From 7132bc256fbbead05e48c53b58a21e760a1dd352 Mon Sep 17 00:00:00 2001
From: Dirk Engling <erdgeist@erdgeist.org>
Date: Fri, 20 May 2022 04:06:12 +0200
Subject: Add ciphersuite parser and converter for openssl ciphersuite names

---
 vchat-tls.c | 287 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 280 insertions(+), 7 deletions(-)

diff --git a/vchat-tls.c b/vchat-tls.c
index ad66334..d4ab554 100755
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -404,7 +404,7 @@ void vc_tls_cleanup() {
 #include <sys/socket.h>
 
 const char *DRBG_PERS = "mbed TLS vchat client";
-
+#define MAX_SUITES 512
 typedef struct {
     mbedtls_entropy_context _entropy;
     mbedtls_ctr_drbg_context _ctr_drbg;
@@ -413,6 +413,7 @@ typedef struct {
     mbedtls_pk_context _key;
     mbedtls_ssl_context _ssl;
     mbedtls_ssl_config  _conf;
+    int ciphersuits[MAX_SUITES];
 } mbedstate;
 static mbedstate _mbedtls_state;
 
@@ -428,7 +429,7 @@ static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len ) {
 static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len ) {
     return send((int)(intptr_t)ctx, buf, len, 0);
 }
-
+static int map_openssl_suite(char *openssl_name);
 void vc_init_x509store(vc_x509store_t *store)
 {
     static int sslinit;
@@ -457,7 +458,8 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
     mbedstate *s = &_mbedtls_state;
     mbedtls_ssl_config *conf = &_mbedtls_state._conf;
     mbedtls_ssl_context *ssl = &_mbedtls_state._ssl;
-    int ret;
+    int ret, suitecount = 0;
+    char *token;
 
     mbedtls_x509_crt_init(&s->_cacert);
     mbedtls_x509_crt_init(&s->_cert);
@@ -474,7 +476,21 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
     mbedtls_ssl_conf_authmode(conf, getintoption(CF_IGNSSL) ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_REQUIRED);
     mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &s->_ctr_drbg);
 
-    /*  mbedtls_ssl_conf_ciphersuites( */
+    char *ciphers = getstroption(CF_CIPHERSUITE);
+    if (!ciphers)
+        ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
+    ciphers = strdup(ciphers);
+    for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1; token = strtok(NULL, ":")) {
+        int suite = mbedtls_ssl_get_ciphersuite_id(token);
+        if (!suite)
+            suite = map_openssl_suite(token);
+        if (suite)
+            s->ciphersuits[suitecount++] = suite;
+    }
+    s->ciphersuits[suitecount++] = 0;
+    free(ciphers);
+
+    mbedtls_ssl_conf_ciphersuites(conf, s->ciphersuits);
 
     if (vc_store->cafile) {
         mbedtls_x509_crt_parse_file(&s->_cacert, vc_store->cafile);
@@ -533,10 +549,9 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
 
     const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(ssl);
     mbedtls_x509_crt_info(tmpstr, sizeof(tmpstr), "[SSL PEER INFO    ] ", peer_cert);
-    char *token = strtok(tmpstr, "\n");
-    do {
+
+    for (token = strtok(tmpstr, "\n"); token; token = strtok(NULL, "\n"))
         writecf(FS_SERV, token);
-    } while ((token = strtok(NULL, "\n")));
 
     mbedtls_ssl_get_verify_result(ssl);
 
@@ -573,4 +588,262 @@ void vc_tls_cleanup() {
     mbedtls_ctr_drbg_free(&_mbedtls_state._ctr_drbg );
 }
 
+/* Taken from https://testssl.sh/openssl-iana.mapping.html */
+static const char * xlate_openssl[] = {
+"NULL-MD5", "TLS-RSA-WITH-NULL-MD5",
+"NULL-SHA", "TLS-RSA-WITH-NULL-SHA",
+"EXP-RC4-MD5", "TLS-RSA-EXPORT-WITH-RC4-40-MD5",
+"RC4-MD5", "TLS-RSA-WITH-RC4-128-MD5",
+"RC4-SHA", "TLS-RSA-WITH-RC4-128-SHA",
+"EXP-RC2-CBC-MD5", "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5",
+"IDEA-CBC-SHA", "TLS-RSA-WITH-IDEA-CBC-SHA",
+"EXP-DES-CBC-SHA", "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA",
+"DES-CBC-SHA", "TLS-RSA-WITH-DES-CBC-SHA",
+"DES-CBC3-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+"EXP-DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA",
+"DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-WITH-DES-CBC-SHA",
+"DH-DSS-DES-CBC3-SHA", "TLS-DH-DSS-WITH-3DES-EDE-CBC-SHA",
+"EXP-DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA",
+"DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-WITH-DES-CBC-SHA",
+"DH-RSA-DES-CBC3-SHA", "TLS-DH-RSA-WITH-3DES-EDE-CBC-SHA",
+"EXP-EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT-WITH-DES40-CBC-SHA",
+"EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA",
+"EDH-DSS-DES-CBC3-SHA", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+"EXP-EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-EXPORT-WITH-DES40-CBC-SHA",
+"EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+"EDH-RSA-DES-CBC3-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+"EXP-ADH-RC4-MD5", "TLS-DH-anon-EXPORT-WITH-RC4-40-MD5",
+"ADH-RC4-MD5", "TLS-DH-anon-WITH-RC4-128-MD5",
+"EXP-ADH-DES-CBC-SHA", "TLS-DH-anon-EXPORT-WITH-DES40-CBC-SHA",
+"ADH-DES-CBC-SHA", "TLS-DH-anon-WITH-DES-CBC-SHA",
+"ADH-DES-CBC3-SHA", "TLS-DH-anon-WITH-3DES-EDE-CBC-SHA",
+"KRB5-DES-CBC-SHA", "TLS-KRB5-WITH-DES-CBC-SHA",
+"KRB5-DES-CBC3-SHA", "TLS-KRB5-WITH-3DES-EDE-CBC-SHA",
+"KRB5-RC4-SHA", "TLS-KRB5-WITH-RC4-128-SHA",
+"KRB5-IDEA-CBC-SHA", "TLS-KRB5-WITH-IDEA-CBC-SHA",
+"KRB5-DES-CBC-MD5", "TLS-KRB5-WITH-DES-CBC-MD5",
+"KRB5-DES-CBC3-MD5", "TLS-KRB5-WITH-3DES-EDE-CBC-MD5",
+"KRB5-RC4-MD5", "TLS-KRB5-WITH-RC4-128-MD5",
+"KRB5-IDEA-CBC-MD5", "TLS-KRB5-WITH-IDEA-CBC-MD5",
+"EXP-KRB5-DES-CBC-SHA", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-SHA",
+"EXP-KRB5-RC2-CBC-SHA", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-SHA",
+"EXP-KRB5-RC4-SHA", "TLS-KRB5-EXPORT-WITH-RC4-40-SHA",
+"EXP-KRB5-DES-CBC-MD5", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-MD5",
+"EXP-KRB5-RC2-CBC-MD5", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-MD5",
+"EXP-KRB5-RC4-MD5", "TLS-KRB5-EXPORT-WITH-RC4-40-MD5",
+"PSK-NULL-SHA", "TLS-PSK-WITH-NULL-SHA",
+"DHE-PSK-NULL-SHA", "TLS-DHE-PSK-WITH-NULL-SHA",
+"RSA-PSK-NULL-SHA", "TLS-RSA-PSK-WITH-NULL-SHA",
+"AES128-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA",
+"DH-DSS-AES128-SHA", "TLS-DH-DSS-WITH-AES-128-CBC-SHA",
+"DH-RSA-AES128-SHA", "TLS-DH-RSA-WITH-AES-128-CBC-SHA",
+"DHE-DSS-AES128-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+"DHE-RSA-AES128-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+"ADH-AES128-SHA", "TLS-DH-anon-WITH-AES-128-CBC-SHA",
+"AES256-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA",
+"DH-DSS-AES256-SHA", "TLS-DH-DSS-WITH-AES-256-CBC-SHA",
+"DH-RSA-AES256-SHA", "TLS-DH-RSA-WITH-AES-256-CBC-SHA",
+"DHE-DSS-AES256-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+"DHE-RSA-AES256-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+"ADH-AES256-SHA", "TLS-DH-anon-WITH-AES-256-CBC-SHA",
+"NULL-SHA256", "TLS-RSA-WITH-NULL-SHA256",
+"AES128-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA256",
+"AES256-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256",
+"DH-DSS-AES128-SHA256", "TLS-DH-DSS-WITH-AES-128-CBC-SHA256",
+"DH-RSA-AES128-SHA256", "TLS-DH-RSA-WITH-AES-128-CBC-SHA256",
+"DHE-DSS-AES128-SHA256", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+"CAMELLIA128-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+"DH-DSS-CAMELLIA128-SHA", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA",
+"DH-RSA-CAMELLIA128-SHA", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA",
+"DHE-DSS-CAMELLIA128-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+"DHE-RSA-CAMELLIA128-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+"ADH-CAMELLIA128-SHA", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA",
+"EXP1024-RC4-MD5", "TLS-RSA-EXPORT1024-WITH-RC4-56-MD5",
+"EXP1024-RC2-CBC-MD5", "TLS-RSA-EXPORT1024-WITH-RC2-CBC-56-MD5",
+"EXP1024-DES-CBC-SHA", "TLS-RSA-EXPORT1024-WITH-DES-CBC-SHA",
+"EXP1024-DHE-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-DES-CBC-SHA",
+"EXP1024-RC4-SHA", "TLS-RSA-EXPORT1024-WITH-RC4-56-SHA",
+"EXP1024-DHE-DSS-RC4-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-RC4-56-SHA",
+"DHE-DSS-RC4-SHA", "TLS-DHE-DSS-WITH-RC4-128-SHA",
+"DHE-RSA-AES128-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+"DH-DSS-AES256-SHA256", "TLS-DH-DSS-WITH-AES-256-CBC-SHA256",
+"DH-RSA-AES256-SHA256", "TLS-DH-RSA-WITH-AES-256-CBC-SHA256",
+"DHE-DSS-AES256-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+"DHE-RSA-AES256-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+"ADH-AES128-SHA256", "TLS-DH-anon-WITH-AES-128-CBC-SHA256",
+"ADH-AES256-SHA256", "TLS-DH-anon-WITH-AES-256-CBC-SHA256",
+"GOST94-GOST89-GOST89", "TLS-GOSTR341094-WITH-28147-CNT-IMIT",
+"GOST2001-GOST89-GOST89", "TLS-GOSTR341001-WITH-28147-CNT-IMIT",
+"GOST94-NULL-GOST94", "TLS-GOSTR341001-WITH-NULL-GOSTR3411",
+"GOST2001-GOST89-GOST89", "TLS-GOSTR341094-WITH-NULL-GOSTR3411",
+"CAMELLIA256-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+"DH-DSS-CAMELLIA256-SHA", "TLS-DH-DSS-WITH-CAMELLIA-256-CBC-SHA",
+"DH-RSA-CAMELLIA256-SHA", "TLS-DH-RSA-WITH-CAMELLIA-256-CBC-SHA",
+"DHE-DSS-CAMELLIA256-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+"DHE-RSA-CAMELLIA256-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+"ADH-CAMELLIA256-SHA", "TLS-DH-anon-WITH-CAMELLIA-256-CBC-SHA",
+"PSK-RC4-SHA", "TLS-PSK-WITH-RC4-128-SHA",
+"PSK-3DES-EDE-CBC-SHA", "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+"PSK-AES128-CBC-SHA", "TLS-PSK-WITH-AES-128-CBC-SHA",
+"PSK-AES256-CBC-SHA", "TLS-PSK-WITH-AES-256-CBC-SHA",
+"SEED-SHA", "TLS-RSA-WITH-SEED-CBC-SHA",
+"DH-DSS-SEED-SHA", "TLS-DH-DSS-WITH-SEED-CBC-SHA",
+"DH-RSA-SEED-SHA", "TLS-DH-RSA-WITH-SEED-CBC-SHA",
+"DHE-DSS-SEED-SHA", "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+"DHE-RSA-SEED-SHA", "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+"ADH-SEED-SHA", "TLS-DH-anon-WITH-SEED-CBC-SHA",
+"AES128-GCM-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256",
+"AES256-GCM-SHA384", "TLS-RSA-WITH-AES-256-GCM-SHA384",
+"DHE-RSA-AES128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+"DHE-RSA-AES256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+"DH-RSA-AES128-GCM-SHA256", "TLS-DH-RSA-WITH-AES-128-GCM-SHA256",
+"DH-RSA-AES256-GCM-SHA384", "TLS-DH-RSA-WITH-AES-256-GCM-SHA384",
+"DHE-DSS-AES128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+"DHE-DSS-AES256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+"DH-DSS-AES128-GCM-SHA256", "TLS-DH-DSS-WITH-AES-128-GCM-SHA256",
+"DH-DSS-AES256-GCM-SHA384", "TLS-DH-DSS-WITH-AES-256-GCM-SHA384",
+"ADH-AES128-GCM-SHA256", "TLS-DH-anon-WITH-AES-128-GCM-SHA256",
+"ADH-AES256-GCM-SHA384", "TLS-DH-anon-WITH-AES-256-GCM-SHA384",
+"CAMELLIA128-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+"DH-DSS-CAMELLIA128-SHA256", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+"DH-RSA-CAMELLIA128-SHA256", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+"DHE-DSS-CAMELLIA128-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+"DHE-RSA-CAMELLIA128-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+"ADH-CAMELLIA128-SHA256", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA256",
+"TLS-FALLBACK-SCSV", "TLS-EMPTY-RENEGOTIATION-INFO-SCSV",
+"TLS-AES-128-GCM-SHA256", "TLS-AES-128-GCM-SHA256",
+"TLS-AES-256-GCM-SHA384", "TLS-AES-256-GCM-SHA384",
+"TLS-CHACHA20-POLY1305-SHA256", "TLS-CHACHA20-POLY1305-SHA256",
+"TLS-AES-128-CCM-SHA256", "TLS-AES-128-CCM-SHA256",
+"TLS-AES-128-CCM-8-SHA256", "TLS-AES-128-CCM-8-SHA256",
+"ECDH-ECDSA-NULL-SHA", "TLS-ECDH-ECDSA-WITH-NULL-SHA",
+"ECDH-ECDSA-RC4-SHA", "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
+"ECDH-ECDSA-DES-CBC3-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+"ECDH-ECDSA-AES128-SHA", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+"ECDH-ECDSA-AES256-SHA", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+"ECDHE-ECDSA-NULL-SHA", "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+"ECDHE-ECDSA-RC4-SHA", "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
+"ECDHE-ECDSA-DES-CBC3-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+"ECDHE-ECDSA-AES128-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+"ECDHE-ECDSA-AES256-SHA", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+"ECDH-RSA-NULL-SHA", "TLS-ECDH-RSA-WITH-NULL-SHA",
+"ECDH-RSA-RC4-SHA", "TLS-ECDH-RSA-WITH-RC4-128-SHA",
+"ECDH-RSA-DES-CBC3-SHA", "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
+"ECDH-RSA-AES128-SHA", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
+"ECDH-RSA-AES256-SHA", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
+"ECDHE-RSA-NULL-SHA", "TLS-ECDHE-RSA-WITH-NULL-SHA",
+"ECDHE-RSA-RC4-SHA", "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+"ECDHE-RSA-DES-CBC3-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+"ECDHE-RSA-AES128-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+"ECDHE-RSA-AES256-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+"AECDH-NULL-SHA", "TLS-ECDH-anon-WITH-NULL-SHA",
+"AECDH-RC4-SHA", "TLS-ECDH-anon-WITH-RC4-128-SHA",
+"AECDH-DES-CBC3-SHA", "TLS-ECDH-anon-WITH-3DES-EDE-CBC-SHA",
+"AECDH-AES128-SHA", "TLS-ECDH-anon-WITH-AES-128-CBC-SHA",
+"AECDH-AES256-SHA", "TLS-ECDH-anon-WITH-AES-256-CBC-SHA",
+"SRP-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-WITH-3DES-EDE-CBC-SHA",
+"SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA",
+"SRP-DSS-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA",
+"SRP-AES-128-CBC-SHA", "TLS-SRP-SHA-WITH-AES-128-CBC-SHA",
+"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA",
+"SRP-DSS-AES-128-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA",
+"SRP-AES-256-CBC-SHA", "TLS-SRP-SHA-WITH-AES-256-CBC-SHA",
+"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA",
+"SRP-DSS-AES-256-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA",
+"ECDHE-ECDSA-AES128-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+"ECDHE-ECDSA-AES256-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+"ECDH-ECDSA-AES128-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+"ECDH-ECDSA-AES256-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+"ECDHE-RSA-AES128-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+"ECDHE-RSA-AES256-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+"ECDH-RSA-AES128-SHA256", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
+"ECDH-RSA-AES256-SHA384", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
+"ECDHE-ECDSA-AES128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+"ECDHE-ECDSA-AES256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+"ECDH-ECDSA-AES128-GCM-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+"ECDH-ECDSA-AES256-GCM-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+"ECDHE-RSA-AES128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+"ECDHE-RSA-AES256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+"ECDH-RSA-AES128-GCM-SHA256", "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
+"ECDH-RSA-AES256-GCM-SHA384", "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
+"ECDHE-PSK-RC4-SHA", "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
+"ECDHE-PSK-3DES-EDE-CBC-SHA", "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+"ECDHE-PSK-AES128-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+"ECDHE-PSK-AES256-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+"ECDHE-PSK-AES128-CBC-SHA256", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+"ECDHE-PSK-AES256-CBC-SHA384", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+"ECDHE-PSK-NULL-SHA", "TLS-ECDHE-PSK-WITH-NULL-SHA",
+"ECDHE-PSK-NULL-SHA256", "TLS-ECDHE-PSK-WITH-NULL-SHA256",
+"ECDHE-PSK-NULL-SHA384", "TLS-ECDHE-PSK-WITH-NULL-SHA384",
+"ECDHE-ECDSA-CAMELLIA128-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+"ECDHE-ECDSA-CAMELLIA256-SHA38", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+"ECDH-ECDSA-CAMELLIA128-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+"ECDH-ECDSA-CAMELLIA256-SHA384", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+"ECDHE-RSA-CAMELLIA128-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+"ECDHE-RSA-CAMELLIA256-SHA384", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+"ECDH-RSA-CAMELLIA128-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+"ECDH-RSA-CAMELLIA256-SHA384", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+"PSK-CAMELLIA128-SHA256", "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+"PSK-CAMELLIA256-SHA384", "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+"DHE-PSK-CAMELLIA128-SHA256", "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+"DHE-PSK-CAMELLIA256-SHA384", "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+"RSA-PSK-CAMELLIA128-SHA256", "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+"RSA-PSK-CAMELLIA256-SHA384", "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+"ECDHE-PSK-CAMELLIA128-SHA256", "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+"ECDHE-PSK-CAMELLIA256-SHA384", "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+"AES128-CCM", "TLS-RSA-WITH-AES-128-CCM",
+"AES256-CCM", "TLS-RSA-WITH-AES-256-CCM",
+"DHE-RSA-AES128-CCM", "TLS-DHE-RSA-WITH-AES-128-CCM",
+"DHE-RSA-AES256-CCM", "TLS-DHE-RSA-WITH-AES-256-CCM",
+"AES128-CCM8", "TLS-RSA-WITH-AES-128-CCM-8",
+"AES256-CCM8", "TLS-RSA-WITH-AES-256-CCM-8",
+"DHE-RSA-AES128-CCM8", "TLS-DHE-RSA-WITH-AES-128-CCM-8",
+"DHE-RSA-AES256-CCM8", "TLS-DHE-RSA-WITH-AES-256-CCM-8",
+"PSK-AES128-CCM", "TLS-PSK-WITH-AES-128-CCM",
+"PSK-AES256-CCM", "TLS-PSK-WITH-AES-256-CCM",
+"DHE-PSK-AES128-CCM", "TLS-DHE-PSK-WITH-AES-128-CCM",
+"DHE-PSK-AES256-CCM", "TLS-DHE-PSK-WITH-AES-256-CCM",
+"PSK-AES128-CCM8", "TLS-PSK-WITH-AES-128-CCM-8",
+"PSK-AES256-CCM8", "TLS-PSK-WITH-AES-256-CCM-8",
+"DHE-PSK-AES128-CCM8", "TLS-PSK-DHE-WITH-AES-128-CCM-8",
+"DHE-PSK-AES256-CCM8", "TLS-PSK-DHE-WITH-AES-256-CCM-8",
+"ECDHE-ECDSA-AES128-CCM", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+"ECDHE-ECDSA-AES256-CCM", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+"ECDHE-ECDSA-AES128-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+"ECDHE-ECDSA-AES256-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+"ECDHE-RSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD",
+"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256-OLD",
+"DHE-RSA-CHACHA20-POLY1305-OLD", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD",
+"ECDHE-RSA-CHACHA20-POLY1305", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+"ECDHE-ECDSA-CHACHA20-POLY1305", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+"DHE-RSA-CHACHA20-POLY1305", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+"PSK-CHACHA20-POLY1305", "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+"ECDHE-PSK-CHACHA20-POLY1305", "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+"DHE-PSK-CHACHA20-POLY1305", "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+"RSA-PSK-CHACHA20-POLY1305", "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
+"GOST-MD5", "TLS-GOSTR341094-RSA-WITH-28147-CNT-MD5",
+"GOST-GOST94", "TLS-RSA-WITH-28147-CNT-GOST94",
+"RC4-MD5", "SSL-CK-RC4-128-WITH-MD5",
+"EXP-RC4-MD5", "SSL-CK-RC4-128-EXPORT40-WITH-MD5",
+"RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-WITH-MD5",
+"EXP-RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-EXPORT40-WITH-MD5",
+"IDEA-CBC-MD5", "SSL-CK-IDEA-128-CBC-WITH-MD5",
+"DES-CBC-MD5", "SSL-CK-DES-64-CBC-WITH-MD5",
+"DES-CBC-SHA", "SSL-CK-DES-64-CBC-WITH-SHA",
+"DES-CBC3-MD5", "SSL-CK-DES-192-EDE3-CBC-WITH-MD5",
+"DES-CBC3-SHA", "SSL-CK-DES-192-EDE3-CBC-WITH-SHA",
+"RC4-64-MD5", "SSL-CK-RC4-64-WITH-MD5",
+"DES-CFB-M1", "SSL-CK-DES-64-CFB64-WITH-MD5-1",
+NULL
+};
+// fprintf(stderr, "SUCCESS: %s => %s => %d\n\n", xlate_openssl[i], xlate_openssl[i+1], mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1]));
+static int map_openssl_suite(char *openssl_name) {
+    int i;
+    for (i=0; xlate_openssl[i]; i+=2) {
+        if (!strcmp(xlate_openssl[i], openssl_name))
+            return mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1]);
+    }
+    return 0;
+}
+
 #endif
-- 
cgit v1.2.3