diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-23 16:33:35 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-23 16:33:35 +0000 |
commit | 0e587a35e0237ed126ccc22143cb6e3af00b714d (patch) | |
tree | a8feac048f08fa810068cba5c71640ccf066ccdc /lib/libssl | |
parent | 0fad6330c64d44506f56040f61c9c93dce928fd0 (diff) |
Clean up the SSL cipher initialisation and use C99 initialisers for
clarity, grepability and to protect from future field reordering/removal.
ok miod@
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/s3_lib.c | 3421 |
1 files changed, 1712 insertions, 1709 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 0bb74760f2d..f14cbd0c99c 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -168,725 +168,725 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; /* list of available SSLv3 ciphers (sorted by id) */ SSL_CIPHER ssl3_ciphers[] = { -/* The RSA ciphers */ -/* Cipher 01 */ - { - 1, - SSL3_TXT_RSA_NULL_MD5, - SSL3_CK_RSA_NULL_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - -/* Cipher 02 */ - { - 1, - SSL3_TXT_RSA_NULL_SHA, - SSL3_CK_RSA_NULL_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, - }, - -/* Cipher 03 */ - { - 1, - SSL3_TXT_RSA_RC4_40_MD5, - SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 04 */ - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 05 */ - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 06 */ - { - 1, - SSL3_TXT_RSA_RC2_40_MD5, - SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 07 */ + /* The RSA ciphers */ + /* Cipher 01 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_NULL_MD5, + .id = SSL3_CK_RSA_NULL_MD5, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, + + /* Cipher 02 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_NULL_SHA, + .id = SSL3_CK_RSA_NULL_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, + + /* Cipher 03 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_RC4_40_MD5, + .id = SSL3_CK_RSA_RC4_40_MD5, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 128, + }, + + /* Cipher 04 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_RC4_128_MD5, + .id = SSL3_CK_RSA_RC4_128_MD5, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher 05 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_RC4_128_SHA, + .id = SSL3_CK_RSA_RC4_128_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher 06 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_RC2_40_MD5, + .id = SSL3_CK_RSA_RC2_40_MD5, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC2, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 128, + }, + + /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = SSL3_TXT_RSA_IDEA_128_SHA, + .id = SSL3_CK_RSA_IDEA_128_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_IDEA, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, #endif -/* Cipher 08 */ - { - 1, - SSL3_TXT_RSA_DES_40_CBC_SHA, - SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 09 */ - { - 1, - SSL3_TXT_RSA_DES_64_CBC_SHA, - SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 0A */ - { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, - SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, - }, - -/* The DH ciphers */ -/* Cipher 0B */ - { - 0, - SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 0C */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 0D */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, - }, - -/* Cipher 0E */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 0F */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 10 */ - { - 0, /* not implemented (non-ephemeral DH) */ - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, - }, - -/* The Ephemeral DH ciphers */ -/* Cipher 11 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 12 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, - SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 13 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, - SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, - }, - -/* Cipher 14 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 56, - }, - -/* Cipher 15 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, - SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 16 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, - SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, - }, - -/* Cipher 17 */ - { - 1, - SSL3_TXT_ADH_RC4_40_MD5, - SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 18 */ - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 19 */ - { - 1, - SSL3_TXT_ADH_DES_40_CBC_SHA, - SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 40, - 128, - }, - -/* Cipher 1A */ - { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 56, - 56, - }, - -/* Cipher 1B */ - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, - }, - -/* New AES ciphersuites */ -/* Cipher 2F */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 30 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - TLS1_CK_DH_DSS_WITH_AES_128_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 31 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - TLS1_CK_DH_RSA_WITH_AES_128_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 32 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 33 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, -/* Cipher 34 */ - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - -/* Cipher 35 */ - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, -/* Cipher 36 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - TLS1_CK_DH_DSS_WITH_AES_256_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - -/* Cipher 37 */ - { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - TLS1_CK_DH_RSA_WITH_AES_256_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - -/* Cipher 38 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - -/* Cipher 39 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + /* Cipher 08 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_DES_40_CBC_SHA, + .id = SSL3_CK_RSA_DES_40_CBC_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 56, + }, + + /* Cipher 09 */ + { + .valid = 1, + .name = SSL3_TXT_RSA_DES_64_CBC_SHA, + .id = SSL3_CK_RSA_DES_64_CBC_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 56, + .alg_bits = 56, + }, + + /* Cipher 0A */ + { + .valid = 1, + .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, + .id = SSL3_CK_RSA_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, + }, + + /* The DH ciphers */ + /* Cipher 0B */ + { + .valid = 0, + .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, + .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 56, + }, + + /* Cipher 0C */ + { + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = SSL3_TXT_DH_DSS_DES_64_CBC_SHA, + .id = SSL3_CK_DH_DSS_DES_64_CBC_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 56, + .alg_bits = 56, + }, + + /* Cipher 0D */ + { + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, + .id = SSL3_CK_DH_DSS_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, + }, + + /* Cipher 0E */ + { + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = SSL3_TXT_DH_RSA_DES_40_CBC_SHA, + .id = SSL3_CK_DH_RSA_DES_40_CBC_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 56, + }, + + /* Cipher 0F */ + { + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = SSL3_TXT_DH_RSA_DES_64_CBC_SHA, + .id = SSL3_CK_DH_RSA_DES_64_CBC_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 56, + .alg_bits = 56, + }, + + /* Cipher 10 */ + { + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, + .id = SSL3_CK_DH_RSA_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, + }, + + /* The Ephemeral DH ciphers */ + /* Cipher 11 */ + { + .valid = 1, + .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, + .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 56, + }, + + /* Cipher 12 */ + { + .valid = 1, + .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, + .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 56, + .alg_bits = 56, + }, + + /* Cipher 13 */ + { + .valid = 1, + .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, + .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, + }, + + /* Cipher 14 */ + { + .valid = 1, + .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, + .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 56, + }, + + /* Cipher 15 */ + { + .valid = 1, + .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, + .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 56, + .alg_bits = 56, + }, + + /* Cipher 16 */ + { + .valid = 1, + .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, + .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, + }, + + /* Cipher 17 */ + { + .valid = 1, + .name = SSL3_TXT_ADH_RC4_40_MD5, + .id = SSL3_CK_ADH_RC4_40_MD5, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 128, + }, + + /* Cipher 18 */ + { + .valid = 1, + .name = SSL3_TXT_ADH_RC4_128_MD5, + .id = SSL3_CK_ADH_RC4_128_MD5, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher 19 */ + { + .valid = 1, + .name = SSL3_TXT_ADH_DES_40_CBC_SHA, + .id = SSL3_CK_ADH_DES_40_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_EXPORT|SSL_EXP40, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 40, + .alg_bits = 128, + }, + + /* Cipher 1A */ + { + .valid = 1, + .name = SSL3_TXT_ADH_DES_64_CBC_SHA, + .id = SSL3_CK_ADH_DES_64_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 56, + .alg_bits = 56, + }, + + /* Cipher 1B */ + { + .valid = 1, + .name = SSL3_TXT_ADH_DES_192_CBC_SHA, + .id = SSL3_CK_ADH_DES_192_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, + }, + + /* New AES ciphersuites */ + /* Cipher 2F */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_128_SHA, + .id = TLS1_CK_RSA_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + /* Cipher 30 */ + { + .valid = 0, + .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA, + .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + /* Cipher 31 */ + { + .valid = 0, + .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA, + .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + /* Cipher 32 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, + .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + /* Cipher 33 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + /* Cipher 34 */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_128_SHA, + .id = TLS1_CK_ADH_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher 35 */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_256_SHA, + .id = TLS1_CK_RSA_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + /* Cipher 36 */ + { + .valid = 0, + .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA, + .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher 37 */ + { + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA, + .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher 38 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, + .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher 39 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 3A */ { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_256_SHA, + .id = TLS1_CK_ADH_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* TLS v1.2 ciphersuites */ /* Cipher 3B */ { - 1, - TLS1_TXT_RSA_WITH_NULL_SHA256, - TLS1_CK_RSA_WITH_NULL_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_NULL_SHA256, + .id = TLS1_CK_RSA_WITH_NULL_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, }, /* Cipher 3C */ { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA256, - TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 3D */ { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA256, - TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, + .id = TLS1_CK_RSA_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 3E */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, + .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 3F */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 40 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, + .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, #ifndef OPENSSL_NO_CAMELLIA @@ -894,271 +894,273 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher 41 */ { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 42 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 43 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 44 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 45 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 46 */ { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, #endif /* OPENSSL_NO_CAMELLIA */ /* TLS v1.2 ciphersuites */ /* Cipher 67 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 68 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, - TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, + .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 69 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, - TLS1_CK_DH_RSA_WITH_AES_256_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, + .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 6A */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, + .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 6B */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 6C */ { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA256, - TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, + .id = TLS1_CK_ADH_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 6D */ { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA256, - TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, + .id = TLS1_CK_ADH_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* GOST Ciphersuites */ { - 1, - "GOST94-GOST89-GOST89", - 0x3000080, - SSL_kGOST, - SSL_aGOST94, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST2001-GOST89-GOST89", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, - 256, - 256 - }, - { - 1, - "GOST94-NULL-GOST94", - 0x3000082, - SSL_kGOST, - SSL_aGOST94, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - 0, - 0 - }, - { - 1, - "GOST2001-NULL-GOST94", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - 0, - 0 + .valid = 1, + .name = "GOST94-GOST89-GOST89", + .id = 0x3000080, + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST94, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST89MAC, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| + TLS1_STREAM_MAC, + .strength_bits = 256, + .alg_bits = 256 + }, + { + .valid = 1, + .name = "GOST2001-GOST89-GOST89", + .id = 0x3000081, + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST01, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST89MAC, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| + TLS1_STREAM_MAC, + .strength_bits = 256, + .alg_bits = 256 + }, + { + .valid = 1, + .name = "GOST94-NULL-GOST94", + .id = 0x3000082, + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST94, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_GOST94, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, + .strength_bits = 0, + .alg_bits = 0 + }, + { + .valid = 1, + .name = "GOST2001-NULL-GOST94", + .id = 0x3000083, + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST01, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_GOST94, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, + .strength_bits = 0, + .alg_bits = 0 }, #ifndef OPENSSL_NO_CAMELLIA @@ -1166,163 +1168,164 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher 84 */ { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, + /* Cipher 85 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 86 */ { - 0, /* not implemented (non-ephemeral DH) */ - TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 0, /* not implemented (non-ephemeral DH) */ + .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 87 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 88 */ { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 89 */ { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, #endif /* OPENSSL_NO_CAMELLIA */ #ifndef OPENSSL_NO_PSK /* Cipher 8A */ { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_PSK_WITH_RC4_128_SHA, + .id = TLS1_CK_PSK_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kPSK, + .algorithm_auth = SSL_aPSK, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 8B */ { - 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + .valid = 1, + .name = TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + .id = TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, + .algorithm_mkey = SSL_kPSK, + .algorithm_auth = SSL_aPSK, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, }, /* Cipher 8C */ { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kPSK, + .algorithm_auth = SSL_aPSK, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 8D */ { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kPSK, + .algorithm_auth = SSL_aPSK, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, #endif /* OPENSSL_NO_PSK */ @@ -1330,595 +1333,595 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher 9C */ { - 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 9D */ { - 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher 9E */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher 9F */ { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher A0 */ { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 0, + .name = TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher A1 */ { - 0, - TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHr, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 0, + .name = TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kDHr, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher A2 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aDSS, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher A3 */ { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aDSS, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aDSS, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher A4 */ { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 0, + .name = TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher A5 */ { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHd, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 0, + .name = TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kDHd, + .algorithm_auth = SSL_aDH, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher A6 */ { - 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kEDH, - SSL_aNULL, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher A7 */ { - 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kEDH, - SSL_aNULL, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, + .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, }, /* Cipher C002 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C003 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, }, /* Cipher C004 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C005 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C006 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, }, /* Cipher C007 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C008 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, }, /* Cipher C009 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C00A */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C00B */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, - TLS1_CK_ECDH_RSA_WITH_NULL_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, + .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, }, /* Cipher C00C */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C00D */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, }, /* Cipher C00E */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C00F */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C010 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, }, /* Cipher C011 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C012 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, }, /* Cipher C013 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C014 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C015 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 0, - 0, + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, }, /* Cipher C016 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C017 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 168, - 168, + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 168, + .alg_bits = 168, }, /* Cipher C018 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C019 */ { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kEECDH, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, }, #endif /* OPENSSL_NO_ECDH */ @@ -1928,326 +1931,326 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher C023 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C024 */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA384, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C025 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, + .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C026 */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, + .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA384, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C027 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C028 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA384, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C029 */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C02A */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256, - SSL_SHA384, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, + .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA384, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* GCM based TLS v1.2 ciphersuites from RFC5289 */ /* Cipher C02B */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C02C */ { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C02D */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHe, - SSL_aECDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C02E */ { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHe, - SSL_aECDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kECDHe, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C02F */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C030 */ { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, /* Cipher C031 */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHr, - SSL_aECDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, - 128, - 128, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, }, /* Cipher C032 */ { - 1, - TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHr, - SSL_aECDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, - 256, - 256, + .valid = 1, + .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kECDHr, + .algorithm_auth = SSL_aECDH, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, }, #endif /* OPENSSL_NO_ECDH */ #ifdef TEMP_GOST_TLS -/* Cipher FF00 */ - { - 1, - "GOST-MD5", - 0x0300ff00, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_MD5, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256, - }, - { - 1, - "GOST-GOST94", - 0x0300ff01, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256 - }, - { - 1, - "GOST-GOST89MAC", - 0x0300ff02, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 256, - 256 - }, - { - 1, - "GOST-GOST89STREAM", - 0x0300ff03, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, - 256, - 256 + /* Cipher FF00 */ + { + .valid = 1, + .name = "GOST-MD5", + .id = 0x0300ff00, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + { + .valid = 1, + .name = "GOST-GOST94", + .id = 0x0300ff01, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST94, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256 + }, + { + .valid = 1, + .name = "GOST-GOST89MAC", + .id = 0x0300ff02, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST89MAC, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256 + }, + { + .valid = 1, + .name = "GOST-GOST89STREAM", + .id = 0x0300ff03, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST89MAC, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF| + TLS1_STREAM_MAC, + .strength_bits = 256, + .alg_bits = 256 }, #endif - -/* end of list */ + /* end of list */ }; SSL3_ENC_METHOD SSLv3_enc_data = { |