Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
commit
93c89ccc35
@ -16,6 +16,7 @@ EXTRA_DIST += \
|
||||
certs/dh2048.pem \
|
||||
certs/server-cert.pem \
|
||||
certs/server-ecc.pem \
|
||||
certs/server-ecc-rsa.pem \
|
||||
certs/server-keyEnc.pem \
|
||||
certs/server-key.pem \
|
||||
certs/server-keyPkcs8Enc12.pem \
|
||||
|
54
certs/server-ecc-rsa.pem
Normal file
54
certs/server-ecc-rsa.pem
Normal file
@ -0,0 +1,54 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 1 (0x0)
|
||||
Serial Number: 9 (0x9)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
|
||||
Validity
|
||||
Not Before: Aug 8 21:58:29 2012 GMT
|
||||
Not After : May 5 21:58:29 2015 GMT
|
||||
Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
EC Public Key:
|
||||
pub:
|
||||
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
|
||||
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
|
||||
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
|
||||
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
|
||||
0b:80:34:89:d8
|
||||
ASN1 OID: prime256v1
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
|
||||
68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
|
||||
e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
|
||||
ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
|
||||
0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
|
||||
43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
|
||||
f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
|
||||
fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
|
||||
3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
|
||||
c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
|
||||
e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
|
||||
a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
|
||||
e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
|
||||
aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
|
||||
7e:e2:07:f7
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
|
||||
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
|
||||
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
|
||||
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
|
||||
MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
|
||||
b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
|
||||
MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
|
||||
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
|
||||
AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
|
||||
W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
|
||||
Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
|
||||
EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
|
||||
ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
|
||||
HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
|
||||
zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
|
||||
pMqHk6+wJX7iB/c=
|
||||
-----END CERTIFICATE-----
|
@ -101,11 +101,12 @@ enum CyaSSL_ErrorCodes {
|
||||
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
|
||||
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
|
||||
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
|
||||
COOKIE_ERROR = -269, /* dtls cookie error */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
UNSUPPORTED_SUITE = -270, /* unsupported cipher suite */
|
||||
MATCH_SUITE_ERROR = -271 /* can't match cipher suite */
|
||||
UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */
|
||||
MATCH_SUITE_ERROR = -291 /* can't match cipher suite */
|
||||
/* end negotiation parameter errors only 10 for now */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
};
|
||||
|
@ -784,7 +784,7 @@ struct CYASSL_CTX {
|
||||
byte sendVerify; /* for client side */
|
||||
byte haveDH; /* server DH parms set by user */
|
||||
byte haveNTRU; /* server private NTRU key loaded */
|
||||
byte haveECDSA; /* server cert signed w/ ECDSA loaded */
|
||||
byte haveECDSAsig; /* server cert signed w/ ECDSA */
|
||||
byte haveStaticECC; /* static server ECC private key */
|
||||
byte partialWrite; /* only one msg per write call */
|
||||
byte quietShutdown; /* don't send close notify */
|
||||
@ -1104,7 +1104,7 @@ typedef struct Options {
|
||||
byte usingCompression; /* are we using compression */
|
||||
byte haveDH; /* server DH parms set by user */
|
||||
byte haveNTRU; /* server NTRU private key loaded */
|
||||
byte haveECDSA; /* server ECDSA signed cert */
|
||||
byte haveECDSAsig; /* server ECDSA signed cert */
|
||||
byte haveStaticECC; /* static server ECC private key */
|
||||
byte havePeerCert; /* do we have peer's cert */
|
||||
byte usingPSK_cipher; /* whether we're using psk as cipher */
|
||||
|
124
src/internal.c
124
src/internal.c
@ -321,7 +321,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
||||
ctx->serverDH_G.buffer = 0;
|
||||
ctx->haveDH = 0;
|
||||
ctx->haveNTRU = 0; /* start off */
|
||||
ctx->haveECDSA = 0; /* start off */
|
||||
ctx->haveECDSAsig = 0; /* start off */
|
||||
ctx->haveStaticECC = 0; /* start off */
|
||||
ctx->heap = ctx; /* defaults to self */
|
||||
#ifndef NO_PSK
|
||||
@ -360,14 +360,14 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
if (method->side == CLIENT_END) {
|
||||
ctx->haveECDSA = 1; /* always on cliet side */
|
||||
ctx->haveECDSAsig = 1; /* always on cliet side */
|
||||
ctx->haveStaticECC = 1; /* server can turn on by loading key */
|
||||
}
|
||||
#endif
|
||||
ctx->suites.setSuites = 0; /* user hasn't set yet */
|
||||
/* remove DH later if server didn't set, add psk later */
|
||||
InitSuites(&ctx->suites, method->version, TRUE, FALSE, ctx->haveNTRU,
|
||||
ctx->haveECDSA, ctx->haveStaticECC, method->side);
|
||||
ctx->haveECDSAsig, ctx->haveStaticECC, method->side);
|
||||
ctx->verifyPeer = 0;
|
||||
ctx->verifyNone = 0;
|
||||
ctx->failNoCert = 0;
|
||||
@ -436,12 +436,13 @@ void FreeSSL_Ctx(CYASSL_CTX* ctx)
|
||||
|
||||
|
||||
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
byte haveNTRU, byte haveStaticECC, byte haveECDSA, int side)
|
||||
byte haveNTRU, byte haveECDSAsig, byte haveStaticECC, int side)
|
||||
{
|
||||
word16 idx = 0;
|
||||
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
|
||||
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
||||
int haveRSA = 1;
|
||||
int haveRSAsig = 1;
|
||||
|
||||
(void)tls; /* shut up compiler */
|
||||
(void)haveDH;
|
||||
@ -452,8 +453,11 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
if (suites->setSuites)
|
||||
return; /* trust user settings, don't override */
|
||||
|
||||
if (side == SERVER_END && haveECDSA)
|
||||
haveRSA = 0; /* can't do RSA with ECDSA cert */
|
||||
if (side == SERVER_END && haveStaticECC)
|
||||
haveRSA = 0; /* can't do RSA with ECDSA key */
|
||||
|
||||
if (side == SERVER_END && haveECDSAsig)
|
||||
haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR)
|
||||
@ -489,84 +493,84 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveECDSA) {
|
||||
if (tls1_2 && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||
if (tls && haveECDSA) {
|
||||
if (tls && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveECDSA && haveStaticECC) {
|
||||
if (tls1_2 && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
if (tls && haveECDSA && haveStaticECC) {
|
||||
if (tls && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
if (tls1_2 && haveECDSA) {
|
||||
if (tls1_2 && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
if (tls && haveECDSA) {
|
||||
if (tls && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
if (tls1_2 && haveECDSA && haveStaticECC) {
|
||||
if (tls1_2 && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
if (tls && haveECDSA && haveStaticECC) {
|
||||
if (tls && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
if (tls && haveECDSA) {
|
||||
if (tls && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
if (tls && haveECDSA && haveStaticECC) {
|
||||
if (tls && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
if (tls && haveECDSA) {
|
||||
if (tls && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
if (tls && haveECDSA && haveStaticECC) {
|
||||
if (tls && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
||||
}
|
||||
@ -587,14 +591,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveRSA && haveStaticECC) {
|
||||
if (tls1_2 && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||
if (tls && haveRSA && haveStaticECC) {
|
||||
if (tls && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
|
||||
}
|
||||
@ -615,14 +619,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||
if (tls1_2 && haveRSA && haveStaticECC) {
|
||||
if (tls1_2 && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||
if (tls && haveRSA && haveStaticECC) {
|
||||
if (tls && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
|
||||
}
|
||||
@ -636,7 +640,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||
if (tls && haveRSA && haveStaticECC) {
|
||||
if (tls && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
|
||||
}
|
||||
@ -650,7 +654,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
if (tls && haveRSA && haveStaticECC) {
|
||||
if (tls && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||
}
|
||||
@ -890,7 +894,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
else
|
||||
ssl->options.haveDH = 0;
|
||||
ssl->options.haveNTRU = ctx->haveNTRU;
|
||||
ssl->options.haveECDSA = ctx->haveECDSA;
|
||||
ssl->options.haveECDSAsig = ctx->haveECDSAsig;
|
||||
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
||||
ssl->options.havePeerCert = 0;
|
||||
ssl->options.usingPSK_cipher = 0;
|
||||
@ -915,6 +919,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
ssl->keys.dtls_handshake_number = 0;
|
||||
ssl->keys.dtls_epoch = 0;
|
||||
ssl->keys.dtls_peer_epoch = 0;
|
||||
ssl->arrays.cookieSz = 0;
|
||||
#endif
|
||||
ssl->keys.encryptionOn = 0; /* initially off */
|
||||
ssl->options.sessionCacheOff = ctx->sessionCacheOff;
|
||||
@ -1004,11 +1009,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
/* make sure server has DH parms, and add PSK if there, add NTRU too */
|
||||
if (ssl->options.side == SERVER_END)
|
||||
InitSuites(&ssl->suites, ssl->version,ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
else
|
||||
InitSuites(&ssl->suites, ssl->version, TRUE, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
|
||||
return 0;
|
||||
@ -3832,6 +3837,10 @@ void SetErrorString(int error, char* str)
|
||||
XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
|
||||
break;
|
||||
|
||||
case COOKIE_ERROR:
|
||||
XSTRNCPY(str, "DTLS Cookie Error", max);
|
||||
break;
|
||||
|
||||
default :
|
||||
XSTRNCPY(str, "unknown error number", max);
|
||||
}
|
||||
@ -5879,7 +5888,8 @@ int SetCipherList(Suites* s, const char* list)
|
||||
REQUIRES_ECC_DSA,
|
||||
REQUIRES_ECC_STATIC,
|
||||
REQUIRES_PSK,
|
||||
REQUIRES_NTRU
|
||||
REQUIRES_NTRU,
|
||||
REQUIRES_RSA_SIG
|
||||
};
|
||||
|
||||
|
||||
@ -5902,6 +5912,8 @@ int SetCipherList(Suites* s, const char* list)
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
@ -5912,6 +5924,8 @@ int SetCipherList(Suites* s, const char* list)
|
||||
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
|
||||
@ -5922,6 +5936,8 @@ int SetCipherList(Suites* s, const char* list)
|
||||
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||
@ -5952,6 +5968,8 @@ int SetCipherList(Suites* s, const char* list)
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
|
||||
@ -5975,42 +5993,46 @@ int SetCipherList(Suites* s, const char* list)
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||
if (requirement == ecc_dsa_sa_algo)
|
||||
if (requirement == REQUIRES_ECC_DSA)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
if (requirement == ecc_dsa_sa_algo)
|
||||
if (requirement == REQUIRES_ECC_DSA)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
|
||||
if (requirement == ecc_static_diffie_hellman_kea)
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
if (requirement == ecc_static_diffie_hellman_kea)
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
if (requirement == rsa_kea)
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
if (requirement == rsa_kea)
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
if (requirement == ecc_static_diffie_hellman_kea)
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
if (requirement == ecc_static_diffie_hellman_kea)
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
@ -6132,15 +6154,15 @@ int SetCipherList(Suites* s, const char* list)
|
||||
|
||||
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
if (requirement == rsa_kea)
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
|
||||
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
|
||||
if (requirement == rsa_kea)
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
if (requirement == diffie_hellman_kea)
|
||||
if (requirement == REQUIRES_DHE)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
@ -6160,7 +6182,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
/* Make sure cert/key are valid for this suite, true on success */
|
||||
static int VerifySuite(CYASSL* ssl, word16 idx)
|
||||
{
|
||||
int haveRSA = !ssl->options.haveECDSA;
|
||||
int haveRSA = !ssl->options.haveStaticECC;
|
||||
int havePSK = 0;
|
||||
byte first = ssl->suites.suites[idx];
|
||||
byte second = ssl->suites.suites[idx+1];
|
||||
@ -6180,7 +6202,6 @@ int SetCipherList(Suites* s, const char* list)
|
||||
CYASSL_MSG("Don't have RSA");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (CipherRequires(first, second, REQUIRES_DHE)) {
|
||||
@ -6189,16 +6210,14 @@ int SetCipherList(Suites* s, const char* list)
|
||||
CYASSL_MSG("Don't have DHE");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (CipherRequires(first, second, REQUIRES_ECC_DSA)) {
|
||||
CYASSL_MSG("Requires ECCDSA");
|
||||
if (ssl->options.haveECDSA == 0) {
|
||||
if (ssl->options.haveECDSAsig == 0) {
|
||||
CYASSL_MSG("Don't have ECCDSA");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
|
||||
@ -6207,7 +6226,6 @@ int SetCipherList(Suites* s, const char* list)
|
||||
CYASSL_MSG("Don't have static ECC");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (CipherRequires(first, second, REQUIRES_PSK)) {
|
||||
@ -6216,7 +6234,6 @@ int SetCipherList(Suites* s, const char* list)
|
||||
CYASSL_MSG("Don't have PSK");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (CipherRequires(first, second, REQUIRES_NTRU)) {
|
||||
@ -6225,7 +6242,14 @@ int SetCipherList(Suites* s, const char* list)
|
||||
CYASSL_MSG("Don't have NTRU");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
|
||||
CYASSL_MSG("Requires RSA Signature");
|
||||
if (ssl->options.side == SERVER_END && ssl->options.haveECDSAsig == 1) {
|
||||
CYASSL_MSG("Don't have RSA Signature");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* ECCDHE is always supported if ECC on */
|
||||
@ -6329,7 +6353,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
#endif
|
||||
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
}
|
||||
|
||||
@ -6460,7 +6484,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
havePSK = ssl->options.havePSK;
|
||||
#endif
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
}
|
||||
/* random */
|
||||
@ -6501,7 +6525,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
return INCOMPLETE_DATA;
|
||||
cookieSz = EmbedGenerateCookie(cookie, COOKIE_SZ, ssl);
|
||||
if ((b != cookieSz) || XMEMCMP(cookie, input + i, b) != 0)
|
||||
return PARSE_ERROR;
|
||||
return COOKIE_ERROR;
|
||||
i += b;
|
||||
}
|
||||
}
|
||||
|
7
src/io.c
7
src/io.c
@ -29,7 +29,6 @@
|
||||
#endif
|
||||
|
||||
#include <cyassl/internal.h>
|
||||
#include <cyassl/ctaocrypt/sha.h>
|
||||
|
||||
/* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove
|
||||
automatic setting of default I/O functions EmbedSend() and EmbedReceive()
|
||||
@ -201,6 +200,10 @@ int EmbedSend(char *buf, int sz, void *ctx)
|
||||
}
|
||||
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
|
||||
#include <cyassl/ctaocrypt/sha.h>
|
||||
|
||||
/* The DTLS Generate Cookie callback
|
||||
* return : number of bytes copied into buf, or error
|
||||
*/
|
||||
@ -240,6 +243,8 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
|
||||
return SHA_DIGEST_SIZE;
|
||||
}
|
||||
|
||||
#endif /* CYASSL_DTLS */
|
||||
|
||||
|
||||
#endif /* CYASSL_USER_IO */
|
||||
|
||||
|
16
src/ssl.c
16
src/ssl.c
@ -245,7 +245,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
||||
havePSK = ssl->options.havePSK;
|
||||
#endif
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH,
|
||||
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
|
||||
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
|
||||
@ -529,7 +529,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
|
||||
#endif
|
||||
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
@ -1148,9 +1148,9 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
case CTC_SHA384wECDSA:
|
||||
case CTC_SHA512wECDSA:
|
||||
CYASSL_MSG("ECDSA cert signature");
|
||||
ctx->haveECDSA = 1;
|
||||
ctx->haveECDSAsig = 1;
|
||||
if (ssl)
|
||||
ssl->options.haveECDSA = 1;
|
||||
ssl->options.haveECDSAsig = 1;
|
||||
break;
|
||||
default:
|
||||
CYASSL_MSG("Not ECDSA cert signature");
|
||||
@ -2135,7 +2135,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
||||
#endif
|
||||
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
@ -3159,7 +3159,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
ssl->options.client_psk_cb = cb;
|
||||
|
||||
InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSA, ssl->options.haveStaticECC,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
||||
ssl->options.side);
|
||||
}
|
||||
|
||||
@ -3180,7 +3180,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
ssl->options.server_psk_cb = cb;
|
||||
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
}
|
||||
|
||||
@ -3405,7 +3405,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
havePSK = ssl->options.havePSK;
|
||||
#endif
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
}
|
||||
|
||||
|
@ -602,9 +602,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
|
||||
}
|
||||
ssl = CyaSSL_new(ctx);
|
||||
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
|
||||
#ifndef CYASSL_DTLS
|
||||
CloseSocket(sockfd);
|
||||
#endif
|
||||
|
||||
CyaSSL_set_fd(ssl, clientfd);
|
||||
|
||||
|
@ -21,4 +21,8 @@ EXTRA_DIST += tests/test.conf \
|
||||
tests/test-hc128.conf \
|
||||
tests/test-psk.conf \
|
||||
tests/test-ntru.conf \
|
||||
tests/test-ecc.conf
|
||||
tests/test-ecc.conf \
|
||||
tests/test-aesgcm.conf \
|
||||
tests/test-aesgcm-ecc.conf \
|
||||
tests/test-aesgcm-openssl.conf \
|
||||
tests/test-dtls.conf
|
||||
|
@ -291,6 +291,50 @@ int SuiteTest(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_AESGCM
|
||||
/* add aesgcm extra suites */
|
||||
strcpy(argv0[1], "tests/test-aesgcm.conf");
|
||||
printf("starting aesgcm extra cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_AESGCM) && defined(OPENSSL_EXTRA)
|
||||
/* add aesgcm openssl extra suites */
|
||||
strcpy(argv0[1], "tests/test-aesgcm-openssl.conf");
|
||||
printf("starting aesgcm openssl extra cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_AESGCM) && defined(HAVE_ECC)
|
||||
/* add aesgcm ecc extra suites */
|
||||
strcpy(argv0[1], "tests/test-aesgcm-ecc.conf");
|
||||
printf("starting aesgcm ecc extra cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
/* add dtls extra suites */
|
||||
strcpy(argv0[1], "tests/test-dtls.conf");
|
||||
printf("starting dtls extra cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
|
||||
printf(" End Cipher Suite Tests\n");
|
||||
|
||||
return args.return_code;
|
||||
|
80
tests/test-aesgcm-ecc.conf
Normal file
80
tests/test-aesgcm-ecc.conf
Normal file
@ -0,0 +1,80 @@
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
|
||||
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES128-GCM-SHA256
|
||||
|
||||
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDH-RSA-AES128-GCM-SHA256
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l ECDH-RSA-AES128-GCM-SHA256
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDH-RSA-AES256-GCM-SHA384
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l ECDH-RSA-AES256-GCM-SHA384
|
||||
|
16
tests/test-aesgcm-openssl.conf
Normal file
16
tests/test-aesgcm-openssl.conf
Normal file
@ -0,0 +1,16 @@
|
||||
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l DHE-RSA-AES128-GCM-SHA256
|
||||
|
||||
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l DHE-RSA-AES128-GCM-SHA256
|
||||
|
||||
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l DHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l DHE-RSA-AES256-GCM-SHA384
|
||||
|
16
tests/test-aesgcm.conf
Normal file
16
tests/test-aesgcm.conf
Normal file
@ -0,0 +1,16 @@
|
||||
# server TLSv1.2 RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l AES128-GCM-SHA256
|
||||
|
||||
# client TLSv1.2 RSA-AES128-GCM-SHA256
|
||||
-v 3
|
||||
-l AES128-GCM-SHA256
|
||||
|
||||
# server TLSv1.2 RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.2 RSA-AES256-GCM-SHA384
|
||||
-v 3
|
||||
-l AES256-GCM-SHA384
|
||||
|
64
tests/test-dtls.conf
Normal file
64
tests/test-dtls.conf
Normal file
@ -0,0 +1,64 @@
|
||||
# server DTLSv1 RC4-SHA
|
||||
-u
|
||||
-l RC4-SHA
|
||||
|
||||
# client DTLSv1 RC4-SHA
|
||||
-u
|
||||
-l RC4-SHA
|
||||
|
||||
# server DTLSv1 RC4-MD5
|
||||
-u
|
||||
-l RC4-MD5
|
||||
|
||||
# client DTLSv1 RC4-MD5
|
||||
-u
|
||||
-l RC4-MD5
|
||||
|
||||
# server DTLSv1 DES-CBC3-SHA
|
||||
-u
|
||||
-l DES-CBC3-SHA
|
||||
|
||||
# client DTLSv1 DES-CBC3-SHA
|
||||
-u
|
||||
-l DES-CBC3-SHA
|
||||
|
||||
# server DTLSv1 AES128-SHA
|
||||
-u
|
||||
-l AES128-SHA
|
||||
|
||||
# client DTLSv1 AES128-SHA
|
||||
-u
|
||||
-l AES128-SHA
|
||||
|
||||
# server DTLSv1 AES256-SHA
|
||||
-u
|
||||
-l AES256-SHA
|
||||
|
||||
# client DTLSv1 AES256-SHA
|
||||
-u
|
||||
-l AES256-SHA
|
||||
|
||||
# server DTLSv1 AES128-SHA256
|
||||
-u
|
||||
-l AES128-SHA256
|
||||
|
||||
# client DTLSv1 AES128-SHA256
|
||||
-u
|
||||
-l AES128-SHA256
|
||||
|
||||
# server DTLSv1 AES256-SHA256
|
||||
-u
|
||||
-l AES256-SHA256
|
||||
|
||||
# client DTLSv1 AES256-SHA256
|
||||
-u
|
||||
-l AES256-SHA256
|
||||
|
||||
# server DTLSv1 RABBIT-SHA
|
||||
-u
|
||||
-l RABBIT-SHA
|
||||
|
||||
# client DTLSv1 RABBIT-SHA
|
||||
-u
|
||||
-l RABBIT-SHA
|
||||
|
@ -226,3 +226,255 @@
|
||||
-l ECDHE-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1 ECDH-RSA-RC4
|
||||
-v 1
|
||||
-l ECDH-RSA-RC4-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-RSA-RC4
|
||||
-v 1
|
||||
-l ECDH-RSA-RC4-SHA
|
||||
|
||||
# server TLSv1 ECDH-RSA-DES3
|
||||
-v 1
|
||||
-l ECDH-RSA-DES-CBC3-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-RSA-DES3
|
||||
-v 1
|
||||
-l ECDH-RSA-DES-CBC3-SHA
|
||||
|
||||
# server TLSv1 ECDH-RSA-AES128
|
||||
-v 1
|
||||
-l ECDH-RSA-AES128-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-RSA-AES128
|
||||
-v 1
|
||||
-l ECDH-RSA-AES128-SHA
|
||||
|
||||
# server TLSv1 ECDH-RSA-AES256
|
||||
-v 1
|
||||
-l ECDH-RSA-AES256-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-RSA-AES256
|
||||
-v 1
|
||||
-l ECDH-RSA-AES256-SHA
|
||||
|
||||
# server TLSv1.1 ECDH-RSA-RC4
|
||||
-v 2
|
||||
-l ECDH-RSA-RC4-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-RSA-RC4
|
||||
-v 2
|
||||
-l ECDH-RSA-RC4-SHA
|
||||
|
||||
# server TLSv1.1 ECDH-RSA-DES3
|
||||
-v 2
|
||||
-l ECDH-RSA-DES-CBC3-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-RSA-DES3
|
||||
-v 2
|
||||
-l ECDH-RSA-DES-CBC3-SHA
|
||||
|
||||
# server TLSv1.1 ECDH-RSA-AES128
|
||||
-v 2
|
||||
-l ECDH-RSA-AES128-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-RSA-AES128
|
||||
-v 2
|
||||
-l ECDH-RSA-AES128-SHA
|
||||
|
||||
# server TLSv1.1 ECDH-RSA-AES256
|
||||
-v 2
|
||||
-l ECDH-RSA-AES256-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-RSA-AES256
|
||||
-v 2
|
||||
-l ECDH-RSA-AES256-SHA
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-RC4
|
||||
-v 3
|
||||
-l ECDH-RSA-RC4-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-RSA-RC4
|
||||
-v 3
|
||||
-l ECDH-RSA-RC4-SHA
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-DES3
|
||||
-v 3
|
||||
-l ECDH-RSA-DES-CBC3-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-RSA-DES3
|
||||
-v 3
|
||||
-l ECDH-RSA-DES-CBC3-SHA
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-AES128
|
||||
-v 3
|
||||
-l ECDH-RSA-AES128-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-RSA-AES128
|
||||
-v 3
|
||||
-l ECDH-RSA-AES128-SHA
|
||||
|
||||
# server TLSv1.2 ECDH-RSA-AES256
|
||||
-v 3
|
||||
-l ECDH-RSA-AES256-SHA
|
||||
-c ./certs/server-ecc-rsa.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-RSA-AES256
|
||||
-v 3
|
||||
-l ECDH-RSA-AES256-SHA
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-RC4
|
||||
-v 1
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-ECDSA-RC4
|
||||
-v 1
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-DES3
|
||||
-v 1
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-ECDSA-DES3
|
||||
-v 1
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-AES128
|
||||
-v 1
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-ECDSA-AES128
|
||||
-v 1
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1 ECDH-ECDSA-AES256
|
||||
-v 1
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1 ECDH-ECDSA-AES256
|
||||
-v 1
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.1 ECDH-EDCSA-RC4
|
||||
-v 2
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-ECDSA-RC4
|
||||
-v 2
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-DES3
|
||||
-v 2
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-ECDSA-DES3
|
||||
-v 2
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-AES128
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-ECDSA-AES128
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.1 ECDH-ECDSA-AES256
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.1 ECDH-ECDSA-AES256
|
||||
-v 2
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-RC4
|
||||
-v 3
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-ECDSA-RC4
|
||||
-v 3
|
||||
-l ECDH-ECDSA-RC4-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-DES3
|
||||
-v 3
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-ECDSA-DES3
|
||||
-v 3
|
||||
-l ECDH-ECDSA-DES-CBC3-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES128
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-ECDSA-AES128
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES128-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDH-ECDSA-AES256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDH-ECDSA-AES256
|
||||
-v 3
|
||||
-l ECDH-ECDSA-AES256-SHA
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user