Home Explore Help
Sign In
erkanisik
/
main
mirror of https://github.com/pisilinux/main.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Tree: 53ae218f7b
Branches Tags
main
/
server
/
openldap
/
files
/
fedora
/
openldap-nss-update-list-of-ciphers.patch

openldap-nss-update-list-of-ciphers.patch 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194 
  1. MozNSS: update list of supported cipher suites
    2. 

  2. 

  3. The updated list includes all ciphers implemented in Mozilla NSS 3.13.15
    4. 

  4. 

  5. Author: Jan Vcelak <jvcelak@redhat.com>
    6. 

  6. Upstream ITS: #7374
    7. 

  7. 

  8. diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
    9. 

  9. index 1422ce2..5e49fc5 100644
    10. 

  10. --- a/libraries/libldap/tls_m.c
    11. 

  11. +++ b/libraries/libldap/tls_m.c
    12. 

  12. @@ -211,27 +211,34 @@ typedef struct {
    13. 

  13.  	int num;            /* The cipher id */
    14. 

  14.  	int attr;           /* cipher attributes: algorithms, etc */
    15. 

  15.  	int version;        /* protocol version valid for this cipher */
    16. 

  16. -	int bits;           /* bits of strength */
    17. 

  17. -	int alg_bits;       /* bits of the algorithm */
    18. 

  18.  	int strength;       /* LOW, MEDIUM, HIGH */
    19. 

  19.  	int enabled;        /* Enabled by default? */
    20. 

  20.  } cipher_properties;
    21. 

  21.  
    22. 

  22.  /* cipher attributes  */
    23. 

  23. -#define SSL_kRSA  0x00000001L
    24. 

  24. -#define SSL_aRSA  0x00000002L
    25. 

  25. -#define SSL_aDSS  0x00000004L
    26. 

  26. -#define SSL_DSS   SSL_aDSS
    27. 

  27. -#define SSL_eNULL 0x00000008L
    28. 

  28. -#define SSL_DES   0x00000010L
    29. 

  29. -#define SSL_3DES  0x00000020L
    30. 

  30. -#define SSL_RC4   0x00000040L
    31. 

  31. -#define SSL_RC2   0x00000080L
    32. 

  32. -#define SSL_AES   0x00000100L
    33. 

  33. -#define SSL_MD5   0x00000200L
    34. 

  34. -#define SSL_SHA1  0x00000400L
    35. 

  35. -#define SSL_SHA   SSL_SHA1
    36. 

  36. -#define SSL_RSA   (SSL_kRSA|SSL_aRSA)
    37. 

  37. +#define SSL_kRSA        0x00000001L
    38. 

  38. +#define SSL_aRSA        0x00000002L
    39. 

  39. +#define SSL_RSA         (SSL_kRSA|SSL_aRSA)
    40. 

  40. +#define SSL_aDSA        0x00000004L
    41. 

  41. +#define SSL_DSA         SSL_aDSA
    42. 

  42. +#define SSL_eNULL       0x00000008L
    43. 

  43. +#define SSL_DES         0x00000010L
    44. 

  44. +#define SSL_3DES        0x00000020L
    45. 

  45. +#define SSL_RC4         0x00000040L
    46. 

  46. +#define SSL_RC2         0x00000080L
    47. 

  47. +#define SSL_AES128      0x00000100L
    48. 

  48. +#define SSL_AES256      0x00000200L
    49. 

  49. +#define SSL_AES         (SSL_AES128|SSL_AES256)
    50. 

  50. +#define SSL_MD5         0x00000400L
    51. 

  51. +#define SSL_SHA1        0x00000800L
    52. 

  52. +#define SSL_kEDH        0x00001000L
    53. 

  53. +#define SSL_CAMELLIA128 0x00002000L
    54. 

  54. +#define SSL_CAMELLIA256 0x00004000L
    55. 

  55. +#define SSL_CAMELLIA    (SSL_CAMELLIA128|SSL_CAMELLIA256)
    56. 

  56. +#define SSL_SEED        0x00008000L
    57. 

  57. +#define SSL_kECDH       0x00010000L
    58. 

  58. +#define SSL_kECDHE      0x00020000L
    59. 

  59. +#define SSL_aECDSA      0x00040000L
    60. 

  60.  
    61. 

  61.  /* cipher strength */
    62. 

  62.  #define SSL_NULL      0x00000001L
    63. 

  63. @@ -248,29 +255,70 @@ typedef struct {
    64. 

  64.  
    65. 

  65.  /* Cipher translation */
    66. 

  66.  static cipher_properties ciphers_def[] = {
    67. 

  67. -	/* SSL 2 ciphers */
    68. 

  68. -	{"DES-CBC3-MD5", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5, SSL2, 168, 168, SSL_HIGH, SSL_ALLOWED},
    69. 

  69. -	{"RC2-CBC-MD5", SSL_EN_RC2_128_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
    70. 

  70. -	{"RC4-MD5", SSL_EN_RC4_128_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
    71. 

  71. -	{"DES-CBC-MD5", SSL_EN_DES_64_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5, SSL2, 56, 56, SSL_LOW, SSL_ALLOWED},
    72. 

  72. -	{"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
    73. 

  73. -	{"EXP-RC4-MD5", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
    74. 

  74. -
    75. 

  75. -	/* SSL3 ciphers */
    76. 

  76. -	{"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
    77. 

  77. -	{"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
    78. 

  78. -	{"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSL3, 168, 168, SSL_HIGH, SSL_ALLOWED},
    79. 

  79. -	{"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSL3, 56, 56, SSL_LOW, SSL_ALLOWED},
    80. 

  80. -	{"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
    81. 

  81. -	{"EXP-RC2-CBC-MD5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL3, 0, 0, SSL_EXPORT40, SSL_ALLOWED},
    82. 

  82. -	{"NULL-MD5", SSL_RSA_WITH_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
    83. 

  83. -	{"NULL-SHA", SSL_RSA_WITH_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_SHA1, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
    84. 

  84. +
    85. 

  85. +	/*
    86. 

  86. +	 * Use the same DEFAULT cipher list as OpenSSL, which is defined as: ALL:!aNULL:!eNULL:!SSLv2
    87. 

  87. +	 */
    88. 

  88. +
    89. 

  89. +	/* SSLv2 ciphers */
    90. 

  90. +	{"DES-CBC-MD5",     SSL_EN_DES_64_CBC_WITH_MD5,           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5,  SSL2, SSL_LOW,      SSL_NOT_ALLOWED},
    91. 

  91. +	{"DES-CBC3-MD5",    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5, SSL2, SSL_HIGH,     SSL_NOT_ALLOWED},
    92. 

  92. +	{"RC2-CBC-MD5",     SSL_EN_RC2_128_CBC_WITH_MD5,          SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5,  SSL2, SSL_MEDIUM,   SSL_NOT_ALLOWED},
    93. 

  93. +	{"RC4-MD5",         SSL_EN_RC4_128_WITH_MD5,              SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,  SSL2, SSL_MEDIUM,   SSL_NOT_ALLOWED},
    94. 

  94. +	{"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5,  SSL2, SSL_EXPORT40, SSL_NOT_ALLOWED},
    95. 

  95. +	{"EXP-RC4-MD5",     SSL_EN_RC4_128_EXPORT40_WITH_MD5,     SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,  SSL2, SSL_EXPORT40, SSL_NOT_ALLOWED},
    96. 

  96. +
    97. 

  97. +	/* SSLv3 ciphers */
    98. 

  98. +	{"NULL-MD5",             SSL_RSA_WITH_NULL_MD5,              SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5,  SSL3, SSL_NULL,     SSL_NOT_ALLOWED},
    99. 

  99. +	{"NULL-SHA",             SSL_RSA_WITH_NULL_SHA,              SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_SHA1, SSL3, SSL_NULL,     SSL_NOT_ALLOWED},
    100. 

  100. +	{"DES-CBC-SHA",          SSL_RSA_WITH_DES_CBC_SHA,           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1,   SSL3, SSL_LOW,      SSL_ALLOWED},
    101. 

  101. +	{"DES-CBC3-SHA",         SSL_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1,  SSL3, SSL_HIGH,     SSL_ALLOWED},
    102. 

  102. +	{"RC4-MD5",              SSL_RSA_WITH_RC4_128_MD5,           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,    SSL3, SSL_MEDIUM,   SSL_ALLOWED},
    103. 

  103. +	{"RC4-SHA",              SSL_RSA_WITH_RC4_128_SHA,           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1,   SSL3, SSL_MEDIUM,   SSL_ALLOWED},
    104. 

  104. +	{"EXP-RC2-CBC-MD5",      SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5,    SSL3, SSL_EXPORT40, SSL_ALLOWED},
    105. 

  105. +	{"EXP-RC4-MD5",          SSL_RSA_EXPORT_WITH_RC4_40_MD5,     SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,    SSL3, SSL_EXPORT40, SSL_ALLOWED},
    106. 

  106. +	{"EDH-RSA-DES-CBC-SHA",  SSL_DHE_RSA_WITH_DES_CBC_SHA,       SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1,   SSL3, SSL_LOW,      SSL_ALLOWED},
    107. 

  107. +	{"EDH-RSA-DES-CBC3-SHA", SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,  SSL_kEDH|SSL_aRSA|SSL_3DES|SSL_SHA1,  SSL3, SSL_HIGH,     SSL_ALLOWED},
    108. 

  108. +	{"EDH-DSS-DES-CBC-SHA",  SSL_DHE_DSS_WITH_DES_CBC_SHA,       SSL_kEDH|SSL_aDSA|SSL_DES|SSL_SHA1,   SSL3, SSL_LOW,      SSL_ALLOWED},
    109. 

  109. +	{"EDH-DSS-DES-CBC3-SHA", SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,  SSL_kEDH|SSL_aDSA|SSL_3DES|SSL_SHA1,  SSL3, SSL_HIGH,     SSL_ALLOWED},
    110. 

  110.  
    111. 

  111.  	/* TLSv1 ciphers */
    112. 

  112. -	{"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
    113. 

  113. -	{"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
    114. 

  114. -	{"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 128, 128, SSL_HIGH, SSL_ALLOWED},
    115. 

  115. -	{"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 256, 256, SSL_HIGH, SSL_ALLOWED},
    116. 

  116. +	{"EXP1024-DES-CBC-SHA",      TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,   SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1,         TLS1, SSL_EXPORT56, SSL_ALLOWED},
    117. 

  117. +	{"EXP1024-RC4-SHA",          TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1,         TLS1, SSL_EXPORT56, SSL_ALLOWED},
    118. 

  118. +	{"SEED-SHA",                 TLS_RSA_WITH_SEED_CBC_SHA,             SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1,        TLS1, SSL_MEDIUM,   SSL_ALLOWED},
    119. 

  119. +	{"AES128-SHA",               TLS_RSA_WITH_AES_128_CBC_SHA,          SSL_kRSA|SSL_aRSA|SSL_AES128|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    120. 

  120. +	{"AES256-SHA",               TLS_RSA_WITH_AES_256_CBC_SHA,          SSL_kRSA|SSL_aRSA|SSL_AES256|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    121. 

  121. +	{"CAMELLIA256-SHA",          TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,     SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
    122. 

  122. +	{"CAMELLIA128-SHA",          TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,     SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
    123. 

  123. +	{"DHE-RSA-AES128-SHA",       TLS_DHE_RSA_WITH_AES_128_CBC_SHA,      SSL_kEDH|SSL_aRSA|SSL_AES128|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    124. 

  124. +	{"DHE-RSA-AES256-SHA",       TLS_DHE_RSA_WITH_AES_256_CBC_SHA,      SSL_kEDH|SSL_aRSA|SSL_AES256|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    125. 

  125. +	{"DHE-RSA-CAMELLIA128-SHA",  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_CAMELLIA128|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
    126. 

  126. +	{"DHE-RSA-CAMELLIA256-SHA",  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_CAMELLIA256|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
    127. 

  127. +	{"DHE-DSS-RC4-SHA",          TLS_DHE_DSS_WITH_RC4_128_SHA,          SSL_kEDH|SSL_aDSA|SSL_RC4|SSL_SHA1,         TLS1, SSL_MEDIUM,   SSL_ALLOWED},
    128. 

  128. +	{"DHE-DSS-AES128-SHA",       TLS_DHE_DSS_WITH_AES_128_CBC_SHA,      SSL_kEDH|SSL_aDSA|SSL_AES128|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    129. 

  129. +	{"DHE-DSS-AES256-SHA",       TLS_DHE_DSS_WITH_AES_256_CBC_SHA,      SSL_kEDH|SSL_aDSA|SSL_AES256|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    130. 

  130. +	{"DHE-DSS-CAMELLIA128-SHA",  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aDSA|SSL_CAMELLIA128|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
    131. 

  131. +	{"DHE-DSS-CAMELLIA256-SHA",  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aDSA|SSL_CAMELLIA256|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
    132. 

  132. +	{"ECDH-RSA-NULL-SHA",        TLS_ECDH_RSA_WITH_NULL_SHA,            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA1,      TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
    133. 

  133. +	{"ECDH-RSA-RC4-SHA",         TLS_ECDH_RSA_WITH_RC4_128_SHA,         SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA1,        TLS1, SSL_MEDIUM,   SSL_ALLOWED},
    134. 

  134. +	{"ECDH-RSA-DES-CBC3-SHA",    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,    SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA1,       TLS1, SSL_HIGH,     SSL_ALLOWED},
    135. 

  135. +	{"ECDH-RSA-AES128-SHA",      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,     SSL_kECDH|SSL_aRSA|SSL_AES128|SSL_SHA1,     TLS1, SSL_HIGH,     SSL_ALLOWED},
    136. 

  136. +	{"ECDH-RSA-AES256-SHA",      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,     SSL_kECDH|SSL_aRSA|SSL_AES256|SSL_SHA1,     TLS1, SSL_HIGH,     SSL_ALLOWED},
    137. 

  137. +	{"ECDH-ECDSA-NULL-SHA",      TLS_ECDH_ECDSA_WITH_NULL_SHA,          SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA1,    TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
    138. 

  138. +	{"ECDH-ECDSA-RC4-SHA",       TLS_ECDH_ECDSA_WITH_RC4_128_SHA,       SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA1,      TLS1, SSL_MEDIUM,   SSL_ALLOWED},
    139. 

  139. +	{"ECDH-ECDSA-DES-CBC3-SHA",  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,  SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA1,     TLS1, SSL_HIGH,     SSL_ALLOWED},
    140. 

  140. +	{"ECDH-ECDSA-AES128-SHA",    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,   SSL_kECDH|SSL_aECDSA|SSL_AES128|SSL_SHA1,   TLS1, SSL_HIGH,     SSL_ALLOWED},
    141. 

  141. +	{"ECDH-ECDSA-AES256-SHA",    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,   SSL_kECDH|SSL_aECDSA|SSL_AES256|SSL_SHA1,   TLS1, SSL_HIGH,     SSL_ALLOWED},
    142. 

  142. +	{"ECDHE-RSA-NULL-SHA",       TLS_ECDHE_RSA_WITH_NULL_SHA,           SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA1,     TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
    143. 

  143. +	{"ECDHE-RSA-RC4-SHA",        TLS_ECDHE_RSA_WITH_RC4_128_SHA,        SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA1,       TLS1, SSL_MEDIUM,   SSL_ALLOWED},
    144. 

  144. +	{"ECDHE-RSA-DES-CBC3-SHA",   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,   SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
    145. 

  145. +	{"ECDHE-RSA-AES128-SHA",     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,    SSL_kECDHE|SSL_aRSA|SSL_AES128|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
    146. 

  146. +	{"ECDHE-RSA-AES256-SHA",     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,    SSL_kECDHE|SSL_aRSA|SSL_AES256|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
    147. 

  147. +	{"ECDHE-ECDSA-NULL-SHA",     TLS_ECDHE_ECDSA_WITH_NULL_SHA,         SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA1,   TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
    148. 

  148. +	{"ECDHE-ECDSA-RC4-SHA",      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,      SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA1,     TLS1, SSL_MEDIUM,   SSL_ALLOWED},
    149. 

  149. +	{"ECDHE-ECDSA-DES-CBC3-SHA", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
    150. 

  150. +	{"ECDHE-ECDSA-AES128-SHA",   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,  SSL_kECDHE|SSL_aECDSA|SSL_AES128|SSL_SHA1,  TLS1, SSL_HIGH,     SSL_ALLOWED},
    151. 

  151. +	{"ECDHE-ECDSA-AES256-SHA",   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,  SSL_kECDHE|SSL_aECDSA|SSL_AES256|SSL_SHA1,  TLS1, SSL_HIGH,     SSL_ALLOWED},
    152. 

  152.  };
    153. 

  153.  
    154. 

  154.  #define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
    155. 

  155. @@ -577,6 +625,10 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
    156. 

  156.  					mask |= SSL_RSA;
    157. 

  157.  				} else if ((!strcmp(cipher, "NULL")) || (!strcmp(cipher, "eNULL"))) {
    158. 

  158.  					mask |= SSL_eNULL;
    159. 

  159. +				} else if (!strcmp(cipher, "AES128")) {
    160. 

  160. +					mask |= SSL_AES128;
    161. 

  161. +				} else if (!strcmp(cipher, "AES256")) {
    162. 

  162. +					mask |= SSL_AES256;
    163. 

  163.  				} else if (!strcmp(cipher, "AES")) {
    164. 

  164.  					mask |= SSL_AES;
    165. 

  165.  				} else if (!strcmp(cipher, "3DES")) {
    166. 

  166. @@ -591,6 +643,24 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
    167. 

  167.  					mask |= SSL_MD5;
    168. 

  168.  				} else if ((!strcmp(cipher, "SHA")) || (!strcmp(cipher, "SHA1"))) {
    169. 

  169.  					mask |= SSL_SHA1;
    170. 

  170. +				} else if (!strcmp(cipher, "EDH")) {
    171. 

  171. +					mask |= SSL_kEDH;
    172. 

  172. +				} else if (!strcmp(cipher, "DSS")) {
    173. 

  173. +					mask |= SSL_aDSA;
    174. 

  174. +				} else if (!strcmp(cipher, "CAMELLIA128")) {
    175. 

  175. +					mask |= SSL_CAMELLIA128;
    176. 

  176. +				} else if (!strcmp(cipher, "CAMELLIA256")) {
    177. 

  177. +					mask |= SSL_CAMELLIA256;
    178. 

  178. +				} else if (!strcmp(cipher, "CAMELLIA")) {
    179. 

  179. +					mask |= SSL_CAMELLIA;
    180. 

  180. +				} else if (!strcmp(cipher, "SEED")) {
    181. 

  181. +					mask |= SSL_SEED;
    182. 

  182. +				} else if (!strcmp(cipher, "ECDH")) {
    183. 

  183. +					mask |= SSL_kECDH;
    184. 

  184. +				} else if (!strcmp(cipher, "ECDHE")) {
    185. 

  185. +					mask |= SSL_kECDHE;
    186. 

  186. +				} else if (!strcmp(cipher, "ECDSA")) {
    187. 

  187. +					mask |= SSL_aECDSA;
    188. 

  188.  				} else if (!strcmp(cipher, "SSLv2")) {
    189. 

  189.  					protocol |= SSL2;
    190. 

  190.  				} else if (!strcmp(cipher, "SSLv3")) {
    191. 

  191. -- 
    192. 

  192. 1.7.11.4
    193. 

  193. 

  194.