Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
commit
93c89ccc35
@ -16,6 +16,7 @@ EXTRA_DIST += \
|
|||||||
certs/dh2048.pem \
|
certs/dh2048.pem \
|
||||||
certs/server-cert.pem \
|
certs/server-cert.pem \
|
||||||
certs/server-ecc.pem \
|
certs/server-ecc.pem \
|
||||||
|
certs/server-ecc-rsa.pem \
|
||||||
certs/server-keyEnc.pem \
|
certs/server-keyEnc.pem \
|
||||||
certs/server-key.pem \
|
certs/server-key.pem \
|
||||||
certs/server-keyPkcs8Enc12.pem \
|
certs/server-keyPkcs8Enc12.pem \
|
||||||
|
54
certs/server-ecc-rsa.pem
Normal file
54
certs/server-ecc-rsa.pem
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 1 (0x0)
|
||||||
|
Serial Number: 9 (0x9)
|
||||||
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
|
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
|
Validity
|
||||||
|
Not Before: Aug 8 21:58:29 2012 GMT
|
||||||
|
Not After : May 5 21:58:29 2015 GMT
|
||||||
|
Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: id-ecPublicKey
|
||||||
|
EC Public Key:
|
||||||
|
pub:
|
||||||
|
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
|
||||||
|
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
|
||||||
|
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
|
||||||
|
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
|
||||||
|
0b:80:34:89:d8
|
||||||
|
ASN1 OID: prime256v1
|
||||||
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
|
a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
|
||||||
|
68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
|
||||||
|
e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
|
||||||
|
ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
|
||||||
|
0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
|
||||||
|
43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
|
||||||
|
f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
|
||||||
|
fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
|
||||||
|
3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
|
||||||
|
c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
|
||||||
|
e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
|
||||||
|
a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
|
||||||
|
e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
|
||||||
|
aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
|
||||||
|
7e:e2:07:f7
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
|
||||||
|
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
|
||||||
|
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
|
||||||
|
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
|
||||||
|
MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
|
||||||
|
b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
|
||||||
|
MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
|
||||||
|
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
|
||||||
|
AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
|
||||||
|
W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
|
||||||
|
Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
|
||||||
|
EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
|
||||||
|
ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
|
||||||
|
HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
|
||||||
|
zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
|
||||||
|
pMqHk6+wJX7iB/c=
|
||||||
|
-----END CERTIFICATE-----
|
@ -101,11 +101,12 @@ enum CyaSSL_ErrorCodes {
|
|||||||
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
|
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
|
||||||
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
|
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
|
||||||
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
|
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
|
||||||
|
COOKIE_ERROR = -269, /* dtls cookie error */
|
||||||
/* add strings to SetErrorString !!!!! */
|
/* add strings to SetErrorString !!!!! */
|
||||||
|
|
||||||
/* begin negotiation parameter errors */
|
/* begin negotiation parameter errors */
|
||||||
UNSUPPORTED_SUITE = -270, /* unsupported cipher suite */
|
UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */
|
||||||
MATCH_SUITE_ERROR = -271 /* can't match cipher suite */
|
MATCH_SUITE_ERROR = -291 /* can't match cipher suite */
|
||||||
/* end negotiation parameter errors only 10 for now */
|
/* end negotiation parameter errors only 10 for now */
|
||||||
/* add strings to SetErrorString !!!!! */
|
/* add strings to SetErrorString !!!!! */
|
||||||
};
|
};
|
||||||
|
@ -784,7 +784,7 @@ struct CYASSL_CTX {
|
|||||||
byte sendVerify; /* for client side */
|
byte sendVerify; /* for client side */
|
||||||
byte haveDH; /* server DH parms set by user */
|
byte haveDH; /* server DH parms set by user */
|
||||||
byte haveNTRU; /* server private NTRU key loaded */
|
byte haveNTRU; /* server private NTRU key loaded */
|
||||||
byte haveECDSA; /* server cert signed w/ ECDSA loaded */
|
byte haveECDSAsig; /* server cert signed w/ ECDSA */
|
||||||
byte haveStaticECC; /* static server ECC private key */
|
byte haveStaticECC; /* static server ECC private key */
|
||||||
byte partialWrite; /* only one msg per write call */
|
byte partialWrite; /* only one msg per write call */
|
||||||
byte quietShutdown; /* don't send close notify */
|
byte quietShutdown; /* don't send close notify */
|
||||||
@ -1104,7 +1104,7 @@ typedef struct Options {
|
|||||||
byte usingCompression; /* are we using compression */
|
byte usingCompression; /* are we using compression */
|
||||||
byte haveDH; /* server DH parms set by user */
|
byte haveDH; /* server DH parms set by user */
|
||||||
byte haveNTRU; /* server NTRU private key loaded */
|
byte haveNTRU; /* server NTRU private key loaded */
|
||||||
byte haveECDSA; /* server ECDSA signed cert */
|
byte haveECDSAsig; /* server ECDSA signed cert */
|
||||||
byte haveStaticECC; /* static server ECC private key */
|
byte haveStaticECC; /* static server ECC private key */
|
||||||
byte havePeerCert; /* do we have peer's cert */
|
byte havePeerCert; /* do we have peer's cert */
|
||||||
byte usingPSK_cipher; /* whether we're using psk as cipher */
|
byte usingPSK_cipher; /* whether we're using psk as cipher */
|
||||||
|
126
src/internal.c
126
src/internal.c
@ -321,7 +321,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||||||
ctx->serverDH_G.buffer = 0;
|
ctx->serverDH_G.buffer = 0;
|
||||||
ctx->haveDH = 0;
|
ctx->haveDH = 0;
|
||||||
ctx->haveNTRU = 0; /* start off */
|
ctx->haveNTRU = 0; /* start off */
|
||||||
ctx->haveECDSA = 0; /* start off */
|
ctx->haveECDSAsig = 0; /* start off */
|
||||||
ctx->haveStaticECC = 0; /* start off */
|
ctx->haveStaticECC = 0; /* start off */
|
||||||
ctx->heap = ctx; /* defaults to self */
|
ctx->heap = ctx; /* defaults to self */
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
@ -360,14 +360,14 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
if (method->side == CLIENT_END) {
|
if (method->side == CLIENT_END) {
|
||||||
ctx->haveECDSA = 1; /* always on cliet side */
|
ctx->haveECDSAsig = 1; /* always on cliet side */
|
||||||
ctx->haveStaticECC = 1; /* server can turn on by loading key */
|
ctx->haveStaticECC = 1; /* server can turn on by loading key */
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
ctx->suites.setSuites = 0; /* user hasn't set yet */
|
ctx->suites.setSuites = 0; /* user hasn't set yet */
|
||||||
/* remove DH later if server didn't set, add psk later */
|
/* remove DH later if server didn't set, add psk later */
|
||||||
InitSuites(&ctx->suites, method->version, TRUE, FALSE, ctx->haveNTRU,
|
InitSuites(&ctx->suites, method->version, TRUE, FALSE, ctx->haveNTRU,
|
||||||
ctx->haveECDSA, ctx->haveStaticECC, method->side);
|
ctx->haveECDSAsig, ctx->haveStaticECC, method->side);
|
||||||
ctx->verifyPeer = 0;
|
ctx->verifyPeer = 0;
|
||||||
ctx->verifyNone = 0;
|
ctx->verifyNone = 0;
|
||||||
ctx->failNoCert = 0;
|
ctx->failNoCert = 0;
|
||||||
@ -436,12 +436,13 @@ void FreeSSL_Ctx(CYASSL_CTX* ctx)
|
|||||||
|
|
||||||
|
|
||||||
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||||
byte haveNTRU, byte haveStaticECC, byte haveECDSA, int side)
|
byte haveNTRU, byte haveECDSAsig, byte haveStaticECC, int side)
|
||||||
{
|
{
|
||||||
word16 idx = 0;
|
word16 idx = 0;
|
||||||
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
|
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
|
||||||
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
||||||
int haveRSA = 1;
|
int haveRSA = 1;
|
||||||
|
int haveRSAsig = 1;
|
||||||
|
|
||||||
(void)tls; /* shut up compiler */
|
(void)tls; /* shut up compiler */
|
||||||
(void)haveDH;
|
(void)haveDH;
|
||||||
@ -452,8 +453,11 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
if (suites->setSuites)
|
if (suites->setSuites)
|
||||||
return; /* trust user settings, don't override */
|
return; /* trust user settings, don't override */
|
||||||
|
|
||||||
if (side == SERVER_END && haveECDSA)
|
if (side == SERVER_END && haveStaticECC)
|
||||||
haveRSA = 0; /* can't do RSA with ECDSA cert */
|
haveRSA = 0; /* can't do RSA with ECDSA key */
|
||||||
|
|
||||||
|
if (side == SERVER_END && haveECDSAsig)
|
||||||
|
haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
|
||||||
|
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR)
|
if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR)
|
||||||
@ -489,84 +493,84 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
if (tls1_2 && haveECDSA) {
|
if (tls1_2 && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
|
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
if (tls && haveECDSA) {
|
if (tls && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
if (tls1_2 && haveECDSA && haveStaticECC) {
|
if (tls1_2 && haveECDSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
if (tls && haveECDSA && haveStaticECC) {
|
if (tls && haveECDSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
if (tls1_2 && haveECDSA) {
|
if (tls1_2 && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
|
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
if (tls && haveECDSA) {
|
if (tls && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
if (tls1_2 && haveECDSA && haveStaticECC) {
|
if (tls1_2 && haveECDSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
if (tls && haveECDSA && haveStaticECC) {
|
if (tls && haveECDSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||||
if (tls && haveECDSA) {
|
if (tls && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
|
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||||
if (tls && haveECDSA && haveStaticECC) {
|
if (tls && haveECDSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
if (tls && haveECDSA) {
|
if (tls && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
if (tls && haveECDSA && haveStaticECC) {
|
if (tls && haveECDSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
}
|
}
|
||||||
@ -587,14 +591,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||||
if (tls1_2 && haveRSA && haveStaticECC) {
|
if (tls1_2 && haveRSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
|
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||||
if (tls && haveRSA && haveStaticECC) {
|
if (tls && haveRSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
|
||||||
}
|
}
|
||||||
@ -615,14 +619,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||||
if (tls1_2 && haveRSA && haveStaticECC) {
|
if (tls1_2 && haveRSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
|
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||||
if (tls && haveRSA && haveStaticECC) {
|
if (tls && haveRSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
|
||||||
}
|
}
|
||||||
@ -636,7 +640,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
|
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||||
if (tls && haveRSA && haveStaticECC) {
|
if (tls && haveRSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
|
suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
|
||||||
}
|
}
|
||||||
@ -650,7 +654,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
if (tls && haveRSA && haveStaticECC) {
|
if (tls && haveRSAsig && haveStaticECC) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
|
suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
}
|
}
|
||||||
@ -889,8 +893,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ssl->options.haveDH = ctx->haveDH;
|
ssl->options.haveDH = ctx->haveDH;
|
||||||
else
|
else
|
||||||
ssl->options.haveDH = 0;
|
ssl->options.haveDH = 0;
|
||||||
ssl->options.haveNTRU = ctx->haveNTRU;
|
ssl->options.haveNTRU = ctx->haveNTRU;
|
||||||
ssl->options.haveECDSA = ctx->haveECDSA;
|
ssl->options.haveECDSAsig = ctx->haveECDSAsig;
|
||||||
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
||||||
ssl->options.havePeerCert = 0;
|
ssl->options.havePeerCert = 0;
|
||||||
ssl->options.usingPSK_cipher = 0;
|
ssl->options.usingPSK_cipher = 0;
|
||||||
@ -915,6 +919,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ssl->keys.dtls_handshake_number = 0;
|
ssl->keys.dtls_handshake_number = 0;
|
||||||
ssl->keys.dtls_epoch = 0;
|
ssl->keys.dtls_epoch = 0;
|
||||||
ssl->keys.dtls_peer_epoch = 0;
|
ssl->keys.dtls_peer_epoch = 0;
|
||||||
|
ssl->arrays.cookieSz = 0;
|
||||||
#endif
|
#endif
|
||||||
ssl->keys.encryptionOn = 0; /* initially off */
|
ssl->keys.encryptionOn = 0; /* initially off */
|
||||||
ssl->options.sessionCacheOff = ctx->sessionCacheOff;
|
ssl->options.sessionCacheOff = ctx->sessionCacheOff;
|
||||||
@ -1004,11 +1009,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
/* make sure server has DH parms, and add PSK if there, add NTRU too */
|
/* make sure server has DH parms, and add PSK if there, add NTRU too */
|
||||||
if (ssl->options.side == SERVER_END)
|
if (ssl->options.side == SERVER_END)
|
||||||
InitSuites(&ssl->suites, ssl->version,ssl->options.haveDH, havePSK,
|
InitSuites(&ssl->suites, ssl->version,ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
else
|
else
|
||||||
InitSuites(&ssl->suites, ssl->version, TRUE, havePSK,
|
InitSuites(&ssl->suites, ssl->version, TRUE, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -3832,6 +3837,10 @@ void SetErrorString(int error, char* str)
|
|||||||
XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
|
XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case COOKIE_ERROR:
|
||||||
|
XSTRNCPY(str, "DTLS Cookie Error", max);
|
||||||
|
break;
|
||||||
|
|
||||||
default :
|
default :
|
||||||
XSTRNCPY(str, "unknown error number", max);
|
XSTRNCPY(str, "unknown error number", max);
|
||||||
}
|
}
|
||||||
@ -5879,7 +5888,8 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
REQUIRES_ECC_DSA,
|
REQUIRES_ECC_DSA,
|
||||||
REQUIRES_ECC_STATIC,
|
REQUIRES_ECC_STATIC,
|
||||||
REQUIRES_PSK,
|
REQUIRES_PSK,
|
||||||
REQUIRES_NTRU
|
REQUIRES_NTRU,
|
||||||
|
REQUIRES_RSA_SIG
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -5902,6 +5912,8 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
|
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
|
||||||
if (requirement == REQUIRES_ECC_STATIC)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
return 1;
|
return 1;
|
||||||
|
if (requirement == REQUIRES_RSA_SIG)
|
||||||
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
|
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||||
@ -5912,6 +5924,8 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
|
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||||
if (requirement == REQUIRES_ECC_STATIC)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
return 1;
|
return 1;
|
||||||
|
if (requirement == REQUIRES_RSA_SIG)
|
||||||
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
|
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
|
||||||
@ -5922,6 +5936,8 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
|
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
|
||||||
if (requirement == REQUIRES_ECC_STATIC)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
return 1;
|
return 1;
|
||||||
|
if (requirement == REQUIRES_RSA_SIG)
|
||||||
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||||
@ -5952,6 +5968,8 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
|
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
|
||||||
if (requirement == REQUIRES_ECC_STATIC)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
return 1;
|
return 1;
|
||||||
|
if (requirement == REQUIRES_RSA_SIG)
|
||||||
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
|
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
|
||||||
@ -5975,42 +5993,46 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
|
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||||
if (requirement == ecc_dsa_sa_algo)
|
if (requirement == REQUIRES_ECC_DSA)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
|
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||||
if (requirement == ecc_dsa_sa_algo)
|
if (requirement == REQUIRES_ECC_DSA)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
|
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||||
if (requirement == ecc_static_diffie_hellman_kea)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
|
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||||
if (requirement == ecc_static_diffie_hellman_kea)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
|
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||||
if (requirement == rsa_kea)
|
if (requirement == REQUIRES_RSA)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
|
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||||
if (requirement == rsa_kea)
|
if (requirement == REQUIRES_RSA)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
|
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
|
||||||
if (requirement == ecc_static_diffie_hellman_kea)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
|
return 1;
|
||||||
|
if (requirement == REQUIRES_RSA_SIG)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
|
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
|
||||||
if (requirement == ecc_static_diffie_hellman_kea)
|
if (requirement == REQUIRES_ECC_STATIC)
|
||||||
|
return 1;
|
||||||
|
if (requirement == REQUIRES_RSA_SIG)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -6132,15 +6154,15 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
|
|
||||||
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
|
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
|
||||||
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
|
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
|
||||||
if (requirement == rsa_kea)
|
if (requirement == REQUIRES_RSA)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
|
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||||
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
|
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||||
if (requirement == rsa_kea)
|
if (requirement == REQUIRES_RSA)
|
||||||
return 1;
|
return 1;
|
||||||
if (requirement == diffie_hellman_kea)
|
if (requirement == REQUIRES_DHE)
|
||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -6160,7 +6182,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
/* Make sure cert/key are valid for this suite, true on success */
|
/* Make sure cert/key are valid for this suite, true on success */
|
||||||
static int VerifySuite(CYASSL* ssl, word16 idx)
|
static int VerifySuite(CYASSL* ssl, word16 idx)
|
||||||
{
|
{
|
||||||
int haveRSA = !ssl->options.haveECDSA;
|
int haveRSA = !ssl->options.haveStaticECC;
|
||||||
int havePSK = 0;
|
int havePSK = 0;
|
||||||
byte first = ssl->suites.suites[idx];
|
byte first = ssl->suites.suites[idx];
|
||||||
byte second = ssl->suites.suites[idx+1];
|
byte second = ssl->suites.suites[idx+1];
|
||||||
@ -6180,7 +6202,6 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
CYASSL_MSG("Don't have RSA");
|
CYASSL_MSG("Don't have RSA");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CipherRequires(first, second, REQUIRES_DHE)) {
|
if (CipherRequires(first, second, REQUIRES_DHE)) {
|
||||||
@ -6189,16 +6210,14 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
CYASSL_MSG("Don't have DHE");
|
CYASSL_MSG("Don't have DHE");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CipherRequires(first, second, REQUIRES_ECC_DSA)) {
|
if (CipherRequires(first, second, REQUIRES_ECC_DSA)) {
|
||||||
CYASSL_MSG("Requires ECCDSA");
|
CYASSL_MSG("Requires ECCDSA");
|
||||||
if (ssl->options.haveECDSA == 0) {
|
if (ssl->options.haveECDSAsig == 0) {
|
||||||
CYASSL_MSG("Don't have ECCDSA");
|
CYASSL_MSG("Don't have ECCDSA");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
|
if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
|
||||||
@ -6207,7 +6226,6 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
CYASSL_MSG("Don't have static ECC");
|
CYASSL_MSG("Don't have static ECC");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CipherRequires(first, second, REQUIRES_PSK)) {
|
if (CipherRequires(first, second, REQUIRES_PSK)) {
|
||||||
@ -6216,7 +6234,6 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
CYASSL_MSG("Don't have PSK");
|
CYASSL_MSG("Don't have PSK");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CipherRequires(first, second, REQUIRES_NTRU)) {
|
if (CipherRequires(first, second, REQUIRES_NTRU)) {
|
||||||
@ -6225,7 +6242,14 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
CYASSL_MSG("Don't have NTRU");
|
CYASSL_MSG("Don't have NTRU");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
}
|
||||||
|
|
||||||
|
if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
|
||||||
|
CYASSL_MSG("Requires RSA Signature");
|
||||||
|
if (ssl->options.side == SERVER_END && ssl->options.haveECDSAsig == 1) {
|
||||||
|
CYASSL_MSG("Don't have RSA Signature");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ECCDHE is always supported if ECC on */
|
/* ECCDHE is always supported if ECC on */
|
||||||
@ -6329,7 +6353,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6460,7 +6484,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
/* random */
|
/* random */
|
||||||
@ -6501,7 +6525,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
return INCOMPLETE_DATA;
|
return INCOMPLETE_DATA;
|
||||||
cookieSz = EmbedGenerateCookie(cookie, COOKIE_SZ, ssl);
|
cookieSz = EmbedGenerateCookie(cookie, COOKIE_SZ, ssl);
|
||||||
if ((b != cookieSz) || XMEMCMP(cookie, input + i, b) != 0)
|
if ((b != cookieSz) || XMEMCMP(cookie, input + i, b) != 0)
|
||||||
return PARSE_ERROR;
|
return COOKIE_ERROR;
|
||||||
i += b;
|
i += b;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
7
src/io.c
7
src/io.c
@ -29,7 +29,6 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <cyassl/internal.h>
|
#include <cyassl/internal.h>
|
||||||
#include <cyassl/ctaocrypt/sha.h>
|
|
||||||
|
|
||||||
/* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove
|
/* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove
|
||||||
automatic setting of default I/O functions EmbedSend() and EmbedReceive()
|
automatic setting of default I/O functions EmbedSend() and EmbedReceive()
|
||||||
@ -201,6 +200,10 @@ int EmbedSend(char *buf, int sz, void *ctx)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CYASSL_DTLS
|
||||||
|
|
||||||
|
#include <cyassl/ctaocrypt/sha.h>
|
||||||
|
|
||||||
/* The DTLS Generate Cookie callback
|
/* The DTLS Generate Cookie callback
|
||||||
* return : number of bytes copied into buf, or error
|
* return : number of bytes copied into buf, or error
|
||||||
*/
|
*/
|
||||||
@ -240,6 +243,8 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
|
|||||||
return SHA_DIGEST_SIZE;
|
return SHA_DIGEST_SIZE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* CYASSL_DTLS */
|
||||||
|
|
||||||
|
|
||||||
#endif /* CYASSL_USER_IO */
|
#endif /* CYASSL_USER_IO */
|
||||||
|
|
||||||
|
16
src/ssl.c
16
src/ssl.c
@ -245,7 +245,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
|||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH,
|
||||||
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA,
|
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
|
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
|
||||||
@ -529,7 +529,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
@ -1148,9 +1148,9 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||||||
case CTC_SHA384wECDSA:
|
case CTC_SHA384wECDSA:
|
||||||
case CTC_SHA512wECDSA:
|
case CTC_SHA512wECDSA:
|
||||||
CYASSL_MSG("ECDSA cert signature");
|
CYASSL_MSG("ECDSA cert signature");
|
||||||
ctx->haveECDSA = 1;
|
ctx->haveECDSAsig = 1;
|
||||||
if (ssl)
|
if (ssl)
|
||||||
ssl->options.haveECDSA = 1;
|
ssl->options.haveECDSAsig = 1;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("Not ECDSA cert signature");
|
CYASSL_MSG("Not ECDSA cert signature");
|
||||||
@ -2135,7 +2135,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
@ -3159,7 +3159,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
ssl->options.client_psk_cb = cb;
|
ssl->options.client_psk_cb = cb;
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
|
InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
|
||||||
ssl->options.haveECDSA, ssl->options.haveStaticECC,
|
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
||||||
ssl->options.side);
|
ssl->options.side);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3180,7 +3180,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
ssl->options.server_psk_cb = cb;
|
ssl->options.server_psk_cb = cb;
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3405,7 +3405,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -602,9 +602,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
|
|||||||
}
|
}
|
||||||
ssl = CyaSSL_new(ctx);
|
ssl = CyaSSL_new(ctx);
|
||||||
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
|
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
|
||||||
#ifndef CYASSL_DTLS
|
|
||||||
CloseSocket(sockfd);
|
CloseSocket(sockfd);
|
||||||
#endif
|
|
||||||
|
|
||||||
CyaSSL_set_fd(ssl, clientfd);
|
CyaSSL_set_fd(ssl, clientfd);
|
||||||
|
|
||||||
|
@ -21,4 +21,8 @@ EXTRA_DIST += tests/test.conf \
|
|||||||
tests/test-hc128.conf \
|
tests/test-hc128.conf \
|
||||||
tests/test-psk.conf \
|
tests/test-psk.conf \
|
||||||
tests/test-ntru.conf \
|
tests/test-ntru.conf \
|
||||||
tests/test-ecc.conf
|
tests/test-ecc.conf \
|
||||||
|
tests/test-aesgcm.conf \
|
||||||
|
tests/test-aesgcm-ecc.conf \
|
||||||
|
tests/test-aesgcm-openssl.conf \
|
||||||
|
tests/test-dtls.conf
|
||||||
|
@ -291,6 +291,50 @@ int SuiteTest(void)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_AESGCM
|
||||||
|
/* add aesgcm extra suites */
|
||||||
|
strcpy(argv0[1], "tests/test-aesgcm.conf");
|
||||||
|
printf("starting aesgcm extra cipher suite tests\n");
|
||||||
|
test_harness(&args);
|
||||||
|
if (args.return_code != 0) {
|
||||||
|
printf("error from script %d\n", args.return_code);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(HAVE_AESGCM) && defined(OPENSSL_EXTRA)
|
||||||
|
/* add aesgcm openssl extra suites */
|
||||||
|
strcpy(argv0[1], "tests/test-aesgcm-openssl.conf");
|
||||||
|
printf("starting aesgcm openssl extra cipher suite tests\n");
|
||||||
|
test_harness(&args);
|
||||||
|
if (args.return_code != 0) {
|
||||||
|
printf("error from script %d\n", args.return_code);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(HAVE_AESGCM) && defined(HAVE_ECC)
|
||||||
|
/* add aesgcm ecc extra suites */
|
||||||
|
strcpy(argv0[1], "tests/test-aesgcm-ecc.conf");
|
||||||
|
printf("starting aesgcm ecc extra cipher suite tests\n");
|
||||||
|
test_harness(&args);
|
||||||
|
if (args.return_code != 0) {
|
||||||
|
printf("error from script %d\n", args.return_code);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef CYASSL_DTLS
|
||||||
|
/* add dtls extra suites */
|
||||||
|
strcpy(argv0[1], "tests/test-dtls.conf");
|
||||||
|
printf("starting dtls extra cipher suite tests\n");
|
||||||
|
test_harness(&args);
|
||||||
|
if (args.return_code != 0) {
|
||||||
|
printf("error from script %d\n", args.return_code);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
printf(" End Cipher Suite Tests\n");
|
printf(" End Cipher Suite Tests\n");
|
||||||
|
|
||||||
return args.return_code;
|
return args.return_code;
|
||||||
|
80
tests/test-aesgcm-ecc.conf
Normal file
80
tests/test-aesgcm-ecc.conf
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES128-GCM-SHA256
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES256-GCM-SHA384
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES256-GCM-SHA384
|
||||||
|
|
16
tests/test-aesgcm-openssl.conf
Normal file
16
tests/test-aesgcm-openssl.conf
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l DHE-RSA-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l DHE-RSA-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l DHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
||||||
|
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l DHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
16
tests/test-aesgcm.conf
Normal file
16
tests/test-aesgcm.conf
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# server TLSv1.2 RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.2 RSA-AES128-GCM-SHA256
|
||||||
|
-v 3
|
||||||
|
-l AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# server TLSv1.2 RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l AES256-GCM-SHA384
|
||||||
|
|
||||||
|
# client TLSv1.2 RSA-AES256-GCM-SHA384
|
||||||
|
-v 3
|
||||||
|
-l AES256-GCM-SHA384
|
||||||
|
|
64
tests/test-dtls.conf
Normal file
64
tests/test-dtls.conf
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# server DTLSv1 RC4-SHA
|
||||||
|
-u
|
||||||
|
-l RC4-SHA
|
||||||
|
|
||||||
|
# client DTLSv1 RC4-SHA
|
||||||
|
-u
|
||||||
|
-l RC4-SHA
|
||||||
|
|
||||||
|
# server DTLSv1 RC4-MD5
|
||||||
|
-u
|
||||||
|
-l RC4-MD5
|
||||||
|
|
||||||
|
# client DTLSv1 RC4-MD5
|
||||||
|
-u
|
||||||
|
-l RC4-MD5
|
||||||
|
|
||||||
|
# server DTLSv1 DES-CBC3-SHA
|
||||||
|
-u
|
||||||
|
-l DES-CBC3-SHA
|
||||||
|
|
||||||
|
# client DTLSv1 DES-CBC3-SHA
|
||||||
|
-u
|
||||||
|
-l DES-CBC3-SHA
|
||||||
|
|
||||||
|
# server DTLSv1 AES128-SHA
|
||||||
|
-u
|
||||||
|
-l AES128-SHA
|
||||||
|
|
||||||
|
# client DTLSv1 AES128-SHA
|
||||||
|
-u
|
||||||
|
-l AES128-SHA
|
||||||
|
|
||||||
|
# server DTLSv1 AES256-SHA
|
||||||
|
-u
|
||||||
|
-l AES256-SHA
|
||||||
|
|
||||||
|
# client DTLSv1 AES256-SHA
|
||||||
|
-u
|
||||||
|
-l AES256-SHA
|
||||||
|
|
||||||
|
# server DTLSv1 AES128-SHA256
|
||||||
|
-u
|
||||||
|
-l AES128-SHA256
|
||||||
|
|
||||||
|
# client DTLSv1 AES128-SHA256
|
||||||
|
-u
|
||||||
|
-l AES128-SHA256
|
||||||
|
|
||||||
|
# server DTLSv1 AES256-SHA256
|
||||||
|
-u
|
||||||
|
-l AES256-SHA256
|
||||||
|
|
||||||
|
# client DTLSv1 AES256-SHA256
|
||||||
|
-u
|
||||||
|
-l AES256-SHA256
|
||||||
|
|
||||||
|
# server DTLSv1 RABBIT-SHA
|
||||||
|
-u
|
||||||
|
-l RABBIT-SHA
|
||||||
|
|
||||||
|
# client DTLSv1 RABBIT-SHA
|
||||||
|
-u
|
||||||
|
-l RABBIT-SHA
|
||||||
|
|
@ -226,3 +226,255 @@
|
|||||||
-l ECDHE-ECDSA-AES256-SHA
|
-l ECDHE-ECDSA-AES256-SHA
|
||||||
-A ./certs/server-ecc.pem
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-RSA-RC4
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-RC4-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-RSA-RC4
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-RC4-SHA
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-RSA-DES3
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-DES-CBC3-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-RSA-DES3
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-DES-CBC3-SHA
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-RSA-AES128
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-AES128-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-RSA-AES128
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-AES128-SHA
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-RSA-AES256
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-AES256-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-RSA-AES256
|
||||||
|
-v 1
|
||||||
|
-l ECDH-RSA-AES256-SHA
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-RSA-RC4
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-RC4-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-RSA-RC4
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-RC4-SHA
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-RSA-DES3
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-DES-CBC3-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-RSA-DES3
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-DES-CBC3-SHA
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-RSA-AES128
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-AES128-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-RSA-AES128
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-AES128-SHA
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-RSA-AES256
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-AES256-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-RSA-AES256
|
||||||
|
-v 2
|
||||||
|
-l ECDH-RSA-AES256-SHA
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-RSA-RC4
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-RC4-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-RSA-RC4
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-RC4-SHA
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-RSA-DES3
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-DES-CBC3-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-RSA-DES3
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-DES-CBC3-SHA
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-RSA-AES128
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES128-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-RSA-AES128
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES128-SHA
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-RSA-AES256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES256-SHA
|
||||||
|
-c ./certs/server-ecc-rsa.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-RSA-AES256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-RSA-AES256-SHA
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-ECDSA-RC4
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-RC4-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-ECDSA-RC4
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-RC4-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-ECDSA-DES3
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-ECDSA-DES3
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-ECDSA-AES128
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-AES128-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-ECDSA-AES128
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-AES128-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1 ECDH-ECDSA-AES256
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-AES256-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1 ECDH-ECDSA-AES256
|
||||||
|
-v 1
|
||||||
|
-l ECDH-ECDSA-AES256-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-EDCSA-RC4
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-RC4-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-ECDSA-RC4
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-RC4-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-ECDSA-DES3
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-ECDSA-DES3
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-ECDSA-AES128
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-AES128-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-ECDSA-AES128
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-AES128-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.1 ECDH-ECDSA-AES256
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-AES256-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.1 ECDH-ECDSA-AES256
|
||||||
|
-v 2
|
||||||
|
-l ECDH-ECDSA-AES256-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDHE-ECDSA-RC4
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-RC4-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-ECDSA-RC4
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-RC4-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-ECDSA-DES3
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-ECDSA-DES3
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-ECDSA-AES128
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES128-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-ECDSA-AES128
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES128-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
# server TLSv1.2 ECDH-ECDSA-AES256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES256-SHA
|
||||||
|
-c ./certs/server-ecc.pem
|
||||||
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
|
# client TLSv1.2 ECDH-ECDSA-AES256
|
||||||
|
-v 3
|
||||||
|
-l ECDH-ECDSA-AES256-SHA
|
||||||
|
-A ./certs/server-ecc.pem
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user