{
- 1,
- TLS1_TXT_RSA_WITH_AES_128_SHA256,
- TLS1_CK_RSA_WITH_AES_128_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 3D */
{
- 1,
- TLS1_TXT_RSA_WITH_AES_256_SHA256,
- TLS1_CK_RSA_WITH_AES_256_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
+ .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 3E */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
+ .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 3F */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 40 */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
- TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
- SSL_kEDH,
- SSL_aDSS,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+ .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
#ifndef OPENSSL_NO_CAMELLIA
@@ -894,271 +894,273 @@ SSL_CIPHER ssl3_ciphers[] = {
/* Cipher 41 */
{
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_CAMELLIA128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 42 */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_CAMELLIA128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 43 */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_CAMELLIA128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 44 */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_CAMELLIA128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 45 */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_CAMELLIA128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 46 */
{
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_CAMELLIA128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_CAMELLIA128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
#endif /* OPENSSL_NO_CAMELLIA */
/* TLS v1.2 ciphersuites */
/* Cipher 67 */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
- SSL_kEDH,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 68 */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
+ .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 69 */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
+ .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 6A */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
- TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
- SSL_kEDH,
- SSL_aDSS,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+ .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 6B */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
- SSL_kEDH,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+ .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 6C */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_128_SHA256,
- TLS1_CK_ADH_WITH_AES_128_SHA256,
- SSL_kEDH,
- SSL_aNULL,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
+ .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 6D */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_256_SHA256,
- TLS1_CK_ADH_WITH_AES_256_SHA256,
- SSL_kEDH,
- SSL_aNULL,
- SSL_AES256,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
+ .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* GOST Ciphersuites */
{
- 1,
- "GOST94-GOST89-GOST89",
- 0x3000080,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
- 256,
- 256
- },
- {
- 1,
- "GOST2001-GOST89-GOST89",
- 0x3000081,
- SSL_kGOST,
- SSL_aGOST01,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
- 256,
- 256
- },
- {
- 1,
- "GOST94-NULL-GOST94",
- 0x3000082,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eNULL,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
- 0,
- 0
- },
- {
- 1,
- "GOST2001-NULL-GOST94",
- 0x3000083,
- SSL_kGOST,
- SSL_aGOST01,
- SSL_eNULL,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
- 0,
- 0
+ .valid = 1,
+ .name = "GOST94-GOST89-GOST89",
+ .id = 0x3000080,
+ .algorithm_mkey = SSL_kGOST,
+ .algorithm_auth = SSL_aGOST94,
+ .algorithm_enc = SSL_eGOST2814789CNT,
+ .algorithm_mac = SSL_GOST89MAC,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
+ TLS1_STREAM_MAC,
+ .strength_bits = 256,
+ .alg_bits = 256
+ },
+ {
+ .valid = 1,
+ .name = "GOST2001-GOST89-GOST89",
+ .id = 0x3000081,
+ .algorithm_mkey = SSL_kGOST,
+ .algorithm_auth = SSL_aGOST01,
+ .algorithm_enc = SSL_eGOST2814789CNT,
+ .algorithm_mac = SSL_GOST89MAC,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
+ TLS1_STREAM_MAC,
+ .strength_bits = 256,
+ .alg_bits = 256
+ },
+ {
+ .valid = 1,
+ .name = "GOST94-NULL-GOST94",
+ .id = 0x3000082,
+ .algorithm_mkey = SSL_kGOST,
+ .algorithm_auth = SSL_aGOST94,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_GOST94,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE,
+ .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
+ .strength_bits = 0,
+ .alg_bits = 0
+ },
+ {
+ .valid = 1,
+ .name = "GOST2001-NULL-GOST94",
+ .id = 0x3000083,
+ .algorithm_mkey = SSL_kGOST,
+ .algorithm_auth = SSL_aGOST01,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_GOST94,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE,
+ .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
+ .strength_bits = 0,
+ .alg_bits = 0
},
#ifndef OPENSSL_NO_CAMELLIA
@@ -1166,163 +1168,164 @@ SSL_CIPHER ssl3_ciphers[] = {
/* Cipher 84 */
{
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_CAMELLIA256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
+
/* Cipher 85 */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_CAMELLIA256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 86 */
{
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 0, /* not implemented (non-ephemeral DH) */
+ .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_CAMELLIA256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 87 */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
- SSL_aDSS,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_CAMELLIA256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 88 */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
- SSL_aRSA,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_CAMELLIA256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 89 */
{
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
- SSL_aNULL,
- SSL_CAMELLIA256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_CAMELLIA256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_PSK
/* Cipher 8A */
{
- 1,
- TLS1_TXT_PSK_WITH_RC4_128_SHA,
- TLS1_CK_PSK_WITH_RC4_128_SHA,
- SSL_kPSK,
- SSL_aPSK,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_PSK_WITH_RC4_128_SHA,
+ .id = TLS1_CK_PSK_WITH_RC4_128_SHA,
+ .algorithm_mkey = SSL_kPSK,
+ .algorithm_auth = SSL_aPSK,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 8B */
{
- 1,
- TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
- TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
- SSL_kPSK,
- SSL_aPSK,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
+ .valid = 1,
+ .name = TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+ .id = TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+ .algorithm_mkey = SSL_kPSK,
+ .algorithm_auth = SSL_aPSK,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
},
/* Cipher 8C */
{
- 1,
- TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
- TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+ .id = TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+ .algorithm_mkey = SSL_kPSK,
+ .algorithm_auth = SSL_aPSK,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 8D */
{
- 1,
- TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
- TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+ .id = TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+ .algorithm_mkey = SSL_kPSK,
+ .algorithm_auth = SSL_aPSK,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
#endif /* OPENSSL_NO_PSK */
@@ -1330,595 +1333,595 @@ SSL_CIPHER ssl3_ciphers[] = {
/* Cipher 9C */
{
- 1,
- TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 9D */
{
- 1,
- TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kRSA,
- SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher 9E */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
- SSL_aRSA,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher 9F */
{
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
- SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher A0 */
{
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 0,
+ .name = TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher A1 */
{
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kDHr,
- SSL_aDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 0,
+ .name = TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kDHr,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher A2 */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
- SSL_aDSS,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher A3 */
{
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
- SSL_aDSS,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aDSS,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher A4 */
{
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 0,
+ .name = TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher A5 */
{
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
- SSL_kDHd,
- SSL_aDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 0,
+ .name = TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kDHd,
+ .algorithm_auth = SSL_aDH,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher A6 */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
- SSL_aNULL,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher A7 */
{
- 1,
- TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
- SSL_aNULL,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kEDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
#ifndef OPENSSL_NO_ECDH
/* Cipher C001 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
},
/* Cipher C002 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C003 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
},
/* Cipher C004 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C005 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C006 */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_eNULL,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
},
/* Cipher C007 */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C008 */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
},
/* Cipher C009 */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C00A */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C00B */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+ .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
},
/* Cipher C00C */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+ .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C00D */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+ .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
},
/* Cipher C00E */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C00F */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C010 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_eNULL,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
},
/* Cipher C011 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C012 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
},
/* Cipher C013 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C014 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C015 */
{
- 1,
- TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
- TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kEECDH,
- SSL_aNULL,
- SSL_eNULL,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 0,
- 0,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_eNULL,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 0,
+ .alg_bits = 0,
},
/* Cipher C016 */
{
- 1,
- TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kEECDH,
- SSL_aNULL,
- SSL_RC4,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_RC4,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_MEDIUM,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C017 */
{
- 1,
- TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
- SSL_aNULL,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
- 168,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_3DES,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 168,
+ .alg_bits = 168,
},
/* Cipher C018 */
{
- 1,
- TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
- SSL_aNULL,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C019 */
{
- 1,
- TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
- SSL_aNULL,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aNULL,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA1,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
#endif /* OPENSSL_NO_ECDH */
@@ -1928,326 +1931,326 @@ SSL_CIPHER ssl3_ciphers[] = {
/* Cipher C023 */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C024 */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA384,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C025 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C026 */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA384,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C027 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C028 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+ .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA384,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C029 */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
+ .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES128,
+ .algorithm_mac = SSL_SHA256,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C02A */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
+ .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES256,
+ .algorithm_mac = SSL_SHA384,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C02B */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C02C */
{
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aECDSA,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C02D */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C02E */
{
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kECDHe,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C02F */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C030 */
{
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kEECDH,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
/* Cipher C031 */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
- 128,
- 128,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+ .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ .strength_bits = 128,
+ .alg_bits = 128,
},
/* Cipher C032 */
{
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
- 256,
- 256,
+ .valid = 1,
+ .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+ .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kECDHr,
+ .algorithm_auth = SSL_aECDH,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_2,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ .strength_bits = 256,
+ .alg_bits = 256,
},
#endif /* OPENSSL_NO_ECDH */
#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
- {
- 1,
- "GOST-MD5",
- 0x0300ff00,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_MD5,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256,
- },
- {
- 1,
- "GOST-GOST94",
- 0x0300ff01,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256
- },
- {
- 1,
- "GOST-GOST89MAC",
- 0x0300ff02,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 256,
- 256
- },
- {
- 1,
- "GOST-GOST89STREAM",
- 0x0300ff03,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
- 256,
- 256
+ /* Cipher FF00 */
+ {
+ .valid = 1,
+ .name = "GOST-MD5",
+ .id = 0x0300ff00,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eGOST2814789CNT,
+ .algorithm_mac = SSL_MD5,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+ {
+ .valid = 1,
+ .name = "GOST-GOST94",
+ .id = 0x0300ff01,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eGOST2814789CNT,
+ .algorithm_mac = SSL_GOST94,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256
+ },
+ {
+ .valid = 1,
+ .name = "GOST-GOST89MAC",
+ .id = 0x0300ff02,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eGOST2814789CNT,
+ .algorithm_mac = SSL_GOST89MAC,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ .strength_bits = 256,
+ .alg_bits = 256
+ },
+ {
+ .valid = 1,
+ .name = "GOST-GOST89STREAM",
+ .id = 0x0300ff03,
+ .algorithm_mkey = SSL_kRSA,
+ .algorithm_auth = SSL_aRSA,
+ .algorithm_enc = SSL_eGOST2814789CNT,
+ .algorithm_mac = SSL_GOST89MAC,
+ .algorithm_ssl = SSL_TLSV1,
+ .algo_strength = SSL_NOT_EXP|SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|
+ TLS1_STREAM_MAC,
+ .strength_bits = 256,
+ .alg_bits = 256
},
#endif
-
-/* end of list */
+ /* end of list */
};
SSL3_ENC_METHOD SSLv3_enc_data = {