From 645ce3a2b4e21a1f4bead300b3ebe18d16b0ea68 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 31 Oct 2012 12:32:41 +0000 Subject: [PATCH] - Moved ciphersuite naming scheme to IANA reserved names --- ChangeLog | 1 + include/polarssl/config.h | 76 +++-- include/polarssl/ssl.h | 60 ++-- library/ssl_cli.c | 56 ++-- library/ssl_srv.c | 48 +-- library/ssl_tls.c | 514 +++++++++++++++++---------------- programs/ssl/ssl_client1.c | 2 - programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_fork_server.c | 41 --- programs/ssl/ssl_mail_client.c | 6 +- programs/ssl/ssl_server.c | 86 ------ programs/ssl/ssl_server2.c | 92 +++++- tests/compat.sh | 72 ++--- 13 files changed, 524 insertions(+), 534 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae404d844..e59e4dec8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,7 @@ Changes in SSL/TLS * Revamped x509_verify() and the SSL f_vrfy callback implementations * Moved from unsigned long to fixed width uint32_t types throughout code + * Renamed ciphersuites naming scheme to IANA reserved names Bugfix * Fixed handling error in mpi_cmp_mpi() on longer B values (found by diff --git a/include/polarssl/config.h b/include/polarssl/config.h index c251eab70..09b10c293 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -137,9 +137,9 @@ * * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable * the following ciphersuites: - * SSL_RSA_NULL_MD5 - * SSL_RSA_NULL_SHA - * SSL_RSA_NULL_SHA256 + * TLS_RSA_WITH_NULL_MD5 + * TLS_RSA_WITH_NULL_SHA + * TLS_RSA_WITH_NULL_SHA256 * * Uncomment this macro to enable the NULL cipher and ciphersuites #define POLARSSL_CIPHER_NULL_CIPHER @@ -148,13 +148,13 @@ /** * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES * - * Enable weak ciphersuites in SSL / TLS (like RC4_40) + * Enable weak ciphersuites in SSL / TLS * Warning: Only do so when you know what you are doing. This allows for * channels without virtually no security at all! * * This enables the following ciphersuites: - * SSL_RSA_DES_SHA - * SSL_EDH_RSA_DES_SHA + * TLS_RSA_WITH_DES_CBC_SHA + * TLS_DHE_RSA_WITH_DES_CBC_SHA * * Uncomment this macro to enable weak ciphersuites #define POLARSSL_ENABLE_WEAK_CIPHERSUITES @@ -282,10 +282,18 @@ * library/pem.c * library/ctr_drbg.c * - * This module enables the following ciphersuites: - * SSL_RSA_AES_128_SHA - * SSL_RSA_AES_256_SHA - * SSL_EDH_RSA_AES_256_SHA + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * TLS_RSA_WITH_AES_128_CBC_SHA + * TLS_RSA_WITH_AES_256_CBC_SHA + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * TLS_RSA_WITH_AES_128_CBC_SHA256 + * TLS_RSA_WITH_AES_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * TLS_RSA_WITH_AES_128_GCM_SHA256 + * TLS_RSA_WITH_AES_256_GCM_SHA384 */ #define POLARSSL_AES_C @@ -298,8 +306,8 @@ * Caller: library/ssl_tls.c * * This module enables the following ciphersuites: - * SSL_RSA_RC4_128_MD5 - * SSL_RSA_RC4_128_SHA + * TLS_RSA_WITH_RC4_128_MD5 + * TLS_RSA_WITH_RC4_128_SHA */ #define POLARSSL_ARC4_C @@ -366,10 +374,16 @@ * Module: library/camellia.c * Caller: library/ssl_tls.c * - * This module enabled the following cipher suites: - * SSL_RSA_CAMELLIA_128_SHA - * SSL_RSA_CAMELLIA_256_SHA - * SSL_EDH_RSA_CAMELLIA_256_SHA + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ #define POLARSSL_CAMELLIA_C @@ -433,9 +447,10 @@ * Module: library/des.c * Caller: library/ssl_tls.c * - * This module enables the following ciphersuites: - * SSL_RSA_DES_168_SHA - * SSL_EDH_RSA_DES_168_SHA + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * TLS_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ #define POLARSSL_DES_C @@ -448,10 +463,20 @@ * Caller: library/ssl_cli.c * library/ssl_srv.c * - * This module enables the following ciphersuites: - * SSL_EDH_RSA_DES_168_SHA - * SSL_EDH_RSA_AES_256_SHA - * SSL_EDH_RSA_CAMELLIA_256_SHA + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * TLS_DHE_RSA_WITH_DES_CBC_SHA + * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ #define POLARSSL_DHM_C @@ -489,6 +514,11 @@ * Module: library/gcm.c * * Requires: POLARSSL_AES_C + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * TLS_RSA_WITH_AES_128_GCM_SHA256 + * TLS_RSA_WITH_AES_256_GCM_SHA384 */ #define POLARSSL_GCM_C diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 8a1c19d8f..c7da8c4d5 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -140,42 +140,42 @@ #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512) /* - * Supported ciphersuites + * Supported ciphersuites (Official IANA names) */ -#define SSL_RSA_NULL_MD5 0x01 /**< Weak! */ -#define SSL_RSA_NULL_SHA 0x02 /**< Weak! */ -#define SSL_RSA_NULL_SHA256 0x3B /**< Weak! */ -#define SSL_RSA_DES_SHA 0x09 /**< Weak! Not in TLS 1.2 */ -#define SSL_EDH_RSA_DES_SHA 0x15 /**< Weak! Not in TLS 1.2 */ +#define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ +#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ +#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ +#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */ +#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */ -#define SSL_RSA_RC4_128_MD5 0x04 -#define SSL_RSA_RC4_128_SHA 0x05 +#define TLS_RSA_WITH_RC4_128_MD5 0x04 +#define TLS_RSA_WITH_RC4_128_SHA 0x05 -#define SSL_RSA_DES_168_SHA 0x0A -#define SSL_EDH_RSA_DES_168_SHA 0x16 +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16 -#define SSL_RSA_AES_128_SHA 0x2F -#define SSL_EDH_RSA_AES_128_SHA 0x33 -#define SSL_RSA_AES_256_SHA 0x35 -#define SSL_EDH_RSA_AES_256_SHA 0x39 -#define SSL_RSA_AES_128_SHA256 0x3C /**< TLS 1.2 */ -#define SSL_RSA_AES_256_SHA256 0x3D /**< TLS 1.2 */ -#define SSL_EDH_RSA_AES_128_SHA256 0x67 /**< TLS 1.2 */ -#define SSL_EDH_RSA_AES_256_SHA256 0x6B /**< TLS 1.2 */ +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 +#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ +#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ -#define SSL_RSA_CAMELLIA_128_SHA 0x41 -#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45 -#define SSL_RSA_CAMELLIA_256_SHA 0x84 -#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 -#define SSL_RSA_CAMELLIA_128_SHA256 0xBA /**< TLS 1.2 */ -#define SSL_EDH_RSA_CAMELLIA_128_SHA256 0xBE /**< TLS 1.2 */ -#define SSL_RSA_CAMELLIA_256_SHA256 0xC0 /**< TLS 1.2 */ -#define SSL_EDH_RSA_CAMELLIA_256_SHA256 0xC4 /**< TLS 1.2 */ +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ -#define SSL_RSA_AES_128_GCM_SHA256 0x9C -#define SSL_RSA_AES_256_GCM_SHA384 0x9D -#define SSL_EDH_RSA_AES_128_GCM_SHA256 0x9E -#define SSL_EDH_RSA_AES_256_GCM_SHA384 0x9F +#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C +#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D +#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 27fc0dc5b..11a7a61fe 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -636,18 +636,18 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); - if( ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_168_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); ssl->state++; @@ -973,18 +973,18 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); - if( ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_168_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); @@ -1108,8 +1108,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) // Certificate Request according to RFC 5246. But OpenSSL only allows // SHA256 and SHA384. Find out why OpenSSL does this. // - if( ssl->session_negotiate->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_negotiate->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { hash_id = SIG_RSA_SHA384; hashlen = 48; @@ -1141,8 +1141,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) // Certificate Request according to RFC 5246. But OpenSSL only allows // SHA256 and SHA384. Find out why OpenSSL does this. // - if( ssl->session_negotiate->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_negotiate->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { ssl->out_msg[4] = SSL_HASH_SHA384; ssl->out_msg[5] = SSL_SIG_RSA; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 584f86869..0e2767735 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -764,18 +764,18 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); - if( ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_168_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 && - ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 && + ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); ssl->state++; @@ -1041,18 +1041,18 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - if( ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_168_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 || - ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b63c7d4c2..04ee6ffa0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -315,8 +315,8 @@ int ssl_derive_keys( ssl_context *ssl ) handshake->calc_verify = ssl_calc_verify_tls; handshake->calc_finished = ssl_calc_finished_tls; } - else if( session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 || - session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + else if( session->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || + session->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; @@ -390,61 +390,61 @@ int ssl_derive_keys( ssl_context *ssl ) switch( session->ciphersuite ) { #if defined(POLARSSL_ARC4_C) - case SSL_RSA_RC4_128_MD5: + case TLS_RSA_WITH_RC4_128_MD5: transform->keylen = 16; transform->minlen = 16; transform->ivlen = 0; transform->maclen = 16; break; - case SSL_RSA_RC4_128_SHA: + case TLS_RSA_WITH_RC4_128_SHA: transform->keylen = 16; transform->minlen = 20; transform->ivlen = 0; transform->maclen = 20; break; #endif #if defined(POLARSSL_DES_C) - case SSL_RSA_DES_168_SHA: - case SSL_EDH_RSA_DES_168_SHA: + case TLS_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: transform->keylen = 24; transform->minlen = 24; transform->ivlen = 8; transform->maclen = 20; break; #endif #if defined(POLARSSL_AES_C) - case SSL_RSA_AES_128_SHA: - case SSL_EDH_RSA_AES_128_SHA: + case TLS_RSA_WITH_AES_128_CBC_SHA: + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: transform->keylen = 16; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 20; break; - case SSL_RSA_AES_256_SHA: - case SSL_EDH_RSA_AES_256_SHA: + case TLS_RSA_WITH_AES_256_CBC_SHA: + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: transform->keylen = 32; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 20; break; #if defined(POLARSSL_SHA2_C) - case SSL_RSA_AES_128_SHA256: - case SSL_EDH_RSA_AES_128_SHA256: + case TLS_RSA_WITH_AES_128_CBC_SHA256: + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: transform->keylen = 16; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 32; break; - case SSL_RSA_AES_256_SHA256: - case SSL_EDH_RSA_AES_256_SHA256: + case TLS_RSA_WITH_AES_256_CBC_SHA256: + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: transform->keylen = 32; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 32; break; #endif #if defined(POLARSSL_GCM_C) - case SSL_RSA_AES_128_GCM_SHA256: - case SSL_EDH_RSA_AES_128_GCM_SHA256: + case TLS_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: transform->keylen = 16; transform->minlen = 1; transform->ivlen = 12; transform->maclen = 0; transform->fixed_ivlen = 4; break; - case SSL_RSA_AES_256_GCM_SHA384: - case SSL_EDH_RSA_AES_256_GCM_SHA384: + case TLS_RSA_WITH_AES_256_GCM_SHA384: + case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: transform->keylen = 32; transform->minlen = 1; transform->ivlen = 12; transform->maclen = 0; transform->fixed_ivlen = 4; @@ -453,27 +453,27 @@ int ssl_derive_keys( ssl_context *ssl ) #endif #if defined(POLARSSL_CAMELLIA_C) - case SSL_RSA_CAMELLIA_128_SHA: - case SSL_EDH_RSA_CAMELLIA_128_SHA: + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: transform->keylen = 16; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 20; break; - case SSL_RSA_CAMELLIA_256_SHA: - case SSL_EDH_RSA_CAMELLIA_256_SHA: + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: transform->keylen = 32; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 20; break; #if defined(POLARSSL_SHA2_C) - case SSL_RSA_CAMELLIA_128_SHA256: - case SSL_EDH_RSA_CAMELLIA_128_SHA256: + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: transform->keylen = 16; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 32; break; - case SSL_RSA_CAMELLIA_256_SHA256: - case SSL_EDH_RSA_CAMELLIA_256_SHA256: + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: transform->keylen = 32; transform->minlen = 32; transform->ivlen = 16; transform->maclen = 32; break; @@ -482,25 +482,25 @@ int ssl_derive_keys( ssl_context *ssl ) #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) #if defined(POLARSSL_CIPHER_NULL_CIPHER) - case SSL_RSA_NULL_MD5: + case TLS_RSA_WITH_NULL_MD5: transform->keylen = 0; transform->minlen = 0; transform->ivlen = 0; transform->maclen = 16; break; - case SSL_RSA_NULL_SHA: + case TLS_RSA_WITH_NULL_SHA: transform->keylen = 0; transform->minlen = 0; transform->ivlen = 0; transform->maclen = 20; break; - case SSL_RSA_NULL_SHA256: + case TLS_RSA_WITH_NULL_SHA256: transform->keylen = 0; transform->minlen = 0; transform->ivlen = 0; transform->maclen = 32; break; #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ #if defined(POLARSSL_DES_C) - case SSL_RSA_DES_SHA: - case SSL_EDH_RSA_DES_SHA: + case TLS_RSA_WITH_DES_CBC_SHA: + case TLS_DHE_RSA_WITH_DES_CBC_SHA: transform->keylen = 8; transform->minlen = 8; transform->ivlen = 8; transform->maclen = 20; break; @@ -577,8 +577,8 @@ int ssl_derive_keys( ssl_context *ssl ) switch( session->ciphersuite ) { #if defined(POLARSSL_ARC4_C) - case SSL_RSA_RC4_128_MD5: - case SSL_RSA_RC4_128_SHA: + case TLS_RSA_WITH_RC4_128_MD5: + case TLS_RSA_WITH_RC4_128_SHA: arc4_setup( (arc4_context *) transform->ctx_enc, key1, transform->keylen ); arc4_setup( (arc4_context *) transform->ctx_dec, key2, @@ -587,39 +587,39 @@ int ssl_derive_keys( ssl_context *ssl ) #endif #if defined(POLARSSL_DES_C) - case SSL_RSA_DES_168_SHA: - case SSL_EDH_RSA_DES_168_SHA: + case TLS_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 ); des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 ); break; #endif #if defined(POLARSSL_AES_C) - case SSL_RSA_AES_128_SHA: - case SSL_EDH_RSA_AES_128_SHA: - case SSL_RSA_AES_128_SHA256: - case SSL_EDH_RSA_AES_128_SHA256: + case TLS_RSA_WITH_AES_128_CBC_SHA: + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: + case TLS_RSA_WITH_AES_128_CBC_SHA256: + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 ); aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 ); break; - case SSL_RSA_AES_256_SHA: - case SSL_EDH_RSA_AES_256_SHA: - case SSL_RSA_AES_256_SHA256: - case SSL_EDH_RSA_AES_256_SHA256: + case TLS_RSA_WITH_AES_256_CBC_SHA: + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: + case TLS_RSA_WITH_AES_256_CBC_SHA256: + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 ); aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 ); break; #if defined(POLARSSL_GCM_C) - case SSL_RSA_AES_128_GCM_SHA256: - case SSL_EDH_RSA_AES_128_GCM_SHA256: + case TLS_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 ); gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 ); break; - case SSL_RSA_AES_256_GCM_SHA384: - case SSL_EDH_RSA_AES_256_GCM_SHA384: + case TLS_RSA_WITH_AES_256_GCM_SHA384: + case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 ); gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 ); break; @@ -627,18 +627,18 @@ int ssl_derive_keys( ssl_context *ssl ) #endif #if defined(POLARSSL_CAMELLIA_C) - case SSL_RSA_CAMELLIA_128_SHA: - case SSL_EDH_RSA_CAMELLIA_128_SHA: - case SSL_RSA_CAMELLIA_128_SHA256: - case SSL_EDH_RSA_CAMELLIA_128_SHA256: + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 ); camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 ); break; - case SSL_RSA_CAMELLIA_256_SHA: - case SSL_EDH_RSA_CAMELLIA_256_SHA: - case SSL_RSA_CAMELLIA_256_SHA256: - case SSL_EDH_RSA_CAMELLIA_256_SHA256: + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 ); camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 ); break; @@ -646,15 +646,15 @@ int ssl_derive_keys( ssl_context *ssl ) #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) #if defined(POLARSSL_CIPHER_NULL_CIPHER) - case SSL_RSA_NULL_MD5: - case SSL_RSA_NULL_SHA: - case SSL_RSA_NULL_SHA256: + case TLS_RSA_WITH_NULL_MD5: + case TLS_RSA_WITH_NULL_SHA: + case TLS_RSA_WITH_NULL_SHA256: break; #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ #if defined(POLARSSL_DES_C) - case SSL_RSA_DES_SHA: - case SSL_EDH_RSA_DES_SHA: + case TLS_RSA_WITH_DES_CBC_SHA: + case TLS_DHE_RSA_WITH_DES_CBC_SHA: des_setkey_enc( (des_context *) transform->ctx_enc, key1 ); des_setkey_dec( (des_context *) transform->ctx_dec, key2 ); break; @@ -958,8 +958,8 @@ static int ssl_encrypt_buf( ssl_context *ssl ) ssl->out_msg, ssl->out_msglen ); #if defined(POLARSSL_ARC4_C) - if( ssl->session_out->ciphersuite == SSL_RSA_RC4_128_MD5 || - ssl->session_out->ciphersuite == SSL_RSA_RC4_128_SHA ) + if( ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 || + ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_SHA ) { arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc, ssl->out_msglen, ssl->out_msg, @@ -967,9 +967,9 @@ static int ssl_encrypt_buf( ssl_context *ssl ) } else #endif #if defined(POLARSSL_CIPHER_NULL_CIPHER) - if( ssl->session_out->ciphersuite == SSL_RSA_NULL_MD5 || - ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA || - ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA256 ) + if( ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_MD5 || + ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA || + ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA256 ) { } else #endif @@ -997,10 +997,10 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) - if( ssl->session_out->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 || - ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 || - ssl->session_out->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 || - ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { /* * Generate IV @@ -1116,8 +1116,8 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_DES_C) case 8: #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) - if( ssl->session_out->ciphersuite == SSL_RSA_DES_SHA || - ssl->session_out->ciphersuite == SSL_EDH_RSA_DES_SHA ) + if( ssl->session_out->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ) { des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc, DES_ENCRYPT, enc_msglen, @@ -1133,14 +1133,14 @@ static int ssl_encrypt_buf( ssl_context *ssl ) case 16: #if defined(POLARSSL_AES_C) - if ( ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA || - ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA || - ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA || - ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA || - ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA256 || - ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 || - ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA256 || - ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 ) + if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || + ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || + ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 || + ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ) { aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc, AES_ENCRYPT, enc_msglen, @@ -1150,14 +1150,14 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #endif #if defined(POLARSSL_CAMELLIA_C) - if ( ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA || - ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA || - ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA || - ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA || - ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 || - ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 || - ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 || - ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ) + if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || + ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || + ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || + ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 || + ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ) { camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc, CAMELLIA_ENCRYPT, enc_msglen, @@ -1203,8 +1203,8 @@ static int ssl_decrypt_buf( ssl_context *ssl ) { #if defined(POLARSSL_ARC4_C) padlen = 0; - if( ssl->session_in->ciphersuite == SSL_RSA_RC4_128_MD5 || - ssl->session_in->ciphersuite == SSL_RSA_RC4_128_SHA ) + if( ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 || + ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_SHA ) { arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec, ssl->in_msglen, ssl->in_msg, @@ -1212,9 +1212,9 @@ static int ssl_decrypt_buf( ssl_context *ssl ) } else #endif #if defined(POLARSSL_CIPHER_NULL_CIPHER) - if( ssl->session_in->ciphersuite == SSL_RSA_NULL_MD5 || - ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA || - ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA256 ) + if( ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_MD5 || + ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA || + ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA256 ) { } else #endif @@ -1231,10 +1231,10 @@ static int ssl_decrypt_buf( ssl_context *ssl ) padlen = 0; #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) - if( ssl->session_in->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 || - ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 || - ssl->session_in->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 || - ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); @@ -1323,8 +1323,8 @@ static int ssl_decrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_DES_C) case 8: #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) - if( ssl->session_in->ciphersuite == SSL_RSA_DES_SHA || - ssl->session_in->ciphersuite == SSL_EDH_RSA_DES_SHA ) + if( ssl->session_in->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ) { des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec, DES_DECRYPT, dec_msglen, @@ -1340,14 +1340,14 @@ static int ssl_decrypt_buf( ssl_context *ssl ) case 16: #if defined(POLARSSL_AES_C) - if ( ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA || - ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA || - ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA || - ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA || - ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA256 || - ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 || - ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA256 || - ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 ) + if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || + ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || + ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 || + ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ) { aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec, AES_DECRYPT, dec_msglen, @@ -1357,14 +1357,14 @@ static int ssl_decrypt_buf( ssl_context *ssl ) #endif #if defined(POLARSSL_CAMELLIA_C) - if ( ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA || - ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA || - ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA || - ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA || - ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 || - ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 || - ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 || - ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ) + if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || + ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || + ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || + ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ) { camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec, CAMELLIA_DECRYPT, dec_msglen, @@ -2392,8 +2392,8 @@ void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite ) { if( ssl->minor_ver < SSL_MINOR_VERSION_3 ) ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; - else if ( ciphersuite == SSL_RSA_AES_256_GCM_SHA384 || - ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 ) + else if ( ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || + ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) { ssl->handshake->update_checksum = ssl_update_checksum_sha384; } @@ -2859,6 +2859,8 @@ int ssl_init( ssl_context *ssl ) ssl->min_major_ver = SSL_MAJOR_VERSION_3; ssl->min_minor_ver = SSL_MINOR_VERSION_0; + ssl->ciphersuites = ssl_default_ciphersuites; + #if defined(POLARSSL_DHM_C) if( ( ret = mpi_read_string( &ssl->dhm_P, 16, POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 || @@ -3171,108 +3173,108 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id ) switch( ciphersuite_id ) { #if defined(POLARSSL_ARC4_C) - case SSL_RSA_RC4_128_MD5: - return( "SSL-RSA-RC4-128-MD5" ); + case TLS_RSA_WITH_RC4_128_MD5: + return( "TLS-RSA-WITH-RC4-128-MD5" ); - case SSL_RSA_RC4_128_SHA: - return( "SSL-RSA-RC4-128-SHA" ); + case TLS_RSA_WITH_RC4_128_SHA: + return( "TLS-RSA-WITH-RC4-128-SHA" ); #endif #if defined(POLARSSL_DES_C) - case SSL_RSA_DES_168_SHA: - return( "SSL-RSA-DES-168-SHA" ); + case TLS_RSA_WITH_3DES_EDE_CBC_SHA: + return( "TLS-RSA-WITH-3DES-EDE-CBC-SHA" ); - case SSL_EDH_RSA_DES_168_SHA: - return( "SSL-EDH-RSA-DES-168-SHA" ); + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: + return( "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" ); #endif #if defined(POLARSSL_AES_C) - case SSL_RSA_AES_128_SHA: - return( "SSL-RSA-AES-128-SHA" ); + case TLS_RSA_WITH_AES_128_CBC_SHA: + return( "TLS-RSA-WITH-AES-128-CBC-SHA" ); - case SSL_EDH_RSA_AES_128_SHA: - return( "SSL-EDH-RSA-AES-128-SHA" ); + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: + return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" ); - case SSL_RSA_AES_256_SHA: - return( "SSL-RSA-AES-256-SHA" ); + case TLS_RSA_WITH_AES_256_CBC_SHA: + return( "TLS-RSA-WITH-AES-256-CBC-SHA" ); - case SSL_EDH_RSA_AES_256_SHA: - return( "SSL-EDH-RSA-AES-256-SHA" ); + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: + return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" ); #if defined(POLARSSL_SHA2_C) - case SSL_RSA_AES_128_SHA256: - return( "SSL-RSA-AES-128-SHA256" ); + case TLS_RSA_WITH_AES_128_CBC_SHA256: + return( "TLS-RSA-WITH-AES-128-CBC-SHA256" ); - case SSL_EDH_RSA_AES_128_SHA256: - return( "SSL-EDH-RSA-AES-128-SHA256" ); + case TLS_RSA_WITH_AES_256_CBC_SHA256: + return( "TLS-RSA-WITH-AES-256-CBC-SHA256" ); - case SSL_RSA_AES_256_SHA256: - return( "SSL-RSA-AES-256-SHA256" ); + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: + return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" ); - case SSL_EDH_RSA_AES_256_SHA256: - return( "SSL-EDH-RSA-AES-256-SHA256" ); + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: + return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" ); #endif #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - case SSL_RSA_AES_128_GCM_SHA256: - return( "SSL-RSA-AES-128-GCM-SHA256" ); + case TLS_RSA_WITH_AES_128_GCM_SHA256: + return( "TLS-RSA-WITH-AES-128-GCM-SHA256" ); - case SSL_EDH_RSA_AES_128_GCM_SHA256: - return( "SSL-EDH-RSA-AES-128-GCM-SHA256" ); + case TLS_RSA_WITH_AES_256_GCM_SHA384: + return( "TLS-RSA-WITH-AES-256-GCM-SHA384" ); #endif #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - case SSL_RSA_AES_256_GCM_SHA384: - return( "SSL-RSA-AES-256-GCM-SHA384" ); + case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: + return( "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" ); - case SSL_EDH_RSA_AES_256_GCM_SHA384: - return( "SSL-EDH-RSA-AES-256-GCM-SHA384" ); + case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: + return( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" ); #endif #endif /* POLARSSL_AES_C */ #if defined(POLARSSL_CAMELLIA_C) - case SSL_RSA_CAMELLIA_128_SHA: - return( "SSL-RSA-CAMELLIA-128-SHA" ); + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: + return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" ); - case SSL_EDH_RSA_CAMELLIA_128_SHA: - return( "SSL-EDH-RSA-CAMELLIA-128-SHA" ); + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: + return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" ); - case SSL_RSA_CAMELLIA_256_SHA: - return( "SSL-RSA-CAMELLIA-256-SHA" ); + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: + return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" ); - case SSL_EDH_RSA_CAMELLIA_256_SHA: - return( "SSL-EDH-RSA-CAMELLIA-256-SHA" ); + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: + return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" ); #if defined(POLARSSL_SHA2_C) - case SSL_RSA_CAMELLIA_128_SHA256: - return( "SSL-RSA-CAMELLIA-128-SHA256" ); + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: + return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" ); - case SSL_EDH_RSA_CAMELLIA_128_SHA256: - return( "SSL-EDH-RSA-CAMELLIA-128-SHA256" ); + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: + return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" ); - case SSL_RSA_CAMELLIA_256_SHA256: - return( "SSL-RSA-CAMELLIA-256-SHA256" ); + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: + return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" ); - case SSL_EDH_RSA_CAMELLIA_256_SHA256: - return( "SSL-EDH-RSA-CAMELLIA-256-SHA256" ); + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: + return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" ); #endif #endif #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) #if defined(POLARSSL_CIPHER_NULL_CIPHER) - case SSL_RSA_NULL_MD5: - return( "SSL-RSA-NULL-MD5" ); - case SSL_RSA_NULL_SHA: - return( "SSL-RSA-NULL-SHA" ); - case SSL_RSA_NULL_SHA256: - return( "SSL-RSA-NULL-SHA256" ); + case TLS_RSA_WITH_NULL_MD5: + return( "TLS-RSA-WITH-NULL-MD5" ); + case TLS_RSA_WITH_NULL_SHA: + return( "TLS-RSA-WITH-NULL-SHA" ); + case TLS_RSA_WITH_NULL_SHA256: + return( "TLS-RSA-WITH-NULL-SHA256" ); #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ #if defined(POLARSSL_DES_C) - case SSL_RSA_DES_SHA: - return( "SSL-RSA-DES-SHA" ); - case SSL_EDH_RSA_DES_SHA: - return( "SSL-EDH-RSA-DES-SHA" ); + case TLS_RSA_WITH_DES_CBC_SHA: + return( "TLS-RSA-WITH-DES-CBC-SHA" ); + case TLS_DHE_RSA_WITH_DES_CBC_SHA: + return( "TLS-DHE-RSA-WITH-DES-CBC-SHA" ); #endif #endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ @@ -3286,92 +3288,92 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id ) int ssl_get_ciphersuite_id( const char *ciphersuite_name ) { #if defined(POLARSSL_ARC4_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5")) - return( SSL_RSA_RC4_128_MD5 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA")) - return( SSL_RSA_RC4_128_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-MD5")) + return( TLS_RSA_WITH_RC4_128_MD5 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-SHA")) + return( TLS_RSA_WITH_RC4_128_SHA ); #endif #if defined(POLARSSL_DES_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA")) - return( SSL_RSA_DES_168_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA")) - return( SSL_EDH_RSA_DES_168_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-3DES-EDE-CBC-SHA")) + return( TLS_RSA_WITH_3DES_EDE_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA")) + return( TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ); #endif #if defined(POLARSSL_AES_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA")) - return( SSL_RSA_AES_128_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA")) - return( SSL_EDH_RSA_AES_128_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA")) - return( SSL_RSA_AES_256_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA")) - return( SSL_EDH_RSA_AES_256_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA")) + return( TLS_RSA_WITH_AES_128_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA")) + return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA")) + return( TLS_RSA_WITH_AES_256_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA")) + return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA ); #if defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA256")) - return( SSL_RSA_AES_128_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA256")) - return( SSL_EDH_RSA_AES_128_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA256")) - return( SSL_RSA_AES_256_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA256")) - return( SSL_EDH_RSA_AES_256_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA256")) + return( TLS_RSA_WITH_AES_128_CBC_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA256")) + return( TLS_RSA_WITH_AES_256_CBC_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256")) + return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256")) + return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ); #endif #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-GCM-SHA256")) - return( SSL_RSA_AES_128_GCM_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-GCM-SHA256")) - return( SSL_EDH_RSA_AES_128_GCM_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-GCM-SHA256")) + return( TLS_RSA_WITH_AES_128_GCM_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-GCM-SHA384")) + return( TLS_RSA_WITH_AES_256_GCM_SHA384 ); #endif #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-GCM-SHA384")) - return( SSL_RSA_AES_256_GCM_SHA384 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-GCM-SHA384")) - return( SSL_EDH_RSA_AES_256_GCM_SHA384 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256")) + return( TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384")) + return( TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ); #endif #endif #if defined(POLARSSL_CAMELLIA_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA")) - return( SSL_RSA_CAMELLIA_128_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA")) - return( SSL_EDH_RSA_CAMELLIA_128_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA")) - return( SSL_RSA_CAMELLIA_256_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA")) - return( SSL_EDH_RSA_CAMELLIA_256_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA")) + return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA")) + return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA")) + return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA")) + return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ); #if defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA256")) - return( SSL_RSA_CAMELLIA_128_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA256")) - return( SSL_EDH_RSA_CAMELLIA_128_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA256")) - return( SSL_RSA_CAMELLIA_256_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA256")) - return( SSL_EDH_RSA_CAMELLIA_256_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256")) + return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256")) + return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256")) + return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256")) + return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ); #endif #endif #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) #if defined(POLARSSL_CIPHER_NULL_CIPHER) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-MD5")) - return( SSL_RSA_NULL_MD5 ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA")) - return( SSL_RSA_NULL_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA256")) - return( SSL_RSA_NULL_SHA256 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-MD5")) + return( TLS_RSA_WITH_NULL_MD5 ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA")) + return( TLS_RSA_WITH_NULL_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA256")) + return( TLS_RSA_WITH_NULL_SHA256 ); #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ #if defined(POLARSSL_DES_C) - if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-SHA")) - return( SSL_RSA_DES_SHA ); - if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-SHA")) - return( SSL_EDH_RSA_DES_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-DES-CBC-SHA")) + return( TLS_RSA_WITH_DES_CBC_SHA ); + if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-DES-CBC-SHA")) + return( TLS_DHE_RSA_WITH_DES_CBC_SHA ); #endif #endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ @@ -3418,71 +3420,71 @@ const int ssl_default_ciphersuites[] = #if defined(POLARSSL_DHM_C) #if defined(POLARSSL_AES_C) #if defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_AES_256_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - SSL_EDH_RSA_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, #endif - SSL_EDH_RSA_AES_256_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #if defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_AES_128_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, #endif #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, #endif - SSL_EDH_RSA_AES_128_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, #endif #if defined(POLARSSL_CAMELLIA_C) #if defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_CAMELLIA_256_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ - SSL_EDH_RSA_CAMELLIA_256_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, #if defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_CAMELLIA_128_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ - SSL_EDH_RSA_CAMELLIA_128_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, #endif #if defined(POLARSSL_DES_C) - SSL_EDH_RSA_DES_168_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, #endif #endif #if defined(POLARSSL_AES_C) #if defined(POLARSSL_SHA2_C) - SSL_RSA_AES_256_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - SSL_RSA_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_256_GCM_SHA384, #endif /* POLARSSL_SHA2_C */ - SSL_RSA_AES_256_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, #endif #if defined(POLARSSL_CAMELLIA_C) #if defined(POLARSSL_SHA2_C) - SSL_RSA_CAMELLIA_256_SHA256, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ - SSL_RSA_CAMELLIA_256_SHA, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, #endif #if defined(POLARSSL_AES_C) #if defined(POLARSSL_SHA2_C) - SSL_RSA_AES_128_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - SSL_RSA_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_GCM_SHA256, #endif /* POLARSSL_SHA2_C */ - SSL_RSA_AES_128_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, #endif #if defined(POLARSSL_CAMELLIA_C) #if defined(POLARSSL_SHA2_C) - SSL_RSA_CAMELLIA_128_SHA256, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, #endif /* POLARSSL_SHA2_C */ - SSL_RSA_CAMELLIA_128_SHA, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, #endif #if defined(POLARSSL_DES_C) - SSL_RSA_DES_168_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, #endif #if defined(POLARSSL_ARC4_C) - SSL_RSA_RC4_128_SHA, - SSL_RSA_RC4_128_MD5, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, #endif 0 }; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 3cd05ab52..7631a226b 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -138,8 +138,6 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); - /* * 3. Write the GET request */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 949ef58f5..6e047dcc0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -475,9 +475,7 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); - if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER ) - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); - else + if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_renegotiation( &ssl, opt.renegotiation ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 0ef3cf98c..024277013 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -78,42 +78,6 @@ int main( int argc, char *argv[] ) return( 0 ); } #else -/* - * Computing a "safe" DH-1024 prime can take a very - * long time, so a precomputed value is provided below. - * You may run dh_genprime to generate a new value. - */ -char *my_dhm_P = - "E4004C1F94182000103D883A448B3F80" \ - "2CE4B44A83301270002C20D0321CFD00" \ - "11CCEF784C26A400F43DFB901BCA7538" \ - "F2C6B176001CF5A0FD16D2C48B1D0C1C" \ - "F6AC8E1DA6BCC3B4E1F96B0564965300" \ - "FFA1D0B601EB2800F489AA512C4B248C" \ - "01F76949A60BB7F00A40B1EAB64BDD48" \ - "E8A700D60B7F1200FA8E77B0A979DABF"; - -char *my_dhm_G = "4"; - -/* - * Sorted by order of preference - */ -int my_ciphersuites[] = -{ - SSL_EDH_RSA_AES_256_SHA, - SSL_EDH_RSA_CAMELLIA_256_SHA, - SSL_EDH_RSA_AES_128_SHA, - SSL_EDH_RSA_CAMELLIA_128_SHA, - SSL_EDH_RSA_DES_168_SHA, - SSL_RSA_AES_256_SHA, - SSL_RSA_CAMELLIA_256_SHA, - SSL_RSA_AES_128_SHA, - SSL_RSA_CAMELLIA_128_SHA, - SSL_RSA_DES_168_SHA, - SSL_RSA_RC4_128_SHA, - SSL_RSA_RC4_128_MD5, - 0 -}; #define DEBUG_LEVEL 0 @@ -295,13 +259,8 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); - ssl_set_ciphersuites( &ssl, my_ciphersuites ); - ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); -#if defined(POLARSSL_DHM_C) - ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G ); -#endif /* * 5. Handshake diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index b303df8d0..4eb49e242 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -172,7 +172,7 @@ int do_handshake( ssl_context *ssl, struct options *opt ) printf( " . Peer certificate information ...\n" ); x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", - ssl_get_peer_cert( &ssl ) ); + ssl_get_peer_cert( ssl ) ); printf( "%s\n", buf ); return( 0 ); @@ -588,9 +588,7 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); - if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER ) - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); - else + if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 604612f64..fc1f4ede3 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -54,90 +54,6 @@ "

PolarSSL Test Server

\r\n" \ "

Successful connection using: %s

\r\n" -/* - * Sorted by order of preference - */ -int my_ciphersuites[] = -{ -#if defined(POLARSSL_DHM_C) -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_AES_256_SHA256, - SSL_EDH_RSA_AES_128_SHA256, -#endif /* POLARSSL_SHA2_C */ - SSL_EDH_RSA_AES_256_SHA, - SSL_EDH_RSA_AES_128_SHA, -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - SSL_EDH_RSA_AES_256_GCM_SHA384, -#endif -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_AES_128_GCM_SHA256, -#endif -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - SSL_EDH_RSA_CAMELLIA_256_SHA256, - SSL_EDH_RSA_CAMELLIA_128_SHA256, -#endif /* POLARSSL_SHA2_C */ - SSL_EDH_RSA_CAMELLIA_256_SHA, - SSL_EDH_RSA_CAMELLIA_128_SHA, -#endif -#if defined(POLARSSL_DES_C) - SSL_EDH_RSA_DES_168_SHA, -#endif -#endif - -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - SSL_RSA_AES_256_SHA256, -#endif /* POLARSSL_SHA2_C */ - SSL_RSA_AES_256_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - SSL_RSA_CAMELLIA_256_SHA256, -#endif /* POLARSSL_SHA2_C */ - SSL_RSA_CAMELLIA_256_SHA, -#endif -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - SSL_RSA_AES_128_SHA256, -#endif /* POLARSSL_SHA2_C */ - SSL_RSA_AES_128_SHA, -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - SSL_RSA_AES_256_GCM_SHA384, -#endif -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - SSL_RSA_AES_128_GCM_SHA256, -#endif -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - SSL_RSA_CAMELLIA_128_SHA256, -#endif /* POLARSSL_SHA2_C */ - SSL_RSA_CAMELLIA_128_SHA, -#endif -#if defined(POLARSSL_DES_C) - SSL_RSA_DES_168_SHA, -#endif -#if defined(POLARSSL_ARC4_C) - SSL_RSA_RC4_128_SHA, - SSL_RSA_RC4_128_MD5, -#endif -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_DES_C) - SSL_EDH_RSA_DES_SHA, - SSL_RSA_DES_SHA, -#endif -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - SSL_RSA_NULL_MD5, - SSL_RSA_NULL_SHA, - SSL_RSA_NULL_SHA256, -#endif -#endif - 0 -}; - #define DEBUG_LEVEL 0 void my_debug( void *ctx, int level, const char *str ) @@ -282,8 +198,6 @@ int main( int argc, char *argv[] ) ssl_cache_set, &cache ); #endif - ssl_set_ciphersuites( &ssl, my_ciphersuites ); - ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e2c35e1b..f6cf4870a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -92,6 +92,96 @@ void my_debug( void *ctx, int level, const char *str ) } } +/* + * Sorted by order of preference + */ +int my_ciphersuites[] = +{ +#if defined(POLARSSL_DHM_C) +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, +#endif + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, +#endif +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, +#endif + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, +#endif +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif +#if defined(POLARSSL_DES_C) + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +#endif +#endif + +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) + TLS_RSA_WITH_AES_256_GCM_SHA384, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_AES_256_CBC_SHA, +#endif +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_128_GCM_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_AES_128_CBC_SHA, +#endif +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif +#if defined(POLARSSL_DES_C) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +#endif +#if defined(POLARSSL_ARC4_C) + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, +#endif + +#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) +#if defined(POLARSSL_DES_C) + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, +#endif +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + TLS_RSA_WITH_NULL_MD5, + TLS_RSA_WITH_NULL_SHA, + TLS_RSA_WITH_NULL_SHA256, +#endif +#endif + 0 +}; + + #if defined(POLARSSL_FS_IO) #define USAGE_IO \ " ca_file=%%s default: \"\" (pre-loaded)\n" \ @@ -395,7 +485,7 @@ int main( int argc, char *argv[] ) #endif if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER ) - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); + ssl_set_ciphersuites( &ssl, my_ciphersuites ); else ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); diff --git a/tests/compat.sh b/tests/compat.sh index c6bfa6e06..4c292b02e 100644 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1,4 +1,4 @@ -killall -q openssl ssl_server +killall -q openssl ssl_server ssl_server2 MODES="ssl3 tls1 tls1_1 tls1_2" #VERIFY="YES" @@ -16,23 +16,23 @@ do echo "Running for $MODE" echo "-----------" -P_CIPHERS=" \ - SSL-EDH-RSA-AES-128-SHA \ - SSL-EDH-RSA-AES-256-SHA \ - SSL-EDH-RSA-CAMELLIA-128-SHA \ - SSL-EDH-RSA-CAMELLIA-256-SHA \ - SSL-EDH-RSA-DES-168-SHA \ - SSL-RSA-AES-256-SHA \ - SSL-RSA-CAMELLIA-256-SHA \ - SSL-RSA-AES-128-SHA \ - SSL-RSA-CAMELLIA-128-SHA \ - SSL-RSA-DES-168-SHA \ - SSL-RSA-RC4-128-SHA \ - SSL-RSA-RC4-128-MD5 \ - SSL-RSA-NULL-MD5 \ - SSL-RSA-NULL-SHA \ - SSL-RSA-DES-SHA \ - SSL-EDH-RSA-DES-SHA \ +P_CIPHERS=" \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ + TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ + TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \ + TLS-RSA-WITH-AES-256-CBC-SHA \ + TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \ + TLS-RSA-WITH-AES-128-CBC-SHA \ + TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \ + TLS-RSA-WITH-3DES-EDE-CBC-SHA \ + TLS-RSA-WITH-RC4-128-SHA \ + TLS-RSA-WITH-RC4-128-MD5 \ + TLS-RSA-WITH-NULL-MD5 \ + TLS-RSA-WITH-NULL-SHA \ + TLS-RSA-WITH-DES-CBC-SHA \ + TLS-DHE-RSA-WITH-DES-CBC-SHA \ " O_CIPHERS=" \ @@ -56,12 +56,12 @@ O_CIPHERS=" \ # Also add SHA256 ciphersuites # -P_CIPHERS="$P_CIPHERS \ - SSL-RSA-NULL-SHA256 \ - SSL-RSA-AES-128-SHA256 \ - SSL-EDH-RSA-AES-128-SHA256 \ - SSL-RSA-AES-256-SHA256 \ - SSL-EDH-RSA-AES-256-SHA256 \ +P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-NULL-SHA256 \ + TLS-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ " O_CIPHERS="$O_CIPHERS \ @@ -74,11 +74,11 @@ O_CIPHERS="$O_CIPHERS \ if [ "$MODE" = "tls1_2" ]; then - P_CIPHERS="$P_CIPHERS \ - SSL-RSA-AES-128-GCM-SHA256 \ - SSL-EDH-RSA-AES-128-GCM-SHA256 \ - SSL-RSA-AES-256-GCM-SHA384 \ - SSL-EDH-RSA-AES-256-GCM-SHA384 \ + P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ " O_CIPHERS="$O_CIPHERS \ @@ -112,7 +112,7 @@ do done kill $PROCESS_ID -../programs/ssl/ssl_server > /dev/null & +../programs/ssl/ssl_server2 > /dev/null & PROCESS_ID=$! sleep 1 @@ -140,7 +140,7 @@ done kill $PROCESS_ID -../programs/ssl/ssl_server > /dev/null & +../programs/ssl/ssl_server2 > /dev/null & PROCESS_ID=$! sleep 1 @@ -150,11 +150,11 @@ sleep 1 # if [ "$MODE" = "tls1_2" ]; then - P_CIPHERS="$P_CIPHERS \ - SSL-RSA-CAMELLIA-128-SHA256 \ - SSL-EDH-RSA-CAMELLIA-128-SHA256 \ - SSL-RSA-CAMELLIA-256-SHA256 \ - SSL-EDH-RSA-CAMELLIA-256-SHA256 \ + P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ " fi