Relax some SHA2 ciphersuite's version requirements

Changed: - PSK ciphersuites (RFC 5487, section 3) - ECDHE-PSK ciphersuites (RFC 5489, section 3) - Additional Camellia ciphersuites (RFC 6367, sec 3.3) Unchanged: - all GCM ciphersuites - Camellia ciphersuites from RFC 5932 (sec. 3.3.2) - ECC-SHA2 ciphersuites from RFC 5289 (unclear) - SHA2 from RFC 5246 (TLS 1.2, no precision)
2025-07-28 00:21:48 +03:00 · 2013-11-26 13:27:45 +01:00
parent e4c71f0e11
commit a5bdfcde53
2 changed files with 56 additions and 56 deletions
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@ -99,20 +99,20 @@ extern "C" {
 #define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
 #define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */

-#define TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE   /**< TLS 1.2 */
-#define TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF   /**< TLS 1.2 */
-#define TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! TLS 1.2 */
-#define TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! TLS 1.2 */
+#define TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
+#define TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
+#define TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
+#define TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */

-#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2   /**< TLS 1.2 */
-#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3   /**< TLS 1.2 */
-#define TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! TLS 1.2 */
-#define TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
+#define TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
+#define TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */

-#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6   /**< TLS 1.2 */
-#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7   /**< TLS 1.2 */
-#define TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! TLS 1.2 */
-#define TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! TLS 1.2 */
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
+#define TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
+#define TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */

 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
@ -148,16 +148,16 @@ extern "C" {
 #define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
 #define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
 #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
-#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< TLS 1.2 */
-#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
 #define TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
-#define TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! TLS 1.2 */
-#define TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! TLS 1.2 */
+#define TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
+#define TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */

-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< TLS 1.2 */
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */

 #define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
 #define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
@ -175,14 +175,14 @@ extern "C" {
 #define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
 #define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */

-#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094 /**< TLS 1.2 */
-#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095 /**< TLS 1.2 */
-#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096 /**< TLS 1.2 */
-#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097 /**< TLS 1.2 */
-#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098 /**< TLS 1.2 */
-#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099 /**< TLS 1.2 */
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
+#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
+#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */

 typedef enum {
    POLARSSL_KEY_EXCHANGE_NONE = 0,