- Moved ciphersuite naming scheme to IANA reserved names

2025-08-01 10:06:53 +03:00 · 2012-10-31 12:32:41 +00:00
parent bb0139c924
commit 645ce3a2b4
13 changed files with 524 additions and 534 deletions
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@ -138,8 +138,6 @@ int main( int argc, char *argv[] )
    ssl_set_bio( &ssl, net_recv, &server_fd,
                       net_send, &server_fd );

-    ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
-
    /*
     * 3. Write the GET request
     */
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -475,9 +475,7 @@ int main( int argc, char *argv[] )
    ssl_set_bio( &ssl, net_recv, &server_fd,
                       net_send, &server_fd );

-    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
-        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
-    else
+    if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );

    ssl_set_renegotiation( &ssl, opt.renegotiation );
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@ -78,42 +78,6 @@ int main( int argc, char *argv[] )
    return( 0 );
 }
 #else
-/*
- * Computing a "safe" DH-1024 prime can take a very
- * long time, so a precomputed value is provided below.
- * You may run dh_genprime to generate a new value.
- */
-char *my_dhm_P = 
-    "E4004C1F94182000103D883A448B3F80" \
-    "2CE4B44A83301270002C20D0321CFD00" \
-    "11CCEF784C26A400F43DFB901BCA7538" \
-    "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
-    "F6AC8E1DA6BCC3B4E1F96B0564965300" \
-    "FFA1D0B601EB2800F489AA512C4B248C" \
-    "01F76949A60BB7F00A40B1EAB64BDD48" \
-    "E8A700D60B7F1200FA8E77B0A979DABF";
-
-char *my_dhm_G = "4";
-
-/*
- * Sorted by order of preference
- */
-int my_ciphersuites[] =
-{
-    SSL_EDH_RSA_AES_256_SHA,
-    SSL_EDH_RSA_CAMELLIA_256_SHA,
-    SSL_EDH_RSA_AES_128_SHA,
-    SSL_EDH_RSA_CAMELLIA_128_SHA,
-    SSL_EDH_RSA_DES_168_SHA,
-    SSL_RSA_AES_256_SHA,
-    SSL_RSA_CAMELLIA_256_SHA,
-    SSL_RSA_AES_128_SHA,
-    SSL_RSA_CAMELLIA_128_SHA,
-    SSL_RSA_DES_168_SHA,
-    SSL_RSA_RC4_128_SHA,
-    SSL_RSA_RC4_128_MD5,
-    0
-};

 #define DEBUG_LEVEL 0

@ -295,13 +259,8 @@ int main( int argc, char *argv[] )
        ssl_set_bio( &ssl, net_recv, &client_fd,
                           net_send, &client_fd );

-        ssl_set_ciphersuites( &ssl, my_ciphersuites );
-
        ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
        ssl_set_own_cert( &ssl, &srvcert, &rsa );
-#if defined(POLARSSL_DHM_C)
-        ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
-#endif

        /*
         * 5. Handshake
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@ -172,7 +172,7 @@ int do_handshake( ssl_context *ssl, struct options *opt )

    printf( "  . Peer certificate information    ...\n" );
    x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                         ssl_get_peer_cert( &ssl ) );
+                         ssl_get_peer_cert( ssl ) );
    printf( "%s\n", buf );

    return( 0 );
@ -588,9 +588,7 @@ int main( int argc, char *argv[] )
    ssl_set_bio( &ssl, net_recv, &server_fd,
            net_send, &server_fd );

-    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
-        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
-    else
+    if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );

    ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@ -54,90 +54,6 @@
    "<h2>PolarSSL Test Server</h2>\r\n" \
    "<p>Successful connection using: %s</p>\r\n"

-/*
- * Sorted by order of preference
- */
-int my_ciphersuites[] =
-{
-#if defined(POLARSSL_DHM_C)
-#if defined(POLARSSL_AES_C)
-#if defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_AES_256_SHA256,
-    SSL_EDH_RSA_AES_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
-    SSL_EDH_RSA_AES_256_SHA,
-    SSL_EDH_RSA_AES_128_SHA,
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
-    SSL_EDH_RSA_AES_256_GCM_SHA384,
-#endif
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_AES_128_GCM_SHA256,
-#endif
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#if defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_CAMELLIA_256_SHA256,
-    SSL_EDH_RSA_CAMELLIA_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
-    SSL_EDH_RSA_CAMELLIA_256_SHA,
-    SSL_EDH_RSA_CAMELLIA_128_SHA,
-#endif
-#if defined(POLARSSL_DES_C)
-    SSL_EDH_RSA_DES_168_SHA,
-#endif
-#endif
-
-#if defined(POLARSSL_AES_C)
-#if defined(POLARSSL_SHA2_C)
-    SSL_RSA_AES_256_SHA256,
-#endif /* POLARSSL_SHA2_C */
-    SSL_RSA_AES_256_SHA,
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#if defined(POLARSSL_SHA2_C)
-    SSL_RSA_CAMELLIA_256_SHA256,
-#endif /* POLARSSL_SHA2_C */
-    SSL_RSA_CAMELLIA_256_SHA,
-#endif
-#if defined(POLARSSL_AES_C)
-#if defined(POLARSSL_SHA2_C)
-    SSL_RSA_AES_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
-    SSL_RSA_AES_128_SHA,
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
-    SSL_RSA_AES_256_GCM_SHA384,
-#endif
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-    SSL_RSA_AES_128_GCM_SHA256,
-#endif
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#if defined(POLARSSL_SHA2_C)
-    SSL_RSA_CAMELLIA_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
-    SSL_RSA_CAMELLIA_128_SHA,
-#endif
-#if defined(POLARSSL_DES_C)
-    SSL_RSA_DES_168_SHA,
-#endif
-#if defined(POLARSSL_ARC4_C)
-    SSL_RSA_RC4_128_SHA,
-    SSL_RSA_RC4_128_MD5,
-#endif
-#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
-#if defined(POLARSSL_DES_C)
-    SSL_EDH_RSA_DES_SHA,
-    SSL_RSA_DES_SHA,
-#endif
-#if defined(POLARSSL_CIPHER_NULL_CIPHER)
-    SSL_RSA_NULL_MD5,
-    SSL_RSA_NULL_SHA,
-    SSL_RSA_NULL_SHA256,
-#endif
-#endif
-    0
-};
-
 #define DEBUG_LEVEL 0

 void my_debug( void *ctx, int level, const char *str )
@ -282,8 +198,6 @@ int main( int argc, char *argv[] )
                                 ssl_cache_set, &cache );
 #endif

-    ssl_set_ciphersuites( &ssl, my_ciphersuites );
-
    ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
    ssl_set_own_cert( &ssl, &srvcert, &rsa );

--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -92,6 +92,96 @@ void my_debug( void *ctx, int level, const char *str )
    }
 }

+/*
+ * Sorted by order of preference
+ */
+int my_ciphersuites[] =
+{
+#if defined(POLARSSL_DHM_C)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+#endif
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+#if defined(POLARSSL_SHA2_C)
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+#endif
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+#endif
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+#if defined(POLARSSL_SHA2_C)
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_DES_C)
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
+#endif
+
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+    TLS_RSA_WITH_AES_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
+    TLS_RSA_WITH_AES_256_GCM_SHA384,
+#endif /* POLARSSL_SHA2_C */
+    TLS_RSA_WITH_AES_256_CBC_SHA,
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+#endif
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+    TLS_RSA_WITH_AES_128_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
+    TLS_RSA_WITH_AES_128_GCM_SHA256,
+#endif /* POLARSSL_SHA2_C */
+    TLS_RSA_WITH_AES_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_DES_C)
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
+#if defined(POLARSSL_ARC4_C)
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+#endif
+
+#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
+#if defined(POLARSSL_DES_C)
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_RSA_WITH_DES_CBC_SHA,
+#endif
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+    TLS_RSA_WITH_NULL_MD5,
+    TLS_RSA_WITH_NULL_SHA,
+    TLS_RSA_WITH_NULL_SHA256,
+#endif
+#endif
+    0
+};
+
+
 #if defined(POLARSSL_FS_IO)
 #define USAGE_IO \
    "    ca_file=%%s          default: \"\" (pre-loaded)\n" \
@ -395,7 +485,7 @@ int main( int argc, char *argv[] )
 #endif

    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
-        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
+        ssl_set_ciphersuites( &ssl, my_ciphersuites );
    else
        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );