1 /**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for Mbed TLS
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10 #include "common.h"
11
12 #if defined(MBEDTLS_SSL_TLS_C)
13
14 #include "mbedtls/platform.h"
15
16 #include "mbedtls/ssl_ciphersuites.h"
17 #include "mbedtls/ssl.h"
18
19 #include <string.h>
20
21 #undef HAVE_SHA384
22 #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
23 #define HAVE_SHA384
24 #endif
25
26 /*
27 * Ordered from most preferred to least preferred in terms of security.
28 *
29 * Current rule (except RC4 and 3DES, weak and null which come last):
30 * 1. By key exchange:
31 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
32 * 2. By key length and cipher:
33 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
34 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
35 * 4. By hash function used when relevant
36 * 5. By key exchange/auth again: EC > non-EC
37 */
38 static const int ciphersuite_preference[] =
39 {
40 #if defined(MBEDTLS_SSL_CIPHERSUITES)
41 MBEDTLS_SSL_CIPHERSUITES,
42 #else
43 /* Chacha-Poly ephemeral suites */
44 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
45 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
46 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
47
48 /* All AES-256 ephemeral suites */
49 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
50 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
51 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
52 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
53 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
54 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
55 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
56 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
62
63 /* All CAMELLIA-256 ephemeral suites */
64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
65 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
66 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
67 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
68 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
69 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
70 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
71
72 /* All ARIA-256 ephemeral suites */
73 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
74 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
75 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
77 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
78 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
79
80 /* All AES-128 ephemeral suites */
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
83 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
85 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
87 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
88 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
94
95 /* All CAMELLIA-128 ephemeral suites */
96 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
97 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
98 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
99 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
100 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
101 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
102 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
103
104 /* All ARIA-128 ephemeral suites */
105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
106 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
107 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
108 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
109 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
110 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
111
112 /* The PSK ephemeral suites */
113 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
114 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
115 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
116 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
117 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
118 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
119 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
120 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
121 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
122 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
123 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
125 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
126 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
127 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
128
129 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
130 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
131 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
132 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
133 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
134 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
135 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
136 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
137 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
139 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
140 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
141 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
142
143 /* The ECJPAKE suite */
144 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
145
146 /* All AES-256 suites */
147 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
148 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
149 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
150 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
151 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
152 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
153 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
154 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
155 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
156 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
157 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
158
159 /* All CAMELLIA-256 suites */
160 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
161 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
162 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
163 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
164 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
165 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
166 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
167
168 /* All ARIA-256 suites */
169 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
170 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
171 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
174 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
175
176 /* All AES-128 suites */
177 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
178 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
179 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
180 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
181 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
182 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
183 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
184 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
185 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
186 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
187 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
188
189 /* All CAMELLIA-128 suites */
190 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
191 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
192 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
193 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
194 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
195 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
196 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
197
198 /* All ARIA-128 suites */
199 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
200 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
201 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
204 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
205
206 /* The RSA PSK suites */
207 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
208 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
209 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
210 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
211 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
212 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
213 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
214 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
215
216 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
217 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
218 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
219 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
220 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
221 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
222 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
223
224 /* The PSK suites */
225 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
226 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
227 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
228 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
229 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
230 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
231 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
232 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
233 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
234 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
235
236 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
237 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
238 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
239 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
240 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
241 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
242 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
243 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
244 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
245
246 /* 3DES suites */
247 MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
248 MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
249 MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
250 MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
251 MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
252 MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
253 MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
254 MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
255 MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
256 MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
257
258 /* RC4 suites */
259 MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
260 MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
261 MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
262 MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA,
263 MBEDTLS_TLS_RSA_WITH_RC4_128_SHA,
264 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5,
265 MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA,
266 MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
267 MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA,
268 MBEDTLS_TLS_PSK_WITH_RC4_128_SHA,
269
270 /* Weak suites */
271 MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA,
272 MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA,
273
274 /* NULL suites */
275 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
276 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
277 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
278 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
279 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
280 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
281 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
282 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
283
284 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
285 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
286 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
287 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
288 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
289 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
290 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
291 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
292 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
293 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
294 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
295
296 #endif /* MBEDTLS_SSL_CIPHERSUITES */
297 0
298 };
299
300 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
301 {
302 #if defined(MBEDTLS_CHACHAPOLY_C) && \
303 defined(MBEDTLS_SHA256_C) && \
304 defined(MBEDTLS_SSL_PROTO_TLS1_2)
305 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
306 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
307 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
308 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
309 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
310 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
311 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
312 0 },
313 #endif
314 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
315 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
316 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
317 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
318 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
319 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
320 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
321 0 },
322 #endif
323 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
324 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
325 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
326 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
327 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
328 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
329 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
330 0 },
331 #endif
332 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
333 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
334 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
335 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
336 MBEDTLS_KEY_EXCHANGE_PSK,
337 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
338 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
339 0 },
340 #endif
341 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
342 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
343 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
344 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
345 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
346 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
347 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
348 0 },
349 #endif
350 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
351 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
352 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
353 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
354 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
355 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
356 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
357 0 },
358 #endif
359 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
360 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
361 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
362 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
363 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
364 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
365 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
366 0 },
367 #endif
368 #endif /* MBEDTLS_CHACHAPOLY_C &&
369 MBEDTLS_SHA256_C &&
370 MBEDTLS_SSL_PROTO_TLS1_2 */
371 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
372 #if defined(MBEDTLS_AES_C)
373 #if defined(MBEDTLS_SHA1_C)
374 #if defined(MBEDTLS_CIPHER_MODE_CBC)
375 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
376 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
377 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
378 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
379 0 },
380 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
381 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
382 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
383 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
384 0 },
385 #endif /* MBEDTLS_CIPHER_MODE_CBC */
386 #endif /* MBEDTLS_SHA1_C */
387 #if defined(MBEDTLS_SHA256_C)
388 #if defined(MBEDTLS_CIPHER_MODE_CBC)
389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
390 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
391 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
392 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
393 0 },
394 #endif /* MBEDTLS_CIPHER_MODE_CBC */
395 #if defined(MBEDTLS_GCM_C)
396 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
397 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
398 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
399 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
400 0 },
401 #endif /* MBEDTLS_GCM_C */
402 #endif /* MBEDTLS_SHA256_C */
403 #if defined(HAVE_SHA384)
404 #if defined(MBEDTLS_CIPHER_MODE_CBC)
405 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
406 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
407 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
408 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
409 0 },
410 #endif /* MBEDTLS_CIPHER_MODE_CBC */
411 #if defined(MBEDTLS_GCM_C)
412 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
413 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
414 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
415 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
416 0 },
417 #endif /* MBEDTLS_GCM_C */
418 #endif /* HAVE_SHA384 */
419 #if defined(MBEDTLS_CCM_C)
420 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
421 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
422 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
423 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
424 0 },
425 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
426 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
427 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
428 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
429 MBEDTLS_CIPHERSUITE_SHORT_TAG },
430 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
431 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
432 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
433 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
434 0 },
435 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
436 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
437 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
438 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
439 MBEDTLS_CIPHERSUITE_SHORT_TAG },
440 #endif /* MBEDTLS_CCM_C */
441 #endif /* MBEDTLS_AES_C */
442
443 #if defined(MBEDTLS_CAMELLIA_C)
444 #if defined(MBEDTLS_CIPHER_MODE_CBC)
445 #if defined(MBEDTLS_SHA256_C)
446 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
447 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
448 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
449 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
450 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
451 0 },
452 #endif /* MBEDTLS_SHA256_C */
453 #if defined(HAVE_SHA384)
454 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
455 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
456 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
457 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
458 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
459 0 },
460 #endif /* HAVE_SHA384 */
461 #endif /* MBEDTLS_CIPHER_MODE_CBC */
462
463 #if defined(MBEDTLS_GCM_C)
464 #if defined(MBEDTLS_SHA256_C)
465 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
466 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
467 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
468 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
469 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
470 0 },
471 #endif /* MBEDTLS_SHA256_C */
472 #if defined(HAVE_SHA384)
473 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
474 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
475 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
476 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
477 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
478 0 },
479 #endif /* HAVE_SHA384 */
480 #endif /* MBEDTLS_GCM_C */
481 #endif /* MBEDTLS_CAMELLIA_C */
482
483 #if defined(MBEDTLS_DES_C)
484 #if defined(MBEDTLS_CIPHER_MODE_CBC)
485 #if defined(MBEDTLS_SHA1_C)
486 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
487 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
488 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
489 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
490 0 },
491 #endif /* MBEDTLS_SHA1_C */
492 #endif /* MBEDTLS_CIPHER_MODE_CBC */
493 #endif /* MBEDTLS_DES_C */
494
495 #if defined(MBEDTLS_ARC4_C)
496 #if defined(MBEDTLS_SHA1_C)
497 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
498 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
499 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
500 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
501 MBEDTLS_CIPHERSUITE_NODTLS },
502 #endif /* MBEDTLS_SHA1_C */
503 #endif /* MBEDTLS_ARC4_C */
504
505 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
506 #if defined(MBEDTLS_SHA1_C)
507 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
508 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
509 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
510 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
511 MBEDTLS_CIPHERSUITE_WEAK },
512 #endif /* MBEDTLS_SHA1_C */
513 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
514 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
515
516 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
517 #if defined(MBEDTLS_AES_C)
518 #if defined(MBEDTLS_SHA1_C)
519 #if defined(MBEDTLS_CIPHER_MODE_CBC)
520 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
521 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
522 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
523 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
524 0 },
525 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
526 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
527 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
528 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
529 0 },
530 #endif /* MBEDTLS_CIPHER_MODE_CBC */
531 #endif /* MBEDTLS_SHA1_C */
532 #if defined(MBEDTLS_SHA256_C)
533 #if defined(MBEDTLS_CIPHER_MODE_CBC)
534 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
535 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
536 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
537 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
538 0 },
539 #endif /* MBEDTLS_CIPHER_MODE_CBC */
540 #if defined(MBEDTLS_GCM_C)
541 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
542 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
543 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
544 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
545 0 },
546 #endif /* MBEDTLS_GCM_C */
547 #endif /* MBEDTLS_SHA256_C */
548 #if defined(HAVE_SHA384)
549 #if defined(MBEDTLS_CIPHER_MODE_CBC)
550 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
551 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
552 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
553 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
554 0 },
555 #endif /* MBEDTLS_CIPHER_MODE_CBC */
556 #if defined(MBEDTLS_GCM_C)
557 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
558 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
559 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
560 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
561 0 },
562 #endif /* MBEDTLS_GCM_C */
563 #endif /* HAVE_SHA384 */
564 #endif /* MBEDTLS_AES_C */
565
566 #if defined(MBEDTLS_CAMELLIA_C)
567 #if defined(MBEDTLS_CIPHER_MODE_CBC)
568 #if defined(MBEDTLS_SHA256_C)
569 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
570 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
571 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
572 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
573 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
574 0 },
575 #endif /* MBEDTLS_SHA256_C */
576 #if defined(HAVE_SHA384)
577 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
578 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
579 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
580 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
581 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
582 0 },
583 #endif /* HAVE_SHA384 */
584 #endif /* MBEDTLS_CIPHER_MODE_CBC */
585
586 #if defined(MBEDTLS_GCM_C)
587 #if defined(MBEDTLS_SHA256_C)
588 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
589 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
590 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
591 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
592 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
593 0 },
594 #endif /* MBEDTLS_SHA256_C */
595 #if defined(HAVE_SHA384)
596 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
597 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
598 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
599 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
600 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
601 0 },
602 #endif /* HAVE_SHA384 */
603 #endif /* MBEDTLS_GCM_C */
604 #endif /* MBEDTLS_CAMELLIA_C */
605
606 #if defined(MBEDTLS_DES_C)
607 #if defined(MBEDTLS_CIPHER_MODE_CBC)
608 #if defined(MBEDTLS_SHA1_C)
609 { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
610 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
611 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
612 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
613 0 },
614 #endif /* MBEDTLS_SHA1_C */
615 #endif /* MBEDTLS_CIPHER_MODE_CBC */
616 #endif /* MBEDTLS_DES_C */
617
618 #if defined(MBEDTLS_ARC4_C)
619 #if defined(MBEDTLS_SHA1_C)
620 { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
621 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
622 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
623 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
624 MBEDTLS_CIPHERSUITE_NODTLS },
625 #endif /* MBEDTLS_SHA1_C */
626 #endif /* MBEDTLS_ARC4_C */
627
628 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
629 #if defined(MBEDTLS_SHA1_C)
630 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
631 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
632 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
633 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
634 MBEDTLS_CIPHERSUITE_WEAK },
635 #endif /* MBEDTLS_SHA1_C */
636 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
637 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
638
639 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
640 #if defined(MBEDTLS_AES_C)
641 #if defined(HAVE_SHA384) && defined(MBEDTLS_GCM_C)
642 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
643 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
644 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
645 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
646 0 },
647 #endif /* HAVE_SHA384 && MBEDTLS_GCM_C */
648
649 #if defined(MBEDTLS_SHA256_C)
650 #if defined(MBEDTLS_GCM_C)
651 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
652 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
653 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
654 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
655 0 },
656 #endif /* MBEDTLS_GCM_C */
657
658 #if defined(MBEDTLS_CIPHER_MODE_CBC)
659 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
660 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
661 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
662 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
663 0 },
664
665 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
666 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
667 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
668 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
669 0 },
670 #endif /* MBEDTLS_CIPHER_MODE_CBC */
671 #endif /* MBEDTLS_SHA256_C */
672
673 #if defined(MBEDTLS_CIPHER_MODE_CBC)
674 #if defined(MBEDTLS_SHA1_C)
675 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
676 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
677 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
678 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
679 0 },
680
681 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
682 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
683 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
684 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
685 0 },
686 #endif /* MBEDTLS_SHA1_C */
687 #endif /* MBEDTLS_CIPHER_MODE_CBC */
688 #if defined(MBEDTLS_CCM_C)
689 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
690 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
691 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
692 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
693 0 },
694 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
695 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
696 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
697 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
698 MBEDTLS_CIPHERSUITE_SHORT_TAG },
699 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
700 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
701 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
702 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
703 0 },
704 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
705 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
706 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
707 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
708 MBEDTLS_CIPHERSUITE_SHORT_TAG },
709 #endif /* MBEDTLS_CCM_C */
710 #endif /* MBEDTLS_AES_C */
711
712 #if defined(MBEDTLS_CAMELLIA_C)
713 #if defined(MBEDTLS_CIPHER_MODE_CBC)
714 #if defined(MBEDTLS_SHA256_C)
715 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
716 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
717 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
718 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
719 0 },
720
721 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
722 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
723 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
724 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
725 0 },
726 #endif /* MBEDTLS_SHA256_C */
727
728 #if defined(MBEDTLS_SHA1_C)
729 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
730 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
731 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
732 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
733 0 },
734
735 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
736 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
737 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
738 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
739 0 },
740 #endif /* MBEDTLS_SHA1_C */
741 #endif /* MBEDTLS_CIPHER_MODE_CBC */
742 #if defined(MBEDTLS_GCM_C)
743 #if defined(MBEDTLS_SHA256_C)
744 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
745 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
746 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
747 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
748 0 },
749 #endif /* MBEDTLS_SHA256_C */
750
751 #if defined(HAVE_SHA384)
752 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
753 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
754 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
755 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
756 0 },
757 #endif /* HAVE_SHA384 */
758 #endif /* MBEDTLS_GCM_C */
759 #endif /* MBEDTLS_CAMELLIA_C */
760
761 #if defined(MBEDTLS_DES_C)
762 #if defined(MBEDTLS_CIPHER_MODE_CBC)
763 #if defined(MBEDTLS_SHA1_C)
764 { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
765 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
766 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
767 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
768 0 },
769 #endif /* MBEDTLS_SHA1_C */
770 #endif /* MBEDTLS_CIPHER_MODE_CBC */
771 #endif /* MBEDTLS_DES_C */
772 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
773
774 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
775 #if defined(MBEDTLS_AES_C)
776 #if defined(HAVE_SHA384) && defined(MBEDTLS_GCM_C)
777 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
778 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
779 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
780 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
781 0 },
782 #endif /* HAVE_SHA384 && MBEDTLS_GCM_C */
783
784 #if defined(MBEDTLS_SHA256_C)
785 #if defined(MBEDTLS_GCM_C)
786 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
787 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
788 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
789 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
790 0 },
791 #endif /* MBEDTLS_GCM_C */
792
793 #if defined(MBEDTLS_CIPHER_MODE_CBC)
794 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
795 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
796 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
797 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
798 0 },
799
800 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
801 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
802 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
803 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
804 0 },
805 #endif /* MBEDTLS_CIPHER_MODE_CBC */
806 #endif /* MBEDTLS_SHA256_C */
807
808 #if defined(MBEDTLS_SHA1_C)
809 #if defined(MBEDTLS_CIPHER_MODE_CBC)
810 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
811 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
812 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
813 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
814 0 },
815
816 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
817 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
818 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
819 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
820 0 },
821 #endif /* MBEDTLS_CIPHER_MODE_CBC */
822 #endif /* MBEDTLS_SHA1_C */
823 #if defined(MBEDTLS_CCM_C)
824 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
825 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
826 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
827 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
828 0 },
829 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
830 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
831 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
832 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
833 MBEDTLS_CIPHERSUITE_SHORT_TAG },
834 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
835 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
836 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
837 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
838 0 },
839 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
840 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
841 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
842 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
843 MBEDTLS_CIPHERSUITE_SHORT_TAG },
844 #endif /* MBEDTLS_CCM_C */
845 #endif /* MBEDTLS_AES_C */
846
847 #if defined(MBEDTLS_CAMELLIA_C)
848 #if defined(MBEDTLS_CIPHER_MODE_CBC)
849 #if defined(MBEDTLS_SHA256_C)
850 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
851 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
852 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
853 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
854 0 },
855
856 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
857 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
858 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
859 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
860 0 },
861 #endif /* MBEDTLS_SHA256_C */
862
863 #if defined(MBEDTLS_SHA1_C)
864 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
865 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
866 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
867 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
868 0 },
869
870 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
871 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
872 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
873 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
874 0 },
875 #endif /* MBEDTLS_SHA1_C */
876 #endif /* MBEDTLS_CIPHER_MODE_CBC */
877
878 #if defined(MBEDTLS_GCM_C)
879 #if defined(MBEDTLS_SHA256_C)
880 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
881 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
882 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
883 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
884 0 },
885 #endif /* MBEDTLS_SHA256_C */
886
887 #if defined(HAVE_SHA384)
888 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
889 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
890 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
891 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
892 0 },
893 #endif /* HAVE_SHA384 */
894 #endif /* MBEDTLS_GCM_C */
895 #endif /* MBEDTLS_CAMELLIA_C */
896
897 #if defined(MBEDTLS_DES_C)
898 #if defined(MBEDTLS_CIPHER_MODE_CBC)
899 #if defined(MBEDTLS_SHA1_C)
900 { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
901 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
902 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
903 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
904 0 },
905 #endif /* MBEDTLS_SHA1_C */
906 #endif /* MBEDTLS_CIPHER_MODE_CBC */
907 #endif /* MBEDTLS_DES_C */
908
909 #if defined(MBEDTLS_ARC4_C)
910 #if defined(MBEDTLS_MD5_C)
911 { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
912 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
913 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
914 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
915 MBEDTLS_CIPHERSUITE_NODTLS },
916 #endif
917
918 #if defined(MBEDTLS_SHA1_C)
919 { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
920 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
921 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
922 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
923 MBEDTLS_CIPHERSUITE_NODTLS },
924 #endif
925 #endif /* MBEDTLS_ARC4_C */
926 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
927
928 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
929 #if defined(MBEDTLS_AES_C)
930 #if defined(MBEDTLS_SHA1_C)
931 #if defined(MBEDTLS_CIPHER_MODE_CBC)
932 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
933 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
934 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
935 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
936 0 },
937 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
938 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
939 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
940 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
941 0 },
942 #endif /* MBEDTLS_CIPHER_MODE_CBC */
943 #endif /* MBEDTLS_SHA1_C */
944 #if defined(MBEDTLS_SHA256_C)
945 #if defined(MBEDTLS_CIPHER_MODE_CBC)
946 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
947 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
948 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
949 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
950 0 },
951 #endif /* MBEDTLS_CIPHER_MODE_CBC */
952 #if defined(MBEDTLS_GCM_C)
953 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
954 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
955 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
956 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
957 0 },
958 #endif /* MBEDTLS_GCM_C */
959 #endif /* MBEDTLS_SHA256_C */
960 #if defined(HAVE_SHA384)
961 #if defined(MBEDTLS_CIPHER_MODE_CBC)
962 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
963 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
964 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
965 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
966 0 },
967 #endif /* MBEDTLS_CIPHER_MODE_CBC */
968 #if defined(MBEDTLS_GCM_C)
969 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
970 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
971 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
972 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
973 0 },
974 #endif /* MBEDTLS_GCM_C */
975 #endif /* HAVE_SHA384 */
976 #endif /* MBEDTLS_AES_C */
977
978 #if defined(MBEDTLS_CAMELLIA_C)
979 #if defined(MBEDTLS_CIPHER_MODE_CBC)
980 #if defined(MBEDTLS_SHA256_C)
981 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
982 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
983 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
984 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
985 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
986 0 },
987 #endif /* MBEDTLS_SHA256_C */
988 #if defined(HAVE_SHA384)
989 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
990 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
991 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
992 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
993 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
994 0 },
995 #endif /* HAVE_SHA384 */
996 #endif /* MBEDTLS_CIPHER_MODE_CBC */
997
998 #if defined(MBEDTLS_GCM_C)
999 #if defined(MBEDTLS_SHA256_C)
1000 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
1001 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
1002 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1003 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1004 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1005 0 },
1006 #endif /* MBEDTLS_SHA256_C */
1007 #if defined(HAVE_SHA384)
1008 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
1009 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
1010 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1011 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1012 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1013 0 },
1014 #endif /* HAVE_SHA384 */
1015 #endif /* MBEDTLS_GCM_C */
1016 #endif /* MBEDTLS_CAMELLIA_C */
1017
1018 #if defined(MBEDTLS_DES_C)
1019 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1020 #if defined(MBEDTLS_SHA1_C)
1021 { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
1022 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1023 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1024 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1025 0 },
1026 #endif /* MBEDTLS_SHA1_C */
1027 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1028 #endif /* MBEDTLS_DES_C */
1029
1030 #if defined(MBEDTLS_ARC4_C)
1031 #if defined(MBEDTLS_SHA1_C)
1032 { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
1033 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1034 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1035 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1036 MBEDTLS_CIPHERSUITE_NODTLS },
1037 #endif /* MBEDTLS_SHA1_C */
1038 #endif /* MBEDTLS_ARC4_C */
1039
1040 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1041 #if defined(MBEDTLS_SHA1_C)
1042 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
1043 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1044 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1045 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1046 MBEDTLS_CIPHERSUITE_WEAK },
1047 #endif /* MBEDTLS_SHA1_C */
1048 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1049 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1050
1051 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1052 #if defined(MBEDTLS_AES_C)
1053 #if defined(MBEDTLS_SHA1_C)
1054 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1055 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
1056 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1057 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1058 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1059 0 },
1060 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
1061 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1062 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1063 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1064 0 },
1065 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1066 #endif /* MBEDTLS_SHA1_C */
1067 #if defined(MBEDTLS_SHA256_C)
1068 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1069 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
1070 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1071 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1072 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1073 0 },
1074 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1075 #if defined(MBEDTLS_GCM_C)
1076 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
1077 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1078 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1079 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1080 0 },
1081 #endif /* MBEDTLS_GCM_C */
1082 #endif /* MBEDTLS_SHA256_C */
1083 #if defined(HAVE_SHA384)
1084 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1085 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
1086 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1087 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1088 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1089 0 },
1090 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1091 #if defined(MBEDTLS_GCM_C)
1092 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
1093 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1094 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1095 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1096 0 },
1097 #endif /* MBEDTLS_GCM_C */
1098 #endif /* HAVE_SHA384 */
1099 #endif /* MBEDTLS_AES_C */
1100
1101 #if defined(MBEDTLS_CAMELLIA_C)
1102 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1103 #if defined(MBEDTLS_SHA256_C)
1104 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
1105 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
1106 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1107 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1108 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1109 0 },
1110 #endif /* MBEDTLS_SHA256_C */
1111 #if defined(HAVE_SHA384)
1112 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
1113 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
1114 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1115 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1116 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1117 0 },
1118 #endif /* HAVE_SHA384 */
1119 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1120
1121 #if defined(MBEDTLS_GCM_C)
1122 #if defined(MBEDTLS_SHA256_C)
1123 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
1124 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
1125 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1126 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1127 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1128 0 },
1129 #endif /* MBEDTLS_SHA256_C */
1130 #if defined(HAVE_SHA384)
1131 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
1132 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
1133 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1134 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1135 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1136 0 },
1137 #endif /* HAVE_SHA384 */
1138 #endif /* MBEDTLS_GCM_C */
1139 #endif /* MBEDTLS_CAMELLIA_C */
1140
1141 #if defined(MBEDTLS_DES_C)
1142 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1143 #if defined(MBEDTLS_SHA1_C)
1144 { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
1145 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1146 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1147 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1148 0 },
1149 #endif /* MBEDTLS_SHA1_C */
1150 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1151 #endif /* MBEDTLS_DES_C */
1152
1153 #if defined(MBEDTLS_ARC4_C)
1154 #if defined(MBEDTLS_SHA1_C)
1155 { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
1156 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1157 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1158 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1159 MBEDTLS_CIPHERSUITE_NODTLS },
1160 #endif /* MBEDTLS_SHA1_C */
1161 #endif /* MBEDTLS_ARC4_C */
1162
1163 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1164 #if defined(MBEDTLS_SHA1_C)
1165 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
1166 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1167 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1168 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1169 MBEDTLS_CIPHERSUITE_WEAK },
1170 #endif /* MBEDTLS_SHA1_C */
1171 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1172 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1173
1174 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1175 #if defined(MBEDTLS_AES_C)
1176 #if defined(MBEDTLS_GCM_C)
1177 #if defined(MBEDTLS_SHA256_C)
1178 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
1179 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1180 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1181 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1182 0 },
1183 #endif /* MBEDTLS_SHA256_C */
1184
1185 #if defined(HAVE_SHA384)
1186 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1187 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1188 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1189 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1190 0 },
1191 #endif /* HAVE_SHA384 */
1192 #endif /* MBEDTLS_GCM_C */
1193
1194 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1195 #if defined(MBEDTLS_SHA256_C)
1196 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1197 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1198 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1199 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1200 0 },
1201 #endif /* MBEDTLS_SHA256_C */
1202
1203 #if defined(HAVE_SHA384)
1204 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1205 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1206 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1207 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1208 0 },
1209 #endif /* HAVE_SHA384 */
1210
1211 #if defined(MBEDTLS_SHA1_C)
1212 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1213 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1214 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1215 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1216 0 },
1217
1218 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1219 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1220 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1221 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1222 0 },
1223 #endif /* MBEDTLS_SHA1_C */
1224 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1225 #if defined(MBEDTLS_CCM_C)
1226 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1227 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1228 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1229 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1230 0 },
1231 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1232 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1233 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1234 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1235 MBEDTLS_CIPHERSUITE_SHORT_TAG },
1236 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1237 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1238 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1239 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1240 0 },
1241 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1242 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1243 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1244 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1245 MBEDTLS_CIPHERSUITE_SHORT_TAG },
1246 #endif /* MBEDTLS_CCM_C */
1247 #endif /* MBEDTLS_AES_C */
1248
1249 #if defined(MBEDTLS_CAMELLIA_C)
1250 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1251 #if defined(MBEDTLS_SHA256_C)
1252 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1253 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1254 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1255 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1256 0 },
1257 #endif /* MBEDTLS_SHA256_C */
1258
1259 #if defined(HAVE_SHA384)
1260 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1261 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1262 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1263 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1264 0 },
1265 #endif /* HAVE_SHA384 */
1266 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1267
1268 #if defined(MBEDTLS_GCM_C)
1269 #if defined(MBEDTLS_SHA256_C)
1270 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1271 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1272 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1273 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1274 0 },
1275 #endif /* MBEDTLS_SHA256_C */
1276
1277 #if defined(HAVE_SHA384)
1278 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1279 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1280 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1281 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1282 0 },
1283 #endif /* HAVE_SHA384 */
1284 #endif /* MBEDTLS_GCM_C */
1285 #endif /* MBEDTLS_CAMELLIA_C */
1286
1287 #if defined(MBEDTLS_DES_C)
1288 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1289 #if defined(MBEDTLS_SHA1_C)
1290 { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
1291 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1292 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1293 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1294 0 },
1295 #endif /* MBEDTLS_SHA1_C */
1296 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1297 #endif /* MBEDTLS_DES_C */
1298
1299 #if defined(MBEDTLS_ARC4_C)
1300 #if defined(MBEDTLS_SHA1_C)
1301 { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
1302 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1303 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1304 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1305 MBEDTLS_CIPHERSUITE_NODTLS },
1306 #endif /* MBEDTLS_SHA1_C */
1307 #endif /* MBEDTLS_ARC4_C */
1308 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1309
1310 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1311 #if defined(MBEDTLS_AES_C)
1312 #if defined(MBEDTLS_GCM_C)
1313 #if defined(MBEDTLS_SHA256_C)
1314 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1315 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1316 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1317 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1318 0 },
1319 #endif /* MBEDTLS_SHA256_C */
1320
1321 #if defined(HAVE_SHA384)
1322 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1323 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1324 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1325 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1326 0 },
1327 #endif /* HAVE_SHA384 */
1328 #endif /* MBEDTLS_GCM_C */
1329
1330 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1331 #if defined(MBEDTLS_SHA256_C)
1332 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1333 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1334 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1335 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1336 0 },
1337 #endif /* MBEDTLS_SHA256_C */
1338
1339 #if defined(HAVE_SHA384)
1340 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1341 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1342 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1343 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1344 0 },
1345 #endif /* HAVE_SHA384 */
1346
1347 #if defined(MBEDTLS_SHA1_C)
1348 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1349 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1350 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1351 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1352 0 },
1353
1354 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1355 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1356 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1357 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1358 0 },
1359 #endif /* MBEDTLS_SHA1_C */
1360 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1361 #if defined(MBEDTLS_CCM_C)
1362 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1363 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1364 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1365 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1366 0 },
1367 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1368 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1369 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1370 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1371 MBEDTLS_CIPHERSUITE_SHORT_TAG },
1372 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1373 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1374 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1375 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1376 0 },
1377 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1378 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1379 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1380 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1381 MBEDTLS_CIPHERSUITE_SHORT_TAG },
1382 #endif /* MBEDTLS_CCM_C */
1383 #endif /* MBEDTLS_AES_C */
1384
1385 #if defined(MBEDTLS_CAMELLIA_C)
1386 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1387 #if defined(MBEDTLS_SHA256_C)
1388 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1389 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1390 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1391 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1392 0 },
1393 #endif /* MBEDTLS_SHA256_C */
1394
1395 #if defined(HAVE_SHA384)
1396 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1397 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1398 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1399 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1400 0 },
1401 #endif /* HAVE_SHA384 */
1402 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1403
1404 #if defined(MBEDTLS_GCM_C)
1405 #if defined(MBEDTLS_SHA256_C)
1406 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1407 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1408 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1409 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1410 0 },
1411 #endif /* MBEDTLS_SHA256_C */
1412
1413 #if defined(HAVE_SHA384)
1414 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1415 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1416 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1417 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1418 0 },
1419 #endif /* HAVE_SHA384 */
1420 #endif /* MBEDTLS_GCM_C */
1421 #endif /* MBEDTLS_CAMELLIA_C */
1422
1423 #if defined(MBEDTLS_DES_C)
1424 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1425 #if defined(MBEDTLS_SHA1_C)
1426 { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
1427 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1428 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1429 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1430 0 },
1431 #endif /* MBEDTLS_SHA1_C */
1432 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1433 #endif /* MBEDTLS_DES_C */
1434
1435 #if defined(MBEDTLS_ARC4_C)
1436 #if defined(MBEDTLS_SHA1_C)
1437 { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
1438 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1439 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1440 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1441 MBEDTLS_CIPHERSUITE_NODTLS },
1442 #endif /* MBEDTLS_SHA1_C */
1443 #endif /* MBEDTLS_ARC4_C */
1444 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1445
1446 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1447 #if defined(MBEDTLS_AES_C)
1448
1449 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1450 #if defined(MBEDTLS_SHA256_C)
1451 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1452 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1453 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1454 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1455 0 },
1456 #endif /* MBEDTLS_SHA256_C */
1457
1458 #if defined(HAVE_SHA384)
1459 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1460 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1461 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1462 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1463 0 },
1464 #endif /* HAVE_SHA384 */
1465
1466 #if defined(MBEDTLS_SHA1_C)
1467 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1468 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1469 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1470 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1471 0 },
1472
1473 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1474 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1475 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1476 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1477 0 },
1478 #endif /* MBEDTLS_SHA1_C */
1479 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1480 #endif /* MBEDTLS_AES_C */
1481
1482 #if defined(MBEDTLS_CAMELLIA_C)
1483 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1484 #if defined(MBEDTLS_SHA256_C)
1485 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1486 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1487 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1488 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1489 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1490 0 },
1491 #endif /* MBEDTLS_SHA256_C */
1492
1493 #if defined(HAVE_SHA384)
1494 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1495 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1496 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1497 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1498 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1499 0 },
1500 #endif /* HAVE_SHA384 */
1501 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1502 #endif /* MBEDTLS_CAMELLIA_C */
1503
1504 #if defined(MBEDTLS_DES_C)
1505 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1506 #if defined(MBEDTLS_SHA1_C)
1507 { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
1508 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1509 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1510 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1511 0 },
1512 #endif /* MBEDTLS_SHA1_C */
1513 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1514 #endif /* MBEDTLS_DES_C */
1515
1516 #if defined(MBEDTLS_ARC4_C)
1517 #if defined(MBEDTLS_SHA1_C)
1518 { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
1519 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1520 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1521 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1522 MBEDTLS_CIPHERSUITE_NODTLS },
1523 #endif /* MBEDTLS_SHA1_C */
1524 #endif /* MBEDTLS_ARC4_C */
1525 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1526
1527 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1528 #if defined(MBEDTLS_AES_C)
1529 #if defined(MBEDTLS_GCM_C)
1530 #if defined(MBEDTLS_SHA256_C)
1531 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1532 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1533 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1534 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1535 0 },
1536 #endif /* MBEDTLS_SHA256_C */
1537
1538 #if defined(HAVE_SHA384)
1539 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1540 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1541 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1542 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1543 0 },
1544 #endif /* HAVE_SHA384 */
1545 #endif /* MBEDTLS_GCM_C */
1546
1547 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1548 #if defined(MBEDTLS_SHA256_C)
1549 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1550 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1551 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1552 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1553 0 },
1554 #endif /* MBEDTLS_SHA256_C */
1555
1556 #if defined(HAVE_SHA384)
1557 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1558 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1559 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1560 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1561 0 },
1562 #endif /* HAVE_SHA384 */
1563
1564 #if defined(MBEDTLS_SHA1_C)
1565 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1566 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1567 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1568 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1569 0 },
1570
1571 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1572 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1573 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1574 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1575 0 },
1576 #endif /* MBEDTLS_SHA1_C */
1577 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1578 #endif /* MBEDTLS_AES_C */
1579
1580 #if defined(MBEDTLS_CAMELLIA_C)
1581 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1582 #if defined(MBEDTLS_SHA256_C)
1583 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1584 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1585 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1586 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1587 0 },
1588 #endif /* MBEDTLS_SHA256_C */
1589
1590 #if defined(HAVE_SHA384)
1591 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1592 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1593 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1594 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1595 0 },
1596 #endif /* HAVE_SHA384 */
1597 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1598
1599 #if defined(MBEDTLS_GCM_C)
1600 #if defined(MBEDTLS_SHA256_C)
1601 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1602 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1603 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1604 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1605 0 },
1606 #endif /* MBEDTLS_SHA256_C */
1607
1608 #if defined(HAVE_SHA384)
1609 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1610 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1611 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1612 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1613 0 },
1614 #endif /* HAVE_SHA384 */
1615 #endif /* MBEDTLS_GCM_C */
1616 #endif /* MBEDTLS_CAMELLIA_C */
1617
1618 #if defined(MBEDTLS_DES_C)
1619 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1620 #if defined(MBEDTLS_SHA1_C)
1621 { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
1622 MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1623 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1624 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1625 0 },
1626 #endif /* MBEDTLS_SHA1_C */
1627 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1628 #endif /* MBEDTLS_DES_C */
1629
1630 #if defined(MBEDTLS_ARC4_C)
1631 #if defined(MBEDTLS_SHA1_C)
1632 { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
1633 MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1634 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1635 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1636 MBEDTLS_CIPHERSUITE_NODTLS },
1637 #endif /* MBEDTLS_SHA1_C */
1638 #endif /* MBEDTLS_ARC4_C */
1639 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1640
1641 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1642 #if defined(MBEDTLS_AES_C)
1643 #if defined(MBEDTLS_CCM_C)
1644 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1645 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1646 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1647 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1648 MBEDTLS_CIPHERSUITE_SHORT_TAG },
1649 #endif /* MBEDTLS_CCM_C */
1650 #endif /* MBEDTLS_AES_C */
1651 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1652
1653 #if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
1654 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1655 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1656 #if defined(MBEDTLS_MD5_C)
1657 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1658 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1659 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1660 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1661 MBEDTLS_CIPHERSUITE_WEAK },
1662 #endif
1663
1664 #if defined(MBEDTLS_SHA1_C)
1665 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1666 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1667 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1668 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1669 MBEDTLS_CIPHERSUITE_WEAK },
1670 #endif
1671
1672 #if defined(MBEDTLS_SHA256_C)
1673 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1674 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1675 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1676 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1677 MBEDTLS_CIPHERSUITE_WEAK },
1678 #endif
1679 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1680
1681 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1682 #if defined(MBEDTLS_SHA1_C)
1683 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1684 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1685 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1686 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1687 MBEDTLS_CIPHERSUITE_WEAK },
1688 #endif /* MBEDTLS_SHA1_C */
1689
1690 #if defined(MBEDTLS_SHA256_C)
1691 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1692 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1693 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1694 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1695 MBEDTLS_CIPHERSUITE_WEAK },
1696 #endif
1697
1698 #if defined(HAVE_SHA384)
1699 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1700 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1701 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1702 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1703 MBEDTLS_CIPHERSUITE_WEAK },
1704 #endif
1705 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1706
1707 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1708 #if defined(MBEDTLS_SHA1_C)
1709 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1710 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1711 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1712 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1713 MBEDTLS_CIPHERSUITE_WEAK },
1714 #endif /* MBEDTLS_SHA1_C */
1715
1716 #if defined(MBEDTLS_SHA256_C)
1717 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1718 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1719 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1720 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1721 MBEDTLS_CIPHERSUITE_WEAK },
1722 #endif
1723
1724 #if defined(HAVE_SHA384)
1725 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1726 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1727 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1728 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1729 MBEDTLS_CIPHERSUITE_WEAK },
1730 #endif
1731 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1732
1733 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1734 #if defined(MBEDTLS_SHA1_C)
1735 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1736 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1737 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1738 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1739 MBEDTLS_CIPHERSUITE_WEAK },
1740 #endif /* MBEDTLS_SHA1_C */
1741
1742 #if defined(MBEDTLS_SHA256_C)
1743 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1744 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1745 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1746 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1747 MBEDTLS_CIPHERSUITE_WEAK },
1748 #endif
1749
1750 #if defined(HAVE_SHA384)
1751 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1752 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1753 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1754 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1755 MBEDTLS_CIPHERSUITE_WEAK },
1756 #endif
1757 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1758
1759 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1760 #if defined(MBEDTLS_SHA1_C)
1761 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1762 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1763 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1764 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1765 MBEDTLS_CIPHERSUITE_WEAK },
1766 #endif /* MBEDTLS_SHA1_C */
1767
1768 #if defined(MBEDTLS_SHA256_C)
1769 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1770 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1771 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1772 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1773 MBEDTLS_CIPHERSUITE_WEAK },
1774 #endif
1775
1776 #if defined(HAVE_SHA384)
1777 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1778 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1779 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
1780 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1781 MBEDTLS_CIPHERSUITE_WEAK },
1782 #endif
1783 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1784 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1785
1786 #if defined(MBEDTLS_DES_C)
1787 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1788 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1789 #if defined(MBEDTLS_SHA1_C)
1790 { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
1791 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1792 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1793 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1794 MBEDTLS_CIPHERSUITE_WEAK },
1795 #endif /* MBEDTLS_SHA1_C */
1796 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1797
1798 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1799 #if defined(MBEDTLS_SHA1_C)
1800 { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
1801 MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1802 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
1803 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1804 MBEDTLS_CIPHERSUITE_WEAK },
1805 #endif /* MBEDTLS_SHA1_C */
1806 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1807 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1808 #endif /* MBEDTLS_DES_C */
1809 #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
1810
1811 #if defined(MBEDTLS_ARIA_C)
1812
1813 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1814
1815 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
1816 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
1817 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
1818 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1819 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1820 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1821 0 },
1822 #endif
1823 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
1824 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
1825 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
1826 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1827 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1828 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1829 0 },
1830 #endif
1831 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
1832 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
1833 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
1834 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1835 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1836 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1837 0 },
1838 #endif
1839 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
1840 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
1841 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
1842 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1843 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1844 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1845 0 },
1846 #endif
1847
1848 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1849
1850 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1851
1852 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
1853 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
1854 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
1855 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1856 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1857 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1858 0 },
1859 #endif
1860 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
1861 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
1862 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
1863 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1864 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1865 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1866 0 },
1867 #endif
1868 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
1869 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
1870 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
1871 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1872 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1873 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1874 0 },
1875 #endif
1876 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
1877 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
1878 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
1879 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1880 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1881 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1882 0 },
1883 #endif
1884
1885 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1886
1887 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1888
1889 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
1890 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
1891 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1892 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1893 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1894 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1895 0 },
1896 #endif
1897 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
1898 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
1899 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
1900 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1901 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1902 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1903 0 },
1904 #endif
1905 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
1906 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
1907 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
1908 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1909 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1910 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1911 0 },
1912 #endif
1913 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
1914 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
1915 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
1916 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1917 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1918 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1919 0 },
1920 #endif
1921
1922 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1923
1924 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1925
1926 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
1927 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
1928 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
1929 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1930 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1931 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1932 0 },
1933 #endif
1934 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
1935 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
1936 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
1937 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1938 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1939 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1940 0 },
1941 #endif
1942 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
1943 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
1944 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
1945 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1946 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1947 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1948 0 },
1949 #endif
1950 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
1951 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
1952 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
1953 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1954 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1955 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1956 0 },
1957 #endif
1958
1959 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1960
1961 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1962
1963 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
1964 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
1965 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
1966 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1967 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1968 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1969 0 },
1970 #endif
1971 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
1972 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
1973 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
1974 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1975 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1976 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1977 0 },
1978 #endif
1979 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
1980 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
1981 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
1982 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1983 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1984 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1985 0 },
1986 #endif
1987 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
1988 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
1989 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
1990 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1991 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1992 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
1993 0 },
1994 #endif
1995
1996 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1997
1998 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1999
2000 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
2001 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
2002 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
2003 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
2004 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2005 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2006 0 },
2007 #endif
2008 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
2009 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
2010 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
2011 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
2012 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2013 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2014 0 },
2015 #endif
2016
2017 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
2018
2019 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
2020
2021 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
2022 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
2023 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
2024 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
2025 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2026 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2027 0 },
2028 #endif
2029 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
2030 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
2031 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
2032 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
2033 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2034 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2035 0 },
2036 #endif
2037 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
2038 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
2039 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
2040 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
2041 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2042 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2043 0 },
2044 #endif
2045 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
2046 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
2047 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
2048 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
2049 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2050 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2051 0 },
2052 #endif
2053
2054 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
2055
2056 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
2057
2058 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
2059 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
2060 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
2061 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
2062 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2063 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2064 0 },
2065 #endif
2066 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
2067 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
2068 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
2069 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
2070 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2071 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2072 0 },
2073 #endif
2074 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
2075 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
2076 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
2077 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
2078 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2079 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2080 0 },
2081 #endif
2082 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
2083 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
2084 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
2085 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
2086 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2087 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2088 0 },
2089 #endif
2090
2091 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
2092
2093 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
2094
2095 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
2096 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2097 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
2098 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
2099 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2100 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2101 0 },
2102 #endif
2103 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
2104 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
2105 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
2106 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
2107 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2108 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2109 0 },
2110 #endif
2111 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
2112 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2113 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
2114 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
2115 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2116 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2117 0 },
2118 #endif
2119 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
2120 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
2121 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
2122 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
2123 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2124 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2125 0 },
2126 #endif
2127
2128 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
2129
2130 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
2131
2132 #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
2133 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
2134 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
2135 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
2136 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2137 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2138 0 },
2139 #endif
2140 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
2141 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
2142 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
2143 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
2144 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2145 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2146 0 },
2147 #endif
2148 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
2149 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
2150 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
2151 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
2152 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2153 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2154 0 },
2155 #endif
2156 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
2157 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
2158 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
2159 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
2160 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2161 MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
2162 0 },
2163 #endif
2164
2165 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
2166
2167 #endif /* MBEDTLS_ARIA_C */
2168
2169
2170 { 0, "",
2171 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
2172 0, 0, 0, 0, 0 }
2173 };
2174
2175 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)2176 const int *mbedtls_ssl_list_ciphersuites(void)
2177 {
2178 return ciphersuite_preference;
2179 }
2180 #else
2181 #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
2182 sizeof(ciphersuite_definitions[0])
2183 static int supported_ciphersuites[MAX_CIPHERSUITES];
2184 static int supported_init = 0;
2185
2186 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)2187 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
2188 {
2189 (void) cs_info;
2190
2191 #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
2192 if (cs_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
2193 return 1;
2194 }
2195 #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
2196
2197 #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
2198 if (cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
2199 cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC) {
2200 return 1;
2201 }
2202 #endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
2203
2204 return 0;
2205 }
2206
mbedtls_ssl_list_ciphersuites(void)2207 const int *mbedtls_ssl_list_ciphersuites(void)
2208 {
2209 /*
2210 * On initial call filter out all ciphersuites not supported by current
2211 * build based on presence in the ciphersuite_definitions.
2212 */
2213 if (supported_init == 0) {
2214 const int *p;
2215 int *q;
2216
2217 for (p = ciphersuite_preference, q = supported_ciphersuites;
2218 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
2219 p++) {
2220 const mbedtls_ssl_ciphersuite_t *cs_info;
2221 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
2222 !ciphersuite_is_removed(cs_info)) {
2223 *(q++) = *p;
2224 }
2225 }
2226 *q = 0;
2227
2228 supported_init = 1;
2229 }
2230
2231 return supported_ciphersuites;
2232 }
2233 #endif /* MBEDTLS_SSL_CIPHERSUITES */
2234
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)2235 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
2236 const char *ciphersuite_name)
2237 {
2238 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
2239
2240 if (NULL == ciphersuite_name) {
2241 return NULL;
2242 }
2243
2244 while (cur->id != 0) {
2245 if (0 == strcmp(cur->name, ciphersuite_name)) {
2246 return cur;
2247 }
2248
2249 cur++;
2250 }
2251
2252 return NULL;
2253 }
2254
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)2255 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
2256 {
2257 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
2258
2259 while (cur->id != 0) {
2260 if (cur->id == ciphersuite) {
2261 return cur;
2262 }
2263
2264 cur++;
2265 }
2266
2267 return NULL;
2268 }
2269
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)2270 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
2271 {
2272 const mbedtls_ssl_ciphersuite_t *cur;
2273
2274 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
2275
2276 if (cur == NULL) {
2277 return "unknown";
2278 }
2279
2280 return cur->name;
2281 }
2282
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)2283 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
2284 {
2285 const mbedtls_ssl_ciphersuite_t *cur;
2286
2287 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
2288
2289 if (cur == NULL) {
2290 return 0;
2291 }
2292
2293 return cur->id;
2294 }
2295
2296 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)2297 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
2298 {
2299 switch (info->key_exchange) {
2300 case MBEDTLS_KEY_EXCHANGE_RSA:
2301 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
2302 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2303 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2304 return MBEDTLS_PK_RSA;
2305
2306 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2307 return MBEDTLS_PK_ECDSA;
2308
2309 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2310 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
2311 return MBEDTLS_PK_ECKEY;
2312
2313 default:
2314 return MBEDTLS_PK_NONE;
2315 }
2316 }
2317
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)2318 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
2319 {
2320 switch (info->key_exchange) {
2321 case MBEDTLS_KEY_EXCHANGE_RSA:
2322 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
2323 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2324 return MBEDTLS_PK_RSA;
2325
2326 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2327 return MBEDTLS_PK_ECDSA;
2328
2329 default:
2330 return MBEDTLS_PK_NONE;
2331 }
2332 }
2333
2334 #endif /* MBEDTLS_PK_C */
2335
2336 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
2337 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)2338 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
2339 {
2340 switch (info->key_exchange) {
2341 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2342 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2343 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2344 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2345 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
2346 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
2347 return 1;
2348
2349 default:
2350 return 0;
2351 }
2352 }
2353 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
2354
2355 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)2356 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
2357 {
2358 switch (info->key_exchange) {
2359 case MBEDTLS_KEY_EXCHANGE_PSK:
2360 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2361 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2362 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2363 return 1;
2364
2365 default:
2366 return 0;
2367 }
2368 }
2369 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2370
2371 #endif /* MBEDTLS_SSL_TLS_C */
2372