@@ -160,25 +160,25 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 02 */
/* Cipher 02 */
{
{
SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA, SSL_aRSA,
SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA, SSL_aRSA,
SSL_eNULL, SSL_SHA1, SSL_FIPS, SSL_ HANDSHAKE_MAC_DEFAULT, 0, 0,
SSL_eNULL, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, 0, 0,
},
},
/* Cipher 04 */
/* Cipher 04 */
{
{
SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,
SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA,
SSL_RC4, SSL_MD5, SSL_MEDIUM, SSL_ HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_RC4, SSL_MD5, SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
/* Cipher 05 */
/* Cipher 05 */
{
{
SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,
SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA,
SSL_RC4, SSL_SHA1, SSL_MEDIUM, SSL_ HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_RC4, SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
/* Cipher 0A */
/* Cipher 0A */
{
{
SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,
SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA,
SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_aRSA, SSL_3DES, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 112, 168,
SSL_HANDSHAKE_MAC_DEFAULT, 112, 168,
},
},
@@ -188,28 +188,28 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 2F */
/* Cipher 2F */
{
{
TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,
TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA,
SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_aRSA, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
/* Cipher 33 */
/* Cipher 33 */
{
{
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
/* Cipher 35 */
/* Cipher 35 */
{
{
TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,
TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA,
SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_aRSA, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
},
/* Cipher 39 */
/* Cipher 39 */
{
{
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
},
@@ -219,7 +219,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 3C */
/* Cipher 3C */
{
{
TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,
TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,
SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_HIGH | SSL_FIPS,
SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
},
@@ -227,14 +227,14 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,
TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,
SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256,
SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256,
SSL_HIGH | SSL_FIPS, SSL_H ANDSHAKE_MAC_SHA256, 256, 256,
SSL_HANDSHAKE_MAC_SHA256, 256, 256,
},
},
/* Cipher 67 */
/* Cipher 67 */
{
{
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,
SSL_SHA256, SSL_HIGH | SSL_FIPS,
SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
},
@@ -242,7 +242,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,
SSL_SHA256, SSL_HIGH | SSL_FIPS,
SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 256, 256,
SSL_HANDSHAKE_MAC_SHA256, 256, 256,
},
},
@@ -251,21 +251,21 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 8A */
/* Cipher 8A */
{
{
TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_MEDIUM,
SSL_aPSK, SSL_RC4, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
/* Cipher 8C */
/* Cipher 8C */
{
{
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
/* Cipher 8D */
/* Cipher 8D */
{
{
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
},
@@ -275,7 +275,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM,
SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
128, 128,
},
},
@@ -284,7 +284,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM,
SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
256, 256,
},
},
@@ -293,7 +293,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
128, 128,
},
},
@@ -302,7 +302,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
256, 256,
},
},
@@ -311,7 +311,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,
SSL_SHA1, SSL_MEDIUM, SSL_ HANDSHAKE_MAC_DEFAULT, 128,
SSL_SHA1, SSL_HANDSHAKE_MAC_DEFAULT, 128,
128,
128,
},
},
@@ -319,7 +319,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
@@ -327,14 +327,14 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
},
/* Cipher C011 */
/* Cipher C011 */
{
{
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_MEDIUM,
SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
@@ -342,7 +342,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,
SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
@@ -350,7 +350,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,
SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
},
@@ -361,7 +361,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,
SSL_AES128, SSL_SHA256, SSL_HIGH | SSL_FIPS,
SSL_AES128, SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
},
@@ -369,7 +369,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,
SSL_AES256, SSL_SHA384, SSL_HIGH | SSL_FIPS,
SSL_AES256, SSL_SHA384,
SSL_HANDSHAKE_MAC_SHA384, 256, 256,
SSL_HANDSHAKE_MAC_SHA384, 256, 256,
},
},
@@ -377,7 +377,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,
SSL_SHA256, SSL_HIGH | SSL_FIPS,
SSL_SHA256,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
SSL_HANDSHAKE_MAC_SHA256, 128, 128,
},
},
@@ -385,7 +385,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,
SSL_SHA384, SSL_HIGH | SSL_FIPS,
SSL_SHA384,
SSL_HANDSHAKE_MAC_SHA384, 256, 256,
SSL_HANDSHAKE_MAC_SHA384, 256, 256,
},
},
@@ -396,7 +396,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
SSL_AES128GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AES128GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
128, 128,
},
},
@@ -405,7 +405,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
SSL_AES256GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AES256GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
256, 256,
},
},
@@ -414,7 +414,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
SSL_AES128GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AES128GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA256,
128, 128,
128, 128,
},
},
@@ -423,7 +423,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
SSL_AES256GCM, SSL_AEAD, SSL_HIGH | SSL_FIPS,
SSL_AES256GCM, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA384,
SSL_HANDSHAKE_MAC_SHA384,
256, 256,
256, 256,
},
},
@@ -434,7 +434,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
},
},
@@ -442,7 +442,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_HIGH | SSL_FIPS,
SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
},
@@ -452,7 +452,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aRSA,
TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aRSA,
SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_HIGH,
SSL_CHACHA20POLY1305_OLD, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA256,
256, 256,
256, 256,
},
},
@@ -460,7 +460,7 @@ static const SSL_CIPHER kCiphers[] = {
{
{
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aECDSA,
TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, SSL_kECDHE, SSL_aECDSA,
SSL_CHACHA20POLY1305_OLD, SSL_AEAD, SSL_HIGH,
SSL_CHACHA20POLY1305_OLD, SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA256,
256, 256,
256, 256,
},
},
@@ -494,7 +494,6 @@ typedef struct cipher_alias_st {
uint32_t algorithm_auth;
uint32_t algorithm_auth;
uint32_t algorithm_enc;
uint32_t algorithm_enc;
uint32_t algorithm_mac;
uint32_t algorithm_mac;
uint32_t algo_strength;
/* min_version, if non-zero, matches all ciphers which were added in that
/* min_version, if non-zero, matches all ciphers which were added in that
* particular protocol version. */
* particular protocol version. */
@@ -503,7 +502,7 @@ typedef struct cipher_alias_st {
static const CIPHER_ALIAS kCipherAliases[] = {
static const CIPHER_ALIAS kCipherAliases[] = {
/* "ALL" doesn't include eNULL (must be specifically enabled) */
/* "ALL" doesn't include eNULL (must be specifically enabled) */
{"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, 0},
{"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
/* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */
/* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */
@@ -511,59 +510,58 @@ static const CIPHER_ALIAS kCipherAliases[] = {
* (some of those using only a single bit here combine
* (some of those using only a single bit here combine
* multiple key exchange algs according to the RFCs,
* multiple key exchange algs according to the RFCs,
* e.g. kEDH combines DHE_DSS and DHE_RSA) */
* e.g. kEDH combines DHE_DSS and DHE_RSA) */
{"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, ~0u, 0},
{"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, 0},
{"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"DH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
{"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
{"DH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
{"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, ~0u, 0},
{"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, 0},
/* server authentication aliases */
/* server authentication aliases */
{"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, 0},
{"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, 0},
{"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, 0},
{"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, ~0u, 0},
{"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
{"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
{"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
{"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, 0},
/* aliases combining key exchange and server authentication */
/* aliases combining key exchange and server authentication */
{"DHE", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"EDH", SSL_kDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0},
{"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, ~0u, 0},
{"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, 0},
{"DHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
{"EDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
{"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
{"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
{"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, 0},
/* symmetric encryption aliases */
/* symmetric encryption aliases */
{"3DES", ~0u, ~0u, SSL_3DES, ~0u, ~0u, 0},
{"RC4", ~0u, ~0u, SSL_RC4, ~0u, ~0u, 0},
{"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, 0},
{"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, 0},
{"AES", ~0u, ~0u, SSL_AES, ~0u, ~0u, 0},
{"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, 0},
{"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, 0},
{"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0},
{"RC4", ~0u, ~0u, SSL_RC4, ~0u, 0},
{"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0},
{"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
{"AES", ~0u, ~0u, SSL_AES, ~0u, 0},
{"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, 0},
{"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0},
/* MAC aliases */
/* MAC aliases */
{"MD5", ~0u, ~0u, ~0u, SSL_MD5, ~0u, 0},
{"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, 0},
{"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, ~0u, 0},
{"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, ~0u, 0},
{"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, ~0u, 0},
{"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
{"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
{"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
{"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
{"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
/* Legacy protocol minimum version aliases. "TLSv1" is intentionally the
/* Legacy protocol minimum version aliases. "TLSv1" is intentionally the
* same as "SSLv3". */
* same as "SSLv3". */
{"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, SSL3_VERSION},
{"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, SSL3_VERSION},
{"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, ~0u, TLS1_2_VERSION},
/* strength classes */
{"MEDIUM", ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM, 0},
{"HIGH", ~0u, ~0u, ~0u, ~0u, SSL_HIGH, 0},
/* FIPS 140-2 approved ciphersuite */
{"FIPS", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL_FIPS, 0},
{"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
{"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
{"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
/* Legacy strength classes. */
{"MEDIUM", ~0u, ~0u, SSL_RC4, ~0u, 0},
{"HIGH", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
{"FIPS", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
};
};
static const size_t kCipherAliasesLen =
static const size_t kCipherAliasesLen =
@@ -839,20 +837,19 @@ static void ssl_cipher_collect_ciphers(const SSL_PROTOCOL_METHOD *ssl_method,
* - If |cipher_id| is non-zero, only that cipher is selected.
* - If |cipher_id| is non-zero, only that cipher is selected.
* - Otherwise, if |strength_bits| is non-negative, it selects ciphers
* - Otherwise, if |strength_bits| is non-negative, it selects ciphers
* of that strength.
* of that strength.
* - Otherwise, it selects ciphers that match each bitmasks in |alg*| and
* - Otherwise, it selects ciphers that match each bitmasks in |alg_ *| and
* |min_version|. */
* |min_version|. */
static void ssl_cipher_apply_rule(
static void ssl_cipher_apply_rule(
uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth,
uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth,
uint32_t alg_enc, uint32_t alg_mac, uint32_t algo_strength ,
uint16_t min_version, int rule, int strength_bits, int in_group,
CIPHER_ORDER **head_p, CIPHER_ORDER ** tail_p) {
uint32_t alg_enc, uint32_t alg_mac, uint16_t min_version, int rule ,
int strength_bits, int in_group, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p) {
CIPHER_ORDER *head, *tail, *curr, *next, *last;
CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
const SSL_CIPHER *cp;
int reverse = 0;
int reverse = 0;
if (cipher_id == 0 && strength_bits == -1 && min_version == 0 &&
if (cipher_id == 0 && strength_bits == -1 && min_version == 0 &&
(alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0 ||
algo_strength == 0)) {
(alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0)) {
/* The rule matches nothing, so bail early. */
/* The rule matches nothing, so bail early. */
return;
return;
}
}
@@ -901,7 +898,6 @@ static void ssl_cipher_apply_rule(
!(alg_auth & cp->algorithm_auth) ||
!(alg_auth & cp->algorithm_auth) ||
!(alg_enc & cp->algorithm_enc) ||
!(alg_enc & cp->algorithm_enc) ||
!(alg_mac & cp->algorithm_mac) ||
!(alg_mac & cp->algorithm_mac) ||
!(algo_strength & cp->algo_strength) ||
(min_version != 0 &&
(min_version != 0 &&
SSL_CIPHER_get_min_version(cp) != min_version)) {
SSL_CIPHER_get_min_version(cp) != min_version)) {
continue;
continue;
@@ -997,8 +993,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
/* Go through the list of used strength_bits values in descending order. */
/* Go through the list of used strength_bits values in descending order. */
for (i = max_strength_bits; i >= 0; i--) {
for (i = max_strength_bits; i >= 0; i--) {
if (number_uses[i] > 0) {
if (number_uses[i] > 0) {
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p,
tail_p);
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, tail_p);
}
}
}
}
@@ -1010,7 +1005,7 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
const char *rule_str,
const char *rule_str,
CIPHER_ORDER **head_p,
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p) {
CIPHER_ORDER **tail_p) {
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength ;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
uint16_t min_version;
uint16_t min_version;
const char *l, *buf;
const char *l, *buf;
int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0;
int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0;
@@ -1094,7 +1089,6 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
alg_auth = ~0u;
alg_auth = ~0u;
alg_enc = ~0u;
alg_enc = ~0u;
alg_mac = ~0u;
alg_mac = ~0u;
algo_strength = ~0u;
min_version = 0;
min_version = 0;
skip_rule = 0;
skip_rule = 0;
@@ -1140,7 +1134,6 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
alg_auth &= kCipherAliases[j].algorithm_auth;
alg_auth &= kCipherAliases[j].algorithm_auth;
alg_enc &= kCipherAliases[j].algorithm_enc;
alg_enc &= kCipherAliases[j].algorithm_enc;
alg_mac &= kCipherAliases[j].algorithm_mac;
alg_mac &= kCipherAliases[j].algorithm_mac;
algo_strength &= kCipherAliases[j].algo_strength;
if (min_version != 0 &&
if (min_version != 0 &&
min_version != kCipherAliases[j].min_version) {
min_version != kCipherAliases[j].min_version) {
@@ -1185,8 +1178,7 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
}
}
} else if (!skip_rule) {
} else if (!skip_rule) {
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac,
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac,
algo_strength, min_version, rule, -1, in_group,
head_p, tail_p);
min_version, rule, -1, in_group, head_p, tail_p);
}
}
}
}
@@ -1232,56 +1224,56 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method,
/* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other
/* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other
* key exchange mechanisms */
* key exchange mechanisms */
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, ~0u, 0, CIPHER_ADD,
-1, 0, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1,
0, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1,
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, 0, CIPHER_ADD, -1,
0, &head, &tail);
0, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0,
&head, &tail);
/* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer
/* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer
* CHACHA20 unless there is hardware support for fast and constant-time
* CHACHA20 unless there is hardware support for fast and constant-time
* AES_GCM. */
* AES_GCM. */
if (EVP_has_aes_hardware()) {
if (EVP_has_aes_hardware()) {
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, 0, CIPHER_ADD,
-1, 0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, 0, CIPHER_ADD,
-1, 0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, 0,
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
CIPHER_ADD, -1, 0, &head, &tail);
CIPHER_ADD, -1, 0, &head, &tail);
} else {
} else {
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, ~0u, 0,
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
CIPHER_ADD, -1, 0, &head, &tail);
CIPHER_ADD, -1, 0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, ~0u, 0, CIPHER_ADD,
-1, 0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, ~0u, 0, CIPHER_ADD,
-1, 0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
}
}
/* Then the legacy non-AEAD ciphers: AES_256_CBC, AES-128_CBC, RC4_128_SHA,
/* Then the legacy non-AEAD ciphers: AES_256_CBC, AES-128_CBC, RC4_128_SHA,
* RC4_128_MD5, 3DES_EDE_CBC_SHA. */
* RC4_128_MD5, 3DES_EDE_CBC_SHA. */
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, ~0u, 0, CIPHER_ADD, -1,
0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, ~0u, 0, CIPHER_ADD, -1,
0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, ~0u, 0, CIPHER_ADD,
-1, 0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, ~0u, 0, CIPHER_ADD, -1,
0, &head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, 0, CIPHER_ADD, -1, 0,
&head, &tail);
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head,
&tail);
/* Temporarily enable everything else for sorting */
/* Temporarily enable everything else for sorting */
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
&head, &tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head,
&tail);
/* Move ciphers without forward secrecy to the end. */
/* Move ciphers without forward secrecy to the end. */
ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, ~0u, 0,
ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, 0,
CIPHER_ORD, -1, 0, &head, &tail);
CIPHER_ORD, -1, 0, &head, &tail);
/* Now disable everything (maintaining the ordering!) */
/* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0,
&head, & tail);
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0, &head,
&tail);
/* If the rule_string begins with DEFAULT, apply the default rule before
/* If the rule_string begins with DEFAULT, apply the default rule before
* using the (possibly available) additional rules. */
* using the (possibly available) additional rules. */