1 /** 2 * \file ssl_ciphersuites.c 3 * 4 * \brief SSL ciphersuites for mbed TLS 5 * 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 * 9 * This file is provided under the Apache License 2.0, or the 10 * GNU General Public License v2.0 or later. 11 * 12 * ********** 13 * Apache License 2.0: 14 * 15 * Licensed under the Apache License, Version 2.0 (the "License"); you may 16 * not use this file except in compliance with the License. 17 * You may obtain a copy of the License at 18 * 19 * http://www.apache.org/licenses/LICENSE-2.0 20 * 21 * Unless required by applicable law or agreed to in writing, software 22 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 23 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 24 * See the License for the specific language governing permissions and 25 * limitations under the License. 26 * 27 * ********** 28 * 29 * ********** 30 * GNU General Public License v2.0 or later: 31 * 32 * This program is free software; you can redistribute it and/or modify 33 * it under the terms of the GNU General Public License as published by 34 * the Free Software Foundation; either version 2 of the License, or 35 * (at your option) any later version. 36 * 37 * This program is distributed in the hope that it will be useful, 38 * but WITHOUT ANY WARRANTY; without even the implied warranty of 39 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 40 * GNU General Public License for more details. 41 * 42 * You should have received a copy of the GNU General Public License along 43 * with this program; if not, write to the Free Software Foundation, Inc., 44 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 45 * 46 * ********** 47 * 48 * This file is part of mbed TLS (https://tls.mbed.org) 49 */ 50 51 #if !defined(MBEDTLS_CONFIG_FILE) 52 #include "mbedtls/config.h" 53 #else 54 #include MBEDTLS_CONFIG_FILE 55 #endif 56 57 #if defined(MBEDTLS_SSL_TLS_C) 58 59 #if defined(MBEDTLS_PLATFORM_C) 60 #include "mbedtls/platform.h" 61 #else 62 #include <stdlib.h> 63 #endif 64 65 #include "mbedtls/ssl_ciphersuites.h" 66 #include "mbedtls/ssl.h" 67 68 #include <string.h> 69 70 /* 71 * Ordered from most preferred to least preferred in terms of security. 72 * 73 * Current rule (except RC4 and 3DES, weak and null which come last): 74 * 1. By key exchange: 75 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK 76 * 2. By key length and cipher: 77 * AES-256 > Camellia-256 > AES-128 > Camellia-128 78 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 79 * 4. By hash function used when relevant 80 * 5. By key exchange/auth again: EC > non-EC 81 */ 82 static const int ciphersuite_preference[] = 83 { 84 #if defined(MBEDTLS_SSL_CIPHERSUITES) 85 MBEDTLS_SSL_CIPHERSUITES, 86 #else 87 /* All AES-256 ephemeral suites */ 88 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 89 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 90 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 91 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 92 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, 93 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 94 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 95 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 96 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 97 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 98 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 99 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, 100 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, 101 102 /* All CAMELLIA-256 ephemeral suites */ 103 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 104 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 105 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 106 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 107 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 108 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 110 111 /* All AES-128 ephemeral suites */ 112 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 113 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 114 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 115 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 116 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, 117 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 118 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 119 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 120 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 121 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 122 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 123 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 124 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, 125 126 /* All CAMELLIA-128 ephemeral suites */ 127 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 128 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 129 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 130 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 131 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 132 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 133 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 134 135 /* The PSK ephemeral suites */ 136 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 137 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, 138 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 139 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 140 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 141 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 142 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, 143 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 145 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, 146 147 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 148 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, 149 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 150 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 151 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 152 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 153 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, 154 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 155 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 156 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, 157 158 /* The ECJPAKE suite */ 159 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, 160 161 /* All AES-256 suites */ 162 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, 163 MBEDTLS_TLS_RSA_WITH_AES_256_CCM, 164 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 165 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 166 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 167 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 168 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 169 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 170 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 171 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 172 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, 173 174 /* All CAMELLIA-256 suites */ 175 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 176 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 177 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 178 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 179 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 180 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 181 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 182 183 /* All AES-128 suites */ 184 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 185 MBEDTLS_TLS_RSA_WITH_AES_128_CCM, 186 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, 187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, 188 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 191 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 194 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, 195 196 /* All CAMELLIA-128 suites */ 197 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 200 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 202 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 204 205 /* The RSA PSK suites */ 206 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 207 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 208 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 209 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 210 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 211 212 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 213 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 214 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 215 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 216 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 217 218 /* The PSK suites */ 219 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, 220 MBEDTLS_TLS_PSK_WITH_AES_256_CCM, 221 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, 222 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 223 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 224 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 225 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, 226 227 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, 228 MBEDTLS_TLS_PSK_WITH_AES_128_CCM, 229 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, 230 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, 231 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 232 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 233 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, 234 235 /* 3DES suites */ 236 MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 237 MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 238 MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 239 MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 240 MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 241 MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 242 MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 243 MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 244 MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 245 MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 246 247 /* RC4 suites */ 248 MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 249 MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 250 MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 251 MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, 252 MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, 253 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, 254 MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, 255 MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 256 MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, 257 MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, 258 259 /* Weak suites */ 260 MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, 261 MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, 262 263 /* NULL suites */ 264 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 265 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, 266 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, 267 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, 268 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, 269 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, 270 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, 271 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, 272 273 MBEDTLS_TLS_RSA_WITH_NULL_SHA256, 274 MBEDTLS_TLS_RSA_WITH_NULL_SHA, 275 MBEDTLS_TLS_RSA_WITH_NULL_MD5, 276 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, 277 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, 278 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, 279 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, 280 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, 281 MBEDTLS_TLS_PSK_WITH_NULL_SHA384, 282 MBEDTLS_TLS_PSK_WITH_NULL_SHA256, 283 MBEDTLS_TLS_PSK_WITH_NULL_SHA, 284 285 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 286 0 287 }; 288 289 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 290 { 291 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 292 #if defined(MBEDTLS_AES_C) 293 #if defined(MBEDTLS_SHA1_C) 294 #if defined(MBEDTLS_CIPHER_MODE_CBC) 295 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 296 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 297 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 298 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 299 0 }, 300 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", 301 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 302 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 303 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 304 0 }, 305 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 306 #endif /* MBEDTLS_SHA1_C */ 307 #if defined(MBEDTLS_SHA256_C) 308 #if defined(MBEDTLS_CIPHER_MODE_CBC) 309 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 310 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 311 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 312 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 313 0 }, 314 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 315 #if defined(MBEDTLS_GCM_C) 316 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 317 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 318 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 319 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 320 0 }, 321 #endif /* MBEDTLS_GCM_C */ 322 #endif /* MBEDTLS_SHA256_C */ 323 #if defined(MBEDTLS_SHA512_C) 324 #if defined(MBEDTLS_CIPHER_MODE_CBC) 325 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 326 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 327 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 328 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 329 0 }, 330 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 331 #if defined(MBEDTLS_GCM_C) 332 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 333 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 334 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 335 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 336 0 }, 337 #endif /* MBEDTLS_GCM_C */ 338 #endif /* MBEDTLS_SHA512_C */ 339 #if defined(MBEDTLS_CCM_C) 340 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", 341 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 342 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 343 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 344 0 }, 345 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", 346 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 347 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 348 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 349 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 350 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", 351 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 352 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 353 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 354 0 }, 355 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", 356 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 357 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 358 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 359 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 360 #endif /* MBEDTLS_CCM_C */ 361 #endif /* MBEDTLS_AES_C */ 362 363 #if defined(MBEDTLS_CAMELLIA_C) 364 #if defined(MBEDTLS_CIPHER_MODE_CBC) 365 #if defined(MBEDTLS_SHA256_C) 366 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 367 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 368 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 369 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 370 0 }, 371 #endif /* MBEDTLS_SHA256_C */ 372 #if defined(MBEDTLS_SHA512_C) 373 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 374 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 375 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 376 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 377 0 }, 378 #endif /* MBEDTLS_SHA512_C */ 379 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 380 381 #if defined(MBEDTLS_GCM_C) 382 #if defined(MBEDTLS_SHA256_C) 383 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 384 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 385 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 386 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 387 0 }, 388 #endif /* MBEDTLS_SHA256_C */ 389 #if defined(MBEDTLS_SHA512_C) 390 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 391 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 392 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 393 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 394 0 }, 395 #endif /* MBEDTLS_SHA512_C */ 396 #endif /* MBEDTLS_GCM_C */ 397 #endif /* MBEDTLS_CAMELLIA_C */ 398 399 #if defined(MBEDTLS_DES_C) 400 #if defined(MBEDTLS_CIPHER_MODE_CBC) 401 #if defined(MBEDTLS_SHA1_C) 402 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", 403 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 404 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 405 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 406 0 }, 407 #endif /* MBEDTLS_SHA1_C */ 408 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 409 #endif /* MBEDTLS_DES_C */ 410 411 #if defined(MBEDTLS_ARC4_C) 412 #if defined(MBEDTLS_SHA1_C) 413 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", 414 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 415 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 416 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 417 MBEDTLS_CIPHERSUITE_NODTLS }, 418 #endif /* MBEDTLS_SHA1_C */ 419 #endif /* MBEDTLS_ARC4_C */ 420 421 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 422 #if defined(MBEDTLS_SHA1_C) 423 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", 424 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 425 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 426 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 427 MBEDTLS_CIPHERSUITE_WEAK }, 428 #endif /* MBEDTLS_SHA1_C */ 429 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 430 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 431 432 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 433 #if defined(MBEDTLS_AES_C) 434 #if defined(MBEDTLS_SHA1_C) 435 #if defined(MBEDTLS_CIPHER_MODE_CBC) 436 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 437 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 438 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 439 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 440 0 }, 441 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 442 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 443 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 444 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 445 0 }, 446 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 447 #endif /* MBEDTLS_SHA1_C */ 448 #if defined(MBEDTLS_SHA256_C) 449 #if defined(MBEDTLS_CIPHER_MODE_CBC) 450 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 451 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 452 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 453 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 454 0 }, 455 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 456 #if defined(MBEDTLS_GCM_C) 457 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 458 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 459 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 460 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 461 0 }, 462 #endif /* MBEDTLS_GCM_C */ 463 #endif /* MBEDTLS_SHA256_C */ 464 #if defined(MBEDTLS_SHA512_C) 465 #if defined(MBEDTLS_CIPHER_MODE_CBC) 466 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 467 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 468 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 469 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 470 0 }, 471 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 472 #if defined(MBEDTLS_GCM_C) 473 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 474 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 475 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 476 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 477 0 }, 478 #endif /* MBEDTLS_GCM_C */ 479 #endif /* MBEDTLS_SHA512_C */ 480 #endif /* MBEDTLS_AES_C */ 481 482 #if defined(MBEDTLS_CAMELLIA_C) 483 #if defined(MBEDTLS_CIPHER_MODE_CBC) 484 #if defined(MBEDTLS_SHA256_C) 485 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 486 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 487 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 488 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 489 0 }, 490 #endif /* MBEDTLS_SHA256_C */ 491 #if defined(MBEDTLS_SHA512_C) 492 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", 493 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 494 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 495 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 496 0 }, 497 #endif /* MBEDTLS_SHA512_C */ 498 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 499 500 #if defined(MBEDTLS_GCM_C) 501 #if defined(MBEDTLS_SHA256_C) 502 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 503 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 504 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 505 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 506 0 }, 507 #endif /* MBEDTLS_SHA256_C */ 508 #if defined(MBEDTLS_SHA512_C) 509 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 510 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 511 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 512 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 513 0 }, 514 #endif /* MBEDTLS_SHA512_C */ 515 #endif /* MBEDTLS_GCM_C */ 516 #endif /* MBEDTLS_CAMELLIA_C */ 517 518 #if defined(MBEDTLS_DES_C) 519 #if defined(MBEDTLS_CIPHER_MODE_CBC) 520 #if defined(MBEDTLS_SHA1_C) 521 { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", 522 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 523 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 524 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 525 0 }, 526 #endif /* MBEDTLS_SHA1_C */ 527 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 528 #endif /* MBEDTLS_DES_C */ 529 530 #if defined(MBEDTLS_ARC4_C) 531 #if defined(MBEDTLS_SHA1_C) 532 { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA", 533 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 534 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 535 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 536 MBEDTLS_CIPHERSUITE_NODTLS }, 537 #endif /* MBEDTLS_SHA1_C */ 538 #endif /* MBEDTLS_ARC4_C */ 539 540 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 541 #if defined(MBEDTLS_SHA1_C) 542 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", 543 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 544 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 545 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 546 MBEDTLS_CIPHERSUITE_WEAK }, 547 #endif /* MBEDTLS_SHA1_C */ 548 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 549 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 550 551 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 552 #if defined(MBEDTLS_AES_C) 553 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) 554 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 555 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 556 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 557 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 558 0 }, 559 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ 560 561 #if defined(MBEDTLS_SHA256_C) 562 #if defined(MBEDTLS_GCM_C) 563 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 564 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 565 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 566 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 567 0 }, 568 #endif /* MBEDTLS_GCM_C */ 569 570 #if defined(MBEDTLS_CIPHER_MODE_CBC) 571 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 572 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 573 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 574 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 575 0 }, 576 577 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 578 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 579 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 580 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 581 0 }, 582 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 583 #endif /* MBEDTLS_SHA256_C */ 584 585 #if defined(MBEDTLS_CIPHER_MODE_CBC) 586 #if defined(MBEDTLS_SHA1_C) 587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 588 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 589 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 590 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 591 0 }, 592 593 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 594 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 595 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 596 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 597 0 }, 598 #endif /* MBEDTLS_SHA1_C */ 599 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 600 #if defined(MBEDTLS_CCM_C) 601 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", 602 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 603 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 604 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 605 0 }, 606 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", 607 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 608 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 609 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 610 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 611 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", 612 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 613 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 614 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 615 0 }, 616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", 617 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 618 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 619 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 620 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 621 #endif /* MBEDTLS_CCM_C */ 622 #endif /* MBEDTLS_AES_C */ 623 624 #if defined(MBEDTLS_CAMELLIA_C) 625 #if defined(MBEDTLS_CIPHER_MODE_CBC) 626 #if defined(MBEDTLS_SHA256_C) 627 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 628 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 629 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 630 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 631 0 }, 632 633 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 634 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 635 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 636 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 637 0 }, 638 #endif /* MBEDTLS_SHA256_C */ 639 640 #if defined(MBEDTLS_SHA1_C) 641 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 642 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 643 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 644 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 645 0 }, 646 647 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 648 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 649 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 650 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 651 0 }, 652 #endif /* MBEDTLS_SHA1_C */ 653 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 654 #if defined(MBEDTLS_GCM_C) 655 #if defined(MBEDTLS_SHA256_C) 656 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 657 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 658 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 659 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 660 0 }, 661 #endif /* MBEDTLS_SHA256_C */ 662 663 #if defined(MBEDTLS_SHA512_C) 664 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 665 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 666 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 667 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 668 0 }, 669 #endif /* MBEDTLS_SHA512_C */ 670 #endif /* MBEDTLS_GCM_C */ 671 #endif /* MBEDTLS_CAMELLIA_C */ 672 673 #if defined(MBEDTLS_DES_C) 674 #if defined(MBEDTLS_CIPHER_MODE_CBC) 675 #if defined(MBEDTLS_SHA1_C) 676 { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", 677 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 678 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 679 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 680 0 }, 681 #endif /* MBEDTLS_SHA1_C */ 682 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 683 #endif /* MBEDTLS_DES_C */ 684 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 685 686 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 687 #if defined(MBEDTLS_AES_C) 688 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) 689 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", 690 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 691 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 692 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 693 0 }, 694 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ 695 696 #if defined(MBEDTLS_SHA256_C) 697 #if defined(MBEDTLS_GCM_C) 698 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", 699 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 700 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 701 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 702 0 }, 703 #endif /* MBEDTLS_GCM_C */ 704 705 #if defined(MBEDTLS_CIPHER_MODE_CBC) 706 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", 707 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 708 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 709 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 710 0 }, 711 712 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", 713 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 714 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 715 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 716 0 }, 717 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 718 #endif /* MBEDTLS_SHA256_C */ 719 720 #if defined(MBEDTLS_SHA1_C) 721 #if defined(MBEDTLS_CIPHER_MODE_CBC) 722 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", 723 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 724 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 725 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 726 0 }, 727 728 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", 729 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 730 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 731 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 732 0 }, 733 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 734 #endif /* MBEDTLS_SHA1_C */ 735 #if defined(MBEDTLS_CCM_C) 736 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", 737 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 738 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 739 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 740 0 }, 741 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", 742 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 743 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 744 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 745 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 746 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", 747 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 748 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 749 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 750 0 }, 751 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", 752 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 753 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 754 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 755 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 756 #endif /* MBEDTLS_CCM_C */ 757 #endif /* MBEDTLS_AES_C */ 758 759 #if defined(MBEDTLS_CAMELLIA_C) 760 #if defined(MBEDTLS_CIPHER_MODE_CBC) 761 #if defined(MBEDTLS_SHA256_C) 762 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 763 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 764 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 765 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 766 0 }, 767 768 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 769 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 770 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 771 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 772 0 }, 773 #endif /* MBEDTLS_SHA256_C */ 774 775 #if defined(MBEDTLS_SHA1_C) 776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 777 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 778 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 779 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 780 0 }, 781 782 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 783 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 784 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 785 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 786 0 }, 787 #endif /* MBEDTLS_SHA1_C */ 788 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 789 790 #if defined(MBEDTLS_GCM_C) 791 #if defined(MBEDTLS_SHA256_C) 792 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", 793 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 794 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 795 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 796 0 }, 797 #endif /* MBEDTLS_SHA256_C */ 798 799 #if defined(MBEDTLS_SHA1_C) 800 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", 801 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 802 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 803 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 804 0 }, 805 #endif /* MBEDTLS_SHA1_C */ 806 #endif /* MBEDTLS_GCM_C */ 807 #endif /* MBEDTLS_CAMELLIA_C */ 808 809 #if defined(MBEDTLS_DES_C) 810 #if defined(MBEDTLS_CIPHER_MODE_CBC) 811 #if defined(MBEDTLS_SHA1_C) 812 { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", 813 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 814 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 815 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 816 0 }, 817 #endif /* MBEDTLS_SHA1_C */ 818 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 819 #endif /* MBEDTLS_DES_C */ 820 821 #if defined(MBEDTLS_ARC4_C) 822 #if defined(MBEDTLS_MD5_C) 823 { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", 824 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 825 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 826 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 827 MBEDTLS_CIPHERSUITE_NODTLS }, 828 #endif 829 830 #if defined(MBEDTLS_SHA1_C) 831 { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", 832 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 833 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 834 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 835 MBEDTLS_CIPHERSUITE_NODTLS }, 836 #endif 837 #endif /* MBEDTLS_ARC4_C */ 838 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 839 840 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 841 #if defined(MBEDTLS_AES_C) 842 #if defined(MBEDTLS_SHA1_C) 843 #if defined(MBEDTLS_CIPHER_MODE_CBC) 844 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", 845 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 846 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 847 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 848 0 }, 849 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", 850 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 851 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 852 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 853 0 }, 854 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 855 #endif /* MBEDTLS_SHA1_C */ 856 #if defined(MBEDTLS_SHA256_C) 857 #if defined(MBEDTLS_CIPHER_MODE_CBC) 858 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", 859 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 860 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 861 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 862 0 }, 863 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 864 #if defined(MBEDTLS_GCM_C) 865 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", 866 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 867 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 868 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 869 0 }, 870 #endif /* MBEDTLS_GCM_C */ 871 #endif /* MBEDTLS_SHA256_C */ 872 #if defined(MBEDTLS_SHA512_C) 873 #if defined(MBEDTLS_CIPHER_MODE_CBC) 874 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", 875 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 876 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 877 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 878 0 }, 879 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 880 #if defined(MBEDTLS_GCM_C) 881 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", 882 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 883 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 884 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 885 0 }, 886 #endif /* MBEDTLS_GCM_C */ 887 #endif /* MBEDTLS_SHA512_C */ 888 #endif /* MBEDTLS_AES_C */ 889 890 #if defined(MBEDTLS_CAMELLIA_C) 891 #if defined(MBEDTLS_CIPHER_MODE_CBC) 892 #if defined(MBEDTLS_SHA256_C) 893 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", 894 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 895 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 896 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 897 0 }, 898 #endif /* MBEDTLS_SHA256_C */ 899 #if defined(MBEDTLS_SHA512_C) 900 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", 901 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 902 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 903 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 904 0 }, 905 #endif /* MBEDTLS_SHA512_C */ 906 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 907 908 #if defined(MBEDTLS_GCM_C) 909 #if defined(MBEDTLS_SHA256_C) 910 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", 911 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 912 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 913 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 914 0 }, 915 #endif /* MBEDTLS_SHA256_C */ 916 #if defined(MBEDTLS_SHA512_C) 917 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", 918 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 919 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 920 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 921 0 }, 922 #endif /* MBEDTLS_SHA512_C */ 923 #endif /* MBEDTLS_GCM_C */ 924 #endif /* MBEDTLS_CAMELLIA_C */ 925 926 #if defined(MBEDTLS_DES_C) 927 #if defined(MBEDTLS_CIPHER_MODE_CBC) 928 #if defined(MBEDTLS_SHA1_C) 929 { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", 930 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 931 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 932 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 933 0 }, 934 #endif /* MBEDTLS_SHA1_C */ 935 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 936 #endif /* MBEDTLS_DES_C */ 937 938 #if defined(MBEDTLS_ARC4_C) 939 #if defined(MBEDTLS_SHA1_C) 940 { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA", 941 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 942 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 943 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 944 MBEDTLS_CIPHERSUITE_NODTLS }, 945 #endif /* MBEDTLS_SHA1_C */ 946 #endif /* MBEDTLS_ARC4_C */ 947 948 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 949 #if defined(MBEDTLS_SHA1_C) 950 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", 951 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 952 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 953 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 954 MBEDTLS_CIPHERSUITE_WEAK }, 955 #endif /* MBEDTLS_SHA1_C */ 956 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 957 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 958 959 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 960 #if defined(MBEDTLS_AES_C) 961 #if defined(MBEDTLS_SHA1_C) 962 #if defined(MBEDTLS_CIPHER_MODE_CBC) 963 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", 964 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 965 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 966 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 967 0 }, 968 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", 969 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 970 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 971 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 972 0 }, 973 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 974 #endif /* MBEDTLS_SHA1_C */ 975 #if defined(MBEDTLS_SHA256_C) 976 #if defined(MBEDTLS_CIPHER_MODE_CBC) 977 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", 978 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 979 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 980 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 981 0 }, 982 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 983 #if defined(MBEDTLS_GCM_C) 984 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", 985 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 986 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 987 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 988 0 }, 989 #endif /* MBEDTLS_GCM_C */ 990 #endif /* MBEDTLS_SHA256_C */ 991 #if defined(MBEDTLS_SHA512_C) 992 #if defined(MBEDTLS_CIPHER_MODE_CBC) 993 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", 994 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 995 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 996 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 997 0 }, 998 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 999 #if defined(MBEDTLS_GCM_C) 1000 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", 1001 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1002 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1003 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1004 0 }, 1005 #endif /* MBEDTLS_GCM_C */ 1006 #endif /* MBEDTLS_SHA512_C */ 1007 #endif /* MBEDTLS_AES_C */ 1008 1009 #if defined(MBEDTLS_CAMELLIA_C) 1010 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1011 #if defined(MBEDTLS_SHA256_C) 1012 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 1013 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1014 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1015 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1016 0 }, 1017 #endif /* MBEDTLS_SHA256_C */ 1018 #if defined(MBEDTLS_SHA512_C) 1019 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 1020 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1021 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1022 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1023 0 }, 1024 #endif /* MBEDTLS_SHA512_C */ 1025 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1026 1027 #if defined(MBEDTLS_GCM_C) 1028 #if defined(MBEDTLS_SHA256_C) 1029 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 1030 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1031 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1032 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1033 0 }, 1034 #endif /* MBEDTLS_SHA256_C */ 1035 #if defined(MBEDTLS_SHA512_C) 1036 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 1037 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1038 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1039 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1040 0 }, 1041 #endif /* MBEDTLS_SHA512_C */ 1042 #endif /* MBEDTLS_GCM_C */ 1043 #endif /* MBEDTLS_CAMELLIA_C */ 1044 1045 #if defined(MBEDTLS_DES_C) 1046 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1047 #if defined(MBEDTLS_SHA1_C) 1048 { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", 1049 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1050 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1051 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1052 0 }, 1053 #endif /* MBEDTLS_SHA1_C */ 1054 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1055 #endif /* MBEDTLS_DES_C */ 1056 1057 #if defined(MBEDTLS_ARC4_C) 1058 #if defined(MBEDTLS_SHA1_C) 1059 { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", 1060 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1061 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1062 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1063 MBEDTLS_CIPHERSUITE_NODTLS }, 1064 #endif /* MBEDTLS_SHA1_C */ 1065 #endif /* MBEDTLS_ARC4_C */ 1066 1067 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1068 #if defined(MBEDTLS_SHA1_C) 1069 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", 1070 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1071 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1072 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1073 MBEDTLS_CIPHERSUITE_WEAK }, 1074 #endif /* MBEDTLS_SHA1_C */ 1075 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1076 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 1077 1078 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1079 #if defined(MBEDTLS_AES_C) 1080 #if defined(MBEDTLS_GCM_C) 1081 #if defined(MBEDTLS_SHA256_C) 1082 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", 1083 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1084 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1085 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1086 0 }, 1087 #endif /* MBEDTLS_SHA256_C */ 1088 1089 #if defined(MBEDTLS_SHA512_C) 1090 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", 1091 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1092 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1093 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1094 0 }, 1095 #endif /* MBEDTLS_SHA512_C */ 1096 #endif /* MBEDTLS_GCM_C */ 1097 1098 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1099 #if defined(MBEDTLS_SHA256_C) 1100 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", 1101 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1102 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1103 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1104 0 }, 1105 #endif /* MBEDTLS_SHA256_C */ 1106 1107 #if defined(MBEDTLS_SHA512_C) 1108 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", 1109 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1110 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1111 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1112 0 }, 1113 #endif /* MBEDTLS_SHA512_C */ 1114 1115 #if defined(MBEDTLS_SHA1_C) 1116 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", 1117 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1118 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1119 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1120 0 }, 1121 1122 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", 1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1124 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1125 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1126 0 }, 1127 #endif /* MBEDTLS_SHA1_C */ 1128 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1129 #if defined(MBEDTLS_CCM_C) 1130 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", 1131 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1132 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1133 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1134 0 }, 1135 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", 1136 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1137 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1138 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1139 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1140 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", 1141 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1142 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1143 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1144 0 }, 1145 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", 1146 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1147 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1148 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1149 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1150 #endif /* MBEDTLS_CCM_C */ 1151 #endif /* MBEDTLS_AES_C */ 1152 1153 #if defined(MBEDTLS_CAMELLIA_C) 1154 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1155 #if defined(MBEDTLS_SHA256_C) 1156 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1157 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1158 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1159 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1160 0 }, 1161 #endif /* MBEDTLS_SHA256_C */ 1162 1163 #if defined(MBEDTLS_SHA512_C) 1164 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1165 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1166 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1167 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1168 0 }, 1169 #endif /* MBEDTLS_SHA512_C */ 1170 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1171 1172 #if defined(MBEDTLS_GCM_C) 1173 #if defined(MBEDTLS_SHA256_C) 1174 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1175 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1176 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1177 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1178 0 }, 1179 #endif /* MBEDTLS_SHA256_C */ 1180 1181 #if defined(MBEDTLS_SHA512_C) 1182 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1183 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1184 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1185 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1186 0 }, 1187 #endif /* MBEDTLS_SHA512_C */ 1188 #endif /* MBEDTLS_GCM_C */ 1189 #endif /* MBEDTLS_CAMELLIA_C */ 1190 1191 #if defined(MBEDTLS_DES_C) 1192 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1193 #if defined(MBEDTLS_SHA1_C) 1194 { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", 1195 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1196 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1197 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1198 0 }, 1199 #endif /* MBEDTLS_SHA1_C */ 1200 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1201 #endif /* MBEDTLS_DES_C */ 1202 1203 #if defined(MBEDTLS_ARC4_C) 1204 #if defined(MBEDTLS_SHA1_C) 1205 { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA", 1206 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1207 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1208 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1209 MBEDTLS_CIPHERSUITE_NODTLS }, 1210 #endif /* MBEDTLS_SHA1_C */ 1211 #endif /* MBEDTLS_ARC4_C */ 1212 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1213 1214 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1215 #if defined(MBEDTLS_AES_C) 1216 #if defined(MBEDTLS_GCM_C) 1217 #if defined(MBEDTLS_SHA256_C) 1218 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", 1219 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1220 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1221 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1222 0 }, 1223 #endif /* MBEDTLS_SHA256_C */ 1224 1225 #if defined(MBEDTLS_SHA512_C) 1226 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", 1227 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1228 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1229 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1230 0 }, 1231 #endif /* MBEDTLS_SHA512_C */ 1232 #endif /* MBEDTLS_GCM_C */ 1233 1234 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1235 #if defined(MBEDTLS_SHA256_C) 1236 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", 1237 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1238 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1239 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1240 0 }, 1241 #endif /* MBEDTLS_SHA256_C */ 1242 1243 #if defined(MBEDTLS_SHA512_C) 1244 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", 1245 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1246 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1247 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1248 0 }, 1249 #endif /* MBEDTLS_SHA512_C */ 1250 1251 #if defined(MBEDTLS_SHA1_C) 1252 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", 1253 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1254 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1255 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1256 0 }, 1257 1258 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", 1259 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1260 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1261 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1262 0 }, 1263 #endif /* MBEDTLS_SHA1_C */ 1264 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1265 #if defined(MBEDTLS_CCM_C) 1266 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", 1267 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1268 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1269 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1270 0 }, 1271 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", 1272 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1273 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1274 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1275 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1276 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", 1277 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1278 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1279 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1280 0 }, 1281 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", 1282 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1283 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1284 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1285 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1286 #endif /* MBEDTLS_CCM_C */ 1287 #endif /* MBEDTLS_AES_C */ 1288 1289 #if defined(MBEDTLS_CAMELLIA_C) 1290 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1291 #if defined(MBEDTLS_SHA256_C) 1292 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1293 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1294 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1295 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1296 0 }, 1297 #endif /* MBEDTLS_SHA256_C */ 1298 1299 #if defined(MBEDTLS_SHA512_C) 1300 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1301 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1302 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1303 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1304 0 }, 1305 #endif /* MBEDTLS_SHA512_C */ 1306 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1307 1308 #if defined(MBEDTLS_GCM_C) 1309 #if defined(MBEDTLS_SHA256_C) 1310 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1311 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1312 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1313 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1314 0 }, 1315 #endif /* MBEDTLS_SHA256_C */ 1316 1317 #if defined(MBEDTLS_SHA512_C) 1318 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1319 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1320 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1321 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1322 0 }, 1323 #endif /* MBEDTLS_SHA512_C */ 1324 #endif /* MBEDTLS_GCM_C */ 1325 #endif /* MBEDTLS_CAMELLIA_C */ 1326 1327 #if defined(MBEDTLS_DES_C) 1328 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1329 #if defined(MBEDTLS_SHA1_C) 1330 { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", 1331 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1332 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1333 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1334 0 }, 1335 #endif /* MBEDTLS_SHA1_C */ 1336 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1337 #endif /* MBEDTLS_DES_C */ 1338 1339 #if defined(MBEDTLS_ARC4_C) 1340 #if defined(MBEDTLS_SHA1_C) 1341 { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA", 1342 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1343 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1344 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1345 MBEDTLS_CIPHERSUITE_NODTLS }, 1346 #endif /* MBEDTLS_SHA1_C */ 1347 #endif /* MBEDTLS_ARC4_C */ 1348 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1349 1350 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1351 #if defined(MBEDTLS_AES_C) 1352 1353 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1354 #if defined(MBEDTLS_SHA256_C) 1355 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", 1356 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1357 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1358 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1359 0 }, 1360 #endif /* MBEDTLS_SHA256_C */ 1361 1362 #if defined(MBEDTLS_SHA512_C) 1363 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", 1364 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1365 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1366 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1367 0 }, 1368 #endif /* MBEDTLS_SHA512_C */ 1369 1370 #if defined(MBEDTLS_SHA1_C) 1371 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", 1372 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1373 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1374 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1375 0 }, 1376 1377 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", 1378 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1379 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1380 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1381 0 }, 1382 #endif /* MBEDTLS_SHA1_C */ 1383 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1384 #endif /* MBEDTLS_AES_C */ 1385 1386 #if defined(MBEDTLS_CAMELLIA_C) 1387 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1388 #if defined(MBEDTLS_SHA256_C) 1389 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1390 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1391 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1392 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1393 0 }, 1394 #endif /* MBEDTLS_SHA256_C */ 1395 1396 #if defined(MBEDTLS_SHA512_C) 1397 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1398 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1399 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1400 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1401 0 }, 1402 #endif /* MBEDTLS_SHA512_C */ 1403 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1404 #endif /* MBEDTLS_CAMELLIA_C */ 1405 1406 #if defined(MBEDTLS_DES_C) 1407 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1408 #if defined(MBEDTLS_SHA1_C) 1409 { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", 1410 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1411 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1412 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1413 0 }, 1414 #endif /* MBEDTLS_SHA1_C */ 1415 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1416 #endif /* MBEDTLS_DES_C */ 1417 1418 #if defined(MBEDTLS_ARC4_C) 1419 #if defined(MBEDTLS_SHA1_C) 1420 { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA", 1421 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1422 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1423 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1424 MBEDTLS_CIPHERSUITE_NODTLS }, 1425 #endif /* MBEDTLS_SHA1_C */ 1426 #endif /* MBEDTLS_ARC4_C */ 1427 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1428 1429 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1430 #if defined(MBEDTLS_AES_C) 1431 #if defined(MBEDTLS_GCM_C) 1432 #if defined(MBEDTLS_SHA256_C) 1433 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", 1434 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1435 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1436 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1437 0 }, 1438 #endif /* MBEDTLS_SHA256_C */ 1439 1440 #if defined(MBEDTLS_SHA512_C) 1441 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", 1442 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1443 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1444 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1445 0 }, 1446 #endif /* MBEDTLS_SHA512_C */ 1447 #endif /* MBEDTLS_GCM_C */ 1448 1449 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1450 #if defined(MBEDTLS_SHA256_C) 1451 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", 1452 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1453 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1454 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1455 0 }, 1456 #endif /* MBEDTLS_SHA256_C */ 1457 1458 #if defined(MBEDTLS_SHA512_C) 1459 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", 1460 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1461 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1462 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1463 0 }, 1464 #endif /* MBEDTLS_SHA512_C */ 1465 1466 #if defined(MBEDTLS_SHA1_C) 1467 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", 1468 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1469 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1470 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1471 0 }, 1472 1473 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", 1474 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1475 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1476 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1477 0 }, 1478 #endif /* MBEDTLS_SHA1_C */ 1479 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1480 #endif /* MBEDTLS_AES_C */ 1481 1482 #if defined(MBEDTLS_CAMELLIA_C) 1483 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1484 #if defined(MBEDTLS_SHA256_C) 1485 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1486 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1487 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1488 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1489 0 }, 1490 #endif /* MBEDTLS_SHA256_C */ 1491 1492 #if defined(MBEDTLS_SHA512_C) 1493 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1494 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1495 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1496 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1497 0 }, 1498 #endif /* MBEDTLS_SHA512_C */ 1499 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1500 1501 #if defined(MBEDTLS_GCM_C) 1502 #if defined(MBEDTLS_SHA256_C) 1503 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1504 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1505 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1506 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1507 0 }, 1508 #endif /* MBEDTLS_SHA256_C */ 1509 1510 #if defined(MBEDTLS_SHA512_C) 1511 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1512 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1513 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1514 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1515 0 }, 1516 #endif /* MBEDTLS_SHA512_C */ 1517 #endif /* MBEDTLS_GCM_C */ 1518 #endif /* MBEDTLS_CAMELLIA_C */ 1519 1520 #if defined(MBEDTLS_DES_C) 1521 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1522 #if defined(MBEDTLS_SHA1_C) 1523 { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", 1524 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1525 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1526 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1527 0 }, 1528 #endif /* MBEDTLS_SHA1_C */ 1529 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1530 #endif /* MBEDTLS_DES_C */ 1531 1532 #if defined(MBEDTLS_ARC4_C) 1533 #if defined(MBEDTLS_SHA1_C) 1534 { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA", 1535 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1536 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1537 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1538 MBEDTLS_CIPHERSUITE_NODTLS }, 1539 #endif /* MBEDTLS_SHA1_C */ 1540 #endif /* MBEDTLS_ARC4_C */ 1541 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1542 1543 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1544 #if defined(MBEDTLS_AES_C) 1545 #if defined(MBEDTLS_CCM_C) 1546 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", 1547 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, 1548 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1549 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1550 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1551 #endif /* MBEDTLS_CCM_C */ 1552 #endif /* MBEDTLS_AES_C */ 1553 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1554 1555 #if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES) 1556 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1557 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1558 #if defined(MBEDTLS_MD5_C) 1559 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", 1560 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 1561 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1562 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1563 MBEDTLS_CIPHERSUITE_WEAK }, 1564 #endif 1565 1566 #if defined(MBEDTLS_SHA1_C) 1567 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", 1568 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1569 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1570 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1571 MBEDTLS_CIPHERSUITE_WEAK }, 1572 #endif 1573 1574 #if defined(MBEDTLS_SHA256_C) 1575 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", 1576 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1577 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1578 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1579 MBEDTLS_CIPHERSUITE_WEAK }, 1580 #endif 1581 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1582 1583 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1584 #if defined(MBEDTLS_SHA1_C) 1585 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", 1586 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1587 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1588 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1589 MBEDTLS_CIPHERSUITE_WEAK }, 1590 #endif /* MBEDTLS_SHA1_C */ 1591 1592 #if defined(MBEDTLS_SHA256_C) 1593 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", 1594 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1595 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1596 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1597 MBEDTLS_CIPHERSUITE_WEAK }, 1598 #endif 1599 1600 #if defined(MBEDTLS_SHA512_C) 1601 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", 1602 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1603 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1604 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1605 MBEDTLS_CIPHERSUITE_WEAK }, 1606 #endif 1607 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1608 1609 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1610 #if defined(MBEDTLS_SHA1_C) 1611 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", 1612 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1613 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1614 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1615 MBEDTLS_CIPHERSUITE_WEAK }, 1616 #endif /* MBEDTLS_SHA1_C */ 1617 1618 #if defined(MBEDTLS_SHA256_C) 1619 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", 1620 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1621 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1622 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1623 MBEDTLS_CIPHERSUITE_WEAK }, 1624 #endif 1625 1626 #if defined(MBEDTLS_SHA512_C) 1627 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", 1628 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1629 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1630 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1631 MBEDTLS_CIPHERSUITE_WEAK }, 1632 #endif 1633 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1634 1635 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1636 #if defined(MBEDTLS_SHA1_C) 1637 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", 1638 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1639 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1640 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1641 MBEDTLS_CIPHERSUITE_WEAK }, 1642 #endif /* MBEDTLS_SHA1_C */ 1643 1644 #if defined(MBEDTLS_SHA256_C) 1645 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", 1646 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1647 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1648 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1649 MBEDTLS_CIPHERSUITE_WEAK }, 1650 #endif 1651 1652 #if defined(MBEDTLS_SHA512_C) 1653 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", 1654 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1655 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1656 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1657 MBEDTLS_CIPHERSUITE_WEAK }, 1658 #endif 1659 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1660 1661 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1662 #if defined(MBEDTLS_SHA1_C) 1663 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", 1664 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1665 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1666 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1667 MBEDTLS_CIPHERSUITE_WEAK }, 1668 #endif /* MBEDTLS_SHA1_C */ 1669 1670 #if defined(MBEDTLS_SHA256_C) 1671 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", 1672 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1673 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1674 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1675 MBEDTLS_CIPHERSUITE_WEAK }, 1676 #endif 1677 1678 #if defined(MBEDTLS_SHA512_C) 1679 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", 1680 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1681 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1682 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1683 MBEDTLS_CIPHERSUITE_WEAK }, 1684 #endif 1685 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1686 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1687 1688 #if defined(MBEDTLS_DES_C) 1689 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1690 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 1691 #if defined(MBEDTLS_SHA1_C) 1692 { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", 1693 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1694 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1695 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1696 MBEDTLS_CIPHERSUITE_WEAK }, 1697 #endif /* MBEDTLS_SHA1_C */ 1698 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 1699 1700 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1701 #if defined(MBEDTLS_SHA1_C) 1702 { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", 1703 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1704 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1705 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1706 MBEDTLS_CIPHERSUITE_WEAK }, 1707 #endif /* MBEDTLS_SHA1_C */ 1708 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1709 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1710 #endif /* MBEDTLS_DES_C */ 1711 #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */ 1712 1713 { 0, "", 1714 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 1715 0, 0, 0, 0, 0 } 1716 }; 1717 1718 #if defined(MBEDTLS_SSL_CIPHERSUITES) 1719 const int *mbedtls_ssl_list_ciphersuites( void ) 1720 { 1721 return( ciphersuite_preference ); 1722 } 1723 #else 1724 #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \ 1725 sizeof( ciphersuite_definitions[0] ) 1726 static int supported_ciphersuites[MAX_CIPHERSUITES]; 1727 static int supported_init = 0; 1728 1729 static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) 1730 { 1731 (void)cs_info; 1732 1733 #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) 1734 if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) 1735 return( 1 ); 1736 #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ 1737 1738 #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) 1739 if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || 1740 cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC ) 1741 { 1742 return( 1 ); 1743 } 1744 #endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ 1745 1746 return( 0 ); 1747 } 1748 1749 const int *mbedtls_ssl_list_ciphersuites( void ) 1750 { 1751 /* 1752 * On initial call filter out all ciphersuites not supported by current 1753 * build based on presence in the ciphersuite_definitions. 1754 */ 1755 if( supported_init == 0 ) 1756 { 1757 const int *p; 1758 int *q; 1759 1760 for( p = ciphersuite_preference, q = supported_ciphersuites; 1761 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; 1762 p++ ) 1763 { 1764 const mbedtls_ssl_ciphersuite_t *cs_info; 1765 if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && 1766 !ciphersuite_is_removed( cs_info ) ) 1767 { 1768 *(q++) = *p; 1769 } 1770 } 1771 *q = 0; 1772 1773 supported_init = 1; 1774 } 1775 1776 return( supported_ciphersuites ); 1777 } 1778 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 1779 1780 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( 1781 const char *ciphersuite_name ) 1782 { 1783 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1784 1785 if( NULL == ciphersuite_name ) 1786 return( NULL ); 1787 1788 while( cur->id != 0 ) 1789 { 1790 if( 0 == strcmp( cur->name, ciphersuite_name ) ) 1791 return( cur ); 1792 1793 cur++; 1794 } 1795 1796 return( NULL ); 1797 } 1798 1799 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite ) 1800 { 1801 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1802 1803 while( cur->id != 0 ) 1804 { 1805 if( cur->id == ciphersuite ) 1806 return( cur ); 1807 1808 cur++; 1809 } 1810 1811 return( NULL ); 1812 } 1813 1814 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) 1815 { 1816 const mbedtls_ssl_ciphersuite_t *cur; 1817 1818 cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); 1819 1820 if( cur == NULL ) 1821 return( "unknown" ); 1822 1823 return( cur->name ); 1824 } 1825 1826 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) 1827 { 1828 const mbedtls_ssl_ciphersuite_t *cur; 1829 1830 cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name ); 1831 1832 if( cur == NULL ) 1833 return( 0 ); 1834 1835 return( cur->id ); 1836 } 1837 1838 #if defined(MBEDTLS_PK_C) 1839 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ) 1840 { 1841 switch( info->key_exchange ) 1842 { 1843 case MBEDTLS_KEY_EXCHANGE_RSA: 1844 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1845 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1846 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1847 return( MBEDTLS_PK_RSA ); 1848 1849 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1850 return( MBEDTLS_PK_ECDSA ); 1851 1852 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1853 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1854 return( MBEDTLS_PK_ECKEY ); 1855 1856 default: 1857 return( MBEDTLS_PK_NONE ); 1858 } 1859 } 1860 1861 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ) 1862 { 1863 switch( info->key_exchange ) 1864 { 1865 case MBEDTLS_KEY_EXCHANGE_RSA: 1866 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1867 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1868 return( MBEDTLS_PK_RSA ); 1869 1870 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1871 return( MBEDTLS_PK_ECDSA ); 1872 1873 default: 1874 return( MBEDTLS_PK_NONE ); 1875 } 1876 } 1877 1878 #endif /* MBEDTLS_PK_C */ 1879 1880 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 1881 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1882 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) 1883 { 1884 switch( info->key_exchange ) 1885 { 1886 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1887 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1888 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 1889 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1890 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1891 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 1892 return( 1 ); 1893 1894 default: 1895 return( 0 ); 1896 } 1897 } 1898 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ 1899 1900 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 1901 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) 1902 { 1903 switch( info->key_exchange ) 1904 { 1905 case MBEDTLS_KEY_EXCHANGE_PSK: 1906 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1907 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 1908 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 1909 return( 1 ); 1910 1911 default: 1912 return( 0 ); 1913 } 1914 } 1915 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ 1916 1917 #endif /* MBEDTLS_SSL_TLS_C */ 1918