summaryrefslogtreecommitdiff
path: root/vio/ma_tls_cipher.c
diff options
context:
space:
mode:
Diffstat (limited to 'vio/ma_tls_cipher.c')
-rw-r--r--vio/ma_tls_cipher.c519
1 files changed, 519 insertions, 0 deletions
diff --git a/vio/ma_tls_cipher.c b/vio/ma_tls_cipher.c
new file mode 100644
index 00000000000..953102491b9
--- /dev/null
+++ b/vio/ma_tls_cipher.c
@@ -0,0 +1,519 @@
+/* Copyright (c) 2016 Georg Richter and MariaDB Corporation AB
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not see <http://www.gnu.org/licenses>
+ or write to the Free Software Foundation, Inc.,
+ 51 Franklin St., Fifth Floor, Boston, MA 02110, USA */
+
+#include "vio_priv.h"
+#include <ma_tls_vio.h>
+
+const struct st_cipher_map tls_ciphers[]=
+{
+ { "DES-CBC3-SHA", "RSA_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+RSA:+3DES-CBC:+SHA1",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { "AES128-SHA", "RSA_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+RSA:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { "AES128-SHA256", "RSA_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+RSA:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { "AES256-SHA", "RSA_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+RSA:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { "AES256-SHA256", "RSA_AES_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+RSA:+AES-256-CBC:+SHA256",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA256)},
+ { "CAMELLIA128-SHA", "RSA_CAMELLIA_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+RSA:+CAMELLIA-128-CBC:+SHA1",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA1)},
+ { "CAMELLIA256-SHA", "RSA_CAMELLIA_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+RSA:+CAMELLIA-256-CBC:+SHA1",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA1)},
+ { "AES128-GCM-SHA256", "RSA_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+RSA:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { "AES256-GCM-SHA384", "RSA_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+RSA:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { "EDH-RSA-DES-CBC3-SHA", "DHE_RSA_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-RSA:+3DES-CBC:+SHA1",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { "DHE-RSA-AES128-SHA", "DHE_RSA_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-RSA:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { "DHE-RSA-AES128-SHA256", "DHE_RSA_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-RSA:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { "DHE-RSA-AES256-SHA", "DHE_RSA_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-RSA:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { "DHE-RSA-AES256-SHA256", "DHE_RSA_AES_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-RSA:+AES-256-CBC:+SHA256",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA256)},
+ { "DHE-RSA-CAMELLIA128-SHA", "DHE_RSA_CAMELLIA_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-RSA:+CAMELLIA-128-CBC:+SHA1",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA1)},
+ { "DHE-RSA-CAMELLIA256-SHA", "DHE_RSA_CAMELLIA_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-RSA:+CAMELLIA-256-CBC:+SHA1",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA1)},
+ { "DHE-RSA-AES128-GCM-SHA256", "DHE_RSA_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+DHE-RSA:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { "DHE-RSA-AES256-GCM-SHA384", "DHE_RSA_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+DHE-RSA:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ /* The following cipher suites are not supported by OpenSSL */
+ { NULL, "DHE_RSA_CAMELLIA_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-RSA:+CAMELLIA-256-CBC:+SHA256",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_RSA_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+DHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_RSA_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+DHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DH_ANON_ARCFOUR_128_MD5",
+ GNUTLS_CIPHER(":+ANON-DH:+ARCFOUR-128:+MD5",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_MD5)},
+ { NULL, "DH_ANON_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-DH:+3DES-CBC:+SHA1",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DH_ANON_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-DH:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DH_ANON_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ANON-DH:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DH_ANON_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-DH:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DH_ANON_AES_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+ANON-DH:+AES-256-CBC:+SHA256",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DH_ANON_CAMELLIA_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-DH:+CAMELLIA-128-CBC:+SHA1",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DH_ANON_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ANON-DH:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DH_ANON_CAMELLIA_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-DH:+CAMELLIA-256-CBC:+SHA1",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DH_ANON_CAMELLIA_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+ANON-DH:+CAMELLIA-256-CBC:+SHA256",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DH_ANON_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+ANON-DH:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DH_ANON_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+ANON-DH:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DH_ANON_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+ANON-DH:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DH_ANON_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+ANON-DH:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_ANON_DH, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "SRP_SHA_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP:+3DES-CBC:+SHA1",
+ GNUTLS_KX_SRP, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_SRP, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_SRP, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_RSA_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP-RSA:+3DES-CBC:+SHA1",
+ GNUTLS_KX_SRP_RSA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_RSA_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP-RSA:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_SRP_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_RSA_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP-RSA:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_SRP_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_DSS_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP-DSS:+3DES-CBC:+SHA1",
+ GNUTLS_KX_SRP_DSS, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_DSS_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP-DSS:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_SRP_DSS, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "SRP_SHA_DSS_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+SRP-DSS:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_SRP_DSS, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "PSK_NULL_SHA1",
+ GNUTLS_CIPHER(":+SHA1",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "PSK_NULL_SHA256",
+ GNUTLS_CIPHER(":+SHA256",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA256)},
+ { NULL, "PSK_NULL_SHA384",
+ GNUTLS_CIPHER(":+SHA384",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA384)},
+ { NULL, "PSK_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "PSK_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+3DES-CBC:+SHA1",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "PSK_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+AES-128-CBC:+SHA1",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "PSK_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+AES-128-CBC:+SHA256",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "PSK_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+AES-256-CBC:+SHA1",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "PSK_AES_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+AES-256-CBC:+SHA384",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "PSK_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "PSK_CAMELLIA_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+CAMELLIA-256-CBC:+SHA384",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "PSK_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+AES-128-GCM:+AEAD",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "PSK_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+AES-256-GCM:+AEAD",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "PSK_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "PSK_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_PSK, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_PSK_NULL_SHA1",
+ GNUTLS_CIPHER(":+DHE-PSK:+SHA1",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_PSK_NULL_SHA256",
+ GNUTLS_CIPHER(":+DHE-PSK:+SHA256",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_PSK_NULL_SHA384",
+ GNUTLS_CIPHER(":+DHE-PSK:+SHA384",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA384)},
+ { NULL, "DHE_PSK_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+DHE-PSK:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_PSK_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-PSK:+3DES-CBC:+SHA1",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_PSK_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-PSK:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_PSK_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-PSK:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_PSK_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-PSK:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_PSK_AES_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+DHE-PSK:+AES-256-CBC:+SHA384",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "DHE_PSK_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_PSK_CAMELLIA_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+DHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "DHE_PSK_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+DHE-PSK:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_PSK_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+DHE-PSK:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_PSK_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+DHE-PSK:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_PSK_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+DHE-PSK:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_DHE_PSK, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDH_ANON_NULL_SHA1",
+ GNUTLS_CIPHER(":+ANON-ECDH:+SHA1",
+ GNUTLS_KX_ANON_ECDH, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDH_ANON_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+ANON-ECDH:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_ANON_ECDH, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDH_ANON_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-ECDH:+3DES-CBC:+SHA1",
+ GNUTLS_KX_ANON_ECDH, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDH_ANON_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-ECDH:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_ANON_ECDH, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDH_ANON_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+ANON-ECDH:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_ANON_ECDH, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_RSA_NULL_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+SHA1",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_RSA_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_RSA_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+3DES-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_RSA_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_RSA_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_RSA_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_RSA_AES_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+AES-256-CBC:+SHA384",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "ECDHE_RSA_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_RSA_CAMELLIA_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "ECDHE_RSA_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_RSA_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_RSA_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_RSA_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_RSA, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_ECDSA_NULL_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+SHA1",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_ECDSA_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_ECDSA_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+3DES-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_ECDSA_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_ECDSA_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_ECDSA_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_ECDSA_AES_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+AES-256-CBC:+SHA384",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "ECDHE_ECDSA_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_ECDSA_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "ECDHE_PSK_NULL_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+SHA1",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_PSK_NULL_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+SHA256",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_PSK_NULL_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+SHA384",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA384)},
+ { NULL, "ECDHE_PSK_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_PSK_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+3DES-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_PSK_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_PSK_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_PSK_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "ECDHE_PSK_AES_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+AES-256-CBC:+SHA384",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "ECDHE_PSK_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "ECDHE_PSK_CAMELLIA_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384",
+ GNUTLS_KX_ECDHE_PSK, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "RSA_PSK_NULL_SHA1",
+ GNUTLS_CIPHER(":+PSK:+SHA1",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA1)},
+ { NULL, "RSA_PSK_NULL_SHA256",
+ GNUTLS_CIPHER(":+PSK:+SHA256",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA256)},
+ { NULL, "RSA_PSK_NULL_SHA384",
+ GNUTLS_CIPHER(":+PSK:+SHA384",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_NULL, GNUTLS_MAC_SHA384)},
+ { NULL, "RSA_PSK_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+PSK:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "RSA_PSK_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+PSK:+3DES-CBC:+SHA1",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "RSA_PSK_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+PSK:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "RSA_PSK_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+PSK:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "RSA_PSK_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+PSK:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "RSA_PSK_AES_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+PSK:+AES-256-CBC:+SHA384",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "RSA_PSK_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+PSK:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "RSA_PSK_CAMELLIA_256_CBC_SHA384",
+ GNUTLS_CIPHER(":+PSK:+CAMELLIA-256-CBC:+SHA384",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA384)},
+ { NULL, "RSA_PSK_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+PSK:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "RSA_PSK_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+PSK:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "RSA_PSK_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+PSK:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "RSA_PSK_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+PSK:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_RSA_PSK, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "RSA_ARCFOUR_128_MD5",
+ GNUTLS_CIPHER(":+RSA:+ARCFOUR-128:+MD5",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_MD5)},
+ { NULL, "RSA_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+RSA:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "RSA_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+RSA:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "RSA_CAMELLIA_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+RSA:+CAMELLIA-256-CBC:+SHA256",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "RSA_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+RSA:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "RSA_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+RSA:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_RSA, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_DSS_ARCFOUR_128_SHA1",
+ GNUTLS_CIPHER(":+DHE-DSS:+ARCFOUR-128:+SHA1",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_DSS_3DES_EDE_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-DSS:+3DES-CBC:+SHA1",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_DSS_AES_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-DSS:+AES-128-CBC:+SHA1",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_DSS_AES_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-DSS:+AES-128-CBC:+SHA256",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_DSS_AES_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-DSS:+AES-256-CBC:+SHA1",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_DSS_AES_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-DSS:+AES-256-CBC:+SHA256",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_DSS_CAMELLIA_128_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-DSS:+CAMELLIA-128-CBC:+SHA1",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_DSS_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-DSS:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_DSS_CAMELLIA_256_CBC_SHA1",
+ GNUTLS_CIPHER(":+DHE-DSS:+CAMELLIA-256-CBC:+SHA1",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA1)},
+ { NULL, "DHE_DSS_CAMELLIA_256_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-DSS:+CAMELLIA-256-CBC:+SHA256",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_MAC_SHA256)},
+ { NULL, "DHE_DSS_AES_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+DHE-DSS:+AES-128-GCM:+AEAD",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_DSS_AES_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+DHE-DSS:+AES-256-GCM:+AEAD",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_DSS_CAMELLIA_128_GCM_SHA256",
+ GNUTLS_CIPHER(":+DHE-DSS:+CAMELLIA-128-GCM:+AEAD",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_DSS_CAMELLIA_256_GCM_SHA384",
+ GNUTLS_CIPHER(":+DHE-DSS:+CAMELLIA-256-GCM:+AEAD",
+ GNUTLS_KX_DHE_DSS, GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_MAC_AEAD)},
+ { NULL, "DHE_RSA_CAMELLIA_128_CBC_SHA256",
+ GNUTLS_CIPHER(":+DHE-RSA:+CAMELLIA-128-CBC:+SHA256",
+ GNUTLS_KX_DHE_RSA, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_MAC_SHA256)},
+
+ {NULL, NULL, NULL, 0, 0, 0}
+};
+
+#if defined(HAVE_GNUTLS)
+/* map the gnutls cipher suite (defined by key exchange algorithm, cipher
+ and mac algorithm) to the corresponding OpenSSL cipher name */
+const char *ma_gnutls_ciphername(gnutls_kx_algorithm_t kx,
+ gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac)
+{
+ unsigned int i=0;
+ while (tls_ciphers[i].openssl_name &&
+ tls_ciphers[i].gnutls_name)
+ {
+ if (tls_ciphers[i].kx == kx &&
+ tls_ciphers[i].cipher == cipher &&
+ tls_ciphers[i].mac == mac)
+ return (tls_ciphers[i].openssl_name) ?
+ tls_ciphers[i].openssl_name : tls_ciphers[i].gnutls_name;
+ i++;
+ }
+ /* since we couldn't map we return the native gnutls cipher suite name */
+ return gnutls_cipher_suite_get_name(kx, cipher, mac);
+}
+
+/* get priority string for a given openssl cipher name */
+const char *ma_tls_get_priority_name(char *cipher_name)
+{
+ unsigned int i= 0;
+ while (tls_ciphers[i].openssl_name &&
+ tls_ciphers[i].gnutls_name)
+ {
+ if (strcmp(tls_ciphers[i].openssl_name, cipher_name) == 0)
+ return tls_ciphers[i].priority;
+ i++;
+ }
+ return NULL;
+}
+#endif
View Lorry Controller Status