1 /** 2 * \file ssl_ciphersuites.c 3 * 4 * \brief SSL ciphersuites for mbed TLS 5 * 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 * SPDX-License-Identifier: GPL-2.0 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License along 20 * with this program; if not, write to the Free Software Foundation, Inc., 21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 * 23 * This file is part of mbed TLS (https://tls.mbed.org) 24 */ 25 26 #if !defined(MBEDTLS_CONFIG_FILE) 27 #include "mbedtls/config.h" 28 #else 29 #include MBEDTLS_CONFIG_FILE 30 #endif 31 32 #if defined(MBEDTLS_SSL_TLS_C) 33 34 #if defined(MBEDTLS_PLATFORM_C) 35 #include "mbedtls/platform.h" 36 #else 37 #include <stdlib.h> 38 #endif 39 40 #include "mbedtls/ssl_ciphersuites.h" 41 #include "mbedtls/ssl.h" 42 43 #include <string.h> 44 45 /* 46 * Ordered from most preferred to least preferred in terms of security. 47 * 48 * Current rule (except rc4, weak and null which come last): 49 * 1. By key exchange: 50 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK 51 * 2. By key length and cipher: 52 * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES 53 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 54 * 4. By hash function used when relevant 55 * 5. By key exchange/auth again: EC > non-EC 56 */ 57 static const int ciphersuite_preference[] = 58 { 59 #if defined(MBEDTLS_SSL_CIPHERSUITES) 60 MBEDTLS_SSL_CIPHERSUITES, 61 #else 62 /* All AES-256 ephemeral suites */ 63 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 64 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 65 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, 68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 69 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 70 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 71 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 72 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 73 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 74 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, 75 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, 76 77 /* All CAMELLIA-256 ephemeral suites */ 78 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 79 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 80 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 82 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 83 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 84 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 85 86 /* All AES-128 ephemeral suites */ 87 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 88 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 89 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 90 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, 92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 93 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 94 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 95 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 96 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 97 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 98 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, 100 101 /* All CAMELLIA-128 ephemeral suites */ 102 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 103 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 104 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 106 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 107 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 108 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 109 110 /* All remaining >= 128-bit ephemeral suites */ 111 MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 112 MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 113 MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 114 115 /* The PSK ephemeral suites */ 116 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 117 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, 118 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 119 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 120 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 121 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 122 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, 123 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 124 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 125 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, 126 127 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 128 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, 129 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 130 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 131 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 132 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 133 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, 134 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 135 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 136 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, 137 138 MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, 139 MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 140 141 /* The ECJPAKE suite */ 142 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, 143 144 /* All AES-256 suites */ 145 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, 146 MBEDTLS_TLS_RSA_WITH_AES_256_CCM, 147 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 148 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 149 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 150 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 151 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 152 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 153 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 154 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 155 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, 156 157 /* All CAMELLIA-256 suites */ 158 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 159 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 160 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 161 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 162 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 163 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 164 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 165 166 /* All AES-128 suites */ 167 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 168 MBEDTLS_TLS_RSA_WITH_AES_128_CCM, 169 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, 170 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, 171 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 172 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 173 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 174 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 175 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 176 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 177 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, 178 179 /* All CAMELLIA-128 suites */ 180 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 181 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 182 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 183 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 184 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 185 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 186 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 187 188 /* All remaining >= 128-bit suites */ 189 MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, 190 MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 191 MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 192 193 /* The RSA PSK suites */ 194 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 195 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 196 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 197 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 198 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 199 200 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 201 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 202 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 203 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 204 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 205 206 MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 207 208 /* The PSK suites */ 209 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, 210 MBEDTLS_TLS_PSK_WITH_AES_256_CCM, 211 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, 212 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 213 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 214 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 215 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, 216 217 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, 218 MBEDTLS_TLS_PSK_WITH_AES_128_CCM, 219 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, 220 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, 221 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 222 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 223 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, 224 225 MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, 226 227 /* RC4 suites */ 228 MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 229 MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, 230 MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, 231 MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, 232 MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, 233 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, 234 MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, 235 MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 236 MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, 237 MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, 238 239 /* Weak suites */ 240 MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, 241 MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, 242 243 /* NULL suites */ 244 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 245 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, 246 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, 247 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, 248 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, 249 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, 250 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, 251 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, 252 253 MBEDTLS_TLS_RSA_WITH_NULL_SHA256, 254 MBEDTLS_TLS_RSA_WITH_NULL_SHA, 255 MBEDTLS_TLS_RSA_WITH_NULL_MD5, 256 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, 257 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, 258 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, 259 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, 260 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, 261 MBEDTLS_TLS_PSK_WITH_NULL_SHA384, 262 MBEDTLS_TLS_PSK_WITH_NULL_SHA256, 263 MBEDTLS_TLS_PSK_WITH_NULL_SHA, 264 265 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 266 0 267 }; 268 269 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 270 { 271 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 272 #if defined(MBEDTLS_AES_C) 273 #if defined(MBEDTLS_SHA1_C) 274 #if defined(MBEDTLS_CIPHER_MODE_CBC) 275 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 276 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 277 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 278 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 279 0 }, 280 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", 281 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 282 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 283 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 284 0 }, 285 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 286 #endif /* MBEDTLS_SHA1_C */ 287 #if defined(MBEDTLS_SHA256_C) 288 #if defined(MBEDTLS_CIPHER_MODE_CBC) 289 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 290 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 291 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 292 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 293 0 }, 294 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 295 #if defined(MBEDTLS_GCM_C) 296 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 297 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 298 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 299 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 300 0 }, 301 #endif /* MBEDTLS_GCM_C */ 302 #endif /* MBEDTLS_SHA256_C */ 303 #if defined(MBEDTLS_SHA512_C) 304 #if defined(MBEDTLS_CIPHER_MODE_CBC) 305 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 306 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 307 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 308 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 309 0 }, 310 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 311 #if defined(MBEDTLS_GCM_C) 312 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 313 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 314 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 315 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 316 0 }, 317 #endif /* MBEDTLS_GCM_C */ 318 #endif /* MBEDTLS_SHA512_C */ 319 #if defined(MBEDTLS_CCM_C) 320 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", 321 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 322 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 323 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 324 0 }, 325 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", 326 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 327 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 328 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 329 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 330 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", 331 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 332 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 333 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 334 0 }, 335 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", 336 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 337 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 338 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 339 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 340 #endif /* MBEDTLS_CCM_C */ 341 #endif /* MBEDTLS_AES_C */ 342 343 #if defined(MBEDTLS_CAMELLIA_C) 344 #if defined(MBEDTLS_CIPHER_MODE_CBC) 345 #if defined(MBEDTLS_SHA256_C) 346 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 347 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 348 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 349 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 350 0 }, 351 #endif /* MBEDTLS_SHA256_C */ 352 #if defined(MBEDTLS_SHA512_C) 353 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 354 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 355 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 356 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 357 0 }, 358 #endif /* MBEDTLS_SHA512_C */ 359 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 360 361 #if defined(MBEDTLS_GCM_C) 362 #if defined(MBEDTLS_SHA256_C) 363 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 364 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 365 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 366 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 367 0 }, 368 #endif /* MBEDTLS_SHA256_C */ 369 #if defined(MBEDTLS_SHA512_C) 370 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 371 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 372 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 373 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 374 0 }, 375 #endif /* MBEDTLS_SHA512_C */ 376 #endif /* MBEDTLS_GCM_C */ 377 #endif /* MBEDTLS_CAMELLIA_C */ 378 379 #if defined(MBEDTLS_DES_C) 380 #if defined(MBEDTLS_CIPHER_MODE_CBC) 381 #if defined(MBEDTLS_SHA1_C) 382 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", 383 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 384 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 385 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 386 0 }, 387 #endif /* MBEDTLS_SHA1_C */ 388 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 389 #endif /* MBEDTLS_DES_C */ 390 391 #if defined(MBEDTLS_ARC4_C) 392 #if defined(MBEDTLS_SHA1_C) 393 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", 394 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 395 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 396 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 397 MBEDTLS_CIPHERSUITE_NODTLS }, 398 #endif /* MBEDTLS_SHA1_C */ 399 #endif /* MBEDTLS_ARC4_C */ 400 401 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 402 #if defined(MBEDTLS_SHA1_C) 403 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", 404 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 405 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 406 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 407 MBEDTLS_CIPHERSUITE_WEAK }, 408 #endif /* MBEDTLS_SHA1_C */ 409 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 410 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 411 412 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 413 #if defined(MBEDTLS_AES_C) 414 #if defined(MBEDTLS_SHA1_C) 415 #if defined(MBEDTLS_CIPHER_MODE_CBC) 416 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 417 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 418 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 419 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 420 0 }, 421 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 422 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 423 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 424 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 425 0 }, 426 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 427 #endif /* MBEDTLS_SHA1_C */ 428 #if defined(MBEDTLS_SHA256_C) 429 #if defined(MBEDTLS_CIPHER_MODE_CBC) 430 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 431 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 432 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 433 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 434 0 }, 435 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 436 #if defined(MBEDTLS_GCM_C) 437 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 438 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 439 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 440 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 441 0 }, 442 #endif /* MBEDTLS_GCM_C */ 443 #endif /* MBEDTLS_SHA256_C */ 444 #if defined(MBEDTLS_SHA512_C) 445 #if defined(MBEDTLS_CIPHER_MODE_CBC) 446 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 447 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 448 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 449 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 450 0 }, 451 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 452 #if defined(MBEDTLS_GCM_C) 453 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 454 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 455 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 456 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 457 0 }, 458 #endif /* MBEDTLS_GCM_C */ 459 #endif /* MBEDTLS_SHA512_C */ 460 #endif /* MBEDTLS_AES_C */ 461 462 #if defined(MBEDTLS_CAMELLIA_C) 463 #if defined(MBEDTLS_CIPHER_MODE_CBC) 464 #if defined(MBEDTLS_SHA256_C) 465 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 466 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 467 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 468 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 469 0 }, 470 #endif /* MBEDTLS_SHA256_C */ 471 #if defined(MBEDTLS_SHA512_C) 472 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", 473 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 474 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 475 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 476 0 }, 477 #endif /* MBEDTLS_SHA512_C */ 478 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 479 480 #if defined(MBEDTLS_GCM_C) 481 #if defined(MBEDTLS_SHA256_C) 482 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 483 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 484 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 485 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 486 0 }, 487 #endif /* MBEDTLS_SHA256_C */ 488 #if defined(MBEDTLS_SHA512_C) 489 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 490 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 491 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 492 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 493 0 }, 494 #endif /* MBEDTLS_SHA512_C */ 495 #endif /* MBEDTLS_GCM_C */ 496 #endif /* MBEDTLS_CAMELLIA_C */ 497 498 #if defined(MBEDTLS_DES_C) 499 #if defined(MBEDTLS_CIPHER_MODE_CBC) 500 #if defined(MBEDTLS_SHA1_C) 501 { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", 502 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 503 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 504 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 505 0 }, 506 #endif /* MBEDTLS_SHA1_C */ 507 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 508 #endif /* MBEDTLS_DES_C */ 509 510 #if defined(MBEDTLS_ARC4_C) 511 #if defined(MBEDTLS_SHA1_C) 512 { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA", 513 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 514 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 515 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 516 MBEDTLS_CIPHERSUITE_NODTLS }, 517 #endif /* MBEDTLS_SHA1_C */ 518 #endif /* MBEDTLS_ARC4_C */ 519 520 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 521 #if defined(MBEDTLS_SHA1_C) 522 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", 523 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 524 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 525 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 526 MBEDTLS_CIPHERSUITE_WEAK }, 527 #endif /* MBEDTLS_SHA1_C */ 528 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 529 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 530 531 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 532 #if defined(MBEDTLS_AES_C) 533 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) 534 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 535 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 536 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 537 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 538 0 }, 539 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ 540 541 #if defined(MBEDTLS_SHA256_C) 542 #if defined(MBEDTLS_GCM_C) 543 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 544 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 545 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 546 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 547 0 }, 548 #endif /* MBEDTLS_GCM_C */ 549 550 #if defined(MBEDTLS_CIPHER_MODE_CBC) 551 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 552 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 553 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 554 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 555 0 }, 556 557 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 558 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 559 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 560 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 561 0 }, 562 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 563 #endif /* MBEDTLS_SHA256_C */ 564 565 #if defined(MBEDTLS_CIPHER_MODE_CBC) 566 #if defined(MBEDTLS_SHA1_C) 567 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 568 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 569 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 570 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 571 0 }, 572 573 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 574 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 575 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 576 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 577 0 }, 578 #endif /* MBEDTLS_SHA1_C */ 579 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 580 #if defined(MBEDTLS_CCM_C) 581 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", 582 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 583 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 584 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 585 0 }, 586 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", 587 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 588 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 589 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 590 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 591 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", 592 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 593 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 594 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 595 0 }, 596 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", 597 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 598 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 599 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 600 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 601 #endif /* MBEDTLS_CCM_C */ 602 #endif /* MBEDTLS_AES_C */ 603 604 #if defined(MBEDTLS_CAMELLIA_C) 605 #if defined(MBEDTLS_CIPHER_MODE_CBC) 606 #if defined(MBEDTLS_SHA256_C) 607 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 608 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 609 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 610 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 611 0 }, 612 613 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 614 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 615 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 616 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 617 0 }, 618 #endif /* MBEDTLS_SHA256_C */ 619 620 #if defined(MBEDTLS_SHA1_C) 621 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 622 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 623 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 624 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 625 0 }, 626 627 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 628 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 629 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 630 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 631 0 }, 632 #endif /* MBEDTLS_SHA1_C */ 633 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 634 #if defined(MBEDTLS_GCM_C) 635 #if defined(MBEDTLS_SHA256_C) 636 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 637 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 638 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 639 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 640 0 }, 641 #endif /* MBEDTLS_SHA256_C */ 642 643 #if defined(MBEDTLS_SHA512_C) 644 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 645 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 646 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 647 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 648 0 }, 649 #endif /* MBEDTLS_SHA512_C */ 650 #endif /* MBEDTLS_GCM_C */ 651 #endif /* MBEDTLS_CAMELLIA_C */ 652 653 #if defined(MBEDTLS_DES_C) 654 #if defined(MBEDTLS_CIPHER_MODE_CBC) 655 #if defined(MBEDTLS_SHA1_C) 656 { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", 657 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 658 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 659 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 660 0 }, 661 #endif /* MBEDTLS_SHA1_C */ 662 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 663 #endif /* MBEDTLS_DES_C */ 664 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 665 666 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 667 #if defined(MBEDTLS_AES_C) 668 #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) 669 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", 670 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 671 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 672 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 673 0 }, 674 #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ 675 676 #if defined(MBEDTLS_SHA256_C) 677 #if defined(MBEDTLS_GCM_C) 678 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", 679 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 680 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 681 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 682 0 }, 683 #endif /* MBEDTLS_GCM_C */ 684 685 #if defined(MBEDTLS_CIPHER_MODE_CBC) 686 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", 687 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 688 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 689 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 690 0 }, 691 692 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", 693 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 694 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 695 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 696 0 }, 697 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 698 #endif /* MBEDTLS_SHA256_C */ 699 700 #if defined(MBEDTLS_SHA1_C) 701 #if defined(MBEDTLS_CIPHER_MODE_CBC) 702 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", 703 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 704 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 705 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 706 0 }, 707 708 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", 709 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 710 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 711 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 712 0 }, 713 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 714 #endif /* MBEDTLS_SHA1_C */ 715 #if defined(MBEDTLS_CCM_C) 716 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", 717 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 718 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 719 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 720 0 }, 721 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", 722 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 723 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 724 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 725 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 726 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", 727 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 728 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 729 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 730 0 }, 731 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", 732 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 733 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 734 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 735 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 736 #endif /* MBEDTLS_CCM_C */ 737 #endif /* MBEDTLS_AES_C */ 738 739 #if defined(MBEDTLS_CAMELLIA_C) 740 #if defined(MBEDTLS_CIPHER_MODE_CBC) 741 #if defined(MBEDTLS_SHA256_C) 742 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 743 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 744 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 745 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 746 0 }, 747 748 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 749 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 750 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 751 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 752 0 }, 753 #endif /* MBEDTLS_SHA256_C */ 754 755 #if defined(MBEDTLS_SHA1_C) 756 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 757 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 758 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 759 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 760 0 }, 761 762 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 763 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 764 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 765 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 766 0 }, 767 #endif /* MBEDTLS_SHA1_C */ 768 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 769 770 #if defined(MBEDTLS_GCM_C) 771 #if defined(MBEDTLS_SHA256_C) 772 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", 773 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 774 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 775 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 776 0 }, 777 #endif /* MBEDTLS_SHA256_C */ 778 779 #if defined(MBEDTLS_SHA1_C) 780 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", 781 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 782 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 783 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 784 0 }, 785 #endif /* MBEDTLS_SHA1_C */ 786 #endif /* MBEDTLS_GCM_C */ 787 #endif /* MBEDTLS_CAMELLIA_C */ 788 789 #if defined(MBEDTLS_DES_C) 790 #if defined(MBEDTLS_CIPHER_MODE_CBC) 791 #if defined(MBEDTLS_SHA1_C) 792 { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", 793 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 794 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 795 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 796 0 }, 797 #endif /* MBEDTLS_SHA1_C */ 798 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 799 #endif /* MBEDTLS_DES_C */ 800 801 #if defined(MBEDTLS_ARC4_C) 802 #if defined(MBEDTLS_MD5_C) 803 { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", 804 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 805 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 806 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 807 MBEDTLS_CIPHERSUITE_NODTLS }, 808 #endif 809 810 #if defined(MBEDTLS_SHA1_C) 811 { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", 812 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 813 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 814 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 815 MBEDTLS_CIPHERSUITE_NODTLS }, 816 #endif 817 #endif /* MBEDTLS_ARC4_C */ 818 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 819 820 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 821 #if defined(MBEDTLS_AES_C) 822 #if defined(MBEDTLS_SHA1_C) 823 #if defined(MBEDTLS_CIPHER_MODE_CBC) 824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", 825 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 826 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 827 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 828 0 }, 829 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", 830 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 831 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 832 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 833 0 }, 834 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 835 #endif /* MBEDTLS_SHA1_C */ 836 #if defined(MBEDTLS_SHA256_C) 837 #if defined(MBEDTLS_CIPHER_MODE_CBC) 838 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", 839 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 840 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 841 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 842 0 }, 843 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 844 #if defined(MBEDTLS_GCM_C) 845 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", 846 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 847 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 848 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 849 0 }, 850 #endif /* MBEDTLS_GCM_C */ 851 #endif /* MBEDTLS_SHA256_C */ 852 #if defined(MBEDTLS_SHA512_C) 853 #if defined(MBEDTLS_CIPHER_MODE_CBC) 854 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", 855 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 856 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 857 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 858 0 }, 859 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 860 #if defined(MBEDTLS_GCM_C) 861 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", 862 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 863 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 864 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 865 0 }, 866 #endif /* MBEDTLS_GCM_C */ 867 #endif /* MBEDTLS_SHA512_C */ 868 #endif /* MBEDTLS_AES_C */ 869 870 #if defined(MBEDTLS_CAMELLIA_C) 871 #if defined(MBEDTLS_CIPHER_MODE_CBC) 872 #if defined(MBEDTLS_SHA256_C) 873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", 874 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 875 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 876 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 877 0 }, 878 #endif /* MBEDTLS_SHA256_C */ 879 #if defined(MBEDTLS_SHA512_C) 880 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", 881 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 882 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 883 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 884 0 }, 885 #endif /* MBEDTLS_SHA512_C */ 886 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 887 888 #if defined(MBEDTLS_GCM_C) 889 #if defined(MBEDTLS_SHA256_C) 890 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", 891 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 892 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 893 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 894 0 }, 895 #endif /* MBEDTLS_SHA256_C */ 896 #if defined(MBEDTLS_SHA512_C) 897 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", 898 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 899 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 900 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 901 0 }, 902 #endif /* MBEDTLS_SHA512_C */ 903 #endif /* MBEDTLS_GCM_C */ 904 #endif /* MBEDTLS_CAMELLIA_C */ 905 906 #if defined(MBEDTLS_DES_C) 907 #if defined(MBEDTLS_CIPHER_MODE_CBC) 908 #if defined(MBEDTLS_SHA1_C) 909 { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", 910 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 911 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 912 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 913 0 }, 914 #endif /* MBEDTLS_SHA1_C */ 915 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 916 #endif /* MBEDTLS_DES_C */ 917 918 #if defined(MBEDTLS_ARC4_C) 919 #if defined(MBEDTLS_SHA1_C) 920 { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA", 921 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 922 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 923 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 924 MBEDTLS_CIPHERSUITE_NODTLS }, 925 #endif /* MBEDTLS_SHA1_C */ 926 #endif /* MBEDTLS_ARC4_C */ 927 928 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 929 #if defined(MBEDTLS_SHA1_C) 930 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", 931 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 932 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 933 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 934 MBEDTLS_CIPHERSUITE_WEAK }, 935 #endif /* MBEDTLS_SHA1_C */ 936 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 937 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 938 939 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 940 #if defined(MBEDTLS_AES_C) 941 #if defined(MBEDTLS_SHA1_C) 942 #if defined(MBEDTLS_CIPHER_MODE_CBC) 943 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", 944 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 945 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 946 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 947 0 }, 948 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", 949 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 950 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 951 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 952 0 }, 953 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 954 #endif /* MBEDTLS_SHA1_C */ 955 #if defined(MBEDTLS_SHA256_C) 956 #if defined(MBEDTLS_CIPHER_MODE_CBC) 957 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", 958 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 959 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 960 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 961 0 }, 962 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 963 #if defined(MBEDTLS_GCM_C) 964 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", 965 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 966 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 967 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 968 0 }, 969 #endif /* MBEDTLS_GCM_C */ 970 #endif /* MBEDTLS_SHA256_C */ 971 #if defined(MBEDTLS_SHA512_C) 972 #if defined(MBEDTLS_CIPHER_MODE_CBC) 973 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", 974 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 975 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 976 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 977 0 }, 978 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 979 #if defined(MBEDTLS_GCM_C) 980 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", 981 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 982 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 983 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 984 0 }, 985 #endif /* MBEDTLS_GCM_C */ 986 #endif /* MBEDTLS_SHA512_C */ 987 #endif /* MBEDTLS_AES_C */ 988 989 #if defined(MBEDTLS_CAMELLIA_C) 990 #if defined(MBEDTLS_CIPHER_MODE_CBC) 991 #if defined(MBEDTLS_SHA256_C) 992 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 993 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 994 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 995 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 996 0 }, 997 #endif /* MBEDTLS_SHA256_C */ 998 #if defined(MBEDTLS_SHA512_C) 999 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 1000 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1001 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1002 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1003 0 }, 1004 #endif /* MBEDTLS_SHA512_C */ 1005 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1006 1007 #if defined(MBEDTLS_GCM_C) 1008 #if defined(MBEDTLS_SHA256_C) 1009 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 1010 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1011 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1012 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1013 0 }, 1014 #endif /* MBEDTLS_SHA256_C */ 1015 #if defined(MBEDTLS_SHA512_C) 1016 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 1017 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1018 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1019 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1020 0 }, 1021 #endif /* MBEDTLS_SHA512_C */ 1022 #endif /* MBEDTLS_GCM_C */ 1023 #endif /* MBEDTLS_CAMELLIA_C */ 1024 1025 #if defined(MBEDTLS_DES_C) 1026 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1027 #if defined(MBEDTLS_SHA1_C) 1028 { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", 1029 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1030 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1031 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1032 0 }, 1033 #endif /* MBEDTLS_SHA1_C */ 1034 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1035 #endif /* MBEDTLS_DES_C */ 1036 1037 #if defined(MBEDTLS_ARC4_C) 1038 #if defined(MBEDTLS_SHA1_C) 1039 { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", 1040 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1041 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1042 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1043 MBEDTLS_CIPHERSUITE_NODTLS }, 1044 #endif /* MBEDTLS_SHA1_C */ 1045 #endif /* MBEDTLS_ARC4_C */ 1046 1047 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1048 #if defined(MBEDTLS_SHA1_C) 1049 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", 1050 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1051 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1052 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1053 MBEDTLS_CIPHERSUITE_WEAK }, 1054 #endif /* MBEDTLS_SHA1_C */ 1055 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1056 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 1057 1058 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1059 #if defined(MBEDTLS_AES_C) 1060 #if defined(MBEDTLS_GCM_C) 1061 #if defined(MBEDTLS_SHA256_C) 1062 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", 1063 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1064 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1065 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1066 0 }, 1067 #endif /* MBEDTLS_SHA256_C */ 1068 1069 #if defined(MBEDTLS_SHA512_C) 1070 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", 1071 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1072 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1073 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1074 0 }, 1075 #endif /* MBEDTLS_SHA512_C */ 1076 #endif /* MBEDTLS_GCM_C */ 1077 1078 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1079 #if defined(MBEDTLS_SHA256_C) 1080 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", 1081 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1082 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1083 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1084 0 }, 1085 #endif /* MBEDTLS_SHA256_C */ 1086 1087 #if defined(MBEDTLS_SHA512_C) 1088 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", 1089 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1090 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1091 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1092 0 }, 1093 #endif /* MBEDTLS_SHA512_C */ 1094 1095 #if defined(MBEDTLS_SHA1_C) 1096 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", 1097 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1098 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1099 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1100 0 }, 1101 1102 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", 1103 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1104 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1105 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1106 0 }, 1107 #endif /* MBEDTLS_SHA1_C */ 1108 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1109 #if defined(MBEDTLS_CCM_C) 1110 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", 1111 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1112 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1113 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1114 0 }, 1115 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", 1116 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1117 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1118 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1119 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1120 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", 1121 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1122 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1123 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1124 0 }, 1125 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", 1126 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1127 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1128 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1129 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1130 #endif /* MBEDTLS_CCM_C */ 1131 #endif /* MBEDTLS_AES_C */ 1132 1133 #if defined(MBEDTLS_CAMELLIA_C) 1134 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1135 #if defined(MBEDTLS_SHA256_C) 1136 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1137 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1138 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1139 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1140 0 }, 1141 #endif /* MBEDTLS_SHA256_C */ 1142 1143 #if defined(MBEDTLS_SHA512_C) 1144 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1145 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1146 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1147 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1148 0 }, 1149 #endif /* MBEDTLS_SHA512_C */ 1150 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1151 1152 #if defined(MBEDTLS_GCM_C) 1153 #if defined(MBEDTLS_SHA256_C) 1154 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1155 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1156 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1157 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1158 0 }, 1159 #endif /* MBEDTLS_SHA256_C */ 1160 1161 #if defined(MBEDTLS_SHA512_C) 1162 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1163 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1164 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1165 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1166 0 }, 1167 #endif /* MBEDTLS_SHA512_C */ 1168 #endif /* MBEDTLS_GCM_C */ 1169 #endif /* MBEDTLS_CAMELLIA_C */ 1170 1171 #if defined(MBEDTLS_DES_C) 1172 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1173 #if defined(MBEDTLS_SHA1_C) 1174 { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", 1175 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1176 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1177 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1178 0 }, 1179 #endif /* MBEDTLS_SHA1_C */ 1180 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1181 #endif /* MBEDTLS_DES_C */ 1182 1183 #if defined(MBEDTLS_ARC4_C) 1184 #if defined(MBEDTLS_SHA1_C) 1185 { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA", 1186 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1187 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1188 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1189 MBEDTLS_CIPHERSUITE_NODTLS }, 1190 #endif /* MBEDTLS_SHA1_C */ 1191 #endif /* MBEDTLS_ARC4_C */ 1192 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1193 1194 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1195 #if defined(MBEDTLS_AES_C) 1196 #if defined(MBEDTLS_GCM_C) 1197 #if defined(MBEDTLS_SHA256_C) 1198 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", 1199 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1200 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1201 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1202 0 }, 1203 #endif /* MBEDTLS_SHA256_C */ 1204 1205 #if defined(MBEDTLS_SHA512_C) 1206 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", 1207 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1208 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1209 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1210 0 }, 1211 #endif /* MBEDTLS_SHA512_C */ 1212 #endif /* MBEDTLS_GCM_C */ 1213 1214 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1215 #if defined(MBEDTLS_SHA256_C) 1216 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", 1217 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1218 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1219 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1220 0 }, 1221 #endif /* MBEDTLS_SHA256_C */ 1222 1223 #if defined(MBEDTLS_SHA512_C) 1224 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", 1225 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1226 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1227 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1228 0 }, 1229 #endif /* MBEDTLS_SHA512_C */ 1230 1231 #if defined(MBEDTLS_SHA1_C) 1232 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", 1233 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1234 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1235 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1236 0 }, 1237 1238 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", 1239 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1240 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1241 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1242 0 }, 1243 #endif /* MBEDTLS_SHA1_C */ 1244 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1245 #if defined(MBEDTLS_CCM_C) 1246 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", 1247 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1248 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1249 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1250 0 }, 1251 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", 1252 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1253 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1254 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1255 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1256 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", 1257 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1258 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1259 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1260 0 }, 1261 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", 1262 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1263 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1264 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1265 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1266 #endif /* MBEDTLS_CCM_C */ 1267 #endif /* MBEDTLS_AES_C */ 1268 1269 #if defined(MBEDTLS_CAMELLIA_C) 1270 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1271 #if defined(MBEDTLS_SHA256_C) 1272 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1273 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1274 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1275 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1276 0 }, 1277 #endif /* MBEDTLS_SHA256_C */ 1278 1279 #if defined(MBEDTLS_SHA512_C) 1280 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1281 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1282 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1283 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1284 0 }, 1285 #endif /* MBEDTLS_SHA512_C */ 1286 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1287 1288 #if defined(MBEDTLS_GCM_C) 1289 #if defined(MBEDTLS_SHA256_C) 1290 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1291 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1292 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1293 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1294 0 }, 1295 #endif /* MBEDTLS_SHA256_C */ 1296 1297 #if defined(MBEDTLS_SHA512_C) 1298 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1299 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1300 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1301 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1302 0 }, 1303 #endif /* MBEDTLS_SHA512_C */ 1304 #endif /* MBEDTLS_GCM_C */ 1305 #endif /* MBEDTLS_CAMELLIA_C */ 1306 1307 #if defined(MBEDTLS_DES_C) 1308 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1309 #if defined(MBEDTLS_SHA1_C) 1310 { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", 1311 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1312 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1313 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1314 0 }, 1315 #endif /* MBEDTLS_SHA1_C */ 1316 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1317 #endif /* MBEDTLS_DES_C */ 1318 1319 #if defined(MBEDTLS_ARC4_C) 1320 #if defined(MBEDTLS_SHA1_C) 1321 { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA", 1322 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1323 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1324 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1325 MBEDTLS_CIPHERSUITE_NODTLS }, 1326 #endif /* MBEDTLS_SHA1_C */ 1327 #endif /* MBEDTLS_ARC4_C */ 1328 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1329 1330 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1331 #if defined(MBEDTLS_AES_C) 1332 1333 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1334 #if defined(MBEDTLS_SHA256_C) 1335 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", 1336 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1337 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1338 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1339 0 }, 1340 #endif /* MBEDTLS_SHA256_C */ 1341 1342 #if defined(MBEDTLS_SHA512_C) 1343 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", 1344 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1345 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1346 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1347 0 }, 1348 #endif /* MBEDTLS_SHA512_C */ 1349 1350 #if defined(MBEDTLS_SHA1_C) 1351 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", 1352 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1353 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1354 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1355 0 }, 1356 1357 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", 1358 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1359 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1360 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1361 0 }, 1362 #endif /* MBEDTLS_SHA1_C */ 1363 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1364 #endif /* MBEDTLS_AES_C */ 1365 1366 #if defined(MBEDTLS_CAMELLIA_C) 1367 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1368 #if defined(MBEDTLS_SHA256_C) 1369 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1370 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1371 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1372 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1373 0 }, 1374 #endif /* MBEDTLS_SHA256_C */ 1375 1376 #if defined(MBEDTLS_SHA512_C) 1377 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1378 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1379 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1380 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1381 0 }, 1382 #endif /* MBEDTLS_SHA512_C */ 1383 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1384 #endif /* MBEDTLS_CAMELLIA_C */ 1385 1386 #if defined(MBEDTLS_DES_C) 1387 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1388 #if defined(MBEDTLS_SHA1_C) 1389 { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", 1390 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1391 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1392 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1393 0 }, 1394 #endif /* MBEDTLS_SHA1_C */ 1395 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1396 #endif /* MBEDTLS_DES_C */ 1397 1398 #if defined(MBEDTLS_ARC4_C) 1399 #if defined(MBEDTLS_SHA1_C) 1400 { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA", 1401 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1402 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1403 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1404 MBEDTLS_CIPHERSUITE_NODTLS }, 1405 #endif /* MBEDTLS_SHA1_C */ 1406 #endif /* MBEDTLS_ARC4_C */ 1407 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1408 1409 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1410 #if defined(MBEDTLS_AES_C) 1411 #if defined(MBEDTLS_GCM_C) 1412 #if defined(MBEDTLS_SHA256_C) 1413 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", 1414 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1415 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1416 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1417 0 }, 1418 #endif /* MBEDTLS_SHA256_C */ 1419 1420 #if defined(MBEDTLS_SHA512_C) 1421 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", 1422 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1423 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1424 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1425 0 }, 1426 #endif /* MBEDTLS_SHA512_C */ 1427 #endif /* MBEDTLS_GCM_C */ 1428 1429 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1430 #if defined(MBEDTLS_SHA256_C) 1431 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", 1432 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1433 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1434 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1435 0 }, 1436 #endif /* MBEDTLS_SHA256_C */ 1437 1438 #if defined(MBEDTLS_SHA512_C) 1439 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", 1440 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1441 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1442 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1443 0 }, 1444 #endif /* MBEDTLS_SHA512_C */ 1445 1446 #if defined(MBEDTLS_SHA1_C) 1447 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", 1448 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1449 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1450 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1451 0 }, 1452 1453 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", 1454 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1455 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1456 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1457 0 }, 1458 #endif /* MBEDTLS_SHA1_C */ 1459 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1460 #endif /* MBEDTLS_AES_C */ 1461 1462 #if defined(MBEDTLS_CAMELLIA_C) 1463 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1464 #if defined(MBEDTLS_SHA256_C) 1465 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1466 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1467 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1468 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1469 0 }, 1470 #endif /* MBEDTLS_SHA256_C */ 1471 1472 #if defined(MBEDTLS_SHA512_C) 1473 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1474 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1475 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1476 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1477 0 }, 1478 #endif /* MBEDTLS_SHA512_C */ 1479 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1480 1481 #if defined(MBEDTLS_GCM_C) 1482 #if defined(MBEDTLS_SHA256_C) 1483 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1484 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1485 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1486 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1487 0 }, 1488 #endif /* MBEDTLS_SHA256_C */ 1489 1490 #if defined(MBEDTLS_SHA512_C) 1491 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1492 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1493 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1494 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1495 0 }, 1496 #endif /* MBEDTLS_SHA512_C */ 1497 #endif /* MBEDTLS_GCM_C */ 1498 #endif /* MBEDTLS_CAMELLIA_C */ 1499 1500 #if defined(MBEDTLS_DES_C) 1501 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1502 #if defined(MBEDTLS_SHA1_C) 1503 { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", 1504 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1505 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1506 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1507 0 }, 1508 #endif /* MBEDTLS_SHA1_C */ 1509 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1510 #endif /* MBEDTLS_DES_C */ 1511 1512 #if defined(MBEDTLS_ARC4_C) 1513 #if defined(MBEDTLS_SHA1_C) 1514 { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA", 1515 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1516 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1517 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1518 MBEDTLS_CIPHERSUITE_NODTLS }, 1519 #endif /* MBEDTLS_SHA1_C */ 1520 #endif /* MBEDTLS_ARC4_C */ 1521 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1522 1523 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1524 #if defined(MBEDTLS_AES_C) 1525 #if defined(MBEDTLS_CCM_C) 1526 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", 1527 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, 1528 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1529 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1530 MBEDTLS_CIPHERSUITE_SHORT_TAG }, 1531 #endif /* MBEDTLS_CCM_C */ 1532 #endif /* MBEDTLS_AES_C */ 1533 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1534 1535 #if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES) 1536 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1537 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1538 #if defined(MBEDTLS_MD5_C) 1539 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", 1540 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 1541 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1542 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1543 MBEDTLS_CIPHERSUITE_WEAK }, 1544 #endif 1545 1546 #if defined(MBEDTLS_SHA1_C) 1547 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", 1548 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1549 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1550 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1551 MBEDTLS_CIPHERSUITE_WEAK }, 1552 #endif 1553 1554 #if defined(MBEDTLS_SHA256_C) 1555 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", 1556 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1557 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1558 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1559 MBEDTLS_CIPHERSUITE_WEAK }, 1560 #endif 1561 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1562 1563 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1564 #if defined(MBEDTLS_SHA1_C) 1565 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", 1566 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1567 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1568 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1569 MBEDTLS_CIPHERSUITE_WEAK }, 1570 #endif /* MBEDTLS_SHA1_C */ 1571 1572 #if defined(MBEDTLS_SHA256_C) 1573 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", 1574 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1575 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1576 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1577 MBEDTLS_CIPHERSUITE_WEAK }, 1578 #endif 1579 1580 #if defined(MBEDTLS_SHA512_C) 1581 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", 1582 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1583 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1584 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1585 MBEDTLS_CIPHERSUITE_WEAK }, 1586 #endif 1587 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1588 1589 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1590 #if defined(MBEDTLS_SHA1_C) 1591 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", 1592 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1593 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1594 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1595 MBEDTLS_CIPHERSUITE_WEAK }, 1596 #endif /* MBEDTLS_SHA1_C */ 1597 1598 #if defined(MBEDTLS_SHA256_C) 1599 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", 1600 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1601 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1602 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1603 MBEDTLS_CIPHERSUITE_WEAK }, 1604 #endif 1605 1606 #if defined(MBEDTLS_SHA512_C) 1607 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", 1608 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1609 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1610 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1611 MBEDTLS_CIPHERSUITE_WEAK }, 1612 #endif 1613 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1614 1615 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1616 #if defined(MBEDTLS_SHA1_C) 1617 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", 1618 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1619 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1620 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1621 MBEDTLS_CIPHERSUITE_WEAK }, 1622 #endif /* MBEDTLS_SHA1_C */ 1623 1624 #if defined(MBEDTLS_SHA256_C) 1625 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", 1626 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1627 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1628 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1629 MBEDTLS_CIPHERSUITE_WEAK }, 1630 #endif 1631 1632 #if defined(MBEDTLS_SHA512_C) 1633 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", 1634 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1635 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1636 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1637 MBEDTLS_CIPHERSUITE_WEAK }, 1638 #endif 1639 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1640 1641 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1642 #if defined(MBEDTLS_SHA1_C) 1643 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", 1644 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1645 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1646 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1647 MBEDTLS_CIPHERSUITE_WEAK }, 1648 #endif /* MBEDTLS_SHA1_C */ 1649 1650 #if defined(MBEDTLS_SHA256_C) 1651 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", 1652 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1653 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1654 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1655 MBEDTLS_CIPHERSUITE_WEAK }, 1656 #endif 1657 1658 #if defined(MBEDTLS_SHA512_C) 1659 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", 1660 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1661 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, 1662 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1663 MBEDTLS_CIPHERSUITE_WEAK }, 1664 #endif 1665 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1666 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1667 1668 #if defined(MBEDTLS_DES_C) 1669 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1670 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 1671 #if defined(MBEDTLS_SHA1_C) 1672 { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", 1673 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1674 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1675 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1676 MBEDTLS_CIPHERSUITE_WEAK }, 1677 #endif /* MBEDTLS_SHA1_C */ 1678 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 1679 1680 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1681 #if defined(MBEDTLS_SHA1_C) 1682 { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", 1683 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1684 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, 1685 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 1686 MBEDTLS_CIPHERSUITE_WEAK }, 1687 #endif /* MBEDTLS_SHA1_C */ 1688 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1689 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1690 #endif /* MBEDTLS_DES_C */ 1691 #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */ 1692 1693 { 0, "", 1694 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 1695 0, 0, 0, 0, 0 } 1696 }; 1697 1698 #if defined(MBEDTLS_SSL_CIPHERSUITES) 1699 const int *mbedtls_ssl_list_ciphersuites( void ) 1700 { 1701 return( ciphersuite_preference ); 1702 } 1703 #else 1704 #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \ 1705 sizeof( ciphersuite_definitions[0] ) 1706 static int supported_ciphersuites[MAX_CIPHERSUITES]; 1707 static int supported_init = 0; 1708 1709 const int *mbedtls_ssl_list_ciphersuites( void ) 1710 { 1711 /* 1712 * On initial call filter out all ciphersuites not supported by current 1713 * build based on presence in the ciphersuite_definitions. 1714 */ 1715 if( supported_init == 0 ) 1716 { 1717 const int *p; 1718 int *q; 1719 1720 for( p = ciphersuite_preference, q = supported_ciphersuites; 1721 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; 1722 p++ ) 1723 { 1724 #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) 1725 const mbedtls_ssl_ciphersuite_t *cs_info; 1726 if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && 1727 cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 ) 1728 #else 1729 if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL ) 1730 #endif 1731 *(q++) = *p; 1732 } 1733 *q = 0; 1734 1735 supported_init = 1; 1736 } 1737 1738 return( supported_ciphersuites ); 1739 } 1740 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 1741 1742 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( 1743 const char *ciphersuite_name ) 1744 { 1745 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1746 1747 if( NULL == ciphersuite_name ) 1748 return( NULL ); 1749 1750 while( cur->id != 0 ) 1751 { 1752 if( 0 == strcmp( cur->name, ciphersuite_name ) ) 1753 return( cur ); 1754 1755 cur++; 1756 } 1757 1758 return( NULL ); 1759 } 1760 1761 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite ) 1762 { 1763 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1764 1765 while( cur->id != 0 ) 1766 { 1767 if( cur->id == ciphersuite ) 1768 return( cur ); 1769 1770 cur++; 1771 } 1772 1773 return( NULL ); 1774 } 1775 1776 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) 1777 { 1778 const mbedtls_ssl_ciphersuite_t *cur; 1779 1780 cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); 1781 1782 if( cur == NULL ) 1783 return( "unknown" ); 1784 1785 return( cur->name ); 1786 } 1787 1788 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) 1789 { 1790 const mbedtls_ssl_ciphersuite_t *cur; 1791 1792 cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name ); 1793 1794 if( cur == NULL ) 1795 return( 0 ); 1796 1797 return( cur->id ); 1798 } 1799 1800 #if defined(MBEDTLS_PK_C) 1801 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ) 1802 { 1803 switch( info->key_exchange ) 1804 { 1805 case MBEDTLS_KEY_EXCHANGE_RSA: 1806 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1807 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1808 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1809 return( MBEDTLS_PK_RSA ); 1810 1811 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1812 return( MBEDTLS_PK_ECDSA ); 1813 1814 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1815 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1816 return( MBEDTLS_PK_ECKEY ); 1817 1818 default: 1819 return( MBEDTLS_PK_NONE ); 1820 } 1821 } 1822 1823 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ) 1824 { 1825 switch( info->key_exchange ) 1826 { 1827 case MBEDTLS_KEY_EXCHANGE_RSA: 1828 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1829 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1830 return( MBEDTLS_PK_RSA ); 1831 1832 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1833 return( MBEDTLS_PK_ECDSA ); 1834 1835 default: 1836 return( MBEDTLS_PK_NONE ); 1837 } 1838 } 1839 1840 #endif /* MBEDTLS_PK_C */ 1841 1842 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 1843 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1844 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) 1845 { 1846 switch( info->key_exchange ) 1847 { 1848 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1849 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1850 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 1851 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1852 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1853 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 1854 return( 1 ); 1855 1856 default: 1857 return( 0 ); 1858 } 1859 } 1860 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ 1861 1862 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 1863 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) 1864 { 1865 switch( info->key_exchange ) 1866 { 1867 case MBEDTLS_KEY_EXCHANGE_PSK: 1868 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1869 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 1870 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 1871 return( 1 ); 1872 1873 default: 1874 return( 0 ); 1875 } 1876 } 1877 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ 1878 1879 #endif /* MBEDTLS_SSL_TLS_C */ 1880