security/nss/lib/ssl/sslproto.h@b8a032363ba2 (annotated)
security/nss/lib/ssl/sslproto.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* |
| michael@0 | 2 | * Various and sundry protocol constants. DON'T CHANGE THESE. These values |
| michael@0 | 3 | * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. |
| michael@0 | 4 | * Cipher kinds and ciphersuites are part of the public API. |
| michael@0 | 5 | * |
| michael@0 | 6 | * This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 7 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 8 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 9 | |
| michael@0 | 10 | #ifndef __sslproto_h_ |
| michael@0 | 11 | #define __sslproto_h_ |
| michael@0 | 12 | |
| michael@0 | 13 | /* All versions less than 3_0 are treated as SSL version 2 */ |
| michael@0 | 14 | #define SSL_LIBRARY_VERSION_2 0x0002 |
| michael@0 | 15 | #define SSL_LIBRARY_VERSION_3_0 0x0300 |
| michael@0 | 16 | #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 |
| michael@0 | 17 | #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 |
| michael@0 | 18 | #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 |
| michael@0 | 19 | /* Note: this is the internal format, not the wire format */ |
| michael@0 | 20 | #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 |
| michael@0 | 21 | #define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 |
| michael@0 | 22 | |
| michael@0 | 23 | /* deprecated old name */ |
| michael@0 | 24 | #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 |
| michael@0 | 25 | |
| michael@0 | 26 | /* The DTLS versions used in the spec */ |
| michael@0 | 27 | #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) |
| michael@0 | 28 | #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) |
| michael@0 | 29 | |
| michael@0 | 30 | /* Header lengths of some of the messages */ |
| michael@0 | 31 | #define SSL_HL_ERROR_HBYTES 3 |
| michael@0 | 32 | #define SSL_HL_CLIENT_HELLO_HBYTES 9 |
| michael@0 | 33 | #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 |
| michael@0 | 34 | #define SSL_HL_CLIENT_FINISHED_HBYTES 1 |
| michael@0 | 35 | #define SSL_HL_SERVER_HELLO_HBYTES 11 |
| michael@0 | 36 | #define SSL_HL_SERVER_VERIFY_HBYTES 1 |
| michael@0 | 37 | #define SSL_HL_SERVER_FINISHED_HBYTES 1 |
| michael@0 | 38 | #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 |
| michael@0 | 39 | #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 |
| michael@0 | 40 | |
| michael@0 | 41 | /* Security handshake protocol codes */ |
| michael@0 | 42 | #define SSL_MT_ERROR 0 |
| michael@0 | 43 | #define SSL_MT_CLIENT_HELLO 1 |
| michael@0 | 44 | #define SSL_MT_CLIENT_MASTER_KEY 2 |
| michael@0 | 45 | #define SSL_MT_CLIENT_FINISHED 3 |
| michael@0 | 46 | #define SSL_MT_SERVER_HELLO 4 |
| michael@0 | 47 | #define SSL_MT_SERVER_VERIFY 5 |
| michael@0 | 48 | #define SSL_MT_SERVER_FINISHED 6 |
| michael@0 | 49 | #define SSL_MT_REQUEST_CERTIFICATE 7 |
| michael@0 | 50 | #define SSL_MT_CLIENT_CERTIFICATE 8 |
| michael@0 | 51 | |
| michael@0 | 52 | /* Certificate types */ |
| michael@0 | 53 | #define SSL_CT_X509_CERTIFICATE 0x01 |
| michael@0 | 54 | #if 0 /* XXX Not implemented yet */ |
| michael@0 | 55 | #define SSL_PKCS6_CERTIFICATE 0x02 |
| michael@0 | 56 | #endif |
| michael@0 | 57 | #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 |
| michael@0 | 58 | |
| michael@0 | 59 | /* Error codes */ |
| michael@0 | 60 | #define SSL_PE_NO_CYPHERS 0x0001 |
| michael@0 | 61 | #define SSL_PE_NO_CERTIFICATE 0x0002 |
| michael@0 | 62 | #define SSL_PE_BAD_CERTIFICATE 0x0004 |
| michael@0 | 63 | #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 |
| michael@0 | 64 | |
| michael@0 | 65 | /* Cypher kinds (not the spec version!) */ |
| michael@0 | 66 | #define SSL_CK_RC4_128_WITH_MD5 0x01 |
| michael@0 | 67 | #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 |
| michael@0 | 68 | #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 |
| michael@0 | 69 | #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 |
| michael@0 | 70 | #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 |
| michael@0 | 71 | #define SSL_CK_DES_64_CBC_WITH_MD5 0x06 |
| michael@0 | 72 | #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 |
| michael@0 | 73 | |
| michael@0 | 74 | /* Cipher enables. These are used only for SSL_EnableCipher |
| michael@0 | 75 | * These values define the SSL2 suites, and do not colide with the |
| michael@0 | 76 | * SSL3 Cipher suites defined below. |
| michael@0 | 77 | */ |
| michael@0 | 78 | #define SSL_EN_RC4_128_WITH_MD5 0xFF01 |
| michael@0 | 79 | #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 |
| michael@0 | 80 | #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 |
| michael@0 | 81 | #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 |
| michael@0 | 82 | #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 |
| michael@0 | 83 | #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 |
| michael@0 | 84 | #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 |
| michael@0 | 85 | |
| michael@0 | 86 | /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ |
| michael@0 | 87 | #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES |
| michael@0 | 88 | #define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL |
| michael@0 | 89 | #define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 |
| michael@0 | 90 | #define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA |
| michael@0 | 91 | #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
| michael@0 | 92 | #define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 |
| michael@0 | 93 | #define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA |
| michael@0 | 94 | #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
| michael@0 | 95 | #define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA |
| michael@0 | 96 | #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA |
| michael@0 | 97 | #define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA |
| michael@0 | 98 | #define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA |
| michael@0 | 99 | #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA |
| michael@0 | 100 | #define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA |
| michael@0 | 101 | #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| michael@0 | 102 | #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA |
| michael@0 | 103 | #define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA |
| michael@0 | 104 | #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| michael@0 | 105 | #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA |
| michael@0 | 106 | #define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA |
| michael@0 | 107 | #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
| michael@0 | 108 | #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA |
| michael@0 | 109 | #define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA |
| michael@0 | 110 | #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
| michael@0 | 111 | #define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 |
| michael@0 | 112 | #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA |
| michael@0 | 113 | #define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA |
| michael@0 | 114 | #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA |
| michael@0 | 115 | #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 |
| michael@0 | 116 | #define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA |
| michael@0 | 117 | #define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA |
| michael@0 | 118 | #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA |
| michael@0 | 119 | #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA |
| michael@0 | 120 | #endif |
| michael@0 | 121 | |
| michael@0 | 122 | #define TLS_NULL_WITH_NULL_NULL 0x0000 |
| michael@0 | 123 | |
| michael@0 | 124 | #define TLS_RSA_WITH_NULL_MD5 0x0001 |
| michael@0 | 125 | #define TLS_RSA_WITH_NULL_SHA 0x0002 |
| michael@0 | 126 | #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 |
| michael@0 | 127 | #define TLS_RSA_WITH_RC4_128_MD5 0x0004 |
| michael@0 | 128 | #define TLS_RSA_WITH_RC4_128_SHA 0x0005 |
| michael@0 | 129 | #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 |
| michael@0 | 130 | #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 |
| michael@0 | 131 | #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 |
| michael@0 | 132 | #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 |
| michael@0 | 133 | #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a |
| michael@0 | 134 | |
| michael@0 | 135 | #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b |
| michael@0 | 136 | #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c |
| michael@0 | 137 | #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d |
| michael@0 | 138 | #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e |
| michael@0 | 139 | #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f |
| michael@0 | 140 | #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 |
| michael@0 | 141 | |
| michael@0 | 142 | #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 |
| michael@0 | 143 | #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 |
| michael@0 | 144 | #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 |
| michael@0 | 145 | #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 |
| michael@0 | 146 | #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 |
| michael@0 | 147 | #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 |
| michael@0 | 148 | |
| michael@0 | 149 | #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 |
| michael@0 | 150 | #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 |
| michael@0 | 151 | #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 |
| michael@0 | 152 | #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a |
| michael@0 | 153 | #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b |
| michael@0 | 154 | |
| michael@0 | 155 | #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ |
| michael@0 | 156 | #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ |
| michael@0 | 157 | #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ |
| michael@0 | 158 | |
| michael@0 | 159 | #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F |
| michael@0 | 160 | #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 |
| michael@0 | 161 | #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 |
| michael@0 | 162 | #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 |
| michael@0 | 163 | #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 |
| michael@0 | 164 | #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 |
| michael@0 | 165 | |
| michael@0 | 166 | #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 |
| michael@0 | 167 | #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 |
| michael@0 | 168 | #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 |
| michael@0 | 169 | #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 |
| michael@0 | 170 | #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 |
| michael@0 | 171 | #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A |
| michael@0 | 172 | #define TLS_RSA_WITH_NULL_SHA256 0x003B |
| michael@0 | 173 | #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C |
| michael@0 | 174 | #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D |
| michael@0 | 175 | |
| michael@0 | 176 | #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 |
| michael@0 | 177 | #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 |
| michael@0 | 178 | #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 |
| michael@0 | 179 | #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 |
| michael@0 | 180 | #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 |
| michael@0 | 181 | #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 |
| michael@0 | 182 | |
| michael@0 | 183 | #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 |
| michael@0 | 184 | #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 |
| michael@0 | 185 | |
| michael@0 | 186 | #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063 |
| michael@0 | 187 | #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 |
| michael@0 | 188 | #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 |
| michael@0 | 189 | #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 |
| michael@0 | 190 | #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B |
| michael@0 | 191 | |
| michael@0 | 192 | #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 |
| michael@0 | 193 | #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 |
| michael@0 | 194 | #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 |
| michael@0 | 195 | #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 |
| michael@0 | 196 | #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 |
| michael@0 | 197 | #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 |
| michael@0 | 198 | |
| michael@0 | 199 | #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 |
| michael@0 | 200 | |
| michael@0 | 201 | #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C |
| michael@0 | 202 | #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E |
| michael@0 | 203 | #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 |
| michael@0 | 204 | |
| michael@0 | 205 | /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. |
| michael@0 | 206 | * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending |
| michael@0 | 207 | * back an empty Renegotiation Info (RI) server hello extension. |
| michael@0 | 208 | */ |
| michael@0 | 209 | #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF |
| michael@0 | 210 | |
| michael@0 | 211 | /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a |
| michael@0 | 212 | * handshake is the result of TLS version fallback. |
| michael@0 | 213 | */ |
| michael@0 | 214 | #define TLS_FALLBACK_SCSV 0x5600 |
| michael@0 | 215 | |
| michael@0 | 216 | /* Cipher Suite Values starting with 0xC000 are defined in informational |
| michael@0 | 217 | * RFCs. |
| michael@0 | 218 | */ |
| michael@0 | 219 | #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 |
| michael@0 | 220 | #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 |
| michael@0 | 221 | #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 |
| michael@0 | 222 | #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 |
| michael@0 | 223 | #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 |
| michael@0 | 224 | |
| michael@0 | 225 | #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 |
| michael@0 | 226 | #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 |
| michael@0 | 227 | #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 |
| michael@0 | 228 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 |
| michael@0 | 229 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A |
| michael@0 | 230 | |
| michael@0 | 231 | #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B |
| michael@0 | 232 | #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C |
| michael@0 | 233 | #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D |
| michael@0 | 234 | #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E |
| michael@0 | 235 | #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F |
| michael@0 | 236 | |
| michael@0 | 237 | #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 |
| michael@0 | 238 | #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 |
| michael@0 | 239 | #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 |
| michael@0 | 240 | #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 |
| michael@0 | 241 | #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 |
| michael@0 | 242 | |
| michael@0 | 243 | #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015 |
| michael@0 | 244 | #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 |
| michael@0 | 245 | #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 |
| michael@0 | 246 | #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 |
| michael@0 | 247 | #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 |
| michael@0 | 248 | |
| michael@0 | 249 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 |
| michael@0 | 250 | #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 |
| michael@0 | 251 | |
| michael@0 | 252 | #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B |
| michael@0 | 253 | #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D |
| michael@0 | 254 | #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F |
| michael@0 | 255 | #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 |
| michael@0 | 256 | |
| michael@0 | 257 | /* Netscape "experimental" cipher suites. */ |
| michael@0 | 258 | #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 |
| michael@0 | 259 | #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 |
| michael@0 | 260 | |
| michael@0 | 261 | /* New non-experimental openly spec'ed versions of those cipher suites. */ |
| michael@0 | 262 | #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff |
| michael@0 | 263 | #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe |
| michael@0 | 264 | |
| michael@0 | 265 | /* DTLS-SRTP cipher suites from RFC 5764 */ |
| michael@0 | 266 | /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ |
| michael@0 | 267 | #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 |
| michael@0 | 268 | #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 |
| michael@0 | 269 | #define SRTP_NULL_HMAC_SHA1_80 0x0005 |
| michael@0 | 270 | #define SRTP_NULL_HMAC_SHA1_32 0x0006 |
| michael@0 | 271 | |
| michael@0 | 272 | #endif /* __sslproto_h_ */ |
