diff options
| author | Jakub Jirutka <jakub@jirutka.cz> | 2019-09-02 23:02:38 +0200 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2019-09-02 23:02:51 +0200 |
| commit | ebb712aa0a3b72ee629a5e30df237d21d6927fd1 (patch) | |
| tree | 6a560511488237417915560f2173ea1bc009bbb0 | |
| parent | 854c539926a3bdd3d6ac2c5a5708e7e940884734 (diff) | |
| download | aports-ebb712aa0a3b72ee629a5e30df237d21d6927fd1.tar.bz2 aports-ebb712aa0a3b72ee629a5e30df237d21d6927fd1.tar.xz | |
testing/ssldump: new aport
| -rw-r--r-- | testing/ssldump/0010-openssl.patch | 216 | ||||
| -rw-r--r-- | testing/ssldump/0020-libpcap.patch | 43 | ||||
| -rw-r--r-- | testing/ssldump/0030-aes.patch | 191 | ||||
| -rw-r--r-- | testing/ssldump/0040-cvs-20060619.patch | 191 | ||||
| -rw-r--r-- | testing/ssldump/0050-table-stops.patch | 54 | ||||
| -rw-r--r-- | testing/ssldump/0060-link_layer.patch | 91 | ||||
| -rw-r--r-- | testing/ssldump/0070-pcap-vlan.patch | 36 | ||||
| -rw-r--r-- | testing/ssldump/0080-tlsv12.patch | 218 | ||||
| -rw-r--r-- | testing/ssldump/0090-ssl-enums.patch | 1806 | ||||
| -rw-r--r-- | testing/ssldump/0100-ciphersuites.patch | 161 | ||||
| -rw-r--r-- | testing/ssldump/APKBUILD | 66 |
11 files changed, 3073 insertions, 0 deletions
diff --git a/testing/ssldump/0010-openssl.patch b/testing/ssldump/0010-openssl.patch new file mode 100644 index 0000000000..c9461d4587 --- /dev/null +++ b/testing/ssldump/0010-openssl.patch @@ -0,0 +1,216 @@ +Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which +reinstates the the -y (nroff) flag, declares MD5_CTX via <openssl/md5.h>, avoids +"ERROR: Couldn't create network handler" by calling SSL_library_init() function +and OpenSSL_add_all_algorithms() rather SSLeay_add_all_algorithms() and revises +the ssldump man page for correctness and completeness. + +--- ssldump-0.9b3/ssl/ssl_analyze.c 2002-01-21 19:46:13.000000000 +0100 ++++ ssldump-0.9b3/ssl/ssl_analyze.c.openssl 2010-01-22 23:59:09.000000000 +0100 +@@ -133,7 +133,7 @@ + SSL_PRINT_DECODE + }, + { +- 0, ++ 'y', + "nroff", + SSL_PRINT_NROFF + }, +--- ssldump-0.9b3/ssl/ssldecode.c 2002-08-17 03:33:17.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssldecode.c.openssl 2010-01-22 23:59:46.000000000 +0100 +@@ -51,6 +51,7 @@ + #include <openssl/ssl.h> + #include <openssl/hmac.h> + #include <openssl/evp.h> ++#include <openssl/md5.h> + #include <openssl/x509v3.h> + #endif + #include "ssldecode.h" +@@ -131,7 +132,8 @@ + ssl_decode_ctx *d=0; + int r,_status; + +- SSLeay_add_all_algorithms(); ++ SSL_library_init(); ++ OpenSSL_add_all_algorithms(); + if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx)))) + ABORT(R_NO_MEMORY); + if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method()))) +--- ssldump-0.9b3/ssldump.1 2002-08-13 01:46:53.000000000 +0200 ++++ ssldump-0.9b3/ssldump.1.openssl 2010-01-23 00:26:26.000000000 +0100 +@@ -61,12 +61,9 @@ + .na + .B ssldump + [ +-.B \-vtaTnsAxXhHVNdq ++.B \-vTshVq ++.B \-aAdeHnNqTxXvy + ] [ +-.B \-r +-.I dumpfile +-] +-[ + .B \-i + .I interface + ] +@@ -81,6 +78,16 @@ + .I password + ] + [ ++.B \-r ++.I dumpfile ++] ++.br ++.ti +8 ++[ ++.B \-S ++.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|] ++] ++[ + .I expression + ] + .br +@@ -125,6 +132,7 @@ + You must have read access to + .IR /dev/bpf* . + .SH OPTIONS ++.TP + .B \-a + Print bare TCP ACKs (useful for observing Nagle behavior) + .TP +@@ -135,7 +143,7 @@ + .B \-d + Display the application data traffic. This usually means + decrypting it, but when -d is used ssldump will also decode +-application data traffic _before_ the SSL session initiates. ++application data traffic \fIbefore\fP the SSL session initiates. + This allows you to see HTTPS CONNECT behavior as well as + SMTP STARTTLS. As a side effect, since ssldump can't tell + whether plaintext is traffic before the initiation of an +@@ -148,18 +156,9 @@ + .B \-e + Print absolute timestamps instead of relative timestamps + .TP +-.B \-r +-Read data from \fIfile\fP instead of from the network. +-The old -f option still works but is deprecated and will +-probably be removed with the next version. + .B \-H + Print the full SSL packet header. + .TP +-.B \-k +-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) +-Previous versions of ssldump automatically looked in ./server.pem. +-Now you must specify your keyfile every time. +-.TP + .B \-n + Don't try to resolve host names from IP addresses + .TP +@@ -176,6 +175,12 @@ + .B \-q + Don't decode any record fields beyond a single summary line. (quiet mode). + .TP ++.B \-T ++Print the TCP headers. ++.TP ++.B \-v ++Display version and copyright information. ++.TP + .B \-x + Print each record in hex, as well as decoding it. + .TP +@@ -183,13 +188,48 @@ + When the -d option is used, binary data is automatically printed + in two columns with a hex dump on the left and the printable characters + on the right. -X suppresses the display of the printable characters, +-thus making it easier to cut and paste the hext data into some other ++thus making it easier to cut and paste the hex data into some other + program. ++.TP + .B \-y +-Decorate the output for processing with troff. Not very ++Decorate the output for processing with nroff/troff. Not very + useful for the average user. + .TP +-.IP "\fI expression\fP" ++.BI \-i " interface" ++Use \fIinterface\fP as the network interface on which to sniff SSL/TLS ++traffic. ++.TP ++.BI \-k " keyfile" ++Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) ++Previous versions of ssldump automatically looked in ./server.pem. ++Now you must specify your keyfile every time. ++.TP ++.BI \-p " password" ++Use \fIpassword\fP as the SSL keyfile password. ++.TP ++.BI \-r " file" ++Read data from \fIfile\fP instead of from the network. ++The old -f option still works but is deprecated and will ++probably be removed with the next version. ++.TP ++.BI \-S " [ " crypto " | " d " | " ht " | " H " ]" ++Specify SSL flags to ssldump. These flags include: ++.RS ++.TP ++.I crypto ++Print cryptographic information. ++.TP ++.I d ++Print fields as decoded. ++.TP ++.I ht ++Print the handshake type. ++.TP ++.I H ++Print handshake type and highlights. ++.RE ++.TP ++\fIexpression\fP + .RS + Selects what packets ssldump will examine. Technically speaking, + ssldump supports the full expression syntax from PCAP and tcpdump. +@@ -200,7 +240,7 @@ + don't result in incomplete TCP streams are listed here. + .LP + The \fIexpression\fP consists of one or more +-.I primitives. ++.IR primitives . + Primitives usually consist of an + .I id + (name or number) preceded by one or more qualifiers. There are three +@@ -512,5 +552,11 @@ + .LP + ssldump doesn't implement session caching and therefore can't decrypt + resumed sessions. +- +- ++.LP ++.SH SEE ALSO ++.LP ++.BR tcpdump (1) ++.LP ++.SH AUTHOR ++.LP ++ssldump was written by Eric Rescorla <ekr@rtfm.com>. +--- ssldump-0.9b3/base/pcap-snoop.c 2002-09-09 23:02:58.000000000 +0200 ++++ ssldump-0.9b3/base/pcap-snoop.c.openssl 2010-04-06 16:50:22.000000000 +0200 +@@ -206,7 +206,7 @@ + + signal(SIGINT,sig_handler); + +- while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){ ++ while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){ + switch(c){ + case 'v': + print_version(); +@@ -227,6 +227,9 @@ + case 'a': + NET_print_flags |= NET_PRINT_ACKS; + break; ++ case 'A': ++ SSL_print_flags |= SSL_PRINT_ALL_FIELDS; ++ break; + case 'T': + NET_print_flags |= NET_PRINT_TCP_HDR; + break; diff --git a/testing/ssldump/0020-libpcap.patch b/testing/ssldump/0020-libpcap.patch new file mode 100644 index 0000000000..10682218d2 --- /dev/null +++ b/testing/ssldump/0020-libpcap.patch @@ -0,0 +1,43 @@ +Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which +replaces the inclusion of <net/bpf.h> by <pcap-bpf.h> because of changed files. +It adds some 64 bit support in ./configure for lib64 directories around libpcap +and ensures that dynamic linking to libpcap is possible. + +--- ssldump-0.9b3/base/pcap-snoop.c 2010-01-23 00:30:24.000000000 +0100 ++++ ssldump-0.9b3/base/pcap-snoop.c.libpcap 2010-01-23 00:34:11.000000000 +0100 +@@ -49,7 +49,7 @@ + + #include <pcap.h> + #include <unistd.h> +-#include <net/bpf.h> ++#include <pcap-bpf.h> + #ifndef _WIN32 + #include <sys/param.h> + #endif +--- ssldump-0.9b3/configure.in 2001-11-26 23:38:13.000000000 +0100 ++++ ssldump-0.9b3/configure.in.libpcap 2010-01-23 00:33:12.000000000 +0100 +@@ -62,7 +62,7 @@ + dnl Look for PCAP + dnl We absolutely need pcap + ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include" +-ac_pcap_lib_dir="/usr/lib /usr/local/lib" ++ac_pcap_lib_dir="/usr/local/lib64 /usr/local/lib /usr/lib64 /usr/lib" + + AC_ARG_WITH(pcap,[--with-pcap root location for pcap library], + if test "$withval" = "no"; then +@@ -102,13 +102,13 @@ + AC_MSG_CHECKING(for PCAP library) + ac_found_pcap_lib_dir="no" + for dir in $ac_pcap_lib_dir; do +- if test -f $dir/libpcap.a; then ++ if test -f $dir/libpcap.a -o -f $dir/libpcap.so; then + dnl Ok, we think we've found them, but check that they + dnl actually ontain the right functions + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lpcap $LIBS" +- if test "$dir" != "/usr/lib"; then ++ if test "$dir" != "/usr/lib" -a "$dir" != "/usr/lib64"; then + LDFLAGS="-L$dir $LDFLAGS" + fi + AC_TRY_LINK_FUNC(pcap_open_live,ac_linked_libpcap="true", diff --git a/testing/ssldump/0030-aes.patch b/testing/ssldump/0030-aes.patch new file mode 100644 index 0000000000..3965332e8f --- /dev/null +++ b/testing/ssldump/0030-aes.patch @@ -0,0 +1,191 @@ +Patch by Carsten Hoeger <choeger@suse.de> for ssldump >= 0.9b3 which adds support +for AES cipher-suites (to ssldump). For further information, please have a look to +Novell bug ID #50952. + +--- ssldump-0.9b3/ssl/sslciphers.h 2002-08-17 03:33:17.000000000 +0200 ++++ ssldump-0.9b3/ssl/sslciphers.h.aes 2010-04-06 16:34:35.000000000 +0200 +@@ -71,7 +71,9 @@ + #define ENC_RC4 0x32 + #define ENC_RC2 0x33 + #define ENC_IDEA 0x34 +-#define ENC_NULL 0x35 ++#define ENC_AES128 0x35 ++#define ENC_AES256 0x36 ++#define ENC_NULL 0x37 + + #define DIG_MD5 0x40 + #define DIG_SHA 0x41 +--- ssldump-0.9b3/ssl/ssl_rec.c 2000-11-03 07:38:06.000000000 +0100 ++++ ssldump-0.9b3/ssl/ssl_rec.c.aes 2010-04-06 16:42:13.000000000 +0200 +@@ -78,7 +78,9 @@ + "DES3", + "RC4", + "RC2", +- "IDEA" ++ "IDEA", ++ "AES128", ++ "AES256" + }; + + +@@ -101,6 +103,11 @@ + /* Find the SSLeay cipher */ + if(cs->enc!=ENC_NULL){ + ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); ++ if(!ciph) ++ ABORT(R_INTERNAL); ++ } ++ else { ++ ciph=EVP_enc_null(); + } + + if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1))) +@@ -169,7 +176,7 @@ + *outl=inl; + + /* Now strip off the padding*/ +- if(d->cs->block!=1){ ++ if(d->cs->block>1){ + pad=out[inl-1]; + *outl-=(pad+1); + } +--- ssldump-0.9b3/ssl/ssl.enums 2001-07-20 18:44:32.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl.enums.aes 2010-04-06 16:36:06.000000000 +0200 +@@ -356,6 +356,18 @@ + CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; + CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; + CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; ++ CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F }; ++ CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 }; ++ CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 }; ++ CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 }; ++ CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 }; ++ CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 }; ++ CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 }; ++ CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; +--- ssldump-0.9b3/ssl/ciphersuites.c 2002-08-17 03:33:17.000000000 +0200 ++++ ssldump-0.9b3/ssl/ciphersuites.c.aes 2010-04-06 16:33:52.000000000 +0200 +@@ -78,10 +78,22 @@ + {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, + {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, + {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, ++ {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, + {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, + {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, +- {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1}, ++ {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1}, + {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, +--- ssldump-0.9b3/ssl/ssl.enums.c 2001-07-20 18:44:36.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl.enums.c.aes 2010-04-06 16:40:14.000000000 +0200 +@@ -151,7 +151,7 @@ + "application_data", + decode_ContentType_application_data + }, +-{0} ++{-1} + }; + + static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) +@@ -163,6 +163,7 @@ + + + printf("\n"); ++ return(0); + + } + static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) +@@ -368,6 +369,7 @@ + + + printf("\n"); ++ return(0); + + } + static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) +@@ -611,6 +613,54 @@ + "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + 0 }, + { ++ 47, ++ "TLS_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 48, ++ "TLS_DH_DSS_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49, ++ "TLS_DH_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 50, ++ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 51, ++ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 52, ++ "TLS_DH_anon_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 53, ++ "TLS_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 54, ++ "TLS_DH_DSS_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 55, ++ "TLS_DH_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 56, ++ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 57, ++ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 58, ++ "TLS_DH_anon_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { + 96, + "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", + 0 }, +--- ssldump-0.9b3/ssl/ssl_enum.c 2000-10-09 07:14:02.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl_enum.c.aes 2010-04-06 16:57:15.000000000 +0200 +@@ -70,7 +70,7 @@ + "application_data", + decode_ContentType_application_data + }, +-{0} ++{-1} + }; + + static int decode_HandshakeType_hello_request(ssl,dir,seg,data) diff --git a/testing/ssldump/0040-cvs-20060619.patch b/testing/ssldump/0040-cvs-20060619.patch new file mode 100644 index 0000000000..7b7c6b305d --- /dev/null +++ b/testing/ssldump/0040-cvs-20060619.patch @@ -0,0 +1,191 @@ +Patch by Michael Calmer <mc@suse.de> for ssldump >= 0.9b3 which backports several +fixes and some minor enhancements from upstream CVS 2006-06-19. + +--- ssldump-0.9b3/ssl/sslprint.c 2002-08-17 03:33:17.000000000 +0200 ++++ ssldump-0.9b3/ssl/sslprint.c.cvs 2010-04-06 17:12:40.000000000 +0200 +@@ -248,12 +248,12 @@ + SSL_DECODE_UINT16(ssl,0,0,&d,&length); + + if(d.len!=length){ +- explain(ssl,"Short record\n"); ++ explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len); + return(0); + } + + P_(P_RH){ +- explain(ssl,"V%d.%d(%d)",vermaj,vermin,length); ++ explain(ssl," V%d.%d(%d)",vermaj,vermin,length); + } + + +@@ -262,19 +262,22 @@ + r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d); + + if(r==SSL_BAD_MAC){ +- explain(ssl," bad MAC\n"); ++ explain(ssl," bad MAC\n"); + return(0); + } + + if(r){ +- if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) ++ if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) { ++ printf(" unknown record type: %d\n", ct); + ERETURN(r); ++ } + printf("\n"); + } + else{ +- if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, +- &d)) ++ if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) { ++ printf(" unknown record type: %d\n", ct); + ERETURN(r); ++ } + } + + return(0); +@@ -369,7 +372,7 @@ + dtable++; + } + +- return(-1); ++ return(R_NOT_FOUND); + } + + int ssl_decode_enum(ssl,name,size,dtable,p,data,x) +@@ -416,8 +419,7 @@ + dtable++; + } + +- explain(ssl,"%s","unknown value"); +- return(0); ++ return(R_NOT_FOUND); + } + + int explain(ssl_obj *ssl,char *format,...) +@@ -535,7 +537,7 @@ + + printf("\n"); + for(i=0;i<d->len;i++){ +- if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){ ++ if(d->data[i] == 0 || (!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i]))){ + bit8=1; + break; + } +@@ -557,7 +559,8 @@ + else{ + int nl=1; + INDENT; +- printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){ ++ printf("---------------------------------------------------------------\n"); ++ if(SSL_print_flags & SSL_PRINT_NROFF){ + if(ssl->process_ciphertext & ssl->direction) + printf("\\f[CI]"); + else +--- ssldump-0.9b3/ssl/ssl_analyze.c 2010-04-06 16:58:23.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl_analyze.c.cvs 2010-04-06 17:08:22.000000000 +0200 +@@ -359,12 +359,16 @@ + case 23: + break; + default: +- printf("Unknown SSL content type %d\n",q->data[0] & 255); +- ABORT(R_INTERNAL); ++ DBG((0,"Unknown SSL content type %d for segment %u:%u(%u)", ++ q->data[0] & 255,seg->s_seq,seg->s_seq+seg->len,seg->len)); + } + + rec_len=COMBINE(q->data[3],q->data[4]); + ++ /* SSL v3.0 spec says a record may not exceed 2**14 + 2048 == 18432 */ ++ if(rec_len > 18432) ++ ABORT(R_INTERNAL); ++ + /*Expand the buffer*/ + if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){ + if(!(q->data=realloc(q->data,rec_len+5))) +--- ssldump-0.9b3/base/tcppack.c 2002-09-09 23:02:58.000000000 +0200 ++++ ssldump-0.9b3/base/tcppack.c.cvs 2010-04-06 17:06:46.000000000 +0200 +@@ -95,11 +95,11 @@ + proper order. This shouldn't be a problem, though, + except for simultaneous connects*/ + if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ +- DBG((0,"TCP: rejecting packet from unknown connection\n")); ++ DBG((0,"TCP: rejecting packet from unknown connection, seq: %u\n",ntohl(p->tcp->th_seq))); + return(0); + } + +- DBG((0,"SYN1\n")); ++ DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); + if(r=new_connection(handler,ctx,p,&conn)) + ABORT(r); + conn->i2r.seq=ntohl(p->tcp->th_seq)+1; +@@ -117,14 +117,14 @@ + conn->r2i.seq=ntohl(p->tcp->th_seq)+1; + conn->r2i.ack=ntohl(p->tcp->th_ack)+1; + conn->state=TCP_STATE_SYN2; +- DBG((0,"SYN2\n")); ++ DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); + break; + case TCP_STATE_SYN2: + { + char *sn=0,*dn=0; + if(direction != DIR_I2R) + break; +- DBG((0,"ACK\n")); ++ DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq))); + conn->i2r.ack=ntohl(p->tcp->th_ack)+1; + lookuphostname(&conn->i_addr,&sn); + lookuphostname(&conn->r_addr,&dn); +@@ -228,7 +228,8 @@ + l=p->len - p->tcp->th_off * 4; + + if(stream->close){ +- DBG((0,"Rejecting packet received after FIN")); ++ DBG((0,"Rejecting packet received after FIN: %u:%u(%u)", ++ ntohl(p->tcp->th_seq),ntohl(p->tcp->th_seq+l),l)); + return(0); + } + +@@ -341,20 +342,26 @@ + if(conn->state == TCP_STATE_ESTABLISHED) + conn->state=TCP_STATE_FIN1; + else +- conn->state=TCP_STATE_CLOSED; ++ conn->state=TCP_STATE_CLOSED; + } + + stream->oo_queue=seg->next; + seg->next=0; + stream->seq=seg->s_seq + seg->len; + +- if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) ++ DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); ++ if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) { ++ DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); + ABORT(r); ++ } + } + + if(stream->close){ +- if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) +- ABORT(r); ++ DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); ++ if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) { ++ DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); ++ ABORT(r); ++ } + } + + free_tcp_segment_queue(_seg.next); +--- ssldump-0.9b3/common/lib/r_assoc.c 2001-12-24 07:06:26.000000000 +0100 ++++ ssldump-0.9b3/common/lib/r_assoc.c.cvs 2010-04-06 17:01:11.000000000 +0200 +@@ -306,7 +306,7 @@ + ABORT(R_NO_MEMORY); + for(i=0;i<new->size;i++){ + if(r=copy_assoc_chain(new->chains+i,old->chains[i])) +- ABORT(r); ++ ABORT(R_NO_MEMORY); + } + *newp=new; + diff --git a/testing/ssldump/0050-table-stops.patch b/testing/ssldump/0050-table-stops.patch new file mode 100644 index 0000000000..f3f7920e87 --- /dev/null +++ b/testing/ssldump/0050-table-stops.patch @@ -0,0 +1,54 @@ +Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which is +changing the decoder table ends from 0 to -1 to match the expected value of table +search routines. Without this patch, ssldump segfaults at latest after some time +of usage when decoding unknown enumerated values. For further information, please +have a look to Red Hat Bugzilla, bug ID #747398. + +--- ssldump-0.9b3/ssl/ssl.enums.c 2011-10-24 22:33:03.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl.enums.c.table-stops 2011-10-24 22:34:20.000000000 +0200 +@@ -500,7 +500,7 @@ + "Finished", + decode_HandshakeType_Finished + }, +-{0} ++{-1} + }; + + decoder cipher_suite_decoder[]={ +@@ -778,7 +778,7 @@ + "fatal", + decode_AlertLevel_fatal + }, +-{0} ++{-1} + }; + + static int decode_AlertDescription_close_notify(ssl,dir,seg,data) +@@ -1081,7 +1081,7 @@ + "no_renegotiation", + decode_AlertDescription_no_renegotiation + }, +-{0} ++{-1} + }; + + decoder compression_method_decoder[]={ +@@ -1145,6 +1145,6 @@ + "dss_fixed_dh", + decode_client_certificate_type_dss_fixed_dh + }, +-{0} ++{-1} + }; + +--- ssldump-0.9b3/ssl/ssl_enum.c 2011-10-24 22:33:03.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl_enum.c.table-stops 2011-10-24 22:34:44.000000000 +0200 +@@ -260,7 +260,7 @@ + "finished", + decode_HandshakeType_finished + }, +-{0} ++{-1} + }; + + decoder cipher_suite_decoder[]={ diff --git a/testing/ssldump/0060-link_layer.patch b/testing/ssldump/0060-link_layer.patch new file mode 100644 index 0000000000..0b4df7cd66 --- /dev/null +++ b/testing/ssldump/0060-link_layer.patch @@ -0,0 +1,91 @@ +Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3 which adds +some further link layer offsets; inspirated from the original DLT_LINUX_SLL patch +by PeBek at http://sourceforge.net/p/ssldump/patches/6/. + +--- ssldump-0.9b3/base/pcap-snoop.c 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/base/pcap-snoop.c.link_layer 2014-05-04 02:20:21.000000000 +0200 +@@ -136,6 +136,10 @@ + len=hdr->len; + + switch(pcap_if_type){ ++ case DLT_RAW: ++#ifdef DLT_LOOP ++ case DLT_LOOP: ++#endif + case DLT_NULL: + data+=4; + len-=4; +@@ -158,6 +162,73 @@ + return; + + break; ++ case DLT_IEEE802: ++ data+=22; ++ len-=22; ++ break; ++ case DLT_FDDI: ++ data+=21; ++ len-=21; ++ break; ++#ifdef __amigaos__ ++ case DLT_MIAMI: ++ data+=16; ++ len-=16; ++ break; ++#endif ++ case DLT_SLIP: ++#ifdef DLT_SLIP_BSDOS ++ case DLT_SLIP_BSDOS: ++#endif ++#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__) ++ data+=16; ++ len-=16; ++#else ++ data+=24; ++ len-=24; ++#endif ++ break; ++ case DLT_PPP: ++#ifdef DLT_PPP_BSDOS ++ case DLT_PPP_BSDOS: ++#endif ++#ifdef DLT_PPP_SERIAL ++ case DLT_PPP_SERIAL: ++#endif ++#ifdef DLT_PPP_ETHER ++ case DLT_PPP_ETHER: ++#endif ++#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__) ++ data+=4; ++ len-=4; ++#else ++#if defined(sun) || defined(__sun) ++ data+=8; ++ len-=8; ++#else ++ data+=24; ++ len-=24; ++#endif ++#endif ++ break; ++#ifdef DLT_ENC ++ case DLT_ENC: ++ data+=12; ++ len-=12; ++ break; ++#endif ++#ifdef DLT_LINUX_SLL ++ case DLT_LINUX_SLL: ++ data+=16; ++ len-=16; ++ break; ++#endif ++#ifdef DLT_IPNET ++ case DLT_IPNET: ++ data+=24; ++ len-=24; ++ break; ++#endif + } + network_process_packet(n,&hdr->ts,data,len); + } diff --git a/testing/ssldump/0070-pcap-vlan.patch b/testing/ssldump/0070-pcap-vlan.patch new file mode 100644 index 0000000000..1c58d87c60 --- /dev/null +++ b/testing/ssldump/0070-pcap-vlan.patch @@ -0,0 +1,36 @@ +Patch by David Holmes <dholmesf5@users.sourceforge.net> for ssldump >= 0.9b3 which +adds a filter to include traffic with or without the 802.1Q VLAN header. + +--- ssldump-0.9b3/base/pcap-snoop.c 2014-05-04 02:20:21.000000000 +0200 ++++ ssldump-0.9b3/base/pcap-snoop.c.pcap-vlan 2014-05-04 05:22:43.000000000 +0200 +@@ -385,6 +385,30 @@ + if(filter){ + struct bpf_program fp; + ++ /* (F5 patch) ++ * reformat filter to include traffic with or without the 802.1q ++ * vlan header. for example, "port 80" becomes: ++ * "( port 80 ) or ( vlan and port 80 )". ++ * note that if the filter includes the literals vlan, tagged, or ++ * untagged, then it is assumed that the user knows what she is ++ * doing, and the filter is not reformatted. ++ */ ++ if ((pcap_datalink(p) == DLT_EN10MB) && ++ (filter != NULL) && ++ (strstr(filter,"vlan") == NULL)) { ++ char *tmp_filter; ++ char *fmt = "( (not ether proto 0x8100) and (%s) ) or ( vlan and (%s) )"; ++ ++ tmp_filter = (char *)malloc((strlen(filter) * 2) + strlen(fmt) + 1); ++ if (tmp_filter == NULL) { ++ fprintf(stderr,"PCAP: malloc failed\n"); ++ err_exit("Aborting",-1); ++ } ++ ++ sprintf(tmp_filter,fmt,filter,filter); ++ filter = tmp_filter; ++ } ++ + if(pcap_compile(p,&fp,filter,0,netmask)<0) + verr_exit("PCAP: %s\n",pcap_geterr(p)); + diff --git a/testing/ssldump/0080-tlsv12.patch b/testing/ssldump/0080-tlsv12.patch new file mode 100644 index 0000000000..fae15c85b2 --- /dev/null +++ b/testing/ssldump/0080-tlsv12.patch @@ -0,0 +1,218 @@ +Patch by David Holmes <dholmesf5@users.sourceforge.net> (revised by Paul Aurich +<darkrain@users.sourceforge.net>, minor changes for compilation by Robert Scheck +<robert@fedoraproject.org>) for ssldump >= 0.9b3 which adds TLSv1.1 and TLSv1.2 +application data decrypt support. For further information please have a look to +http://sourceforge.net/p/ssldump/patches/8/. + +--- ssldump-0.9b3/ssl/ssl_rec.c 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl_rec.c.tlsv12 2014-05-04 05:30:22.000000000 +0200 +@@ -68,19 +68,28 @@ + }; + + +-static char *digests[]={ ++char *digests[]={ + "MD5", + "SHA1" ++ "SHA224", ++ "SHA256", ++ "SHA384", ++ "SHA512", ++ NULL + }; + +-static char *ciphers[]={ ++char *ciphers[]={ + "DES", +- "DES3", ++ "3DES", + "RC4", + "RC2", + "IDEA", + "AES128", +- "AES256" ++ "AES256", ++ "CAMELLIA128", ++ "CAMELLIA256", ++ "SEED", ++ NULL + }; + + +@@ -192,6 +201,19 @@ + ERETURN(r); + } + else{ ++ /* TLS 1.1 and beyond: remove explicit IV, only used with ++ * non-stream ciphers. */ ++ if (ssl->version>=0x0302 && ssl->cs->block > 1) { ++ UINT4 blk = ssl->cs->block; ++ if (blk <= *outl) { ++ *outl-=blk; ++ memmove(out, out+blk, *outl); ++ } ++ else { ++ DBG((0,"Block size greater than Plaintext!")); ++ ERETURN(SSL_BAD_MAC); ++ } ++ } + if(r=tls_check_mac(d,ct,version,out,*outl,mac)) + ERETURN(r); + } +@@ -231,7 +253,7 @@ + HMAC_CTX hm; + const EVP_MD *md; + UINT4 l; +- UCHAR buf[20]; ++ UCHAR buf[128]; + + md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); + HMAC_Init(&hm,d->mac_key->data,d->mac_key->len,md); +--- ssldump-0.9b3/ssl/sslciphers.h 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/ssl/sslciphers.h.tlsv12 2014-05-04 05:07:20.000000000 +0200 +@@ -73,10 +73,17 @@ + #define ENC_IDEA 0x34 + #define ENC_AES128 0x35 + #define ENC_AES256 0x36 +-#define ENC_NULL 0x37 ++#define ENC_CAMELLIA128 0x37 ++#define ENC_CAMELLIA256 0x38 ++#define ENC_SEED 0x39 ++#define ENC_NULL 0x3a + + #define DIG_MD5 0x40 + #define DIG_SHA 0x41 ++#define DIG_SHA224 0x42 /* Not sure why EKR didn't follow RFC for */ ++#define DIG_SHA256 0x43 /* these values, but whatever, just adding on */ ++#define DIG_SHA384 0x44 ++#define DIG_SHA512 0x45 + + int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs)); + +--- ssldump-0.9b3/ssl/ssldecode.c 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssldecode.c.tlsv12 2014-05-04 05:29:43.000000000 +0200 +@@ -61,11 +61,14 @@ + + #define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \ + ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \ +- tls_prf(ssl,secret,usage,rnd1,rnd2,out) ++ ((ssl->version == TLSV12_VERSION) ? \ ++ tls12_prf(ssl,secret,usage,rnd1,rnd2,out): \ ++ tls_prf(ssl,secret,usage,rnd1,rnd2,out)) + + + static char *ssl_password; + ++extern char *digests; + extern UINT4 SSL_print_flags; + + struct ssl_decode_ctx_ { +@@ -98,6 +101,8 @@ + #ifdef OPENSSL + static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed, + const EVP_MD *md,Data *out)); ++static int tls12_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, ++ Data *rnd1,Data *rnd2,Data *out)); + static int tls_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, + Data *rnd1,Data *rnd2,Data *out)); + static int ssl3_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, +@@ -432,10 +437,9 @@ + + switch(ssl->version){ + case SSLV3_VERSION: +- if(r=ssl_generate_keying_material(ssl,d)) +- ABORT(r); +- break; + case TLSV1_VERSION: ++ case TLSV11_VERSION: ++ case TLSV12_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; +@@ -535,10 +539,9 @@ + + switch(ssl->version){ + case SSLV3_VERSION: +- if(r=ssl_generate_keying_material(ssl,d)) +- ABORT(r); +- break; + case TLSV1_VERSION: ++ case TLSV11_VERSION: ++ case TLSV12_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; +@@ -572,7 +575,7 @@ + int left=out->len; + int tocpy; + UCHAR *A; +- UCHAR _A[20],tmp[20]; ++ UCHAR _A[128],tmp[128]; + unsigned int A_l,tmp_l; + HMAC_CTX hm; + +@@ -665,6 +668,53 @@ + + } + ++static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out) ++ ssl_obj *ssl; ++ Data *secret; ++ char *usage; ++ Data *rnd1; ++ Data *rnd2; ++ Data *out; ++ ++ { ++ const EVP_MD *md; ++ int r,_status; ++ Data *sha_out=0; ++ Data *seed; ++ UCHAR *ptr; ++ int i, dgi; ++ ++ if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */ ++ ABORT(r); ++ if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) ++ ABORT(r); ++ ptr=seed->data; ++ memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); ++ memcpy(ptr,rnd1->data,rnd1->len); ptr+=rnd1->len; ++ memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len; ++ ++ /* Earlier versions of openssl didn't have SHA256 of course... */ ++ dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40; ++ if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) { ++ DBG((0,"Cannot get EVP for digest %s, openssl library current?", ++ digests[dgi])); ++ ERETURN(SSL_BAD_MAC); ++ } ++ if(r=tls_P_hash(ssl,secret,seed,md,sha_out)) ++ ABORT(r); ++ ++ for(i=0;i<out->len;i++) ++ out->data[i]=sha_out->data[i]; ++ ++ CRDUMPD("PRF out",out); ++ _status=0; ++ abort: ++ r_data_destroy(&sha_out); ++ r_data_destroy(&seed); ++ return(_status); ++ ++ } ++ + static int ssl3_generate_export_iv(ssl,r1,r2,out) + ssl_obj *ssl; + Data *r1; +--- ssldump-0.9b3/ssl/ssl_h.h 2002-08-17 03:33:17.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl_h.h.tlsv12 2014-05-04 05:17:30.000000000 +0200 +@@ -121,6 +121,8 @@ + + #define SSLV3_VERSION 0x300 + #define TLSV1_VERSION 0x301 ++#define TLSV11_VERSION 0x302 ++#define TLSV12_VERSION 0x303 + + /*State defines*/ + #define SSL_ST_SENT_NOTHING 0 diff --git a/testing/ssldump/0090-ssl-enums.patch b/testing/ssldump/0090-ssl-enums.patch new file mode 100644 index 0000000000..ed2854833a --- /dev/null +++ b/testing/ssldump/0090-ssl-enums.patch @@ -0,0 +1,1806 @@ +Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3 which is +updating the known cipher suites according to IANA. Note that the diff of second +file has been generated using "grep ' CipherSuite ' ssl/ssl.enums > ssl-enums" and +"python ssl-util.py". The helper script is based on a script by Mike Tigas, see +also https://gist.github.com/mtigas/5969597#file-5-conv-py for the helper script. + +--- snipp ssl-util.py --- +#!/usr/bin/env python +import re + +r = re.compile(r'\s+CipherSuite\s+(?P<proto>(?:TLS|SSL)_\w+)\s+=\s+\{\s+0x(?P<high>[0-9a-fA-F]{2}),0x(?P<low>[0-9a-fA-F]{2})\s+\};') +if __name__ == "__main__": + f = open('ssl-enums', 'rb') + for line in f: + res = r.search(line) + if res: + data = res.groupdict() + val = '0x%s%s' % (data['high'], data['low']) + proto = data['proto'] + print "\t{\n\t\t%d,\n\t\t\"%s\",\n\t\t0\t}," % (int(val, 16), proto) + else: + raise Exception +--- snapp ssl-util.py --- + +--- ssldump-0.9b3/ssl/ssl.enums 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl.enums.ssl-enums 2014-05-04 14:34:29.000000000 +0200 +@@ -329,67 +329,370 @@ + } HandshakeType; + + constant { +- CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 }; +- CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 }; +- CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 }; +- CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 }; +- CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 }; +- CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 }; +- CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; +- CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 }; +- CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 }; +- CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A }; +- CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B }; +- CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; +- CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D }; +- CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E }; +- CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; +- CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 }; +- CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 }; +- CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; +- CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 }; +- CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 }; +- CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; +- CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; +- CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 }; +- CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 }; +- CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; +- CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; +- CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; +- CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F }; +- CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 }; +- CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 }; +- CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 }; +- CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 }; +- CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 }; +- CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 }; +- CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 }; +- CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 }; +- CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 }; +- CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 }; +- CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A }; +- CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; +- CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; +- CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; +- CipherSuite TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x63 }; +- CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = { 0x00,0x64 }; +- CipherSuite TLS_DHE_DSS_WITH_RC2_56_CBC_SHA = { 0x00,0x65 }; +- CipherSuite TLS_DHE_DSS_WITH_RC4_128_SHA = { 0x00,0x66 }; +- CipherSuite TLS_DHE_DSS_WITH_NULL_SHA = { 0x00,0x67 }; +- CipherSuite SSL2_CK_RC4 = { 0x01,0x00,0x80}; +- CipherSuite SSL2_CK_RC4_EXPORT40 = { 0x02,0x00,0x80}; +- CipherSuite SSL2_CK_RC2 = { 0x03,0x00,0x80}; +- CipherSuite SSL2_CK_RC2_EXPORT40 = { 0x04,0x00,0x80}; +- CipherSuite SSL2_CK_IDEA = { 0x05,0x00,0x80}; +- CipherSuite SSL2_CK_DES = { 0x06,0x00,0x40}; +- CipherSuite SSL2_CK_RC464 = { 0x08,0x00,0x80}; +- CipherSuite SSL2_CK_3DES = { 0x07,0x00,0xc0}; +- CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = {0x00,0x4a}; +- CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = {0x00,0x48}; +- CipherSuite SSL_RSA_WITH_RC2_CBC_MD5 = {0xff,0x80}; +- CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = {0x00,0x49}; +- CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA={0xff,0x85}; +- CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA={0xff,0x84}; ++ // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt ++ CipherSuite TLS_NULL_WITH_NULL_NULL = { 0x00,0x00 }; ++ CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 }; ++ CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 }; ++ CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 }; ++ CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 }; ++ CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 }; ++ CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 }; ++ CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; ++ CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 }; ++ CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 }; ++ CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A }; ++ CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B }; ++ CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; ++ CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D }; ++ CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E }; ++ CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; ++ CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 }; ++ CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 }; ++ CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; ++ CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 }; ++ CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 }; ++ CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; ++ CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; ++ CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 }; ++ CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 }; ++ CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; ++ CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; ++ CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; ++ CipherSuite TLS_KRB5_WITH_DES_CBC_SHA = { 0x00,0x1E }; ++ CipherSuite TLS_KRB5_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1F }; ++ CipherSuite TLS_KRB5_WITH_RC4_128_SHA = { 0x00,0x20 }; ++ CipherSuite TLS_KRB5_WITH_IDEA_CBC_SHA = { 0x00,0x21 }; ++ CipherSuite TLS_KRB5_WITH_DES_CBC_MD5 = { 0x00,0x22 }; ++ CipherSuite TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = { 0x00,0x23 }; ++ CipherSuite TLS_KRB5_WITH_RC4_128_MD5 = { 0x00,0x24 }; ++ CipherSuite TLS_KRB5_WITH_IDEA_CBC_MD5 = { 0x00,0x25 }; ++ CipherSuite TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = { 0x00,0x26 }; ++ CipherSuite TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = { 0x00,0x27 }; ++ CipherSuite TLS_KRB5_EXPORT_WITH_RC4_40_SHA = { 0x00,0x28 }; ++ CipherSuite TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = { 0x00,0x29 }; ++ CipherSuite TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x2A }; ++ CipherSuite TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x2B }; ++ CipherSuite TLS_PSK_WITH_NULL_SHA = { 0x00,0x2C }; ++ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA = { 0x00,0x2D }; ++ CipherSuite TLS_RSA_PSK_WITH_NULL_SHA = { 0x00,0x2E }; ++ CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F }; ++ CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 }; ++ CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 }; ++ CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 }; ++ CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 }; ++ CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 }; ++ CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 }; ++ CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A }; ++ CipherSuite TLS_RSA_WITH_NULL_SHA256 = { 0x00,0x3B }; ++ CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = { 0x00,0x3C }; ++ CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = { 0x00,0x3D }; ++ CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = { 0x00,0x3E }; ++ CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = { 0x00,0x3F }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = { 0x00,0x40 }; ++ CipherSuite TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x41 }; ++ CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x42 }; ++ CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x43 }; ++ CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x44 }; ++ CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x45 }; ++ CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x46 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = { 0x00,0x67 }; ++ CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = { 0x00,0x68 }; ++ CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = { 0x00,0x69 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = { 0x00,0x6A }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = { 0x00,0x6B }; ++ CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA256 = { 0x00,0x6C }; ++ CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA256 = { 0x00,0x6D }; ++ CipherSuite TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x84 }; ++ CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x85 }; ++ CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x86 }; ++ CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x87 }; ++ CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x88 }; ++ CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x89 }; ++ CipherSuite TLS_PSK_WITH_RC4_128_SHA = { 0x00,0x8A }; ++ CipherSuite TLS_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00,0x8B }; ++ CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA = { 0x00,0x8C }; ++ CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00,0x8D }; ++ CipherSuite TLS_DHE_PSK_WITH_RC4_128_SHA = { 0x00,0x8E }; ++ CipherSuite TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00,0x8F }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA = { 0x00,0x90 }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA = { 0x00,0x91 }; ++ CipherSuite TLS_RSA_PSK_WITH_RC4_128_SHA = { 0x00,0x92 }; ++ CipherSuite TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00,0x93 }; ++ CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA = { 0x00,0x94 }; ++ CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA = { 0x00,0x95 }; ++ CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = { 0x00,0x96 }; ++ CipherSuite TLS_DH_DSS_WITH_SEED_CBC_SHA = { 0x00,0x97 }; ++ CipherSuite TLS_DH_RSA_WITH_SEED_CBC_SHA = { 0x00,0x98 }; ++ CipherSuite TLS_DHE_DSS_WITH_SEED_CBC_SHA = { 0x00,0x99 }; ++ CipherSuite TLS_DHE_RSA_WITH_SEED_CBC_SHA = { 0x00,0x9A }; ++ CipherSuite TLS_DH_anon_WITH_SEED_CBC_SHA = { 0x00,0x9B }; ++ CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = { 0x00,0x9C }; ++ CipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 = { 0x00,0x9D }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = { 0x00,0x9E }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = { 0x00,0x9F }; ++ CipherSuite TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = { 0x00,0xA0 }; ++ CipherSuite TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = { 0x00,0xA1 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = { 0x00,0xA2 }; ++ CipherSuite TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = { 0x00,0xA3 }; ++ CipherSuite TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = { 0x00,0xA4 }; ++ CipherSuite TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = { 0x00,0xA5 }; ++ CipherSuite TLS_DH_anon_WITH_AES_128_GCM_SHA256 = { 0x00,0xA6 }; ++ CipherSuite TLS_DH_anon_WITH_AES_256_GCM_SHA384 = { 0x00,0xA7 }; ++ CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = { 0x00,0xA8 }; ++ CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = { 0x00,0xA9 }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = { 0x00,0xAA }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = { 0x00,0xAB }; ++ CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = { 0x00,0xAC }; ++ CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = { 0x00,0xAD }; ++ CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = { 0x00,0xAE }; ++ CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = { 0x00,0xAF }; ++ CipherSuite TLS_PSK_WITH_NULL_SHA256 = { 0x00,0xB0 }; ++ CipherSuite TLS_PSK_WITH_NULL_SHA384 = { 0x00,0xB1 }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = { 0x00,0xB2 }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = { 0x00,0xB3 }; ++ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = { 0x00,0xB4 }; ++ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = { 0x00,0xB5 }; ++ CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = { 0x00,0xB6 }; ++ CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = { 0x00,0xB7 }; ++ CipherSuite TLS_RSA_PSK_WITH_NULL_SHA256 = { 0x00,0xB8 }; ++ CipherSuite TLS_RSA_PSK_WITH_NULL_SHA384 = { 0x00,0xB9 }; ++ CipherSuite TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0x00,0xBA }; ++ CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = { 0x00,0xBB }; ++ CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0x00,0xBC }; ++ CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = { 0x00,0xBD }; ++ CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0x00,0xBE }; ++ CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = { 0x00,0xBF }; ++ CipherSuite TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = { 0x00,0xC0 }; ++ CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = { 0x00,0xC1 }; ++ CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = { 0x00,0xC2 }; ++ CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = { 0x00,0xC3 }; ++ CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = { 0x00,0xC4 }; ++ CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = { 0x00,0xC5 }; ++ CipherSuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV = { 0x00,0xFF }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0,0x01 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0,0x02 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x03 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = { 0xC0,0x04 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0,0x05 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_NULL_SHA = { 0xC0,0x06 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = { 0xC0,0x07 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x08 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = { 0xC0,0x09 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0,0x0A }; ++ CipherSuite TLS_ECDH_RSA_WITH_NULL_SHA = { 0xC0,0x0B }; ++ CipherSuite TLS_ECDH_RSA_WITH_RC4_128_SHA = { 0xC0,0x0C }; ++ CipherSuite TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x0D }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = { 0xC0,0x0E }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = { 0xC0,0x0F }; ++ CipherSuite TLS_ECDHE_RSA_WITH_NULL_SHA = { 0xC0,0x10 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_RC4_128_SHA = { 0xC0,0x11 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x12 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = { 0xC0,0x13 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = { 0xC0,0x14 }; ++ CipherSuite TLS_ECDH_anon_WITH_NULL_SHA = { 0xC0,0x15 }; ++ CipherSuite TLS_ECDH_anon_WITH_RC4_128_SHA = { 0xC0,0x16 }; ++ CipherSuite TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x17 }; ++ CipherSuite TLS_ECDH_anon_WITH_AES_128_CBC_SHA = { 0xC0,0x18 }; ++ CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA = { 0xC0,0x19 }; ++ CipherSuite TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x1A }; ++ CipherSuite TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x1B }; ++ CipherSuite TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x1C }; ++ CipherSuite TLS_SRP_SHA_WITH_AES_128_CBC_SHA = { 0xC0,0x1D }; ++ CipherSuite TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = { 0xC0,0x1E }; ++ CipherSuite TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = { 0xC0,0x1F }; ++ CipherSuite TLS_SRP_SHA_WITH_AES_256_CBC_SHA = { 0xC0,0x20 }; ++ CipherSuite TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = { 0xC0,0x21 }; ++ CipherSuite TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = { 0xC0,0x22 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = { 0xC0,0x23 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = { 0xC0,0x24 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = { 0xC0,0x25 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = { 0xC0,0x26 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = { 0xC0,0x27 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = { 0xC0,0x28 }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = { 0xC0,0x29 }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = { 0xC0,0x2A }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = { 0xC0,0x2B }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = { 0xC0,0x2C }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = { 0xC0,0x2D }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = { 0xC0,0x2E }; ++ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = { 0xC0,0x2F }; ++ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = { 0xC0,0x30 }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = { 0xC0,0x31 }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = { 0xC0,0x32 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_RC4_128_SHA = { 0xC0,0x33 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = { 0xC0,0x34 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = { 0xC0,0x35 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = { 0xC0,0x36 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = { 0xC0,0x37 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = { 0xC0,0x38 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_NULL_SHA = { 0xC0,0x39 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_NULL_SHA256 = { 0xC0,0x3A }; ++ CipherSuite TLS_ECDHE_PSK_WITH_NULL_SHA384 = { 0xC0,0x3B }; ++ CipherSuite TLS_RSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x3C }; ++ CipherSuite TLS_RSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x3D }; ++ CipherSuite TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x3E }; ++ CipherSuite TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x3F }; ++ CipherSuite TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x40 }; ++ CipherSuite TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x41 }; ++ CipherSuite TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x42 }; ++ CipherSuite TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x43 }; ++ CipherSuite TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x44 }; ++ CipherSuite TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x45 }; ++ CipherSuite TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x46 }; ++ CipherSuite TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x47 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x48 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x49 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x4A }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x4B }; ++ CipherSuite TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x4C }; ++ CipherSuite TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x4D }; ++ CipherSuite TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x4E }; ++ CipherSuite TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x4F }; ++ CipherSuite TLS_RSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x50 }; ++ CipherSuite TLS_RSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x51 }; ++ CipherSuite TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x52 }; ++ CipherSuite TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x53 }; ++ CipherSuite TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x54 }; ++ CipherSuite TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x55 }; ++ CipherSuite TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x56 }; ++ CipherSuite TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x57 }; ++ CipherSuite TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x58 }; ++ CipherSuite TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x59 }; ++ CipherSuite TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x5A }; ++ CipherSuite TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x5B }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x5C }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x5D }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x5E }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x5F }; ++ CipherSuite TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x60 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x61 }; ++ CipherSuite TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x62 }; ++ CipherSuite TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x63 }; ++ CipherSuite TLS_PSK_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x64 }; ++ CipherSuite TLS_PSK_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x65 }; ++ CipherSuite TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x66 }; ++ CipherSuite TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x67 }; ++ CipherSuite TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x68 }; ++ CipherSuite TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x69 }; ++ CipherSuite TLS_PSK_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x6A }; ++ CipherSuite TLS_PSK_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x6B }; ++ CipherSuite TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x6C }; ++ CipherSuite TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x6D }; ++ CipherSuite TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = { 0xC0,0x6E }; ++ CipherSuite TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = { 0xC0,0x6F }; ++ CipherSuite TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = { 0xC0,0x70 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = { 0xC0,0x71 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x72 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x73 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x74 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x75 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x76 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x77 }; ++ CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x78 }; ++ CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x79 }; ++ CipherSuite TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x7A }; ++ CipherSuite TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x7B }; ++ CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x7C }; ++ CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x7D }; ++ CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x7E }; ++ CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x7F }; ++ CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x80 }; ++ CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x81 }; ++ CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x82 }; ++ CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x83 }; ++ CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x84 }; ++ CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x85 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x86 }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x87 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x88 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x89 }; ++ CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x8A }; ++ CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x8B }; ++ CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x8C }; ++ CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x8D }; ++ CipherSuite TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x8E }; ++ CipherSuite TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x8F }; ++ CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x90 }; ++ CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x91 }; ++ CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = { 0xC0,0x92 }; ++ CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = { 0xC0,0x93 }; ++ CipherSuite TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x94 }; ++ CipherSuite TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x95 }; ++ CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x96 }; ++ CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x97 }; ++ CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x98 }; ++ CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x99 }; ++ CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = { 0xC0,0x9A }; ++ CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = { 0xC0,0x9B }; ++ CipherSuite TLS_RSA_WITH_AES_128_CCM = { 0xC0,0x9C }; ++ CipherSuite TLS_RSA_WITH_AES_256_CCM = { 0xC0,0x9D }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_128_CCM = { 0xC0,0x9E }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_256_CCM = { 0xC0,0x9F }; ++ CipherSuite TLS_RSA_WITH_AES_128_CCM_8 = { 0xC0,0xA0 }; ++ CipherSuite TLS_RSA_WITH_AES_256_CCM_8 = { 0xC0,0xA1 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_128_CCM_8 = { 0xC0,0xA2 }; ++ CipherSuite TLS_DHE_RSA_WITH_AES_256_CCM_8 = { 0xC0,0xA3 }; ++ CipherSuite TLS_PSK_WITH_AES_128_CCM = { 0xC0,0xA4 }; ++ CipherSuite TLS_PSK_WITH_AES_256_CCM = { 0xC0,0xA5 }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_128_CCM = { 0xC0,0xA6 }; ++ CipherSuite TLS_DHE_PSK_WITH_AES_256_CCM = { 0xC0,0xA7 }; ++ CipherSuite TLS_PSK_WITH_AES_128_CCM_8 = { 0xC0,0xA8 }; ++ CipherSuite TLS_PSK_WITH_AES_256_CCM_8 = { 0xC0,0xA9 }; ++ CipherSuite TLS_PSK_DHE_WITH_AES_128_CCM_8 = { 0xC0,0xAA }; ++ CipherSuite TLS_PSK_DHE_WITH_AES_256_CCM_8 = { 0xC0,0xAB }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM = { 0xC0,0xAC }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM = { 0xC0,0xAD }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = { 0xC0,0xAE }; ++ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = { 0xC0,0xAF }; ++ // DRAFT-IETF-TLS-ECC ++ CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0x00,0x47 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0x00,0x48 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = { 0x00,0x49 }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x4A }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = { 0x00,0x4B }; ++ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = { 0x00,0x4C }; ++ CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA = { 0x00,0x4B }; ++ CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA = { 0x00,0x4C }; ++ CipherSuite TLS_ECDH_RSA_WITH_NULL_SHA = { 0x00,0x4D }; ++ CipherSuite TLS_ECDH_RSA_WITH_RC4_128_SHA = { 0x00,0x4E }; ++ CipherSuite TLS_ECDH_RSA_WITH_DES_CBC_SHA = { 0x00,0x4F }; ++ CipherSuite TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x50 }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x51 }; ++ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x52 }; ++ CipherSuite TLS_ECDH_RSA_EXPORT_WITH_RC4_40_SHA = { 0x00,0x53 }; ++ CipherSuite TLS_ECDH_RSA_EXPORT_WITH_RC4_56_SHA = { 0x00,0x54 }; ++ CipherSuite TLS_ECDH_anon_NULL_WITH_SHA = { 0x00,0x55 }; ++ CipherSuite TLS_ECDH_anon_WITH_RC4_128_SHA = { 0x00,0x56 }; ++ CipherSuite TLS_ECDH_anon_WITH_DES_CBC_SHA = { 0x00,0x57 }; ++ CipherSuite TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x58 }; ++ CipherSuite TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x59 }; ++ CipherSuite TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA = { 0x00,0x5A }; ++ // DRAFT-IETF-TLS-56-BIT-CIPHERSUITES ++ CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; ++ CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; ++ CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; ++ CipherSuite TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x63 }; ++ CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = { 0x00,0x64 }; ++ CipherSuite TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = { 0x00,0x65 }; ++ CipherSuite TLS_DHE_DSS_WITH_RC4_128_SHA = { 0x00,0x66 }; ++ // FIPS SSL (Netscape) ++ CipherSuite SSL_RSA_FIPS_WITH_DES_CBC_SHA = { 0xFE,0xFE }; ++ CipherSuite SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = { 0xFE,0xFF }; ++ // SSL 2.0 ++ CipherSuite SSL2_RC4_128_WITH_MD5 = { 0x01,0x00,0x80 }; ++ CipherSuite SSL2_RC4_128_EXPORT40_WITH_MD5 = { 0x02,0x00,0x80 }; ++ CipherSuite SSL2_RC2_CBC_128_CBC_WITH_MD5 = { 0x03,0x00,0x80 }; ++ CipherSuite SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = { 0x04,0x00,0x80 }; ++ CipherSuite SSL2_IDEA_128_CBC_WITH_MD5 = { 0x05,0x00,0x80 }; ++ CipherSuite SSL2_DES_64_CBC_WITH_MD5 = { 0x06,0x00,0x40 }; ++ CipherSuite SSL2_DES_64_CBC_WITH_SHA = { 0x06,0x01,0x40 }; ++ CipherSuite SSL2_DES_192_EDE3_CBC_WITH_MD5 = { 0x07,0x00,0xc0 }; ++ CipherSuite SSL2_DES_192_EDE3_CBC_WITH_SHA = { 0x07,0x01,0xc0 }; ++ CipherSuite SSL2_RC4_64_WITH_MD5 = { 0x08,0x00,0x80 }; + } cipher_suite; + + +--- ssldump-0.9b3/ssl/ssl.enums.c 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/ssl/ssl.enums.c.ssl-enums 2014-05-04 18:37:48.000000000 +0200 +@@ -504,6 +504,11 @@ + }; + + decoder cipher_suite_decoder[]={ ++ // https://www.iana.org/assignments/tls-parameters/tls-parameters.txt ++ { ++ 0, ++ "TLS_NULL_WITH_NULL_NULL", ++ 0 }, + { + 1, + "TLS_RSA_WITH_NULL_MD5", +@@ -613,6 +618,74 @@ + "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + 0 }, + { ++ 30, ++ "TLS_KRB5_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 31, ++ "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 32, ++ "TLS_KRB5_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 33, ++ "TLS_KRB5_WITH_IDEA_CBC_SHA", ++ 0 }, ++ { ++ 34, ++ "TLS_KRB5_WITH_DES_CBC_MD5", ++ 0 }, ++ { ++ 35, ++ "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", ++ 0 }, ++ { ++ 36, ++ "TLS_KRB5_WITH_RC4_128_MD5", ++ 0 }, ++ { ++ 37, ++ "TLS_KRB5_WITH_IDEA_CBC_MD5", ++ 0 }, ++ { ++ 38, ++ "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", ++ 0 }, ++ { ++ 39, ++ "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", ++ 0 }, ++ { ++ 40, ++ "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", ++ 0 }, ++ { ++ 41, ++ "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", ++ 0 }, ++ { ++ 42, ++ "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", ++ 0 }, ++ { ++ 43, ++ "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", ++ 0 }, ++ { ++ 44, ++ "TLS_PSK_WITH_NULL_SHA", ++ 0 }, ++ { ++ 45, ++ "TLS_DHE_PSK_WITH_NULL_SHA", ++ 0 }, ++ { ++ 46, ++ "TLS_RSA_PSK_WITH_NULL_SHA", ++ 0 }, ++ { + 47, + "TLS_RSA_WITH_AES_128_CBC_SHA", + 0 }, +@@ -661,92 +734,1216 @@ + "TLS_DH_anon_WITH_AES_256_CBC_SHA", + 0 }, + { +- 96, +- "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", ++ 59, ++ "TLS_RSA_WITH_NULL_SHA256", + 0 }, + { +- 97, +- "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", ++ 60, ++ "TLS_RSA_WITH_AES_128_CBC_SHA256", + 0 }, + { +- 98, +- "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", ++ 61, ++ "TLS_RSA_WITH_AES_256_CBC_SHA256", + 0 }, + { +- 99, +- "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", ++ 62, ++ "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + 0 }, + { +- 100, +- "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", ++ 63, ++ "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + 0 }, + { +- 101, +- "TLS_DHE_DSS_WITH_RC2_56_CBC_SHA", ++ 64, ++ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + 0 }, + { +- 102, +- "TLS_DHE_DSS_WITH_RC4_128_SHA", ++ 65, ++ "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", ++ 0 }, ++ { ++ 66, ++ "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", ++ 0 }, ++ { ++ 67, ++ "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", ++ 0 }, ++ { ++ 68, ++ "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", ++ 0 }, ++ { ++ 69, ++ "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", ++ 0 }, ++ { ++ 70, ++ "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + 0 }, + { + 103, +- "TLS_DHE_DSS_WITH_NULL_SHA", ++ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + 0 }, + { +- 65664, +- "SSL2_CK_RC4", ++ 104, ++ "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + 0 }, + { +- 131200, +- "SSL2_CK_RC4_EXPORT40", ++ 105, ++ "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + 0 }, + { +- 196736, +- "SSL2_CK_RC2", ++ 106, ++ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + 0 }, + { +- 262272, +- "SSL2_CK_RC2_EXPORT40", ++ 107, ++ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + 0 }, + { +- 327808, +- "SSL2_CK_IDEA", ++ 108, ++ "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + 0 }, + { +- 393280, +- "SSL2_CK_DES", ++ 109, ++ "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + 0 }, + { +- 524416, +- "SSL2_CK_RC464", ++ 132, ++ "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + 0 }, + { +- 458944, +- "SSL2_CK_3DES", ++ 133, ++ "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + 0 }, + { +- 74, +- "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", ++ 134, ++ "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + 0 }, + { +- 72, ++ 135, ++ "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", ++ 0 }, ++ { ++ 136, ++ "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", ++ 0 }, ++ { ++ 137, ++ "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", ++ 0 }, ++ { ++ 138, ++ "TLS_PSK_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 139, ++ "TLS_PSK_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 140, ++ "TLS_PSK_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 141, ++ "TLS_PSK_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 142, ++ "TLS_DHE_PSK_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 143, ++ "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 144, ++ "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 145, ++ "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 146, ++ "TLS_RSA_PSK_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 147, ++ "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 148, ++ "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 149, ++ "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 150, ++ "TLS_RSA_WITH_SEED_CBC_SHA", ++ 0 }, ++ { ++ 151, ++ "TLS_DH_DSS_WITH_SEED_CBC_SHA", ++ 0 }, ++ { ++ 152, ++ "TLS_DH_RSA_WITH_SEED_CBC_SHA", ++ 0 }, ++ { ++ 153, ++ "TLS_DHE_DSS_WITH_SEED_CBC_SHA", ++ 0 }, ++ { ++ 154, ++ "TLS_DHE_RSA_WITH_SEED_CBC_SHA", ++ 0 }, ++ { ++ 155, ++ "TLS_DH_anon_WITH_SEED_CBC_SHA", ++ 0 }, ++ { ++ 156, ++ "TLS_RSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 157, ++ "TLS_RSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 158, ++ "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 159, ++ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 160, ++ "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 161, ++ "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 162, ++ "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 163, ++ "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 164, ++ "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 165, ++ "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 166, ++ "TLS_DH_anon_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 167, ++ "TLS_DH_anon_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 168, ++ "TLS_PSK_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 169, ++ "TLS_PSK_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 170, ++ "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 171, ++ "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 172, ++ "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 173, ++ "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 174, ++ "TLS_PSK_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 175, ++ "TLS_PSK_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 176, ++ "TLS_PSK_WITH_NULL_SHA256", ++ 0 }, ++ { ++ 177, ++ "TLS_PSK_WITH_NULL_SHA384", ++ 0 }, ++ { ++ 178, ++ "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 179, ++ "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 180, ++ "TLS_DHE_PSK_WITH_NULL_SHA256", ++ 0 }, ++ { ++ 181, ++ "TLS_DHE_PSK_WITH_NULL_SHA384", ++ 0 }, ++ { ++ 182, ++ "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 183, ++ "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 184, ++ "TLS_RSA_PSK_WITH_NULL_SHA256", ++ 0 }, ++ { ++ 185, ++ "TLS_RSA_PSK_WITH_NULL_SHA384", ++ 0 }, ++ { ++ 186, ++ "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 187, ++ "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 188, ++ "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 189, ++ "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 190, ++ "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 191, ++ "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 192, ++ "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", ++ 0 }, ++ { ++ 193, ++ "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", ++ 0 }, ++ { ++ 194, ++ "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", ++ 0 }, ++ { ++ 195, ++ "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", ++ 0 }, ++ { ++ 196, ++ "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", ++ 0 }, ++ { ++ 197, ++ "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", ++ 0 }, ++ { ++ 255, ++ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", ++ 0 }, ++ { ++ 49153, ++ "TLS_ECDH_ECDSA_WITH_NULL_SHA", ++ 0 }, ++ { ++ 49154, + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + 0 }, + { +- 65408, +- "SSL_RSA_WITH_RC2_CBC_MD5", ++ 49155, ++ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { +- 73, +- "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA", ++ 49156, ++ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + 0 }, + { +- 65413, +- "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA", ++ 49157, ++ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + 0 }, + { +- 65412, +- "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA", ++ 49158, ++ "TLS_ECDHE_ECDSA_WITH_NULL_SHA", ++ 0 }, ++ { ++ 49159, ++ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 49160, ++ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49161, ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49162, ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49163, ++ "TLS_ECDH_RSA_WITH_NULL_SHA", ++ 0 }, ++ { ++ 49164, ++ "TLS_ECDH_RSA_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 49165, ++ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49166, ++ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49167, ++ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49168, ++ "TLS_ECDHE_RSA_WITH_NULL_SHA", ++ 0 }, ++ { ++ 49169, ++ "TLS_ECDHE_RSA_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 49170, ++ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49171, ++ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49172, ++ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49173, ++ "TLS_ECDH_anon_WITH_NULL_SHA", ++ 0 }, ++ { ++ 49174, ++ "TLS_ECDH_anon_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 49175, ++ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49176, ++ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49177, ++ "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49178, ++ "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49179, ++ "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49180, ++ "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49181, ++ "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49182, ++ "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49183, ++ "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49184, ++ "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49185, ++ "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49186, ++ "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49187, ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 49188, ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 49189, ++ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 49190, ++ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 49191, ++ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 49192, ++ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 49193, ++ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 49194, ++ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 49195, ++ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 49196, ++ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 49197, ++ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 49198, ++ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 49199, ++ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 49200, ++ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 49201, ++ "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", ++ 0 }, ++ { ++ 49202, ++ "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", ++ 0 }, ++ { ++ 49203, ++ "TLS_ECDHE_PSK_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 49204, ++ "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 49205, ++ "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 49206, ++ "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 49207, ++ "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", ++ 0 }, ++ { ++ 49208, ++ "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", ++ 0 }, ++ { ++ 49209, ++ "TLS_ECDHE_PSK_WITH_NULL_SHA", ++ 0 }, ++ { ++ 49210, ++ "TLS_ECDHE_PSK_WITH_NULL_SHA256", ++ 0 }, ++ { ++ 49211, ++ "TLS_ECDHE_PSK_WITH_NULL_SHA384", ++ 0 }, ++ { ++ 49212, ++ "TLS_RSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49213, ++ "TLS_RSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49214, ++ "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49215, ++ "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49216, ++ "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49217, ++ "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49218, ++ "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49219, ++ "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49220, ++ "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49221, ++ "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49222, ++ "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49223, ++ "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49224, ++ "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49225, ++ "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49226, ++ "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49227, ++ "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49228, ++ "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49229, ++ "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49230, ++ "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49231, ++ "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49232, ++ "TLS_RSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49233, ++ "TLS_RSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49234, ++ "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49235, ++ "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49236, ++ "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49237, ++ "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49238, ++ "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49239, ++ "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49240, ++ "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49241, ++ "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49242, ++ "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49243, ++ "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49244, ++ "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49245, ++ "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49246, ++ "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49247, ++ "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49248, ++ "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49249, ++ "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49250, ++ "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49251, ++ "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49252, ++ "TLS_PSK_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49253, ++ "TLS_PSK_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49254, ++ "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49255, ++ "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49256, ++ "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49257, ++ "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49258, ++ "TLS_PSK_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49259, ++ "TLS_PSK_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49260, ++ "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49261, ++ "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49262, ++ "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49263, ++ "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49264, ++ "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49265, ++ "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49266, ++ "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49267, ++ "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49268, ++ "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49269, ++ "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49270, ++ "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49271, ++ "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49272, ++ "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49273, ++ "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49274, ++ "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49275, ++ "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49276, ++ "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49277, ++ "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49278, ++ "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49279, ++ "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49280, ++ "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49281, ++ "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49282, ++ "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49283, ++ "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49284, ++ "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49285, ++ "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49286, ++ "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49287, ++ "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49288, ++ "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49289, ++ "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49290, ++ "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49291, ++ "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49292, ++ "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49293, ++ "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49294, ++ "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49295, ++ "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49296, ++ "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49297, ++ "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49298, ++ "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", ++ 0 }, ++ { ++ 49299, ++ "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", ++ 0 }, ++ { ++ 49300, ++ "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49301, ++ "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49302, ++ "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49303, ++ "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49304, ++ "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49305, ++ "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49306, ++ "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", ++ 0 }, ++ { ++ 49307, ++ "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", ++ 0 }, ++ { ++ 49308, ++ "TLS_RSA_WITH_AES_128_CCM", ++ 0 }, ++ { ++ 49309, ++ "TLS_RSA_WITH_AES_256_CCM", ++ 0 }, ++ { ++ 49310, ++ "TLS_DHE_RSA_WITH_AES_128_CCM", ++ 0 }, ++ { ++ 49311, ++ "TLS_DHE_RSA_WITH_AES_256_CCM", ++ 0 }, ++ { ++ 49312, ++ "TLS_RSA_WITH_AES_128_CCM_8", ++ 0 }, ++ { ++ 49313, ++ "TLS_RSA_WITH_AES_256_CCM_8", ++ 0 }, ++ { ++ 49314, ++ "TLS_DHE_RSA_WITH_AES_128_CCM_8", ++ 0 }, ++ { ++ 49315, ++ "TLS_DHE_RSA_WITH_AES_256_CCM_8", ++ 0 }, ++ { ++ 49316, ++ "TLS_PSK_WITH_AES_128_CCM", ++ 0 }, ++ { ++ 49317, ++ "TLS_PSK_WITH_AES_256_CCM", ++ 0 }, ++ { ++ 49318, ++ "TLS_DHE_PSK_WITH_AES_128_CCM", ++ 0 }, ++ { ++ 49319, ++ "TLS_DHE_PSK_WITH_AES_256_CCM", ++ 0 }, ++ { ++ 49320, ++ "TLS_PSK_WITH_AES_128_CCM_8", ++ 0 }, ++ { ++ 49321, ++ "TLS_PSK_WITH_AES_256_CCM_8", ++ 0 }, ++ { ++ 49322, ++ "TLS_PSK_DHE_WITH_AES_128_CCM_8", ++ 0 }, ++ { ++ 49323, ++ "TLS_PSK_DHE_WITH_AES_256_CCM_8", ++ 0 }, ++ { ++ 49324, ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", ++ 0 }, ++ { ++ 49325, ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", ++ 0 }, ++ { ++ 49326, ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", ++ 0 }, ++ { ++ 49327, ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", ++ 0 }, ++ // DRAFT-IETF-TLS-ECC ++ { ++ 71, ++ "TLS_ECDH_ECDSA_WITH_NULL_SHA", ++ 0 }, ++ { ++ 72, ++ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 73, ++ "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 74, ++ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 75, ++ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 76, ++ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 75, ++ "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA", ++ 0 }, ++ { ++ 76, ++ "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA", ++ 0 }, ++ { ++ 77, ++ "TLS_ECDH_RSA_WITH_NULL_SHA", ++ 0 }, ++ { ++ 78, ++ "TLS_ECDH_RSA_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 79, ++ "TLS_ECDH_RSA_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 80, ++ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 81, ++ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", ++ 0 }, ++ { ++ 82, ++ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", ++ 0 }, ++ { ++ 83, ++ "TLS_ECDH_RSA_EXPORT_WITH_RC4_40_SHA", ++ 0 }, ++ { ++ 84, ++ "TLS_ECDH_RSA_EXPORT_WITH_RC4_56_SHA", ++ 0 }, ++ { ++ 85, ++ "TLS_ECDH_anon_NULL_WITH_SHA", ++ 0 }, ++ { ++ 86, ++ "TLS_ECDH_anon_WITH_RC4_128_SHA", ++ 0 }, ++ { ++ 87, ++ "TLS_ECDH_anon_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 88, ++ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ { ++ 89, ++ "TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA", ++ 0 }, ++ { ++ 90, ++ "TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA", ++ 0 }, ++ // DRAFT-IETF-TLS-56-BIT-CIPHERSUITES ++ { ++ 96, ++ "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", ++ 0 }, ++ { ++ 97, ++ "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", ++ 0 }, ++ { ++ 98, ++ "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 99, ++ "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 100, ++ "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", ++ 0 }, ++ { ++ 101, ++ "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", ++ 0 }, ++ { ++ 102, ++ "TLS_DHE_DSS_WITH_RC4_128_SHA", ++ 0 }, ++ // FIPS SSL (Netscape) ++ { ++ 65278, ++ "SSL_RSA_FIPS_WITH_DES_CBC_SHA", ++ 0 }, ++ { ++ 65279, ++ "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", ++ 0 }, ++ // SSL 2.0 ++ { ++ 65664, ++ "SSL2_RC4_128_WITH_MD5", ++ 0 }, ++ { ++ 131200, ++ "SSL2_RC4_128_EXPORT40_WITH_MD5", ++ 0 }, ++ { ++ 196736, ++ "SSL2_RC2_CBC_128_CBC_WITH_MD5", ++ 0 }, ++ { ++ 262272, ++ "SSL2_RC2_128_CBC_EXPORT40_WITH_MD5", ++ 0 }, ++ { ++ 327808, ++ "SSL2_IDEA_128_CBC_WITH_MD5", ++ 0 }, ++ { ++ 393280, ++ "SSL2_DES_64_CBC_WITH_MD5", ++ 0 }, ++ { ++ 393536, ++ "SSL2_DES_64_CBC_WITH_SHA", ++ 0 }, ++ { ++ 458944, ++ "SSL2_DES_192_EDE3_CBC_WITH_MD5", ++ 0 }, ++ { ++ 459200, ++ "SSL2_DES_192_EDE3_CBC_WITH_SHA", ++ 0 }, ++ { ++ 524416, ++ "SSL2_RC4_64_WITH_MD5", + 0 }, + {-1} + }; diff --git a/testing/ssldump/0100-ciphersuites.patch b/testing/ssldump/0100-ciphersuites.patch new file mode 100644 index 0000000000..e5c5434bc4 --- /dev/null +++ b/testing/ssldump/0100-ciphersuites.patch @@ -0,0 +1,161 @@ +Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3 which adds +a lot of missing cipher suites to support much more application data decoding. + +--- ssldump-0.9b3/ssl/ciphersuites.c 2014-05-04 02:02:58.000000000 +0200 ++++ ssldump-0.9b3/ssl/ciphersuites.c.rsc 2014-05-04 18:33:11.000000000 +0200 +@@ -74,10 +74,11 @@ + {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5,16,1}, +- {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5,16,0}, ++ {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5,16,0}, + {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, + {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, + {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, ++ // Missing: 44-46 + {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, +@@ -90,13 +91,141 @@ + {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {59,KEX_RSA,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA256,32,0}, ++ {60,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256,32,0}, ++ {62,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {63,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {64,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {65,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0}, ++ {66,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0}, ++ {67,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0}, ++ {68,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0}, ++ {69,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0}, ++ {70,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0}, + {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, + {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, + {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1}, + {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, +- {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, ++ {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, ++ {103,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {104,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256,32,0}, ++ {105,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256,32,0}, ++ {106,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256,32,0}, ++ {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256,32,0}, ++ {108,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {109,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA256,32,0}, ++ {132,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0}, ++ {133,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0}, ++ {134,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0}, ++ {135,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0}, ++ {136,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0}, ++ {137,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0}, ++ // Missing: 138-149 ++ {150,KEX_RSA,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0}, ++ {151,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA,20,0}, ++ {152,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0}, ++ {153,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA,20,0}, ++ {154,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0}, ++ {155,KEX_DH,SIG_NONE,ENC_SEED,16,128,128,DIG_SHA,20,0}, ++ {156,KEX_RSA,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {157,KEX_RSA,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {158,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {159,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {160,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {161,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {162,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {163,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {164,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {165,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {166,KEX_DH,SIG_NONE,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {167,KEX_DH,SIG_NONE,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ // Missing: 168-185 ++ {186,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {187,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {188,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {189,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {190,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {191,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {192,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, ++ {193,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, ++ {194,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, ++ {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, ++ {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, ++ {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0}, ++ {49153,KEX_DH,SIG_DSS,ENC_NULL,0,0,0,DIG_SHA,20,0}, ++ {49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, ++ {49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, ++ {49156,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {49157,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {49158,KEX_DH,SIG_DSS,ENC_NULL,0,0,0,DIG_SHA,20,0}, ++ {49159,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, ++ {49160,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, ++ {49161,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {49162,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {49163,KEX_DH,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA,20,0}, ++ {49164,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0}, ++ {49165,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, ++ {49166,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {49168,KEX_DH,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA,20,0}, ++ {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0}, ++ {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, ++ {49171,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {49173,KEX_DH,SIG_NONE,ENC_NULL,0,0,0,DIG_SHA,20,0}, ++ {49174,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA,20,0}, ++ {49175,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA,20,0}, ++ {49176,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0}, ++ {49177,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0}, ++ {49187,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {49188,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0}, ++ {49189,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {49190,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0}, ++ {49191,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {49192,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0}, ++ {49193,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0}, ++ {49194,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0}, ++ {49195,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {49196,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {49197,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {49198,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {49199,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {49200,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ {49201,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0}, ++ {49202,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0}, ++ // Missing: 49203-49211 ++ {49266,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {49267,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0}, ++ {49268,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {49269,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0}, ++ {49270,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {49271,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0}, ++ {49272,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0}, ++ {49273,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0}, ++ {49274,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49275,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49276,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49277,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49278,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49279,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49280,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49281,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49282,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49283,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49284,KEX_DH,SIG_NONE,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49285,KEX_DH,SIG_NONE,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49286,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49287,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49288,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49289,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49290,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49291,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ {49292,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0}, ++ {49293,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0}, ++ // Missing: 49294-49307 + {-1} + }; + diff --git a/testing/ssldump/APKBUILD b/testing/ssldump/APKBUILD new file mode 100644 index 0000000000..0e4c3a3b2b --- /dev/null +++ b/testing/ssldump/APKBUILD @@ -0,0 +1,66 @@ +# Contributor: Jakub Jirutka <jakub@jirutka.cz> +# Maintainer: +pkgname="ssldump" +pkgver="0.9b3" +pkgrel=0 +pkgdesc="An SSLv3/TLS network protocol analyzer" +url="http://ssldump.sourceforge.net/" +arch="all" +license="BSD-4-Clause" +makedepends="autoconf libpcap-dev openssl-dev" +subpackages="$pkgname-doc" +source="https://downloads.sourceforge.net/ssldump/ssldump-$pkgver.tar.gz" +# Patches from Fedora +source="$source + 0010-openssl.patch + 0020-libpcap.patch + 0030-aes.patch + 0040-cvs-20060619.patch + 0050-table-stops.patch + 0060-link_layer.patch + 0070-pcap-vlan.patch + 0080-tlsv12.patch + 0090-ssl-enums.patch + 0100-ciphersuites.patch + " +builddir="$srcdir/ssldump-$pkgver" +options="!check" # no tests provided + +prepare() { + update_config_guess + update_config_sub + default_prepare + + # Rebuilding of configure file is needed for 0020-libpcap.patch + autoconf --force +} + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var + make +} + +package() { + make install BINDIR="$pkgdir/usr/sbin" MANDIR="$pkgdir/usr/share/man" + install -D -m 644 COPYRIGHT "$pkgdir"/usr/share/licenses/COPYRIGHT + + chmod 644 "$pkgdir"/usr/share/man/man1/*.1* +} + +sha512sums="ea81558a243950ab43354c9f33c0a4feae0ae859bc2bd6e6b58838a01f4a1e7a6447f2a9ab1fa40bbe8dbd6c3630c489c17fc9c066cacfddfb64269b0cd5090a ssldump-0.9b3.tar.gz +3d06916b841612d158a5f7c87e7c68a9046ce5842ac11610ec6bf3c83619feecdd66293c66037f2e271496c8439896a4531c0de8ed866a898e310a1fd1de5aca 0010-openssl.patch +12fff42b22baadfde4a0faf12c2336d47811cd36873034cfd81b269f0578c2be4226657b6da6dc5ebcf7b11070f48d357ba1580b47d62619fce3980ea2629bae 0020-libpcap.patch +17a2f401b3ebb171628745041609f96ce82d1b4993d053443a3315b562ea2f8112184dbec0373ae11888c8f0d3c8a7728f3a6ca0a3de5375efd44aabe599ad02 0030-aes.patch +4b9bfa0d10efa322f634c1326b210a7220c23c12c2cb2de9e00383f0d83fa558f578a16d428f035d179f3f692510756fd382efad69c877b9fe2bfacb4c7406e3 0040-cvs-20060619.patch +3bfff13a5d4fdd0684512692309a2ff70eb63d472c4982e7e191073091a419b289b70fbf9604a794dd9b30cf60601b5b7403e2f9decb109f752471114388a4dd 0050-table-stops.patch +912f47fbd686d4f4d68015e57dc92eba284e12dc146184f8cc4165e8e9a795f530d1e572dfb1a2292a3dee0c8f84f29f400375ab99e9215fec921d0464ef8e2d 0060-link_layer.patch +94592125add14409be20981516a8f81765b61fb932dc6004bee7d91e0828b40117ce1f378c4ae7e65725bd645ff827648cf652a7ce8090e49afac0ef5284901e 0070-pcap-vlan.patch +7e68d8ca844348b2440b795372f40af614f99e6e14baa7552de1f8eb1fa72d38771be1b904ee13f1141cf14cb8968f9fcd192c2a2b63885152225090ef20e3e6 0080-tlsv12.patch +8e4e0e19a4ea45e8f98f8e918ddf0cde8a5d0a5fa89558bcfcbb14153e0babee7ff9edaebd6653a5fd6fb95624f47d62b85f2115d7bc25f4f4b6e35844e0f4a3 0090-ssl-enums.patch +86c9ccd83fce92ff72eadd6e9a8e6a2442437e6778d735fae58ca359f390812d1102044058701189608251006de07478024dd389fe7bd9d3834e33039eaf2277 0100-ciphersuites.patch" |