- Moved ciphersuite naming scheme to IANA reserved names

include/polarssl/config.h

@@ -137,9 +137,9 @@
  *
  * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
  * the following ciphersuites:
- *      SSL_RSA_NULL_MD5
- *      SSL_RSA_NULL_SHA
- *      SSL_RSA_NULL_SHA256
+ *      TLS_RSA_WITH_NULL_MD5
+ *      TLS_RSA_WITH_NULL_SHA
+ *      TLS_RSA_WITH_NULL_SHA256
  *
  * Uncomment this macro to enable the NULL cipher and ciphersuites
 #define POLARSSL_CIPHER_NULL_CIPHER
@@ -148,13 +148,13 @@
 /**
  * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
  *
- * Enable weak ciphersuites in SSL / TLS (like RC4_40)
+ * Enable weak ciphersuites in SSL / TLS
  * Warning: Only do so when you know what you are doing. This allows for
  * channels without virtually no security at all!
  *
  * This enables the following ciphersuites:
- *      SSL_RSA_DES_SHA
- *      SSL_EDH_RSA_DES_SHA
+ *      TLS_RSA_WITH_DES_CBC_SHA
+ *      TLS_DHE_RSA_WITH_DES_CBC_SHA
  *
  * Uncomment this macro to enable weak ciphersuites
 #define POLARSSL_ENABLE_WEAK_CIPHERSUITES
@@ -282,10 +282,18 @@
  *          library/pem.c
  *          library/ctr_drbg.c
  *
- * This module enables the following ciphersuites:
- *      SSL_RSA_AES_128_SHA
- *      SSL_RSA_AES_256_SHA
- *      SSL_EDH_RSA_AES_256_SHA
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_RSA_WITH_AES_256_GCM_SHA384
  */
 #define POLARSSL_AES_C
 
@@ -298,8 +306,8 @@
  * Caller:  library/ssl_tls.c
  *
  * This module enables the following ciphersuites:
- *      SSL_RSA_RC4_128_MD5
- *      SSL_RSA_RC4_128_SHA
+ *      TLS_RSA_WITH_RC4_128_MD5
+ *      TLS_RSA_WITH_RC4_128_SHA
  */
 #define POLARSSL_ARC4_C
 
@@ -366,10 +374,16 @@
  * Module:  library/camellia.c
  * Caller:  library/ssl_tls.c
  *
- * This module enabled the following cipher suites:
- *      SSL_RSA_CAMELLIA_128_SHA
- *      SSL_RSA_CAMELLIA_256_SHA
- *      SSL_EDH_RSA_CAMELLIA_256_SHA
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
  */
 #define POLARSSL_CAMELLIA_C
 
@@ -433,9 +447,10 @@
  * Module:  library/des.c
  * Caller:  library/ssl_tls.c
  *
- * This module enables the following ciphersuites:
- *      SSL_RSA_DES_168_SHA
- *      SSL_EDH_RSA_DES_168_SHA
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  */
 #define POLARSSL_DES_C
 
@@ -448,10 +463,20 @@
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *
- * This module enables the following ciphersuites:
- *      SSL_EDH_RSA_DES_168_SHA
- *      SSL_EDH_RSA_AES_256_SHA
- *      SSL_EDH_RSA_CAMELLIA_256_SHA
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  */
 #define POLARSSL_DHM_C
 
@@ -489,6 +514,11 @@
  * Module:  library/gcm.c
  *
  * Requires: POLARSSL_AES_C
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      TLS_RSA_WITH_AES_256_GCM_SHA384
  */
 #define POLARSSL_GCM_C
 

include/polarssl/ssl.h

@@ -140,42 +140,42 @@
 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
 
 /*
- * Supported ciphersuites
+ * Supported ciphersuites (Official IANA names)
  */
-#define SSL_RSA_NULL_MD5             0x01   /**< Weak! */
-#define SSL_RSA_NULL_SHA             0x02   /**< Weak! */
-#define SSL_RSA_NULL_SHA256          0x3B   /**< Weak! */
-#define SSL_RSA_DES_SHA              0x09   /**< Weak! Not in TLS 1.2 */
-#define SSL_EDH_RSA_DES_SHA          0x15   /**< Weak! Not in TLS 1.2 */
+#define TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
+#define TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
+#define TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
+#define TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
 
-#define SSL_RSA_RC4_128_MD5          0x04
-#define SSL_RSA_RC4_128_SHA          0x05
+#define TLS_RSA_WITH_RC4_128_MD5                 0x04
+#define TLS_RSA_WITH_RC4_128_SHA                 0x05
 
-#define SSL_RSA_DES_168_SHA          0x0A
-#define SSL_EDH_RSA_DES_168_SHA      0x16
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
 
-#define SSL_RSA_AES_128_SHA          0x2F
-#define SSL_EDH_RSA_AES_128_SHA      0x33
-#define SSL_RSA_AES_256_SHA          0x35
-#define SSL_EDH_RSA_AES_256_SHA      0x39
-#define SSL_RSA_AES_128_SHA256       0x3C   /**< TLS 1.2 */
-#define SSL_RSA_AES_256_SHA256       0x3D   /**< TLS 1.2 */
-#define SSL_EDH_RSA_AES_128_SHA256   0x67   /**< TLS 1.2 */
-#define SSL_EDH_RSA_AES_256_SHA256   0x6B   /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
+#define TLS_RSA_WITH_AES_256_CBC_SHA             0x35
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
+#define TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
 
-#define SSL_RSA_CAMELLIA_128_SHA        0x41
-#define SSL_EDH_RSA_CAMELLIA_128_SHA    0x45
-#define SSL_RSA_CAMELLIA_256_SHA        0x84
-#define SSL_EDH_RSA_CAMELLIA_256_SHA    0x88
-#define SSL_RSA_CAMELLIA_128_SHA256     0xBA   /**< TLS 1.2 */
-#define SSL_EDH_RSA_CAMELLIA_128_SHA256 0xBE   /**< TLS 1.2 */
-#define SSL_RSA_CAMELLIA_256_SHA256     0xC0   /**< TLS 1.2 */
-#define SSL_EDH_RSA_CAMELLIA_256_SHA256 0xC4   /**< TLS 1.2 */
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
 
-#define SSL_RSA_AES_128_GCM_SHA256      0x9C
-#define SSL_RSA_AES_256_GCM_SHA384      0x9D
-#define SSL_EDH_RSA_AES_128_GCM_SHA256  0x9E
-#define SSL_EDH_RSA_AES_256_GCM_SHA384  0x9F
+#define TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C
+#define TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F
 
 #define SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */