Declare ECDSA key exchange and ciphersuites

Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-17 17:39:04 +02:00
parent 0b03200e96
commit 32ea60a127
4 changed files with 152 additions and 7 deletions

View File

@ -363,6 +363,28 @@
*/ */
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/** /**
* \def POLARSSL_ERROR_STRERROR_BC * \def POLARSSL_ERROR_STRERROR_BC
* *
@ -1419,6 +1441,12 @@
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) ) ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"

View File

@ -119,18 +119,33 @@ extern "C" {
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
@ -146,6 +161,7 @@ typedef enum {
POLARSSL_KEY_EXCHANGE_RSA, POLARSSL_KEY_EXCHANGE_RSA,
POLARSSL_KEY_EXCHANGE_DHE_RSA, POLARSSL_KEY_EXCHANGE_DHE_RSA,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_KEY_EXCHANGE_PSK,
POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_KEY_EXCHANGE_DHE_PSK,
POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_KEY_EXCHANGE_RSA_PSK,

View File

@ -40,34 +40,44 @@
static const int ciphersuite_preference[] = static const int ciphersuite_preference[] =
{ {
/* All AES-256 ephemeral suites */ /* All AES-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
/* All CAMELLIA-256 ephemeral suites */ /* All CAMELLIA-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All AES-128 ephemeral suites */ /* All AES-128 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
/* All CAMELLIA-128 ephemeral suites */ /* All CAMELLIA-128 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
/* All remaining > 128-bit ephemeral suites */ /* All remaining > 128-bit ephemeral suites */
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
/* The PSK ephemeral suites */ /* The PSK ephemeral suites */
@ -132,6 +142,7 @@ static const int ciphersuite_preference[] =
/* Weak or NULL suites */ /* Weak or NULL suites */
TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256, TLS_RSA_WITH_NULL_SHA256,
TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA,
@ -155,6 +166,90 @@ static int supported_init = 0;
static const ssl_ciphersuite_t ciphersuite_definitions[] = static const ssl_ciphersuite_t ciphersuite_definitions[] =
{ {
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(POLARSSL_AES_C)
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#if defined(POLARSSL_SHA256_C)
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#if defined(POLARSSL_GCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA256_C)
{ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
{ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_SHA512_C */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
@ -746,16 +841,18 @@ const int *ssl_list_ciphersuites( void )
{ {
const int *p = ciphersuite_preference; const int *p = ciphersuite_preference;
int *q = supported_ciphersuites; int *q = supported_ciphersuites;
size_t i;
size_t max = sizeof(supported_ciphersuites) / sizeof(int);
memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) ); memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
while( *p != 0 ) /* Leave room for a final 0 */
for( i = 0; i < max - 1 && p[i] != 0; i++ )
{ {
if( ssl_ciphersuite_from_id( *p ) != NULL ) if( ssl_ciphersuite_from_id( p[i] ) != NULL )
*(q++) = *p; *(q++) = p[i];
p++;
} }
supported_init = 1; supported_init = 1;
} }

View File

@ -1318,6 +1318,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
continue; continue;
#endif #endif
if( ciphersuite_info->key_exchange ==
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
continue;
goto have_ciphersuite; goto have_ciphersuite;
} }
} }
@ -1603,9 +1607,9 @@ static int ssl_write_server_hello( ssl_context *ssl )
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
*p++ = (unsigned char)( ssl->session_negotiate->compression ); *p++ = (unsigned char)( ssl->session_negotiate->compression );
SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: 0x%04X",
ssl->session_negotiate->ciphersuite ) ); ssl->session_negotiate->ciphersuite ) );
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
ssl->session_negotiate->compression ) ); ssl->session_negotiate->compression ) );
/* /*