1*de0e0e4dSAntonio Huete Jimenez /* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */ 2f5b1c8a1SJohn Marino /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3f5b1c8a1SJohn Marino * All rights reserved. 4f5b1c8a1SJohn Marino * 5f5b1c8a1SJohn Marino * This package is an SSL implementation written 6f5b1c8a1SJohn Marino * by Eric Young (eay@cryptsoft.com). 7f5b1c8a1SJohn Marino * The implementation was written so as to conform with Netscapes SSL. 8f5b1c8a1SJohn Marino * 9f5b1c8a1SJohn Marino * This library is free for commercial and non-commercial use as long as 10f5b1c8a1SJohn Marino * the following conditions are aheared to. The following conditions 11f5b1c8a1SJohn Marino * apply to all code found in this distribution, be it the RC4, RSA, 12f5b1c8a1SJohn Marino * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13f5b1c8a1SJohn Marino * included with this distribution is covered by the same copyright terms 14f5b1c8a1SJohn Marino * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15f5b1c8a1SJohn Marino * 16f5b1c8a1SJohn Marino * Copyright remains Eric Young's, and as such any Copyright notices in 17f5b1c8a1SJohn Marino * the code are not to be removed. 18f5b1c8a1SJohn Marino * If this package is used in a product, Eric Young should be given attribution 19f5b1c8a1SJohn Marino * as the author of the parts of the library used. 20f5b1c8a1SJohn Marino * This can be in the form of a textual message at program startup or 21f5b1c8a1SJohn Marino * in documentation (online or textual) provided with the package. 22f5b1c8a1SJohn Marino * 23f5b1c8a1SJohn Marino * Redistribution and use in source and binary forms, with or without 24f5b1c8a1SJohn Marino * modification, are permitted provided that the following conditions 25f5b1c8a1SJohn Marino * are met: 26f5b1c8a1SJohn Marino * 1. Redistributions of source code must retain the copyright 27f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer. 28f5b1c8a1SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright 29f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer in the 30f5b1c8a1SJohn Marino * documentation and/or other materials provided with the distribution. 31f5b1c8a1SJohn Marino * 3. All advertising materials mentioning features or use of this software 32f5b1c8a1SJohn Marino * must display the following acknowledgement: 33f5b1c8a1SJohn Marino * "This product includes cryptographic software written by 34f5b1c8a1SJohn Marino * Eric Young (eay@cryptsoft.com)" 35f5b1c8a1SJohn Marino * The word 'cryptographic' can be left out if the rouines from the library 36f5b1c8a1SJohn Marino * being used are not cryptographic related :-). 37f5b1c8a1SJohn Marino * 4. If you include any Windows specific code (or a derivative thereof) from 38f5b1c8a1SJohn Marino * the apps directory (application code) you must include an acknowledgement: 39f5b1c8a1SJohn Marino * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40f5b1c8a1SJohn Marino * 41f5b1c8a1SJohn Marino * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42f5b1c8a1SJohn Marino * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43f5b1c8a1SJohn Marino * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44f5b1c8a1SJohn Marino * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45f5b1c8a1SJohn Marino * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46f5b1c8a1SJohn Marino * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47f5b1c8a1SJohn Marino * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48f5b1c8a1SJohn Marino * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49f5b1c8a1SJohn Marino * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50f5b1c8a1SJohn Marino * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51f5b1c8a1SJohn Marino * SUCH DAMAGE. 52f5b1c8a1SJohn Marino * 53f5b1c8a1SJohn Marino * The licence and distribution terms for any publically available version or 54f5b1c8a1SJohn Marino * derivative of this code cannot be changed. i.e. this code cannot simply be 55f5b1c8a1SJohn Marino * copied and put under another distribution licence 56f5b1c8a1SJohn Marino * [including the GNU Public Licence.] 57f5b1c8a1SJohn Marino */ 58f5b1c8a1SJohn Marino /* ==================================================================== 59f5b1c8a1SJohn Marino * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60f5b1c8a1SJohn Marino * 61f5b1c8a1SJohn Marino * Redistribution and use in source and binary forms, with or without 62f5b1c8a1SJohn Marino * modification, are permitted provided that the following conditions 63f5b1c8a1SJohn Marino * are met: 64f5b1c8a1SJohn Marino * 65f5b1c8a1SJohn Marino * 1. Redistributions of source code must retain the above copyright 66f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer. 67f5b1c8a1SJohn Marino * 68f5b1c8a1SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright 69f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer in 70f5b1c8a1SJohn Marino * the documentation and/or other materials provided with the 71f5b1c8a1SJohn Marino * distribution. 72f5b1c8a1SJohn Marino * 73f5b1c8a1SJohn Marino * 3. All advertising materials mentioning features or use of this 74f5b1c8a1SJohn Marino * software must display the following acknowledgment: 75f5b1c8a1SJohn Marino * "This product includes software developed by the OpenSSL Project 76f5b1c8a1SJohn Marino * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77f5b1c8a1SJohn Marino * 78f5b1c8a1SJohn Marino * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79f5b1c8a1SJohn Marino * endorse or promote products derived from this software without 80f5b1c8a1SJohn Marino * prior written permission. For written permission, please contact 81f5b1c8a1SJohn Marino * openssl-core@openssl.org. 82f5b1c8a1SJohn Marino * 83f5b1c8a1SJohn Marino * 5. Products derived from this software may not be called "OpenSSL" 84f5b1c8a1SJohn Marino * nor may "OpenSSL" appear in their names without prior written 85f5b1c8a1SJohn Marino * permission of the OpenSSL Project. 86f5b1c8a1SJohn Marino * 87f5b1c8a1SJohn Marino * 6. Redistributions of any form whatsoever must retain the following 88f5b1c8a1SJohn Marino * acknowledgment: 89f5b1c8a1SJohn Marino * "This product includes software developed by the OpenSSL Project 90f5b1c8a1SJohn Marino * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91f5b1c8a1SJohn Marino * 92f5b1c8a1SJohn Marino * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93f5b1c8a1SJohn Marino * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94f5b1c8a1SJohn Marino * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95f5b1c8a1SJohn Marino * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96f5b1c8a1SJohn Marino * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97f5b1c8a1SJohn Marino * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98f5b1c8a1SJohn Marino * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99f5b1c8a1SJohn Marino * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100f5b1c8a1SJohn Marino * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101f5b1c8a1SJohn Marino * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102f5b1c8a1SJohn Marino * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103f5b1c8a1SJohn Marino * OF THE POSSIBILITY OF SUCH DAMAGE. 104f5b1c8a1SJohn Marino * ==================================================================== 105f5b1c8a1SJohn Marino * 106f5b1c8a1SJohn Marino * This product includes cryptographic software written by Eric Young 107f5b1c8a1SJohn Marino * (eay@cryptsoft.com). This product includes software written by Tim 108f5b1c8a1SJohn Marino * Hudson (tjh@cryptsoft.com). 109f5b1c8a1SJohn Marino * 110f5b1c8a1SJohn Marino */ 111f5b1c8a1SJohn Marino /* ==================================================================== 112f5b1c8a1SJohn Marino * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113f5b1c8a1SJohn Marino * 114f5b1c8a1SJohn Marino * Portions of the attached software ("Contribution") are developed by 115f5b1c8a1SJohn Marino * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116f5b1c8a1SJohn Marino * 117f5b1c8a1SJohn Marino * The Contribution is licensed pursuant to the OpenSSL open source 118f5b1c8a1SJohn Marino * license provided above. 119f5b1c8a1SJohn Marino * 120f5b1c8a1SJohn Marino * ECC cipher suite support in OpenSSL originally written by 121f5b1c8a1SJohn Marino * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122f5b1c8a1SJohn Marino * 123f5b1c8a1SJohn Marino */ 124f5b1c8a1SJohn Marino /* ==================================================================== 125f5b1c8a1SJohn Marino * Copyright 2005 Nokia. All rights reserved. 126f5b1c8a1SJohn Marino * 127f5b1c8a1SJohn Marino * The portions of the attached software ("Contribution") is developed by 128f5b1c8a1SJohn Marino * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129f5b1c8a1SJohn Marino * license. 130f5b1c8a1SJohn Marino * 131f5b1c8a1SJohn Marino * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132f5b1c8a1SJohn Marino * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133f5b1c8a1SJohn Marino * support (see RFC 4279) to OpenSSL. 134f5b1c8a1SJohn Marino * 135f5b1c8a1SJohn Marino * No patent licenses or other rights except those expressly stated in 136f5b1c8a1SJohn Marino * the OpenSSL open source license shall be deemed granted or received 137f5b1c8a1SJohn Marino * expressly, by implication, estoppel, or otherwise. 138f5b1c8a1SJohn Marino * 139f5b1c8a1SJohn Marino * No assurances are provided by Nokia that the Contribution does not 140f5b1c8a1SJohn Marino * infringe the patent or other intellectual property rights of any third 141f5b1c8a1SJohn Marino * party or that the license provides you with all the necessary rights 142f5b1c8a1SJohn Marino * to make use of the Contribution. 143f5b1c8a1SJohn Marino * 144f5b1c8a1SJohn Marino * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145f5b1c8a1SJohn Marino * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146f5b1c8a1SJohn Marino * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147f5b1c8a1SJohn Marino * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148f5b1c8a1SJohn Marino * OTHERWISE. 149f5b1c8a1SJohn Marino */ 150f5b1c8a1SJohn Marino 151f5b1c8a1SJohn Marino #ifndef HEADER_TLS1_H 152f5b1c8a1SJohn Marino #define HEADER_TLS1_H 153f5b1c8a1SJohn Marino 15472c33676SMaxim Ag #include <openssl/opensslconf.h> 15572c33676SMaxim Ag 156f5b1c8a1SJohn Marino #include <openssl/buffer.h> 157f5b1c8a1SJohn Marino 158f5b1c8a1SJohn Marino #ifdef __cplusplus 159f5b1c8a1SJohn Marino extern "C" { 160f5b1c8a1SJohn Marino #endif 161f5b1c8a1SJohn Marino 162*de0e0e4dSAntonio Huete Jimenez #define OPENSSL_TLS_SECURITY_LEVEL 1 163*de0e0e4dSAntonio Huete Jimenez 164f5b1c8a1SJohn Marino #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 165f5b1c8a1SJohn Marino 16672c33676SMaxim Ag #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 16772c33676SMaxim Ag #define TLS1_3_VERSION 0x0304 16872c33676SMaxim Ag #endif 16972c33676SMaxim Ag 170f5b1c8a1SJohn Marino #define TLS1_2_VERSION 0x0303 171f5b1c8a1SJohn Marino #define TLS1_2_VERSION_MAJOR 0x03 172f5b1c8a1SJohn Marino #define TLS1_2_VERSION_MINOR 0x03 173f5b1c8a1SJohn Marino 174f5b1c8a1SJohn Marino #define TLS1_1_VERSION 0x0302 175f5b1c8a1SJohn Marino #define TLS1_1_VERSION_MAJOR 0x03 176f5b1c8a1SJohn Marino #define TLS1_1_VERSION_MINOR 0x02 177f5b1c8a1SJohn Marino 178f5b1c8a1SJohn Marino #define TLS1_VERSION 0x0301 179f5b1c8a1SJohn Marino #define TLS1_VERSION_MAJOR 0x03 180f5b1c8a1SJohn Marino #define TLS1_VERSION_MINOR 0x01 181f5b1c8a1SJohn Marino 182*de0e0e4dSAntonio Huete Jimenez #ifndef LIBRESSL_INTERNAL 183f5b1c8a1SJohn Marino #define TLS1_AD_DECRYPTION_FAILED 21 184f5b1c8a1SJohn Marino #define TLS1_AD_RECORD_OVERFLOW 22 185f5b1c8a1SJohn Marino #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ 186f5b1c8a1SJohn Marino #define TLS1_AD_ACCESS_DENIED 49 /* fatal */ 187f5b1c8a1SJohn Marino #define TLS1_AD_DECODE_ERROR 50 /* fatal */ 188f5b1c8a1SJohn Marino #define TLS1_AD_DECRYPT_ERROR 51 189f5b1c8a1SJohn Marino #define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ 190f5b1c8a1SJohn Marino #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ 191f5b1c8a1SJohn Marino #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ 192f5b1c8a1SJohn Marino #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ 193f5b1c8a1SJohn Marino /* Code 86 from RFC 7507. */ 194f5b1c8a1SJohn Marino #define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ 195f5b1c8a1SJohn Marino #define TLS1_AD_USER_CANCELLED 90 196f5b1c8a1SJohn Marino #define TLS1_AD_NO_RENEGOTIATION 100 197f5b1c8a1SJohn Marino /* Codes 110-114 from RFC 3546. */ 198f5b1c8a1SJohn Marino #define TLS1_AD_UNSUPPORTED_EXTENSION 110 199f5b1c8a1SJohn Marino #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 200f5b1c8a1SJohn Marino #define TLS1_AD_UNRECOGNIZED_NAME 112 201f5b1c8a1SJohn Marino #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 202f5b1c8a1SJohn Marino #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 203f5b1c8a1SJohn Marino /* Code 115 from RFC 4279. */ 204f5b1c8a1SJohn Marino #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ 205*de0e0e4dSAntonio Huete Jimenez #endif 206f5b1c8a1SJohn Marino 207f5b1c8a1SJohn Marino /* 208f5b1c8a1SJohn Marino * TLS ExtensionType values. 209f5b1c8a1SJohn Marino * 210f5b1c8a1SJohn Marino * https://www.iana.org/assignments/tls-extensiontype-values/ 211f5b1c8a1SJohn Marino */ 212f5b1c8a1SJohn Marino 213f5b1c8a1SJohn Marino /* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ 214f5b1c8a1SJohn Marino #define TLSEXT_TYPE_server_name 0 215f5b1c8a1SJohn Marino #define TLSEXT_TYPE_max_fragment_length 1 216f5b1c8a1SJohn Marino #define TLSEXT_TYPE_client_certificate_url 2 217f5b1c8a1SJohn Marino #define TLSEXT_TYPE_trusted_ca_keys 3 218f5b1c8a1SJohn Marino #define TLSEXT_TYPE_truncated_hmac 4 219f5b1c8a1SJohn Marino #define TLSEXT_TYPE_status_request 5 220f5b1c8a1SJohn Marino 221f5b1c8a1SJohn Marino /* ExtensionType values from RFC 4681. */ 222f5b1c8a1SJohn Marino #define TLSEXT_TYPE_user_mapping 6 223f5b1c8a1SJohn Marino 224f5b1c8a1SJohn Marino /* ExtensionType values from RFC 5878. */ 225f5b1c8a1SJohn Marino #define TLSEXT_TYPE_client_authz 7 226f5b1c8a1SJohn Marino #define TLSEXT_TYPE_server_authz 8 227f5b1c8a1SJohn Marino 228f5b1c8a1SJohn Marino /* ExtensionType values from RFC 6091. */ 229f5b1c8a1SJohn Marino #define TLSEXT_TYPE_cert_type 9 230f5b1c8a1SJohn Marino 23172c33676SMaxim Ag /* ExtensionType values from RFC 7919. */ 23272c33676SMaxim Ag #define TLSEXT_TYPE_supported_groups 10 23372c33676SMaxim Ag 234f5b1c8a1SJohn Marino /* ExtensionType values from RFC 4492. */ 23572c33676SMaxim Ag #ifndef LIBRESSL_INTERNAL 23672c33676SMaxim Ag #define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups 23772c33676SMaxim Ag #endif 238f5b1c8a1SJohn Marino #define TLSEXT_TYPE_ec_point_formats 11 239f5b1c8a1SJohn Marino 240f5b1c8a1SJohn Marino /* ExtensionType value from RFC 5054. */ 241f5b1c8a1SJohn Marino #define TLSEXT_TYPE_srp 12 242f5b1c8a1SJohn Marino 24372c33676SMaxim Ag /* ExtensionType value from RFC 5246/RFC 8446. */ 244f5b1c8a1SJohn Marino #define TLSEXT_TYPE_signature_algorithms 13 245f5b1c8a1SJohn Marino 246f5b1c8a1SJohn Marino /* ExtensionType value from RFC 5764. */ 247f5b1c8a1SJohn Marino #define TLSEXT_TYPE_use_srtp 14 248f5b1c8a1SJohn Marino 249f5b1c8a1SJohn Marino /* ExtensionType value from RFC 5620. */ 250f5b1c8a1SJohn Marino #define TLSEXT_TYPE_heartbeat 15 251f5b1c8a1SJohn Marino 252f5b1c8a1SJohn Marino /* ExtensionType value from RFC 7301. */ 253f5b1c8a1SJohn Marino #define TLSEXT_TYPE_application_layer_protocol_negotiation 16 254f5b1c8a1SJohn Marino 25572c33676SMaxim Ag /* ExtensionType value from RFC 7685. */ 256f5b1c8a1SJohn Marino #define TLSEXT_TYPE_padding 21 257f5b1c8a1SJohn Marino 258f5b1c8a1SJohn Marino /* ExtensionType value from RFC 4507. */ 259f5b1c8a1SJohn Marino #define TLSEXT_TYPE_session_ticket 35 260f5b1c8a1SJohn Marino 26172c33676SMaxim Ag /* ExtensionType values from RFC 8446 section 4.2 */ 26272c33676SMaxim Ag #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 26372c33676SMaxim Ag #define TLSEXT_TYPE_pre_shared_key 41 26472c33676SMaxim Ag #define TLSEXT_TYPE_early_data 42 26572c33676SMaxim Ag #define TLSEXT_TYPE_supported_versions 43 26672c33676SMaxim Ag #define TLSEXT_TYPE_cookie 44 26772c33676SMaxim Ag #define TLSEXT_TYPE_psk_key_exchange_modes 45 26872c33676SMaxim Ag #define TLSEXT_TYPE_certificate_authorities 47 26972c33676SMaxim Ag #define TLSEXT_TYPE_oid_filters 48 27072c33676SMaxim Ag #define TLSEXT_TYPE_post_handshake_auth 49 27172c33676SMaxim Ag #define TLSEXT_TYPE_signature_algorithms_cert 50 27272c33676SMaxim Ag #define TLSEXT_TYPE_key_share 51 27372c33676SMaxim Ag #endif 27472c33676SMaxim Ag 275*de0e0e4dSAntonio Huete Jimenez /* ExtensionType value from RFC 9001 section 8.2 */ 276*de0e0e4dSAntonio Huete Jimenez #if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) 277*de0e0e4dSAntonio Huete Jimenez #define TLSEXT_TYPE_quic_transport_parameters 57 278*de0e0e4dSAntonio Huete Jimenez #endif 279*de0e0e4dSAntonio Huete Jimenez 280cca6fc52SDaniel Fojt /* 281cca6fc52SDaniel Fojt * TLS 1.3 extension names from OpenSSL, where they decided to use a different 282cca6fc52SDaniel Fojt * name from that given in RFC 8446. 283cca6fc52SDaniel Fojt */ 284cca6fc52SDaniel Fojt #if defined(LIBRESSL_HAS_TLS1_3) 285cca6fc52SDaniel Fojt #define TLSEXT_TYPE_psk TLSEXT_TYPE_pre_shared_key 286cca6fc52SDaniel Fojt #define TLSEXT_TYPE_psk_kex_modes TLSEXT_TYPE_psk_key_exchange_modes 287cca6fc52SDaniel Fojt #endif 288cca6fc52SDaniel Fojt 289f5b1c8a1SJohn Marino /* Temporary extension type */ 290f5b1c8a1SJohn Marino #define TLSEXT_TYPE_renegotiate 0xff01 291f5b1c8a1SJohn Marino 292f5b1c8a1SJohn Marino /* NameType value from RFC 3546. */ 293f5b1c8a1SJohn Marino #define TLSEXT_NAMETYPE_host_name 0 294f5b1c8a1SJohn Marino /* status request value from RFC 3546 */ 295f5b1c8a1SJohn Marino #define TLSEXT_STATUSTYPE_ocsp 1 296f5b1c8a1SJohn Marino 297f5b1c8a1SJohn Marino /* ECPointFormat values from RFC 4492. */ 298f5b1c8a1SJohn Marino #define TLSEXT_ECPOINTFORMAT_first 0 299f5b1c8a1SJohn Marino #define TLSEXT_ECPOINTFORMAT_uncompressed 0 300f5b1c8a1SJohn Marino #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 301f5b1c8a1SJohn Marino #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 302f5b1c8a1SJohn Marino #define TLSEXT_ECPOINTFORMAT_last 2 303f5b1c8a1SJohn Marino 304f5b1c8a1SJohn Marino #define TLSEXT_MAXLEN_host_name 255 305f5b1c8a1SJohn Marino 306f5b1c8a1SJohn Marino const char *SSL_get_servername(const SSL *s, const int type); 307f5b1c8a1SJohn Marino int SSL_get_servername_type(const SSL *s); 308f5b1c8a1SJohn Marino /* SSL_export_keying_material exports a value derived from the master secret, 309f5b1c8a1SJohn Marino * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and 310f5b1c8a1SJohn Marino * optional context. (Since a zero length context is allowed, the |use_context| 311f5b1c8a1SJohn Marino * flag controls whether a context is included.) 312f5b1c8a1SJohn Marino * 313f5b1c8a1SJohn Marino * It returns 1 on success and zero otherwise. 314f5b1c8a1SJohn Marino */ 315f5b1c8a1SJohn Marino int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 316f5b1c8a1SJohn Marino const char *label, size_t llen, const unsigned char *p, size_t plen, 317f5b1c8a1SJohn Marino int use_context); 318f5b1c8a1SJohn Marino 319f5b1c8a1SJohn Marino #define SSL_set_tlsext_host_name(s,name) \ 320f5b1c8a1SJohn Marino SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) 321f5b1c8a1SJohn Marino 322f5b1c8a1SJohn Marino #define SSL_set_tlsext_debug_callback(ssl, cb) \ 323f5b1c8a1SJohn Marino SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) 324f5b1c8a1SJohn Marino 325f5b1c8a1SJohn Marino #define SSL_set_tlsext_debug_arg(ssl, arg) \ 326f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) 327f5b1c8a1SJohn Marino 328*de0e0e4dSAntonio Huete Jimenez #define SSL_get_tlsext_status_type(ssl) \ 329*de0e0e4dSAntonio Huete Jimenez SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) 330*de0e0e4dSAntonio Huete Jimenez 331f5b1c8a1SJohn Marino #define SSL_set_tlsext_status_type(ssl, type) \ 332f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) 333f5b1c8a1SJohn Marino 334f5b1c8a1SJohn Marino #define SSL_get_tlsext_status_exts(ssl, arg) \ 335f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) 336f5b1c8a1SJohn Marino 337f5b1c8a1SJohn Marino #define SSL_set_tlsext_status_exts(ssl, arg) \ 338f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) 339f5b1c8a1SJohn Marino 340f5b1c8a1SJohn Marino #define SSL_get_tlsext_status_ids(ssl, arg) \ 341f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) 342f5b1c8a1SJohn Marino 343f5b1c8a1SJohn Marino #define SSL_set_tlsext_status_ids(ssl, arg) \ 344f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) 345f5b1c8a1SJohn Marino 346f5b1c8a1SJohn Marino #define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ 347f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) 348f5b1c8a1SJohn Marino 349f5b1c8a1SJohn Marino #define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ 350f5b1c8a1SJohn Marino SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) 351f5b1c8a1SJohn Marino 352f5b1c8a1SJohn Marino #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ 353f5b1c8a1SJohn Marino SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) 354f5b1c8a1SJohn Marino 355f5b1c8a1SJohn Marino #define SSL_TLSEXT_ERR_OK 0 356f5b1c8a1SJohn Marino #define SSL_TLSEXT_ERR_ALERT_WARNING 1 357f5b1c8a1SJohn Marino #define SSL_TLSEXT_ERR_ALERT_FATAL 2 358f5b1c8a1SJohn Marino #define SSL_TLSEXT_ERR_NOACK 3 359f5b1c8a1SJohn Marino 360f5b1c8a1SJohn Marino #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ 361f5b1c8a1SJohn Marino SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) 362f5b1c8a1SJohn Marino 363f5b1c8a1SJohn Marino #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ 364f5b1c8a1SJohn Marino SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) 365f5b1c8a1SJohn Marino #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ 366f5b1c8a1SJohn Marino SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) 367f5b1c8a1SJohn Marino 36872c33676SMaxim Ag #define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ 36972c33676SMaxim Ag SSL_CTX_callback_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) 370f5b1c8a1SJohn Marino #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ 371f5b1c8a1SJohn Marino SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) 372f5b1c8a1SJohn Marino 37372c33676SMaxim Ag #define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ 37472c33676SMaxim Ag SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg) 375f5b1c8a1SJohn Marino #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ 376f5b1c8a1SJohn Marino SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg) 377f5b1c8a1SJohn Marino 378f5b1c8a1SJohn Marino #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 379f5b1c8a1SJohn Marino SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 380f5b1c8a1SJohn Marino 381f5b1c8a1SJohn Marino /* PSK ciphersuites from RFC 4279. */ 382f5b1c8a1SJohn Marino #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A 383f5b1c8a1SJohn Marino #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B 384f5b1c8a1SJohn Marino #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C 385f5b1c8a1SJohn Marino #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D 386f5b1c8a1SJohn Marino 387f5b1c8a1SJohn Marino /* Additional TLS ciphersuites from expired Internet Draft 388f5b1c8a1SJohn Marino * draft-ietf-tls-56-bit-ciphersuites-01.txt 389f5b1c8a1SJohn Marino * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see 390f5b1c8a1SJohn Marino * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably 391f5b1c8a1SJohn Marino * shouldn't. Note that the first two are actually not in the IDs. */ 392f5b1c8a1SJohn Marino #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ 393f5b1c8a1SJohn Marino #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ 394f5b1c8a1SJohn Marino #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 395f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 396f5b1c8a1SJohn Marino #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 397f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 398f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 399f5b1c8a1SJohn Marino 400f5b1c8a1SJohn Marino /* AES ciphersuites from RFC 3268. */ 401f5b1c8a1SJohn Marino 402f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F 403f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 404f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 405f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 406f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 407f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 408f5b1c8a1SJohn Marino 409f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 410f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 411f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 412f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 413f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 414f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A 415f5b1c8a1SJohn Marino 416f5b1c8a1SJohn Marino /* TLS v1.2 ciphersuites */ 417f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B 418f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C 419f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D 420f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E 421f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F 422f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 423f5b1c8a1SJohn Marino 424f5b1c8a1SJohn Marino /* Camellia ciphersuites from RFC 4132. */ 425f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 426f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 427f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 428f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 429f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 430f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 431f5b1c8a1SJohn Marino 432f5b1c8a1SJohn Marino /* TLS v1.2 ciphersuites */ 433f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 434f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 435f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 436f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A 437f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B 438f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C 439f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D 440f5b1c8a1SJohn Marino 441f5b1c8a1SJohn Marino /* Camellia ciphersuites from RFC 4132. */ 442f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 443f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 444f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 445f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 446f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 447f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 448f5b1c8a1SJohn Marino 449f5b1c8a1SJohn Marino /* SEED ciphersuites from RFC 4162. */ 450f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 451f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 452f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 453f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 454f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A 455f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B 456f5b1c8a1SJohn Marino 457f5b1c8a1SJohn Marino /* TLS v1.2 GCM ciphersuites from RFC 5288. */ 458f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C 459f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D 460f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E 461f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F 462f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 463f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 464f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 465f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 466f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 467f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 468f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 469f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 470f5b1c8a1SJohn Marino 471f5b1c8a1SJohn Marino /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 472f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA 473f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB 474f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC 475f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD 476f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE 477f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF 478f5b1c8a1SJohn Marino 479f5b1c8a1SJohn Marino #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 480f5b1c8a1SJohn Marino #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 481f5b1c8a1SJohn Marino #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 482f5b1c8a1SJohn Marino #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 483f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 484f5b1c8a1SJohn Marino #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 485f5b1c8a1SJohn Marino 48672c33676SMaxim Ag /* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ 48772c33676SMaxim Ag #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 48872c33676SMaxim Ag #define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 48972c33676SMaxim Ag #define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 49072c33676SMaxim Ag #define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 49172c33676SMaxim Ag #define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 49272c33676SMaxim Ag #define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 49372c33676SMaxim Ag #endif 49472c33676SMaxim Ag 495f5b1c8a1SJohn Marino /* ECC ciphersuites from RFC 4492. */ 496f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 497f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 498f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 499f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 500f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 501f5b1c8a1SJohn Marino 502f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 503f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 504f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 505f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 506f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A 507f5b1c8a1SJohn Marino 508f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B 509f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C 510f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D 511f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E 512f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F 513f5b1c8a1SJohn Marino 514f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 515f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 516f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 517f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 518f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 519f5b1c8a1SJohn Marino 520f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 521f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 522f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 523f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 524f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 525f5b1c8a1SJohn Marino 526f5b1c8a1SJohn Marino /* SRP ciphersuites from RFC 5054. */ 527f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A 528f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B 529f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C 530f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D 531f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E 532f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F 533f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 534f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 535f5b1c8a1SJohn Marino #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 536f5b1c8a1SJohn Marino 537f5b1c8a1SJohn Marino /* ECDH HMAC based ciphersuites from RFC 5289. */ 538f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 539f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 540f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 541f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 542f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 543f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 544f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 545f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A 546f5b1c8a1SJohn Marino 547f5b1c8a1SJohn Marino /* ECDH GCM based ciphersuites from RFC 5289. */ 548f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B 549f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C 550f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D 551f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E 552f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F 553f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 554f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 555f5b1c8a1SJohn Marino #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 556f5b1c8a1SJohn Marino 557f5b1c8a1SJohn Marino /* ChaCha20-Poly1305 based ciphersuites. */ 558f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CCA8 559f5b1c8a1SJohn Marino #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CCA9 560f5b1c8a1SJohn Marino #define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CCAA 561f5b1c8a1SJohn Marino 562f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" 563f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" 564f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" 565f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" 566f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" 567f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" 568f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" 569f5b1c8a1SJohn Marino 570f5b1c8a1SJohn Marino /* AES ciphersuites from RFC 3268. */ 571f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" 572f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" 573f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" 574f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" 575f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" 576f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" 577f5b1c8a1SJohn Marino 578f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" 579f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" 580f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" 581f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" 582f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" 583f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" 584f5b1c8a1SJohn Marino 585f5b1c8a1SJohn Marino /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ 586f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" 587f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" 588f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" 589f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" 590f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" 591f5b1c8a1SJohn Marino 592f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" 593f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" 594f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" 595f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" 596f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" 597f5b1c8a1SJohn Marino 598f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" 599f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" 600f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" 601f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" 602f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" 603f5b1c8a1SJohn Marino 604f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" 605f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" 606f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" 607f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" 608f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" 609f5b1c8a1SJohn Marino 610f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" 611f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" 612f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" 613f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" 614f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" 615f5b1c8a1SJohn Marino 616f5b1c8a1SJohn Marino /* PSK ciphersuites from RFC 4279. */ 617f5b1c8a1SJohn Marino #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" 618f5b1c8a1SJohn Marino #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" 619f5b1c8a1SJohn Marino #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" 620f5b1c8a1SJohn Marino #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" 621f5b1c8a1SJohn Marino 622f5b1c8a1SJohn Marino /* SRP ciphersuite from RFC 5054. */ 623f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" 624f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" 625f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" 626f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" 627f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" 628f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" 629f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" 630f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" 631f5b1c8a1SJohn Marino #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" 632f5b1c8a1SJohn Marino 633f5b1c8a1SJohn Marino /* Camellia ciphersuites from RFC 4132. */ 634f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" 635f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" 636f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" 637f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" 638f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" 639f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" 640f5b1c8a1SJohn Marino 641f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" 642f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" 643f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" 644f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" 645f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" 646f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" 647f5b1c8a1SJohn Marino 648f5b1c8a1SJohn Marino /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 649f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" 650f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" 651f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" 652f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" 653f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" 654f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" 655f5b1c8a1SJohn Marino 656f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" 657f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" 658f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" 659f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" 660f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" 661f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" 662f5b1c8a1SJohn Marino 663f5b1c8a1SJohn Marino /* SEED ciphersuites from RFC 4162. */ 664f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" 665f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" 666f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" 667f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" 668f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" 669f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" 670f5b1c8a1SJohn Marino 671f5b1c8a1SJohn Marino /* TLS v1.2 ciphersuites. */ 672f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" 673f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" 674f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" 675f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" 676f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" 677f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" 678f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" 679f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" 680f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" 681f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" 682f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" 683f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" 684f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" 685f5b1c8a1SJohn Marino 686f5b1c8a1SJohn Marino /* TLS v1.2 GCM ciphersuites from RFC 5288. */ 687f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" 688f5b1c8a1SJohn Marino #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" 689f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" 690f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" 691f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" 692f5b1c8a1SJohn Marino #define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" 693f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" 694f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" 695f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" 696f5b1c8a1SJohn Marino #define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" 697f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" 698f5b1c8a1SJohn Marino #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" 699f5b1c8a1SJohn Marino 700f5b1c8a1SJohn Marino /* ECDH HMAC based ciphersuites from RFC 5289. */ 701f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" 702f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" 703f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" 704f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" 705f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" 706f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" 707f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" 708f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" 709f5b1c8a1SJohn Marino 710f5b1c8a1SJohn Marino /* ECDH GCM based ciphersuites from RFC 5289. */ 711f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" 712f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" 713f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" 714f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" 715f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" 716f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" 717f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" 718f5b1c8a1SJohn Marino #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" 719f5b1c8a1SJohn Marino 720f5b1c8a1SJohn Marino /* ChaCha20-Poly1305 based ciphersuites. */ 721f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" 722f5b1c8a1SJohn Marino #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" 723f5b1c8a1SJohn Marino #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" 724f5b1c8a1SJohn Marino 72572c33676SMaxim Ag /* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ 72672c33676SMaxim Ag #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 72772c33676SMaxim Ag #define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256" 72872c33676SMaxim Ag #define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384" 72972c33676SMaxim Ag #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" 73072c33676SMaxim Ag #define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" 73172c33676SMaxim Ag #define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" 732*de0e0e4dSAntonio Huete Jimenez 733*de0e0e4dSAntonio Huete Jimenez #define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" 734*de0e0e4dSAntonio Huete Jimenez #define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" 735*de0e0e4dSAntonio Huete Jimenez #define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" 736*de0e0e4dSAntonio Huete Jimenez #define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" 737*de0e0e4dSAntonio Huete Jimenez #define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" 73872c33676SMaxim Ag #endif 73972c33676SMaxim Ag 740f5b1c8a1SJohn Marino #define TLS_CT_RSA_SIGN 1 741f5b1c8a1SJohn Marino #define TLS_CT_DSS_SIGN 2 742f5b1c8a1SJohn Marino #define TLS_CT_RSA_FIXED_DH 3 743f5b1c8a1SJohn Marino #define TLS_CT_DSS_FIXED_DH 4 7448edacedfSDaniel Fojt #define TLS_CT_GOST94_SIGN 21 7458edacedfSDaniel Fojt #define TLS_CT_GOST01_SIGN 22 746f5b1c8a1SJohn Marino #define TLS_CT_ECDSA_SIGN 64 747f5b1c8a1SJohn Marino #define TLS_CT_RSA_FIXED_ECDH 65 748f5b1c8a1SJohn Marino #define TLS_CT_ECDSA_FIXED_ECDH 66 7498edacedfSDaniel Fojt #define TLS_CT_GOST12_256_SIGN 67 7508edacedfSDaniel Fojt #define TLS_CT_GOST12_512_SIGN 68 7518edacedfSDaniel Fojt #define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */ 7528edacedfSDaniel Fojt #define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */ 753f5b1c8a1SJohn Marino /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see 754f5b1c8a1SJohn Marino * comment there) */ 7558edacedfSDaniel Fojt #define TLS_CT_NUMBER 13 756f5b1c8a1SJohn Marino 757f5b1c8a1SJohn Marino #define TLS1_FINISH_MAC_LENGTH 12 758f5b1c8a1SJohn Marino 759f5b1c8a1SJohn Marino #define TLS_MD_MAX_CONST_SIZE 20 760f5b1c8a1SJohn Marino #define TLS_MD_CLIENT_FINISH_CONST "client finished" 761f5b1c8a1SJohn Marino #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 762f5b1c8a1SJohn Marino #define TLS_MD_SERVER_FINISH_CONST "server finished" 763f5b1c8a1SJohn Marino #define TLS_MD_SERVER_FINISH_CONST_SIZE 15 764f5b1c8a1SJohn Marino #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" 765f5b1c8a1SJohn Marino #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 766f5b1c8a1SJohn Marino #define TLS_MD_KEY_EXPANSION_CONST "key expansion" 767f5b1c8a1SJohn Marino #define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 768f5b1c8a1SJohn Marino #define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" 769f5b1c8a1SJohn Marino #define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 770f5b1c8a1SJohn Marino #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" 771f5b1c8a1SJohn Marino #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 772f5b1c8a1SJohn Marino #define TLS_MD_IV_BLOCK_CONST "IV block" 773f5b1c8a1SJohn Marino #define TLS_MD_IV_BLOCK_CONST_SIZE 8 774f5b1c8a1SJohn Marino #define TLS_MD_MASTER_SECRET_CONST "master secret" 775f5b1c8a1SJohn Marino #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 776f5b1c8a1SJohn Marino 777f5b1c8a1SJohn Marino #ifdef __cplusplus 778f5b1c8a1SJohn Marino } 779f5b1c8a1SJohn Marino #endif 780f5b1c8a1SJohn Marino #endif 781