1 /* ssl/tls1.h */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *   notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *   notice, this list of conditions and the following disclaimer in the
30  *   documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *   must display the following acknowledgement:
33  *   "This product includes cryptographic software written by
34  *    Eric Young (eay@cryptsoft.com)"
35  *   The word 'cryptographic' can be left out if the rouines from the library
36  *   being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *   the apps directory (application code) you must include an acknowledgement:
39  *   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *   notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *   notice, this list of conditions and the following disclaimer in
70  *   the documentation and/or other materials provided with the
71  *   distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *   software must display the following acknowledgment:
75  *   "This product includes software developed by the OpenSSL Project
76  *   for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *   endorse or promote products derived from this software without
80  *   prior written permission. For written permission, please contact
81  *   openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *   nor may "OpenSSL" appear in their names without prior written
85  *   permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *   acknowledgment:
89  *   "This product includes software developed by the OpenSSL Project
90  *   for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 module deimos.openssl.tls1;
152 
153 import deimos.openssl._d_util;
154 
155 import deimos.openssl.ssl; // Needed for SSL_CTX_*.
156 public import deimos.openssl.buffer;
157 
158 extern (C):
159 nothrow:
160 
161 enum TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES = 0;
162 
163 enum TLS1_2_VERSION = 0x0303;
164 enum TLS1_2_VERSION_MAJOR = 0x03;
165 enum TLS1_2_VERSION_MINOR = 0x03;
166 
167 enum TLS1_1_VERSION = 0x0302;
168 enum TLS1_1_VERSION_MAJOR = 0x03;
169 enum TLS1_1_VERSION_MINOR = 0x02;
170 
171 enum TLS1_VERSION = 0x0301;
172 enum TLS1_VERSION_MAJOR = 0x03;
173 enum TLS1_VERSION_MINOR = 0x01;
174 
175 auto TLS1_get_version()(const(SSL)* s) {
176     return (s.version_ >> 8) == TLS1_VERSION_MAJOR ? s.version_ : 0;
177 }
178 
179 auto TLS1_get_client_version()(const(SSL)* s) {
180     return (s.version_ >> 8) == TLS1_VERSION_MAJOR ? s.client_version : 0;
181 }
182 
183 enum TLS1_AD_DECRYPTION_FAILED = 21;
184 enum TLS1_AD_RECORD_OVERFLOW = 22;
185 enum TLS1_AD_UNKNOWN_CA = 48;	/* fatal */
186 enum TLS1_AD_ACCESS_DENIED = 49;	/* fatal */
187 enum TLS1_AD_DECODE_ERROR = 50;	/* fatal */
188 enum TLS1_AD_DECRYPT_ERROR = 51;
189 enum TLS1_AD_EXPORT_RESTRICTION = 60;	/* fatal */
190 enum TLS1_AD_PROTOCOL_VERSION = 70;	/* fatal */
191 enum TLS1_AD_INSUFFICIENT_SECURITY = 71;	/* fatal */
192 enum TLS1_AD_INTERNAL_ERROR = 80;	/* fatal */
193 enum TLS1_AD_USER_CANCELLED = 90;
194 enum TLS1_AD_NO_RENEGOTIATION = 100;
195 /* codes 110-114 are from RFC3546 */
196 enum TLS1_AD_UNSUPPORTED_EXTENSION = 110;
197 enum TLS1_AD_CERTIFICATE_UNOBTAINABLE = 111;
198 enum TLS1_AD_UNRECOGNIZED_NAME = 112;
199 enum TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE = 113;
200 enum TLS1_AD_BAD_CERTIFICATE_HASH_VALUE = 114;
201 enum TLS1_AD_UNKNOWN_PSK_IDENTITY = 115;	/* fatal */
202 
203 /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
204 enum TLSEXT_TYPE_server_name = 0;
205 enum TLSEXT_TYPE_max_fragment_length = 1;
206 enum TLSEXT_TYPE_client_certificate_url = 2;
207 enum TLSEXT_TYPE_trusted_ca_keys = 3;
208 enum TLSEXT_TYPE_truncated_hmac = 4;
209 enum TLSEXT_TYPE_status_request = 5;
210 /* ExtensionType values from RFC4681 */
211 enum TLSEXT_TYPE_user_mapping = 6;
212 
213 /* ExtensionType values from RFC5878 */
214 enum TLSEXT_TYPE_client_authz = 7;
215 enum TLSEXT_TYPE_server_authz = 8;
216 
217 /* ExtensionType values from RFC6091 */
218 enum TLSEXT_TYPE_cert_type = 9;
219 
220 /* ExtensionType values from RFC4492 */
221 enum TLSEXT_TYPE_elliptic_curves = 10;
222 enum TLSEXT_TYPE_ec_point_formats = 11;
223 
224 /* ExtensionType value from RFC5054 */
225 enum TLSEXT_TYPE_srp = 12;
226 
227 /* ExtensionType values from RFC5246 */
228 enum TLSEXT_TYPE_signature_algorithms = 13;
229 
230 /* ExtensionType value from RFC5764 */
231 enum TLSEXT_TYPE_use_srtp = 14;
232 
233 /* ExtensionType value from RFC5620 */
234 enum TLSEXT_TYPE_heartbeat = 15;
235 
236 /* ExtensionType value for TLS padding extension.
237  * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
238  * http://tools.ietf.org/html/draft-agl-tls-padding-03
239  */
240 enum TLSEXT_TYPE_padding = 21;
241 
242 /* ExtensionType value from RFC4507 */
243 enum TLSEXT_TYPE_session_ticket = 35;
244 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
245 /+#if 0 /* will have to be provided externally for now ,
246        * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
247        * using whatever extension number you'd like to try */
248 # define TLSEXT_TYPE_opaque_prf_input		?? */
249 #endif+/
250 
251 /* Temporary extension type */
252 enum TLSEXT_TYPE_renegotiate = 0xff01;
253 
254 version(OPENSSL_NO_NEXTPROTONEG) {} else {
255 /* This is not an IANA defined extension number */
256 enum TLSEXT_TYPE_next_proto_neg = 13172;
257 }
258 
259 /* NameType value from RFC 3546 */
260 enum TLSEXT_NAMETYPE_host_name = 0;
261 /* status request value from RFC 3546 */
262 enum TLSEXT_STATUSTYPE_ocsp = 1;
263 
264 /* ECPointFormat values from draft-ietf-tls-ecc-12 */
265 enum TLSEXT_ECPOINTFORMAT_first = 0;
266 enum TLSEXT_ECPOINTFORMAT_uncompressed = 0;
267 enum TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime = 1;
268 enum TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 = 2;
269 enum TLSEXT_ECPOINTFORMAT_last = 2;
270 
271 /* Signature and hash algorithms from RFC 5246 */
272 
273 enum TLSEXT_signature_anonymous = 0;
274 enum TLSEXT_signature_rsa = 1;
275 enum TLSEXT_signature_dsa = 2;
276 enum TLSEXT_signature_ecdsa = 3;
277 
278 enum TLSEXT_hash_none = 0;
279 enum TLSEXT_hash_md5 = 1;
280 enum TLSEXT_hash_sha1 = 2;
281 enum TLSEXT_hash_sha224 = 3;
282 enum TLSEXT_hash_sha256 = 4;
283 enum TLSEXT_hash_sha384 = 5;
284 enum TLSEXT_hash_sha512 = 6;
285 
286 version (OPENSSL_NO_TLSEXT) {} else {
287 
288 enum TLSEXT_MAXLEN_host_name = 255;
289 
290 const(char)* SSL_get_servername(const(SSL)* s, const int type);
291 int SSL_get_servername_type(const(SSL)* s);
292 /* SSL_export_keying_material exports a value derived from the master secret,
293  * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
294  * optional context. (Since a zero length context is allowed, the |use_context|
295  * flag controls whether a context is included.)
296  *
297  * It returns 1 on success and zero otherwise.
298  */
299 int SSL_export_keying_material(SSL *s, ubyte* out_, size_t olen,
300 	const char *label, size_t llen, const(ubyte)* p, size_t plen,
301 	int use_context);
302 
303 auto SSL_set_tlsext_host_name()(SSL* s,char* name) {
304 	return SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,name);
305 }
306 
307 auto SSL_set_tlsext_debug_callback()(SSL* ssl, ExternC!(void function()) cb) {
308 	return SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,cb);
309 }
310 
311 auto SSL_set_tlsext_debug_arg()(SSL* ssl, void* arg) {
312 	return SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, arg);
313 }
314 
315 auto SSL_set_tlsext_status_type()(SSL* ssl, type) {
316 	return SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, null);
317 }
318 
319 auto SSL_get_tlsext_status_exts()(SSL* ssl, void* arg) {
320 	return SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, arg);
321 }
322 
323 auto SSL_set_tlsext_status_exts()(SSL* ssl, void* arg) {
324 	return SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, arg);
325 }
326 
327 auto SSL_get_tlsext_status_ids()(SSL* ssl, void* arg) {
328 	return SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, arg);
329 }
330 
331 auto SSL_set_tlsext_status_ids()(SSL* ssl, void* arg) {
332 	return SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, arg);
333 }
334 
335 auto SSL_get_tlsext_status_ocsp_resp()(SSL* ssl, void* arg) {
336 	return SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, arg);
337 }
338 
339 auto SSL_set_tlsext_status_ocsp_resp()(SSL* ssl, void* arg, void* arglen) {
340 	return SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, arg);
341 }
342 
343 auto SSL_CTX_set_tlsext_servername_callback(SSL_CTX* ctx, ExternC!(void function()) cb) {
344 	return SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,cb);
345 }
346 
347 enum SSL_TLSEXT_ERR_OK = 0;
348 enum SSL_TLSEXT_ERR_ALERT_WARNING = 1;
349 enum SSL_TLSEXT_ERR_ALERT_FATAL = 2;
350 enum SSL_TLSEXT_ERR_NOACK = 3;
351 
352 auto SSL_CTX_set_tlsext_servername_arg(SSL_CTX* ctx, void* arg) {
353 	return SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg);
354 }
355 
356 auto SSL_CTX_get_tlsext_ticket_keys(SSL_CTX* ctx, c_long keylen, void* keys) {
357 	return SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys);
358 }
359 auto SSL_CTX_set_tlsext_ticket_keys(SSL_CTX* ctx, c_long keylen, void* keys) {
360 	return SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys);
361 }
362 
363 auto SSL_CTX_set_tlsext_status_cb(SSL_CTX* ctx, ExternC!(void function()) cb) {
364 	return SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,cb);
365 }
366 
367 auto SSL_CTX_set_tlsext_status_arg(SSL_CTX* ctx, void* arg) {
368 	return SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg);
369 }
370 
371 auto SSL_set_tlsext_opaque_prf_input(SSL* s, void* src, c_long len) {
372 	return SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src);
373 }
374 
375 auto SSL_CTX_set_tlsext_opaque_prf_input_callback(SSL_CTX* ctx, ExternC!(void function()) cb) {
376 	return SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, cb);
377 }
378 auto SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(SSL_CTX* ctx, void* arg) {
379 	return SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg);
380 }
381 
382 version(OPENSSL_NO_HEARTBEATS) {} else {
383 enum SSL_TLSEXT_HB_ENABLED = 0x01;
384 enum SSL_TLSEXT_HB_DONT_SEND_REQUESTS = 0x02;
385 enum SSL_TLSEXT_HB_DONT_RECV_REQUESTS = 0x04;
386 
387 auto SSL_get_tlsext_heartbeat_pending()(SSL* ssl) {
388     return SSL_ctrl(ssl,SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,null);
389 }
390 auto SSL_set_tlsext_heartbeat_no_requests()(SSL* ssl, c_long arg) {
391     return SSL_ctrl(ssl,SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,null);
392 }
393 }
394 
395 auto SSL_CTX_set_tlsext_ticket_key_cb()(ssl, ExternC!(void function()) cb) {
396 	return SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,cb);
397 }
398 
399 }
400 
401 /* PSK ciphersuites from 4279 */
402 enum TLS1_CK_PSK_WITH_RC4_128_SHA = 0x0300008A;
403 enum TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA = 0x0300008B;
404 enum TLS1_CK_PSK_WITH_AES_128_CBC_SHA = 0x0300008C;
405 enum TLS1_CK_PSK_WITH_AES_256_CBC_SHA = 0x0300008D;
406 
407 /* Additional TLS ciphersuites from expired Internet Draft
408  * draft-ietf-tls-56-bit-ciphersuites-01.txt
409  * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
410  * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
411  * shouldn't.  Note that the first two are actually not in the IDs. */
412 enum TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x03000060; /* not in ID */
413 enum TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x03000061; /* not in ID */
414 enum TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x03000062;
415 enum TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x03000063;
416 enum TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x03000064;
417 enum TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x03000065;
418 enum TLS1_CK_DHE_DSS_WITH_RC4_128_SHA = 0x03000066;
419 
420 /* AES ciphersuites from RFC3268 */
421 
422 enum TLS1_CK_RSA_WITH_AES_128_SHA = 0x0300002F;
423 enum TLS1_CK_DH_DSS_WITH_AES_128_SHA = 0x03000030;
424 enum TLS1_CK_DH_RSA_WITH_AES_128_SHA = 0x03000031;
425 enum TLS1_CK_DHE_DSS_WITH_AES_128_SHA = 0x03000032;
426 enum TLS1_CK_DHE_RSA_WITH_AES_128_SHA = 0x03000033;
427 enum TLS1_CK_ADH_WITH_AES_128_SHA = 0x03000034;
428 
429 enum TLS1_CK_RSA_WITH_AES_256_SHA = 0x03000035;
430 enum TLS1_CK_DH_DSS_WITH_AES_256_SHA = 0x03000036;
431 enum TLS1_CK_DH_RSA_WITH_AES_256_SHA = 0x03000037;
432 enum TLS1_CK_DHE_DSS_WITH_AES_256_SHA = 0x03000038;
433 enum TLS1_CK_DHE_RSA_WITH_AES_256_SHA = 0x03000039;
434 enum TLS1_CK_ADH_WITH_AES_256_SHA = 0x0300003A;
435 
436 /* TLS v1.2 ciphersuites */
437 enum TLS1_CK_RSA_WITH_NULL_SHA256 = 0x0300003B;
438 enum TLS1_CK_RSA_WITH_AES_128_SHA256 = 0x0300003C;
439 enum TLS1_CK_RSA_WITH_AES_256_SHA256 = 0x0300003D;
440 enum TLS1_CK_DH_DSS_WITH_AES_128_SHA256 = 0x0300003E;
441 enum TLS1_CK_DH_RSA_WITH_AES_128_SHA256 = 0x0300003F;
442 enum TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 = 0x03000040;
443 
444 /* Camellia ciphersuites from RFC4132 */
445 enum TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x03000041;
446 enum TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x03000042;
447 enum TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x03000043;
448 enum TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x03000044;
449 enum TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x03000045;
450 enum TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA = 0x03000046;
451 
452 /* TLS v1.2 ciphersuites */
453 enum TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 = 0x03000067;
454 enum TLS1_CK_DH_DSS_WITH_AES_256_SHA256 = 0x03000068;
455 enum TLS1_CK_DH_RSA_WITH_AES_256_SHA256 = 0x03000069;
456 enum TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 = 0x0300006A;
457 enum TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 = 0x0300006B;
458 enum TLS1_CK_ADH_WITH_AES_128_SHA256 = 0x0300006C;
459 enum TLS1_CK_ADH_WITH_AES_256_SHA256 = 0x0300006D;
460 
461 /* Camellia ciphersuites from RFC4132 */
462 enum TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x03000084;
463 enum TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x03000085;
464 enum TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x03000086;
465 enum TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x03000087;
466 enum TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x03000088;
467 enum TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA = 0x03000089;
468 
469 /* SEED ciphersuites from RFC4162 */
470 enum TLS1_CK_RSA_WITH_SEED_SHA = 0x03000096;
471 enum TLS1_CK_DH_DSS_WITH_SEED_SHA = 0x03000097;
472 enum TLS1_CK_DH_RSA_WITH_SEED_SHA = 0x03000098;
473 enum TLS1_CK_DHE_DSS_WITH_SEED_SHA = 0x03000099;
474 enum TLS1_CK_DHE_RSA_WITH_SEED_SHA = 0x0300009A;
475 enum TLS1_CK_ADH_WITH_SEED_SHA = 0x0300009B;
476 
477 /* TLS v1.2 GCM ciphersuites from RFC5288 */
478 enum TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 = 0x0300009C;
479 enum TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 = 0x0300009D;
480 enum TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x0300009E;
481 enum TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x0300009F;
482 enum TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x030000A0;
483 enum TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x030000A1;
484 enum TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x030000A2;
485 enum TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x030000A3;
486 enum TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x030000A4;
487 enum TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x030000A5;
488 enum TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 = 0x030000A6;
489 enum TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 = 0x030000A7;
490 
491 /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
492 enum TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA = 0x0300C001;
493 enum TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA = 0x0300C002;
494 enum TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA = 0x0300C003;
495 enum TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x0300C004;
496 enum TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x0300C005;
497 
498 enum TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA = 0x0300C006;
499 enum TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x0300C007;
500 enum TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA = 0x0300C008;
501 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x0300C009;
502 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0300C00A;
503 
504 enum TLS1_CK_ECDH_RSA_WITH_NULL_SHA = 0x0300C00B;
505 enum TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA = 0x0300C00C;
506 enum TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA = 0x0300C00D;
507 enum TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0300C00E;
508 enum TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0300C00F;
509 
510 enum TLS1_CK_ECDHE_RSA_WITH_NULL_SHA = 0x0300C010;
511 enum TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA = 0x0300C011;
512 enum TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA = 0x0300C012;
513 enum TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x0300C013;
514 enum TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x0300C014;
515 
516 enum TLS1_CK_ECDH_anon_WITH_NULL_SHA = 0x0300C015;
517 enum TLS1_CK_ECDH_anon_WITH_RC4_128_SHA = 0x0300C016;
518 enum TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA = 0x0300C017;
519 enum TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA = 0x0300C018;
520 enum TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA = 0x0300C019;
521 
522 /* SRP ciphersuites from RFC 5054 */
523 enum TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0300C01A;
524 enum TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0300C01B;
525 enum TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0x0300C01C;
526 enum TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0300C01D;
527 enum TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0300C01E;
528 enum TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0x0300C01F;
529 enum TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0300C020;
530 enum TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0300C021;
531 enum TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0x0300C022;
532 
533 /* ECDH HMAC based ciphersuites from RFC5289 */
534 
535 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 = 0x0300C023;
536 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 = 0x0300C024;
537 enum TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 = 0x0300C025;
538 enum TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 = 0x0300C026;
539 enum TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 = 0x0300C027;
540 enum TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 = 0x0300C028;
541 enum TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 = 0x0300C029;
542 enum TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 = 0x0300C02A;
543 
544 /* ECDH GCM based ciphersuites from RFC5289 */
545 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x0300C02B;
546 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x0300C02C;
547 enum TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x0300C02D;
548 enum TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x0300C02E;
549 enum TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x0300C02F;
550 enum TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x0300C030;
551 enum TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x0300C031;
552 enum TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x0300C032;
553 
554 /* XXX
555  * Inconsistency alert:
556  * The OpenSSL names of ciphers with ephemeral DH here include the string
557  * "DHE", while elsewhere it has always been "EDH".
558  * (The alias for the list of all such ciphers also is "EDH".)
559  * The specifications speak of "EDH"; maybe we should allow both forms
560  * for everything. */
561 enum TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 = "EXP1024-RC4-MD5";
562 enum TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = "EXP1024-RC2-CBC-MD5";
563 enum TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA = "EXP1024-DES-CBC-SHA";
564 enum TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = "EXP1024-DHE-DSS-DES-CBC-SHA";
565 enum TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA = "EXP1024-RC4-SHA";
566 enum TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = "EXP1024-DHE-DSS-RC4-SHA";
567 enum TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA = "DHE-DSS-RC4-SHA";
568 
569 /* AES ciphersuites from RFC3268 */
570 enum TLS1_TXT_RSA_WITH_AES_128_SHA = "AES128-SHA";
571 enum TLS1_TXT_DH_DSS_WITH_AES_128_SHA = "DH-DSS-AES128-SHA";
572 enum TLS1_TXT_DH_RSA_WITH_AES_128_SHA = "DH-RSA-AES128-SHA";
573 enum TLS1_TXT_DHE_DSS_WITH_AES_128_SHA = "DHE-DSS-AES128-SHA";
574 enum TLS1_TXT_DHE_RSA_WITH_AES_128_SHA = "DHE-RSA-AES128-SHA";
575 enum TLS1_TXT_ADH_WITH_AES_128_SHA = "ADH-AES128-SHA";
576 
577 enum TLS1_TXT_RSA_WITH_AES_256_SHA = "AES256-SHA";
578 enum TLS1_TXT_DH_DSS_WITH_AES_256_SHA = "DH-DSS-AES256-SHA";
579 enum TLS1_TXT_DH_RSA_WITH_AES_256_SHA = "DH-RSA-AES256-SHA";
580 enum TLS1_TXT_DHE_DSS_WITH_AES_256_SHA = "DHE-DSS-AES256-SHA";
581 enum TLS1_TXT_DHE_RSA_WITH_AES_256_SHA = "DHE-RSA-AES256-SHA";
582 enum TLS1_TXT_ADH_WITH_AES_256_SHA = "ADH-AES256-SHA";
583 
584 /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
585 enum TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA = "ECDH-ECDSA-NULL-SHA";
586 enum TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA = "ECDH-ECDSA-RC4-SHA";
587 enum TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA = "ECDH-ECDSA-DES-CBC3-SHA";
588 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA = "ECDH-ECDSA-AES128-SHA";
589 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA = "ECDH-ECDSA-AES256-SHA";
590 
591 enum TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA = "ECDHE-ECDSA-NULL-SHA";
592 enum TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA = "ECDHE-ECDSA-RC4-SHA";
593 enum TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA = "ECDHE-ECDSA-DES-CBC3-SHA";
594 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "ECDHE-ECDSA-AES128-SHA";
595 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "ECDHE-ECDSA-AES256-SHA";
596 
597 enum TLS1_TXT_ECDH_RSA_WITH_NULL_SHA = "ECDH-RSA-NULL-SHA";
598 enum TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA = "ECDH-RSA-RC4-SHA";
599 enum TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA = "ECDH-RSA-DES-CBC3-SHA";
600 enum TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA = "ECDH-RSA-AES128-SHA";
601 enum TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA = "ECDH-RSA-AES256-SHA";
602 
603 enum TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA = "ECDHE-RSA-NULL-SHA";
604 enum TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA = "ECDHE-RSA-RC4-SHA";
605 enum TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA = "ECDHE-RSA-DES-CBC3-SHA";
606 enum TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA = "ECDHE-RSA-AES128-SHA";
607 enum TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA = "ECDHE-RSA-AES256-SHA";
608 
609 enum TLS1_TXT_ECDH_anon_WITH_NULL_SHA = "AECDH-NULL-SHA";
610 enum TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA = "AECDH-RC4-SHA";
611 enum TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA = "AECDH-DES-CBC3-SHA";
612 enum TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA = "AECDH-AES128-SHA";
613 enum TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA = "AECDH-AES256-SHA";
614 
615 /* PSK ciphersuites from RFC 4279 */
616 enum TLS1_TXT_PSK_WITH_RC4_128_SHA = "PSK-RC4-SHA";
617 enum TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA = "PSK-3DES-EDE-CBC-SHA";
618 enum TLS1_TXT_PSK_WITH_AES_128_CBC_SHA = "PSK-AES128-CBC-SHA";
619 enum TLS1_TXT_PSK_WITH_AES_256_CBC_SHA = "PSK-AES256-CBC-SHA";
620 
621 /* SRP ciphersuite from RFC 5054 */
622 enum TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA = "SRP-3DES-EDE-CBC-SHA";
623 enum TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = "SRP-RSA-3DES-EDE-CBC-SHA";
624 enum TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = "SRP-DSS-3DES-EDE-CBC-SHA";
625 enum TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA = "SRP-AES-128-CBC-SHA";
626 enum TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = "SRP-RSA-AES-128-CBC-SHA";
627 enum TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = "SRP-DSS-AES-128-CBC-SHA";
628 enum TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA = "SRP-AES-256-CBC-SHA";
629 enum TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = "SRP-RSA-AES-256-CBC-SHA";
630 enum TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = "SRP-DSS-AES-256-CBC-SHA";
631 
632 /* Camellia ciphersuites from RFC4132 */
633 enum TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA = "CAMELLIA128-SHA";
634 enum TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = "DH-DSS-CAMELLIA128-SHA";
635 enum TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = "DH-RSA-CAMELLIA128-SHA";
636 enum TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = "DHE-DSS-CAMELLIA128-SHA";
637 enum TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = "DHE-RSA-CAMELLIA128-SHA";
638 enum TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA = "ADH-CAMELLIA128-SHA";
639 
640 enum TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA = "CAMELLIA256-SHA";
641 enum TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = "DH-DSS-CAMELLIA256-SHA";
642 enum TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = "DH-RSA-CAMELLIA256-SHA";
643 enum TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = "DHE-DSS-CAMELLIA256-SHA";
644 enum TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = "DHE-RSA-CAMELLIA256-SHA";
645 enum TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA = "ADH-CAMELLIA256-SHA";
646 
647 /* SEED ciphersuites from RFC4162 */
648 enum TLS1_TXT_RSA_WITH_SEED_SHA = "SEED-SHA";
649 enum TLS1_TXT_DH_DSS_WITH_SEED_SHA = "DH-DSS-SEED-SHA";
650 enum TLS1_TXT_DH_RSA_WITH_SEED_SHA = "DH-RSA-SEED-SHA";
651 enum TLS1_TXT_DHE_DSS_WITH_SEED_SHA = "DHE-DSS-SEED-SHA";
652 enum TLS1_TXT_DHE_RSA_WITH_SEED_SHA = "DHE-RSA-SEED-SHA";
653 enum TLS1_TXT_ADH_WITH_SEED_SHA = "ADH-SEED-SHA";
654 
655 /* TLS v1.2 ciphersuites */
656 enum TLS1_TXT_RSA_WITH_NULL_SHA256 = "NULL-SHA256";
657 enum TLS1_TXT_RSA_WITH_AES_128_SHA256 = "AES128-SHA256";
658 enum TLS1_TXT_RSA_WITH_AES_256_SHA256 = "AES256-SHA256";
659 enum TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 = "DH-DSS-AES128-SHA256";
660 enum TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 = "DH-RSA-AES128-SHA256";
661 enum TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 = "DHE-DSS-AES128-SHA256";
662 enum TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 = "DHE-RSA-AES128-SHA256";
663 enum TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 = "DH-DSS-AES256-SHA256";
664 enum TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 = "DH-RSA-AES256-SHA256";
665 enum TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 = "DHE-DSS-AES256-SHA256";
666 enum TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 = "DHE-RSA-AES256-SHA256";
667 enum TLS1_TXT_ADH_WITH_AES_128_SHA256 = "ADH-AES128-SHA256";
668 enum TLS1_TXT_ADH_WITH_AES_256_SHA256 = "ADH-AES256-SHA256";
669 
670 /* TLS v1.2 GCM ciphersuites from RFC5288 */
671 enum TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 = "AES128-GCM-SHA256";
672 enum TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 = "AES256-GCM-SHA384";
673 enum TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 = "DHE-RSA-AES128-GCM-SHA256";
674 enum TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 = "DHE-RSA-AES256-GCM-SHA384";
675 enum TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 = "DH-RSA-AES128-GCM-SHA256";
676 enum TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 = "DH-RSA-AES256-GCM-SHA384";
677 enum TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 = "DHE-DSS-AES128-GCM-SHA256";
678 enum TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 = "DHE-DSS-AES256-GCM-SHA384";
679 enum TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 = "DH-DSS-AES128-GCM-SHA256";
680 enum TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 = "DH-DSS-AES256-GCM-SHA384";
681 enum TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 = "ADH-AES128-GCM-SHA256";
682 enum TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 = "ADH-AES256-GCM-SHA384";
683 
684 /* ECDH HMAC based ciphersuites from RFC5289 */
685 
686 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 = "ECDHE-ECDSA-AES128-SHA256";
687 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 = "ECDHE-ECDSA-AES256-SHA384";
688 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 = "ECDH-ECDSA-AES128-SHA256";
689 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 = "ECDH-ECDSA-AES256-SHA384";
690 enum TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 = "ECDHE-RSA-AES128-SHA256";
691 enum TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 = "ECDHE-RSA-AES256-SHA384";
692 enum TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 = "ECDH-RSA-AES128-SHA256";
693 enum TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 = "ECDH-RSA-AES256-SHA384";
694 
695 /* ECDH GCM based ciphersuites from RFC5289 */
696 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "ECDHE-ECDSA-AES128-GCM-SHA256";
697 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "ECDHE-ECDSA-AES256-GCM-SHA384";
698 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = "ECDH-ECDSA-AES128-GCM-SHA256";
699 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = "ECDH-ECDSA-AES256-GCM-SHA384";
700 enum TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "ECDHE-RSA-AES128-GCM-SHA256";
701 enum TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "ECDHE-RSA-AES256-GCM-SHA384";
702 enum TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 = "ECDH-RSA-AES128-GCM-SHA256";
703 enum TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 = "ECDH-RSA-AES256-GCM-SHA384";
704 
705 enum TLS_CT_RSA_SIGN = 1;
706 enum TLS_CT_DSS_SIGN = 2;
707 enum TLS_CT_RSA_FIXED_DH = 3;
708 enum TLS_CT_DSS_FIXED_DH = 4;
709 enum TLS_CT_ECDSA_SIGN = 64;
710 enum TLS_CT_RSA_FIXED_ECDH = 65;
711 enum TLS_CT_ECDSA_FIXED_ECDH = 66;
712 enum TLS_CT_GOST94_SIGN = 21;
713 enum TLS_CT_GOST01_SIGN = 22;
714 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
715  * comment there) */
716 enum TLS_CT_NUMBER = 9;
717 
718 enum TLS1_FINISH_MAC_LENGTH = 12;
719 
720 enum TLS_MD_MAX_CONST_SIZE = 20;
721 enum TLS_MD_CLIENT_FINISH_CONST = "client finished";
722 enum TLS_MD_CLIENT_FINISH_CONST_SIZE = 15;
723 enum TLS_MD_SERVER_FINISH_CONST = "server finished";
724 enum TLS_MD_SERVER_FINISH_CONST_SIZE = 15;
725 enum TLS_MD_SERVER_WRITE_KEY_CONST = "server write key";
726 enum TLS_MD_SERVER_WRITE_KEY_CONST_SIZE = 16;
727 enum TLS_MD_KEY_EXPANSION_CONST = "key expansion";
728 enum TLS_MD_KEY_EXPANSION_CONST_SIZE = 13;
729 enum TLS_MD_CLIENT_WRITE_KEY_CONST = "client write key";
730 enum TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE = 16;
731 // Oversight in original headers: Already defined above.
732 // enum TLS_MD_SERVER_WRITE_KEY_CONST = "server write key";
733 // enum TLS_MD_SERVER_WRITE_KEY_CONST_SIZE = 16;
734 enum TLS_MD_IV_BLOCK_CONST = "IV block";
735 enum TLS_MD_IV_BLOCK_CONST_SIZE = 8;
736 enum TLS_MD_MASTER_SECRET_CONST = "master secret";
737 enum TLS_MD_MASTER_SECRET_CONST_SIZE = 13;
738 
739 /+#ifdef CHARSET_EBCDIC
740 #undef TLS_MD_CLIENT_FINISH_CONST
741 enum TLS_MD_CLIENT_FINISH_CONST = "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64";  /*client finished*/
742 #undef TLS_MD_SERVER_FINISH_CONST
743 enum TLS_MD_SERVER_FINISH_CONST = "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64";  /*server finished*/
744 #undef TLS_MD_SERVER_WRITE_KEY_CONST
745 enum TLS_MD_SERVER_WRITE_KEY_CONST = "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79";  /*server write key*/
746 #undef TLS_MD_KEY_EXPANSION_CONST
747 enum TLS_MD_KEY_EXPANSION_CONST = "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e";  /*key expansion*/
748 #undef TLS_MD_CLIENT_WRITE_KEY_CONST
749 enum TLS_MD_CLIENT_WRITE_KEY_CONST = "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79";  /*client write key*/
750 #undef TLS_MD_SERVER_WRITE_KEY_CONST
751 enum TLS_MD_SERVER_WRITE_KEY_CONST = "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79";  /*server write key*/
752 #undef TLS_MD_IV_BLOCK_CONST
753 enum TLS_MD_IV_BLOCK_CONST = "\x49\x56\x20\x62\x6c\x6f\x63\x6b";  /*IV block*/
754 #undef TLS_MD_MASTER_SECRET_CONST
755 enum TLS_MD_MASTER_SECRET_CONST = "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74";  /*master secret*/
756 #endif+/
757 
758 /* TLS Session Ticket extension struct */
759 struct tls_session_ticket_ext_st
760 	{
761 	ushort length;
762 	void* data;
763 	};