summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirk Engling <erdgeist@erdgeist.org>2022-05-20 04:06:12 +0200
committerDirk Engling <erdgeist@erdgeist.org>2022-05-20 04:06:12 +0200
commit7132bc256fbbead05e48c53b58a21e760a1dd352 (patch)
tree8f3d70ceb0070f2f6c8f259bdee55194ccf3adf6
parent8c821b3f20b99ca1f05dd28aba92c897a7c9a10e (diff)
Add ciphersuite parser and converter for openssl ciphersuite names
-rwxr-xr-xvchat-tls.c287
1 files changed, 280 insertions, 7 deletions
diff --git a/vchat-tls.c b/vchat-tls.c
index ad66334..d4ab554 100755
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -404,7 +404,7 @@ void vc_tls_cleanup() {
404#include <sys/socket.h> 404#include <sys/socket.h>
405 405
406const char *DRBG_PERS = "mbed TLS vchat client"; 406const char *DRBG_PERS = "mbed TLS vchat client";
407 407#define MAX_SUITES 512
408typedef struct { 408typedef struct {
409 mbedtls_entropy_context _entropy; 409 mbedtls_entropy_context _entropy;
410 mbedtls_ctr_drbg_context _ctr_drbg; 410 mbedtls_ctr_drbg_context _ctr_drbg;
@@ -413,6 +413,7 @@ typedef struct {
413 mbedtls_pk_context _key; 413 mbedtls_pk_context _key;
414 mbedtls_ssl_context _ssl; 414 mbedtls_ssl_context _ssl;
415 mbedtls_ssl_config _conf; 415 mbedtls_ssl_config _conf;
416 int ciphersuits[MAX_SUITES];
416} mbedstate; 417} mbedstate;
417static mbedstate _mbedtls_state; 418static mbedstate _mbedtls_state;
418 419
@@ -428,7 +429,7 @@ static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len ) {
428static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len ) { 429static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len ) {
429 return send((int)(intptr_t)ctx, buf, len, 0); 430 return send((int)(intptr_t)ctx, buf, len, 0);
430} 431}
431 432static int map_openssl_suite(char *openssl_name);
432void vc_init_x509store(vc_x509store_t *store) 433void vc_init_x509store(vc_x509store_t *store)
433{ 434{
434 static int sslinit; 435 static int sslinit;
@@ -457,7 +458,8 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
457 mbedstate *s = &_mbedtls_state; 458 mbedstate *s = &_mbedtls_state;
458 mbedtls_ssl_config *conf = &_mbedtls_state._conf; 459 mbedtls_ssl_config *conf = &_mbedtls_state._conf;
459 mbedtls_ssl_context *ssl = &_mbedtls_state._ssl; 460 mbedtls_ssl_context *ssl = &_mbedtls_state._ssl;
460 int ret; 461 int ret, suitecount = 0;
462 char *token;
461 463
462 mbedtls_x509_crt_init(&s->_cacert); 464 mbedtls_x509_crt_init(&s->_cacert);
463 mbedtls_x509_crt_init(&s->_cert); 465 mbedtls_x509_crt_init(&s->_cert);
@@ -474,7 +476,21 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
474 mbedtls_ssl_conf_authmode(conf, getintoption(CF_IGNSSL) ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_REQUIRED); 476 mbedtls_ssl_conf_authmode(conf, getintoption(CF_IGNSSL) ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_REQUIRED);
475 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &s->_ctr_drbg); 477 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &s->_ctr_drbg);
476 478
477 /* mbedtls_ssl_conf_ciphersuites( */ 479 char *ciphers = getstroption(CF_CIPHERSUITE);
480 if (!ciphers)
481 ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
482 ciphers = strdup(ciphers);
483 for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1; token = strtok(NULL, ":")) {
484 int suite = mbedtls_ssl_get_ciphersuite_id(token);
485 if (!suite)
486 suite = map_openssl_suite(token);
487 if (suite)
488 s->ciphersuits[suitecount++] = suite;
489 }
490 s->ciphersuits[suitecount++] = 0;
491 free(ciphers);
492
493 mbedtls_ssl_conf_ciphersuites(conf, s->ciphersuits);
478 494
479 if (vc_store->cafile) { 495 if (vc_store->cafile) {
480 mbedtls_x509_crt_parse_file(&s->_cacert, vc_store->cafile); 496 mbedtls_x509_crt_parse_file(&s->_cacert, vc_store->cafile);
@@ -533,10 +549,9 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
533 549
534 const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(ssl); 550 const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(ssl);
535 mbedtls_x509_crt_info(tmpstr, sizeof(tmpstr), "[SSL PEER INFO ] ", peer_cert); 551 mbedtls_x509_crt_info(tmpstr, sizeof(tmpstr), "[SSL PEER INFO ] ", peer_cert);
536 char *token = strtok(tmpstr, "\n"); 552
537 do { 553 for (token = strtok(tmpstr, "\n"); token; token = strtok(NULL, "\n"))
538 writecf(FS_SERV, token); 554 writecf(FS_SERV, token);
539 } while ((token = strtok(NULL, "\n")));
540 555
541 mbedtls_ssl_get_verify_result(ssl); 556 mbedtls_ssl_get_verify_result(ssl);
542 557
@@ -573,4 +588,262 @@ void vc_tls_cleanup() {
573 mbedtls_ctr_drbg_free(&_mbedtls_state._ctr_drbg ); 588 mbedtls_ctr_drbg_free(&_mbedtls_state._ctr_drbg );
574} 589}
575 590
591/* Taken from https://testssl.sh/openssl-iana.mapping.html */
592static const char * xlate_openssl[] = {
593"NULL-MD5", "TLS-RSA-WITH-NULL-MD5",
594"NULL-SHA", "TLS-RSA-WITH-NULL-SHA",
595"EXP-RC4-MD5", "TLS-RSA-EXPORT-WITH-RC4-40-MD5",
596"RC4-MD5", "TLS-RSA-WITH-RC4-128-MD5",
597"RC4-SHA", "TLS-RSA-WITH-RC4-128-SHA",
598"EXP-RC2-CBC-MD5", "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5",
599"IDEA-CBC-SHA", "TLS-RSA-WITH-IDEA-CBC-SHA",
600"EXP-DES-CBC-SHA", "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA",
601"DES-CBC-SHA", "TLS-RSA-WITH-DES-CBC-SHA",
602"DES-CBC3-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
603"EXP-DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA",
604"DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-WITH-DES-CBC-SHA",
605"DH-DSS-DES-CBC3-SHA", "TLS-DH-DSS-WITH-3DES-EDE-CBC-SHA",
606"EXP-DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA",
607"DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-WITH-DES-CBC-SHA",
608"DH-RSA-DES-CBC3-SHA", "TLS-DH-RSA-WITH-3DES-EDE-CBC-SHA",
609"EXP-EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT-WITH-DES40-CBC-SHA",
610"EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA",
611"EDH-DSS-DES-CBC3-SHA", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
612"EXP-EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-EXPORT-WITH-DES40-CBC-SHA",
613"EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA",
614"EDH-RSA-DES-CBC3-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
615"EXP-ADH-RC4-MD5", "TLS-DH-anon-EXPORT-WITH-RC4-40-MD5",
616"ADH-RC4-MD5", "TLS-DH-anon-WITH-RC4-128-MD5",
617"EXP-ADH-DES-CBC-SHA", "TLS-DH-anon-EXPORT-WITH-DES40-CBC-SHA",
618"ADH-DES-CBC-SHA", "TLS-DH-anon-WITH-DES-CBC-SHA",
619"ADH-DES-CBC3-SHA", "TLS-DH-anon-WITH-3DES-EDE-CBC-SHA",
620"KRB5-DES-CBC-SHA", "TLS-KRB5-WITH-DES-CBC-SHA",
621"KRB5-DES-CBC3-SHA", "TLS-KRB5-WITH-3DES-EDE-CBC-SHA",
622"KRB5-RC4-SHA", "TLS-KRB5-WITH-RC4-128-SHA",
623"KRB5-IDEA-CBC-SHA", "TLS-KRB5-WITH-IDEA-CBC-SHA",
624"KRB5-DES-CBC-MD5", "TLS-KRB5-WITH-DES-CBC-MD5",
625"KRB5-DES-CBC3-MD5", "TLS-KRB5-WITH-3DES-EDE-CBC-MD5",
626"KRB5-RC4-MD5", "TLS-KRB5-WITH-RC4-128-MD5",
627"KRB5-IDEA-CBC-MD5", "TLS-KRB5-WITH-IDEA-CBC-MD5",
628"EXP-KRB5-DES-CBC-SHA", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-SHA",
629"EXP-KRB5-RC2-CBC-SHA", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-SHA",
630"EXP-KRB5-RC4-SHA", "TLS-KRB5-EXPORT-WITH-RC4-40-SHA",
631"EXP-KRB5-DES-CBC-MD5", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-MD5",
632"EXP-KRB5-RC2-CBC-MD5", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-MD5",
633"EXP-KRB5-RC4-MD5", "TLS-KRB5-EXPORT-WITH-RC4-40-MD5",
634"PSK-NULL-SHA", "TLS-PSK-WITH-NULL-SHA",
635"DHE-PSK-NULL-SHA", "TLS-DHE-PSK-WITH-NULL-SHA",
636"RSA-PSK-NULL-SHA", "TLS-RSA-PSK-WITH-NULL-SHA",
637"AES128-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA",
638"DH-DSS-AES128-SHA", "TLS-DH-DSS-WITH-AES-128-CBC-SHA",
639"DH-RSA-AES128-SHA", "TLS-DH-RSA-WITH-AES-128-CBC-SHA",
640"DHE-DSS-AES128-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
641"DHE-RSA-AES128-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
642"ADH-AES128-SHA", "TLS-DH-anon-WITH-AES-128-CBC-SHA",
643"AES256-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA",
644"DH-DSS-AES256-SHA", "TLS-DH-DSS-WITH-AES-256-CBC-SHA",
645"DH-RSA-AES256-SHA", "TLS-DH-RSA-WITH-AES-256-CBC-SHA",
646"DHE-DSS-AES256-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
647"DHE-RSA-AES256-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
648"ADH-AES256-SHA", "TLS-DH-anon-WITH-AES-256-CBC-SHA",
649"NULL-SHA256", "TLS-RSA-WITH-NULL-SHA256",
650"AES128-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA256",
651"AES256-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256",
652"DH-DSS-AES128-SHA256", "TLS-DH-DSS-WITH-AES-128-CBC-SHA256",
653"DH-RSA-AES128-SHA256", "TLS-DH-RSA-WITH-AES-128-CBC-SHA256",
654"DHE-DSS-AES128-SHA256", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
655"CAMELLIA128-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
656"DH-DSS-CAMELLIA128-SHA", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA",
657"DH-RSA-CAMELLIA128-SHA", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA",
658"DHE-DSS-CAMELLIA128-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
659"DHE-RSA-CAMELLIA128-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
660"ADH-CAMELLIA128-SHA", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA",
661"EXP1024-RC4-MD5", "TLS-RSA-EXPORT1024-WITH-RC4-56-MD5",
662"EXP1024-RC2-CBC-MD5", "TLS-RSA-EXPORT1024-WITH-RC2-CBC-56-MD5",
663"EXP1024-DES-CBC-SHA", "TLS-RSA-EXPORT1024-WITH-DES-CBC-SHA",
664"EXP1024-DHE-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-DES-CBC-SHA",
665"EXP1024-RC4-SHA", "TLS-RSA-EXPORT1024-WITH-RC4-56-SHA",
666"EXP1024-DHE-DSS-RC4-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-RC4-56-SHA",
667"DHE-DSS-RC4-SHA", "TLS-DHE-DSS-WITH-RC4-128-SHA",
668"DHE-RSA-AES128-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
669"DH-DSS-AES256-SHA256", "TLS-DH-DSS-WITH-AES-256-CBC-SHA256",
670"DH-RSA-AES256-SHA256", "TLS-DH-RSA-WITH-AES-256-CBC-SHA256",
671"DHE-DSS-AES256-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
672"DHE-RSA-AES256-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
673"ADH-AES128-SHA256", "TLS-DH-anon-WITH-AES-128-CBC-SHA256",
674"ADH-AES256-SHA256", "TLS-DH-anon-WITH-AES-256-CBC-SHA256",
675"GOST94-GOST89-GOST89", "TLS-GOSTR341094-WITH-28147-CNT-IMIT",
676"GOST2001-GOST89-GOST89", "TLS-GOSTR341001-WITH-28147-CNT-IMIT",
677"GOST94-NULL-GOST94", "TLS-GOSTR341001-WITH-NULL-GOSTR3411",
678"GOST2001-GOST89-GOST89", "TLS-GOSTR341094-WITH-NULL-GOSTR3411",
679"CAMELLIA256-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
680"DH-DSS-CAMELLIA256-SHA", "TLS-DH-DSS-WITH-CAMELLIA-256-CBC-SHA",
681"DH-RSA-CAMELLIA256-SHA", "TLS-DH-RSA-WITH-CAMELLIA-256-CBC-SHA",
682"DHE-DSS-CAMELLIA256-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
683"DHE-RSA-CAMELLIA256-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
684"ADH-CAMELLIA256-SHA", "TLS-DH-anon-WITH-CAMELLIA-256-CBC-SHA",
685"PSK-RC4-SHA", "TLS-PSK-WITH-RC4-128-SHA",
686"PSK-3DES-EDE-CBC-SHA", "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
687"PSK-AES128-CBC-SHA", "TLS-PSK-WITH-AES-128-CBC-SHA",
688"PSK-AES256-CBC-SHA", "TLS-PSK-WITH-AES-256-CBC-SHA",
689"SEED-SHA", "TLS-RSA-WITH-SEED-CBC-SHA",
690"DH-DSS-SEED-SHA", "TLS-DH-DSS-WITH-SEED-CBC-SHA",
691"DH-RSA-SEED-SHA", "TLS-DH-RSA-WITH-SEED-CBC-SHA",
692"DHE-DSS-SEED-SHA", "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
693"DHE-RSA-SEED-SHA", "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
694"ADH-SEED-SHA", "TLS-DH-anon-WITH-SEED-CBC-SHA",
695"AES128-GCM-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256",
696"AES256-GCM-SHA384", "TLS-RSA-WITH-AES-256-GCM-SHA384",
697"DHE-RSA-AES128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
698"DHE-RSA-AES256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
699"DH-RSA-AES128-GCM-SHA256", "TLS-DH-RSA-WITH-AES-128-GCM-SHA256",
700"DH-RSA-AES256-GCM-SHA384", "TLS-DH-RSA-WITH-AES-256-GCM-SHA384",
701"DHE-DSS-AES128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
702"DHE-DSS-AES256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
703"DH-DSS-AES128-GCM-SHA256", "TLS-DH-DSS-WITH-AES-128-GCM-SHA256",
704"DH-DSS-AES256-GCM-SHA384", "TLS-DH-DSS-WITH-AES-256-GCM-SHA384",
705"ADH-AES128-GCM-SHA256", "TLS-DH-anon-WITH-AES-128-GCM-SHA256",
706"ADH-AES256-GCM-SHA384", "TLS-DH-anon-WITH-AES-256-GCM-SHA384",
707"CAMELLIA128-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
708"DH-DSS-CAMELLIA128-SHA256", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA256",
709"DH-RSA-CAMELLIA128-SHA256", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
710"DHE-DSS-CAMELLIA128-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
711"DHE-RSA-CAMELLIA128-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
712"ADH-CAMELLIA128-SHA256", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA256",
713"TLS-FALLBACK-SCSV", "TLS-EMPTY-RENEGOTIATION-INFO-SCSV",
714"TLS-AES-128-GCM-SHA256", "TLS-AES-128-GCM-SHA256",
715"TLS-AES-256-GCM-SHA384", "TLS-AES-256-GCM-SHA384",
716"TLS-CHACHA20-POLY1305-SHA256", "TLS-CHACHA20-POLY1305-SHA256",
717"TLS-AES-128-CCM-SHA256", "TLS-AES-128-CCM-SHA256",
718"TLS-AES-128-CCM-8-SHA256", "TLS-AES-128-CCM-8-SHA256",
719"ECDH-ECDSA-NULL-SHA", "TLS-ECDH-ECDSA-WITH-NULL-SHA",
720"ECDH-ECDSA-RC4-SHA", "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
721"ECDH-ECDSA-DES-CBC3-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
722"ECDH-ECDSA-AES128-SHA", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
723"ECDH-ECDSA-AES256-SHA", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
724"ECDHE-ECDSA-NULL-SHA", "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
725"ECDHE-ECDSA-RC4-SHA", "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
726"ECDHE-ECDSA-DES-CBC3-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
727"ECDHE-ECDSA-AES128-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
728"ECDHE-ECDSA-AES256-SHA", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
729"ECDH-RSA-NULL-SHA", "TLS-ECDH-RSA-WITH-NULL-SHA",
730"ECDH-RSA-RC4-SHA", "TLS-ECDH-RSA-WITH-RC4-128-SHA",
731"ECDH-RSA-DES-CBC3-SHA", "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
732"ECDH-RSA-AES128-SHA", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
733"ECDH-RSA-AES256-SHA", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
734"ECDHE-RSA-NULL-SHA", "TLS-ECDHE-RSA-WITH-NULL-SHA",
735"ECDHE-RSA-RC4-SHA", "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
736"ECDHE-RSA-DES-CBC3-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
737"ECDHE-RSA-AES128-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
738"ECDHE-RSA-AES256-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
739"AECDH-NULL-SHA", "TLS-ECDH-anon-WITH-NULL-SHA",
740"AECDH-RC4-SHA", "TLS-ECDH-anon-WITH-RC4-128-SHA",
741"AECDH-DES-CBC3-SHA", "TLS-ECDH-anon-WITH-3DES-EDE-CBC-SHA",
742"AECDH-AES128-SHA", "TLS-ECDH-anon-WITH-AES-128-CBC-SHA",
743"AECDH-AES256-SHA", "TLS-ECDH-anon-WITH-AES-256-CBC-SHA",
744"SRP-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-WITH-3DES-EDE-CBC-SHA",
745"SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA",
746"SRP-DSS-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA",
747"SRP-AES-128-CBC-SHA", "TLS-SRP-SHA-WITH-AES-128-CBC-SHA",
748"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA",
749"SRP-DSS-AES-128-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA",
750"SRP-AES-256-CBC-SHA", "TLS-SRP-SHA-WITH-AES-256-CBC-SHA",
751"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA",
752"SRP-DSS-AES-256-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA",
753"ECDHE-ECDSA-AES128-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
754"ECDHE-ECDSA-AES256-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
755"ECDH-ECDSA-AES128-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
756"ECDH-ECDSA-AES256-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
757"ECDHE-RSA-AES128-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
758"ECDHE-RSA-AES256-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
759"ECDH-RSA-AES128-SHA256", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
760"ECDH-RSA-AES256-SHA384", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
761"ECDHE-ECDSA-AES128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
762"ECDHE-ECDSA-AES256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
763"ECDH-ECDSA-AES128-GCM-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
764"ECDH-ECDSA-AES256-GCM-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
765"ECDHE-RSA-AES128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
766"ECDHE-RSA-AES256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
767"ECDH-RSA-AES128-GCM-SHA256", "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
768"ECDH-RSA-AES256-GCM-SHA384", "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
769"ECDHE-PSK-RC4-SHA", "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
770"ECDHE-PSK-3DES-EDE-CBC-SHA", "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
771"ECDHE-PSK-AES128-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
772"ECDHE-PSK-AES256-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
773"ECDHE-PSK-AES128-CBC-SHA256", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
774"ECDHE-PSK-AES256-CBC-SHA384", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
775"ECDHE-PSK-NULL-SHA", "TLS-ECDHE-PSK-WITH-NULL-SHA",
776"ECDHE-PSK-NULL-SHA256", "TLS-ECDHE-PSK-WITH-NULL-SHA256",
777"ECDHE-PSK-NULL-SHA384", "TLS-ECDHE-PSK-WITH-NULL-SHA384",
778"ECDHE-ECDSA-CAMELLIA128-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
779"ECDHE-ECDSA-CAMELLIA256-SHA38", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
780"ECDH-ECDSA-CAMELLIA128-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
781"ECDH-ECDSA-CAMELLIA256-SHA384", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
782"ECDHE-RSA-CAMELLIA128-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
783"ECDHE-RSA-CAMELLIA256-SHA384", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
784"ECDH-RSA-CAMELLIA128-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
785"ECDH-RSA-CAMELLIA256-SHA384", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
786"PSK-CAMELLIA128-SHA256", "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
787"PSK-CAMELLIA256-SHA384", "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
788"DHE-PSK-CAMELLIA128-SHA256", "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
789"DHE-PSK-CAMELLIA256-SHA384", "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
790"RSA-PSK-CAMELLIA128-SHA256", "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
791"RSA-PSK-CAMELLIA256-SHA384", "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
792"ECDHE-PSK-CAMELLIA128-SHA256", "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
793"ECDHE-PSK-CAMELLIA256-SHA384", "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
794"AES128-CCM", "TLS-RSA-WITH-AES-128-CCM",
795"AES256-CCM", "TLS-RSA-WITH-AES-256-CCM",
796"DHE-RSA-AES128-CCM", "TLS-DHE-RSA-WITH-AES-128-CCM",
797"DHE-RSA-AES256-CCM", "TLS-DHE-RSA-WITH-AES-256-CCM",
798"AES128-CCM8", "TLS-RSA-WITH-AES-128-CCM-8",
799"AES256-CCM8", "TLS-RSA-WITH-AES-256-CCM-8",
800"DHE-RSA-AES128-CCM8", "TLS-DHE-RSA-WITH-AES-128-CCM-8",
801"DHE-RSA-AES256-CCM8", "TLS-DHE-RSA-WITH-AES-256-CCM-8",
802"PSK-AES128-CCM", "TLS-PSK-WITH-AES-128-CCM",
803"PSK-AES256-CCM", "TLS-PSK-WITH-AES-256-CCM",
804"DHE-PSK-AES128-CCM", "TLS-DHE-PSK-WITH-AES-128-CCM",
805"DHE-PSK-AES256-CCM", "TLS-DHE-PSK-WITH-AES-256-CCM",
806"PSK-AES128-CCM8", "TLS-PSK-WITH-AES-128-CCM-8",
807"PSK-AES256-CCM8", "TLS-PSK-WITH-AES-256-CCM-8",
808"DHE-PSK-AES128-CCM8", "TLS-PSK-DHE-WITH-AES-128-CCM-8",
809"DHE-PSK-AES256-CCM8", "TLS-PSK-DHE-WITH-AES-256-CCM-8",
810"ECDHE-ECDSA-AES128-CCM", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
811"ECDHE-ECDSA-AES256-CCM", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
812"ECDHE-ECDSA-AES128-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
813"ECDHE-ECDSA-AES256-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
814"ECDHE-RSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD",
815"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256-OLD",
816"DHE-RSA-CHACHA20-POLY1305-OLD", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD",
817"ECDHE-RSA-CHACHA20-POLY1305", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
818"ECDHE-ECDSA-CHACHA20-POLY1305", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
819"DHE-RSA-CHACHA20-POLY1305", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
820"PSK-CHACHA20-POLY1305", "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
821"ECDHE-PSK-CHACHA20-POLY1305", "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
822"DHE-PSK-CHACHA20-POLY1305", "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
823"RSA-PSK-CHACHA20-POLY1305", "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
824"GOST-MD5", "TLS-GOSTR341094-RSA-WITH-28147-CNT-MD5",
825"GOST-GOST94", "TLS-RSA-WITH-28147-CNT-GOST94",
826"RC4-MD5", "SSL-CK-RC4-128-WITH-MD5",
827"EXP-RC4-MD5", "SSL-CK-RC4-128-EXPORT40-WITH-MD5",
828"RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-WITH-MD5",
829"EXP-RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-EXPORT40-WITH-MD5",
830"IDEA-CBC-MD5", "SSL-CK-IDEA-128-CBC-WITH-MD5",
831"DES-CBC-MD5", "SSL-CK-DES-64-CBC-WITH-MD5",
832"DES-CBC-SHA", "SSL-CK-DES-64-CBC-WITH-SHA",
833"DES-CBC3-MD5", "SSL-CK-DES-192-EDE3-CBC-WITH-MD5",
834"DES-CBC3-SHA", "SSL-CK-DES-192-EDE3-CBC-WITH-SHA",
835"RC4-64-MD5", "SSL-CK-RC4-64-WITH-MD5",
836"DES-CFB-M1", "SSL-CK-DES-64-CFB64-WITH-MD5-1",
837NULL
838};
839// fprintf(stderr, "SUCCESS: %s => %s => %d\n\n", xlate_openssl[i], xlate_openssl[i+1], mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1]));
840static int map_openssl_suite(char *openssl_name) {
841 int i;
842 for (i=0; xlate_openssl[i]; i+=2) {
843 if (!strcmp(xlate_openssl[i], openssl_name))
844 return mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1]);
845 }
846 return 0;
847}
848
576#endif 849#endif