From 7132bc256fbbead05e48c53b58a21e760a1dd352 Mon Sep 17 00:00:00 2001 From: Dirk Engling Date: Fri, 20 May 2022 04:06:12 +0200 Subject: Add ciphersuite parser and converter for openssl ciphersuite names --- vchat-tls.c | 287 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 280 insertions(+), 7 deletions(-) (limited to 'vchat-tls.c') diff --git a/vchat-tls.c b/vchat-tls.c index ad66334..d4ab554 100755 --- a/vchat-tls.c +++ b/vchat-tls.c @@ -404,7 +404,7 @@ void vc_tls_cleanup() { #include const char *DRBG_PERS = "mbed TLS vchat client"; - +#define MAX_SUITES 512 typedef struct { mbedtls_entropy_context _entropy; mbedtls_ctr_drbg_context _ctr_drbg; @@ -413,6 +413,7 @@ typedef struct { mbedtls_pk_context _key; mbedtls_ssl_context _ssl; mbedtls_ssl_config _conf; + int ciphersuits[MAX_SUITES]; } mbedstate; static mbedstate _mbedtls_state; @@ -428,7 +429,7 @@ static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len ) { static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len ) { return send((int)(intptr_t)ctx, buf, len, 0); } - +static int map_openssl_suite(char *openssl_name); void vc_init_x509store(vc_x509store_t *store) { static int sslinit; @@ -457,7 +458,8 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) mbedstate *s = &_mbedtls_state; mbedtls_ssl_config *conf = &_mbedtls_state._conf; mbedtls_ssl_context *ssl = &_mbedtls_state._ssl; - int ret; + int ret, suitecount = 0; + char *token; mbedtls_x509_crt_init(&s->_cacert); mbedtls_x509_crt_init(&s->_cert); @@ -474,7 +476,21 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) mbedtls_ssl_conf_authmode(conf, getintoption(CF_IGNSSL) ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &s->_ctr_drbg); - /* mbedtls_ssl_conf_ciphersuites( */ + char *ciphers = getstroption(CF_CIPHERSUITE); + if (!ciphers) + ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA"; + ciphers = strdup(ciphers); + for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1; token = strtok(NULL, ":")) { + int suite = mbedtls_ssl_get_ciphersuite_id(token); + if (!suite) + suite = map_openssl_suite(token); + if (suite) + s->ciphersuits[suitecount++] = suite; + } + s->ciphersuits[suitecount++] = 0; + free(ciphers); + + mbedtls_ssl_conf_ciphersuites(conf, s->ciphersuits); if (vc_store->cafile) { mbedtls_x509_crt_parse_file(&s->_cacert, vc_store->cafile); @@ -533,10 +549,9 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(ssl); mbedtls_x509_crt_info(tmpstr, sizeof(tmpstr), "[SSL PEER INFO ] ", peer_cert); - char *token = strtok(tmpstr, "\n"); - do { + + for (token = strtok(tmpstr, "\n"); token; token = strtok(NULL, "\n")) writecf(FS_SERV, token); - } while ((token = strtok(NULL, "\n"))); mbedtls_ssl_get_verify_result(ssl); @@ -573,4 +588,262 @@ void vc_tls_cleanup() { mbedtls_ctr_drbg_free(&_mbedtls_state._ctr_drbg ); } +/* Taken from https://testssl.sh/openssl-iana.mapping.html */ +static const char * xlate_openssl[] = { +"NULL-MD5", "TLS-RSA-WITH-NULL-MD5", +"NULL-SHA", "TLS-RSA-WITH-NULL-SHA", +"EXP-RC4-MD5", "TLS-RSA-EXPORT-WITH-RC4-40-MD5", +"RC4-MD5", "TLS-RSA-WITH-RC4-128-MD5", +"RC4-SHA", "TLS-RSA-WITH-RC4-128-SHA", +"EXP-RC2-CBC-MD5", "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5", +"IDEA-CBC-SHA", "TLS-RSA-WITH-IDEA-CBC-SHA", +"EXP-DES-CBC-SHA", "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA", +"DES-CBC-SHA", "TLS-RSA-WITH-DES-CBC-SHA", +"DES-CBC3-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", +"EXP-DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA", +"DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-WITH-DES-CBC-SHA", +"DH-DSS-DES-CBC3-SHA", "TLS-DH-DSS-WITH-3DES-EDE-CBC-SHA", +"EXP-DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA", +"DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-WITH-DES-CBC-SHA", +"DH-RSA-DES-CBC3-SHA", "TLS-DH-RSA-WITH-3DES-EDE-CBC-SHA", +"EXP-EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT-WITH-DES40-CBC-SHA", +"EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA", +"EDH-DSS-DES-CBC3-SHA", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", +"EXP-EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-EXPORT-WITH-DES40-CBC-SHA", +"EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA", +"EDH-RSA-DES-CBC3-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", +"EXP-ADH-RC4-MD5", "TLS-DH-anon-EXPORT-WITH-RC4-40-MD5", +"ADH-RC4-MD5", "TLS-DH-anon-WITH-RC4-128-MD5", +"EXP-ADH-DES-CBC-SHA", "TLS-DH-anon-EXPORT-WITH-DES40-CBC-SHA", +"ADH-DES-CBC-SHA", "TLS-DH-anon-WITH-DES-CBC-SHA", +"ADH-DES-CBC3-SHA", "TLS-DH-anon-WITH-3DES-EDE-CBC-SHA", +"KRB5-DES-CBC-SHA", "TLS-KRB5-WITH-DES-CBC-SHA", +"KRB5-DES-CBC3-SHA", "TLS-KRB5-WITH-3DES-EDE-CBC-SHA", +"KRB5-RC4-SHA", "TLS-KRB5-WITH-RC4-128-SHA", +"KRB5-IDEA-CBC-SHA", "TLS-KRB5-WITH-IDEA-CBC-SHA", +"KRB5-DES-CBC-MD5", "TLS-KRB5-WITH-DES-CBC-MD5", +"KRB5-DES-CBC3-MD5", "TLS-KRB5-WITH-3DES-EDE-CBC-MD5", +"KRB5-RC4-MD5", "TLS-KRB5-WITH-RC4-128-MD5", +"KRB5-IDEA-CBC-MD5", "TLS-KRB5-WITH-IDEA-CBC-MD5", +"EXP-KRB5-DES-CBC-SHA", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-SHA", +"EXP-KRB5-RC2-CBC-SHA", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-SHA", +"EXP-KRB5-RC4-SHA", "TLS-KRB5-EXPORT-WITH-RC4-40-SHA", +"EXP-KRB5-DES-CBC-MD5", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-MD5", +"EXP-KRB5-RC2-CBC-MD5", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-MD5", +"EXP-KRB5-RC4-MD5", "TLS-KRB5-EXPORT-WITH-RC4-40-MD5", +"PSK-NULL-SHA", "TLS-PSK-WITH-NULL-SHA", +"DHE-PSK-NULL-SHA", "TLS-DHE-PSK-WITH-NULL-SHA", +"RSA-PSK-NULL-SHA", "TLS-RSA-PSK-WITH-NULL-SHA", +"AES128-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", +"DH-DSS-AES128-SHA", "TLS-DH-DSS-WITH-AES-128-CBC-SHA", +"DH-RSA-AES128-SHA", "TLS-DH-RSA-WITH-AES-128-CBC-SHA", +"DHE-DSS-AES128-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", +"DHE-RSA-AES128-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", +"ADH-AES128-SHA", "TLS-DH-anon-WITH-AES-128-CBC-SHA", +"AES256-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", +"DH-DSS-AES256-SHA", "TLS-DH-DSS-WITH-AES-256-CBC-SHA", +"DH-RSA-AES256-SHA", "TLS-DH-RSA-WITH-AES-256-CBC-SHA", +"DHE-DSS-AES256-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", +"DHE-RSA-AES256-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", +"ADH-AES256-SHA", "TLS-DH-anon-WITH-AES-256-CBC-SHA", +"NULL-SHA256", "TLS-RSA-WITH-NULL-SHA256", +"AES128-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA256", +"AES256-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", +"DH-DSS-AES128-SHA256", "TLS-DH-DSS-WITH-AES-128-CBC-SHA256", +"DH-RSA-AES128-SHA256", "TLS-DH-RSA-WITH-AES-128-CBC-SHA256", +"DHE-DSS-AES128-SHA256", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", +"CAMELLIA128-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", +"DH-DSS-CAMELLIA128-SHA", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA", +"DH-RSA-CAMELLIA128-SHA", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA", +"DHE-DSS-CAMELLIA128-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", +"DHE-RSA-CAMELLIA128-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", +"ADH-CAMELLIA128-SHA", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA", +"EXP1024-RC4-MD5", "TLS-RSA-EXPORT1024-WITH-RC4-56-MD5", +"EXP1024-RC2-CBC-MD5", "TLS-RSA-EXPORT1024-WITH-RC2-CBC-56-MD5", +"EXP1024-DES-CBC-SHA", "TLS-RSA-EXPORT1024-WITH-DES-CBC-SHA", +"EXP1024-DHE-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-DES-CBC-SHA", +"EXP1024-RC4-SHA", "TLS-RSA-EXPORT1024-WITH-RC4-56-SHA", +"EXP1024-DHE-DSS-RC4-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-RC4-56-SHA", +"DHE-DSS-RC4-SHA", "TLS-DHE-DSS-WITH-RC4-128-SHA", +"DHE-RSA-AES128-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", +"DH-DSS-AES256-SHA256", "TLS-DH-DSS-WITH-AES-256-CBC-SHA256", +"DH-RSA-AES256-SHA256", "TLS-DH-RSA-WITH-AES-256-CBC-SHA256", +"DHE-DSS-AES256-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", +"DHE-RSA-AES256-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", +"ADH-AES128-SHA256", "TLS-DH-anon-WITH-AES-128-CBC-SHA256", +"ADH-AES256-SHA256", "TLS-DH-anon-WITH-AES-256-CBC-SHA256", +"GOST94-GOST89-GOST89", "TLS-GOSTR341094-WITH-28147-CNT-IMIT", +"GOST2001-GOST89-GOST89", "TLS-GOSTR341001-WITH-28147-CNT-IMIT", +"GOST94-NULL-GOST94", "TLS-GOSTR341001-WITH-NULL-GOSTR3411", +"GOST2001-GOST89-GOST89", "TLS-GOSTR341094-WITH-NULL-GOSTR3411", +"CAMELLIA256-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", +"DH-DSS-CAMELLIA256-SHA", "TLS-DH-DSS-WITH-CAMELLIA-256-CBC-SHA", +"DH-RSA-CAMELLIA256-SHA", "TLS-DH-RSA-WITH-CAMELLIA-256-CBC-SHA", +"DHE-DSS-CAMELLIA256-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", +"DHE-RSA-CAMELLIA256-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", +"ADH-CAMELLIA256-SHA", "TLS-DH-anon-WITH-CAMELLIA-256-CBC-SHA", +"PSK-RC4-SHA", "TLS-PSK-WITH-RC4-128-SHA", +"PSK-3DES-EDE-CBC-SHA", "TLS-PSK-WITH-3DES-EDE-CBC-SHA", +"PSK-AES128-CBC-SHA", "TLS-PSK-WITH-AES-128-CBC-SHA", +"PSK-AES256-CBC-SHA", "TLS-PSK-WITH-AES-256-CBC-SHA", +"SEED-SHA", "TLS-RSA-WITH-SEED-CBC-SHA", +"DH-DSS-SEED-SHA", "TLS-DH-DSS-WITH-SEED-CBC-SHA", +"DH-RSA-SEED-SHA", "TLS-DH-RSA-WITH-SEED-CBC-SHA", +"DHE-DSS-SEED-SHA", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", +"DHE-RSA-SEED-SHA", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", +"ADH-SEED-SHA", "TLS-DH-anon-WITH-SEED-CBC-SHA", +"AES128-GCM-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256", +"AES256-GCM-SHA384", "TLS-RSA-WITH-AES-256-GCM-SHA384", +"DHE-RSA-AES128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", +"DHE-RSA-AES256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", +"DH-RSA-AES128-GCM-SHA256", "TLS-DH-RSA-WITH-AES-128-GCM-SHA256", +"DH-RSA-AES256-GCM-SHA384", "TLS-DH-RSA-WITH-AES-256-GCM-SHA384", +"DHE-DSS-AES128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", +"DHE-DSS-AES256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", +"DH-DSS-AES128-GCM-SHA256", "TLS-DH-DSS-WITH-AES-128-GCM-SHA256", +"DH-DSS-AES256-GCM-SHA384", "TLS-DH-DSS-WITH-AES-256-GCM-SHA384", +"ADH-AES128-GCM-SHA256", "TLS-DH-anon-WITH-AES-128-GCM-SHA256", +"ADH-AES256-GCM-SHA384", "TLS-DH-anon-WITH-AES-256-GCM-SHA384", +"CAMELLIA128-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", +"DH-DSS-CAMELLIA128-SHA256", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA256", +"DH-RSA-CAMELLIA128-SHA256", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA256", +"DHE-DSS-CAMELLIA128-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", +"DHE-RSA-CAMELLIA128-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", +"ADH-CAMELLIA128-SHA256", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA256", +"TLS-FALLBACK-SCSV", "TLS-EMPTY-RENEGOTIATION-INFO-SCSV", +"TLS-AES-128-GCM-SHA256", "TLS-AES-128-GCM-SHA256", +"TLS-AES-256-GCM-SHA384", "TLS-AES-256-GCM-SHA384", +"TLS-CHACHA20-POLY1305-SHA256", "TLS-CHACHA20-POLY1305-SHA256", +"TLS-AES-128-CCM-SHA256", "TLS-AES-128-CCM-SHA256", +"TLS-AES-128-CCM-8-SHA256", "TLS-AES-128-CCM-8-SHA256", +"ECDH-ECDSA-NULL-SHA", "TLS-ECDH-ECDSA-WITH-NULL-SHA", +"ECDH-ECDSA-RC4-SHA", "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", +"ECDH-ECDSA-DES-CBC3-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", +"ECDH-ECDSA-AES128-SHA", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", +"ECDH-ECDSA-AES256-SHA", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", +"ECDHE-ECDSA-NULL-SHA", "TLS-ECDHE-ECDSA-WITH-NULL-SHA", +"ECDHE-ECDSA-RC4-SHA", "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", +"ECDHE-ECDSA-DES-CBC3-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", +"ECDHE-ECDSA-AES128-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", +"ECDHE-ECDSA-AES256-SHA", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", +"ECDH-RSA-NULL-SHA", "TLS-ECDH-RSA-WITH-NULL-SHA", +"ECDH-RSA-RC4-SHA", "TLS-ECDH-RSA-WITH-RC4-128-SHA", +"ECDH-RSA-DES-CBC3-SHA", "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", +"ECDH-RSA-AES128-SHA", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", +"ECDH-RSA-AES256-SHA", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", +"ECDHE-RSA-NULL-SHA", "TLS-ECDHE-RSA-WITH-NULL-SHA", +"ECDHE-RSA-RC4-SHA", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", +"ECDHE-RSA-DES-CBC3-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", +"ECDHE-RSA-AES128-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", +"ECDHE-RSA-AES256-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", +"AECDH-NULL-SHA", "TLS-ECDH-anon-WITH-NULL-SHA", +"AECDH-RC4-SHA", "TLS-ECDH-anon-WITH-RC4-128-SHA", +"AECDH-DES-CBC3-SHA", "TLS-ECDH-anon-WITH-3DES-EDE-CBC-SHA", +"AECDH-AES128-SHA", "TLS-ECDH-anon-WITH-AES-128-CBC-SHA", +"AECDH-AES256-SHA", "TLS-ECDH-anon-WITH-AES-256-CBC-SHA", +"SRP-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-WITH-3DES-EDE-CBC-SHA", +"SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA", +"SRP-DSS-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA", +"SRP-AES-128-CBC-SHA", "TLS-SRP-SHA-WITH-AES-128-CBC-SHA", +"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA", +"SRP-DSS-AES-128-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA", +"SRP-AES-256-CBC-SHA", "TLS-SRP-SHA-WITH-AES-256-CBC-SHA", +"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA", +"SRP-DSS-AES-256-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA", +"ECDHE-ECDSA-AES128-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", +"ECDHE-ECDSA-AES256-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", +"ECDH-ECDSA-AES128-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", +"ECDH-ECDSA-AES256-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", +"ECDHE-RSA-AES128-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", +"ECDHE-RSA-AES256-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", +"ECDH-RSA-AES128-SHA256", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", +"ECDH-RSA-AES256-SHA384", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", +"ECDHE-ECDSA-AES128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", +"ECDHE-ECDSA-AES256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", +"ECDH-ECDSA-AES128-GCM-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", +"ECDH-ECDSA-AES256-GCM-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", +"ECDHE-RSA-AES128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", +"ECDHE-RSA-AES256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", +"ECDH-RSA-AES128-GCM-SHA256", "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", +"ECDH-RSA-AES256-GCM-SHA384", "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", +"ECDHE-PSK-RC4-SHA", "TLS-ECDHE-PSK-WITH-RC4-128-SHA", +"ECDHE-PSK-3DES-EDE-CBC-SHA", "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", +"ECDHE-PSK-AES128-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", +"ECDHE-PSK-AES256-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", +"ECDHE-PSK-AES128-CBC-SHA256", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", +"ECDHE-PSK-AES256-CBC-SHA384", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", +"ECDHE-PSK-NULL-SHA", "TLS-ECDHE-PSK-WITH-NULL-SHA", +"ECDHE-PSK-NULL-SHA256", "TLS-ECDHE-PSK-WITH-NULL-SHA256", +"ECDHE-PSK-NULL-SHA384", "TLS-ECDHE-PSK-WITH-NULL-SHA384", +"ECDHE-ECDSA-CAMELLIA128-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", +"ECDHE-ECDSA-CAMELLIA256-SHA38", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", +"ECDH-ECDSA-CAMELLIA128-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", +"ECDH-ECDSA-CAMELLIA256-SHA384", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", +"ECDHE-RSA-CAMELLIA128-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", +"ECDHE-RSA-CAMELLIA256-SHA384", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", +"ECDH-RSA-CAMELLIA128-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", +"ECDH-RSA-CAMELLIA256-SHA384", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", +"PSK-CAMELLIA128-SHA256", "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", +"PSK-CAMELLIA256-SHA384", "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", +"DHE-PSK-CAMELLIA128-SHA256", "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", +"DHE-PSK-CAMELLIA256-SHA384", "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", +"RSA-PSK-CAMELLIA128-SHA256", "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", +"RSA-PSK-CAMELLIA256-SHA384", "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", +"ECDHE-PSK-CAMELLIA128-SHA256", "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", +"ECDHE-PSK-CAMELLIA256-SHA384", "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", +"AES128-CCM", "TLS-RSA-WITH-AES-128-CCM", +"AES256-CCM", "TLS-RSA-WITH-AES-256-CCM", +"DHE-RSA-AES128-CCM", "TLS-DHE-RSA-WITH-AES-128-CCM", +"DHE-RSA-AES256-CCM", "TLS-DHE-RSA-WITH-AES-256-CCM", +"AES128-CCM8", "TLS-RSA-WITH-AES-128-CCM-8", +"AES256-CCM8", "TLS-RSA-WITH-AES-256-CCM-8", +"DHE-RSA-AES128-CCM8", "TLS-DHE-RSA-WITH-AES-128-CCM-8", +"DHE-RSA-AES256-CCM8", "TLS-DHE-RSA-WITH-AES-256-CCM-8", +"PSK-AES128-CCM", "TLS-PSK-WITH-AES-128-CCM", +"PSK-AES256-CCM", "TLS-PSK-WITH-AES-256-CCM", +"DHE-PSK-AES128-CCM", "TLS-DHE-PSK-WITH-AES-128-CCM", +"DHE-PSK-AES256-CCM", "TLS-DHE-PSK-WITH-AES-256-CCM", +"PSK-AES128-CCM8", "TLS-PSK-WITH-AES-128-CCM-8", +"PSK-AES256-CCM8", "TLS-PSK-WITH-AES-256-CCM-8", +"DHE-PSK-AES128-CCM8", "TLS-PSK-DHE-WITH-AES-128-CCM-8", +"DHE-PSK-AES256-CCM8", "TLS-PSK-DHE-WITH-AES-256-CCM-8", +"ECDHE-ECDSA-AES128-CCM", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", +"ECDHE-ECDSA-AES256-CCM", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", +"ECDHE-ECDSA-AES128-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", +"ECDHE-ECDSA-AES256-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", +"ECDHE-RSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD", +"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256-OLD", +"DHE-RSA-CHACHA20-POLY1305-OLD", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD", +"ECDHE-RSA-CHACHA20-POLY1305", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", +"ECDHE-ECDSA-CHACHA20-POLY1305", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", +"DHE-RSA-CHACHA20-POLY1305", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", +"PSK-CHACHA20-POLY1305", "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", +"ECDHE-PSK-CHACHA20-POLY1305", "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", +"DHE-PSK-CHACHA20-POLY1305", "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", +"RSA-PSK-CHACHA20-POLY1305", "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", +"GOST-MD5", "TLS-GOSTR341094-RSA-WITH-28147-CNT-MD5", +"GOST-GOST94", "TLS-RSA-WITH-28147-CNT-GOST94", +"RC4-MD5", "SSL-CK-RC4-128-WITH-MD5", +"EXP-RC4-MD5", "SSL-CK-RC4-128-EXPORT40-WITH-MD5", +"RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-WITH-MD5", +"EXP-RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-EXPORT40-WITH-MD5", +"IDEA-CBC-MD5", "SSL-CK-IDEA-128-CBC-WITH-MD5", +"DES-CBC-MD5", "SSL-CK-DES-64-CBC-WITH-MD5", +"DES-CBC-SHA", "SSL-CK-DES-64-CBC-WITH-SHA", +"DES-CBC3-MD5", "SSL-CK-DES-192-EDE3-CBC-WITH-MD5", +"DES-CBC3-SHA", "SSL-CK-DES-192-EDE3-CBC-WITH-SHA", +"RC4-64-MD5", "SSL-CK-RC4-64-WITH-MD5", +"DES-CFB-M1", "SSL-CK-DES-64-CFB64-WITH-MD5-1", +NULL +}; +// fprintf(stderr, "SUCCESS: %s => %s => %d\n\n", xlate_openssl[i], xlate_openssl[i+1], mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1])); +static int map_openssl_suite(char *openssl_name) { + int i; + for (i=0; xlate_openssl[i]; i+=2) { + if (!strcmp(xlate_openssl[i], openssl_name)) + return mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1]); + } + return 0; +} + #endif -- cgit v1.2.3