PolarSSL v1.3.2
ssl_ciphersuites.c
Go to the documentation of this file.
1 
28 #include "polarssl/config.h"
29 
30 #if defined(POLARSSL_SSL_TLS_C)
31 
33 #include "polarssl/ssl.h"
34 
35 #include <stdlib.h>
36 
37 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
38  !defined(EFI32)
39 #define strcasecmp _stricmp
40 #endif
41 
42 /*
43  * Ordered from most preferred to least preferred in terms of security.
44  *
45  * Current rule (except weak and null which come last):
46  * 1. By key exchange:
47  * Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
48  * 2. By key length and cipher:
49  * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES > RC4
50  * 3. By cipher mode when relevant GCM > CBC
51  * 4. By hash function used
52  * 5. By key exchange/auth again: EC > non-EC
53  */
54 static const int ciphersuite_preference[] =
55 {
56  /* All AES-256 ephemeral suites */
66 
67  /* All CAMELLIA-256 ephemeral suites */
75 
76  /* All AES-128 ephemeral suites */
86 
87  /* All CAMELLIA-128 ephemeral suites */
95 
96  /* All remaining >= 128-bit ephemeral suites */
102 
103  /* The PSK ephemeral suites */
112 
121 
126 
127  /* All AES-256 suites */
131 
132  /* All CAMELLIA-256 suites */
136 
137  /* All AES-128 suites */
141 
142  /* All CAMELLIA-128 suites */
146 
147  /* All remaining >= 128-bit suites */
151 
152  /* The RSA PSK suites */
158 
164 
167 
168  /* The PSK suites */
174 
180 
183 
184  /* Weak suites */
187 
188  /* NULL suites */
197 
207 
208  0
209 };
210 
211 #define MAX_CIPHERSUITES 128
212 static int supported_ciphersuites[MAX_CIPHERSUITES];
213 static int supported_init = 0;
214 
215 static const ssl_ciphersuite_t ciphersuite_definitions[] =
216 {
217 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
218 #if defined(POLARSSL_AES_C)
219 #if defined(POLARSSL_SHA1_C)
220 #if defined(POLARSSL_CIPHER_MODE_CBC)
221  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
225  0 },
226  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
230  0 },
231 #endif /* POLARSSL_CIPHER_MODE_CBC */
232 #endif /* POLARSSL_SHA1_C */
233 #if defined(POLARSSL_SHA256_C)
234 #if defined(POLARSSL_CIPHER_MODE_CBC)
235  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
239  0 },
240 #endif /* POLARSSL_CIPHER_MODE_CBC */
241 #if defined(POLARSSL_GCM_C)
242  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
246  0 },
247 #endif /* POLARSSL_GCM_C */
248 #endif /* POLARSSL_SHA256_C */
249 #if defined(POLARSSL_SHA512_C)
250 #if defined(POLARSSL_CIPHER_MODE_CBC)
251  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
255  0 },
256 #endif /* POLARSSL_CIPHER_MODE_CBC */
257 #if defined(POLARSSL_GCM_C)
258  { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
262  0 },
263 #endif /* POLARSSL_GCM_C */
264 #endif /* POLARSSL_SHA512_C */
265 #endif /* POLARSSL_AES_C */
266 
267 #if defined(POLARSSL_CAMELLIA_C)
268 #if defined(POLARSSL_CIPHER_MODE_CBC)
269 #if defined(POLARSSL_SHA256_C)
270  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
274  0 },
275 #endif /* POLARSSL_SHA256_C */
276 #if defined(POLARSSL_SHA512_C)
277  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
281  0 },
282 #endif /* POLARSSL_SHA512_C */
283 #endif /* POLARSSL_CIPHER_MODE_CBC */
284 
285 #if defined(POLARSSL_GCM_C)
286 #if defined(POLARSSL_SHA256_C)
287  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
291  0 },
292 #endif /* POLARSSL_SHA256_C */
293 #if defined(POLARSSL_SHA512_C)
294  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
298  0 },
299 #endif /* POLARSSL_SHA512_C */
300 #endif /* POLARSSL_GCM_C */
301 #endif /* POLARSSL_CAMELLIA_C */
302 
303 #if defined(POLARSSL_DES_C)
304 #if defined(POLARSSL_CIPHER_MODE_CBC)
305 #if defined(POLARSSL_SHA1_C)
306  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
310  0 },
311 #endif /* POLARSSL_SHA1_C */
312 #endif /* POLARSSL_CIPHER_MODE_CBC */
313 #endif /* POLARSSL_DES_C */
314 
315 #if defined(POLARSSL_ARC4_C)
316 #if defined(POLARSSL_SHA1_C)
317  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
321  0 },
322 #endif /* POLARSSL_SHA1_C */
323 #endif /* POLARSSL_ARC4_C */
324 
325 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
326 #if defined(POLARSSL_SHA1_C)
327  { TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
332 #endif /* POLARSSL_SHA1_C */
333 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
334 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
335 
336 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
337 #if defined(POLARSSL_AES_C)
338 #if defined(POLARSSL_SHA1_C)
339 #if defined(POLARSSL_CIPHER_MODE_CBC)
340  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
344  0 },
345  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
349  0 },
350 #endif /* POLARSSL_CIPHER_MODE_CBC */
351 #endif /* POLARSSL_SHA1_C */
352 #if defined(POLARSSL_SHA256_C)
353 #if defined(POLARSSL_CIPHER_MODE_CBC)
354  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
358  0 },
359 #endif /* POLARSSL_CIPHER_MODE_CBC */
360 #if defined(POLARSSL_GCM_C)
361  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
365  0 },
366 #endif /* POLARSSL_GCM_C */
367 #endif /* POLARSSL_SHA256_C */
368 #if defined(POLARSSL_SHA512_C)
369 #if defined(POLARSSL_CIPHER_MODE_CBC)
370  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
374  0 },
375 #endif /* POLARSSL_CIPHER_MODE_CBC */
376 #if defined(POLARSSL_GCM_C)
377  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
381  0 },
382 #endif /* POLARSSL_GCM_C */
383 #endif /* POLARSSL_SHA512_C */
384 #endif /* POLARSSL_AES_C */
385 
386 #if defined(POLARSSL_CAMELLIA_C)
387 #if defined(POLARSSL_CIPHER_MODE_CBC)
388 #if defined(POLARSSL_SHA256_C)
389  { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
393  0 },
394 #endif /* POLARSSL_SHA256_C */
395 #if defined(POLARSSL_SHA512_C)
396  { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
400  0 },
401 #endif /* POLARSSL_SHA512_C */
402 #endif /* POLARSSL_CIPHER_MODE_CBC */
403 
404 #if defined(POLARSSL_GCM_C)
405 #if defined(POLARSSL_SHA256_C)
406  { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
410  0 },
411 #endif /* POLARSSL_SHA256_C */
412 #if defined(POLARSSL_SHA512_C)
413  { TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
417  0 },
418 #endif /* POLARSSL_SHA512_C */
419 #endif /* POLARSSL_GCM_C */
420 #endif /* POLARSSL_CAMELLIA_C */
421 
422 #if defined(POLARSSL_DES_C)
423 #if defined(POLARSSL_CIPHER_MODE_CBC)
424 #if defined(POLARSSL_SHA1_C)
425  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
429  0 },
430 #endif /* POLARSSL_SHA1_C */
431 #endif /* POLARSSL_CIPHER_MODE_CBC */
432 #endif /* POLARSSL_DES_C */
433 
434 #if defined(POLARSSL_ARC4_C)
435 #if defined(POLARSSL_SHA1_C)
436  { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
440  0 },
441 #endif /* POLARSSL_SHA1_C */
442 #endif /* POLARSSL_ARC4_C */
443 
444 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
445 #if defined(POLARSSL_SHA1_C)
446  { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
451 #endif /* POLARSSL_SHA1_C */
452 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
453 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
454 
455 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
456 #if defined(POLARSSL_AES_C)
457 #if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
458  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
462  0 },
463 #endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
464 
465 #if defined(POLARSSL_SHA256_C)
466 #if defined(POLARSSL_GCM_C)
467  { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
471  0 },
472 #endif /* POLARSSL_GCM_C */
473 
474 #if defined(POLARSSL_CIPHER_MODE_CBC)
475  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
479  0 },
480 
481  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
485  0 },
486 #endif /* POLARSSL_CIPHER_MODE_CBC */
487 #endif /* POLARSSL_SHA256_C */
488 
489 #if defined(POLARSSL_CIPHER_MODE_CBC)
490 #if defined(POLARSSL_SHA1_C)
491  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
495  0 },
496 
497  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
501  0 },
502 #endif /* POLARSSL_SHA1_C */
503 #endif /* POLARSSL_CIPHER_MODE_CBC */
504 #endif /* POLARSSL_AES_C */
505 
506 #if defined(POLARSSL_CAMELLIA_C)
507 #if defined(POLARSSL_CIPHER_MODE_CBC)
508 #if defined(POLARSSL_SHA256_C)
509  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
513  0 },
514 
515  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
519  0 },
520 #endif /* POLARSSL_SHA256_C */
521 
522 #if defined(POLARSSL_SHA1_C)
523  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
527  0 },
528 
529  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
533  0 },
534 #endif /* POLARSSL_SHA1_C */
535 #endif /* POLARSSL_CIPHER_MODE_CBC */
536 #if defined(POLARSSL_GCM_C)
537 #if defined(POLARSSL_SHA256_C)
538  { TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
542  0 },
543 #endif /* POLARSSL_SHA256_C */
544 
545 #if defined(POLARSSL_SHA512_C)
546  { TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
550  0 },
551 #endif /* POLARSSL_SHA512_C */
552 #endif /* POLARSSL_GCM_C */
553 #endif /* POLARSSL_CAMELLIA_C */
554 
555 #if defined(POLARSSL_DES_C)
556 #if defined(POLARSSL_CIPHER_MODE_CBC)
557 #if defined(POLARSSL_SHA1_C)
558  { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
562  0 },
563 #endif /* POLARSSL_SHA1_C */
564 #endif /* POLARSSL_CIPHER_MODE_CBC */
565 #endif /* POLARSSL_DES_C */
566 #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
567 
568 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
569 #if defined(POLARSSL_AES_C)
570 #if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
571  { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
575  0 },
576 #endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
577 
578 #if defined(POLARSSL_SHA256_C)
579 #if defined(POLARSSL_GCM_C)
580  { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
584  0 },
585 #endif /* POLARSSL_GCM_C */
586 
587 #if defined(POLARSSL_CIPHER_MODE_CBC)
588  { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
592  0 },
593 
594  { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
598  0 },
599 #endif /* POLARSSL_CIPHER_MODE_CBC */
600 #endif /* POLARSSL_SHA256_C */
601 
602 #if defined(POLARSSL_SHA1_C)
603 #if defined(POLARSSL_CIPHER_MODE_CBC)
604  { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
608  0 },
609 
610  { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
614  0 },
615 #endif /* POLARSSL_CIPHER_MODE_CBC */
616 #endif /* POLARSSL_SHA1_C */
617 #endif /* POLARSSL_AES_C */
618 
619 #if defined(POLARSSL_CAMELLIA_C)
620 #if defined(POLARSSL_CIPHER_MODE_CBC)
621 #if defined(POLARSSL_SHA256_C)
622  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
626  0 },
627 
628  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
632  0 },
633 #endif /* POLARSSL_SHA256_C */
634 
635 #if defined(POLARSSL_SHA1_C)
636  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
640  0 },
641 
642  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
646  0 },
647 #endif /* POLARSSL_SHA1_C */
648 #endif /* POLARSSL_CIPHER_MODE_CBC */
649 
650 #if defined(POLARSSL_GCM_C)
651 #if defined(POLARSSL_SHA256_C)
652  { TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
656  0 },
657 #endif /* POLARSSL_SHA256_C */
658 
659 #if defined(POLARSSL_SHA1_C)
660  { TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
664  0 },
665 #endif /* POLARSSL_SHA1_C */
666 #endif /* POLARSSL_GCM_C */
667 #endif /* POLARSSL_CAMELLIA_C */
668 
669 #if defined(POLARSSL_DES_C)
670 #if defined(POLARSSL_CIPHER_MODE_CBC)
671 #if defined(POLARSSL_SHA1_C)
672  { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
676  0 },
677 #endif /* POLARSSL_SHA1_C */
678 #endif /* POLARSSL_CIPHER_MODE_CBC */
679 #endif /* POLARSSL_DES_C */
680 
681 #if defined(POLARSSL_ARC4_C)
682 #if defined(POLARSSL_MD5_C)
683  { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
687  0 },
688 #endif
689 
690 #if defined(POLARSSL_SHA1_C)
691  { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
695  0 },
696 #endif
697 #endif /* POLARSSL_ARC4_C */
698 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
699 
700 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
701 #if defined(POLARSSL_AES_C)
702 #if defined(POLARSSL_GCM_C)
703 #if defined(POLARSSL_SHA256_C)
704  { TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
708  0 },
709 #endif /* POLARSSL_SHA256_C */
710 
711 #if defined(POLARSSL_SHA512_C)
712  { TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
716  0 },
717 #endif /* POLARSSL_SHA512_C */
718 #endif /* POLARSSL_GCM_C */
719 
720 #if defined(POLARSSL_CIPHER_MODE_CBC)
721 #if defined(POLARSSL_SHA256_C)
722  { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
726  0 },
727 #endif /* POLARSSL_SHA256_C */
728 
729 #if defined(POLARSSL_SHA512_C)
730  { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
734  0 },
735 #endif /* POLARSSL_SHA512_C */
736 
737 #if defined(POLARSSL_SHA1_C)
738  { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
742  0 },
743 
744  { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
748  0 },
749 #endif /* POLARSSL_SHA1_C */
750 #endif /* POLARSSL_CIPHER_MODE_CBC */
751 #endif /* POLARSSL_AES_C */
752 
753 #if defined(POLARSSL_CAMELLIA_C)
754 #if defined(POLARSSL_CIPHER_MODE_CBC)
755 #if defined(POLARSSL_SHA256_C)
756  { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
760  0 },
761 #endif /* POLARSSL_SHA256_C */
762 
763 #if defined(POLARSSL_SHA512_C)
764  { TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
768  0 },
769 #endif /* POLARSSL_SHA512_C */
770 #endif /* POLARSSL_CIPHER_MODE_CBC */
771 
772 #if defined(POLARSSL_GCM_C)
773 #if defined(POLARSSL_SHA256_C)
774  { TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
778  0 },
779 #endif /* POLARSSL_SHA256_C */
780 
781 #if defined(POLARSSL_SHA512_C)
782  { TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
786  0 },
787 #endif /* POLARSSL_SHA512_C */
788 #endif /* POLARSSL_GCM_C */
789 #endif /* POLARSSL_CAMELLIA_C */
790 
791 #if defined(POLARSSL_DES_C)
792 #if defined(POLARSSL_CIPHER_MODE_CBC)
793 #if defined(POLARSSL_SHA1_C)
794  { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
798  0 },
799 #endif /* POLARSSL_SHA1_C */
800 #endif /* POLARSSL_CIPHER_MODE_CBC */
801 #endif /* POLARSSL_DES_C */
802 
803 #if defined(POLARSSL_ARC4_C)
804 #if defined(POLARSSL_SHA1_C)
805  { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
809  0 },
810 #endif /* POLARSSL_SHA1_C */
811 #endif /* POLARSSL_ARC4_C */
812 #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
813 
814 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
815 #if defined(POLARSSL_AES_C)
816 #if defined(POLARSSL_GCM_C)
817 #if defined(POLARSSL_SHA256_C)
818  { TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
822  0 },
823 #endif /* POLARSSL_SHA256_C */
824 
825 #if defined(POLARSSL_SHA512_C)
826  { TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
830  0 },
831 #endif /* POLARSSL_SHA512_C */
832 #endif /* POLARSSL_GCM_C */
833 
834 #if defined(POLARSSL_CIPHER_MODE_CBC)
835 #if defined(POLARSSL_SHA256_C)
836  { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
840  0 },
841 #endif /* POLARSSL_SHA256_C */
842 
843 #if defined(POLARSSL_SHA512_C)
844  { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
848  0 },
849 #endif /* POLARSSL_SHA512_C */
850 
851 #if defined(POLARSSL_SHA1_C)
852  { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
856  0 },
857 
858  { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
862  0 },
863 #endif /* POLARSSL_SHA1_C */
864 #endif /* POLARSSL_CIPHER_MODE_CBC */
865 #endif /* POLARSSL_AES_C */
866 
867 #if defined(POLARSSL_CAMELLIA_C)
868 #if defined(POLARSSL_CIPHER_MODE_CBC)
869 #if defined(POLARSSL_SHA256_C)
870  { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
874  0 },
875 #endif /* POLARSSL_SHA256_C */
876 
877 #if defined(POLARSSL_SHA512_C)
878  { TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
882  0 },
883 #endif /* POLARSSL_SHA512_C */
884 #endif /* POLARSSL_CIPHER_MODE_CBC */
885 
886 #if defined(POLARSSL_GCM_C)
887 #if defined(POLARSSL_SHA256_C)
888  { TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
892  0 },
893 #endif /* POLARSSL_SHA256_C */
894 
895 #if defined(POLARSSL_SHA512_C)
896  { TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
900  0 },
901 #endif /* POLARSSL_SHA512_C */
902 #endif /* POLARSSL_GCM_C */
903 #endif /* POLARSSL_CAMELLIA_C */
904 
905 #if defined(POLARSSL_DES_C)
906 #if defined(POLARSSL_CIPHER_MODE_CBC)
907 #if defined(POLARSSL_SHA1_C)
908  { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
912  0 },
913 #endif /* POLARSSL_SHA1_C */
914 #endif /* POLARSSL_CIPHER_MODE_CBC */
915 #endif /* POLARSSL_DES_C */
916 
917 #if defined(POLARSSL_ARC4_C)
918 #if defined(POLARSSL_SHA1_C)
919  { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
923  0 },
924 #endif /* POLARSSL_SHA1_C */
925 #endif /* POLARSSL_ARC4_C */
926 #endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
927 
928 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
929 #if defined(POLARSSL_AES_C)
930 
931 #if defined(POLARSSL_CIPHER_MODE_CBC)
932 #if defined(POLARSSL_SHA256_C)
933  { TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
937  0 },
938 #endif /* POLARSSL_SHA256_C */
939 
940 #if defined(POLARSSL_SHA512_C)
941  { TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
945  0 },
946 #endif /* POLARSSL_SHA512_C */
947 
948 #if defined(POLARSSL_SHA1_C)
949  { TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
953  0 },
954 
955  { TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
959  0 },
960 #endif /* POLARSSL_SHA1_C */
961 #endif /* POLARSSL_CIPHER_MODE_CBC */
962 #endif /* POLARSSL_AES_C */
963 
964 #if defined(POLARSSL_CAMELLIA_C)
965 #if defined(POLARSSL_CIPHER_MODE_CBC)
966 #if defined(POLARSSL_SHA256_C)
967  { TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
971  0 },
972 #endif /* POLARSSL_SHA256_C */
973 
974 #if defined(POLARSSL_SHA512_C)
975  { TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
979  0 },
980 #endif /* POLARSSL_SHA512_C */
981 #endif /* POLARSSL_CIPHER_MODE_CBC */
982 #endif /* POLARSSL_CAMELLIA_C */
983 
984 #if defined(POLARSSL_DES_C)
985 #if defined(POLARSSL_CIPHER_MODE_CBC)
986 #if defined(POLARSSL_SHA1_C)
987  { TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
991  0 },
992 #endif /* POLARSSL_SHA1_C */
993 #endif /* POLARSSL_CIPHER_MODE_CBC */
994 #endif /* POLARSSL_DES_C */
995 
996 #if defined(POLARSSL_ARC4_C)
997 #if defined(POLARSSL_SHA1_C)
998  { TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
1002  0 },
1003 #endif /* POLARSSL_SHA1_C */
1004 #endif /* POLARSSL_ARC4_C */
1005 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1006 
1007 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
1008 #if defined(POLARSSL_AES_C)
1009 #if defined(POLARSSL_GCM_C)
1010 #if defined(POLARSSL_SHA256_C)
1011  { TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1015  0 },
1016 #endif /* POLARSSL_SHA256_C */
1017 
1018 #if defined(POLARSSL_SHA512_C)
1019  { TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1023  0 },
1024 #endif /* POLARSSL_SHA512_C */
1025 #endif /* POLARSSL_GCM_C */
1026 
1027 #if defined(POLARSSL_CIPHER_MODE_CBC)
1028 #if defined(POLARSSL_SHA256_C)
1029  { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1033  0 },
1034 #endif /* POLARSSL_SHA256_C */
1035 
1036 #if defined(POLARSSL_SHA512_C)
1037  { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1041  0 },
1042 #endif /* POLARSSL_SHA512_C */
1043 
1044 #if defined(POLARSSL_SHA1_C)
1045  { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1049  0 },
1050 
1051  { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1055  0 },
1056 #endif /* POLARSSL_SHA1_C */
1057 #endif /* POLARSSL_CIPHER_MODE_CBC */
1058 #endif /* POLARSSL_AES_C */
1059 
1060 #if defined(POLARSSL_CAMELLIA_C)
1061 #if defined(POLARSSL_CIPHER_MODE_CBC)
1062 #if defined(POLARSSL_SHA256_C)
1063  { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1067  0 },
1068 #endif /* POLARSSL_SHA256_C */
1069 
1070 #if defined(POLARSSL_SHA512_C)
1071  { TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1075  0 },
1076 #endif /* POLARSSL_SHA512_C */
1077 #endif /* POLARSSL_CIPHER_MODE_CBC */
1078 
1079 #if defined(POLARSSL_GCM_C)
1080 #if defined(POLARSSL_SHA256_C)
1081  { TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1085  0 },
1086 #endif /* POLARSSL_SHA256_C */
1087 
1088 #if defined(POLARSSL_SHA512_C)
1089  { TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1093  0 },
1094 #endif /* POLARSSL_SHA512_C */
1095 #endif /* POLARSSL_GCM_C */
1096 #endif /* POLARSSL_CAMELLIA_C */
1097 
1098 #if defined(POLARSSL_DES_C)
1099 #if defined(POLARSSL_CIPHER_MODE_CBC)
1100 #if defined(POLARSSL_SHA1_C)
1101  { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
1105  0 },
1106 #endif /* POLARSSL_SHA1_C */
1107 #endif /* POLARSSL_CIPHER_MODE_CBC */
1108 #endif /* POLARSSL_DES_C */
1109 
1110 #if defined(POLARSSL_ARC4_C)
1111 #if defined(POLARSSL_SHA1_C)
1112  { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
1116  0 },
1117 #endif /* POLARSSL_SHA1_C */
1118 #endif /* POLARSSL_ARC4_C */
1119 #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
1120 
1121 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
1122 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
1123 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
1124 #if defined(POLARSSL_MD5_C)
1125  { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1130 #endif
1131 
1132 #if defined(POLARSSL_SHA1_C)
1133  { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1138 #endif
1139 
1140 #if defined(POLARSSL_SHA256_C)
1141  { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1146 #endif
1147 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
1148 
1149 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
1150 #if defined(POLARSSL_SHA1_C)
1151  { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1156 #endif /* POLARSSL_SHA1_C */
1157 
1158 #if defined(POLARSSL_SHA256_C)
1159  { TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1164 #endif
1165 
1166 #if defined(POLARSSL_SHA512_C)
1167  { TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1172 #endif
1173 #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
1174 
1175 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
1176 #if defined(POLARSSL_SHA1_C)
1177  { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1182 #endif /* POLARSSL_SHA1_C */
1183 
1184 #if defined(POLARSSL_SHA256_C)
1185  { TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1190 #endif
1191 
1192 #if defined(POLARSSL_SHA512_C)
1193  { TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1198 #endif
1199 #endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
1200 
1201 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1202 #if defined(POLARSSL_SHA1_C)
1203  { TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1208 #endif /* POLARSSL_SHA1_C */
1209 
1210 #if defined(POLARSSL_SHA256_C)
1211  { TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1216 #endif
1217 
1218 #if defined(POLARSSL_SHA512_C)
1219  { TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1224 #endif
1225 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1226 
1227 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
1228 #if defined(POLARSSL_SHA1_C)
1229  { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1234 #endif /* POLARSSL_SHA1_C */
1235 
1236 #if defined(POLARSSL_SHA256_C)
1237  { TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1242 #endif
1243 
1244 #if defined(POLARSSL_SHA512_C)
1245  { TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1250 #endif
1251 #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
1252 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
1253 
1254 #if defined(POLARSSL_DES_C)
1255 #if defined(POLARSSL_CIPHER_MODE_CBC)
1256 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
1257 #if defined(POLARSSL_SHA1_C)
1258  { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
1263 #endif /* POLARSSL_SHA1_C */
1264 #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
1265 
1266 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
1267 #if defined(POLARSSL_SHA1_C)
1268  { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
1273 #endif /* POLARSSL_SHA1_C */
1274 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
1275 #endif /* POLARSSL_CIPHER_MODE_CBC */
1276 #endif /* POLARSSL_DES_C */
1277 #endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
1278 
1279  { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
1280 };
1281 
1282 const int *ssl_list_ciphersuites( void )
1283 {
1284  /*
1285  * On initial call filter out all ciphersuites not supported by current
1286  * build based on presence in the ciphersuite_definitions.
1287  */
1288  if( supported_init == 0 )
1289  {
1290  const int *p = ciphersuite_preference;
1291  int *q = supported_ciphersuites;
1292  size_t i;
1293  size_t max = sizeof(supported_ciphersuites) / sizeof(int);
1294 
1295  for( i = 0; i < max - 1 && p[i] != 0; i++ )
1296  {
1297  if( ssl_ciphersuite_from_id( p[i] ) != NULL )
1298  *(q++) = p[i];
1299  }
1300  *q = 0;
1301 
1302  supported_init = 1;
1303  }
1304 
1305  return supported_ciphersuites;
1306 };
1307 
1308 const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
1309 {
1310  const ssl_ciphersuite_t *cur = ciphersuite_definitions;
1311 
1312  if( NULL == ciphersuite_name )
1313  return( NULL );
1314 
1315  while( cur->id != 0 )
1316  {
1317  if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
1318  return( cur );
1319 
1320  cur++;
1321  }
1322 
1323  return( NULL );
1324 }
1325 
1326 const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
1327 {
1328  const ssl_ciphersuite_t *cur = ciphersuite_definitions;
1329 
1330  while( cur->id != 0 )
1331  {
1332  if( cur->id == ciphersuite )
1333  return( cur );
1334 
1335  cur++;
1336  }
1337 
1338  return( NULL );
1339 }
1340 
1341 const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
1342 {
1343  const ssl_ciphersuite_t *cur;
1344 
1345  cur = ssl_ciphersuite_from_id( ciphersuite_id );
1346 
1347  if( cur == NULL )
1348  return( "unknown" );
1349 
1350  return( cur->name );
1351 }
1352 
1353 int ssl_get_ciphersuite_id( const char *ciphersuite_name )
1354 {
1355  const ssl_ciphersuite_t *cur;
1356 
1357  cur = ssl_ciphersuite_from_string( ciphersuite_name );
1358 
1359  if( cur == NULL )
1360  return( 0 );
1361 
1362  return( cur->id );
1363 }
1364 
1365 #if defined(POLARSSL_PK_C)
1367 {
1368  switch( info->key_exchange )
1369  {
1374  return( POLARSSL_PK_RSA );
1375 
1377  return( POLARSSL_PK_ECDSA );
1378 
1379  default:
1380  return( POLARSSL_PK_NONE );
1381  }
1382 }
1383 #endif
1384 
1385 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
1386 {
1387  switch( info->key_exchange )
1388  {
1392  return( 1 );
1393 
1394  default:
1395  return( 0 );
1396  }
1397 }
1398 
1400 {
1401  switch( info->key_exchange )
1402  {
1407  return( 1 );
1408 
1409  default:
1410  return( 0 );
1411  }
1412 }
1413 
1414 #endif
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
TLS 1.2.
int ssl_ciphersuite_uses_ec(const ssl_ciphersuite_t *info)
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Not in SSL3!
#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_PSK_WITH_NULL_SHA
Weak!
#define TLS_RSA_WITH_RC4_128_MD5
#define TLS_DHE_PSK_WITH_NULL_SHA
Weak!
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_DHE_PSK_WITH_NULL_SHA384
Weak! TLS 1.2.
#define TLS_PSK_WITH_3DES_EDE_CBC_SHA
#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define TLS_RSA_PSK_WITH_NULL_SHA384
Weak! TLS 1.2.
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
TLS 1.2.
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS 1.2.
#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA
#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
#define TLS_RSA_WITH_NULL_MD5
Weak!
#define TLS_PSK_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Not in SSL3!
#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA
#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_ECDHE_PSK_WITH_NULL_SHA256
Weak! TLS 1.2.
Configuration options (set of defines)
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA
Not in SSL3!
#define TLS_PSK_WITH_AES_128_CBC_SHA
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Not in SSL3!
SSL Ciphersuites for PolarSSL.
#define SSL_MAJOR_VERSION_3
Definition: ssl.h:140
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define TLS_RSA_PSK_WITH_RC4_128_SHA
pk_type_t ssl_get_ciphersuite_sig_pk_alg(const ssl_ciphersuite_t *info)
#define TLS_ECDHE_PSK_WITH_NULL_SHA
Weak! No SSL3!
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
TLS 1.2.
int ssl_get_ciphersuite_id(const char *ciphersuite_name)
Return the ID of the ciphersuite associated with the given name.
#define SSL_MINOR_VERSION_1
Definition: ssl.h:142
#define TLS_RSA_WITH_RC4_128_SHA
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA
Weak!
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA
#define TLS_DHE_PSK_WITH_NULL_SHA256
Weak! TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS 1.2.
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA
Not in SSL3!
#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
TLS 1.2.
#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
TLS 1.2.
#define TLS_RSA_WITH_AES_128_GCM_SHA256
TLS 1.2.
#define SSL_MINOR_VERSION_0
Definition: ssl.h:141
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
TLS 1.2.
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define POLARSSL_CIPHERSUITE_WEAK
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
key_exchange_type_t key_exchange
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
Not in SSL3!
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS 1.2.
#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_RSA_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_PSK_WITH_NULL_SHA256
Weak! TLS 1.2.
#define TLS_PSK_WITH_NULL_SHA384
Weak! TLS 1.2.
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
Not in SSL3!
#define TLS_RSA_WITH_AES_256_CBC_SHA
#define TLS_PSK_WITH_AES_128_GCM_SHA256
TLS 1.2.
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define TLS_ECDHE_RSA_WITH_NULL_SHA
Weak!
int ssl_ciphersuite_uses_psk(const ssl_ciphersuite_t *info)
#define TLS_DHE_PSK_WITH_RC4_128_SHA
#define TLS_RSA_PSK_WITH_NULL_SHA256
Weak! TLS 1.2.
#define SSL_MINOR_VERSION_3
Definition: ssl.h:144
#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
pk_type_t
Public key types.
Definition: pk.h:90
#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
TLS 1.2.
const ssl_ciphersuite_t * ssl_ciphersuite_from_string(const char *ciphersuite_name)
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Not in SSL3!
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
#define TLS_ECDHE_PSK_WITH_NULL_SHA384
Weak! TLS 1.2.
This structure is used for storing ciphersuite information.
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
TLS 1.2.
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
TLS 1.2.
#define TLS_PSK_WITH_AES_256_CBC_SHA384
TLS 1.2.
const ssl_ciphersuite_t * ssl_ciphersuite_from_id(int ciphersuite_id)
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS 1.2.
#define TLS_RSA_WITH_NULL_SHA256
Weak!
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA
#define TLS_DHE_RSA_WITH_DES_CBC_SHA
Weak! Not in TLS 1.2.
#define TLS_RSA_WITH_DES_CBC_SHA
Weak! Not in TLS 1.2.
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
TLS 1.2.
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Not in SSL3!
const int * ssl_list_ciphersuites(void)
Returns the list of ciphersuites supported by the SSL/TLS module.
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
TLS 1.2.
SSL/TLS functions.
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_RSA_WITH_NULL_SHA
Weak!
#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS 1.2.
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Not in SSL3!
#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
TLS 1.2.
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS 1.2.
#define TLS_PSK_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS 1.2.
#define TLS_RSA_PSK_WITH_NULL_SHA
Weak!
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.2.
#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_RSA_WITH_AES_256_CBC_SHA256
TLS 1.2.
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
const char * ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
#define TLS_RSA_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_RSA_WITH_AES_128_CBC_SHA
#define TLS_PSK_WITH_RC4_128_SHA
#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
TLS 1.2.
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
Not in SSL3!
#define TLS_PSK_WITH_AES_256_GCM_SHA384
TLS 1.2.
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Not in SSL3!
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA