1 /**
2  * \file ssl_ciphersuites.c
3  *
4  * \brief SSL ciphersuites for mbed TLS
5  *
6  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7  *  SPDX-License-Identifier: GPL-2.0
8  *
9  *  This program is free software; you can redistribute it and/or modify
10  *  it under the terms of the GNU General Public License as published by
11  *  the Free Software Foundation; either version 2 of the License, or
12  *  (at your option) any later version.
13  *
14  *  This program is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  *  GNU General Public License for more details.
18  *
19  *  You should have received a copy of the GNU General Public License along
20  *  with this program; if not, write to the Free Software Foundation, Inc.,
21  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  *
23  *  This file is part of mbed TLS (https://tls.mbed.org)
24  */
25 
26 #if !defined(MBEDTLS_CONFIG_FILE)
27 #include "mbedtls/config.h"
28 #else
29 #include MBEDTLS_CONFIG_FILE
30 #endif
31 
32 #if defined(MBEDTLS_SSL_TLS_C)
33 
34 #if defined(MBEDTLS_PLATFORM_C)
35 #include "mbedtls/platform.h"
36 #else
37 #include <stdlib.h>
38 #endif
39 
40 #include "mbedtls/ssl_ciphersuites.h"
41 #include "mbedtls/ssl.h"
42 
43 #include <string.h>
44 
45 /*
46  * Ordered from most preferred to least preferred in terms of security.
47  *
48  * Current rule (except rc4, weak and null which come last):
49  * 1. By key exchange:
50  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
51  * 2. By key length and cipher:
52  *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
53  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
54  * 4. By hash function used when relevant
55  * 5. By key exchange/auth again: EC > non-EC
56  */
57 static const int ciphersuite_preference[] =
58 {
59 #if defined(MBEDTLS_SSL_CIPHERSUITES)
60     MBEDTLS_SSL_CIPHERSUITES,
61 #else
62     /* All AES-256 ephemeral suites */
63     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
64     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
65     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
66     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
67     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
68     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
69     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
70     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
71     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
72     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
73     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
74     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
75     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
76 
77     /* All CAMELLIA-256 ephemeral suites */
78     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
79     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
80     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
81     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
82     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
83     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
84     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
85 
86     /* All AES-128 ephemeral suites */
87     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
88     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
89     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
90     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
91     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
92     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
93     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
94     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
95     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
96     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
97     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
98     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
99     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
100 
101     /* All CAMELLIA-128 ephemeral suites */
102     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
103     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
104     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
105     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
106     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
107     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
108     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
109 
110     /* All remaining >= 128-bit ephemeral suites */
111     MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
112     MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
113     MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
114 
115     /* The PSK ephemeral suites */
116     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
117     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
118     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
119     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
120     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
121     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
122     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
123     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
124     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
125     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
126 
127     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
128     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
129     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
130     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
131     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
132     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
133     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
134     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
135     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
136     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
137 
138     MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
139     MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
140 
141     /* The ECJPAKE suite */
142     MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
143 
144     /* All AES-256 suites */
145     MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
146     MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
147     MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
148     MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
149     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
150     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
151     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
152     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
153     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
154     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
155     MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
156 
157     /* All CAMELLIA-256 suites */
158     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
159     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
160     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
161     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
162     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
163     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
164     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
165 
166     /* All AES-128 suites */
167     MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
168     MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
169     MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
170     MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
171     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
172     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
173     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
174     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
175     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
176     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
177     MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
178 
179     /* All CAMELLIA-128 suites */
180     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
181     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
182     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
183     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
184     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
185     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
186     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
187 
188     /* All remaining >= 128-bit suites */
189     MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
190     MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
191     MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
192 
193     /* The RSA PSK suites */
194     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
195     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
196     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
197     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
198     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
199 
200     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
201     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
202     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
203     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
204     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
205 
206     MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
207 
208     /* The PSK suites */
209     MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
210     MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
211     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
212     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
213     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
214     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
215     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
216 
217     MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
218     MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
219     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
220     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
221     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
222     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
223     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
224 
225     MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
226 
227     /* RC4 suites */
228     MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
229     MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
230     MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
231     MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA,
232     MBEDTLS_TLS_RSA_WITH_RC4_128_SHA,
233     MBEDTLS_TLS_RSA_WITH_RC4_128_MD5,
234     MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA,
235     MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
236     MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA,
237     MBEDTLS_TLS_PSK_WITH_RC4_128_SHA,
238 
239     /* Weak suites */
240     MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA,
241     MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA,
242 
243     /* NULL suites */
244     MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
245     MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
246     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
247     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
248     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
249     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
250     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
251     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
252 
253     MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
254     MBEDTLS_TLS_RSA_WITH_NULL_SHA,
255     MBEDTLS_TLS_RSA_WITH_NULL_MD5,
256     MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
257     MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
258     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
259     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
260     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
261     MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
262     MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
263     MBEDTLS_TLS_PSK_WITH_NULL_SHA,
264 
265 #endif /* MBEDTLS_SSL_CIPHERSUITES */
266     0
267 };
268 
269 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
270 {
271 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
272 #if defined(MBEDTLS_AES_C)
273 #if defined(MBEDTLS_SHA1_C)
274 #if defined(MBEDTLS_CIPHER_MODE_CBC)
275     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
276       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
277       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
278       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
279       0 },
280     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
281       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
282       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
283       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
284       0 },
285 #endif /* MBEDTLS_CIPHER_MODE_CBC */
286 #endif /* MBEDTLS_SHA1_C */
287 #if defined(MBEDTLS_SHA256_C)
288 #if defined(MBEDTLS_CIPHER_MODE_CBC)
289     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
290       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
291       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
292       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
293       0 },
294 #endif /* MBEDTLS_CIPHER_MODE_CBC */
295 #if defined(MBEDTLS_GCM_C)
296     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
297       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
298       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
299       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
300       0 },
301 #endif /* MBEDTLS_GCM_C */
302 #endif /* MBEDTLS_SHA256_C */
303 #if defined(MBEDTLS_SHA512_C)
304 #if defined(MBEDTLS_CIPHER_MODE_CBC)
305     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
306       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
307       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
308       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
309       0 },
310 #endif /* MBEDTLS_CIPHER_MODE_CBC */
311 #if defined(MBEDTLS_GCM_C)
312     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
313       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
314       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
315       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
316       0 },
317 #endif /* MBEDTLS_GCM_C */
318 #endif /* MBEDTLS_SHA512_C */
319 #if defined(MBEDTLS_CCM_C)
320     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
321       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
322       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
323       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
324       0 },
325     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
326       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
327       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
328       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
329       MBEDTLS_CIPHERSUITE_SHORT_TAG },
330     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
331       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
332       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
333       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
334       0 },
335     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
336       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
337       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
338       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
339       MBEDTLS_CIPHERSUITE_SHORT_TAG },
340 #endif /* MBEDTLS_CCM_C */
341 #endif /* MBEDTLS_AES_C */
342 
343 #if defined(MBEDTLS_CAMELLIA_C)
344 #if defined(MBEDTLS_CIPHER_MODE_CBC)
345 #if defined(MBEDTLS_SHA256_C)
346     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
347       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
348       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
349       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
350       0 },
351 #endif /* MBEDTLS_SHA256_C */
352 #if defined(MBEDTLS_SHA512_C)
353     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
354       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
355       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
356       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
357       0 },
358 #endif /* MBEDTLS_SHA512_C */
359 #endif /* MBEDTLS_CIPHER_MODE_CBC */
360 
361 #if defined(MBEDTLS_GCM_C)
362 #if defined(MBEDTLS_SHA256_C)
363     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
364       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
365       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
366       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
367       0 },
368 #endif /* MBEDTLS_SHA256_C */
369 #if defined(MBEDTLS_SHA512_C)
370     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
371       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
372       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
373       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
374       0 },
375 #endif /* MBEDTLS_SHA512_C */
376 #endif /* MBEDTLS_GCM_C */
377 #endif /* MBEDTLS_CAMELLIA_C */
378 
379 #if defined(MBEDTLS_DES_C)
380 #if defined(MBEDTLS_CIPHER_MODE_CBC)
381 #if defined(MBEDTLS_SHA1_C)
382     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
383       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
384       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
385       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
386       0 },
387 #endif /* MBEDTLS_SHA1_C */
388 #endif /* MBEDTLS_CIPHER_MODE_CBC */
389 #endif /* MBEDTLS_DES_C */
390 
391 #if defined(MBEDTLS_ARC4_C)
392 #if defined(MBEDTLS_SHA1_C)
393     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
394       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
395       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
396       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
397       MBEDTLS_CIPHERSUITE_NODTLS },
398 #endif /* MBEDTLS_SHA1_C */
399 #endif /* MBEDTLS_ARC4_C */
400 
401 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
402 #if defined(MBEDTLS_SHA1_C)
403     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
404       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
405       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
406       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
407       MBEDTLS_CIPHERSUITE_WEAK },
408 #endif /* MBEDTLS_SHA1_C */
409 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
410 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
411 
412 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
413 #if defined(MBEDTLS_AES_C)
414 #if defined(MBEDTLS_SHA1_C)
415 #if defined(MBEDTLS_CIPHER_MODE_CBC)
416     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
417       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
418       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
419       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
420       0 },
421     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
422       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
423       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
424       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
425       0 },
426 #endif /* MBEDTLS_CIPHER_MODE_CBC */
427 #endif /* MBEDTLS_SHA1_C */
428 #if defined(MBEDTLS_SHA256_C)
429 #if defined(MBEDTLS_CIPHER_MODE_CBC)
430     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
431       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
432       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
433       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
434       0 },
435 #endif /* MBEDTLS_CIPHER_MODE_CBC */
436 #if defined(MBEDTLS_GCM_C)
437     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
438       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
439       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
440       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
441       0 },
442 #endif /* MBEDTLS_GCM_C */
443 #endif /* MBEDTLS_SHA256_C */
444 #if defined(MBEDTLS_SHA512_C)
445 #if defined(MBEDTLS_CIPHER_MODE_CBC)
446     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
447       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
448       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
449       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
450       0 },
451 #endif /* MBEDTLS_CIPHER_MODE_CBC */
452 #if defined(MBEDTLS_GCM_C)
453     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
454       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
455       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
456       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
457       0 },
458 #endif /* MBEDTLS_GCM_C */
459 #endif /* MBEDTLS_SHA512_C */
460 #endif /* MBEDTLS_AES_C */
461 
462 #if defined(MBEDTLS_CAMELLIA_C)
463 #if defined(MBEDTLS_CIPHER_MODE_CBC)
464 #if defined(MBEDTLS_SHA256_C)
465     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
466       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
467       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
468       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
469       0 },
470 #endif /* MBEDTLS_SHA256_C */
471 #if defined(MBEDTLS_SHA512_C)
472     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
473       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
474       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
475       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
476       0 },
477 #endif /* MBEDTLS_SHA512_C */
478 #endif /* MBEDTLS_CIPHER_MODE_CBC */
479 
480 #if defined(MBEDTLS_GCM_C)
481 #if defined(MBEDTLS_SHA256_C)
482     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
483       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
484       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
485       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
486       0 },
487 #endif /* MBEDTLS_SHA256_C */
488 #if defined(MBEDTLS_SHA512_C)
489     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
490       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
491       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
492       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
493       0 },
494 #endif /* MBEDTLS_SHA512_C */
495 #endif /* MBEDTLS_GCM_C */
496 #endif /* MBEDTLS_CAMELLIA_C */
497 
498 #if defined(MBEDTLS_DES_C)
499 #if defined(MBEDTLS_CIPHER_MODE_CBC)
500 #if defined(MBEDTLS_SHA1_C)
501     { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
502       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
503       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
504       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
505       0 },
506 #endif /* MBEDTLS_SHA1_C */
507 #endif /* MBEDTLS_CIPHER_MODE_CBC */
508 #endif /* MBEDTLS_DES_C */
509 
510 #if defined(MBEDTLS_ARC4_C)
511 #if defined(MBEDTLS_SHA1_C)
512     { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
513       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
514       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
515       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
516       MBEDTLS_CIPHERSUITE_NODTLS },
517 #endif /* MBEDTLS_SHA1_C */
518 #endif /* MBEDTLS_ARC4_C */
519 
520 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
521 #if defined(MBEDTLS_SHA1_C)
522     { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
523       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
524       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
525       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
526       MBEDTLS_CIPHERSUITE_WEAK },
527 #endif /* MBEDTLS_SHA1_C */
528 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
529 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
530 
531 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
532 #if defined(MBEDTLS_AES_C)
533 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
534     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
535       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
536       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
537       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
538       0 },
539 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
540 
541 #if defined(MBEDTLS_SHA256_C)
542 #if defined(MBEDTLS_GCM_C)
543     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
544       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
545       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
546       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
547       0 },
548 #endif /* MBEDTLS_GCM_C */
549 
550 #if defined(MBEDTLS_CIPHER_MODE_CBC)
551     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
552       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
553       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
554       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
555       0 },
556 
557     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
558       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
559       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
560       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
561       0 },
562 #endif /* MBEDTLS_CIPHER_MODE_CBC */
563 #endif /* MBEDTLS_SHA256_C */
564 
565 #if defined(MBEDTLS_CIPHER_MODE_CBC)
566 #if defined(MBEDTLS_SHA1_C)
567     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
568       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
569       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
570       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
571       0 },
572 
573     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
574       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
575       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
576       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
577       0 },
578 #endif /* MBEDTLS_SHA1_C */
579 #endif /* MBEDTLS_CIPHER_MODE_CBC */
580 #if defined(MBEDTLS_CCM_C)
581     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
582       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
583       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
584       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
585       0 },
586     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
587       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
588       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
589       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
590       MBEDTLS_CIPHERSUITE_SHORT_TAG },
591     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
592       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
593       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
594       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
595       0 },
596     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
597       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
598       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
599       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
600       MBEDTLS_CIPHERSUITE_SHORT_TAG },
601 #endif /* MBEDTLS_CCM_C */
602 #endif /* MBEDTLS_AES_C */
603 
604 #if defined(MBEDTLS_CAMELLIA_C)
605 #if defined(MBEDTLS_CIPHER_MODE_CBC)
606 #if defined(MBEDTLS_SHA256_C)
607     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
608       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
609       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
610       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
611       0 },
612 
613     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
614       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
615       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
616       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
617       0 },
618 #endif /* MBEDTLS_SHA256_C */
619 
620 #if defined(MBEDTLS_SHA1_C)
621     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
622       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
623       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
624       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
625       0 },
626 
627     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
628       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
629       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
630       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
631       0 },
632 #endif /* MBEDTLS_SHA1_C */
633 #endif /* MBEDTLS_CIPHER_MODE_CBC */
634 #if defined(MBEDTLS_GCM_C)
635 #if defined(MBEDTLS_SHA256_C)
636     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
637       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
638       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
639       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
640       0 },
641 #endif /* MBEDTLS_SHA256_C */
642 
643 #if defined(MBEDTLS_SHA512_C)
644     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
645       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
646       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
647       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
648       0 },
649 #endif /* MBEDTLS_SHA512_C */
650 #endif /* MBEDTLS_GCM_C */
651 #endif /* MBEDTLS_CAMELLIA_C */
652 
653 #if defined(MBEDTLS_DES_C)
654 #if defined(MBEDTLS_CIPHER_MODE_CBC)
655 #if defined(MBEDTLS_SHA1_C)
656     { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
657       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
658       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
659       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
660       0 },
661 #endif /* MBEDTLS_SHA1_C */
662 #endif /* MBEDTLS_CIPHER_MODE_CBC */
663 #endif /* MBEDTLS_DES_C */
664 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
665 
666 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
667 #if defined(MBEDTLS_AES_C)
668 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
669     { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
670       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
671       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
672       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
673       0 },
674 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
675 
676 #if defined(MBEDTLS_SHA256_C)
677 #if defined(MBEDTLS_GCM_C)
678     { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
679       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
680       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
681       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
682       0 },
683 #endif /* MBEDTLS_GCM_C */
684 
685 #if defined(MBEDTLS_CIPHER_MODE_CBC)
686     { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
687       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
688       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
689       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
690       0 },
691 
692     { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
693       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
694       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
695       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
696       0 },
697 #endif /* MBEDTLS_CIPHER_MODE_CBC */
698 #endif /* MBEDTLS_SHA256_C */
699 
700 #if defined(MBEDTLS_SHA1_C)
701 #if defined(MBEDTLS_CIPHER_MODE_CBC)
702     { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
703       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
704       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
705       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
706       0 },
707 
708     { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
709       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
710       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
711       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
712       0 },
713 #endif /* MBEDTLS_CIPHER_MODE_CBC */
714 #endif /* MBEDTLS_SHA1_C */
715 #if defined(MBEDTLS_CCM_C)
716     { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
717       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
718       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
719       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
720       0 },
721     { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
722       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
723       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
724       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
725       MBEDTLS_CIPHERSUITE_SHORT_TAG },
726     { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
727       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
728       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
729       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
730       0 },
731     { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
732       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
733       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
734       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
735       MBEDTLS_CIPHERSUITE_SHORT_TAG },
736 #endif /* MBEDTLS_CCM_C */
737 #endif /* MBEDTLS_AES_C */
738 
739 #if defined(MBEDTLS_CAMELLIA_C)
740 #if defined(MBEDTLS_CIPHER_MODE_CBC)
741 #if defined(MBEDTLS_SHA256_C)
742     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
743       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
744       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
745       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
746       0 },
747 
748     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
749       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
750       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
751       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
752       0 },
753 #endif /* MBEDTLS_SHA256_C */
754 
755 #if defined(MBEDTLS_SHA1_C)
756     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
757       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
758       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
759       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
760       0 },
761 
762     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
763       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
764       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
765       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
766       0 },
767 #endif /* MBEDTLS_SHA1_C */
768 #endif /* MBEDTLS_CIPHER_MODE_CBC */
769 
770 #if defined(MBEDTLS_GCM_C)
771 #if defined(MBEDTLS_SHA256_C)
772     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
773       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
774       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
775       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
776       0 },
777 #endif /* MBEDTLS_SHA256_C */
778 
779 #if defined(MBEDTLS_SHA1_C)
780     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
781       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
782       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
783       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
784       0 },
785 #endif /* MBEDTLS_SHA1_C */
786 #endif /* MBEDTLS_GCM_C */
787 #endif /* MBEDTLS_CAMELLIA_C */
788 
789 #if defined(MBEDTLS_DES_C)
790 #if defined(MBEDTLS_CIPHER_MODE_CBC)
791 #if defined(MBEDTLS_SHA1_C)
792     { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
793       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
794       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
795       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
796       0 },
797 #endif /* MBEDTLS_SHA1_C */
798 #endif /* MBEDTLS_CIPHER_MODE_CBC */
799 #endif /* MBEDTLS_DES_C */
800 
801 #if defined(MBEDTLS_ARC4_C)
802 #if defined(MBEDTLS_MD5_C)
803     { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
804       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
805       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
806       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
807       MBEDTLS_CIPHERSUITE_NODTLS },
808 #endif
809 
810 #if defined(MBEDTLS_SHA1_C)
811     { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
812       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
813       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
814       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
815       MBEDTLS_CIPHERSUITE_NODTLS },
816 #endif
817 #endif /* MBEDTLS_ARC4_C */
818 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
819 
820 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
821 #if defined(MBEDTLS_AES_C)
822 #if defined(MBEDTLS_SHA1_C)
823 #if defined(MBEDTLS_CIPHER_MODE_CBC)
824     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
825       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
826       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
827       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
828       0 },
829     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
830       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
831       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
832       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
833       0 },
834 #endif /* MBEDTLS_CIPHER_MODE_CBC */
835 #endif /* MBEDTLS_SHA1_C */
836 #if defined(MBEDTLS_SHA256_C)
837 #if defined(MBEDTLS_CIPHER_MODE_CBC)
838     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
839       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
840       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
841       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
842       0 },
843 #endif /* MBEDTLS_CIPHER_MODE_CBC */
844 #if defined(MBEDTLS_GCM_C)
845     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
846       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
847       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
848       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
849       0 },
850 #endif /* MBEDTLS_GCM_C */
851 #endif /* MBEDTLS_SHA256_C */
852 #if defined(MBEDTLS_SHA512_C)
853 #if defined(MBEDTLS_CIPHER_MODE_CBC)
854     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
855       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
856       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
857       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
858       0 },
859 #endif /* MBEDTLS_CIPHER_MODE_CBC */
860 #if defined(MBEDTLS_GCM_C)
861     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
862       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
863       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
864       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
865       0 },
866 #endif /* MBEDTLS_GCM_C */
867 #endif /* MBEDTLS_SHA512_C */
868 #endif /* MBEDTLS_AES_C */
869 
870 #if defined(MBEDTLS_CAMELLIA_C)
871 #if defined(MBEDTLS_CIPHER_MODE_CBC)
872 #if defined(MBEDTLS_SHA256_C)
873     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
874       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
875       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
876       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
877       0 },
878 #endif /* MBEDTLS_SHA256_C */
879 #if defined(MBEDTLS_SHA512_C)
880     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
881       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
882       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
883       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
884       0 },
885 #endif /* MBEDTLS_SHA512_C */
886 #endif /* MBEDTLS_CIPHER_MODE_CBC */
887 
888 #if defined(MBEDTLS_GCM_C)
889 #if defined(MBEDTLS_SHA256_C)
890     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
891       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
892       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
893       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
894       0 },
895 #endif /* MBEDTLS_SHA256_C */
896 #if defined(MBEDTLS_SHA512_C)
897     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
898       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
899       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
900       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
901       0 },
902 #endif /* MBEDTLS_SHA512_C */
903 #endif /* MBEDTLS_GCM_C */
904 #endif /* MBEDTLS_CAMELLIA_C */
905 
906 #if defined(MBEDTLS_DES_C)
907 #if defined(MBEDTLS_CIPHER_MODE_CBC)
908 #if defined(MBEDTLS_SHA1_C)
909     { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
910       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
911       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
912       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
913       0 },
914 #endif /* MBEDTLS_SHA1_C */
915 #endif /* MBEDTLS_CIPHER_MODE_CBC */
916 #endif /* MBEDTLS_DES_C */
917 
918 #if defined(MBEDTLS_ARC4_C)
919 #if defined(MBEDTLS_SHA1_C)
920     { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
921       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
922       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
923       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
924       MBEDTLS_CIPHERSUITE_NODTLS },
925 #endif /* MBEDTLS_SHA1_C */
926 #endif /* MBEDTLS_ARC4_C */
927 
928 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
929 #if defined(MBEDTLS_SHA1_C)
930     { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
931       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
932       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
933       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
934       MBEDTLS_CIPHERSUITE_WEAK },
935 #endif /* MBEDTLS_SHA1_C */
936 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
937 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
938 
939 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
940 #if defined(MBEDTLS_AES_C)
941 #if defined(MBEDTLS_SHA1_C)
942 #if defined(MBEDTLS_CIPHER_MODE_CBC)
943     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
944       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
945       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
946       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
947       0 },
948     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
949       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
950       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
951       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
952       0 },
953 #endif /* MBEDTLS_CIPHER_MODE_CBC */
954 #endif /* MBEDTLS_SHA1_C */
955 #if defined(MBEDTLS_SHA256_C)
956 #if defined(MBEDTLS_CIPHER_MODE_CBC)
957     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
958       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
959       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
960       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
961       0 },
962 #endif /* MBEDTLS_CIPHER_MODE_CBC */
963 #if defined(MBEDTLS_GCM_C)
964     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
965       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
966       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
967       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
968       0 },
969 #endif /* MBEDTLS_GCM_C */
970 #endif /* MBEDTLS_SHA256_C */
971 #if defined(MBEDTLS_SHA512_C)
972 #if defined(MBEDTLS_CIPHER_MODE_CBC)
973     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
974       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
975       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
976       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
977       0 },
978 #endif /* MBEDTLS_CIPHER_MODE_CBC */
979 #if defined(MBEDTLS_GCM_C)
980     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
981       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
982       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
983       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
984       0 },
985 #endif /* MBEDTLS_GCM_C */
986 #endif /* MBEDTLS_SHA512_C */
987 #endif /* MBEDTLS_AES_C */
988 
989 #if defined(MBEDTLS_CAMELLIA_C)
990 #if defined(MBEDTLS_CIPHER_MODE_CBC)
991 #if defined(MBEDTLS_SHA256_C)
992     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
993       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
994       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
995       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
996       0 },
997 #endif /* MBEDTLS_SHA256_C */
998 #if defined(MBEDTLS_SHA512_C)
999     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
1000       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1001       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1002       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1003       0 },
1004 #endif /* MBEDTLS_SHA512_C */
1005 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1006 
1007 #if defined(MBEDTLS_GCM_C)
1008 #if defined(MBEDTLS_SHA256_C)
1009     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
1010       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1011       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1012       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1013       0 },
1014 #endif /* MBEDTLS_SHA256_C */
1015 #if defined(MBEDTLS_SHA512_C)
1016     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
1017       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1018       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1019       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1020       0 },
1021 #endif /* MBEDTLS_SHA512_C */
1022 #endif /* MBEDTLS_GCM_C */
1023 #endif /* MBEDTLS_CAMELLIA_C */
1024 
1025 #if defined(MBEDTLS_DES_C)
1026 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1027 #if defined(MBEDTLS_SHA1_C)
1028     { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
1029       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1030       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1031       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1032       0 },
1033 #endif /* MBEDTLS_SHA1_C */
1034 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1035 #endif /* MBEDTLS_DES_C */
1036 
1037 #if defined(MBEDTLS_ARC4_C)
1038 #if defined(MBEDTLS_SHA1_C)
1039     { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
1040       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1041       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1042       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1043       MBEDTLS_CIPHERSUITE_NODTLS },
1044 #endif /* MBEDTLS_SHA1_C */
1045 #endif /* MBEDTLS_ARC4_C */
1046 
1047 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1048 #if defined(MBEDTLS_SHA1_C)
1049     { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
1050       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1051       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1052       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1053       MBEDTLS_CIPHERSUITE_WEAK },
1054 #endif /* MBEDTLS_SHA1_C */
1055 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1056 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1057 
1058 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1059 #if defined(MBEDTLS_AES_C)
1060 #if defined(MBEDTLS_GCM_C)
1061 #if defined(MBEDTLS_SHA256_C)
1062     { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
1063       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1064       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1065       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1066       0 },
1067 #endif /* MBEDTLS_SHA256_C */
1068 
1069 #if defined(MBEDTLS_SHA512_C)
1070     { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1071       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1072       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1073       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1074       0 },
1075 #endif /* MBEDTLS_SHA512_C */
1076 #endif /* MBEDTLS_GCM_C */
1077 
1078 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1079 #if defined(MBEDTLS_SHA256_C)
1080     { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1081       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1082       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1083       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1084       0 },
1085 #endif /* MBEDTLS_SHA256_C */
1086 
1087 #if defined(MBEDTLS_SHA512_C)
1088     { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1089       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1090       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1091       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1092       0 },
1093 #endif /* MBEDTLS_SHA512_C */
1094 
1095 #if defined(MBEDTLS_SHA1_C)
1096     { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1097       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1098       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1099       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1100       0 },
1101 
1102     { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1103       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1104       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1105       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1106       0 },
1107 #endif /* MBEDTLS_SHA1_C */
1108 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1109 #if defined(MBEDTLS_CCM_C)
1110     { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1111       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1112       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1113       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1114       0 },
1115     { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1116       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1117       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1118       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1119       MBEDTLS_CIPHERSUITE_SHORT_TAG },
1120     { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1121       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1122       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1123       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1124       0 },
1125     { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1126       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1127       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1128       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1129       MBEDTLS_CIPHERSUITE_SHORT_TAG },
1130 #endif /* MBEDTLS_CCM_C */
1131 #endif /* MBEDTLS_AES_C */
1132 
1133 #if defined(MBEDTLS_CAMELLIA_C)
1134 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1135 #if defined(MBEDTLS_SHA256_C)
1136     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1137       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1138       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1139       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1140       0 },
1141 #endif /* MBEDTLS_SHA256_C */
1142 
1143 #if defined(MBEDTLS_SHA512_C)
1144     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1145       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1146       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1147       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1148       0 },
1149 #endif /* MBEDTLS_SHA512_C */
1150 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1151 
1152 #if defined(MBEDTLS_GCM_C)
1153 #if defined(MBEDTLS_SHA256_C)
1154     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1155       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1156       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1157       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1158       0 },
1159 #endif /* MBEDTLS_SHA256_C */
1160 
1161 #if defined(MBEDTLS_SHA512_C)
1162     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1163       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1164       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1165       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1166       0 },
1167 #endif /* MBEDTLS_SHA512_C */
1168 #endif /* MBEDTLS_GCM_C */
1169 #endif /* MBEDTLS_CAMELLIA_C */
1170 
1171 #if defined(MBEDTLS_DES_C)
1172 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1173 #if defined(MBEDTLS_SHA1_C)
1174     { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
1175       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1176       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1177       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1178       0 },
1179 #endif /* MBEDTLS_SHA1_C */
1180 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1181 #endif /* MBEDTLS_DES_C */
1182 
1183 #if defined(MBEDTLS_ARC4_C)
1184 #if defined(MBEDTLS_SHA1_C)
1185     { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
1186       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1187       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1188       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1189       MBEDTLS_CIPHERSUITE_NODTLS },
1190 #endif /* MBEDTLS_SHA1_C */
1191 #endif /* MBEDTLS_ARC4_C */
1192 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1193 
1194 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1195 #if defined(MBEDTLS_AES_C)
1196 #if defined(MBEDTLS_GCM_C)
1197 #if defined(MBEDTLS_SHA256_C)
1198     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1199       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1200       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1201       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1202       0 },
1203 #endif /* MBEDTLS_SHA256_C */
1204 
1205 #if defined(MBEDTLS_SHA512_C)
1206     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1207       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1208       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1209       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1210       0 },
1211 #endif /* MBEDTLS_SHA512_C */
1212 #endif /* MBEDTLS_GCM_C */
1213 
1214 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1215 #if defined(MBEDTLS_SHA256_C)
1216     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1217       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1218       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1219       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1220       0 },
1221 #endif /* MBEDTLS_SHA256_C */
1222 
1223 #if defined(MBEDTLS_SHA512_C)
1224     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1225       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1226       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1227       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1228       0 },
1229 #endif /* MBEDTLS_SHA512_C */
1230 
1231 #if defined(MBEDTLS_SHA1_C)
1232     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1233       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1234       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1235       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1236       0 },
1237 
1238     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1239       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1240       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1241       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1242       0 },
1243 #endif /* MBEDTLS_SHA1_C */
1244 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1245 #if defined(MBEDTLS_CCM_C)
1246     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1247       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1248       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1249       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1250       0 },
1251     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1252       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1253       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1254       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1255       MBEDTLS_CIPHERSUITE_SHORT_TAG },
1256     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1257       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1258       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1259       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1260       0 },
1261     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1262       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1263       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1264       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1265       MBEDTLS_CIPHERSUITE_SHORT_TAG },
1266 #endif /* MBEDTLS_CCM_C */
1267 #endif /* MBEDTLS_AES_C */
1268 
1269 #if defined(MBEDTLS_CAMELLIA_C)
1270 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1271 #if defined(MBEDTLS_SHA256_C)
1272     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1273       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1274       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1275       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1276       0 },
1277 #endif /* MBEDTLS_SHA256_C */
1278 
1279 #if defined(MBEDTLS_SHA512_C)
1280     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1281       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1282       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1283       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1284       0 },
1285 #endif /* MBEDTLS_SHA512_C */
1286 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1287 
1288 #if defined(MBEDTLS_GCM_C)
1289 #if defined(MBEDTLS_SHA256_C)
1290     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1291       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1292       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1293       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1294       0 },
1295 #endif /* MBEDTLS_SHA256_C */
1296 
1297 #if defined(MBEDTLS_SHA512_C)
1298     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1299       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1300       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1301       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1302       0 },
1303 #endif /* MBEDTLS_SHA512_C */
1304 #endif /* MBEDTLS_GCM_C */
1305 #endif /* MBEDTLS_CAMELLIA_C */
1306 
1307 #if defined(MBEDTLS_DES_C)
1308 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1309 #if defined(MBEDTLS_SHA1_C)
1310     { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
1311       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1312       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1313       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1314       0 },
1315 #endif /* MBEDTLS_SHA1_C */
1316 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1317 #endif /* MBEDTLS_DES_C */
1318 
1319 #if defined(MBEDTLS_ARC4_C)
1320 #if defined(MBEDTLS_SHA1_C)
1321     { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
1322       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1323       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1324       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1325       MBEDTLS_CIPHERSUITE_NODTLS },
1326 #endif /* MBEDTLS_SHA1_C */
1327 #endif /* MBEDTLS_ARC4_C */
1328 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1329 
1330 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1331 #if defined(MBEDTLS_AES_C)
1332 
1333 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1334 #if defined(MBEDTLS_SHA256_C)
1335     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1336       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1337       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1338       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1339       0 },
1340 #endif /* MBEDTLS_SHA256_C */
1341 
1342 #if defined(MBEDTLS_SHA512_C)
1343     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1344       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1345       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1346       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1347       0 },
1348 #endif /* MBEDTLS_SHA512_C */
1349 
1350 #if defined(MBEDTLS_SHA1_C)
1351     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1352       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1353       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1354       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1355       0 },
1356 
1357     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1358       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1359       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1360       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1361       0 },
1362 #endif /* MBEDTLS_SHA1_C */
1363 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1364 #endif /* MBEDTLS_AES_C */
1365 
1366 #if defined(MBEDTLS_CAMELLIA_C)
1367 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1368 #if defined(MBEDTLS_SHA256_C)
1369     { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1370       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1371       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1372       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1373       0 },
1374 #endif /* MBEDTLS_SHA256_C */
1375 
1376 #if defined(MBEDTLS_SHA512_C)
1377     { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1378       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1379       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1380       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1381       0 },
1382 #endif /* MBEDTLS_SHA512_C */
1383 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1384 #endif /* MBEDTLS_CAMELLIA_C */
1385 
1386 #if defined(MBEDTLS_DES_C)
1387 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1388 #if defined(MBEDTLS_SHA1_C)
1389     { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
1390       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1391       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1392       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1393       0 },
1394 #endif /* MBEDTLS_SHA1_C */
1395 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1396 #endif /* MBEDTLS_DES_C */
1397 
1398 #if defined(MBEDTLS_ARC4_C)
1399 #if defined(MBEDTLS_SHA1_C)
1400     { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
1401       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1402       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1403       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1404       MBEDTLS_CIPHERSUITE_NODTLS },
1405 #endif /* MBEDTLS_SHA1_C */
1406 #endif /* MBEDTLS_ARC4_C */
1407 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1408 
1409 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1410 #if defined(MBEDTLS_AES_C)
1411 #if defined(MBEDTLS_GCM_C)
1412 #if defined(MBEDTLS_SHA256_C)
1413     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1414       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1415       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1416       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1417       0 },
1418 #endif /* MBEDTLS_SHA256_C */
1419 
1420 #if defined(MBEDTLS_SHA512_C)
1421     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1422       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1423       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1424       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1425       0 },
1426 #endif /* MBEDTLS_SHA512_C */
1427 #endif /* MBEDTLS_GCM_C */
1428 
1429 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1430 #if defined(MBEDTLS_SHA256_C)
1431     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1432       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1433       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1434       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1435       0 },
1436 #endif /* MBEDTLS_SHA256_C */
1437 
1438 #if defined(MBEDTLS_SHA512_C)
1439     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1440       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1441       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1442       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1443       0 },
1444 #endif /* MBEDTLS_SHA512_C */
1445 
1446 #if defined(MBEDTLS_SHA1_C)
1447     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1448       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1449       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1450       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1451       0 },
1452 
1453     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1454       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1455       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1456       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1457       0 },
1458 #endif /* MBEDTLS_SHA1_C */
1459 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1460 #endif /* MBEDTLS_AES_C */
1461 
1462 #if defined(MBEDTLS_CAMELLIA_C)
1463 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1464 #if defined(MBEDTLS_SHA256_C)
1465     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1466       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1467       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1468       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1469       0 },
1470 #endif /* MBEDTLS_SHA256_C */
1471 
1472 #if defined(MBEDTLS_SHA512_C)
1473     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1474       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1475       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1476       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1477       0 },
1478 #endif /* MBEDTLS_SHA512_C */
1479 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1480 
1481 #if defined(MBEDTLS_GCM_C)
1482 #if defined(MBEDTLS_SHA256_C)
1483     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1484       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1485       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1486       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1487       0 },
1488 #endif /* MBEDTLS_SHA256_C */
1489 
1490 #if defined(MBEDTLS_SHA512_C)
1491     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1492       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1493       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1494       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1495       0 },
1496 #endif /* MBEDTLS_SHA512_C */
1497 #endif /* MBEDTLS_GCM_C */
1498 #endif /* MBEDTLS_CAMELLIA_C */
1499 
1500 #if defined(MBEDTLS_DES_C)
1501 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1502 #if defined(MBEDTLS_SHA1_C)
1503     { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
1504       MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1505       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1506       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1507       0 },
1508 #endif /* MBEDTLS_SHA1_C */
1509 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1510 #endif /* MBEDTLS_DES_C */
1511 
1512 #if defined(MBEDTLS_ARC4_C)
1513 #if defined(MBEDTLS_SHA1_C)
1514     { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
1515       MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1516       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1517       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1518       MBEDTLS_CIPHERSUITE_NODTLS },
1519 #endif /* MBEDTLS_SHA1_C */
1520 #endif /* MBEDTLS_ARC4_C */
1521 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1522 
1523 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1524 #if defined(MBEDTLS_AES_C)
1525 #if defined(MBEDTLS_CCM_C)
1526     { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1527       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1528       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1529       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1530       MBEDTLS_CIPHERSUITE_SHORT_TAG },
1531 #endif /* MBEDTLS_CCM_C */
1532 #endif /* MBEDTLS_AES_C */
1533 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1534 
1535 #if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
1536 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1537 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1538 #if defined(MBEDTLS_MD5_C)
1539     { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1540       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1541       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1542       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1543       MBEDTLS_CIPHERSUITE_WEAK },
1544 #endif
1545 
1546 #if defined(MBEDTLS_SHA1_C)
1547     { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1548       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1549       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1550       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1551       MBEDTLS_CIPHERSUITE_WEAK },
1552 #endif
1553 
1554 #if defined(MBEDTLS_SHA256_C)
1555     { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1556       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1557       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1558       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1559       MBEDTLS_CIPHERSUITE_WEAK },
1560 #endif
1561 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1562 
1563 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1564 #if defined(MBEDTLS_SHA1_C)
1565     { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1566       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1567       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1568       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1569       MBEDTLS_CIPHERSUITE_WEAK },
1570 #endif /* MBEDTLS_SHA1_C */
1571 
1572 #if defined(MBEDTLS_SHA256_C)
1573     { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1574       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1575       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1576       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1577       MBEDTLS_CIPHERSUITE_WEAK },
1578 #endif
1579 
1580 #if defined(MBEDTLS_SHA512_C)
1581     { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1582       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1583       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1584       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1585       MBEDTLS_CIPHERSUITE_WEAK },
1586 #endif
1587 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1588 
1589 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1590 #if defined(MBEDTLS_SHA1_C)
1591     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1592       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1593       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1594       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1595       MBEDTLS_CIPHERSUITE_WEAK },
1596 #endif /* MBEDTLS_SHA1_C */
1597 
1598 #if defined(MBEDTLS_SHA256_C)
1599     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1600       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1601       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1602       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1603       MBEDTLS_CIPHERSUITE_WEAK },
1604 #endif
1605 
1606 #if defined(MBEDTLS_SHA512_C)
1607     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1608       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1609       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1610       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1611       MBEDTLS_CIPHERSUITE_WEAK },
1612 #endif
1613 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1614 
1615 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1616 #if defined(MBEDTLS_SHA1_C)
1617     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1618       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1619       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1620       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1621       MBEDTLS_CIPHERSUITE_WEAK },
1622 #endif /* MBEDTLS_SHA1_C */
1623 
1624 #if defined(MBEDTLS_SHA256_C)
1625     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1626       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1627       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1628       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1629       MBEDTLS_CIPHERSUITE_WEAK },
1630 #endif
1631 
1632 #if defined(MBEDTLS_SHA512_C)
1633     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1634       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1635       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1636       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1637       MBEDTLS_CIPHERSUITE_WEAK },
1638 #endif
1639 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1640 
1641 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1642 #if defined(MBEDTLS_SHA1_C)
1643     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1644       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1645       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1646       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1647       MBEDTLS_CIPHERSUITE_WEAK },
1648 #endif /* MBEDTLS_SHA1_C */
1649 
1650 #if defined(MBEDTLS_SHA256_C)
1651     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1652       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1653       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1654       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1655       MBEDTLS_CIPHERSUITE_WEAK },
1656 #endif
1657 
1658 #if defined(MBEDTLS_SHA512_C)
1659     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1660       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1661       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1662       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1663       MBEDTLS_CIPHERSUITE_WEAK },
1664 #endif
1665 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1666 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1667 
1668 #if defined(MBEDTLS_DES_C)
1669 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1670 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1671 #if defined(MBEDTLS_SHA1_C)
1672     { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
1673       MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1674       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1675       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1676       MBEDTLS_CIPHERSUITE_WEAK },
1677 #endif /* MBEDTLS_SHA1_C */
1678 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1679 
1680 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1681 #if defined(MBEDTLS_SHA1_C)
1682     { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
1683       MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1684       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1685       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1686       MBEDTLS_CIPHERSUITE_WEAK },
1687 #endif /* MBEDTLS_SHA1_C */
1688 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1689 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1690 #endif /* MBEDTLS_DES_C */
1691 #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
1692 
1693     { 0, "",
1694       MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1695       0, 0, 0, 0, 0 }
1696 };
1697 
1698 #if defined(MBEDTLS_SSL_CIPHERSUITES)
1699 const int *mbedtls_ssl_list_ciphersuites( void )
1700 {
1701     return( ciphersuite_preference );
1702 }
1703 #else
1704 #define MAX_CIPHERSUITES    sizeof( ciphersuite_definitions     ) /         \
1705                             sizeof( ciphersuite_definitions[0]  )
1706 static int supported_ciphersuites[MAX_CIPHERSUITES];
1707 static int supported_init = 0;
1708 
1709 const int *mbedtls_ssl_list_ciphersuites( void )
1710 {
1711     /*
1712      * On initial call filter out all ciphersuites not supported by current
1713      * build based on presence in the ciphersuite_definitions.
1714      */
1715     if( supported_init == 0 )
1716     {
1717         const int *p;
1718         int *q;
1719 
1720         for( p = ciphersuite_preference, q = supported_ciphersuites;
1721              *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1722              p++ )
1723         {
1724 #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
1725             const mbedtls_ssl_ciphersuite_t *cs_info;
1726             if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
1727                 cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 )
1728 #else
1729             if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
1730 #endif
1731                 *(q++) = *p;
1732         }
1733         *q = 0;
1734 
1735         supported_init = 1;
1736     }
1737 
1738     return( supported_ciphersuites );
1739 }
1740 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1741 
1742 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1743                                                 const char *ciphersuite_name )
1744 {
1745     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1746 
1747     if( NULL == ciphersuite_name )
1748         return( NULL );
1749 
1750     while( cur->id != 0 )
1751     {
1752         if( 0 == strcmp( cur->name, ciphersuite_name ) )
1753             return( cur );
1754 
1755         cur++;
1756     }
1757 
1758     return( NULL );
1759 }
1760 
1761 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
1762 {
1763     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1764 
1765     while( cur->id != 0 )
1766     {
1767         if( cur->id == ciphersuite )
1768             return( cur );
1769 
1770         cur++;
1771     }
1772 
1773     return( NULL );
1774 }
1775 
1776 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
1777 {
1778     const mbedtls_ssl_ciphersuite_t *cur;
1779 
1780     cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
1781 
1782     if( cur == NULL )
1783         return( "unknown" );
1784 
1785     return( cur->name );
1786 }
1787 
1788 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
1789 {
1790     const mbedtls_ssl_ciphersuite_t *cur;
1791 
1792     cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
1793 
1794     if( cur == NULL )
1795         return( 0 );
1796 
1797     return( cur->id );
1798 }
1799 
1800 #if defined(MBEDTLS_PK_C)
1801 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
1802 {
1803     switch( info->key_exchange )
1804     {
1805         case MBEDTLS_KEY_EXCHANGE_RSA:
1806         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1807         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1808         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1809             return( MBEDTLS_PK_RSA );
1810 
1811         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1812             return( MBEDTLS_PK_ECDSA );
1813 
1814         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1815         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1816             return( MBEDTLS_PK_ECKEY );
1817 
1818         default:
1819             return( MBEDTLS_PK_NONE );
1820     }
1821 }
1822 
1823 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
1824 {
1825     switch( info->key_exchange )
1826     {
1827         case MBEDTLS_KEY_EXCHANGE_RSA:
1828         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1829         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1830             return( MBEDTLS_PK_RSA );
1831 
1832         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1833             return( MBEDTLS_PK_ECDSA );
1834 
1835         default:
1836             return( MBEDTLS_PK_NONE );
1837     }
1838 }
1839 
1840 #endif /* MBEDTLS_PK_C */
1841 
1842 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
1843 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
1844 {
1845     switch( info->key_exchange )
1846     {
1847         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1848         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1849         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1850         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1851         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1852             return( 1 );
1853 
1854         default:
1855             return( 0 );
1856     }
1857 }
1858 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
1859 
1860 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1861 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
1862 {
1863     switch( info->key_exchange )
1864     {
1865         case MBEDTLS_KEY_EXCHANGE_PSK:
1866         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1867         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
1868         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1869             return( 1 );
1870 
1871         default:
1872             return( 0 );
1873     }
1874 }
1875 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
1876 
1877 #endif /* MBEDTLS_SSL_TLS_C */
1878