diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-06-12 22:39:13 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-06-12 22:39:13 +0000 |
| commit | 617843988cc7dc6ed51c4ac409abe26f5ead5ccf (patch) | |
| tree | 12bc840334fec69dcaf2de89df8d1f48787b7e8e /src/common/ciphers.inc | |
| parent | 555450ba735e5ea108226e332bf530acfefffdca (diff) | |
| download | tor-617843988cc7dc6ed51c4ac409abe26f5ead5ccf.tar.gz tor-617843988cc7dc6ed51c4ac409abe26f5ead5ccf.zip | |
r16215@tombo: nickm | 2008-06-12 18:39:03 -0400
Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented.
svn:r15173
Diffstat (limited to 'src/common/ciphers.inc')
| -rw-r--r-- | src/common/ciphers.inc | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/src/common/ciphers.inc b/src/common/ciphers.inc new file mode 100644 index 0000000000..37147e4bfe --- /dev/null +++ b/src/common/ciphers.inc @@ -0,0 +1,143 @@ +/* This is an include file used to define the list of ciphers clients should + * advertise. Before including it, you should define the CIPHER and XCPIHER + * macros. */ +#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) +#else + XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA + CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) +#else + XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) +#endif +#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA + CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) +#else + XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) +#endif +#ifdef TLS1_TXT_DHE_DSS_WITH_AES_256_SHA + CIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) +#else + XCIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) +#endif +#ifdef TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA + CIPHER(0xc00f, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA) +#else + XCIPHER(0xc00f, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA) +#endif +#ifdef TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA + CIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA) +#else + XCIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA) +#endif +#ifdef TLS1_TXT_RSA_WITH_AES_256_SHA + CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) +#else + XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA + CIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) +#else + XCIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) +#else + XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA + CIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) +#else + XCIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA + CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) +#else + XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) +#endif +#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA + CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) +#else + XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) +#endif +#ifdef TLS1_TXT_DHE_DSS_WITH_AES_128_SHA + CIPHER(0x0032, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA) +#else + XCIPHER(0x0032, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA) +#endif +#ifdef TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA + CIPHER(0xc00c, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA) +#else + XCIPHER(0xc00c, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA) +#endif +#ifdef TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA + CIPHER(0xc00e, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA) +#else + XCIPHER(0xc00e, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA) +#endif +#ifdef TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA + CIPHER(0xc002, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA) +#else + XCIPHER(0xc002, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA) +#endif +#ifdef TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA + CIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA) +#else + XCIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA) +#endif +#ifdef SSL3_TXT_RSA_RC4_128_MD5 + CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) +#else + XCIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) +#endif +#ifdef SSL3_TXT_RSA_RC4_128_SHA + CIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) +#else + XCIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) +#endif +#ifdef TLS1_TXT_RSA_WITH_AES_128_SHA + CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) +#else + XCIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA + CIPHER(0xc008, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA) +#else + XCIPHER(0xc008, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA) +#endif +#ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA + CIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) +#else + XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) +#endif +#ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA + CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) +#else + XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) +#endif +#ifdef SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA + CIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) +#else + XCIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) +#endif +#ifdef TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA + CIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) +#else + XCIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) +#endif +#ifdef TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA + CIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA) +#else + XCIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA) +#endif +#ifdef SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA + CIPHER(0xfeff, SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA) +#else + XCIPHER(0xfeff, SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA) +#endif +#ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA + CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) +#else + XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) +#endif |