2015-10-21 05:03:22 +02:00
|
|
|
/*
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
* Various and sundry protocol constants. DON'T CHANGE THESE. These values
|
2015-10-21 05:03:22 +02:00
|
|
|
* are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
|
|
|
|
|
* Cipher kinds and ciphersuites are part of the public API.
|
|
|
|
|
*
|
2018-05-04 16:08:28 +02:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
#ifndef __sslproto_h_
|
|
|
|
|
#define __sslproto_h_
|
|
|
|
|
|
|
|
|
|
/* All versions less than 3_0 are treated as SSL version 2 */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_2 0x0002
|
|
|
|
|
#define SSL_LIBRARY_VERSION_3_0 0x0300
|
|
|
|
|
#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
|
|
|
|
|
#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
|
|
|
|
|
#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_TLS_1_3 0x0304
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* Note: this is the internal format, not the wire format */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
|
|
|
|
|
#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304
|
2018-05-04 16:08:28 +02:00
|
|
|
|
|
|
|
|
/* deprecated old name */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
|
2018-05-04 16:08:28 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
/* The DTLS versions used in the spec */
|
2018-05-04 16:08:28 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff)
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff)
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff)
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
/* Header lengths of some of the messages */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_HL_ERROR_HBYTES 3
|
|
|
|
|
#define SSL_HL_CLIENT_HELLO_HBYTES 9
|
|
|
|
|
#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
|
|
|
|
|
#define SSL_HL_CLIENT_FINISHED_HBYTES 1
|
|
|
|
|
#define SSL_HL_SERVER_HELLO_HBYTES 11
|
|
|
|
|
#define SSL_HL_SERVER_VERIFY_HBYTES 1
|
|
|
|
|
#define SSL_HL_SERVER_FINISHED_HBYTES 1
|
|
|
|
|
#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
|
|
|
|
|
#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
/* Security handshake protocol codes */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_MT_ERROR 0
|
|
|
|
|
#define SSL_MT_CLIENT_HELLO 1
|
|
|
|
|
#define SSL_MT_CLIENT_MASTER_KEY 2
|
|
|
|
|
#define SSL_MT_CLIENT_FINISHED 3
|
|
|
|
|
#define SSL_MT_SERVER_HELLO 4
|
|
|
|
|
#define SSL_MT_SERVER_VERIFY 5
|
|
|
|
|
#define SSL_MT_SERVER_FINISHED 6
|
|
|
|
|
#define SSL_MT_REQUEST_CERTIFICATE 7
|
|
|
|
|
#define SSL_MT_CLIENT_CERTIFICATE 8
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
/* Certificate types */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_CT_X509_CERTIFICATE 0x01
|
2015-10-21 05:03:22 +02:00
|
|
|
#if 0 /* XXX Not implemented yet */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_PKCS6_CERTIFICATE 0x02
|
2015-10-21 05:03:22 +02:00
|
|
|
#endif
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
/* Error codes */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_PE_NO_CYPHERS 0x0001
|
|
|
|
|
#define SSL_PE_NO_CERTIFICATE 0x0002
|
|
|
|
|
#define SSL_PE_BAD_CERTIFICATE 0x0004
|
|
|
|
|
#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
/* Cypher kinds (not the spec version!) */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_CK_RC4_128_WITH_MD5 0x01
|
|
|
|
|
#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
|
|
|
|
|
#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
|
|
|
|
|
#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
|
|
|
|
|
#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
|
|
|
|
|
#define SSL_CK_DES_64_CBC_WITH_MD5 0x06
|
|
|
|
|
#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
|
|
|
|
|
|
|
|
|
|
/* Cipher enables. These are used only for SSL_EnableCipher
|
|
|
|
|
* These values define the SSL2 suites, and do not colide with the
|
2015-10-21 05:03:22 +02:00
|
|
|
* SSL3 Cipher suites defined below.
|
|
|
|
|
*/
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_EN_RC4_128_WITH_MD5 0xFF01
|
|
|
|
|
#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
|
|
|
|
|
#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
|
|
|
|
|
#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
|
|
|
|
|
#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
|
|
|
|
|
#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
|
|
|
|
|
#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
|
2015-10-21 05:03:22 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
|
|
|
|
|
#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
|
|
|
|
|
#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL
|
|
|
|
|
#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5
|
|
|
|
|
#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
|
|
|
|
|
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5
|
|
|
|
|
#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5
|
|
|
|
|
#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA
|
|
|
|
|
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
|
|
|
|
|
#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA
|
|
|
|
|
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
|
|
|
|
|
#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
|
|
|
|
|
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
|
|
|
|
|
#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA
|
|
|
|
|
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
|
|
|
|
|
#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA
|
|
|
|
|
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
|
|
|
|
|
#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA
|
|
|
|
|
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
|
|
|
|
|
#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA
|
|
|
|
|
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5
|
|
|
|
|
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
|
|
|
|
|
#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA
|
|
|
|
|
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
|
|
|
|
|
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
|
|
|
|
|
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
|
|
|
|
|
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
|
|
|
|
|
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
|
|
|
|
|
#endif
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define TLS_NULL_WITH_NULL_NULL 0x0000
|
|
|
|
|
|
|
|
|
|
#define TLS_RSA_WITH_NULL_MD5 0x0001
|
|
|
|
|
#define TLS_RSA_WITH_NULL_SHA 0x0002
|
|
|
|
|
#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
|
|
|
|
|
#define TLS_RSA_WITH_RC4_128_MD5 0x0004
|
|
|
|
|
#define TLS_RSA_WITH_RC4_128_SHA 0x0005
|
|
|
|
|
#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
|
|
|
|
|
#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007
|
|
|
|
|
#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
|
|
|
|
|
#define TLS_RSA_WITH_DES_CBC_SHA 0x0009
|
|
|
|
|
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
|
|
|
|
|
|
|
|
|
|
#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
|
|
|
|
|
#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c
|
|
|
|
|
#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
|
|
|
|
|
#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
|
|
|
|
|
#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f
|
|
|
|
|
#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
|
|
|
|
|
|
|
|
|
|
#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
|
|
|
|
|
#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012
|
|
|
|
|
#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
|
|
|
|
|
#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
|
|
|
|
|
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015
|
|
|
|
|
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
|
|
|
|
|
|
|
|
|
|
#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
|
|
|
|
|
#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
|
|
|
|
|
#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
|
|
|
|
|
#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a
|
|
|
|
|
#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b
|
|
|
|
|
|
|
|
|
|
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
|
|
|
|
|
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
|
|
|
|
|
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
|
|
|
|
|
|
|
|
|
|
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
|
|
|
|
|
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
|
|
|
|
|
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
|
|
|
|
|
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
|
|
|
|
|
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
|
|
|
|
|
#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
|
|
|
|
|
|
|
|
|
|
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
|
|
|
|
|
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
|
|
|
|
|
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
|
|
|
|
|
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
|
|
|
|
|
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
|
|
|
|
|
#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
|
|
|
|
|
#define TLS_RSA_WITH_NULL_SHA256 0x003B
|
|
|
|
|
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
|
|
|
|
|
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
|
|
|
|
|
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
|
|
|
|
|
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
|
|
|
|
|
#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
|
|
|
|
|
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
|
|
|
|
|
#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
|
|
|
|
|
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
|
|
|
|
|
|
|
|
|
|
#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
|
|
|
|
|
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
|
|
|
|
|
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
|
2018-05-04 16:08:28 +02:00
|
|
|
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A
|
2018-05-04 16:08:28 +02:00
|
|
|
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
|
2015-10-21 05:03:22 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
|
|
|
|
|
#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
|
|
|
|
|
#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
|
|
|
|
|
#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
|
|
|
|
|
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
|
|
|
|
|
#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089
|
2015-10-21 05:03:22 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
|
2015-10-21 05:03:22 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
|
|
|
|
|
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
|
|
|
|
|
#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
|
|
|
|
|
|
|
|
|
|
/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
|
|
|
|
|
* Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
|
|
|
|
|
* back an empty Renegotiation Info (RI) server hello extension.
|
|
|
|
|
*/
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
|
2018-05-04 16:08:28 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
|
|
|
|
|
* handshake is the result of TLS version fallback.
|
|
|
|
|
*/
|
|
|
|
|
#define TLS_FALLBACK_SCSV 0x5600
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* Cipher Suite Values starting with 0xC000 are defined in informational
|
|
|
|
|
* RFCs.
|
|
|
|
|
*/
|
2015-10-21 05:03:22 +02:00
|
|
|
#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
|
|
|
|
|
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
|
|
|
|
|
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
|
|
|
|
|
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
|
|
|
|
|
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
|
|
|
|
|
|
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
|
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
|
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
|
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
|
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
|
|
|
|
|
|
|
|
|
|
#define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
|
|
|
|
|
#define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
|
|
|
|
|
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
|
|
|
|
|
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
|
|
|
|
|
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
|
|
|
|
|
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
|
|
|
|
|
|
|
|
|
|
#define TLS_ECDH_anon_WITH_NULL_SHA 0xC015
|
|
|
|
|
#define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016
|
|
|
|
|
#define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017
|
|
|
|
|
#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
|
|
|
|
|
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
|
|
|
|
|
|
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
|
|
|
|
|
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
|
|
|
|
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
|
|
|
|
|
|
2018-08-18 18:30:36 +02:00
|
|
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
|
|
|
|
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
|
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
/* Netscape "experimental" cipher suites. */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
|
|
|
|
|
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
/* New non-experimental openly spec'ed versions of those cipher suites. */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
|
|
|
|
|
#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
|
2015-10-21 05:03:22 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* DTLS-SRTP cipher suites from RFC 5764 */
|
|
|
|
|
/* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
|
cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2):
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
2018-07-11 14:39:02 +02:00
|
|
|
#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001
|
|
|
|
|
#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002
|
|
|
|
|
#define SRTP_NULL_HMAC_SHA1_80 0x0005
|
|
|
|
|
#define SRTP_NULL_HMAC_SHA1_32 0x0006
|
2018-05-04 16:08:28 +02:00
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
#endif /* __sslproto_h_ */
|
