Added Camellia ECDHE-based CBC ciphersuites
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
This commit is contained in:
Paul Bakker
parent
bfe671f2d5
commit
27714b1aa1
3 changed files with 53 additions and 3 deletions
|
|
@ -83,6 +83,9 @@ extern "C" {
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
|
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
|
||||||
|
|
||||||
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
|
||||||
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||||
POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
|
|
|
||||||
|
|
@ -39,44 +39,68 @@
|
||||||
*/
|
*/
|
||||||
static const int ciphersuite_preference[] =
|
static const int ciphersuite_preference[] =
|
||||||
{
|
{
|
||||||
|
/* All AES-256 ephemeral suites */
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
||||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
|
||||||
|
/* All CAMELLIA-256 ephemeral suites */
|
||||||
|
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
|
|
||||||
|
/* All AES-128 ephemeral suites */
|
||||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
|
||||||
|
/* All CAMELLIA-128 ephemeral suites */
|
||||||
|
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
|
||||||
|
/* All remaining > 128-bit ephemeral suites */
|
||||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||||
|
|
||||||
|
/* All AES-256 suites */
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
|
||||||
|
/* All CAMELLIA-256 suites */
|
||||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
|
|
||||||
|
/* All AES-128 suites */
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
|
||||||
|
/* All CAMELLIA-128 suites */
|
||||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
|
||||||
|
/* All remaining > 128-bit suites */
|
||||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_SHA,
|
TLS_RSA_WITH_RC4_128_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_MD5,
|
TLS_RSA_WITH_RC4_128_MD5,
|
||||||
|
|
||||||
|
/* Weak or NULL suites */
|
||||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||||
TLS_RSA_WITH_DES_CBC_SHA,
|
TLS_RSA_WITH_DES_CBC_SHA,
|
||||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||||
TLS_RSA_WITH_NULL_SHA256,
|
TLS_RSA_WITH_NULL_SHA256,
|
||||||
TLS_RSA_WITH_NULL_SHA,
|
TLS_RSA_WITH_NULL_SHA,
|
||||||
TLS_RSA_WITH_NULL_MD5,
|
TLS_RSA_WITH_NULL_MD5,
|
||||||
|
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -127,6 +151,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#endif /* POLARSSL_GCM_C */
|
#endif /* POLARSSL_GCM_C */
|
||||||
#endif /* POLARSSL_SHA4_C */
|
#endif /* POLARSSL_SHA4_C */
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_SHA2_C)
|
||||||
|
{ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_EC },
|
||||||
|
#endif /* POLARSSL_SHA2_C */
|
||||||
|
#if defined(POLARSSL_SHA4_C)
|
||||||
|
{ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_EC },
|
||||||
|
#endif /* POLARSSL_SHA4_C */
|
||||||
|
#endif /* POLARSSL_CAMELLIA_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
|
@ -134,6 +176,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_EC },
|
POLARSSL_CIPHERSUITE_EC },
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
|
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
|
@ -141,6 +184,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_EC },
|
POLARSSL_CIPHERSUITE_EC },
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
|
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
|
|
||||||
|
|
@ -78,8 +78,8 @@ then
|
||||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
|
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
|
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS="$O_CIPHERS \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
|
|
@ -169,7 +169,8 @@ PROCESS_ID=$!
|
||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
|
|
||||||
# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
|
# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
|
||||||
|
# or SHA384
|
||||||
# Add for PolarSSL only test, which does support them.
|
# Add for PolarSSL only test, which does support them.
|
||||||
#
|
#
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
|
|
@ -179,6 +180,8 @@ then
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
|
||||||
|
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
|
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue