summaryrefslogtreecommitdiff
path: root/lib/algorithms/ciphersuites.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-03-11 20:15:07 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-03-12 00:20:31 +0100
commitba1a0fae3371baccaa24aed1f5fcdc12f6df82e1 (patch)
tree560f35017d91b2c56dc9ff6b709cfeb675f0f9b6 /lib/algorithms/ciphersuites.c
parent161905abf20fb502c70b610f45789a917f3ed695 (diff)
downloadgnutls-ba1a0fae3371baccaa24aed1f5fcdc12f6df82e1.tar.gz
Added options to disable more key exchange mechanisms.
In that DHE was separated from ECDHE.
Diffstat (limited to 'lib/algorithms/ciphersuites.c')
-rw-r--r--lib/algorithms/ciphersuites.c447
1 files changed, 229 insertions, 218 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index e5fdc3ac54..817f07b659 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -221,147 +221,65 @@ typedef struct
#define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
static const gnutls_cipher_suite_entry cs_algorithms[] = {
- /* DH_ANON */
- ENTRY (GNUTLS_DH_ANON_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0),
- ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ /* RSA-NULL */
+ ENTRY (GNUTLS_RSA_NULL_MD5,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ ENTRY (GNUTLS_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ ENTRY (GNUTLS_RSA_NULL_SHA256,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
- /* PSK */
- ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ /* RSA */
+ ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 0),
- ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
-
- /* DHE-PSK */
- ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 0),
- ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
-
- /* SRP */
- ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+/* GCM */
+ ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
/* DHE_DSS */
+#ifdef ENABLE_DHE
ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
@@ -427,68 +345,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
- /* RSA-NULL */
- ENTRY (GNUTLS_RSA_NULL_MD5,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_NULL_SHA256,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
-
- /* RSA-EXPORT */
- ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
- GNUTLS_CIPHER_ARCFOUR_40,
- GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_TLS1_0, 0),
-
- /* RSA */
- ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 0),
- ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 0),
- ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
-/* GCM */
- ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
@@ -497,27 +353,8 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1),
-/* ECC-ANON */
- ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
- GNUTLS_VERSION_MAX, 1),
+#endif /* DHE */
+#ifdef ENABLE_ECDHE
/* ECC-RSA */
ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1,
GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
@@ -570,6 +407,20 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+#endif
+#ifdef ENABLE_PSK
/* ECC - PSK */
ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
@@ -599,18 +450,67 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
GNUTLS_MAC_SHA384, GNUTLS_TLS1_0,
GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+
+ /* PSK */
+ ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 0),
+ ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ /* DHE-PSK */
+ ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 0),
+ ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
ENTRY_PRF(GNUTLS_PSK_WITH_AES_256_GCM_SHA384,
GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
@@ -619,6 +519,117 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+#endif
+#ifdef ENABLE_ANON
+ /* DH_ANON */
+ ENTRY (GNUTLS_DH_ANON_ARCFOUR_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0),
+ ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX, 1),
+/* ECC-ANON */
+ ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+ GNUTLS_VERSION_MAX, 1),
+#endif
+#ifdef ENABLE_SRP
+ /* SRP */
+ ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+ ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+
+ ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX, 1),
+#endif
+#ifdef ENABLE_RSA_EXPORT
+ /* RSA-EXPORT */
+ ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
+ GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_TLS1_0, 0),
+#endif
{0, {0, 0}, 0, 0, 0, 0, 0, 0}
};
View Lorry Controller Status