diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 58a2c88cf..3d6d7d311 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -614,8 +614,26 @@ * Warning: Only do so when you know what you are doing. This allows for * encryption or channels without any security! * - * This module is required to support the TLS ciphersuites that use the NULL - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_NULL_SHA + * TLS_ECDH_RSA_WITH_NULL_SHA + * TLS_ECDHE_ECDSA_WITH_NULL_SHA + * TLS_ECDHE_RSA_WITH_NULL_SHA + * TLS_ECDHE_PSK_WITH_NULL_SHA384 + * TLS_ECDHE_PSK_WITH_NULL_SHA256 + * TLS_ECDHE_PSK_WITH_NULL_SHA + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA + * TLS_RSA_WITH_NULL_SHA256 + * TLS_RSA_WITH_NULL_SHA + * TLS_RSA_WITH_NULL_MD5 + * TLS_RSA_PSK_WITH_NULL_SHA384 + * TLS_RSA_PSK_WITH_NULL_SHA256 + * TLS_RSA_PSK_WITH_NULL_SHA + * TLS_PSK_WITH_NULL_SHA384 + * TLS_PSK_WITH_NULL_SHA256 + * TLS_PSK_WITH_NULL_SHA * * Uncomment this macro to enable the NULL cipher */ @@ -1039,8 +1057,65 @@ * library/pem.c * library/ctr_drbg.c * - * This module is required to support the TLS ciphersuites that use the AES - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * TLS_RSA_WITH_AES_256_GCM_SHA384 + * TLS_RSA_WITH_AES_256_CBC_SHA256 + * TLS_RSA_WITH_AES_256_CBC_SHA + * TLS_RSA_WITH_AES_128_GCM_SHA256 + * TLS_RSA_WITH_AES_128_CBC_SHA256 + * TLS_RSA_WITH_AES_128_CBC_SHA + * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_128_CBC_SHA256 + * TLS_PSK_WITH_AES_128_CBC_SHA * * PEM_PARSE uses AES for decrypting encrypted keys. */ @@ -1054,8 +1129,17 @@ * Module: library/arc4.c * Caller: library/cipher.c * - * This module is required to support the TLS ciphersuites that use the ARC4 - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_RC4_128_SHA + * TLS_ECDH_RSA_WITH_RC4_128_SHA + * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + * TLS_ECDHE_RSA_WITH_RC4_128_SHA + * TLS_ECDHE_PSK_WITH_RC4_128_SHA + * TLS_DHE_PSK_WITH_RC4_128_SHA + * TLS_RSA_WITH_RC4_128_SHA + * TLS_RSA_WITH_RC4_128_MD5 + * TLS_RSA_PSK_WITH_RC4_128_SHA + * TLS_PSK_WITH_RC4_128_SHA * * \warning ARC4 is considered a weak cipher and its use constitutes a * security risk. If possible, we recommend avoidng dependencies on @@ -1133,8 +1217,49 @@ * Module: library/camellia.c * Caller: library/cipher.c * - * This module is required to support the TLS ciphersuites that use the - * Camellia cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ #define MBEDTLS_CAMELLIA_C @@ -1146,8 +1271,45 @@ * Module: library/aria.c * Caller: library/cipher.c * - * This module is required to support the TLS ciphersuites that use the - * ARIA cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_PSK_WITH_ARIA_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 + * TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 + * TLS_PSK_WITH_ARIA_128_GCM_SHA256 + * TLS_PSK_WITH_ARIA_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 + * TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 + * TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ //#define MBEDTLS_ARIA_C @@ -1233,8 +1395,17 @@ * Caller: library/pem.c * library/cipher.c * - * This module is required to support the TLS ciphersuites that use the DES - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_PSK_WITH_3DES_EDE_CBC_SHA * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. * @@ -1359,7 +1530,8 @@ * * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C * - * This module is required to support the TLS ciphersuites that use GCM. + * This module is required to support AES-GCM and CAMELLIA-GCM ciphersuites in + * TLS. */ #define MBEDTLS_GCM_C diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 585d08776..a728a31e5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -648,8 +648,26 @@ * Warning: Only do so when you know what you are doing. This allows for * encryption or channels without any security! * - * This module is required to support the TLS ciphersuites that use the NULL - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_NULL_SHA + * TLS_ECDH_RSA_WITH_NULL_SHA + * TLS_ECDHE_ECDSA_WITH_NULL_SHA + * TLS_ECDHE_RSA_WITH_NULL_SHA + * TLS_ECDHE_PSK_WITH_NULL_SHA384 + * TLS_ECDHE_PSK_WITH_NULL_SHA256 + * TLS_ECDHE_PSK_WITH_NULL_SHA + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA + * TLS_RSA_WITH_NULL_SHA256 + * TLS_RSA_WITH_NULL_SHA + * TLS_RSA_WITH_NULL_MD5 + * TLS_RSA_PSK_WITH_NULL_SHA384 + * TLS_RSA_PSK_WITH_NULL_SHA256 + * TLS_RSA_PSK_WITH_NULL_SHA + * TLS_PSK_WITH_NULL_SHA384 + * TLS_PSK_WITH_NULL_SHA256 + * TLS_PSK_WITH_NULL_SHA * * Uncomment this macro to enable the NULL cipher */ @@ -1140,8 +1158,65 @@ * library/pem.c * library/ctr_drbg.c * - * This module is required to support the TLS ciphersuites that use the AES - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * TLS_RSA_WITH_AES_256_GCM_SHA384 + * TLS_RSA_WITH_AES_256_CBC_SHA256 + * TLS_RSA_WITH_AES_256_CBC_SHA + * TLS_RSA_WITH_AES_128_GCM_SHA256 + * TLS_RSA_WITH_AES_128_CBC_SHA256 + * TLS_RSA_WITH_AES_128_CBC_SHA + * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_128_CBC_SHA256 + * TLS_PSK_WITH_AES_128_CBC_SHA * * PEM_PARSE uses AES for decrypting encrypted keys. */ @@ -1155,8 +1230,17 @@ * Module: library/arc4.c * Caller: library/cipher.c * - * This module is required to support the TLS ciphersuites that use the ARC4 - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_RC4_128_SHA + * TLS_ECDH_RSA_WITH_RC4_128_SHA + * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + * TLS_ECDHE_RSA_WITH_RC4_128_SHA + * TLS_ECDHE_PSK_WITH_RC4_128_SHA + * TLS_DHE_PSK_WITH_RC4_128_SHA + * TLS_RSA_WITH_RC4_128_SHA + * TLS_RSA_WITH_RC4_128_MD5 + * TLS_RSA_PSK_WITH_RC4_128_SHA + * TLS_PSK_WITH_RC4_128_SHA * * \warning ARC4 is considered a weak cipher and its use constitutes a * security risk. If possible, we recommend avoidng dependencies on @@ -1234,8 +1318,49 @@ * Module: library/camellia.c * Caller: library/cipher.c * - * This module is required to support the TLS ciphersuites that use the - * Camellia cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ #define MBEDTLS_CAMELLIA_C @@ -1247,8 +1372,45 @@ * Module: library/aria.c * Caller: library/cipher.c * - * This module is required to support the TLS ciphersuites that use the - * ARIA cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 + * TLS_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 + * TLS_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_PSK_WITH_ARIA_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 + * TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 + * TLS_PSK_WITH_ARIA_128_GCM_SHA256 + * TLS_PSK_WITH_ARIA_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 + * TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 + * TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 + * TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ //#define MBEDTLS_ARIA_C @@ -1338,8 +1500,17 @@ * Caller: library/pem.c * library/cipher.c * - * This module is required to support the TLS ciphersuites that use the DES - * cipher. + * This module is required to support the following ciphersuites in TLS: + * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_PSK_WITH_3DES_EDE_CBC_SHA * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. * @@ -1464,7 +1635,8 @@ * * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C * - * This module is required to support the TLS ciphersuites that use GCM. + * This module is required to support AES-GCM and CAMELLIA-GCM ciphersuites in + * TLS. */ #define MBEDTLS_GCM_C