1 /** 2 * \file ssl_ciphersuites.c 3 * 4 * \brief SSL ciphersuites for Mbed TLS 5 * 6 * Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 */ 9 10 #include "common.h" 11 12 #if defined(MBEDTLS_SSL_TLS_C) 13 14 #include "mbedtls/platform.h" 15 16 #include "mbedtls/ssl_ciphersuites.h" 17 #include "mbedtls/ssl.h" 18 #include "ssl_misc.h" 19 #if defined(MBEDTLS_USE_PSA_CRYPTO) 20 #include "mbedtls/psa_util.h" 21 #endif 22 23 #include <string.h> 24 25 /* 26 * Ordered from most preferred to least preferred in terms of security. 27 * 28 * Current rule (except weak and null which come last): 29 * 1. By key exchange: 30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK 31 * 2. By key length and cipher: 32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 34 * 4. By hash function used when relevant 35 * 5. By key exchange/auth again: EC > non-EC 36 */ 37 static const int ciphersuite_preference[] = 38 { 39 #if defined(MBEDTLS_SSL_CIPHERSUITES) 40 MBEDTLS_SSL_CIPHERSUITES, 41 #else 42 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 43 /* TLS 1.3 ciphersuites */ 44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, 45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384, 46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256, 47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256, 48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, 49 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 50 51 /* Chacha-Poly ephemeral suites */ 52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 55 56 /* All AES-256 ephemeral suites */ 57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, 62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, 69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, 70 71 /* All CAMELLIA-256 ephemeral suites */ 72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 79 80 /* All ARIA-256 ephemeral suites */ 81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 87 88 /* All AES-128 ephemeral suites */ 89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, 94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, 102 103 /* All CAMELLIA-128 ephemeral suites */ 104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 111 112 /* All ARIA-128 ephemeral suites */ 113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 119 120 /* The PSK ephemeral suites */ 121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 122 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 123 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, 125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 126 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 128 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, 130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 131 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, 133 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 134 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 135 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 136 137 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, 139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 140 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 141 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 142 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, 144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 145 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, 147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 148 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 149 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 150 151 /* The ECJPAKE suite */ 152 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, 153 154 /* All AES-256 suites */ 155 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, 156 MBEDTLS_TLS_RSA_WITH_AES_256_CCM, 157 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 158 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 159 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 160 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 161 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 162 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 163 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 164 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, 166 167 /* All CAMELLIA-256 suites */ 168 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 169 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 170 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 171 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 172 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 173 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 174 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 175 176 /* All ARIA-256 suites */ 177 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 178 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 179 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 180 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 181 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 182 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 183 184 /* All AES-128 suites */ 185 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 186 MBEDTLS_TLS_RSA_WITH_AES_128_CCM, 187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, 188 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, 189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 191 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 194 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, 196 197 /* All CAMELLIA-128 suites */ 198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 200 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 202 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 204 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 205 206 /* All ARIA-128 suites */ 207 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 208 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 209 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 210 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 211 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 212 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 213 214 /* The RSA PSK suites */ 215 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, 216 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 217 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 218 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 219 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 220 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 221 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 222 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 223 224 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 225 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 226 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 227 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 228 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 229 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 230 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 231 232 /* The PSK suites */ 233 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, 234 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, 235 MBEDTLS_TLS_PSK_WITH_AES_256_CCM, 236 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, 237 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 238 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 239 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 240 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, 241 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 242 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 243 244 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, 245 MBEDTLS_TLS_PSK_WITH_AES_128_CCM, 246 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, 247 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, 248 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 250 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, 251 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 252 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 253 254 /* NULL suites */ 255 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 256 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, 257 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, 258 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, 259 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, 260 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, 261 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, 262 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, 263 264 MBEDTLS_TLS_RSA_WITH_NULL_SHA256, 265 MBEDTLS_TLS_RSA_WITH_NULL_SHA, 266 MBEDTLS_TLS_RSA_WITH_NULL_MD5, 267 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, 268 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, 269 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, 270 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, 271 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, 272 MBEDTLS_TLS_PSK_WITH_NULL_SHA384, 273 MBEDTLS_TLS_PSK_WITH_NULL_SHA256, 274 MBEDTLS_TLS_PSK_WITH_NULL_SHA, 275 276 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 277 0 278 }; 279 280 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 281 { 282 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 283 #if defined(MBEDTLS_SSL_HAVE_AES) 284 #if defined(MBEDTLS_SSL_HAVE_GCM) 285 #if defined(MBEDTLS_MD_CAN_SHA384) 286 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", 287 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, 288 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 289 0, 290 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 291 #endif /* MBEDTLS_MD_CAN_SHA384 */ 292 #if defined(MBEDTLS_MD_CAN_SHA256) 293 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", 294 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, 295 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 296 0, 297 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 298 #endif /* MBEDTLS_MD_CAN_SHA256 */ 299 #endif /* MBEDTLS_SSL_HAVE_GCM */ 300 #if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) 301 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", 302 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, 303 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 304 0, 305 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 306 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", 307 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, 308 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 309 MBEDTLS_CIPHERSUITE_SHORT_TAG, 310 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 311 #endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */ 312 #endif /* MBEDTLS_SSL_HAVE_AES */ 313 #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) 314 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, 315 "TLS1-3-CHACHA20-POLY1305-SHA256", 316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 317 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 318 0, 319 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 320 #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ 321 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 322 323 #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \ 324 defined(MBEDTLS_MD_CAN_SHA256) && \ 325 defined(MBEDTLS_SSL_PROTO_TLS1_2) 326 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 327 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 328 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 329 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 330 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 331 0, 332 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 333 #endif 334 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 335 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 336 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", 337 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 338 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 339 0, 340 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 341 #endif 342 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 343 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 344 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 345 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 346 MBEDTLS_KEY_EXCHANGE_DHE_RSA, 347 0, 348 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 349 #endif 350 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 351 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, 352 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", 353 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 354 MBEDTLS_KEY_EXCHANGE_PSK, 355 0, 356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 357 #endif 358 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 359 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 360 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", 361 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 362 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 363 0, 364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 365 #endif 366 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 367 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 368 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", 369 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 370 MBEDTLS_KEY_EXCHANGE_DHE_PSK, 371 0, 372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 373 #endif 374 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 375 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, 376 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", 377 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 378 MBEDTLS_KEY_EXCHANGE_RSA_PSK, 379 0, 380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 381 #endif 382 #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && 383 MBEDTLS_MD_CAN_SHA256 && 384 MBEDTLS_SSL_PROTO_TLS1_2 */ 385 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 386 #if defined(MBEDTLS_SSL_HAVE_AES) 387 #if defined(MBEDTLS_MD_CAN_SHA1) 388 #if defined(MBEDTLS_SSL_HAVE_CBC) 389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 390 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 391 0, 392 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 393 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", 394 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 395 0, 396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 397 #endif /* MBEDTLS_SSL_HAVE_CBC */ 398 #endif /* MBEDTLS_MD_CAN_SHA1 */ 399 #if defined(MBEDTLS_MD_CAN_SHA256) 400 #if defined(MBEDTLS_SSL_HAVE_CBC) 401 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 402 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 403 0, 404 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 405 #endif /* MBEDTLS_SSL_HAVE_CBC */ 406 #if defined(MBEDTLS_SSL_HAVE_GCM) 407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 408 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 409 0, 410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 411 #endif /* MBEDTLS_SSL_HAVE_GCM */ 412 #endif /* MBEDTLS_MD_CAN_SHA256 */ 413 #if defined(MBEDTLS_MD_CAN_SHA384) 414 #if defined(MBEDTLS_SSL_HAVE_CBC) 415 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 416 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 417 0, 418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 419 #endif /* MBEDTLS_SSL_HAVE_CBC */ 420 #if defined(MBEDTLS_SSL_HAVE_GCM) 421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 422 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 423 0, 424 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 425 #endif /* MBEDTLS_SSL_HAVE_GCM */ 426 #endif /* MBEDTLS_MD_CAN_SHA384 */ 427 #if defined(MBEDTLS_SSL_HAVE_CCM) 428 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", 429 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 430 0, 431 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", 433 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 434 MBEDTLS_CIPHERSUITE_SHORT_TAG, 435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 436 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", 437 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 438 0, 439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 440 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", 441 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 442 MBEDTLS_CIPHERSUITE_SHORT_TAG, 443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 444 #endif /* MBEDTLS_SSL_HAVE_CCM */ 445 #endif /* MBEDTLS_SSL_HAVE_AES */ 446 447 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 448 #if defined(MBEDTLS_SSL_HAVE_CBC) 449 #if defined(MBEDTLS_MD_CAN_SHA256) 450 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 451 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 452 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 453 0, 454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 455 #endif /* MBEDTLS_MD_CAN_SHA256 */ 456 #if defined(MBEDTLS_MD_CAN_SHA384) 457 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 458 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 459 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 460 0, 461 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 462 #endif /* MBEDTLS_MD_CAN_SHA384 */ 463 #endif /* MBEDTLS_SSL_HAVE_CBC */ 464 465 #if defined(MBEDTLS_SSL_HAVE_GCM) 466 #if defined(MBEDTLS_MD_CAN_SHA256) 467 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 468 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 469 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 470 0, 471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 472 #endif /* MBEDTLS_MD_CAN_SHA256 */ 473 #if defined(MBEDTLS_MD_CAN_SHA384) 474 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 475 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 476 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 477 0, 478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 479 #endif /* MBEDTLS_MD_CAN_SHA384 */ 480 #endif /* MBEDTLS_SSL_HAVE_GCM */ 481 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 482 483 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 484 #if defined(MBEDTLS_MD_CAN_SHA1) 485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", 486 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 487 MBEDTLS_CIPHERSUITE_WEAK, 488 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 489 #endif /* MBEDTLS_MD_CAN_SHA1 */ 490 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 491 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 492 493 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 494 #if defined(MBEDTLS_SSL_HAVE_AES) 495 #if defined(MBEDTLS_MD_CAN_SHA1) 496 #if defined(MBEDTLS_SSL_HAVE_CBC) 497 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 498 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 499 0, 500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 501 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 502 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 503 0, 504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 505 #endif /* MBEDTLS_SSL_HAVE_CBC */ 506 #endif /* MBEDTLS_MD_CAN_SHA1 */ 507 #if defined(MBEDTLS_MD_CAN_SHA256) 508 #if defined(MBEDTLS_SSL_HAVE_CBC) 509 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 510 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 511 0, 512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 513 #endif /* MBEDTLS_SSL_HAVE_CBC */ 514 #if defined(MBEDTLS_SSL_HAVE_GCM) 515 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 516 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 517 0, 518 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 519 #endif /* MBEDTLS_SSL_HAVE_GCM */ 520 #endif /* MBEDTLS_MD_CAN_SHA256 */ 521 #if defined(MBEDTLS_MD_CAN_SHA384) 522 #if defined(MBEDTLS_SSL_HAVE_CBC) 523 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 524 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 525 0, 526 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 527 #endif /* MBEDTLS_SSL_HAVE_CBC */ 528 #if defined(MBEDTLS_SSL_HAVE_GCM) 529 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 530 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 531 0, 532 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 533 #endif /* MBEDTLS_SSL_HAVE_GCM */ 534 #endif /* MBEDTLS_MD_CAN_SHA384 */ 535 #endif /* MBEDTLS_SSL_HAVE_AES */ 536 537 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 538 #if defined(MBEDTLS_SSL_HAVE_CBC) 539 #if defined(MBEDTLS_MD_CAN_SHA256) 540 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 541 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 542 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 543 0, 544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 545 #endif /* MBEDTLS_MD_CAN_SHA256 */ 546 #if defined(MBEDTLS_MD_CAN_SHA384) 547 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 548 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", 549 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 550 0, 551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 552 #endif /* MBEDTLS_MD_CAN_SHA384 */ 553 #endif /* MBEDTLS_SSL_HAVE_CBC */ 554 555 #if defined(MBEDTLS_SSL_HAVE_GCM) 556 #if defined(MBEDTLS_MD_CAN_SHA256) 557 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 558 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 559 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 560 0, 561 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 562 #endif /* MBEDTLS_MD_CAN_SHA256 */ 563 #if defined(MBEDTLS_MD_CAN_SHA384) 564 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 565 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 566 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 567 0, 568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 569 #endif /* MBEDTLS_MD_CAN_SHA384 */ 570 #endif /* MBEDTLS_SSL_HAVE_GCM */ 571 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 572 573 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 574 #if defined(MBEDTLS_MD_CAN_SHA1) 575 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", 576 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 577 MBEDTLS_CIPHERSUITE_WEAK, 578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 579 #endif /* MBEDTLS_MD_CAN_SHA1 */ 580 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 581 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 582 583 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 584 #if defined(MBEDTLS_SSL_HAVE_AES) 585 #if defined(MBEDTLS_MD_CAN_SHA384) && \ 586 defined(MBEDTLS_SSL_HAVE_GCM) 587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 588 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 589 0, 590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 591 #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ 592 593 #if defined(MBEDTLS_MD_CAN_SHA256) 594 #if defined(MBEDTLS_SSL_HAVE_GCM) 595 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 596 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 597 0, 598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 599 #endif /* MBEDTLS_SSL_HAVE_GCM */ 600 601 #if defined(MBEDTLS_SSL_HAVE_CBC) 602 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 603 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 604 0, 605 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 606 607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 608 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 609 0, 610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 611 #endif /* MBEDTLS_SSL_HAVE_CBC */ 612 #endif /* MBEDTLS_MD_CAN_SHA256 */ 613 614 #if defined(MBEDTLS_SSL_HAVE_CBC) 615 #if defined(MBEDTLS_MD_CAN_SHA1) 616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 617 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 618 0, 619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 620 621 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 622 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 623 0, 624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 625 #endif /* MBEDTLS_MD_CAN_SHA1 */ 626 #endif /* MBEDTLS_SSL_HAVE_CBC */ 627 #if defined(MBEDTLS_SSL_HAVE_CCM) 628 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", 629 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 630 0, 631 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", 633 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 634 MBEDTLS_CIPHERSUITE_SHORT_TAG, 635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 636 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", 637 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 638 0, 639 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 640 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", 641 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 642 MBEDTLS_CIPHERSUITE_SHORT_TAG, 643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 644 #endif /* MBEDTLS_SSL_HAVE_CCM */ 645 #endif /* MBEDTLS_SSL_HAVE_AES */ 646 647 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 648 #if defined(MBEDTLS_SSL_HAVE_CBC) 649 #if defined(MBEDTLS_MD_CAN_SHA256) 650 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 651 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 652 0, 653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 654 655 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 656 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 657 0, 658 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 659 #endif /* MBEDTLS_MD_CAN_SHA256 */ 660 661 #if defined(MBEDTLS_MD_CAN_SHA1) 662 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 663 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 664 0, 665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 666 667 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 668 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 669 0, 670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 671 #endif /* MBEDTLS_MD_CAN_SHA1 */ 672 #endif /* MBEDTLS_SSL_HAVE_CBC */ 673 #if defined(MBEDTLS_SSL_HAVE_GCM) 674 #if defined(MBEDTLS_MD_CAN_SHA256) 675 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 676 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 677 0, 678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 679 #endif /* MBEDTLS_MD_CAN_SHA256 */ 680 681 #if defined(MBEDTLS_MD_CAN_SHA384) 682 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 683 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 684 0, 685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 686 #endif /* MBEDTLS_MD_CAN_SHA384 */ 687 #endif /* MBEDTLS_SSL_HAVE_GCM */ 688 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 689 690 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 691 692 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 693 #if defined(MBEDTLS_SSL_HAVE_AES) 694 #if defined(MBEDTLS_MD_CAN_SHA384) && \ 695 defined(MBEDTLS_SSL_HAVE_GCM) 696 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", 697 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 698 0, 699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 700 #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ 701 702 #if defined(MBEDTLS_MD_CAN_SHA256) 703 #if defined(MBEDTLS_SSL_HAVE_GCM) 704 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", 705 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 706 0, 707 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 708 #endif /* MBEDTLS_SSL_HAVE_GCM */ 709 710 #if defined(MBEDTLS_SSL_HAVE_CBC) 711 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", 712 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 713 0, 714 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 715 716 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", 717 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 718 0, 719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 720 #endif /* MBEDTLS_SSL_HAVE_CBC */ 721 #endif /* MBEDTLS_MD_CAN_SHA256 */ 722 723 #if defined(MBEDTLS_MD_CAN_SHA1) 724 #if defined(MBEDTLS_SSL_HAVE_CBC) 725 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", 726 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 727 0, 728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 729 730 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", 731 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 732 0, 733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 734 #endif /* MBEDTLS_SSL_HAVE_CBC */ 735 #endif /* MBEDTLS_MD_CAN_SHA1 */ 736 #if defined(MBEDTLS_SSL_HAVE_CCM) 737 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", 738 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 739 0, 740 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 741 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", 742 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 743 MBEDTLS_CIPHERSUITE_SHORT_TAG, 744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 745 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", 746 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 747 0, 748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 749 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", 750 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 751 MBEDTLS_CIPHERSUITE_SHORT_TAG, 752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 753 #endif /* MBEDTLS_SSL_HAVE_CCM */ 754 #endif /* MBEDTLS_SSL_HAVE_AES */ 755 756 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 757 #if defined(MBEDTLS_SSL_HAVE_CBC) 758 #if defined(MBEDTLS_MD_CAN_SHA256) 759 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 760 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 761 0, 762 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 763 764 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 765 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 766 0, 767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 768 #endif /* MBEDTLS_MD_CAN_SHA256 */ 769 770 #if defined(MBEDTLS_MD_CAN_SHA1) 771 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 772 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 773 0, 774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 775 776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 777 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 778 0, 779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 780 #endif /* MBEDTLS_MD_CAN_SHA1 */ 781 #endif /* MBEDTLS_SSL_HAVE_CBC */ 782 783 #if defined(MBEDTLS_SSL_HAVE_GCM) 784 #if defined(MBEDTLS_MD_CAN_SHA256) 785 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", 786 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 787 0, 788 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 789 #endif /* MBEDTLS_MD_CAN_SHA256 */ 790 791 #if defined(MBEDTLS_MD_CAN_SHA384) 792 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", 793 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 794 0, 795 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 796 #endif /* MBEDTLS_MD_CAN_SHA384 */ 797 #endif /* MBEDTLS_SSL_HAVE_GCM */ 798 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 799 800 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 801 802 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 803 #if defined(MBEDTLS_SSL_HAVE_AES) 804 #if defined(MBEDTLS_MD_CAN_SHA1) 805 #if defined(MBEDTLS_SSL_HAVE_CBC) 806 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", 807 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 808 0, 809 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 810 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", 811 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 812 0, 813 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 814 #endif /* MBEDTLS_SSL_HAVE_CBC */ 815 #endif /* MBEDTLS_MD_CAN_SHA1 */ 816 #if defined(MBEDTLS_MD_CAN_SHA256) 817 #if defined(MBEDTLS_SSL_HAVE_CBC) 818 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", 819 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 820 0, 821 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 822 #endif /* MBEDTLS_SSL_HAVE_CBC */ 823 #if defined(MBEDTLS_SSL_HAVE_GCM) 824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", 825 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 826 0, 827 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 828 #endif /* MBEDTLS_SSL_HAVE_GCM */ 829 #endif /* MBEDTLS_MD_CAN_SHA256 */ 830 #if defined(MBEDTLS_MD_CAN_SHA384) 831 #if defined(MBEDTLS_SSL_HAVE_CBC) 832 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", 833 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 834 0, 835 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 836 #endif /* MBEDTLS_SSL_HAVE_CBC */ 837 #if defined(MBEDTLS_SSL_HAVE_GCM) 838 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", 839 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 840 0, 841 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 842 #endif /* MBEDTLS_SSL_HAVE_GCM */ 843 #endif /* MBEDTLS_MD_CAN_SHA384 */ 844 #endif /* MBEDTLS_SSL_HAVE_AES */ 845 846 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 847 #if defined(MBEDTLS_SSL_HAVE_CBC) 848 #if defined(MBEDTLS_MD_CAN_SHA256) 849 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 850 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", 851 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 852 0, 853 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 854 #endif /* MBEDTLS_MD_CAN_SHA256 */ 855 #if defined(MBEDTLS_MD_CAN_SHA384) 856 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 857 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", 858 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 859 0, 860 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 861 #endif /* MBEDTLS_MD_CAN_SHA384 */ 862 #endif /* MBEDTLS_SSL_HAVE_CBC */ 863 864 #if defined(MBEDTLS_SSL_HAVE_GCM) 865 #if defined(MBEDTLS_MD_CAN_SHA256) 866 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 867 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", 868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 869 0, 870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 871 #endif /* MBEDTLS_MD_CAN_SHA256 */ 872 #if defined(MBEDTLS_MD_CAN_SHA384) 873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 874 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", 875 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 876 0, 877 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 878 #endif /* MBEDTLS_MD_CAN_SHA384 */ 879 #endif /* MBEDTLS_SSL_HAVE_GCM */ 880 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 881 882 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 883 #if defined(MBEDTLS_MD_CAN_SHA1) 884 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", 885 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 886 MBEDTLS_CIPHERSUITE_WEAK, 887 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 888 #endif /* MBEDTLS_MD_CAN_SHA1 */ 889 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 890 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 891 892 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 893 #if defined(MBEDTLS_SSL_HAVE_AES) 894 #if defined(MBEDTLS_MD_CAN_SHA1) 895 #if defined(MBEDTLS_SSL_HAVE_CBC) 896 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", 897 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 898 0, 899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 900 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", 901 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 902 0, 903 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 904 #endif /* MBEDTLS_SSL_HAVE_CBC */ 905 #endif /* MBEDTLS_MD_CAN_SHA1 */ 906 #if defined(MBEDTLS_MD_CAN_SHA256) 907 #if defined(MBEDTLS_SSL_HAVE_CBC) 908 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", 909 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 910 0, 911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 912 #endif /* MBEDTLS_SSL_HAVE_CBC */ 913 #if defined(MBEDTLS_SSL_HAVE_GCM) 914 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", 915 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 916 0, 917 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 918 #endif /* MBEDTLS_SSL_HAVE_GCM */ 919 #endif /* MBEDTLS_MD_CAN_SHA256 */ 920 #if defined(MBEDTLS_MD_CAN_SHA384) 921 #if defined(MBEDTLS_SSL_HAVE_CBC) 922 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", 923 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 924 0, 925 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 926 #endif /* MBEDTLS_SSL_HAVE_CBC */ 927 #if defined(MBEDTLS_SSL_HAVE_GCM) 928 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", 929 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 930 0, 931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 932 #endif /* MBEDTLS_SSL_HAVE_GCM */ 933 #endif /* MBEDTLS_MD_CAN_SHA384 */ 934 #endif /* MBEDTLS_SSL_HAVE_AES */ 935 936 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 937 #if defined(MBEDTLS_SSL_HAVE_CBC) 938 #if defined(MBEDTLS_MD_CAN_SHA256) 939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 940 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 941 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 942 0, 943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 944 #endif /* MBEDTLS_MD_CAN_SHA256 */ 945 #if defined(MBEDTLS_MD_CAN_SHA384) 946 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 947 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 948 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 949 0, 950 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 951 #endif /* MBEDTLS_MD_CAN_SHA384 */ 952 #endif /* MBEDTLS_SSL_HAVE_CBC */ 953 954 #if defined(MBEDTLS_SSL_HAVE_GCM) 955 #if defined(MBEDTLS_MD_CAN_SHA256) 956 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 957 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 958 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 959 0, 960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 961 #endif /* MBEDTLS_MD_CAN_SHA256 */ 962 #if defined(MBEDTLS_MD_CAN_SHA384) 963 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 964 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 965 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 966 0, 967 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 968 #endif /* MBEDTLS_MD_CAN_SHA384 */ 969 #endif /* MBEDTLS_SSL_HAVE_GCM */ 970 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 971 972 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 973 #if defined(MBEDTLS_MD_CAN_SHA1) 974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", 975 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 976 MBEDTLS_CIPHERSUITE_WEAK, 977 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 978 #endif /* MBEDTLS_MD_CAN_SHA1 */ 979 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 980 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 981 982 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 983 #if defined(MBEDTLS_SSL_HAVE_AES) 984 #if defined(MBEDTLS_SSL_HAVE_GCM) 985 #if defined(MBEDTLS_MD_CAN_SHA256) 986 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", 987 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 988 0, 989 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 990 #endif /* MBEDTLS_MD_CAN_SHA256 */ 991 992 #if defined(MBEDTLS_MD_CAN_SHA384) 993 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", 994 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 995 0, 996 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 997 #endif /* MBEDTLS_MD_CAN_SHA384 */ 998 #endif /* MBEDTLS_SSL_HAVE_GCM */ 999 1000 #if defined(MBEDTLS_SSL_HAVE_CBC) 1001 #if defined(MBEDTLS_MD_CAN_SHA256) 1002 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", 1003 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1004 0, 1005 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1006 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1007 1008 #if defined(MBEDTLS_MD_CAN_SHA384) 1009 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", 1010 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1011 0, 1012 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1013 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1014 1015 #if defined(MBEDTLS_MD_CAN_SHA1) 1016 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", 1017 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1018 0, 1019 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1020 1021 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", 1022 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1023 0, 1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1025 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1026 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1027 #if defined(MBEDTLS_SSL_HAVE_CCM) 1028 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", 1029 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1030 0, 1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", 1033 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1034 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1036 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", 1037 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1038 0, 1039 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1040 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", 1041 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1042 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1043 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1044 #endif /* MBEDTLS_SSL_HAVE_CCM */ 1045 #endif /* MBEDTLS_SSL_HAVE_AES */ 1046 1047 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1048 #if defined(MBEDTLS_SSL_HAVE_CBC) 1049 #if defined(MBEDTLS_MD_CAN_SHA256) 1050 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1051 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1052 0, 1053 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1054 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1055 1056 #if defined(MBEDTLS_MD_CAN_SHA384) 1057 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1058 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1059 0, 1060 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1061 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1062 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1063 1064 #if defined(MBEDTLS_SSL_HAVE_GCM) 1065 #if defined(MBEDTLS_MD_CAN_SHA256) 1066 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1067 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1068 0, 1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1070 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1071 1072 #if defined(MBEDTLS_MD_CAN_SHA384) 1073 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1074 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1075 0, 1076 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1077 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1078 #endif /* MBEDTLS_SSL_HAVE_GCM */ 1079 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1080 1081 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1082 1083 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1084 #if defined(MBEDTLS_SSL_HAVE_AES) 1085 #if defined(MBEDTLS_SSL_HAVE_GCM) 1086 #if defined(MBEDTLS_MD_CAN_SHA256) 1087 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", 1088 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1089 0, 1090 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1091 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1092 1093 #if defined(MBEDTLS_MD_CAN_SHA384) 1094 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", 1095 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1096 0, 1097 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1098 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1099 #endif /* MBEDTLS_SSL_HAVE_GCM */ 1100 1101 #if defined(MBEDTLS_SSL_HAVE_CBC) 1102 #if defined(MBEDTLS_MD_CAN_SHA256) 1103 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", 1104 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1105 0, 1106 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1107 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1108 1109 #if defined(MBEDTLS_MD_CAN_SHA384) 1110 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", 1111 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1112 0, 1113 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1114 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1115 1116 #if defined(MBEDTLS_MD_CAN_SHA1) 1117 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", 1118 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1119 0, 1120 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1121 1122 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", 1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1124 0, 1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1126 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1127 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1128 #if defined(MBEDTLS_SSL_HAVE_CCM) 1129 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", 1130 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1131 0, 1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", 1134 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1135 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1137 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", 1138 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1139 0, 1140 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1141 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", 1142 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1143 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1144 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1145 #endif /* MBEDTLS_SSL_HAVE_CCM */ 1146 #endif /* MBEDTLS_SSL_HAVE_AES */ 1147 1148 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1149 #if defined(MBEDTLS_SSL_HAVE_CBC) 1150 #if defined(MBEDTLS_MD_CAN_SHA256) 1151 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1152 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1153 0, 1154 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1155 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1156 1157 #if defined(MBEDTLS_MD_CAN_SHA384) 1158 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1159 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1160 0, 1161 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1162 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1163 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1164 1165 #if defined(MBEDTLS_SSL_HAVE_GCM) 1166 #if defined(MBEDTLS_MD_CAN_SHA256) 1167 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1168 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1169 0, 1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1171 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1172 1173 #if defined(MBEDTLS_MD_CAN_SHA384) 1174 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1175 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1176 0, 1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1178 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1179 #endif /* MBEDTLS_SSL_HAVE_GCM */ 1180 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1181 1182 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1183 1184 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1185 #if defined(MBEDTLS_SSL_HAVE_AES) 1186 1187 #if defined(MBEDTLS_SSL_HAVE_CBC) 1188 #if defined(MBEDTLS_MD_CAN_SHA256) 1189 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", 1190 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1191 0, 1192 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1193 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1194 1195 #if defined(MBEDTLS_MD_CAN_SHA384) 1196 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", 1197 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1198 0, 1199 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1200 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1201 1202 #if defined(MBEDTLS_MD_CAN_SHA1) 1203 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", 1204 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1205 0, 1206 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1207 1208 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", 1209 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1210 0, 1211 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1212 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1213 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1214 #endif /* MBEDTLS_SSL_HAVE_AES */ 1215 1216 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1217 #if defined(MBEDTLS_SSL_HAVE_CBC) 1218 #if defined(MBEDTLS_MD_CAN_SHA256) 1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 1220 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1221 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1222 0, 1223 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1224 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1225 1226 #if defined(MBEDTLS_MD_CAN_SHA384) 1227 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 1228 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1229 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1230 0, 1231 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1232 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1233 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1234 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1235 1236 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1237 1238 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1239 #if defined(MBEDTLS_SSL_HAVE_AES) 1240 #if defined(MBEDTLS_SSL_HAVE_GCM) 1241 #if defined(MBEDTLS_MD_CAN_SHA256) 1242 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", 1243 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1244 0, 1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1246 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1247 1248 #if defined(MBEDTLS_MD_CAN_SHA384) 1249 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", 1250 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1251 0, 1252 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1253 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1254 #endif /* MBEDTLS_SSL_HAVE_GCM */ 1255 1256 #if defined(MBEDTLS_SSL_HAVE_CBC) 1257 #if defined(MBEDTLS_MD_CAN_SHA256) 1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", 1259 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1260 0, 1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1262 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1263 1264 #if defined(MBEDTLS_MD_CAN_SHA384) 1265 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", 1266 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1267 0, 1268 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1269 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1270 1271 #if defined(MBEDTLS_MD_CAN_SHA1) 1272 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", 1273 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1274 0, 1275 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1276 1277 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", 1278 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1279 0, 1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1281 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1282 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1283 #endif /* MBEDTLS_SSL_HAVE_AES */ 1284 1285 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) 1286 #if defined(MBEDTLS_SSL_HAVE_CBC) 1287 #if defined(MBEDTLS_MD_CAN_SHA256) 1288 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1289 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1290 0, 1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1292 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1293 1294 #if defined(MBEDTLS_MD_CAN_SHA384) 1295 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1296 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1297 0, 1298 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1299 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1300 #endif /* MBEDTLS_SSL_HAVE_CBC */ 1301 1302 #if defined(MBEDTLS_SSL_HAVE_GCM) 1303 #if defined(MBEDTLS_MD_CAN_SHA256) 1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1305 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1306 0, 1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1308 #endif /* MBEDTLS_MD_CAN_SHA256 */ 1309 1310 #if defined(MBEDTLS_MD_CAN_SHA384) 1311 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1312 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1313 0, 1314 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1315 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1316 #endif /* MBEDTLS_SSL_HAVE_GCM */ 1317 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ 1318 1319 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1320 1321 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1322 #if defined(MBEDTLS_SSL_HAVE_AES) 1323 #if defined(MBEDTLS_SSL_HAVE_CCM) 1324 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", 1325 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, 1326 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1327 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1328 #endif /* MBEDTLS_SSL_HAVE_CCM */ 1329 #endif /* MBEDTLS_SSL_HAVE_AES */ 1330 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1331 1332 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1333 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1334 #if defined(MBEDTLS_MD_CAN_MD5) 1335 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", 1336 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 1337 MBEDTLS_CIPHERSUITE_WEAK, 1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1339 #endif 1340 1341 #if defined(MBEDTLS_MD_CAN_SHA1) 1342 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", 1343 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1344 MBEDTLS_CIPHERSUITE_WEAK, 1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1346 #endif 1347 1348 #if defined(MBEDTLS_MD_CAN_SHA256) 1349 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", 1350 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1351 MBEDTLS_CIPHERSUITE_WEAK, 1352 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1353 #endif 1354 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1355 1356 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1357 #if defined(MBEDTLS_MD_CAN_SHA1) 1358 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", 1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1360 MBEDTLS_CIPHERSUITE_WEAK, 1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1362 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1363 1364 #if defined(MBEDTLS_MD_CAN_SHA256) 1365 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", 1366 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1367 MBEDTLS_CIPHERSUITE_WEAK, 1368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1369 #endif 1370 1371 #if defined(MBEDTLS_MD_CAN_SHA384) 1372 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", 1373 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1374 MBEDTLS_CIPHERSUITE_WEAK, 1375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1376 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1377 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1378 1379 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1380 #if defined(MBEDTLS_MD_CAN_SHA1) 1381 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", 1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1383 MBEDTLS_CIPHERSUITE_WEAK, 1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1385 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1386 1387 #if defined(MBEDTLS_MD_CAN_SHA256) 1388 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", 1389 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1390 MBEDTLS_CIPHERSUITE_WEAK, 1391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1392 #endif 1393 1394 #if defined(MBEDTLS_MD_CAN_SHA384) 1395 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", 1396 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1397 MBEDTLS_CIPHERSUITE_WEAK, 1398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1399 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1400 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1401 1402 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1403 #if defined(MBEDTLS_MD_CAN_SHA1) 1404 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", 1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1406 MBEDTLS_CIPHERSUITE_WEAK, 1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1408 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1409 1410 #if defined(MBEDTLS_MD_CAN_SHA256) 1411 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", 1412 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1413 MBEDTLS_CIPHERSUITE_WEAK, 1414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1415 #endif 1416 1417 #if defined(MBEDTLS_MD_CAN_SHA384) 1418 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", 1419 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1420 MBEDTLS_CIPHERSUITE_WEAK, 1421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1422 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1423 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1424 1425 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1426 #if defined(MBEDTLS_MD_CAN_SHA1) 1427 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", 1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1429 MBEDTLS_CIPHERSUITE_WEAK, 1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1431 #endif /* MBEDTLS_MD_CAN_SHA1 */ 1432 1433 #if defined(MBEDTLS_MD_CAN_SHA256) 1434 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", 1435 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1436 MBEDTLS_CIPHERSUITE_WEAK, 1437 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1438 #endif 1439 1440 #if defined(MBEDTLS_MD_CAN_SHA384) 1441 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", 1442 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1443 MBEDTLS_CIPHERSUITE_WEAK, 1444 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1445 #endif /* MBEDTLS_MD_CAN_SHA384 */ 1446 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1447 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1448 1449 #if defined(MBEDTLS_SSL_HAVE_ARIA) 1450 1451 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1452 1453 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1454 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 1455 "TLS-RSA-WITH-ARIA-256-GCM-SHA384", 1456 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 1457 0, 1458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1459 #endif 1460 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1461 defined(MBEDTLS_MD_CAN_SHA384)) 1462 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 1463 "TLS-RSA-WITH-ARIA-256-CBC-SHA384", 1464 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 1465 0, 1466 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1467 #endif 1468 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1469 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 1470 "TLS-RSA-WITH-ARIA-128-GCM-SHA256", 1471 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1472 0, 1473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1474 #endif 1475 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1476 defined(MBEDTLS_MD_CAN_SHA256)) 1477 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 1478 "TLS-RSA-WITH-ARIA-128-CBC-SHA256", 1479 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1480 0, 1481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1482 #endif 1483 1484 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1485 1486 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1487 1488 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1489 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 1490 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", 1491 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1492 0, 1493 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1494 #endif 1495 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1496 defined(MBEDTLS_MD_CAN_SHA384)) 1497 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 1498 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", 1499 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1500 0, 1501 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1502 #endif 1503 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1504 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 1505 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", 1506 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1507 0, 1508 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1509 #endif 1510 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1511 defined(MBEDTLS_MD_CAN_SHA256)) 1512 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 1513 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", 1514 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1515 0, 1516 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1517 #endif 1518 1519 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1520 1521 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1522 1523 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1524 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 1525 "TLS-PSK-WITH-ARIA-256-GCM-SHA384", 1526 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1527 0, 1528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1529 #endif 1530 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1531 defined(MBEDTLS_MD_CAN_SHA384)) 1532 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 1533 "TLS-PSK-WITH-ARIA-256-CBC-SHA384", 1534 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1535 0, 1536 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1537 #endif 1538 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1539 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 1540 "TLS-PSK-WITH-ARIA-128-GCM-SHA256", 1541 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1542 0, 1543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1544 #endif 1545 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1546 defined(MBEDTLS_MD_CAN_SHA256)) 1547 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 1548 "TLS-PSK-WITH-ARIA-128-CBC-SHA256", 1549 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1550 0, 1551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1552 #endif 1553 1554 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1555 1556 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 1557 1558 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1559 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 1560 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", 1561 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1562 0, 1563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1564 #endif 1565 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1566 defined(MBEDTLS_MD_CAN_SHA384)) 1567 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 1568 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", 1569 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1570 0, 1571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1572 #endif 1573 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1574 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 1575 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", 1576 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1577 0, 1578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1579 #endif 1580 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1581 defined(MBEDTLS_MD_CAN_SHA256)) 1582 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 1583 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", 1584 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1585 0, 1586 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1587 #endif 1588 1589 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 1590 1591 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 1592 1593 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1594 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 1595 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", 1596 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1597 0, 1598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1599 #endif 1600 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1601 defined(MBEDTLS_MD_CAN_SHA384)) 1602 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 1603 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", 1604 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1605 0, 1606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1607 #endif 1608 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1609 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 1610 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", 1611 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1612 0, 1613 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1614 #endif 1615 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1616 defined(MBEDTLS_MD_CAN_SHA256)) 1617 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 1618 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", 1619 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1620 0, 1621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1622 #endif 1623 1624 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 1625 1626 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1627 1628 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1629 defined(MBEDTLS_MD_CAN_SHA384)) 1630 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 1631 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", 1632 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1633 0, 1634 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1635 #endif 1636 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1637 defined(MBEDTLS_MD_CAN_SHA256)) 1638 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 1639 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", 1640 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1641 0, 1642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1643 #endif 1644 1645 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1646 1647 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 1648 1649 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1650 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 1651 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", 1652 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1653 0, 1654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1655 #endif 1656 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1657 defined(MBEDTLS_MD_CAN_SHA384)) 1658 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 1659 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", 1660 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1661 0, 1662 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1663 #endif 1664 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1665 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 1666 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", 1667 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1668 0, 1669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1670 #endif 1671 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1672 defined(MBEDTLS_MD_CAN_SHA256)) 1673 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 1674 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", 1675 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1676 0, 1677 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1678 #endif 1679 1680 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 1681 1682 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 1683 1684 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1685 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 1686 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", 1687 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1688 0, 1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1690 #endif 1691 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1692 defined(MBEDTLS_MD_CAN_SHA384)) 1693 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 1694 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", 1695 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1696 0, 1697 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1698 #endif 1699 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1700 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 1701 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", 1702 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1703 0, 1704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1705 #endif 1706 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1707 defined(MBEDTLS_MD_CAN_SHA256)) 1708 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 1709 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", 1710 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1711 0, 1712 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1713 #endif 1714 1715 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 1716 1717 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 1718 1719 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1720 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 1721 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", 1722 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1723 0, 1724 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1725 #endif 1726 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1727 defined(MBEDTLS_MD_CAN_SHA384)) 1728 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 1729 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", 1730 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1731 0, 1732 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1733 #endif 1734 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1735 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 1736 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", 1737 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1738 0, 1739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1740 #endif 1741 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1742 defined(MBEDTLS_MD_CAN_SHA256)) 1743 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 1744 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", 1745 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1746 0, 1747 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1748 #endif 1749 1750 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 1751 1752 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1753 1754 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) 1755 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 1756 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", 1757 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1758 0, 1759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1760 #endif 1761 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1762 defined(MBEDTLS_MD_CAN_SHA384)) 1763 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 1764 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", 1765 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1766 0, 1767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1768 #endif 1769 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) 1770 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 1771 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", 1772 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1773 0, 1774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1775 #endif 1776 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ 1777 defined(MBEDTLS_MD_CAN_SHA256)) 1778 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 1779 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", 1780 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1781 0, 1782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1783 #endif 1784 1785 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1786 1787 #endif /* MBEDTLS_SSL_HAVE_ARIA */ 1788 1789 1790 { 0, "", 1791 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 1792 0, 0, 0 } 1793 }; 1794 1795 #if defined(MBEDTLS_SSL_CIPHERSUITES) 1796 const int *mbedtls_ssl_list_ciphersuites(void) 1797 { 1798 return ciphersuite_preference; 1799 } 1800 #else 1801 #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ 1802 sizeof(ciphersuite_definitions[0]) 1803 static int supported_ciphersuites[MAX_CIPHERSUITES]; 1804 static int supported_init = 0; 1805 1806 MBEDTLS_CHECK_RETURN_CRITICAL 1807 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) 1808 { 1809 (void) cs_info; 1810 1811 return 0; 1812 } 1813 1814 const int *mbedtls_ssl_list_ciphersuites(void) 1815 { 1816 /* 1817 * On initial call filter out all ciphersuites not supported by current 1818 * build based on presence in the ciphersuite_definitions. 1819 */ 1820 if (supported_init == 0) { 1821 const int *p; 1822 int *q; 1823 1824 for (p = ciphersuite_preference, q = supported_ciphersuites; 1825 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; 1826 p++) { 1827 const mbedtls_ssl_ciphersuite_t *cs_info; 1828 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && 1829 !ciphersuite_is_removed(cs_info)) { 1830 *(q++) = *p; 1831 } 1832 } 1833 *q = 0; 1834 1835 supported_init = 1; 1836 } 1837 1838 return supported_ciphersuites; 1839 } 1840 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 1841 1842 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( 1843 const char *ciphersuite_name) 1844 { 1845 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1846 1847 if (NULL == ciphersuite_name) { 1848 return NULL; 1849 } 1850 1851 while (cur->id != 0) { 1852 if (0 == strcmp(cur->name, ciphersuite_name)) { 1853 return cur; 1854 } 1855 1856 cur++; 1857 } 1858 1859 return NULL; 1860 } 1861 1862 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) 1863 { 1864 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1865 1866 while (cur->id != 0) { 1867 if (cur->id == ciphersuite) { 1868 return cur; 1869 } 1870 1871 cur++; 1872 } 1873 1874 return NULL; 1875 } 1876 1877 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) 1878 { 1879 const mbedtls_ssl_ciphersuite_t *cur; 1880 1881 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); 1882 1883 if (cur == NULL) { 1884 return "unknown"; 1885 } 1886 1887 return cur->name; 1888 } 1889 1890 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) 1891 { 1892 const mbedtls_ssl_ciphersuite_t *cur; 1893 1894 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); 1895 1896 if (cur == NULL) { 1897 return 0; 1898 } 1899 1900 return cur->id; 1901 } 1902 1903 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) 1904 { 1905 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1906 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1907 psa_key_type_t key_type; 1908 psa_algorithm_t alg; 1909 size_t key_bits; 1910 1911 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, 1912 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, 1913 &alg, &key_type, &key_bits); 1914 1915 if (status != PSA_SUCCESS) { 1916 return 0; 1917 } 1918 1919 return key_bits; 1920 #else 1921 const mbedtls_cipher_info_t * const cipher_info = 1922 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher); 1923 1924 return mbedtls_cipher_info_get_key_bitlen(cipher_info); 1925 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1926 } 1927 1928 #if defined(MBEDTLS_PK_C) 1929 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) 1930 { 1931 switch (info->key_exchange) { 1932 case MBEDTLS_KEY_EXCHANGE_RSA: 1933 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1934 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1935 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1936 return MBEDTLS_PK_RSA; 1937 1938 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1939 return MBEDTLS_PK_ECDSA; 1940 1941 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1942 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1943 return MBEDTLS_PK_ECKEY; 1944 1945 default: 1946 return MBEDTLS_PK_NONE; 1947 } 1948 } 1949 1950 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1951 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) 1952 { 1953 switch (info->key_exchange) { 1954 case MBEDTLS_KEY_EXCHANGE_RSA: 1955 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1956 return PSA_ALG_RSA_PKCS1V15_CRYPT; 1957 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1958 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1959 return PSA_ALG_RSA_PKCS1V15_SIGN( 1960 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); 1961 1962 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1963 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); 1964 1965 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1966 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1967 return PSA_ALG_ECDH; 1968 1969 default: 1970 return PSA_ALG_NONE; 1971 } 1972 } 1973 1974 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) 1975 { 1976 switch (info->key_exchange) { 1977 case MBEDTLS_KEY_EXCHANGE_RSA: 1978 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1979 return PSA_KEY_USAGE_DECRYPT; 1980 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1981 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1982 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1983 return PSA_KEY_USAGE_SIGN_HASH; 1984 1985 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1986 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1987 return PSA_KEY_USAGE_DERIVE; 1988 1989 default: 1990 return 0; 1991 } 1992 } 1993 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1994 1995 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) 1996 { 1997 switch (info->key_exchange) { 1998 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1999 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 2000 return MBEDTLS_PK_RSA; 2001 2002 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 2003 return MBEDTLS_PK_ECDSA; 2004 2005 default: 2006 return MBEDTLS_PK_NONE; 2007 } 2008 } 2009 2010 #endif /* MBEDTLS_PK_C */ 2011 2012 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ 2013 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ 2014 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 2015 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) 2016 { 2017 switch (info->key_exchange) { 2018 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 2019 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 2020 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 2021 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 2022 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 2023 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 2024 return 1; 2025 2026 default: 2027 return 0; 2028 } 2029 } 2030 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || 2031 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || 2032 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ 2033 2034 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) 2035 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) 2036 { 2037 switch (info->key_exchange) { 2038 case MBEDTLS_KEY_EXCHANGE_PSK: 2039 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 2040 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 2041 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 2042 return 1; 2043 2044 default: 2045 return 0; 2046 } 2047 } 2048 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ 2049 2050 #endif /* MBEDTLS_SSL_TLS_C */ 2051