From c24bf2e03c4a20192d0795ef087e725fe1df162d Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 10 Aug 2014 14:57:04 +0000 Subject: [PATCH] Remove disabled (weakened export and non-ephemeral DH) cipher suites from the cipher list. This reduces code size, saves data segment space and prevents them from being turned back on at runtime by flipping a bit in memory. ok guenther@ --- lib/libssl/s3_lib.c | 475 +----------------------------------- lib/libssl/src/ssl/s3_lib.c | 475 +----------------------------------- 2 files changed, 10 insertions(+), 940 deletions(-) diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 4631c517ccc..e66f841df38 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.73 2014/08/07 20:02:23 miod Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.74 2014/08/10 14:57:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -200,22 +200,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 0, }, - /* Cipher 03 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_RSA_RC4_40_MD5, - .id = SSL3_CK_RSA_RC4_40_MD5, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 04 */ { .valid = 1, @@ -248,22 +232,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 06 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_RSA_RC2_40_MD5, - .id = SSL3_CK_RSA_RC2_40_MD5, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC2, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA { @@ -282,22 +250,6 @@ SSL_CIPHER ssl3_ciphers[] = { }, #endif - /* Cipher 08 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_RSA_DES_40_CBC_SHA, - .id = SSL3_CK_RSA_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - /* Cipher 09 */ { .valid = 1, @@ -330,119 +282,7 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 168, }, - /* The DH ciphers */ - /* Cipher 0B */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - - /* Cipher 0C */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - .id = SSL3_CK_DH_DSS_DES_64_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 56, - .alg_bits = 56, - }, - - /* Cipher 0D */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - .id = SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 112, - .alg_bits = 168, - }, - - /* Cipher 0E */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - .id = SSL3_CK_DH_RSA_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - - /* Cipher 0F */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - .id = SSL3_CK_DH_RSA_DES_64_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 56, - .alg_bits = 56, - }, - - /* Cipher 10 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - .id = SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 112, - .alg_bits = 168, - }, - /* The Ephemeral DH ciphers */ - /* Cipher 11 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aDSS, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, /* Cipher 12 */ { @@ -476,22 +316,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 168, }, - /* Cipher 14 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - /* Cipher 15 */ { .valid = 1, @@ -524,22 +348,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 168, }, - /* Cipher 17 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_ADH_RC4_40_MD5, - .id = SSL3_CK_ADH_RC4_40_MD5, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 18 */ { .valid = 1, @@ -556,22 +364,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 19 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_ADH_DES_40_CBC_SHA, - .id = SSL3_CK_ADH_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 1A */ { .valid = 1, @@ -605,6 +397,7 @@ SSL_CIPHER ssl3_ciphers[] = { }, /* New AES ciphersuites */ + /* Cipher 2F */ { .valid = 1, @@ -620,36 +413,7 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 128, .alg_bits = 128, }, - /* Cipher 30 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - /* Cipher 31 */ - { - .valid = 0, - .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, + /* Cipher 32 */ { .valid = 1, @@ -665,6 +429,7 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 128, .alg_bits = 128, }, + /* Cipher 33 */ { .valid = 1, @@ -680,6 +445,7 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 128, .alg_bits = 128, }, + /* Cipher 34 */ { .valid = 1, @@ -711,37 +477,6 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 256, .alg_bits = 256, }, - /* Cipher 36 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher 37 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, /* Cipher 38 */ { @@ -840,38 +575,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher 3E */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, - .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher 3F */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, - .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - /* Cipher 40 */ { .valid = 1, @@ -907,38 +610,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 42 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher 43 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - /* Cipher 44 */ { .valid = 1, @@ -1005,38 +676,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 68 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, - .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher 69 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, - .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher 6A */ { .valid = 1, @@ -1181,38 +820,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher 85 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher 86 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher 87 */ { .valid = 1, @@ -1337,42 +944,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher A0 */ - { - .valid = 0, - .name = TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, - .id = TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher A1 */ - { - .valid = 0, - .name = TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, - .id = TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher A2 */ { .valid = 1, @@ -1409,42 +980,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher A4 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, - .id = TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher A5 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, - .id = TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher A6 */ { .valid = 1, diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 4631c517ccc..e66f841df38 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.73 2014/08/07 20:02:23 miod Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.74 2014/08/10 14:57:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -200,22 +200,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 0, }, - /* Cipher 03 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_RSA_RC4_40_MD5, - .id = SSL3_CK_RSA_RC4_40_MD5, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 04 */ { .valid = 1, @@ -248,22 +232,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 06 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_RSA_RC2_40_MD5, - .id = SSL3_CK_RSA_RC2_40_MD5, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_RC2, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA { @@ -282,22 +250,6 @@ SSL_CIPHER ssl3_ciphers[] = { }, #endif - /* Cipher 08 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_RSA_DES_40_CBC_SHA, - .id = SSL3_CK_RSA_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kRSA, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - /* Cipher 09 */ { .valid = 1, @@ -330,119 +282,7 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 168, }, - /* The DH ciphers */ - /* Cipher 0B */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - - /* Cipher 0C */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - .id = SSL3_CK_DH_DSS_DES_64_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 56, - .alg_bits = 56, - }, - - /* Cipher 0D */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - .id = SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 112, - .alg_bits = 168, - }, - - /* Cipher 0E */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - .id = SSL3_CK_DH_RSA_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - - /* Cipher 0F */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - .id = SSL3_CK_DH_RSA_DES_64_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 56, - .alg_bits = 56, - }, - - /* Cipher 10 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - .id = SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_3DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 112, - .alg_bits = 168, - }, - /* The Ephemeral DH ciphers */ - /* Cipher 11 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aDSS, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, /* Cipher 12 */ { @@ -476,22 +316,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 168, }, - /* Cipher 14 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 56, - }, - /* Cipher 15 */ { .valid = 1, @@ -524,22 +348,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 168, }, - /* Cipher 17 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_ADH_RC4_40_MD5, - .id = SSL3_CK_ADH_RC4_40_MD5, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_RC4, - .algorithm_mac = SSL_MD5, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 18 */ { .valid = 1, @@ -556,22 +364,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 19 */ - { - .valid = 0, /* Weakened 40-bit export cipher. */ - .name = SSL3_TXT_ADH_DES_40_CBC_SHA, - .id = SSL3_CK_ADH_DES_40_CBC_SHA, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aNULL, - .algorithm_enc = SSL_DES, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_SSLV3, - .algo_strength = 0, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 40, - .alg_bits = 128, - }, - /* Cipher 1A */ { .valid = 1, @@ -605,6 +397,7 @@ SSL_CIPHER ssl3_ciphers[] = { }, /* New AES ciphersuites */ + /* Cipher 2F */ { .valid = 1, @@ -620,36 +413,7 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 128, .alg_bits = 128, }, - /* Cipher 30 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - /* Cipher 31 */ - { - .valid = 0, - .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, + /* Cipher 32 */ { .valid = 1, @@ -665,6 +429,7 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 128, .alg_bits = 128, }, + /* Cipher 33 */ { .valid = 1, @@ -680,6 +445,7 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 128, .alg_bits = 128, }, + /* Cipher 34 */ { .valid = 1, @@ -711,37 +477,6 @@ SSL_CIPHER ssl3_ciphers[] = { .strength_bits = 256, .alg_bits = 256, }, - /* Cipher 36 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher 37 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, /* Cipher 38 */ { @@ -840,38 +575,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher 3E */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, - .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher 3F */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, - .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA256, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - /* Cipher 40 */ { .valid = 1, @@ -907,38 +610,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 42 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher 43 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA128, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 128, - .alg_bits = 128, - }, - /* Cipher 44 */ { .valid = 1, @@ -1005,38 +676,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 128, }, - /* Cipher 68 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, - .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher 69 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, - .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA256, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256, - .algorithm_mac = SSL_SHA256, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher 6A */ { .valid = 1, @@ -1181,38 +820,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher 85 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher 86 */ - { - .valid = 0, /* not implemented (non-ephemeral DH) */ - .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_CAMELLIA256, - .algorithm_mac = SSL_SHA1, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher 87 */ { .valid = 1, @@ -1337,42 +944,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher A0 */ - { - .valid = 0, - .name = TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, - .id = TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher A1 */ - { - .valid = 0, - .name = TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, - .id = TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kDHr, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher A2 */ { .valid = 1, @@ -1409,42 +980,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher A4 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, - .id = TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES128GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 128, - .alg_bits = 128, - }, - - /* Cipher A5 */ - { - .valid = 0, - .name = TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, - .id = TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - .algorithm_mkey = SSL_kDHd, - .algorithm_auth = SSL_aDH, - .algorithm_enc = SSL_AES256GCM, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher A6 */ { .valid = 1, -- 2.20.1