1 /** 2 * \file ssl_ciphersuites.c 3 * 4 * \brief SSL ciphersuites for mbed TLS 5 * 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 * SPDX-License-Identifier: GPL-2.0 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License along 20 * with this program; if not, write to the Free Software Foundation, Inc., 21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 * 23 * This file is part of mbed TLS (https://tls.mbed.org) 24 */ 25 26 #if !defined(MBEDTLS_CONFIG_FILE) 27 #include "mbedtls/config.h" 28 #else 29 #include MBEDTLS_CONFIG_FILE 30 #endif 31 32 #if defined(MBEDTLS_SSL_TLS_C) 33 34 #if defined(MBEDTLS_PLATFORM_C) 35 #include "mbedtls/platform.h" 36 #else 37 #include <stdlib.h> 38 #endif 39 40 #include "mbedtls/ssl_ciphersuites.h" 41 #include "mbedtls/ssl.h" 42 43 #include <string.h> 44 45 /* 46 * Ordered from most preferred to least preferred in terms of security. 47 * 48 * Current rule (except RC4 and 3DES, weak and null which come last): 49 * 1. By key exchange: 50 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK 51 * 2. By key length and cipher: 52 * AES-256 > Camellia-256 > AES-128 > Camellia-128 53 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 54 * 4. By hash function used when relevant 55 * 5. By key exchange/auth again: EC > non-EC 56 */ 57 static const int ciphersuite_preference[] = 58 { 59 #if defined(MBEDTLS_SSL_CIPHERSUITES) 60 MBEDTLS_SSL_CIPHERSUITES, 61 #else 62 /* All AES-256 ephemeral suites */ 63 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 64 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 65 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, 68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 69 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 70 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 71 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 72 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 73 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 74 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, 75 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, 76 77 /* All CAMELLIA-256 ephemeral suites */ 78 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 79 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 80 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 82 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 83 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 84 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 85 86 /* All AES-128 ephemeral suites */ 87 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 88 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 89 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 90 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, 92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 93 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 94 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 95 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 96 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 97 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 98 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, 100 101 /* All CAMELLIA-128 ephemeral suites */ 102 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 103 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 104 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 106 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 107 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 108 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 109 110 /* The PSK ephemeral suites */ 111 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 112 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, 113 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 114 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 115 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 116 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 117 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, 118 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 119 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 120 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, 121 122 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 123 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, 124 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 125 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 126 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 127 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 128 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, 129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 131 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, 132 133 /* The ECJPAKE suite */ 134 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, 135 136 /* All AES-256 suites */ 137 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, 138 MBEDTLS_TLS_RSA_WITH_AES_256_CCM, 139 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 140 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 141 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 142 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 143 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 144 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 145 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 146 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 147 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, 148 149 /* All CAMELLIA-256 suites */ 150 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 151 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 152 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 153 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 154 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 155 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 156 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 157 158 /* All AES-128 suites */ 159 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 160 MBEDTLS_TLS_RSA_WITH_AES_128_CCM, 161 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, 162 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, 163 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 164 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 165 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 166 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 167 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 168 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 169 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, 170 171 /* All CAMELLIA-128 suites */ 172 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 173 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 174 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 175 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 176 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 177 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 178 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 179 180 /* The RSA PSK suites */ 181 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 182 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 183 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 184 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 185 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 186 187 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 188 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 189 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 190 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 191 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 192 193 /* The PSK suites */ 194 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, 195 MBEDTLS_TLS_PSK_WITH_AES_256_CCM, 196 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, 197 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 198 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 199 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 200 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, 201 202 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, 203 MBEDTLS_TLS_PSK_WITH_AES_128_CCM, 204 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, 205 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, 206 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 207 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 208 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, 209 210 /* 3DES suites */ 211 MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 212 MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 213 MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 214 MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 215 MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 216 MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 217 MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 218 MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 219 MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 220 MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 221 222 /* RC4 suites */ 223 MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 224 MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 225 MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 226 MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, 227 MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, 228 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, 229 MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, 230 MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 231 MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, 232 MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, 233 234 /* Weak suites */ 235 MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, 236 MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, 237 238 /* NULL suites */ 239 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 240 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, 241 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, 242 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, 243 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, 244 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, 245 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, 246 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, 247 248 MBEDTLS_TLS_RSA_WITH_NULL_SHA256, 249 MBEDTLS_TLS_RSA_WITH_NULL_SHA, 250 MBEDTLS_TLS_RSA_WITH_NULL_MD5, 251 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, 252 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, 253 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, 254 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, 255 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, 256 MBEDTLS_TLS_PSK_WITH_NULL_SHA384, 257 MBEDTLS_TLS_PSK_WITH_NULL_SHA256, 258 MBEDTLS_TLS_PSK_WITH_NULL_SHA, 259 260 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 261 0 262 }; 263 264 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 265 { 266 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 267 #if defined(MBEDTLS_AES_C) 268 #if defined(MBEDTLS_SHA1_C) 269 #if defined(MBEDTLS_CIPHER_MODE_CBC) 270 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 271 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 272 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 273 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 274 0 }, 275 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", 276 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 277 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 278 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 279 0 }, 280 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 281 #endif /* MBEDTLS_SHA1_C */ 282 #if defined(MBEDTLS_SHA256_C) 283 #if defined(MBEDTLS_CIPHER_MODE_CBC) 284 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 285 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 286 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 287 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 288 0 }, 289 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 290 #if defined(MBEDTLS_GCM_C) 291 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 292 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 293 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 294 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 295 0 }, 296 #endif /* MBEDTLS_GCM_C */ 297 #endif /* MBEDTLS_SHA256_C */ 298 #if defined(MBEDTLS_SHA512_C) 299 #if defined(MBEDTLS_CIPHER_MODE_CBC) 300 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 301 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 302 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 303 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 304 0 }, 305 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 306 #if defined(MBEDTLS_GCM_C) 307 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 308 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 309 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 310 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 311 0 }, 312 #endif /* MBEDTLS_GCM_C */ 313 #endif /* MBEDTLS_SHA512_C */ 314 #if defined(MBEDTLS_CCM_C) 315 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", 316 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 317 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 318 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 319 0 }, 320 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", 321 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 322 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 323 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 324 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 325 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", 326 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 327 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 328 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 329 0 }, 330 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", 331 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 332 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 333 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 334 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 335 #endif /* MBEDTLS_CCM_C */ 336 #endif /* MBEDTLS_AES_C */ 337 338 #if defined(MBEDTLS_CAMELLIA_C) 339 #if defined(MBEDTLS_CIPHER_MODE_CBC) 340 #if defined(MBEDTLS_SHA256_C) 341 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 342 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 343 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 344 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 345 0 }, 346 #endif /* MBEDTLS_SHA256_C */ 347 #if defined(MBEDTLS_SHA512_C) 348 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 349 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 350 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 351 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 352 0 }, 353 #endif /* MBEDTLS_SHA512_C */ 354 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 355 356 #if defined(MBEDTLS_GCM_C) 357 #if defined(MBEDTLS_SHA256_C) 358 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 359 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 360 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 361 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 362 0 }, 363 #endif /* MBEDTLS_SHA256_C */ 364 #if defined(MBEDTLS_SHA512_C) 365 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 366 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 367 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 368 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 369 0 }, 370 #endif /* MBEDTLS_SHA512_C */ 371 #endif /* MBEDTLS_GCM_C */ 372 #endif /* MBEDTLS_CAMELLIA_C */ 373 374 #if defined(MBEDTLS_DES_C) 375 #if defined(MBEDTLS_CIPHER_MODE_CBC) 376 #if defined(MBEDTLS_SHA1_C) 377 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", 378 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 379 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 380 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 381 0 }, 382 #endif /* MBEDTLS_SHA1_C */ 383 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 384 #endif /* MBEDTLS_DES_C */ 385 386 #if defined(MBEDTLS_ARC4_C) 387 #if defined(MBEDTLS_SHA1_C) 388 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", 389 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 390 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 391 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 392 MBEDTLS_CIPHERSUITE_NODTLS }, 393 #endif /* MBEDTLS_SHA1_C */ 394 #endif /* MBEDTLS_ARC4_C */ 395 396 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 397 #if defined(MBEDTLS_SHA1_C) 398 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", 399 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 400 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 401 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 402 MBEDTLS_CIPHERSUITE_WEAK }, 403 #endif /* MBEDTLS_SHA1_C */ 404 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 405 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 406 407 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 408 #if defined(MBEDTLS_AES_C) 409 #if defined(MBEDTLS_SHA1_C) 410 #if defined(MBEDTLS_CIPHER_MODE_CBC) 411 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 412 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 413 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 414 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 415 0 }, 416 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 417 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 418 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 419 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 420 0 }, 421 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 422 #endif /* MBEDTLS_SHA1_C */ 423 #if defined(MBEDTLS_SHA256_C) 424 #if defined(MBEDTLS_CIPHER_MODE_CBC) 425 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 426 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 427 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 428 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 429 0 }, 430 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 431 #if defined(MBEDTLS_GCM_C) 432 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 433 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 434 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 435 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 436 0 }, 437 #endif /* MBEDTLS_GCM_C */ 438 #endif /* MBEDTLS_SHA256_C */ 439 #if defined(MBEDTLS_SHA512_C) 440 #if defined(MBEDTLS_CIPHER_MODE_CBC) 441 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 442 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 443 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 444 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 445 0 }, 446 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 447 #if defined(MBEDTLS_GCM_C) 448 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 449 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 450 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 451 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 452 0 }, 453 #endif /* MBEDTLS_GCM_C */ 454 #endif /* MBEDTLS_SHA512_C */ 455 #endif /* MBEDTLS_AES_C */ 456 457 #if defined(MBEDTLS_CAMELLIA_C) 458 #if defined(MBEDTLS_CIPHER_MODE_CBC) 459 #if defined(MBEDTLS_SHA256_C) 460 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 461 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 462 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 463 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 464 0 }, 465 #endif /* MBEDTLS_SHA256_C */ 466 #if defined(MBEDTLS_SHA512_C) 467 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", 468 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 469 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 470 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 471 0 }, 472 #endif /* MBEDTLS_SHA512_C */ 473 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 474 475 #if defined(MBEDTLS_GCM_C) 476 #if defined(MBEDTLS_SHA256_C) 477 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 478 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 479 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 480 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 481 0 }, 482 #endif /* MBEDTLS_SHA256_C */ 483 #if defined(MBEDTLS_SHA512_C) 484 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 485 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 486 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 487 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 488 0 }, 489 #endif /* MBEDTLS_SHA512_C */ 490 #endif /* MBEDTLS_GCM_C */ 491 #endif /* MBEDTLS_CAMELLIA_C */ 492 493 #if defined(MBEDTLS_DES_C) 494 #if defined(MBEDTLS_CIPHER_MODE_CBC) 495 #if defined(MBEDTLS_SHA1_C) 496 { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", 497 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 498 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 499 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 500 0 }, 501 #endif /* MBEDTLS_SHA1_C */ 502 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 503 #endif /* MBEDTLS_DES_C */ 504 505 #if defined(MBEDTLS_ARC4_C) 506 #if defined(MBEDTLS_SHA1_C) 507 { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA", 508 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 509 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 510 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 511 MBEDTLS_CIPHERSUITE_NODTLS }, 512 #endif /* MBEDTLS_SHA1_C */ 513 #endif /* MBEDTLS_ARC4_C */ 514 515 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 516 #if defined(MBEDTLS_SHA1_C) 517 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", 518 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 519 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 520 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 521 MBEDTLS_CIPHERSUITE_WEAK }, 522 #endif /* MBEDTLS_SHA1_C */ 523 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 524 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 525 526 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 527 #if defined(MBEDTLS_AES_C) 528 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) 529 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 530 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 531 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 532 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 533 0 }, 534 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ 535 536 #if defined(MBEDTLS_SHA256_C) 537 #if defined(MBEDTLS_GCM_C) 538 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 539 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 540 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 541 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 542 0 }, 543 #endif /* MBEDTLS_GCM_C */ 544 545 #if defined(MBEDTLS_CIPHER_MODE_CBC) 546 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 547 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 548 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 549 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 550 0 }, 551 552 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 553 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 554 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 555 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 556 0 }, 557 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 558 #endif /* MBEDTLS_SHA256_C */ 559 560 #if defined(MBEDTLS_CIPHER_MODE_CBC) 561 #if defined(MBEDTLS_SHA1_C) 562 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 563 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 564 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 565 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 566 0 }, 567 568 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 569 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 570 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 571 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 572 0 }, 573 #endif /* MBEDTLS_SHA1_C */ 574 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 575 #if defined(MBEDTLS_CCM_C) 576 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", 577 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 578 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 579 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 580 0 }, 581 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", 582 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 583 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 584 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 585 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 586 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", 587 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 588 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 589 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 590 0 }, 591 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", 592 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 593 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 594 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 595 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 596 #endif /* MBEDTLS_CCM_C */ 597 #endif /* MBEDTLS_AES_C */ 598 599 #if defined(MBEDTLS_CAMELLIA_C) 600 #if defined(MBEDTLS_CIPHER_MODE_CBC) 601 #if defined(MBEDTLS_SHA256_C) 602 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 603 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 604 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 605 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 606 0 }, 607 608 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 609 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 610 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 611 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 612 0 }, 613 #endif /* MBEDTLS_SHA256_C */ 614 615 #if defined(MBEDTLS_SHA1_C) 616 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 617 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 618 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 619 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 620 0 }, 621 622 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 623 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 624 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 625 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 626 0 }, 627 #endif /* MBEDTLS_SHA1_C */ 628 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 629 #if defined(MBEDTLS_GCM_C) 630 #if defined(MBEDTLS_SHA256_C) 631 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 632 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 633 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 634 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 635 0 }, 636 #endif /* MBEDTLS_SHA256_C */ 637 638 #if defined(MBEDTLS_SHA512_C) 639 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 640 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 641 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 642 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 643 0 }, 644 #endif /* MBEDTLS_SHA512_C */ 645 #endif /* MBEDTLS_GCM_C */ 646 #endif /* MBEDTLS_CAMELLIA_C */ 647 648 #if defined(MBEDTLS_DES_C) 649 #if defined(MBEDTLS_CIPHER_MODE_CBC) 650 #if defined(MBEDTLS_SHA1_C) 651 { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", 652 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 653 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 654 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 655 0 }, 656 #endif /* MBEDTLS_SHA1_C */ 657 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 658 #endif /* MBEDTLS_DES_C */ 659 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 660 661 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 662 #if defined(MBEDTLS_AES_C) 663 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) 664 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", 665 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 666 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 667 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 668 0 }, 669 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ 670 671 #if defined(MBEDTLS_SHA256_C) 672 #if defined(MBEDTLS_GCM_C) 673 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", 674 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 675 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 676 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 677 0 }, 678 #endif /* MBEDTLS_GCM_C */ 679 680 #if defined(MBEDTLS_CIPHER_MODE_CBC) 681 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", 682 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 683 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 684 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 685 0 }, 686 687 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", 688 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 689 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 690 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 691 0 }, 692 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 693 #endif /* MBEDTLS_SHA256_C */ 694 695 #if defined(MBEDTLS_SHA1_C) 696 #if defined(MBEDTLS_CIPHER_MODE_CBC) 697 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", 698 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 699 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 700 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 701 0 }, 702 703 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", 704 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 705 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 706 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 707 0 }, 708 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 709 #endif /* MBEDTLS_SHA1_C */ 710 #if defined(MBEDTLS_CCM_C) 711 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", 712 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 713 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 714 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 715 0 }, 716 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", 717 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 718 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 719 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 720 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 721 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", 722 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 723 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 724 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 725 0 }, 726 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", 727 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 728 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 729 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 730 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 731 #endif /* MBEDTLS_CCM_C */ 732 #endif /* MBEDTLS_AES_C */ 733 734 #if defined(MBEDTLS_CAMELLIA_C) 735 #if defined(MBEDTLS_CIPHER_MODE_CBC) 736 #if defined(MBEDTLS_SHA256_C) 737 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 738 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 739 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 740 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 741 0 }, 742 743 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 744 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 745 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 746 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 747 0 }, 748 #endif /* MBEDTLS_SHA256_C */ 749 750 #if defined(MBEDTLS_SHA1_C) 751 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 752 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 753 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 754 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 755 0 }, 756 757 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 758 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 759 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 760 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 761 0 }, 762 #endif /* MBEDTLS_SHA1_C */ 763 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 764 765 #if defined(MBEDTLS_GCM_C) 766 #if defined(MBEDTLS_SHA256_C) 767 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", 768 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 769 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 770 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 771 0 }, 772 #endif /* MBEDTLS_SHA256_C */ 773 774 #if defined(MBEDTLS_SHA1_C) 775 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", 776 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 777 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 778 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 779 0 }, 780 #endif /* MBEDTLS_SHA1_C */ 781 #endif /* MBEDTLS_GCM_C */ 782 #endif /* MBEDTLS_CAMELLIA_C */ 783 784 #if defined(MBEDTLS_DES_C) 785 #if defined(MBEDTLS_CIPHER_MODE_CBC) 786 #if defined(MBEDTLS_SHA1_C) 787 { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", 788 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 789 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 790 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 791 0 }, 792 #endif /* MBEDTLS_SHA1_C */ 793 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 794 #endif /* MBEDTLS_DES_C */ 795 796 #if defined(MBEDTLS_ARC4_C) 797 #if defined(MBEDTLS_MD5_C) 798 { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", 799 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 800 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 801 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 802 MBEDTLS_CIPHERSUITE_NODTLS }, 803 #endif 804 805 #if defined(MBEDTLS_SHA1_C) 806 { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", 807 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 808 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 809 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 810 MBEDTLS_CIPHERSUITE_NODTLS }, 811 #endif 812 #endif /* MBEDTLS_ARC4_C */ 813 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 814 815 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 816 #if defined(MBEDTLS_AES_C) 817 #if defined(MBEDTLS_SHA1_C) 818 #if defined(MBEDTLS_CIPHER_MODE_CBC) 819 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", 820 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 821 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 822 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 823 0 }, 824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", 825 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 826 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 827 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 828 0 }, 829 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 830 #endif /* MBEDTLS_SHA1_C */ 831 #if defined(MBEDTLS_SHA256_C) 832 #if defined(MBEDTLS_CIPHER_MODE_CBC) 833 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", 834 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 835 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 836 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 837 0 }, 838 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 839 #if defined(MBEDTLS_GCM_C) 840 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", 841 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 842 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 843 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 844 0 }, 845 #endif /* MBEDTLS_GCM_C */ 846 #endif /* MBEDTLS_SHA256_C */ 847 #if defined(MBEDTLS_SHA512_C) 848 #if defined(MBEDTLS_CIPHER_MODE_CBC) 849 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", 850 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 851 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 852 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 853 0 }, 854 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 855 #if defined(MBEDTLS_GCM_C) 856 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", 857 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 858 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 859 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 860 0 }, 861 #endif /* MBEDTLS_GCM_C */ 862 #endif /* MBEDTLS_SHA512_C */ 863 #endif /* MBEDTLS_AES_C */ 864 865 #if defined(MBEDTLS_CAMELLIA_C) 866 #if defined(MBEDTLS_CIPHER_MODE_CBC) 867 #if defined(MBEDTLS_SHA256_C) 868 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", 869 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 870 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 871 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 872 0 }, 873 #endif /* MBEDTLS_SHA256_C */ 874 #if defined(MBEDTLS_SHA512_C) 875 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", 876 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 877 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 878 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 879 0 }, 880 #endif /* MBEDTLS_SHA512_C */ 881 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 882 883 #if defined(MBEDTLS_GCM_C) 884 #if defined(MBEDTLS_SHA256_C) 885 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", 886 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 887 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 888 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 889 0 }, 890 #endif /* MBEDTLS_SHA256_C */ 891 #if defined(MBEDTLS_SHA512_C) 892 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", 893 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 894 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 895 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 896 0 }, 897 #endif /* MBEDTLS_SHA512_C */ 898 #endif /* MBEDTLS_GCM_C */ 899 #endif /* MBEDTLS_CAMELLIA_C */ 900 901 #if defined(MBEDTLS_DES_C) 902 #if defined(MBEDTLS_CIPHER_MODE_CBC) 903 #if defined(MBEDTLS_SHA1_C) 904 { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", 905 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 906 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 907 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 908 0 }, 909 #endif /* MBEDTLS_SHA1_C */ 910 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 911 #endif /* MBEDTLS_DES_C */ 912 913 #if defined(MBEDTLS_ARC4_C) 914 #if defined(MBEDTLS_SHA1_C) 915 { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA", 916 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 917 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 918 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 919 MBEDTLS_CIPHERSUITE_NODTLS }, 920 #endif /* MBEDTLS_SHA1_C */ 921 #endif /* MBEDTLS_ARC4_C */ 922 923 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 924 #if defined(MBEDTLS_SHA1_C) 925 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", 926 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 927 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 928 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 929 MBEDTLS_CIPHERSUITE_WEAK }, 930 #endif /* MBEDTLS_SHA1_C */ 931 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 932 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 933 934 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 935 #if defined(MBEDTLS_AES_C) 936 #if defined(MBEDTLS_SHA1_C) 937 #if defined(MBEDTLS_CIPHER_MODE_CBC) 938 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", 939 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 940 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 941 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 942 0 }, 943 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", 944 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 945 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 946 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 947 0 }, 948 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 949 #endif /* MBEDTLS_SHA1_C */ 950 #if defined(MBEDTLS_SHA256_C) 951 #if defined(MBEDTLS_CIPHER_MODE_CBC) 952 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", 953 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 954 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 955 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 956 0 }, 957 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 958 #if defined(MBEDTLS_GCM_C) 959 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", 960 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 961 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 962 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 963 0 }, 964 #endif /* MBEDTLS_GCM_C */ 965 #endif /* MBEDTLS_SHA256_C */ 966 #if defined(MBEDTLS_SHA512_C) 967 #if defined(MBEDTLS_CIPHER_MODE_CBC) 968 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", 969 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 970 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 971 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 972 0 }, 973 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 974 #if defined(MBEDTLS_GCM_C) 975 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", 976 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 977 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 978 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 979 0 }, 980 #endif /* MBEDTLS_GCM_C */ 981 #endif /* MBEDTLS_SHA512_C */ 982 #endif /* MBEDTLS_AES_C */ 983 984 #if defined(MBEDTLS_CAMELLIA_C) 985 #if defined(MBEDTLS_CIPHER_MODE_CBC) 986 #if defined(MBEDTLS_SHA256_C) 987 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 988 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 989 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 990 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 991 0 }, 992 #endif /* MBEDTLS_SHA256_C */ 993 #if defined(MBEDTLS_SHA512_C) 994 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 995 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 996 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 997 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 998 0 }, 999 #endif /* MBEDTLS_SHA512_C */ 1000 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1001 1002 #if defined(MBEDTLS_GCM_C) 1003 #if defined(MBEDTLS_SHA256_C) 1004 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 1005 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1006 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1007 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1008 0 }, 1009 #endif /* MBEDTLS_SHA256_C */ 1010 #if defined(MBEDTLS_SHA512_C) 1011 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 1012 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1013 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1014 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1015 0 }, 1016 #endif /* MBEDTLS_SHA512_C */ 1017 #endif /* MBEDTLS_GCM_C */ 1018 #endif /* MBEDTLS_CAMELLIA_C */ 1019 1020 #if defined(MBEDTLS_DES_C) 1021 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1022 #if defined(MBEDTLS_SHA1_C) 1023 { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", 1024 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1025 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1026 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1027 0 }, 1028 #endif /* MBEDTLS_SHA1_C */ 1029 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1030 #endif /* MBEDTLS_DES_C */ 1031 1032 #if defined(MBEDTLS_ARC4_C) 1033 #if defined(MBEDTLS_SHA1_C) 1034 { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", 1035 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1036 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1037 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1038 MBEDTLS_CIPHERSUITE_NODTLS }, 1039 #endif /* MBEDTLS_SHA1_C */ 1040 #endif /* MBEDTLS_ARC4_C */ 1041 1042 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1043 #if defined(MBEDTLS_SHA1_C) 1044 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", 1045 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1046 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1047 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1048 MBEDTLS_CIPHERSUITE_WEAK }, 1049 #endif /* MBEDTLS_SHA1_C */ 1050 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1051 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 1052 1053 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1054 #if defined(MBEDTLS_AES_C) 1055 #if defined(MBEDTLS_GCM_C) 1056 #if defined(MBEDTLS_SHA256_C) 1057 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", 1058 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1059 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1060 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1061 0 }, 1062 #endif /* MBEDTLS_SHA256_C */ 1063 1064 #if defined(MBEDTLS_SHA512_C) 1065 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", 1066 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1067 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1068 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1069 0 }, 1070 #endif /* MBEDTLS_SHA512_C */ 1071 #endif /* MBEDTLS_GCM_C */ 1072 1073 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1074 #if defined(MBEDTLS_SHA256_C) 1075 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", 1076 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1077 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1078 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1079 0 }, 1080 #endif /* MBEDTLS_SHA256_C */ 1081 1082 #if defined(MBEDTLS_SHA512_C) 1083 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", 1084 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1085 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1086 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1087 0 }, 1088 #endif /* MBEDTLS_SHA512_C */ 1089 1090 #if defined(MBEDTLS_SHA1_C) 1091 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", 1092 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1093 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1094 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1095 0 }, 1096 1097 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", 1098 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1099 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1100 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1101 0 }, 1102 #endif /* MBEDTLS_SHA1_C */ 1103 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1104 #if defined(MBEDTLS_CCM_C) 1105 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", 1106 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1107 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1108 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1109 0 }, 1110 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", 1111 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1112 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1113 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1114 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1115 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", 1116 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1117 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1118 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1119 0 }, 1120 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", 1121 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1122 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1123 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1124 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1125 #endif /* MBEDTLS_CCM_C */ 1126 #endif /* MBEDTLS_AES_C */ 1127 1128 #if defined(MBEDTLS_CAMELLIA_C) 1129 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1130 #if defined(MBEDTLS_SHA256_C) 1131 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1132 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1133 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1134 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1135 0 }, 1136 #endif /* MBEDTLS_SHA256_C */ 1137 1138 #if defined(MBEDTLS_SHA512_C) 1139 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1140 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1141 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1142 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1143 0 }, 1144 #endif /* MBEDTLS_SHA512_C */ 1145 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1146 1147 #if defined(MBEDTLS_GCM_C) 1148 #if defined(MBEDTLS_SHA256_C) 1149 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1150 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1151 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1152 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1153 0 }, 1154 #endif /* MBEDTLS_SHA256_C */ 1155 1156 #if defined(MBEDTLS_SHA512_C) 1157 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1158 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1159 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1160 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1161 0 }, 1162 #endif /* MBEDTLS_SHA512_C */ 1163 #endif /* MBEDTLS_GCM_C */ 1164 #endif /* MBEDTLS_CAMELLIA_C */ 1165 1166 #if defined(MBEDTLS_DES_C) 1167 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1168 #if defined(MBEDTLS_SHA1_C) 1169 { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", 1170 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1171 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1172 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1173 0 }, 1174 #endif /* MBEDTLS_SHA1_C */ 1175 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1176 #endif /* MBEDTLS_DES_C */ 1177 1178 #if defined(MBEDTLS_ARC4_C) 1179 #if defined(MBEDTLS_SHA1_C) 1180 { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA", 1181 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1182 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1183 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1184 MBEDTLS_CIPHERSUITE_NODTLS }, 1185 #endif /* MBEDTLS_SHA1_C */ 1186 #endif /* MBEDTLS_ARC4_C */ 1187 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1188 1189 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1190 #if defined(MBEDTLS_AES_C) 1191 #if defined(MBEDTLS_GCM_C) 1192 #if defined(MBEDTLS_SHA256_C) 1193 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", 1194 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1195 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1196 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1197 0 }, 1198 #endif /* MBEDTLS_SHA256_C */ 1199 1200 #if defined(MBEDTLS_SHA512_C) 1201 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", 1202 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1203 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1204 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1205 0 }, 1206 #endif /* MBEDTLS_SHA512_C */ 1207 #endif /* MBEDTLS_GCM_C */ 1208 1209 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1210 #if defined(MBEDTLS_SHA256_C) 1211 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", 1212 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1213 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1214 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1215 0 }, 1216 #endif /* MBEDTLS_SHA256_C */ 1217 1218 #if defined(MBEDTLS_SHA512_C) 1219 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", 1220 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1221 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1222 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1223 0 }, 1224 #endif /* MBEDTLS_SHA512_C */ 1225 1226 #if defined(MBEDTLS_SHA1_C) 1227 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", 1228 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1229 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1230 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1231 0 }, 1232 1233 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", 1234 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1235 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1236 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1237 0 }, 1238 #endif /* MBEDTLS_SHA1_C */ 1239 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1240 #if defined(MBEDTLS_CCM_C) 1241 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", 1242 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1243 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1244 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1245 0 }, 1246 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", 1247 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1248 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1249 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1250 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1251 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", 1252 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1253 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1254 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1255 0 }, 1256 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", 1257 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1258 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1259 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1260 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1261 #endif /* MBEDTLS_CCM_C */ 1262 #endif /* MBEDTLS_AES_C */ 1263 1264 #if defined(MBEDTLS_CAMELLIA_C) 1265 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1266 #if defined(MBEDTLS_SHA256_C) 1267 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1268 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1269 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1270 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1271 0 }, 1272 #endif /* MBEDTLS_SHA256_C */ 1273 1274 #if defined(MBEDTLS_SHA512_C) 1275 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1276 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1277 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1278 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1279 0 }, 1280 #endif /* MBEDTLS_SHA512_C */ 1281 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1282 1283 #if defined(MBEDTLS_GCM_C) 1284 #if defined(MBEDTLS_SHA256_C) 1285 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1286 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1287 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1288 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1289 0 }, 1290 #endif /* MBEDTLS_SHA256_C */ 1291 1292 #if defined(MBEDTLS_SHA512_C) 1293 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1294 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1295 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1296 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1297 0 }, 1298 #endif /* MBEDTLS_SHA512_C */ 1299 #endif /* MBEDTLS_GCM_C */ 1300 #endif /* MBEDTLS_CAMELLIA_C */ 1301 1302 #if defined(MBEDTLS_DES_C) 1303 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1304 #if defined(MBEDTLS_SHA1_C) 1305 { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", 1306 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1307 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1308 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1309 0 }, 1310 #endif /* MBEDTLS_SHA1_C */ 1311 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1312 #endif /* MBEDTLS_DES_C */ 1313 1314 #if defined(MBEDTLS_ARC4_C) 1315 #if defined(MBEDTLS_SHA1_C) 1316 { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA", 1317 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1318 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1319 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1320 MBEDTLS_CIPHERSUITE_NODTLS }, 1321 #endif /* MBEDTLS_SHA1_C */ 1322 #endif /* MBEDTLS_ARC4_C */ 1323 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1324 1325 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1326 #if defined(MBEDTLS_AES_C) 1327 1328 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1329 #if defined(MBEDTLS_SHA256_C) 1330 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", 1331 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1332 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1333 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1334 0 }, 1335 #endif /* MBEDTLS_SHA256_C */ 1336 1337 #if defined(MBEDTLS_SHA512_C) 1338 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", 1339 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1340 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1341 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1342 0 }, 1343 #endif /* MBEDTLS_SHA512_C */ 1344 1345 #if defined(MBEDTLS_SHA1_C) 1346 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", 1347 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1348 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1349 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1350 0 }, 1351 1352 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", 1353 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1354 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1355 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1356 0 }, 1357 #endif /* MBEDTLS_SHA1_C */ 1358 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1359 #endif /* MBEDTLS_AES_C */ 1360 1361 #if defined(MBEDTLS_CAMELLIA_C) 1362 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1363 #if defined(MBEDTLS_SHA256_C) 1364 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1365 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1366 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1367 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1368 0 }, 1369 #endif /* MBEDTLS_SHA256_C */ 1370 1371 #if defined(MBEDTLS_SHA512_C) 1372 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1373 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1374 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1375 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1376 0 }, 1377 #endif /* MBEDTLS_SHA512_C */ 1378 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1379 #endif /* MBEDTLS_CAMELLIA_C */ 1380 1381 #if defined(MBEDTLS_DES_C) 1382 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1383 #if defined(MBEDTLS_SHA1_C) 1384 { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", 1385 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1386 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1387 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1388 0 }, 1389 #endif /* MBEDTLS_SHA1_C */ 1390 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1391 #endif /* MBEDTLS_DES_C */ 1392 1393 #if defined(MBEDTLS_ARC4_C) 1394 #if defined(MBEDTLS_SHA1_C) 1395 { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA", 1396 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1397 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1398 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1399 MBEDTLS_CIPHERSUITE_NODTLS }, 1400 #endif /* MBEDTLS_SHA1_C */ 1401 #endif /* MBEDTLS_ARC4_C */ 1402 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1403 1404 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1405 #if defined(MBEDTLS_AES_C) 1406 #if defined(MBEDTLS_GCM_C) 1407 #if defined(MBEDTLS_SHA256_C) 1408 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", 1409 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1410 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1411 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1412 0 }, 1413 #endif /* MBEDTLS_SHA256_C */ 1414 1415 #if defined(MBEDTLS_SHA512_C) 1416 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", 1417 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1418 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1419 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1420 0 }, 1421 #endif /* MBEDTLS_SHA512_C */ 1422 #endif /* MBEDTLS_GCM_C */ 1423 1424 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1425 #if defined(MBEDTLS_SHA256_C) 1426 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", 1427 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1428 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1429 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1430 0 }, 1431 #endif /* MBEDTLS_SHA256_C */ 1432 1433 #if defined(MBEDTLS_SHA512_C) 1434 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", 1435 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1436 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1437 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1438 0 }, 1439 #endif /* MBEDTLS_SHA512_C */ 1440 1441 #if defined(MBEDTLS_SHA1_C) 1442 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", 1443 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1444 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1445 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1446 0 }, 1447 1448 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", 1449 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1450 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1451 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1452 0 }, 1453 #endif /* MBEDTLS_SHA1_C */ 1454 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1455 #endif /* MBEDTLS_AES_C */ 1456 1457 #if defined(MBEDTLS_CAMELLIA_C) 1458 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1459 #if defined(MBEDTLS_SHA256_C) 1460 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1461 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1462 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1463 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1464 0 }, 1465 #endif /* MBEDTLS_SHA256_C */ 1466 1467 #if defined(MBEDTLS_SHA512_C) 1468 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1469 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1470 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1471 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1472 0 }, 1473 #endif /* MBEDTLS_SHA512_C */ 1474 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1475 1476 #if defined(MBEDTLS_GCM_C) 1477 #if defined(MBEDTLS_SHA256_C) 1478 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1479 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1480 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1481 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1482 0 }, 1483 #endif /* MBEDTLS_SHA256_C */ 1484 1485 #if defined(MBEDTLS_SHA512_C) 1486 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1487 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1488 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1489 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1490 0 }, 1491 #endif /* MBEDTLS_SHA512_C */ 1492 #endif /* MBEDTLS_GCM_C */ 1493 #endif /* MBEDTLS_CAMELLIA_C */ 1494 1495 #if defined(MBEDTLS_DES_C) 1496 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1497 #if defined(MBEDTLS_SHA1_C) 1498 { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", 1499 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1500 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1501 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1502 0 }, 1503 #endif /* MBEDTLS_SHA1_C */ 1504 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1505 #endif /* MBEDTLS_DES_C */ 1506 1507 #if defined(MBEDTLS_ARC4_C) 1508 #if defined(MBEDTLS_SHA1_C) 1509 { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA", 1510 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1511 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1512 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1513 MBEDTLS_CIPHERSUITE_NODTLS }, 1514 #endif /* MBEDTLS_SHA1_C */ 1515 #endif /* MBEDTLS_ARC4_C */ 1516 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1517 1518 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1519 #if defined(MBEDTLS_AES_C) 1520 #if defined(MBEDTLS_CCM_C) 1521 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", 1522 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, 1523 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1524 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1525 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1526 #endif /* MBEDTLS_CCM_C */ 1527 #endif /* MBEDTLS_AES_C */ 1528 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1529 1530 #if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES) 1531 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1532 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1533 #if defined(MBEDTLS_MD5_C) 1534 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", 1535 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 1536 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1537 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1538 MBEDTLS_CIPHERSUITE_WEAK }, 1539 #endif 1540 1541 #if defined(MBEDTLS_SHA1_C) 1542 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", 1543 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1544 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1545 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1546 MBEDTLS_CIPHERSUITE_WEAK }, 1547 #endif 1548 1549 #if defined(MBEDTLS_SHA256_C) 1550 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", 1551 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1552 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1553 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1554 MBEDTLS_CIPHERSUITE_WEAK }, 1555 #endif 1556 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1557 1558 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1559 #if defined(MBEDTLS_SHA1_C) 1560 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", 1561 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1562 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1563 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1564 MBEDTLS_CIPHERSUITE_WEAK }, 1565 #endif /* MBEDTLS_SHA1_C */ 1566 1567 #if defined(MBEDTLS_SHA256_C) 1568 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", 1569 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1570 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1571 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1572 MBEDTLS_CIPHERSUITE_WEAK }, 1573 #endif 1574 1575 #if defined(MBEDTLS_SHA512_C) 1576 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", 1577 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1578 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1579 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1580 MBEDTLS_CIPHERSUITE_WEAK }, 1581 #endif 1582 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1583 1584 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1585 #if defined(MBEDTLS_SHA1_C) 1586 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", 1587 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1588 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1589 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1590 MBEDTLS_CIPHERSUITE_WEAK }, 1591 #endif /* MBEDTLS_SHA1_C */ 1592 1593 #if defined(MBEDTLS_SHA256_C) 1594 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", 1595 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1596 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1597 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1598 MBEDTLS_CIPHERSUITE_WEAK }, 1599 #endif 1600 1601 #if defined(MBEDTLS_SHA512_C) 1602 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", 1603 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1604 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1605 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1606 MBEDTLS_CIPHERSUITE_WEAK }, 1607 #endif 1608 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1609 1610 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1611 #if defined(MBEDTLS_SHA1_C) 1612 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", 1613 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1614 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1615 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1616 MBEDTLS_CIPHERSUITE_WEAK }, 1617 #endif /* MBEDTLS_SHA1_C */ 1618 1619 #if defined(MBEDTLS_SHA256_C) 1620 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", 1621 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1622 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1623 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1624 MBEDTLS_CIPHERSUITE_WEAK }, 1625 #endif 1626 1627 #if defined(MBEDTLS_SHA512_C) 1628 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", 1629 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1630 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1631 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1632 MBEDTLS_CIPHERSUITE_WEAK }, 1633 #endif 1634 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1635 1636 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1637 #if defined(MBEDTLS_SHA1_C) 1638 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", 1639 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1640 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1641 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1642 MBEDTLS_CIPHERSUITE_WEAK }, 1643 #endif /* MBEDTLS_SHA1_C */ 1644 1645 #if defined(MBEDTLS_SHA256_C) 1646 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", 1647 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1648 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1649 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1650 MBEDTLS_CIPHERSUITE_WEAK }, 1651 #endif 1652 1653 #if defined(MBEDTLS_SHA512_C) 1654 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", 1655 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1656 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1657 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1658 MBEDTLS_CIPHERSUITE_WEAK }, 1659 #endif 1660 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1661 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1662 1663 #if defined(MBEDTLS_DES_C) 1664 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1665 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 1666 #if defined(MBEDTLS_SHA1_C) 1667 { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", 1668 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1669 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1670 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1671 MBEDTLS_CIPHERSUITE_WEAK }, 1672 #endif /* MBEDTLS_SHA1_C */ 1673 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 1674 1675 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1676 #if defined(MBEDTLS_SHA1_C) 1677 { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", 1678 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1679 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1680 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1681 MBEDTLS_CIPHERSUITE_WEAK }, 1682 #endif /* MBEDTLS_SHA1_C */ 1683 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1684 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1685 #endif /* MBEDTLS_DES_C */ 1686 #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */ 1687 1688 { 0, "", 1689 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 1690 0, 0, 0, 0, 0 } 1691 }; 1692 1693 #if defined(MBEDTLS_SSL_CIPHERSUITES) 1694 const int *mbedtls_ssl_list_ciphersuites( void ) 1695 { 1696 return( ciphersuite_preference ); 1697 } 1698 #else 1699 #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \ 1700 sizeof( ciphersuite_definitions[0] ) 1701 static int supported_ciphersuites[MAX_CIPHERSUITES]; 1702 static int supported_init = 0; 1703 1704 static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) 1705 { 1706 (void)cs_info; 1707 1708 #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) 1709 if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) 1710 return( 1 ); 1711 #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ 1712 1713 #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) 1714 if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || 1715 cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC ) 1716 { 1717 return( 1 ); 1718 } 1719 #endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ 1720 1721 return( 0 ); 1722 } 1723 1724 const int *mbedtls_ssl_list_ciphersuites( void ) 1725 { 1726 /* 1727 * On initial call filter out all ciphersuites not supported by current 1728 * build based on presence in the ciphersuite_definitions. 1729 */ 1730 if( supported_init == 0 ) 1731 { 1732 const int *p; 1733 int *q; 1734 1735 for( p = ciphersuite_preference, q = supported_ciphersuites; 1736 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; 1737 p++ ) 1738 { 1739 const mbedtls_ssl_ciphersuite_t *cs_info; 1740 if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && 1741 !ciphersuite_is_removed( cs_info ) ) 1742 { 1743 *(q++) = *p; 1744 } 1745 } 1746 *q = 0; 1747 1748 supported_init = 1; 1749 } 1750 1751 return( supported_ciphersuites ); 1752 } 1753 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 1754 1755 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( 1756 const char *ciphersuite_name ) 1757 { 1758 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1759 1760 if( NULL == ciphersuite_name ) 1761 return( NULL ); 1762 1763 while( cur->id != 0 ) 1764 { 1765 if( 0 == strcmp( cur->name, ciphersuite_name ) ) 1766 return( cur ); 1767 1768 cur++; 1769 } 1770 1771 return( NULL ); 1772 } 1773 1774 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite ) 1775 { 1776 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1777 1778 while( cur->id != 0 ) 1779 { 1780 if( cur->id == ciphersuite ) 1781 return( cur ); 1782 1783 cur++; 1784 } 1785 1786 return( NULL ); 1787 } 1788 1789 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) 1790 { 1791 const mbedtls_ssl_ciphersuite_t *cur; 1792 1793 cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); 1794 1795 if( cur == NULL ) 1796 return( "unknown" ); 1797 1798 return( cur->name ); 1799 } 1800 1801 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) 1802 { 1803 const mbedtls_ssl_ciphersuite_t *cur; 1804 1805 cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name ); 1806 1807 if( cur == NULL ) 1808 return( 0 ); 1809 1810 return( cur->id ); 1811 } 1812 1813 #if defined(MBEDTLS_PK_C) 1814 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ) 1815 { 1816 switch( info->key_exchange ) 1817 { 1818 case MBEDTLS_KEY_EXCHANGE_RSA: 1819 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1820 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1821 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1822 return( MBEDTLS_PK_RSA ); 1823 1824 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1825 return( MBEDTLS_PK_ECDSA ); 1826 1827 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1828 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1829 return( MBEDTLS_PK_ECKEY ); 1830 1831 default: 1832 return( MBEDTLS_PK_NONE ); 1833 } 1834 } 1835 1836 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ) 1837 { 1838 switch( info->key_exchange ) 1839 { 1840 case MBEDTLS_KEY_EXCHANGE_RSA: 1841 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1842 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1843 return( MBEDTLS_PK_RSA ); 1844 1845 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1846 return( MBEDTLS_PK_ECDSA ); 1847 1848 default: 1849 return( MBEDTLS_PK_NONE ); 1850 } 1851 } 1852 1853 #endif /* MBEDTLS_PK_C */ 1854 1855 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 1856 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1857 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) 1858 { 1859 switch( info->key_exchange ) 1860 { 1861 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1862 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1863 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 1864 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1865 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1866 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 1867 return( 1 ); 1868 1869 default: 1870 return( 0 ); 1871 } 1872 } 1873 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ 1874 1875 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 1876 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) 1877 { 1878 switch( info->key_exchange ) 1879 { 1880 case MBEDTLS_KEY_EXCHANGE_PSK: 1881 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1882 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 1883 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 1884 return( 1 ); 1885 1886 default: 1887 return( 0 ); 1888 } 1889 } 1890 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ 1891 1892 #endif /* MBEDTLS_SSL_TLS_C */ 1893