Drop support for SSLv3.
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and MBEDTLS_SSL_PROTO_SSL3). Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
parent
9e9ca1a738
commit
06b07fb839
24 changed files with 333 additions and 1880 deletions
|
@ -1,2 +1,3 @@
|
||||||
API changes
|
API changes
|
||||||
* Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
|
* Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
|
||||||
|
* Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
|
||||||
|
|
|
@ -1383,7 +1383,7 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||||
*
|
*
|
||||||
* Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
|
* Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
|
||||||
*
|
*
|
||||||
* This is a countermeasure to the BEAST attack, which also minimizes the risk
|
* This is a countermeasure to the BEAST attack, which also minimizes the risk
|
||||||
* of interoperability issues compared to sending 0-length records.
|
* of interoperability issues compared to sending 0-length records.
|
||||||
|
@ -1433,18 +1433,6 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
|
||||||
/**
|
|
||||||
* \def MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
*
|
|
||||||
* Enable support for SSL 3.0.
|
|
||||||
*
|
|
||||||
* Requires: MBEDTLS_MD5_C
|
|
||||||
* MBEDTLS_SHA1_C
|
|
||||||
*
|
|
||||||
* Comment this macro to disable support for SSL 3.0
|
|
||||||
*/
|
|
||||||
//#define MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||||
*
|
*
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
*
|
*
|
||||||
* @section mainpage_modules Modules
|
* @section mainpage_modules Modules
|
||||||
*
|
*
|
||||||
* mbed TLS supports SSLv3 up to TLSv1.2 communication by providing the
|
* mbed TLS supports TLSv1.0 up to TLSv1.2 communication by providing the
|
||||||
* following:
|
* following:
|
||||||
* - TCP/IP communication functions: listen, connect, accept, read/write.
|
* - TCP/IP communication functions: listen, connect, accept, read/write.
|
||||||
* - SSL/TLS communication functions: init, handshake, read/write.
|
* - SSL/TLS communication functions: init, handshake, read/write.
|
||||||
|
|
|
@ -634,11 +634,6 @@
|
||||||
#error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
|
#error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) || \
|
|
||||||
!defined(MBEDTLS_SHA1_C) )
|
|
||||||
#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||||
!defined(MBEDTLS_SHA1_C) )
|
!defined(MBEDTLS_SHA1_C) )
|
||||||
#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
|
||||||
|
@ -659,8 +654,8 @@
|
||||||
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if (defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) ||\
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
|
@ -695,28 +690,16 @@
|
||||||
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
|
||||||
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
|
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
|
|
||||||
#error "Illegal protocol selection"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
|
defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
|
||||||
#error "Illegal protocol selection"
|
#error "Illegal protocol selection"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1)))
|
|
||||||
#error "Illegal protocol selection"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
@ -771,8 +754,7 @@
|
||||||
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
|
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && !defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
!defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
|
|
||||||
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -853,14 +835,6 @@
|
||||||
#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
|
#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
|
||||||
#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
|
#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
|
||||||
#error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
|
|
||||||
#elif defined(MBEDTLS_DEPRECATED_WARNING)
|
|
||||||
#warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
|
|
||||||
#endif
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
|
||||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
#error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
|
#error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
|
||||||
|
|
|
@ -1660,7 +1660,7 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||||
*
|
*
|
||||||
* Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
|
* Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
|
||||||
*
|
*
|
||||||
* This is a countermeasure to the BEAST attack, which also minimizes the risk
|
* This is a countermeasure to the BEAST attack, which also minimizes the risk
|
||||||
* of interoperability issues compared to sending 0-length records.
|
* of interoperability issues compared to sending 0-length records.
|
||||||
|
@ -1710,21 +1710,6 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
|
||||||
/**
|
|
||||||
* \def MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
*
|
|
||||||
* Enable support for SSL 3.0.
|
|
||||||
*
|
|
||||||
* Requires: MBEDTLS_MD5_C
|
|
||||||
* MBEDTLS_SHA1_C
|
|
||||||
*
|
|
||||||
* \deprecated This option is deprecated and will be removed in a future
|
|
||||||
* version of Mbed TLS.
|
|
||||||
*
|
|
||||||
* Comment this macro to disable support for SSL 3.0
|
|
||||||
*/
|
|
||||||
//#define MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||||
*
|
*
|
||||||
|
|
|
@ -137,8 +137,14 @@
|
||||||
/*
|
/*
|
||||||
* Various constants
|
* Various constants
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* These are the high an low bytes of ProtocolVersion as defined by:
|
||||||
|
* - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
|
||||||
|
* - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
|
||||||
|
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
|
||||||
|
* - RFC 8446: see section 4.2.1
|
||||||
|
*/
|
||||||
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
|
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
|
||||||
#define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
|
|
||||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
|
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
|
||||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
|
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
|
||||||
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
|
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
|
||||||
|
@ -296,11 +302,7 @@
|
||||||
/*
|
/*
|
||||||
* Length of the verify data for secure renegotiation
|
* Length of the verify data for secure renegotiation
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
|
|
||||||
#else
|
|
||||||
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
|
#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Signaling ciphersuite values (SCSV)
|
* Signaling ciphersuite values (SCSV)
|
||||||
|
@ -499,7 +501,6 @@ mbedtls_ssl_states;
|
||||||
typedef enum
|
typedef enum
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_TLS_PRF_NONE,
|
MBEDTLS_SSL_TLS_PRF_NONE,
|
||||||
MBEDTLS_SSL_TLS_PRF_SSL3,
|
|
||||||
MBEDTLS_SSL_TLS_PRF_TLS1,
|
MBEDTLS_SSL_TLS_PRF_TLS1,
|
||||||
MBEDTLS_SSL_TLS_PRF_SHA384,
|
MBEDTLS_SSL_TLS_PRF_SHA384,
|
||||||
MBEDTLS_SSL_TLS_PRF_SHA256
|
MBEDTLS_SSL_TLS_PRF_SHA256
|
||||||
|
@ -961,7 +962,10 @@ struct mbedtls_ssl_config
|
||||||
* Pointers
|
* Pointers
|
||||||
*/
|
*/
|
||||||
|
|
||||||
const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version */
|
/** Allowed ciphersuites per version. To access list's elements, please use
|
||||||
|
* \c mbedtls_ssl_get_protocol_version_ciphersuites
|
||||||
|
*/
|
||||||
|
const int *ciphersuite_list[3];
|
||||||
|
|
||||||
/** Callback for printing debug output */
|
/** Callback for printing debug output */
|
||||||
void (*f_dbg)(void *, int, const char *, int, const char *);
|
void (*f_dbg)(void *, int, const char *, int, const char *);
|
||||||
|
@ -1212,7 +1216,7 @@ struct mbedtls_ssl_context
|
||||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||||
|
|
||||||
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
|
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
|
||||||
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
|
int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||||
|
@ -2557,6 +2561,17 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
|
||||||
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
||||||
const int *ciphersuites );
|
const int *ciphersuites );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Get ciphersuite for given protocol's minor version.
|
||||||
|
*
|
||||||
|
* \param conf The SSL configuration.
|
||||||
|
* \param prot_version Protocol version. One of MBEDTLS_SSL_MINOR_VERSION_x macros.
|
||||||
|
* \return Ciphersuites pointer if succesful.
|
||||||
|
* \return \c NULL if no ciphersuites where found.
|
||||||
|
*/
|
||||||
|
const int *mbedtls_ssl_get_protocol_version_ciphersuites(
|
||||||
|
const mbedtls_ssl_config *conf, int prot_version );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
|
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
|
||||||
#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
|
#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
|
||||||
|
@ -2608,8 +2623,8 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
|
||||||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
|
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
|
||||||
* supported)
|
* supported)
|
||||||
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
|
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
* MBEDTLS_SSL_MINOR_VERSION_2,
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
||||||
*
|
*
|
||||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
|
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
|
||||||
|
@ -3296,8 +3311,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
|
||||||
*
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||||
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
|
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
|
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
|
||||||
|
@ -3309,15 +3323,13 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
|
||||||
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
|
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
|
||||||
* SSL_MIN_XXXXX_VERSION range is ignored.
|
* SSL_MIN_XXXXX_VERSION range is ignored.
|
||||||
*
|
*
|
||||||
* \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
|
|
||||||
*
|
|
||||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||||
*
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||||
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
|
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
* MBEDTLS_SSL_MINOR_VERSION_2,
|
||||||
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
|
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
|
||||||
|
@ -3463,7 +3475,7 @@ void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
|
||||||
* \brief Enable / Disable 1/n-1 record splitting
|
* \brief Enable / Disable 1/n-1 record splitting
|
||||||
* (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
|
* (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
|
||||||
*
|
*
|
||||||
* \note Only affects SSLv3 and TLS 1.0, not higher versions.
|
* \note Only affects TLS 1.0, not higher versions.
|
||||||
* Does not affect non-CBC ciphersuites in any version.
|
* Does not affect non-CBC ciphersuites in any version.
|
||||||
*
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
|
@ -3687,11 +3699,11 @@ uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
|
||||||
const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
|
const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Return the current SSL version (SSLv3/TLSv1/etc)
|
* \brief Return the current TLS version
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
* \return a string containing the SSL version
|
* \return a string containing the TLS version
|
||||||
*/
|
*/
|
||||||
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
|
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
|
|
@ -122,28 +122,28 @@ extern "C" {
|
||||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
|
||||||
|
@ -163,15 +163,15 @@ extern "C" {
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
|
||||||
|
|
||||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
|
||||||
|
@ -212,14 +212,14 @@ extern "C" {
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
|
||||||
|
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
|
||||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
|
||||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
|
||||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
|
||||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
|
||||||
|
|
||||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
||||||
|
@ -247,8 +247,8 @@ extern "C" {
|
||||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
|
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
|
||||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
|
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
|
||||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
|
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
|
||||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
|
||||||
|
|
||||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
|
||||||
|
|
|
@ -68,9 +68,6 @@
|
||||||
/* Determine minimum supported version */
|
/* Determine minimum supported version */
|
||||||
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
|
||||||
#else
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||||
#else
|
#else
|
||||||
|
@ -82,7 +79,6 @@
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||||
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||||
|
@ -99,9 +95,6 @@
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||||
#else
|
#else
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
@ -153,8 +146,7 @@
|
||||||
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
|
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
|
/* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
|
||||||
* opposed to the very different CBC construct used in SSLv3) is supported. */
|
|
||||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
|
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
|
||||||
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
|
@ -563,8 +555,7 @@ struct mbedtls_ssl_handshake_params
|
||||||
/*
|
/*
|
||||||
* Checksum contexts
|
* Checksum contexts
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
mbedtls_md5_context fin_md5;
|
mbedtls_md5_context fin_md5;
|
||||||
mbedtls_sha1_context fin_sha1;
|
mbedtls_sha1_context fin_sha1;
|
||||||
#endif
|
#endif
|
||||||
|
@ -636,8 +627,8 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||||
* - CBC block cipher transformations ([D]TLS versions <= 1.2 only)
|
* - CBC block cipher transformations ([D]TLS versions <= 1.2 only)
|
||||||
* In addition to the distinction of the order of encryption and
|
* In addition to the distinction of the order of encryption and
|
||||||
* authentication, there's a fundamental difference between the
|
* authentication, there's a fundamental difference between the
|
||||||
* handling in SSL3 & TLS 1.0 and TLS 1.1 and TLS 1.2: For SSL3
|
* handling in TLS 1.0 and TLS 1.1 and TLS 1.2: For TLS 1.0,
|
||||||
* and TLS 1.0, the final IV after processing a record is used
|
* the final IV after processing a record is used
|
||||||
* as the IV for the next record. No explicit IV is contained
|
* as the IV for the next record. No explicit IV is contained
|
||||||
* in an encrypted record. The IV for the first record is extracted
|
* in an encrypted record. The IV for the first record is extracted
|
||||||
* at key extraction time. In contrast, for TLS 1.1 and 1.2, no
|
* at key extraction time. In contrast, for TLS 1.1 and 1.2, no
|
||||||
|
@ -666,7 +657,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||||
* - For stream/CBC, (static) encryption/decryption keys for the digest.
|
* - For stream/CBC, (static) encryption/decryption keys for the digest.
|
||||||
* - For AEAD transformations, the size (potentially 0) of an explicit,
|
* - For AEAD transformations, the size (potentially 0) of an explicit,
|
||||||
* random initialization vector placed in encrypted records.
|
* random initialization vector placed in encrypted records.
|
||||||
* - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0)
|
* - For some transformations (currently AEAD and CBC in TLS 1.0)
|
||||||
* an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
|
* an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
|
||||||
* and (if present) is combined with the explicit IV in a transformation-
|
* and (if present) is combined with the explicit IV in a transformation-
|
||||||
* dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
|
* dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
|
||||||
|
@ -674,7 +665,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||||
* - The details of the transformation depend on the SSL/TLS version.
|
* - The details of the transformation depend on the SSL/TLS version.
|
||||||
* - The length of the authentication tag.
|
* - The length of the authentication tag.
|
||||||
*
|
*
|
||||||
* Note: Except for CBC in SSL3 and TLS 1.0, these parameters are
|
* Note: Except for CBC in TLS 1.0, these parameters are
|
||||||
* constant across multiple encryption/decryption operations.
|
* constant across multiple encryption/decryption operations.
|
||||||
* For CBC, the implicit IV needs to be updated after each
|
* For CBC, the implicit IV needs to be updated after each
|
||||||
* operation.
|
* operation.
|
||||||
|
@ -691,13 +682,11 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||||
* - For stream/CBC transformations, the message digest contexts
|
* - For stream/CBC transformations, the message digest contexts
|
||||||
* used for the MAC's are stored in md_ctx_{enc/dec}. These contexts
|
* used for the MAC's are stored in md_ctx_{enc/dec}. These contexts
|
||||||
* are unused for AEAD transformations.
|
* are unused for AEAD transformations.
|
||||||
* - For stream/CBC transformations and versions > SSL3, the
|
* - For stream/CBC transformations and versions >= TLS 1.0, the
|
||||||
* MAC keys are not stored explicitly but maintained within
|
* MAC keys are not stored explicitly but maintained within
|
||||||
* md_ctx_{enc/dec}.
|
* md_ctx_{enc/dec}.
|
||||||
* - For stream/CBC transformations and version SSL3, the MAC
|
* - The mac_enc and mac_dec fields are unused for EAD transformations or
|
||||||
* keys are stored explicitly in mac_enc, mac_dec and have
|
* transformations >= TLS 1.0.
|
||||||
* a fixed size of 20 bytes. These fields are unused for
|
|
||||||
* AEAD transformations or transformations >= TLS 1.0.
|
|
||||||
* - For transformations using an implicit IV maintained within
|
* - For transformations using an implicit IV maintained within
|
||||||
* the transformation context, its contents are stored within
|
* the transformation context, its contents are stored within
|
||||||
* iv_{enc/dec}.
|
* iv_{enc/dec}.
|
||||||
|
@ -711,7 +700,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
||||||
* and indicates the length of the static part of the IV which is
|
* and indicates the length of the static part of the IV which is
|
||||||
* constant throughout the communication, and which is stored in
|
* constant throughout the communication, and which is stored in
|
||||||
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
|
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
|
||||||
* Note: For CBC in SSL3 and TLS 1.0, the fields iv_{enc/dec}
|
* Note: For CBC in TLS 1.0, the fields iv_{enc/dec}
|
||||||
* still store IV's for continued use across multiple transformations,
|
* still store IV's for continued use across multiple transformations,
|
||||||
* so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are
|
* so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are
|
||||||
* not being used!
|
* not being used!
|
||||||
|
@ -741,12 +730,6 @@ struct mbedtls_ssl_transform
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
/* Needed only for SSL v3.0 secret */
|
|
||||||
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
|
|
||||||
unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
||||||
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
||||||
|
|
||||||
|
@ -1232,13 +1215,11 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t
|
||||||
return( diff );
|
return( diff );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *output,
|
unsigned char *output,
|
||||||
unsigned char *data, size_t data_len );
|
unsigned char *data, size_t data_len );
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
|
|
@ -677,13 +677,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -731,13 +731,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -766,7 +766,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -812,13 +812,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||||
|
@ -866,13 +866,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -902,7 +902,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -913,7 +913,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_MD5_C)
|
#if defined(MBEDTLS_MD5_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
|
{ MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
|
||||||
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_NODTLS },
|
MBEDTLS_CIPHERSUITE_NODTLS },
|
||||||
#endif
|
#endif
|
||||||
|
@ -921,7 +921,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
|
||||||
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_NODTLS },
|
MBEDTLS_CIPHERSUITE_NODTLS },
|
||||||
#endif
|
#endif
|
||||||
|
@ -1206,13 +1206,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
|
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
|
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1284,7 +1284,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
{ MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1295,7 +1295,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
|
{ MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
|
||||||
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_NODTLS },
|
MBEDTLS_CIPHERSUITE_NODTLS },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1342,13 +1342,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1420,7 +1420,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1431,7 +1431,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
|
{ MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
|
||||||
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_NODTLS },
|
MBEDTLS_CIPHERSUITE_NODTLS },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1649,7 +1649,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_MD5_C)
|
#if defined(MBEDTLS_MD5_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
{ MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
||||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_WEAK },
|
MBEDTLS_CIPHERSUITE_WEAK },
|
||||||
#endif
|
#endif
|
||||||
|
@ -1657,7 +1657,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
||||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_WEAK },
|
MBEDTLS_CIPHERSUITE_WEAK },
|
||||||
#endif
|
#endif
|
||||||
|
@ -1675,7 +1675,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
||||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_WEAK },
|
MBEDTLS_CIPHERSUITE_WEAK },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1701,7 +1701,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
|
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
|
||||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_WEAK },
|
MBEDTLS_CIPHERSUITE_WEAK },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1782,7 +1782,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
{ MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_WEAK },
|
MBEDTLS_CIPHERSUITE_WEAK },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
@ -1792,7 +1792,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
{ MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
|
{ MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
|
||||||
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_CIPHERSUITE_WEAK },
|
MBEDTLS_CIPHERSUITE_WEAK },
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SSLv3/TLSv1 client-side functions
|
* TLS client-side functions
|
||||||
*
|
*
|
||||||
* Copyright The Mbed TLS Contributors
|
* Copyright The Mbed TLS Contributors
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
@ -599,8 +599,7 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
|
||||||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
|
@ -630,8 +629,7 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED )
|
||||||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
|
@ -1163,7 +1161,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* Ciphersuite list
|
* Ciphersuite list
|
||||||
*/
|
*/
|
||||||
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf,
|
||||||
|
ssl->minor_ver );
|
||||||
|
|
||||||
/* Skip writing ciphersuite length for now */
|
/* Skip writing ciphersuite length for now */
|
||||||
n = 0;
|
n = 0;
|
||||||
|
@ -1619,7 +1618,6 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
|
||||||
len != 0 )
|
len != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
|
@ -1645,7 +1643,6 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
|
||||||
len != 0 )
|
len != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
|
@ -2314,7 +2311,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
i = 0;
|
i = 0;
|
||||||
while( 1 )
|
while( 1 )
|
||||||
{
|
{
|
||||||
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
|
if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i] == 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||||
mbedtls_ssl_send_alert_message(
|
mbedtls_ssl_send_alert_message(
|
||||||
|
@ -2324,7 +2321,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
|
if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i++] ==
|
||||||
ssl->session_negotiate->ciphersuite )
|
ssl->session_negotiate->ciphersuite )
|
||||||
{
|
{
|
||||||
break;
|
break;
|
||||||
|
@ -2841,7 +2838,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
size_t pms_offset )
|
size_t pms_offset )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
|
size_t len_bytes = 2;
|
||||||
unsigned char *p = ssl->handshake->premaster + pms_offset;
|
unsigned char *p = ssl->handshake->premaster + pms_offset;
|
||||||
mbedtls_pk_context * peer_pk;
|
mbedtls_pk_context * peer_pk;
|
||||||
|
|
||||||
|
@ -3296,8 +3293,7 @@ start_processing:
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
||||||
|
@ -3344,8 +3340,7 @@ start_processing:
|
||||||
/*
|
/*
|
||||||
* Compute the hash that has been signed
|
* Compute the hash that has been signed
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( md_alg == MBEDTLS_MD_NONE )
|
if( md_alg == MBEDTLS_MD_NONE )
|
||||||
{
|
{
|
||||||
hashlen = 36;
|
hashlen = 36;
|
||||||
|
@ -3355,8 +3350,7 @@ start_processing:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( md_alg != MBEDTLS_MD_NONE )
|
if( md_alg != MBEDTLS_MD_NONE )
|
||||||
|
@ -4174,8 +4168,7 @@ sign:
|
||||||
|
|
||||||
ssl->handshake->calc_verify( ssl, hash, &hashlen );
|
ssl->handshake->calc_verify( ssl, hash, &hashlen );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
|
@ -4203,8 +4196,7 @@ sign:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -18,10 +18,6 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* The SSL 3.0 specification was drafted by Netscape in 1996,
|
|
||||||
* and became an IETF standard in 1999.
|
|
||||||
*
|
|
||||||
* http://wp.netscape.com/eng/ssl3/
|
|
||||||
* http://www.ietf.org/rfc/rfc2246.txt
|
* http://www.ietf.org/rfc/rfc2246.txt
|
||||||
* http://www.ietf.org/rfc/rfc4346.txt
|
* http://www.ietf.org/rfc/rfc4346.txt
|
||||||
*/
|
*/
|
||||||
|
@ -106,7 +102,7 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
|
||||||
|
|
||||||
/* We don't support record checking in TLS because
|
/* We don't support record checking in TLS because
|
||||||
* (a) there doesn't seem to be a usecase for it, and
|
* (a) there doesn't seem to be a usecase for it, and
|
||||||
* (b) In SSLv3 and TLS 1.0, CBC record decryption has state
|
* (b) In TLS 1.0, CBC record decryption has state
|
||||||
* and we'd need to backup the transform here.
|
* and we'd need to backup the transform here.
|
||||||
*/
|
*/
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||||
|
@ -469,53 +465,6 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
*add_data_len = cur - add_data;
|
*add_data_len = cur - add_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
|
|
||||||
#define SSL3_MAC_MAX_BYTES 20 /* MD-5 or SHA-1 */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* SSLv3.0 MAC functions
|
|
||||||
*/
|
|
||||||
static void ssl_mac( mbedtls_md_context_t *md_ctx,
|
|
||||||
const unsigned char *secret,
|
|
||||||
const unsigned char *buf, size_t len,
|
|
||||||
const unsigned char *ctr, int type,
|
|
||||||
unsigned char out[SSL3_MAC_MAX_BYTES] )
|
|
||||||
{
|
|
||||||
unsigned char header[11];
|
|
||||||
unsigned char padding[48];
|
|
||||||
int padlen;
|
|
||||||
int md_size = mbedtls_md_get_size( md_ctx->md_info );
|
|
||||||
int md_type = mbedtls_md_get_type( md_ctx->md_info );
|
|
||||||
|
|
||||||
/* Only MD5 and SHA-1 supported */
|
|
||||||
if( md_type == MBEDTLS_MD_MD5 )
|
|
||||||
padlen = 48;
|
|
||||||
else
|
|
||||||
padlen = 40;
|
|
||||||
|
|
||||||
memcpy( header, ctr, 8 );
|
|
||||||
header[ 8] = (unsigned char) type;
|
|
||||||
header[ 9] = (unsigned char)( len >> 8 );
|
|
||||||
header[10] = (unsigned char)( len );
|
|
||||||
|
|
||||||
memset( padding, 0x36, padlen );
|
|
||||||
mbedtls_md_starts( md_ctx );
|
|
||||||
mbedtls_md_update( md_ctx, secret, md_size );
|
|
||||||
mbedtls_md_update( md_ctx, padding, padlen );
|
|
||||||
mbedtls_md_update( md_ctx, header, 11 );
|
|
||||||
mbedtls_md_update( md_ctx, buf, len );
|
|
||||||
mbedtls_md_finish( md_ctx, out );
|
|
||||||
|
|
||||||
memset( padding, 0x5C, padlen );
|
|
||||||
mbedtls_md_starts( md_ctx );
|
|
||||||
mbedtls_md_update( md_ctx, secret, md_size );
|
|
||||||
mbedtls_md_update( md_ctx, padding, padlen );
|
|
||||||
mbedtls_md_update( md_ctx, out, md_size );
|
|
||||||
mbedtls_md_finish( md_ctx, out );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_GCM_C) || \
|
#if defined(MBEDTLS_GCM_C) || \
|
||||||
defined(MBEDTLS_CCM_C) || \
|
defined(MBEDTLS_CCM_C) || \
|
||||||
defined(MBEDTLS_CHACHAPOLY_C)
|
defined(MBEDTLS_CHACHAPOLY_C)
|
||||||
|
@ -711,17 +660,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
unsigned char mac[SSL3_MAC_MAX_BYTES];
|
|
||||||
ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
|
|
||||||
data, rec->data_len, rec->ctr, rec->type, mac );
|
|
||||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
|
@ -966,11 +904,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Save IV in SSL3 and TLS1
|
* Save IV in TLS1
|
||||||
*/
|
*/
|
||||||
memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
|
memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
|
||||||
transform->ivlen );
|
transform->ivlen );
|
||||||
|
@ -1591,11 +1529,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Save IV in SSL3 and TLS1, where CBC decryption of consecutive
|
* Save IV in TLS1, where CBC decryption of consecutive
|
||||||
* records is equivalent to CBC decryption of the concatenation
|
* records is equivalent to CBC decryption of the concatenation
|
||||||
* of the records; in other words, IVs are maintained across
|
* of the records; in other words, IVs are maintained across
|
||||||
* record decryptions.
|
* record decryptions.
|
||||||
|
@ -1643,29 +1581,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
/* Regardless of the validity of the padding,
|
/* Regardless of the validity of the padding,
|
||||||
* we have data_len >= padlen here. */
|
* we have data_len >= padlen here. */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
/* This is the SSL 3.0 path, we don't have to worry about Lucky
|
|
||||||
* 13, because there's a strictly worse padding attack built in
|
|
||||||
* the protocol (known as part of POODLE), so we don't care if the
|
|
||||||
* code is not constant-time, in particular branches are OK. */
|
|
||||||
if( padlen > transform->ivlen )
|
|
||||||
{
|
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
|
|
||||||
"should be no more than %d",
|
|
||||||
padlen, transform->ivlen ) );
|
|
||||||
#endif
|
|
||||||
correct = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
/* The padding check involves a series of up to 256
|
/* The padding check involves a series of up to 256
|
||||||
* consecutive memory reads at the end of the record
|
* consecutive memory reads at the end of the record
|
||||||
* plaintext buffer. In order to hide the length and
|
* plaintext buffer. In order to hide the length and
|
||||||
|
@ -1699,14 +1616,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
|
||||||
#endif
|
#endif
|
||||||
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
|
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If the padding was found to be invalid, padlen == 0
|
/* If the padding was found to be invalid, padlen == 0
|
||||||
* and the subtraction is safe. If the padding was found valid,
|
* and the subtraction is safe. If the padding was found valid,
|
||||||
|
@ -1753,22 +1665,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||||
transform->minor_ver );
|
transform->minor_ver );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
ssl_mac( &transform->md_ctx_dec,
|
|
||||||
transform->mac_dec,
|
|
||||||
data, rec->data_len,
|
|
||||||
rec->ctr, rec->type,
|
|
||||||
mac_expect );
|
|
||||||
memcpy( mac_peer, data + rec->data_len, transform->maclen );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
/*
|
/*
|
||||||
* The next two sizes are the minimum and maximum values of
|
* The next two sizes are the minimum and maximum values of
|
||||||
* data_len over all padlen values.
|
* data_len over all padlen values.
|
||||||
|
@ -1796,14 +1694,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
min_len, max_len,
|
min_len, max_len,
|
||||||
transform->maclen );
|
transform->maclen );
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
|
||||||
|
@ -2655,18 +2547,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
|
if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||||
ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
|
ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
|
||||||
{
|
|
||||||
/* In SSLv3, the client might send a NoCertificate alert. */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
|
||||||
ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
|
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
|
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* Whenever we send anything different from a
|
/* Whenever we send anything different from a
|
||||||
* HelloRequest we should be in a handshake - double check. */
|
* HelloRequest we should be in a handshake - double check. */
|
||||||
|
@ -4973,19 +4857,6 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
|
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
|
||||||
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
|
||||||
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
|
|
||||||
/* Will be handled in mbedtls_ssl_parse_certificate() */
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
|
|
||||||
|
|
||||||
/* Silently ignore: fetch new message */
|
/* Silently ignore: fetch new message */
|
||||||
return MBEDTLS_ERR_SSL_NON_FATAL;
|
return MBEDTLS_ERR_SSL_NON_FATAL;
|
||||||
}
|
}
|
||||||
|
@ -5609,17 +5480,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
/* SSLv3 does not have a "no_renegotiation" warning, so
|
|
||||||
we send a fatal alert and abort the connection. */
|
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
|
||||||
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
|
|
||||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SSLv3/TLSv1 server-side functions
|
* TLS server-side functions
|
||||||
*
|
*
|
||||||
* Copyright The Mbed TLS Contributors
|
* Copyright The Mbed TLS Contributors
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
@ -579,8 +579,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
((void) buf);
|
((void) buf);
|
||||||
|
|
||||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
|
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
|
||||||
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
{
|
||||||
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
|
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
|
||||||
}
|
}
|
||||||
|
@ -604,8 +603,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
((void) buf);
|
((void) buf);
|
||||||
|
|
||||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
|
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
|
||||||
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
{
|
||||||
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
|
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
|
||||||
}
|
}
|
||||||
|
@ -1201,7 +1199,7 @@ read_record_header:
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSLv3/TLS Client Hello
|
* TLS Client Hello
|
||||||
*
|
*
|
||||||
* Record layer:
|
* Record layer:
|
||||||
* 0 . 0 message type
|
* 0 . 0 message type
|
||||||
|
@ -1209,7 +1207,7 @@ read_record_header:
|
||||||
* 3 . 11 DTLS: epoch + record sequence number
|
* 3 . 11 DTLS: epoch + record sequence number
|
||||||
* 3 . 4 message length
|
* 3 . 4 message length
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, message type: %d",
|
||||||
buf[0] ) );
|
buf[0] ) );
|
||||||
|
|
||||||
if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE )
|
if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||||
|
@ -1218,10 +1216,10 @@ read_record_header:
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, message len.: %d",
|
||||||
( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
|
( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
|
||||||
buf[1], buf[2] ) );
|
buf[1], buf[2] ) );
|
||||||
|
|
||||||
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
|
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
|
||||||
|
@ -1593,12 +1591,6 @@ read_record_header:
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Do not parse the extensions if the protocol is SSLv3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
|
||||||
{
|
|
||||||
#endif
|
|
||||||
/*
|
/*
|
||||||
* Check the extension length
|
* Check the extension length
|
||||||
*/
|
*/
|
||||||
|
@ -1817,9 +1809,6 @@ read_record_header:
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||||
for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
|
for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
|
||||||
|
@ -1933,7 +1922,7 @@ read_record_header:
|
||||||
* and certificate from the SNI callback triggered by the SNI extension.)
|
* and certificate from the SNI callback triggered by the SNI extension.)
|
||||||
*/
|
*/
|
||||||
got_common_suite = 0;
|
got_common_suite = 0;
|
||||||
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver );
|
||||||
ciphersuite_info = NULL;
|
ciphersuite_info = NULL;
|
||||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||||
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
||||||
|
@ -2095,8 +2084,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||||
const mbedtls_ssl_ciphersuite_t *suite = NULL;
|
const mbedtls_ssl_ciphersuite_t *suite = NULL;
|
||||||
const mbedtls_cipher_info_t *cipher = NULL;
|
const mbedtls_cipher_info_t *cipher = NULL;
|
||||||
|
|
||||||
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
|
@ -2136,8 +2124,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
|
|
||||||
if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED )
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
|
@ -2657,12 +2644,6 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||||
ssl->session_negotiate->compression ) );
|
ssl->session_negotiate->compression ) );
|
||||||
|
|
||||||
/* Do not write the extensions if the protocol is SSLv3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
|
||||||
{
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* First write extensions, then the total length
|
* First write extensions, then the total length
|
||||||
*/
|
*/
|
||||||
|
@ -2733,10 +2714,6 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
p += ext_len;
|
p += ext_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
||||||
|
@ -3190,7 +3167,7 @@ curve_matching_done:
|
||||||
* 2.1: Choose hash algorithm:
|
* 2.1: Choose hash algorithm:
|
||||||
* A: For TLS 1.2, obey signature-hash-algorithm extension
|
* A: For TLS 1.2, obey signature-hash-algorithm extension
|
||||||
* to choose appropriate hash.
|
* to choose appropriate hash.
|
||||||
* B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
|
* B: For TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
|
||||||
* (RFC 4492, Sec. 5.4)
|
* (RFC 4492, Sec. 5.4)
|
||||||
* C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
|
* C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
|
||||||
*/
|
*/
|
||||||
|
@ -3216,16 +3193,14 @@ curve_matching_done:
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||||
{
|
{
|
||||||
/* B: Default hash SHA1 */
|
/* B: Default hash SHA1 */
|
||||||
md_alg = MBEDTLS_MD_SHA1;
|
md_alg = MBEDTLS_MD_SHA1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
{
|
{
|
||||||
/* C: MD5 + SHA1 */
|
/* C: MD5 + SHA1 */
|
||||||
md_alg = MBEDTLS_MD_NONE;
|
md_alg = MBEDTLS_MD_NONE;
|
||||||
|
@ -3236,8 +3211,7 @@ curve_matching_done:
|
||||||
/*
|
/*
|
||||||
* 2.2: Compute the hash to be signed
|
* 2.2: Compute the hash to be signed
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( md_alg == MBEDTLS_MD_NONE )
|
if( md_alg == MBEDTLS_MD_NONE )
|
||||||
{
|
{
|
||||||
hashlen = 36;
|
hashlen = 36;
|
||||||
|
@ -3248,8 +3222,7 @@ curve_matching_done:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( md_alg != MBEDTLS_MD_NONE )
|
if( md_alg != MBEDTLS_MD_NONE )
|
||||||
|
@ -3579,8 +3552,6 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
if ( p + 2 > end ) {
|
if ( p + 2 > end ) {
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
|
@ -3591,7 +3562,6 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( p + len != end )
|
if( p + len != end )
|
||||||
|
@ -4201,8 +4171,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||||
* opaque signature<0..2^16-1>;
|
* opaque signature<0..2^16-1>;
|
||||||
* } DigitallySigned;
|
* } DigitallySigned;
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
md_alg = MBEDTLS_MD_NONE;
|
md_alg = MBEDTLS_MD_NONE;
|
||||||
|
@ -4217,8 +4186,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 ||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SSLv3/TLSv1 shared functions
|
* TLS shared functions
|
||||||
*
|
*
|
||||||
* Copyright The Mbed TLS Contributors
|
* Copyright The Mbed TLS Contributors
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
@ -17,10 +17,6 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* The SSL 3.0 specification was drafted by Netscape in 1996,
|
|
||||||
* and became an IETF standard in 1999.
|
|
||||||
*
|
|
||||||
* http://wp.netscape.com/eng/ssl3/
|
|
||||||
* http://www.ietf.org/rfc/rfc2246.txt
|
* http://www.ietf.org/rfc/rfc2246.txt
|
||||||
* http://www.ietf.org/rfc/rfc4346.txt
|
* http://www.ietf.org/rfc/rfc4346.txt
|
||||||
*/
|
*/
|
||||||
|
@ -326,70 +322,6 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
|
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
|
||||||
|
|
||||||
/*
|
|
||||||
* Key material generation
|
|
||||||
*/
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
static int ssl3_prf( const unsigned char *secret, size_t slen,
|
|
||||||
const char *label,
|
|
||||||
const unsigned char *random, size_t rlen,
|
|
||||||
unsigned char *dstbuf, size_t dlen )
|
|
||||||
{
|
|
||||||
int ret = 0;
|
|
||||||
size_t i;
|
|
||||||
mbedtls_md5_context md5;
|
|
||||||
mbedtls_sha1_context sha1;
|
|
||||||
unsigned char padding[16];
|
|
||||||
unsigned char sha1sum[20];
|
|
||||||
((void)label);
|
|
||||||
|
|
||||||
mbedtls_md5_init( &md5 );
|
|
||||||
mbedtls_sha1_init( &sha1 );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* SSLv3:
|
|
||||||
* block =
|
|
||||||
* MD5( secret + SHA1( 'A' + secret + random ) ) +
|
|
||||||
* MD5( secret + SHA1( 'BB' + secret + random ) ) +
|
|
||||||
* MD5( secret + SHA1( 'CCC' + secret + random ) ) +
|
|
||||||
* ...
|
|
||||||
*/
|
|
||||||
for( i = 0; i < dlen / 16; i++ )
|
|
||||||
{
|
|
||||||
memset( padding, (unsigned char) ('A' + i), 1 + i );
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
exit:
|
|
||||||
mbedtls_md5_free( &md5 );
|
|
||||||
mbedtls_sha1_free( &sha1 );
|
|
||||||
|
|
||||||
mbedtls_platform_zeroize( padding, sizeof( padding ) );
|
|
||||||
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
|
|
||||||
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
static int tls1_prf( const unsigned char *secret, size_t slen,
|
static int tls1_prf( const unsigned char *secret, size_t slen,
|
||||||
const char *label,
|
const char *label,
|
||||||
|
@ -733,16 +665,10 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||||
|
|
||||||
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
|
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
|
|
||||||
static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
||||||
static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
|
static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
|
||||||
|
@ -787,13 +713,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
||||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( tls_prf == ssl3_prf )
|
|
||||||
{
|
|
||||||
return( MBEDTLS_SSL_TLS_PRF_SSL3 );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
if( tls_prf == tls1_prf )
|
if( tls_prf == tls1_prf )
|
||||||
{
|
{
|
||||||
|
@ -831,11 +750,6 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
||||||
|
|
||||||
switch( prf )
|
switch( prf )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
case MBEDTLS_SSL_TLS_PRF_SSL3:
|
|
||||||
tls_prf = ssl3_prf;
|
|
||||||
break;
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
case MBEDTLS_SSL_TLS_PRF_TLS1:
|
case MBEDTLS_SSL_TLS_PRF_TLS1:
|
||||||
tls_prf = tls1_prf;
|
tls_prf = tls1_prf;
|
||||||
|
@ -1106,7 +1020,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
* GenericBlockCipher:
|
* GenericBlockCipher:
|
||||||
* 1. if EtM is in use: one block plus MAC
|
* 1. if EtM is in use: one block plus MAC
|
||||||
* otherwise: * first multiple of blocklen greater than maclen
|
* otherwise: * first multiple of blocklen greater than maclen
|
||||||
* 2. IV except for SSL3 and TLS 1.0
|
* 2. IV except for TLS 1.0
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||||
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
|
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
|
||||||
|
@ -1122,9 +1036,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
- transform->maclen % cipher_info->block_size;
|
- transform->maclen % cipher_info->block_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
|
|
||||||
; /* No need to adjust minlen */
|
; /* No need to adjust minlen */
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
@ -1206,21 +1119,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
if( mac_key_len > sizeof( transform->mac_enc ) )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy( transform->mac_enc, mac_enc, mac_key_len );
|
|
||||||
memcpy( transform->mac_dec, mac_dec, mac_key_len );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
|
@ -1452,15 +1350,6 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||||
(void) hash;
|
(void) hash;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
handshake->tls_prf = ssl3_prf;
|
|
||||||
handshake->calc_verify = ssl_calc_verify_ssl;
|
|
||||||
handshake->calc_finished = ssl_calc_finished_ssl;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
|
@ -1509,7 +1398,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||||
* [out] master
|
* [out] master
|
||||||
* [in] ssl: optionally used for debugging, EMS and PSA-PSK
|
* [in] ssl: optionally used for debugging, EMS and PSA-PSK
|
||||||
* debug: conf->f_dbg, conf->p_dbg
|
* debug: conf->f_dbg, conf->p_dbg
|
||||||
* EMS: passed to calc_verify (debug + (SSL3) session_negotiate)
|
* EMS: passed to calc_verify (debug + session_negotiate)
|
||||||
* PSA-PSA: minor_ver, conf
|
* PSA-PSA: minor_ver, conf
|
||||||
*/
|
*/
|
||||||
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
||||||
|
@ -1729,59 +1618,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl,
|
|
||||||
unsigned char *hash,
|
|
||||||
size_t *hlen )
|
|
||||||
{
|
|
||||||
mbedtls_md5_context md5;
|
|
||||||
mbedtls_sha1_context sha1;
|
|
||||||
unsigned char pad_1[48];
|
|
||||||
unsigned char pad_2[48];
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
|
|
||||||
|
|
||||||
mbedtls_md5_init( &md5 );
|
|
||||||
mbedtls_sha1_init( &sha1 );
|
|
||||||
|
|
||||||
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
|
|
||||||
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
|
|
||||||
|
|
||||||
memset( pad_1, 0x36, 48 );
|
|
||||||
memset( pad_2, 0x5C, 48 );
|
|
||||||
|
|
||||||
mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 );
|
|
||||||
mbedtls_md5_update_ret( &md5, pad_1, 48 );
|
|
||||||
mbedtls_md5_finish_ret( &md5, hash );
|
|
||||||
|
|
||||||
mbedtls_md5_starts_ret( &md5 );
|
|
||||||
mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 );
|
|
||||||
mbedtls_md5_update_ret( &md5, pad_2, 48 );
|
|
||||||
mbedtls_md5_update_ret( &md5, hash, 16 );
|
|
||||||
mbedtls_md5_finish_ret( &md5, hash );
|
|
||||||
|
|
||||||
mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, pad_1, 40 );
|
|
||||||
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
|
|
||||||
|
|
||||||
mbedtls_sha1_starts_ret( &sha1 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, pad_2, 40 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, hash + 16, 20 );
|
|
||||||
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
|
|
||||||
|
|
||||||
*hlen = 36;
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
|
|
||||||
|
|
||||||
mbedtls_md5_free( &md5 );
|
|
||||||
mbedtls_sha1_free( &sha1 );
|
|
||||||
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
|
void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
|
||||||
unsigned char *hash,
|
unsigned char *hash,
|
||||||
|
@ -2165,24 +2001,6 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
/*
|
|
||||||
* If using SSLv3 and got no cert, send an Alert message
|
|
||||||
* (otherwise an empty Certificate message will be sent).
|
|
||||||
*/
|
|
||||||
if( mbedtls_ssl_own_cert( ssl ) == NULL &&
|
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
ssl->out_msglen = 2;
|
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
|
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
|
|
||||||
ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
|
|
||||||
goto write_msg;
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
|
@ -2236,10 +2054,6 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
|
|
||||||
write_msg:
|
|
||||||
#endif
|
|
||||||
|
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
||||||
|
@ -2459,25 +2273,6 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
/*
|
|
||||||
* Check if the client sent an empty certificate
|
|
||||||
*/
|
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
if( ssl->in_msglen == 2 &&
|
|
||||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT &&
|
|
||||||
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
|
||||||
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
|
|
||||||
return( -1 );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
|
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
|
||||||
|
@ -2926,8 +2721,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
((void) ciphersuite_info);
|
((void) ciphersuite_info);
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
||||||
else
|
else
|
||||||
|
@ -2952,8 +2746,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
|
mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
|
||||||
mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
|
mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
|
||||||
#endif
|
#endif
|
||||||
|
@ -2980,8 +2773,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
||||||
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
||||||
#endif
|
#endif
|
||||||
|
@ -3003,8 +2795,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
|
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
|
@ -3039,91 +2830,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
static void ssl_calc_finished_ssl(
|
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
|
||||||
{
|
|
||||||
const char *sender;
|
|
||||||
mbedtls_md5_context md5;
|
|
||||||
mbedtls_sha1_context sha1;
|
|
||||||
|
|
||||||
unsigned char padbuf[48];
|
|
||||||
unsigned char md5sum[16];
|
|
||||||
unsigned char sha1sum[20];
|
|
||||||
|
|
||||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
|
||||||
if( !session )
|
|
||||||
session = ssl->session;
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) );
|
|
||||||
|
|
||||||
mbedtls_md5_init( &md5 );
|
|
||||||
mbedtls_sha1_init( &sha1 );
|
|
||||||
|
|
||||||
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
|
|
||||||
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* SSLv3:
|
|
||||||
* hash =
|
|
||||||
* MD5( master + pad2 +
|
|
||||||
* MD5( handshake + sender + master + pad1 ) )
|
|
||||||
* + SHA1( master + pad2 +
|
|
||||||
* SHA1( handshake + sender + master + pad1 ) )
|
|
||||||
*/
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_MD5_ALT)
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
|
|
||||||
md5.state, sizeof( md5.state ) );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SHA1_ALT)
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
|
|
||||||
sha1.state, sizeof( sha1.state ) );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT"
|
|
||||||
: "SRVR";
|
|
||||||
|
|
||||||
memset( padbuf, 0x36, 48 );
|
|
||||||
|
|
||||||
mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 );
|
|
||||||
mbedtls_md5_update_ret( &md5, session->master, 48 );
|
|
||||||
mbedtls_md5_update_ret( &md5, padbuf, 48 );
|
|
||||||
mbedtls_md5_finish_ret( &md5, md5sum );
|
|
||||||
|
|
||||||
mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, session->master, 48 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, padbuf, 40 );
|
|
||||||
mbedtls_sha1_finish_ret( &sha1, sha1sum );
|
|
||||||
|
|
||||||
memset( padbuf, 0x5C, 48 );
|
|
||||||
|
|
||||||
mbedtls_md5_starts_ret( &md5 );
|
|
||||||
mbedtls_md5_update_ret( &md5, session->master, 48 );
|
|
||||||
mbedtls_md5_update_ret( &md5, padbuf, 48 );
|
|
||||||
mbedtls_md5_update_ret( &md5, md5sum, 16 );
|
|
||||||
mbedtls_md5_finish_ret( &md5, buf );
|
|
||||||
|
|
||||||
mbedtls_sha1_starts_ret( &sha1 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, session->master, 48 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, padbuf , 40 );
|
|
||||||
mbedtls_sha1_update_ret( &sha1, sha1sum, 20 );
|
|
||||||
mbedtls_sha1_finish_ret( &sha1, buf + 16 );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
|
|
||||||
|
|
||||||
mbedtls_md5_free( &md5 );
|
|
||||||
mbedtls_sha1_free( &sha1 );
|
|
||||||
|
|
||||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
|
||||||
mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) );
|
|
||||||
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
static void ssl_calc_finished_tls(
|
static void ssl_calc_finished_tls(
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
||||||
|
@ -3448,7 +3154,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
* ciphersuite does this (and this is unlikely to change as activity has
|
* ciphersuite does this (and this is unlikely to change as activity has
|
||||||
* moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
|
* moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
|
||||||
*/
|
*/
|
||||||
hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
|
hash_len = 12;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
ssl->verify_data_len = hash_len;
|
ssl->verify_data_len = hash_len;
|
||||||
|
@ -3550,11 +3256,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
#define SSL_MAX_HASH_LEN 36
|
|
||||||
#else
|
|
||||||
#define SSL_MAX_HASH_LEN 12
|
#define SSL_MAX_HASH_LEN 12
|
||||||
#endif
|
|
||||||
|
|
||||||
int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
@ -3580,12 +3282,6 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* There is currently no ciphersuite using another length with TLS 1.2 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
hash_len = 36;
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
hash_len = 12;
|
hash_len = 12;
|
||||||
|
|
||||||
if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
|
if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
|
||||||
|
@ -3639,8 +3335,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||||
{
|
{
|
||||||
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
|
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
mbedtls_md5_init( &handshake->fin_md5 );
|
mbedtls_md5_init( &handshake->fin_md5 );
|
||||||
mbedtls_sha1_init( &handshake->fin_sha1 );
|
mbedtls_sha1_init( &handshake->fin_sha1 );
|
||||||
mbedtls_md5_starts_ret( &handshake->fin_md5 );
|
mbedtls_md5_starts_ret( &handshake->fin_md5 );
|
||||||
|
@ -4197,13 +3892,60 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
|
static int protocol_version_to_ciphersuites_list_index(int prot_version)
|
||||||
|
{
|
||||||
|
switch(prot_version) {
|
||||||
|
case MBEDTLS_SSL_MINOR_VERSION_1:
|
||||||
|
return 0;
|
||||||
|
case MBEDTLS_SSL_MINOR_VERSION_2:
|
||||||
|
return 1;
|
||||||
|
case MBEDTLS_SSL_MINOR_VERSION_3:
|
||||||
|
return 2;
|
||||||
|
default:
|
||||||
|
return -1;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
static void set_protocol_version_ciphersuites( mbedtls_ssl_config *conf,
|
||||||
|
int prot_version,
|
||||||
|
const int* ciphersuites )
|
||||||
|
{
|
||||||
|
int ciphersuite_list_index =
|
||||||
|
protocol_version_to_ciphersuites_list_index(prot_version);
|
||||||
|
if ( ciphersuite_list_index >= 0 &&
|
||||||
|
(unsigned int)ciphersuite_list_index <
|
||||||
|
sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) )
|
||||||
|
{
|
||||||
|
conf->ciphersuite_list[ciphersuite_list_index] = ciphersuites;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
||||||
const int *ciphersuites )
|
const int *ciphersuites )
|
||||||
{
|
{
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
|
ciphersuites);
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
|
ciphersuites);
|
||||||
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
ciphersuites);
|
||||||
|
}
|
||||||
|
|
||||||
|
const int *mbedtls_ssl_get_protocol_version_ciphersuites(
|
||||||
|
const mbedtls_ssl_config *conf, int prot_version )
|
||||||
|
{
|
||||||
|
int ciphersuite_list_index =
|
||||||
|
protocol_version_to_ciphersuites_list_index(prot_version);
|
||||||
|
if ( ciphersuite_list_index >= 0 &&
|
||||||
|
(unsigned int)ciphersuite_list_index <
|
||||||
|
sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) )
|
||||||
|
{
|
||||||
|
return conf->ciphersuite_list[ciphersuite_list_index];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||||
|
@ -4213,10 +3955,10 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||||
if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
|
if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( minor < MBEDTLS_SSL_MINOR_VERSION_1 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
conf->ciphersuite_list[minor] = ciphersuites;
|
set_protocol_version_ciphersuites(conf, minor, ciphersuites);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
@ -5006,9 +4748,6 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
switch( ssl->minor_ver )
|
switch( ssl->minor_ver )
|
||||||
{
|
{
|
||||||
case MBEDTLS_SSL_MINOR_VERSION_0:
|
|
||||||
return( "SSLv3.0" );
|
|
||||||
|
|
||||||
case MBEDTLS_SSL_MINOR_VERSION_1:
|
case MBEDTLS_SSL_MINOR_VERSION_1:
|
||||||
return( "TLSv1.0" );
|
return( "TLSv1.0" );
|
||||||
|
|
||||||
|
@ -5974,8 +5713,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
mbedtls_md5_free( &handshake->fin_md5 );
|
mbedtls_md5_free( &handshake->fin_md5 );
|
||||||
mbedtls_sha1_free( &handshake->fin_sha1 );
|
mbedtls_sha1_free( &handshake->fin_sha1 );
|
||||||
#endif
|
#endif
|
||||||
|
@ -6982,11 +6720,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
||||||
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
||||||
|
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
|
ssl_preset_suiteb_ciphersuites);
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
|
ssl_preset_suiteb_ciphersuites);
|
||||||
ssl_preset_suiteb_ciphersuites;
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
ssl_preset_suiteb_ciphersuites);
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
||||||
|
@ -7020,12 +6759,13 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
|
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||||
#endif
|
#endif
|
||||||
|
const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites();
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
|
default_ciphersuites);
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
|
||||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
|
default_ciphersuites);
|
||||||
mbedtls_ssl_list_ciphersuites();
|
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
default_ciphersuites);
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
||||||
|
@ -7420,8 +7160,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
|
||||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *output,
|
unsigned char *output,
|
||||||
unsigned char *data, size_t data_len )
|
unsigned char *data, size_t data_len )
|
||||||
|
@ -7503,8 +7242,7 @@ exit:
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
MBEDTLS_SSL_PROTO_TLS1_1 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
|
|
@ -507,9 +507,6 @@ static const char * const features[] = {
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
"MBEDTLS_SSL_MAX_FRAGMENT_LENGTH",
|
"MBEDTLS_SSL_MAX_FRAGMENT_LENGTH",
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
"MBEDTLS_SSL_PROTO_SSL3",
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
"MBEDTLS_SSL_PROTO_TLS1",
|
"MBEDTLS_SSL_PROTO_TLS1",
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||||
|
|
|
@ -424,7 +424,7 @@ int main( void )
|
||||||
" min_version=%%s default: (library default: tls1)\n" \
|
" min_version=%%s default: (library default: tls1)\n" \
|
||||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" force_version=%%s default: \"\" (none)\n" \
|
" force_version=%%s default: \"\" (none)\n" \
|
||||||
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||||
"\n" \
|
"\n" \
|
||||||
" force_ciphersuite=<name> default: all enabled\n"\
|
" force_ciphersuite=<name> default: all enabled\n"\
|
||||||
" query_config=<name> return 0 if the specified\n" \
|
" query_config=<name> return 0 if the specified\n" \
|
||||||
|
@ -1090,9 +1090,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "min_version" ) == 0 )
|
else if( strcmp( p, "min_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "tls1" ) == 0 )
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
else if( strcmp( q, "tls1" ) == 0 )
|
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||||
strcmp( q, "dtls1" ) == 0 )
|
strcmp( q, "dtls1" ) == 0 )
|
||||||
|
@ -1105,9 +1103,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "max_version" ) == 0 )
|
else if( strcmp( p, "max_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "tls1" ) == 0 )
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
else if( strcmp( q, "tls1" ) == 0 )
|
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||||
strcmp( q, "dtls1" ) == 0 )
|
strcmp( q, "dtls1" ) == 0 )
|
||||||
|
@ -1138,12 +1134,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "force_version" ) == 0 )
|
else if( strcmp( p, "force_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "tls1" ) == 0 )
|
||||||
{
|
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
}
|
|
||||||
else if( strcmp( q, "tls1" ) == 0 )
|
|
||||||
{
|
{
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
|
|
|
@ -505,10 +505,10 @@ int main( void )
|
||||||
" min_version=%%s default: (library default: tls1)\n" \
|
" min_version=%%s default: (library default: tls1)\n" \
|
||||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||||
" force_version=%%s default: \"\" (none)\n" \
|
" force_version=%%s default: \"\" (none)\n" \
|
||||||
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||||
"\n" \
|
"\n" \
|
||||||
" version_suites=a,b,c,d per-version ciphersuites\n" \
|
" version_suites=a,b,c per-version ciphersuites\n" \
|
||||||
" in order from ssl3 to tls1_2\n" \
|
" in order from tls1 to tls1_2\n" \
|
||||||
" default: all enabled\n" \
|
" default: all enabled\n" \
|
||||||
" force_ciphersuite=<name> default: all enabled\n" \
|
" force_ciphersuite=<name> default: all enabled\n" \
|
||||||
" query_config=<name> return 0 if the specified\n" \
|
" query_config=<name> return 0 if the specified\n" \
|
||||||
|
@ -1260,7 +1260,7 @@ int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
int ret = 0, len, written, frags, exchanges_left;
|
int ret = 0, len, written, frags, exchanges_left;
|
||||||
int query_config_ret = 0;
|
int query_config_ret = 0;
|
||||||
int version_suites[4][2];
|
int version_suites[3][2];
|
||||||
io_ctx_t io_ctx;
|
io_ctx_t io_ctx;
|
||||||
unsigned char* buf = 0;
|
unsigned char* buf = 0;
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
|
@ -1724,9 +1724,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "min_version" ) == 0 )
|
else if( strcmp( p, "min_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "tls1" ) == 0 )
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
else if( strcmp( q, "tls1" ) == 0 )
|
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||||
strcmp( q, "dtls1" ) == 0 )
|
strcmp( q, "dtls1" ) == 0 )
|
||||||
|
@ -1739,9 +1737,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "max_version" ) == 0 )
|
else if( strcmp( p, "max_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "tls1" ) == 0 )
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
else if( strcmp( q, "tls1" ) == 0 )
|
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||||
strcmp( q, "dtls1" ) == 0 )
|
strcmp( q, "dtls1" ) == 0 )
|
||||||
|
@ -1772,12 +1768,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "force_version" ) == 0 )
|
else if( strcmp( p, "force_version" ) == 0 )
|
||||||
{
|
{
|
||||||
if( strcmp( q, "ssl3" ) == 0 )
|
if( strcmp( q, "tls1" ) == 0 )
|
||||||
{
|
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
|
|
||||||
}
|
|
||||||
else if( strcmp( q, "tls1" ) == 0 )
|
|
||||||
{
|
{
|
||||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||||
|
@ -2128,11 +2119,11 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
if( opt.version_suites != NULL )
|
if( opt.version_suites != NULL )
|
||||||
{
|
{
|
||||||
const char *name[4] = { 0 };
|
const char *name[3] = { 0 };
|
||||||
|
|
||||||
/* Parse 4-element coma-separated list */
|
/* Parse 4-element coma-separated list */
|
||||||
for( i = 0, p = (char *) opt.version_suites;
|
for( i = 0, p = (char *) opt.version_suites;
|
||||||
i < 4 && *p != '\0';
|
i < 3 && *p != '\0';
|
||||||
i++ )
|
i++ )
|
||||||
{
|
{
|
||||||
name[i] = p;
|
name[i] = p;
|
||||||
|
@ -2144,7 +2135,7 @@ int main( int argc, char *argv[] )
|
||||||
*p++ = '\0';
|
*p++ = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
if( i != 4 )
|
if( i != 3 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "too few values for version_suites\n" );
|
mbedtls_printf( "too few values for version_suites\n" );
|
||||||
ret = 1;
|
ret = 1;
|
||||||
|
@ -2154,7 +2145,7 @@ int main( int argc, char *argv[] )
|
||||||
memset( version_suites, 0, sizeof( version_suites ) );
|
memset( version_suites, 0, sizeof( version_suites ) );
|
||||||
|
|
||||||
/* Get the suites identifiers from their name */
|
/* Get the suites identifiers from their name */
|
||||||
for( i = 0; i < 4; i++ )
|
for( i = 0; i < 3; i++ )
|
||||||
{
|
{
|
||||||
version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
|
version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
|
||||||
|
|
||||||
|
@ -2793,14 +2784,11 @@ int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
|
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||||
MBEDTLS_SSL_MINOR_VERSION_0 );
|
MBEDTLS_SSL_MINOR_VERSION_1 );
|
||||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
|
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
|
||||||
MBEDTLS_SSL_MINOR_VERSION_1 );
|
|
||||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
|
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||||
MBEDTLS_SSL_MINOR_VERSION_2 );
|
MBEDTLS_SSL_MINOR_VERSION_2 );
|
||||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
|
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||||
MBEDTLS_SSL_MINOR_VERSION_3 );
|
MBEDTLS_SSL_MINOR_VERSION_3 );
|
||||||
}
|
}
|
||||||
|
|
|
@ -1409,14 +1409,6 @@ int query_config( const char *config )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
if( strcmp( "MBEDTLS_SSL_PROTO_SSL3", config ) == 0 )
|
|
||||||
{
|
|
||||||
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_SSL3 );
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||||
if( strcmp( "MBEDTLS_SSL_PROTO_TLS1", config ) == 0 )
|
if( strcmp( "MBEDTLS_SSL_PROTO_TLS1", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -299,10 +299,6 @@ def crypto_adapter(adapter):
|
||||||
return adapter(name, active, section)
|
return adapter(name, active, section)
|
||||||
return continuation
|
return continuation
|
||||||
|
|
||||||
DEPRECATED = frozenset([
|
|
||||||
'MBEDTLS_SSL_PROTO_SSL3',
|
|
||||||
])
|
|
||||||
|
|
||||||
def no_deprecated_adapter(adapter):
|
def no_deprecated_adapter(adapter):
|
||||||
"""Modify an adapter to disable deprecated symbols.
|
"""Modify an adapter to disable deprecated symbols.
|
||||||
|
|
||||||
|
@ -313,8 +309,6 @@ def no_deprecated_adapter(adapter):
|
||||||
def continuation(name, active, section):
|
def continuation(name, active, section):
|
||||||
if name == 'MBEDTLS_DEPRECATED_REMOVED':
|
if name == 'MBEDTLS_DEPRECATED_REMOVED':
|
||||||
return True
|
return True
|
||||||
if name in DEPRECATED:
|
|
||||||
return False
|
|
||||||
if adapter is None:
|
if adapter is None:
|
||||||
return active
|
return active
|
||||||
return adapter(name, active, section)
|
return adapter(name, active, section)
|
||||||
|
|
|
@ -163,9 +163,6 @@ is_dtls()
|
||||||
minor_ver()
|
minor_ver()
|
||||||
{
|
{
|
||||||
case "$1" in
|
case "$1" in
|
||||||
ssl3)
|
|
||||||
echo 0
|
|
||||||
;;
|
|
||||||
tls1)
|
tls1)
|
||||||
echo 1
|
echo 1
|
||||||
;;
|
;;
|
||||||
|
@ -872,9 +869,6 @@ setup_arguments()
|
||||||
{
|
{
|
||||||
G_MODE=""
|
G_MODE=""
|
||||||
case "$MODE" in
|
case "$MODE" in
|
||||||
"ssl3")
|
|
||||||
G_PRIO_MODE="+VERS-SSL3.0"
|
|
||||||
;;
|
|
||||||
"tls1")
|
"tls1")
|
||||||
G_PRIO_MODE="+VERS-TLS1.0"
|
G_PRIO_MODE="+VERS-TLS1.0"
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -254,7 +254,7 @@ Tool path options:
|
||||||
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
|
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
|
||||||
--gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
|
--gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
|
||||||
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
|
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
|
||||||
--openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3.
|
--openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests..
|
||||||
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
|
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
@ -843,26 +843,6 @@ component_test_ref_configs () {
|
||||||
record_status tests/scripts/test-ref-configs.pl
|
record_status tests/scripts/test-ref-configs.pl
|
||||||
}
|
}
|
||||||
|
|
||||||
component_test_sslv3 () {
|
|
||||||
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
|
|
||||||
scripts/config.py set MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
|
||||||
make
|
|
||||||
|
|
||||||
msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
|
|
||||||
make test
|
|
||||||
|
|
||||||
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
|
|
||||||
if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
|
||||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
|
|
||||||
|
|
||||||
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
|
|
||||||
if_build_succeeded tests/ssl-opt.sh
|
|
||||||
|
|
||||||
msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec
|
|
||||||
if_build_succeeded tests/context-info.sh
|
|
||||||
}
|
|
||||||
|
|
||||||
component_test_no_renegotiation () {
|
component_test_no_renegotiation () {
|
||||||
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
|
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
|
||||||
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
|
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
|
|
@ -118,10 +118,6 @@ echo '################ compat.sh ################'
|
||||||
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
||||||
echo
|
echo
|
||||||
|
|
||||||
echo '#### compat.sh: legacy (SSLv3)'
|
|
||||||
OPENSSL_CMD="$OPENSSL_LEGACY" sh compat.sh -m 'ssl3'
|
|
||||||
echo
|
|
||||||
|
|
||||||
echo '#### compat.sh: legacy (null, DES, RC4)'
|
echo '#### compat.sh: legacy (null, DES, RC4)'
|
||||||
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
OPENSSL_CMD="$OPENSSL_LEGACY" \
|
||||||
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
||||||
|
|
191
tests/ssl-opt.sh
191
tests/ssl-opt.sh
|
@ -2386,32 +2386,6 @@ run_test "Encrypt then MAC: client disabled, server enabled" \
|
||||||
-C "using encrypt then mac" \
|
-C "using encrypt then mac" \
|
||||||
-S "using encrypt then mac"
|
-S "using encrypt then mac"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Encrypt then MAC: client SSLv3, server enabled" \
|
|
||||||
"$P_SRV debug_level=3 min_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
|
||||||
"$P_CLI debug_level=3 force_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-C "client hello, adding encrypt_then_mac extension" \
|
|
||||||
-S "found encrypt then mac extension" \
|
|
||||||
-S "server hello, adding encrypt then mac extension" \
|
|
||||||
-C "found encrypt_then_mac extension" \
|
|
||||||
-C "using encrypt then mac" \
|
|
||||||
-S "using encrypt then mac"
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Encrypt then MAC: client enabled, server SSLv3" \
|
|
||||||
"$P_SRV debug_level=3 force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
|
||||||
"$P_CLI debug_level=3 min_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-c "client hello, adding encrypt_then_mac extension" \
|
|
||||||
-S "found encrypt then mac extension" \
|
|
||||||
-S "server hello, adding encrypt then mac extension" \
|
|
||||||
-C "found encrypt_then_mac extension" \
|
|
||||||
-C "using encrypt then mac" \
|
|
||||||
-S "using encrypt then mac"
|
|
||||||
|
|
||||||
# Tests for Extended Master Secret extension
|
# Tests for Extended Master Secret extension
|
||||||
|
|
||||||
run_test "Extended Master Secret: default" \
|
run_test "Extended Master Secret: default" \
|
||||||
|
@ -2447,30 +2421,6 @@ run_test "Extended Master Secret: client disabled, server enabled" \
|
||||||
-C "session hash for extended master secret" \
|
-C "session hash for extended master secret" \
|
||||||
-S "session hash for extended master secret"
|
-S "session hash for extended master secret"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Extended Master Secret: client SSLv3, server enabled" \
|
|
||||||
"$P_SRV debug_level=3 min_version=ssl3" \
|
|
||||||
"$P_CLI debug_level=3 force_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-C "client hello, adding extended_master_secret extension" \
|
|
||||||
-S "found extended master secret extension" \
|
|
||||||
-S "server hello, adding extended master secret extension" \
|
|
||||||
-C "found extended_master_secret extension" \
|
|
||||||
-C "session hash for extended master secret" \
|
|
||||||
-S "session hash for extended master secret"
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Extended Master Secret: client enabled, server SSLv3" \
|
|
||||||
"$P_SRV debug_level=3 force_version=ssl3" \
|
|
||||||
"$P_CLI debug_level=3 min_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-c "client hello, adding extended_master_secret extension" \
|
|
||||||
-S "found extended master secret extension" \
|
|
||||||
-S "server hello, adding extended master secret extension" \
|
|
||||||
-C "found extended_master_secret extension" \
|
|
||||||
-C "session hash for extended master secret" \
|
|
||||||
-S "session hash for extended master secret"
|
|
||||||
|
|
||||||
# Tests for FALLBACK_SCSV
|
# Tests for FALLBACK_SCSV
|
||||||
|
|
||||||
run_test "Fallback SCSV: default" \
|
run_test "Fallback SCSV: default" \
|
||||||
|
@ -2641,16 +2591,6 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \
|
||||||
-s "Read from client: 1 bytes read" \
|
-s "Read from client: 1 bytes read" \
|
||||||
-s "122 bytes read"
|
-s "122 bytes read"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "CBC Record splitting: SSLv3, splitting" \
|
|
||||||
"$P_SRV min_version=ssl3" \
|
|
||||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
|
||||||
request_size=123 force_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-S "Read from client: 123 bytes read" \
|
|
||||||
-s "Read from client: 1 bytes read" \
|
|
||||||
-s "122 bytes read"
|
|
||||||
|
|
||||||
run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
|
run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
|
||||||
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
|
||||||
|
@ -4030,22 +3970,6 @@ run_test "Authentication: client SHA384, server required" \
|
||||||
-c "Supported Signature Algorithm found: 4," \
|
-c "Supported Signature Algorithm found: 4," \
|
||||||
-c "Supported Signature Algorithm found: 5,"
|
-c "Supported Signature Algorithm found: 5,"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Authentication: client has no cert, server required (SSLv3)" \
|
|
||||||
"$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
|
|
||||||
"$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
|
|
||||||
key_file=data_files/server5.key" \
|
|
||||||
1 \
|
|
||||||
-S "skip write certificate request" \
|
|
||||||
-C "skip parse certificate request" \
|
|
||||||
-c "got a certificate request" \
|
|
||||||
-c "got no certificate to send" \
|
|
||||||
-S "x509_verify_cert() returned" \
|
|
||||||
-s "client has no certificate" \
|
|
||||||
-s "! mbedtls_ssl_handshake returned" \
|
|
||||||
-c "! mbedtls_ssl_handshake returned" \
|
|
||||||
-s "No client certification received from the client, but required by the authentication mode"
|
|
||||||
|
|
||||||
run_test "Authentication: client has no cert, server required (TLS)" \
|
run_test "Authentication: client has no cert, server required (TLS)" \
|
||||||
"$P_SRV debug_level=3 auth_mode=required" \
|
"$P_SRV debug_level=3 auth_mode=required" \
|
||||||
"$P_CLI debug_level=3 crt_file=none \
|
"$P_CLI debug_level=3 crt_file=none \
|
||||||
|
@ -4143,7 +4067,6 @@ run_test "Authentication: client no cert, server optional" \
|
||||||
-c "got a certificate request" \
|
-c "got a certificate request" \
|
||||||
-C "skip write certificate$" \
|
-C "skip write certificate$" \
|
||||||
-C "got no certificate to send" \
|
-C "got no certificate to send" \
|
||||||
-S "SSLv3 client has no certificate" \
|
|
||||||
-c "skip write certificate verify" \
|
-c "skip write certificate verify" \
|
||||||
-s "skip parse certificate verify" \
|
-s "skip parse certificate verify" \
|
||||||
-s "! Certificate was missing" \
|
-s "! Certificate was missing" \
|
||||||
|
@ -4181,24 +4104,6 @@ run_test "Authentication: client no cert, openssl server required" \
|
||||||
-c "skip write certificate verify" \
|
-c "skip write certificate verify" \
|
||||||
-c "! mbedtls_ssl_handshake returned"
|
-c "! mbedtls_ssl_handshake returned"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Authentication: client no cert, ssl3" \
|
|
||||||
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
|
|
||||||
"$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-S "skip write certificate request" \
|
|
||||||
-C "skip parse certificate request" \
|
|
||||||
-c "got a certificate request" \
|
|
||||||
-C "skip write certificate$" \
|
|
||||||
-c "skip write certificate verify" \
|
|
||||||
-c "got no certificate to send" \
|
|
||||||
-s "SSLv3 client has no certificate" \
|
|
||||||
-s "skip parse certificate verify" \
|
|
||||||
-s "! Certificate was missing" \
|
|
||||||
-S "! mbedtls_ssl_handshake returned" \
|
|
||||||
-C "! mbedtls_ssl_handshake returned" \
|
|
||||||
-S "X509 - Certificate verification failed"
|
|
||||||
|
|
||||||
# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
|
# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
|
||||||
# default value (8)
|
# default value (8)
|
||||||
|
|
||||||
|
@ -5899,20 +5804,11 @@ run_test "ECJPAKE: working, DTLS, nolog" \
|
||||||
|
|
||||||
# Tests for ciphersuites per version
|
# Tests for ciphersuites per version
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
|
||||||
run_test "Per-version suites: SSL3" \
|
|
||||||
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
|
||||||
"$P_CLI force_version=ssl3" \
|
|
||||||
0 \
|
|
||||||
-c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
|
||||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
requires_config_enabled MBEDTLS_CAMELLIA_C
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
run_test "Per-version suites: TLS 1.0" \
|
run_test "Per-version suites: TLS 1.0" \
|
||||||
"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
"$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||||
"$P_CLI force_version=tls1 arc4=1" \
|
"$P_CLI force_version=tls1 arc4=1" \
|
||||||
0 \
|
0 \
|
||||||
-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
|
-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
|
||||||
|
@ -5921,7 +5817,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
requires_config_enabled MBEDTLS_CAMELLIA_C
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
run_test "Per-version suites: TLS 1.1" \
|
run_test "Per-version suites: TLS 1.1" \
|
||||||
"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
"$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||||
"$P_CLI force_version=tls1_1" \
|
"$P_CLI force_version=tls1_1" \
|
||||||
0 \
|
0 \
|
||||||
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
|
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
|
||||||
|
@ -5930,7 +5826,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
requires_config_enabled MBEDTLS_CAMELLIA_C
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
run_test "Per-version suites: TLS 1.2" \
|
run_test "Per-version suites: TLS 1.2" \
|
||||||
"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
"$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||||
"$P_CLI force_version=tls1_2" \
|
"$P_CLI force_version=tls1_2" \
|
||||||
0 \
|
0 \
|
||||||
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
|
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
|
||||||
|
@ -5960,22 +5856,6 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \
|
||||||
|
|
||||||
# Tests for small client packets
|
# Tests for small client packets
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Small client packet SSLv3 BlockCipher" \
|
|
||||||
"$P_SRV min_version=ssl3" \
|
|
||||||
"$P_CLI request_size=1 force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
|
||||||
0 \
|
|
||||||
-s "Read from client: 1 bytes read"
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Small client packet SSLv3 StreamCipher" \
|
|
||||||
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
"$P_CLI request_size=1 force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
0 \
|
|
||||||
-s "Read from client: 1 bytes read"
|
|
||||||
|
|
||||||
run_test "Small client packet TLS 1.0 BlockCipher" \
|
run_test "Small client packet TLS 1.0 BlockCipher" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=1 force_version=tls1 \
|
"$P_CLI request_size=1 force_version=tls1 \
|
||||||
|
@ -6249,22 +6129,6 @@ run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
|
||||||
|
|
||||||
# Tests for small server packets
|
# Tests for small server packets
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Small server packet SSLv3 BlockCipher" \
|
|
||||||
"$P_SRV response_size=1 min_version=ssl3" \
|
|
||||||
"$P_CLI force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
|
||||||
0 \
|
|
||||||
-c "Read from server: 1 bytes read"
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Small server packet SSLv3 StreamCipher" \
|
|
||||||
"$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
"$P_CLI force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
0 \
|
|
||||||
-c "Read from server: 1 bytes read"
|
|
||||||
|
|
||||||
run_test "Small server packet TLS 1.0 BlockCipher" \
|
run_test "Small server packet TLS 1.0 BlockCipher" \
|
||||||
"$P_SRV response_size=1" \
|
"$P_SRV response_size=1" \
|
||||||
"$P_CLI force_version=tls1 \
|
"$P_CLI force_version=tls1 \
|
||||||
|
@ -6536,16 +6400,6 @@ run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
|
||||||
0 \
|
0 \
|
||||||
-c "Read from server: 1 bytes read"
|
-c "Read from server: 1 bytes read"
|
||||||
|
|
||||||
# A test for extensions in SSLv3
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "SSLv3 with extensions, server side" \
|
|
||||||
"$P_SRV min_version=ssl3 debug_level=3" \
|
|
||||||
"$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
|
|
||||||
0 \
|
|
||||||
-S "dumping 'client hello extensions'" \
|
|
||||||
-S "server hello, total extension length:"
|
|
||||||
|
|
||||||
# Test for large client packets
|
# Test for large client packets
|
||||||
|
|
||||||
# How many fragments do we expect to write $1 bytes?
|
# How many fragments do we expect to write $1 bytes?
|
||||||
|
@ -6553,24 +6407,6 @@ fragments_for_write() {
|
||||||
echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
|
echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
|
||||||
}
|
}
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Large client packet SSLv3 BlockCipher" \
|
|
||||||
"$P_SRV min_version=ssl3" \
|
|
||||||
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
|
||||||
0 \
|
|
||||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
|
||||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Large client packet SSLv3 StreamCipher" \
|
|
||||||
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
"$P_CLI request_size=16384 force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
0 \
|
|
||||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
|
||||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
|
||||||
|
|
||||||
run_test "Large client packet TLS 1.0 BlockCipher" \
|
run_test "Large client packet TLS 1.0 BlockCipher" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||||
|
@ -6786,26 +6622,7 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
|
||||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||||
|
|
||||||
# Test for large server packets
|
# Checking next 3 tests logs for 1n-1 split against BEAST too
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Large server packet SSLv3 StreamCipher" \
|
|
||||||
"$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
"$P_CLI force_version=ssl3 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
|
||||||
0 \
|
|
||||||
-c "Read from server: 16384 bytes read"
|
|
||||||
|
|
||||||
# Checking next 4 tests logs for 1n-1 split against BEAST too
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
run_test "Large server packet SSLv3 BlockCipher" \
|
|
||||||
"$P_SRV response_size=16384 min_version=ssl3" \
|
|
||||||
"$P_CLI force_version=ssl3 recsplit=0 \
|
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
|
||||||
0 \
|
|
||||||
-c "Read from server: 1 bytes read"\
|
|
||||||
-c "16383 bytes read"\
|
|
||||||
-C "Read from server: 16384 bytes read"
|
|
||||||
|
|
||||||
run_test "Large server packet TLS 1.0 BlockCipher" \
|
run_test "Large server packet TLS 1.0 BlockCipher" \
|
||||||
"$P_SRV response_size=16384" \
|
"$P_SRV response_size=16384" \
|
||||||
"$P_CLI force_version=tls1 recsplit=0 \
|
"$P_CLI force_version=tls1 recsplit=0 \
|
||||||
|
|
|
@ -199,10 +199,6 @@ move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_RE
|
||||||
Negative test moving servers ssl to state: NEW_SESSION_TICKET
|
Negative test moving servers ssl to state: NEW_SESSION_TICKET
|
||||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
|
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
|
||||||
|
|
||||||
Handshake, SSL3
|
|
||||||
depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
|
||||||
handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0
|
|
||||||
|
|
||||||
Handshake, tls1
|
Handshake, tls1
|
||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
|
depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC
|
||||||
handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1
|
handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1
|
||||||
|
@ -982,38 +978,6 @@ Record crypt, AES-128-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, 1.2, SHA-384
|
Record crypt, AES-192-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -1334,38 +1298,6 @@ Record crypt, AES-192-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-192-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, 1.2, SHA-384
|
Record crypt, AES-256-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -1686,38 +1618,6 @@ Record crypt, AES-256-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-256-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, 1.2, SHA-384
|
Record crypt, ARIA-128-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -2038,38 +1938,6 @@ Record crypt, ARIA-128-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-128-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, 1.2, SHA-384
|
Record crypt, ARIA-192-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -2390,38 +2258,6 @@ Record crypt, ARIA-192-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-192-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, 1.2, SHA-384
|
Record crypt, ARIA-256-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -2742,38 +2578,6 @@ Record crypt, ARIA-256-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARIA-256-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
|
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -3094,38 +2898,6 @@ Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384
|
Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -3446,38 +3218,6 @@ Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
|
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -3798,38 +3538,6 @@ Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, 1.2, SHA-384
|
Record crypt, BLOWFISH-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -4150,38 +3858,6 @@ Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, AES-128-GCM, 1.2
|
Record crypt, AES-128-GCM, 1.2
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -4814,38 +4490,6 @@ Record crypt, ARC4-128, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ARC4-128, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, 1.2, SHA-384
|
Record crypt, NULL cipher, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -5038,38 +4682,6 @@ Record crypt, NULL cipher, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, NULL cipher, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, ChachaPoly
|
Record crypt, ChachaPoly
|
||||||
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
|
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -5414,38 +5026,6 @@ Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, 1.2, SHA-384
|
Record crypt, little space, AES-192-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -5766,38 +5346,6 @@ Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, 1.2, SHA-384
|
Record crypt, little space, AES-256-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -6118,38 +5666,6 @@ Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
|
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -6470,38 +5986,6 @@ Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384
|
Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -6822,38 +6306,6 @@ Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
|
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -7174,38 +6626,6 @@ Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
|
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -7526,38 +6946,6 @@ Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384
|
Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -7878,38 +7266,6 @@ Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
|
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -8230,38 +7586,6 @@ Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384
|
Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -8582,38 +7906,6 @@ Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, AES-128-GCM, 1.2
|
Record crypt, little space, AES-128-GCM, 1.2
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -9118,38 +8410,6 @@ Record crypt, little space, ARC4-128, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, ARC4-128, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, 1.2, SHA-384
|
Record crypt, little space, NULL cipher, 1.2, SHA-384
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||||
|
@ -9342,38 +8602,6 @@ Record crypt, little space, NULL cipher, 1.0, MD5, short tag, EtM
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, SHA-1
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, SHA-1, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, MD5
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, MD5, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, MD5, short tag
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM
|
|
||||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
||||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
|
|
||||||
|
|
||||||
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
|
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
|
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
|
||||||
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
|
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
|
||||||
|
@ -10528,10 +9756,6 @@ ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||||
|
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3
|
|
||||||
depends_on:MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":0
|
|
||||||
|
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled
|
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled
|
||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1
|
depends_on:MBEDTLS_SSL_PROTO_TLS1
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
|
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
|
||||||
|
@ -10548,10 +9772,6 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256
|
||||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2
|
depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
|
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
|
||||||
|
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3 not enabled
|
|
||||||
depends_on:!MBEDTLS_SSL_PROTO_SSL3
|
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
|
||||||
|
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled
|
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled
|
||||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1
|
depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||||
|
|
|
@ -1276,8 +1276,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
|
||||||
CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
|
CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
|
||||||
CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
|
CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
|
||||||
|
|
||||||
if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
|
|
||||||
{
|
|
||||||
CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
|
CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
|
||||||
md0, maclen ) == 0 );
|
md0, maclen ) == 0 );
|
||||||
CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
|
CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
|
||||||
|
@ -1287,16 +1285,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
|
||||||
CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
|
CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
|
||||||
md0, maclen ) == 0 );
|
md0, maclen ) == 0 );
|
||||||
}
|
}
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
|
||||||
else
|
|
||||||
{
|
|
||||||
memcpy( &t_in->mac_enc, md0, maclen );
|
|
||||||
memcpy( &t_in->mac_dec, md1, maclen );
|
|
||||||
memcpy( &t_out->mac_enc, md1, maclen );
|
|
||||||
memcpy( &t_out->mac_dec, md0, maclen );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#else
|
#else
|
||||||
((void) hash_id);
|
((void) hash_id);
|
||||||
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
|
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
|
||||||
|
@ -1873,8 +1861,7 @@ void perform_handshake( handshake_test_options* options )
|
||||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||||
if( options->resize_buffers != 0 )
|
if( options->resize_buffers != 0 )
|
||||||
{
|
{
|
||||||
if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
|
if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
|
|
||||||
{
|
{
|
||||||
/* A server, when using DTLS, might delay a buffer resize to happen
|
/* A server, when using DTLS, might delay a buffer resize to happen
|
||||||
* after it receives a message, so we force it. */
|
* after it receives a message, so we force it. */
|
||||||
|
@ -3473,10 +3460,9 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
||||||
* Test record decryption for CBC without EtM, focused on the verification
|
* Test record decryption for CBC without EtM, focused on the verification
|
||||||
* of padding and MAC.
|
* of padding and MAC.
|
||||||
*
|
*
|
||||||
* Actually depends on TLS >= 1.0 (SSL 3.0 computes the MAC differently),
|
* Actually depends on TLS >= 1.0 and either AES, ARIA, Camellia or DES,
|
||||||
* and either AES, ARIA, Camellia or DES, but since the test framework
|
* but since the test framework doesn't support alternation in
|
||||||
* doesn't support alternation in dependency statements, just depend on
|
* dependency statements, just depend on TLS 1.2 and AES.
|
||||||
* TLS 1.2 and AES.
|
|
||||||
*
|
*
|
||||||
* The length_selector argument is interpreted as follows:
|
* The length_selector argument is interpreted as follows:
|
||||||
* - if it's -1, the plaintext length is 0 and minimal padding is applied
|
* - if it's -1, the plaintext length is 0 and minimal padding is applied
|
||||||
|
@ -4224,10 +4210,9 @@ void handshake_version( int dtls, int client_min_version, int client_max_version
|
||||||
options.expected_negotiated_version = expected_negotiated_version;
|
options.expected_negotiated_version = expected_negotiated_version;
|
||||||
|
|
||||||
options.dtls = dtls;
|
options.dtls = dtls;
|
||||||
/* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so
|
/* By default, TLSv1.0 use 1/n-1 splitting when sending data, so
|
||||||
* the number of fragments will be twice as big. */
|
* the number of fragments will be twice as big. */
|
||||||
if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
|
|
||||||
{
|
{
|
||||||
options.expected_cli_fragments = 2;
|
options.expected_cli_fragments = 2;
|
||||||
options.expected_srv_fragments = 2;
|
options.expected_srv_fragments = 2;
|
||||||
|
|
Loading…
Reference in a new issue