diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index cbea2989a..27dcf3f44 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -156,10 +156,25 @@ extern "C" { #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */ - #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */ +#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ +#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ +#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ +#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ +#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ +#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ + +#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08D /**< TLS 1.2 */ +#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ +#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ +#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ +#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */ +#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */ + #define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */ #define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */ #define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 781edb255..040900118 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -59,6 +59,9 @@ static const int ciphersuite_preference[] = TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, /* All AES-128 ephemeral suites */ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, @@ -76,6 +79,9 @@ static const int ciphersuite_preference[] = TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, /* All remaining >= 128-bit ephemeral suites */ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, @@ -97,10 +103,12 @@ static const int ciphersuite_preference[] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, TLS_DHE_PSK_WITH_AES_128_CBC_SHA, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, TLS_DHE_PSK_WITH_RC4_128_SHA, @@ -112,6 +120,7 @@ static const int ciphersuite_preference[] = /* All CAMELLIA-256 suites */ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, /* All AES-128 suites */ TLS_RSA_WITH_AES_128_CBC_SHA256, @@ -121,6 +130,7 @@ static const int ciphersuite_preference[] = /* All CAMELLIA-128 suites */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, /* All remaining >= 128-bit suites */ TLS_RSA_WITH_3DES_EDE_CBC_SHA, @@ -132,10 +142,12 @@ static const int ciphersuite_preference[] = TLS_RSA_PSK_WITH_AES_256_CBC_SHA, TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, TLS_RSA_PSK_WITH_AES_128_CBC_SHA, TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, TLS_RSA_PSK_WITH_RC4_128_SHA, @@ -144,10 +156,12 @@ static const int ciphersuite_preference[] = TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_256_GCM_SHA384, TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_128_GCM_SHA256, TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_RC4_128_SHA, @@ -250,6 +264,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ + +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ +#if defined(POLARSSL_SHA512_C) + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) @@ -352,6 +383,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ + +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ +#if defined(POLARSSL_SHA512_C) + { TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) @@ -468,6 +516,23 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA1_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ + +#if defined(POLARSSL_SHA512_C) + { TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) @@ -564,6 +629,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA1_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ + +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ + +#if defined(POLARSSL_SHA1_C) + { TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA1_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) @@ -668,6 +751,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ + +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ + +#if defined(POLARSSL_SHA512_C) + { TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) @@ -764,6 +865,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ + +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ + +#if defined(POLARSSL_SHA512_C) + { TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) @@ -939,6 +1058,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = 0 }, #endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_CIPHER_MODE_CBC */ + +#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_SHA256_C) + { TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA256_C */ + +#if defined(POLARSSL_SHA512_C) + { TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_GCM_C */ #endif /* POLARSSL_CAMELLIA_C */ #if defined(POLARSSL_DES_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 70c083607..6442a9daa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -636,12 +636,14 @@ int ssl_derive_keys( ssl_context *ssl ) switch( cipher_info->type ) { case POLARSSL_CIPHER_ARC4_128: + case POLARSSL_CIPHER_DES_CBC: case POLARSSL_CIPHER_DES_EDE3_CBC: case POLARSSL_CIPHER_CAMELLIA_128_CBC: case POLARSSL_CIPHER_CAMELLIA_256_CBC: + case POLARSSL_CIPHER_CAMELLIA_128_GCM: + case POLARSSL_CIPHER_CAMELLIA_256_GCM: case POLARSSL_CIPHER_AES_128_CBC: case POLARSSL_CIPHER_AES_256_CBC: - case POLARSSL_CIPHER_DES_CBC: case POLARSSL_CIPHER_AES_128_GCM: case POLARSSL_CIPHER_AES_256_GCM: if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc, @@ -1096,7 +1098,9 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #endif /* POLARSSL_ARC4_C */ #if defined(POLARSSL_GCM_C) if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || - ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM ) + ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM || + ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_CAMELLIA_128_GCM || + ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_CAMELLIA_256_GCM ) { size_t enc_msglen, olen, totlen; unsigned char *enc_msg; @@ -1399,7 +1403,9 @@ static int ssl_decrypt_buf( ssl_context *ssl ) #endif /* POLARSSL_ARC4_C */ #if defined(POLARSSL_GCM_C) if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || - ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM ) + ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM || + ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_CAMELLIA_128_GCM || + ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_CAMELLIA_256_GCM ) { unsigned char *dec_msg; unsigned char *dec_msg_result; diff --git a/tests/compat.sh b/tests/compat.sh index 584575c10..5d716c61f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -384,11 +384,17 @@ case $TYPE in then P_CIPHERS="$P_CIPHERS \ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ " fi @@ -440,6 +446,12 @@ case $TYPE in TLS-DHE-PSK-WITH-NULL-SHA384 \ TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \