1: /* ssl/s3_lib.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: /* ====================================================================
  112:  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113:  *
  114:  * Portions of the attached software ("Contribution") are developed by 
  115:  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  116:  *
  117:  * The Contribution is licensed pursuant to the OpenSSL open source
  118:  * license provided above.
  119:  *
  120:  * ECC cipher suite support in OpenSSL originally written by
  121:  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
  122:  *
  123:  */
  124: 
  125: #include <stdio.h>
  126: #include <openssl/objects.h>
  127: #include "ssl_locl.h"
  128: #include "kssl_lcl.h"
  129: #include <openssl/md5.h>
  130: #ifndef OPENSSL_NO_DH
  131: #include <openssl/dh.h>
  132: #endif
  133: #include <openssl/pq_compat.h>
  134: 
  135: const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
  136: 
  137: #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
  138: 
  139: /* list of available SSLv3 ciphers (sorted by id) */
  140: OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
  141: /* The RSA ciphers */
  142: /* Cipher 01 */
  143:         {
  144:         1,
  145:         SSL3_TXT_RSA_NULL_MD5,
  146:         SSL3_CK_RSA_NULL_MD5,
  147:         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
  148:         SSL_NOT_EXP|SSL_STRONG_NONE,
  149:         0,
  150:         0,
  151:         0,
  152:         SSL_ALL_CIPHERS,
  153:         SSL_ALL_STRENGTHS,
  154:         },
  155: /* Cipher 02 */
  156:         {
  157:         1,
  158:         SSL3_TXT_RSA_NULL_SHA,
  159:         SSL3_CK_RSA_NULL_SHA,
  160:         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
  161:         SSL_NOT_EXP|SSL_STRONG_NONE,
  162:         0,
  163:         0,
  164:         0,
  165:         SSL_ALL_CIPHERS,
  166:         SSL_ALL_STRENGTHS,
  167:         },
  168: /* Cipher 03 */
  169:         {
  170:         1,
  171:         SSL3_TXT_RSA_RC4_40_MD5,
  172:         SSL3_CK_RSA_RC4_40_MD5,
  173:         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
  174:         SSL_EXPORT|SSL_EXP40,
  175:         0,
  176:         40,
  177:         128,
  178:         SSL_ALL_CIPHERS,
  179:         SSL_ALL_STRENGTHS,
  180:         },
  181: /* Cipher 04 */
  182:         {
  183:         1,
  184:         SSL3_TXT_RSA_RC4_128_MD5,
  185:         SSL3_CK_RSA_RC4_128_MD5,
  186:         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
  187:         SSL_NOT_EXP|SSL_MEDIUM,
  188:         0,
  189:         128,
  190:         128,
  191:         SSL_ALL_CIPHERS,
  192:         SSL_ALL_STRENGTHS,
  193:         },
  194: /* Cipher 05 */
  195:         {
  196:         1,
  197:         SSL3_TXT_RSA_RC4_128_SHA,
  198:         SSL3_CK_RSA_RC4_128_SHA,
  199:         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
  200:         SSL_NOT_EXP|SSL_MEDIUM,
  201:         0,
  202:         128,
  203:         128,
  204:         SSL_ALL_CIPHERS,
  205:         SSL_ALL_STRENGTHS,
  206:         },
  207: /* Cipher 06 */
  208:         {
  209:         1,
  210:         SSL3_TXT_RSA_RC2_40_MD5,
  211:         SSL3_CK_RSA_RC2_40_MD5,
  212:         SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
  213:         SSL_EXPORT|SSL_EXP40,
  214:         0,
  215:         40,
  216:         128,
  217:         SSL_ALL_CIPHERS,
  218:         SSL_ALL_STRENGTHS,
  219:         },
  220: /* Cipher 07 */
  221: #ifndef OPENSSL_NO_IDEA
  222:         {
  223:         1,
  224:         SSL3_TXT_RSA_IDEA_128_SHA,
  225:         SSL3_CK_RSA_IDEA_128_SHA,
  226:         SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
  227:         SSL_NOT_EXP|SSL_MEDIUM,
  228:         0,
  229:         128,
  230:         128,
  231:         SSL_ALL_CIPHERS,
  232:         SSL_ALL_STRENGTHS,
  233:         },
  234: #endif
  235: /* Cipher 08 */
  236:         {
  237:         1,
  238:         SSL3_TXT_RSA_DES_40_CBC_SHA,
  239:         SSL3_CK_RSA_DES_40_CBC_SHA,
  240:         SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
  241:         SSL_EXPORT|SSL_EXP40,
  242:         0,
  243:         40,
  244:         56,
  245:         SSL_ALL_CIPHERS,
  246:         SSL_ALL_STRENGTHS,
  247:         },
  248: /* Cipher 09 */
  249:         {
  250:         1,
  251:         SSL3_TXT_RSA_DES_64_CBC_SHA,
  252:         SSL3_CK_RSA_DES_64_CBC_SHA,
  253:         SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
  254:         SSL_NOT_EXP|SSL_LOW,
  255:         0,
  256:         56,
  257:         56,
  258:         SSL_ALL_CIPHERS,
  259:         SSL_ALL_STRENGTHS,
  260:         },
  261: /* Cipher 0A */
  262:         {
  263:         1,
  264:         SSL3_TXT_RSA_DES_192_CBC3_SHA,
  265:         SSL3_CK_RSA_DES_192_CBC3_SHA,
  266:         SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
  267:         SSL_NOT_EXP|SSL_HIGH,
  268:         0,
  269:         168,
  270:         168,
  271:         SSL_ALL_CIPHERS,
  272:         SSL_ALL_STRENGTHS,
  273:         },
  274: /* The DH ciphers */
  275: /* Cipher 0B */
  276:         {
  277:         0,
  278:         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
  279:         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
  280:         SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
  281:         SSL_EXPORT|SSL_EXP40,
  282:         0,
  283:         40,
  284:         56,
  285:         SSL_ALL_CIPHERS,
  286:         SSL_ALL_STRENGTHS,
  287:         },
  288: /* Cipher 0C */
  289:         {
  290:         0,
  291:         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
  292:         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
  293:         SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
  294:         SSL_NOT_EXP|SSL_LOW,
  295:         0,
  296:         56,
  297:         56,
  298:         SSL_ALL_CIPHERS,
  299:         SSL_ALL_STRENGTHS,
  300:         },
  301: /* Cipher 0D */
  302:         {
  303:         0,
  304:         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
  305:         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
  306:         SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
  307:         SSL_NOT_EXP|SSL_HIGH,
  308:         0,
  309:         168,
  310:         168,
  311:         SSL_ALL_CIPHERS,
  312:         SSL_ALL_STRENGTHS,
  313:         },
  314: /* Cipher 0E */
  315:         {
  316:         0,
  317:         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
  318:         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
  319:         SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
  320:         SSL_EXPORT|SSL_EXP40,
  321:         0,
  322:         40,
  323:         56,
  324:         SSL_ALL_CIPHERS,
  325:         SSL_ALL_STRENGTHS,
  326:         },
  327: /* Cipher 0F */
  328:         {
  329:         0,
  330:         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
  331:         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
  332:         SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
  333:         SSL_NOT_EXP|SSL_LOW,
  334:         0,
  335:         56,
  336:         56,
  337:         SSL_ALL_CIPHERS,
  338:         SSL_ALL_STRENGTHS,
  339:         },
  340: /* Cipher 10 */
  341:         {
  342:         0,
  343:         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
  344:         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
  345:         SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
  346:         SSL_NOT_EXP|SSL_HIGH,
  347:         0,
  348:         168,
  349:         168,
  350:         SSL_ALL_CIPHERS,
  351:         SSL_ALL_STRENGTHS,
  352:         },
  353: 
  354: /* The Ephemeral DH ciphers */
  355: /* Cipher 11 */
  356:         {
  357:         1,
  358:         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
  359:         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
  360:         SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
  361:         SSL_EXPORT|SSL_EXP40,
  362:         0,
  363:         40,
  364:         56,
  365:         SSL_ALL_CIPHERS,
  366:         SSL_ALL_STRENGTHS,
  367:         },
  368: /* Cipher 12 */
  369:         {
  370:         1,
  371:         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
  372:         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
  373:         SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
  374:         SSL_NOT_EXP|SSL_LOW,
  375:         0,
  376:         56,
  377:         56,
  378:         SSL_ALL_CIPHERS,
  379:         SSL_ALL_STRENGTHS,
  380:         },
  381: /* Cipher 13 */
  382:         {
  383:         1,
  384:         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
  385:         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
  386:         SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
  387:         SSL_NOT_EXP|SSL_HIGH,
  388:         0,
  389:         168,
  390:         168,
  391:         SSL_ALL_CIPHERS,
  392:         SSL_ALL_STRENGTHS,
  393:         },
  394: /* Cipher 14 */
  395:         {
  396:         1,
  397:         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
  398:         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
  399:         SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
  400:         SSL_EXPORT|SSL_EXP40,
  401:         0,
  402:         40,
  403:         56,
  404:         SSL_ALL_CIPHERS,
  405:         SSL_ALL_STRENGTHS,
  406:         },
  407: /* Cipher 15 */
  408:         {
  409:         1,
  410:         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
  411:         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
  412:         SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
  413:         SSL_NOT_EXP|SSL_LOW,
  414:         0,
  415:         56,
  416:         56,
  417:         SSL_ALL_CIPHERS,
  418:         SSL_ALL_STRENGTHS,
  419:         },
  420: /* Cipher 16 */
  421:         {
  422:         1,
  423:         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
  424:         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
  425:         SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
  426:         SSL_NOT_EXP|SSL_HIGH,
  427:         0,
  428:         168,
  429:         168,
  430:         SSL_ALL_CIPHERS,
  431:         SSL_ALL_STRENGTHS,
  432:         },
  433: /* Cipher 17 */
  434:         {
  435:         1,
  436:         SSL3_TXT_ADH_RC4_40_MD5,
  437:         SSL3_CK_ADH_RC4_40_MD5,
  438:         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
  439:         SSL_EXPORT|SSL_EXP40,
  440:         0,
  441:         40,
  442:         128,
  443:         SSL_ALL_CIPHERS,
  444:         SSL_ALL_STRENGTHS,
  445:         },
  446: /* Cipher 18 */
  447:         {
  448:         1,
  449:         SSL3_TXT_ADH_RC4_128_MD5,
  450:         SSL3_CK_ADH_RC4_128_MD5,
  451:         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
  452:         SSL_NOT_EXP|SSL_MEDIUM,
  453:         0,
  454:         128,
  455:         128,
  456:         SSL_ALL_CIPHERS,
  457:         SSL_ALL_STRENGTHS,
  458:         },
  459: /* Cipher 19 */
  460:         {
  461:         1,
  462:         SSL3_TXT_ADH_DES_40_CBC_SHA,
  463:         SSL3_CK_ADH_DES_40_CBC_SHA,
  464:         SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
  465:         SSL_EXPORT|SSL_EXP40,
  466:         0,
  467:         40,
  468:         128,
  469:         SSL_ALL_CIPHERS,
  470:         SSL_ALL_STRENGTHS,
  471:         },
  472: /* Cipher 1A */
  473:         {
  474:         1,
  475:         SSL3_TXT_ADH_DES_64_CBC_SHA,
  476:         SSL3_CK_ADH_DES_64_CBC_SHA,
  477:         SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
  478:         SSL_NOT_EXP|SSL_LOW,
  479:         0,
  480:         56,
  481:         56,
  482:         SSL_ALL_CIPHERS,
  483:         SSL_ALL_STRENGTHS,
  484:         },
  485: /* Cipher 1B */
  486:         {
  487:         1,
  488:         SSL3_TXT_ADH_DES_192_CBC_SHA,
  489:         SSL3_CK_ADH_DES_192_CBC_SHA,
  490:         SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
  491:         SSL_NOT_EXP|SSL_HIGH,
  492:         0,
  493:         168,
  494:         168,
  495:         SSL_ALL_CIPHERS,
  496:         SSL_ALL_STRENGTHS,
  497:         },
  498: 
  499: /* Fortezza */
  500: /* Cipher 1C */
  501:         {
  502:         0,
  503:         SSL3_TXT_FZA_DMS_NULL_SHA,
  504:         SSL3_CK_FZA_DMS_NULL_SHA,
  505:         SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
  506:         SSL_NOT_EXP|SSL_STRONG_NONE,
  507:         0,
  508:         0,
  509:         0,
  510:         SSL_ALL_CIPHERS,
  511:         SSL_ALL_STRENGTHS,
  512:         },
  513: 
  514: /* Cipher 1D */
  515:         {
  516:         0,
  517:         SSL3_TXT_FZA_DMS_FZA_SHA,
  518:         SSL3_CK_FZA_DMS_FZA_SHA,
  519:         SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
  520:         SSL_NOT_EXP|SSL_STRONG_NONE,
  521:         0,
  522:         0,
  523:         0,
  524:         SSL_ALL_CIPHERS,
  525:         SSL_ALL_STRENGTHS,
  526:         },
  527: 
  528: #if 0
  529: /* Cipher 1E */
  530:         {
  531:         0,
  532:         SSL3_TXT_FZA_DMS_RC4_SHA,
  533:         SSL3_CK_FZA_DMS_RC4_SHA,
  534:         SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
  535:         SSL_NOT_EXP|SSL_MEDIUM,
  536:         0,
  537:         128,
  538:         128,
  539:         SSL_ALL_CIPHERS,
  540:         SSL_ALL_STRENGTHS,
  541:         },
  542: #endif
  543: 
  544: #ifndef OPENSSL_NO_KRB5
  545: /* The Kerberos ciphers */
  546: /* Cipher 1E */
  547:         {
  548:         1,
  549:         SSL3_TXT_KRB5_DES_64_CBC_SHA,
  550:         SSL3_CK_KRB5_DES_64_CBC_SHA,
  551:         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
  552:         SSL_NOT_EXP|SSL_LOW,
  553:         0,
  554:         56,
  555:         56,
  556:         SSL_ALL_CIPHERS,
  557:         SSL_ALL_STRENGTHS,
  558:         },
  559: 
  560: /* Cipher 1F */
  561:         {
  562:         1,
  563:         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
  564:         SSL3_CK_KRB5_DES_192_CBC3_SHA,
  565:         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
  566:         SSL_NOT_EXP|SSL_HIGH,
  567:         0,
  568:         168,
  569:         168,
  570:         SSL_ALL_CIPHERS,
  571:         SSL_ALL_STRENGTHS,
  572:         },
  573: 
  574: /* Cipher 20 */
  575:         {
  576:         1,
  577:         SSL3_TXT_KRB5_RC4_128_SHA,
  578:         SSL3_CK_KRB5_RC4_128_SHA,
  579:         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
  580:         SSL_NOT_EXP|SSL_MEDIUM,
  581:         0,
  582:         128,
  583:         128,
  584:         SSL_ALL_CIPHERS,
  585:         SSL_ALL_STRENGTHS,
  586:         },
  587: 
  588: /* Cipher 21 */
  589:         {
  590:         1,
  591:         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
  592:         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
  593:         SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
  594:         SSL_NOT_EXP|SSL_MEDIUM,
  595:         0,
  596:         128,
  597:         128,
  598:         SSL_ALL_CIPHERS,
  599:         SSL_ALL_STRENGTHS,
  600:         },
  601: 
  602: /* Cipher 22 */
  603:         {
  604:         1,
  605:         SSL3_TXT_KRB5_DES_64_CBC_MD5,
  606:         SSL3_CK_KRB5_DES_64_CBC_MD5,
  607:         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
  608:         SSL_NOT_EXP|SSL_LOW,
  609:         0,
  610:         56,
  611:         56,
  612:         SSL_ALL_CIPHERS,
  613:         SSL_ALL_STRENGTHS,
  614:         },
  615: 
  616: /* Cipher 23 */
  617:         {
  618:         1,
  619:         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
  620:         SSL3_CK_KRB5_DES_192_CBC3_MD5,
  621:         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
  622:         SSL_NOT_EXP|SSL_HIGH,
  623:         0,
  624:         168,
  625:         168,
  626:         SSL_ALL_CIPHERS,
  627:         SSL_ALL_STRENGTHS,
  628:         },
  629: 
  630: /* Cipher 24 */
  631:         {
  632:         1,
  633:         SSL3_TXT_KRB5_RC4_128_MD5,
  634:         SSL3_CK_KRB5_RC4_128_MD5,
  635:         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
  636:         SSL_NOT_EXP|SSL_MEDIUM,
  637:         0,
  638:         128,
  639:         128,
  640:         SSL_ALL_CIPHERS,
  641:         SSL_ALL_STRENGTHS,
  642:         },
  643: 
  644: /* Cipher 25 */
  645:         {
  646:         1,
  647:         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
  648:         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
  649:         SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
  650:         SSL_NOT_EXP|SSL_MEDIUM,
  651:         0,
  652:         128,
  653:         128,
  654:         SSL_ALL_CIPHERS,
  655:         SSL_ALL_STRENGTHS,
  656:         },
  657: 
  658: /* Cipher 26 */
  659:         {
  660:         1,
  661:         SSL3_TXT_KRB5_DES_40_CBC_SHA,
  662:         SSL3_CK_KRB5_DES_40_CBC_SHA,
  663:         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
  664:         SSL_EXPORT|SSL_EXP40,
  665:         0,
  666: