- Moved ciphersuite naming scheme to IANA reserved names
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 3cd05ab..7631a22 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -138,8 +138,6 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
-
/*
* 3. Write the GET request
*/
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 949ef58..6e047dc 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -475,9 +475,7 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
- ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
- else
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_renegotiation( &ssl, opt.renegotiation );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 0ef3cf9..0242770 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -78,42 +78,6 @@
return( 0 );
}
#else
-/*
- * Computing a "safe" DH-1024 prime can take a very
- * long time, so a precomputed value is provided below.
- * You may run dh_genprime to generate a new value.
- */
-char *my_dhm_P =
- "E4004C1F94182000103D883A448B3F80" \
- "2CE4B44A83301270002C20D0321CFD00" \
- "11CCEF784C26A400F43DFB901BCA7538" \
- "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
- "F6AC8E1DA6BCC3B4E1F96B0564965300" \
- "FFA1D0B601EB2800F489AA512C4B248C" \
- "01F76949A60BB7F00A40B1EAB64BDD48" \
- "E8A700D60B7F1200FA8E77B0A979DABF";
-
-char *my_dhm_G = "4";
-
-/*
- * Sorted by order of preference
- */
-int my_ciphersuites[] =
-{
- SSL_EDH_RSA_AES_256_SHA,
- SSL_EDH_RSA_CAMELLIA_256_SHA,
- SSL_EDH_RSA_AES_128_SHA,
- SSL_EDH_RSA_CAMELLIA_128_SHA,
- SSL_EDH_RSA_DES_168_SHA,
- SSL_RSA_AES_256_SHA,
- SSL_RSA_CAMELLIA_256_SHA,
- SSL_RSA_AES_128_SHA,
- SSL_RSA_CAMELLIA_128_SHA,
- SSL_RSA_DES_168_SHA,
- SSL_RSA_RC4_128_SHA,
- SSL_RSA_RC4_128_MD5,
- 0
-};
#define DEBUG_LEVEL 0
@@ -295,13 +259,8 @@
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
- ssl_set_ciphersuites( &ssl, my_ciphersuites );
-
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
-#if defined(POLARSSL_DHM_C)
- ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
-#endif
/*
* 5. Handshake
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index b303df8..4eb49e2 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -172,7 +172,7 @@
printf( " . Peer certificate information ...\n" );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
- ssl_get_peer_cert( &ssl ) );
+ ssl_get_peer_cert( ssl ) );
printf( "%s\n", buf );
return( 0 );
@@ -588,9 +588,7 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
- ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
- else
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 604612f..fc1f4ed 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -54,90 +54,6 @@
"<h2>PolarSSL Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
-/*
- * Sorted by order of preference
- */
-int my_ciphersuites[] =
-{
-#if defined(POLARSSL_DHM_C)
-#if defined(POLARSSL_AES_C)
-#if defined(POLARSSL_SHA2_C)
- SSL_EDH_RSA_AES_256_SHA256,
- SSL_EDH_RSA_AES_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
- SSL_EDH_RSA_AES_256_SHA,
- SSL_EDH_RSA_AES_128_SHA,
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
- SSL_EDH_RSA_AES_256_GCM_SHA384,
-#endif
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
- SSL_EDH_RSA_AES_128_GCM_SHA256,
-#endif
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#if defined(POLARSSL_SHA2_C)
- SSL_EDH_RSA_CAMELLIA_256_SHA256,
- SSL_EDH_RSA_CAMELLIA_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
- SSL_EDH_RSA_CAMELLIA_256_SHA,
- SSL_EDH_RSA_CAMELLIA_128_SHA,
-#endif
-#if defined(POLARSSL_DES_C)
- SSL_EDH_RSA_DES_168_SHA,
-#endif
-#endif
-
-#if defined(POLARSSL_AES_C)
-#if defined(POLARSSL_SHA2_C)
- SSL_RSA_AES_256_SHA256,
-#endif /* POLARSSL_SHA2_C */
- SSL_RSA_AES_256_SHA,
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#if defined(POLARSSL_SHA2_C)
- SSL_RSA_CAMELLIA_256_SHA256,
-#endif /* POLARSSL_SHA2_C */
- SSL_RSA_CAMELLIA_256_SHA,
-#endif
-#if defined(POLARSSL_AES_C)
-#if defined(POLARSSL_SHA2_C)
- SSL_RSA_AES_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
- SSL_RSA_AES_128_SHA,
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
- SSL_RSA_AES_256_GCM_SHA384,
-#endif
-#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
- SSL_RSA_AES_128_GCM_SHA256,
-#endif
-#endif
-#if defined(POLARSSL_CAMELLIA_C)
-#if defined(POLARSSL_SHA2_C)
- SSL_RSA_CAMELLIA_128_SHA256,
-#endif /* POLARSSL_SHA2_C */
- SSL_RSA_CAMELLIA_128_SHA,
-#endif
-#if defined(POLARSSL_DES_C)
- SSL_RSA_DES_168_SHA,
-#endif
-#if defined(POLARSSL_ARC4_C)
- SSL_RSA_RC4_128_SHA,
- SSL_RSA_RC4_128_MD5,
-#endif
-#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
-#if defined(POLARSSL_DES_C)
- SSL_EDH_RSA_DES_SHA,
- SSL_RSA_DES_SHA,
-#endif
-#if defined(POLARSSL_CIPHER_NULL_CIPHER)
- SSL_RSA_NULL_MD5,
- SSL_RSA_NULL_SHA,
- SSL_RSA_NULL_SHA256,
-#endif
-#endif
- 0
-};
-
#define DEBUG_LEVEL 0
void my_debug( void *ctx, int level, const char *str )
@@ -282,8 +198,6 @@
ssl_cache_set, &cache );
#endif
- ssl_set_ciphersuites( &ssl, my_ciphersuites );
-
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3e2c35e..f6cf487 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -92,6 +92,96 @@
}
}
+/*
+ * Sorted by order of preference
+ */
+int my_ciphersuites[] =
+{
+#if defined(POLARSSL_DHM_C)
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+#endif
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+#if defined(POLARSSL_SHA2_C)
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+#endif
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+#endif
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+#if defined(POLARSSL_SHA2_C)
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_DES_C)
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
+#endif
+
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+#endif /* POLARSSL_SHA2_C */
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+#endif
+#if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+#endif /* POLARSSL_SHA2_C */
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+#endif /* POLARSSL_SHA2_C */
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+#endif
+#if defined(POLARSSL_DES_C)
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
+#if defined(POLARSSL_ARC4_C)
+ TLS_RSA_WITH_RC4_128_SHA,
+ TLS_RSA_WITH_RC4_128_MD5,
+#endif
+
+#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
+#if defined(POLARSSL_DES_C)
+ TLS_DHE_RSA_WITH_DES_CBC_SHA,
+ TLS_RSA_WITH_DES_CBC_SHA,
+#endif
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+ TLS_RSA_WITH_NULL_MD5,
+ TLS_RSA_WITH_NULL_SHA,
+ TLS_RSA_WITH_NULL_SHA256,
+#endif
+#endif
+ 0
+};
+
+
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
" ca_file=%%s default: \"\" (pre-loaded)\n" \
@@ -395,7 +485,7 @@
#endif
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
- ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
+ ssl_set_ciphersuites( &ssl, my_ciphersuites );
else
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );