|
|
@@ -2,9 +2,760 @@
|
|
|
|
|
|
#ifdef WITH_APPLETLS
|
|
|
|
|
|
+/* Disclaimer: excerpted from curl */
|
|
|
+
|
|
|
#include <Security/Security.h>
|
|
|
+/* For some reason, when building for iOS, the omnibus header above does
|
|
|
+ * not include SecureTransport.h as of iOS SDK 5.1. */
|
|
|
#include <Security/SecureTransport.h>
|
|
|
#include <CoreFoundation/CoreFoundation.h>
|
|
|
+#include <CommonCrypto/CommonDigest.h>
|
|
|
+
|
|
|
+#include "hsocket.h"
|
|
|
+
|
|
|
+/* The Security framework has changed greatly between iOS and different macOS
|
|
|
+ versions, and we will try to support as many of them as we can (back to
|
|
|
+ Leopard and iOS 5) by using macros and weak-linking.
|
|
|
+ In general, you want to build this using the most recent OS SDK, since some
|
|
|
+ features require curl to be built against the latest SDK. TLS 1.1 and 1.2
|
|
|
+ support, for instance, require the macOS 10.8 SDK or later. TLS 1.3
|
|
|
+ requires the macOS 10.13 or iOS 11 SDK or later. */
|
|
|
+#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
|
|
|
+
|
|
|
+#if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
|
|
|
+#error "The Secure Transport back-end requires Leopard or later."
|
|
|
+#endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
|
|
|
+
|
|
|
+#define CURL_BUILD_IOS 0
|
|
|
+#define CURL_BUILD_IOS_7 0
|
|
|
+#define CURL_BUILD_IOS_9 0
|
|
|
+#define CURL_BUILD_IOS_11 0
|
|
|
+#define CURL_BUILD_IOS_13 0
|
|
|
+#define CURL_BUILD_MAC 1
|
|
|
+/* This is the maximum API level we are allowed to use when building: */
|
|
|
+#define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
|
|
|
+#define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
|
|
|
+#define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
|
|
|
+#define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
|
|
|
+#define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
|
|
|
+#define CURL_BUILD_MAC_10_11 MAC_OS_X_VERSION_MAX_ALLOWED >= 101100
|
|
|
+#define CURL_BUILD_MAC_10_13 MAC_OS_X_VERSION_MAX_ALLOWED >= 101300
|
|
|
+#define CURL_BUILD_MAC_10_15 MAC_OS_X_VERSION_MAX_ALLOWED >= 101500
|
|
|
+/* These macros mean "the following code is present to allow runtime backward
|
|
|
+ compatibility with at least this cat or earlier":
|
|
|
+ (You set this at build-time using the compiler command line option
|
|
|
+ "-mmacosx-version-min.") */
|
|
|
+#define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
|
|
|
+#define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
|
|
|
+#define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
|
|
|
+#define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
|
|
|
+#define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
|
|
|
+
|
|
|
+#elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
|
|
|
+#define CURL_BUILD_IOS 1
|
|
|
+#define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
|
|
|
+#define CURL_BUILD_IOS_9 __IPHONE_OS_VERSION_MAX_ALLOWED >= 90000
|
|
|
+#define CURL_BUILD_IOS_11 __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000
|
|
|
+#define CURL_BUILD_IOS_13 __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
|
|
|
+#define CURL_BUILD_MAC 0
|
|
|
+#define CURL_BUILD_MAC_10_5 0
|
|
|
+#define CURL_BUILD_MAC_10_6 0
|
|
|
+#define CURL_BUILD_MAC_10_7 0
|
|
|
+#define CURL_BUILD_MAC_10_8 0
|
|
|
+#define CURL_BUILD_MAC_10_9 0
|
|
|
+#define CURL_BUILD_MAC_10_11 0
|
|
|
+#define CURL_BUILD_MAC_10_13 0
|
|
|
+#define CURL_BUILD_MAC_10_15 0
|
|
|
+#define CURL_SUPPORT_MAC_10_5 0
|
|
|
+#define CURL_SUPPORT_MAC_10_6 0
|
|
|
+#define CURL_SUPPORT_MAC_10_7 0
|
|
|
+#define CURL_SUPPORT_MAC_10_8 0
|
|
|
+#define CURL_SUPPORT_MAC_10_9 0
|
|
|
+
|
|
|
+#else
|
|
|
+#error "The Secure Transport back-end requires iOS or macOS."
|
|
|
+#endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
|
|
|
+
|
|
|
+#if !defined(__MAC_10_8)
|
|
|
+static const SSLProtocol kTLSProtocol11 = (SSLProtocol)7;
|
|
|
+static const SSLProtocol kTLSProtocol12 = (SSLProtocol)8;
|
|
|
+#endif
|
|
|
+
|
|
|
+#if !defined(__MAC_10_13)
|
|
|
+static const SSLProtocol kTLSProtocol13 = (SSLProtocol)10;
|
|
|
+#endif
|
|
|
+
|
|
|
+static inline const char* SSLProtocolToString(SSLProtocol proto) {
|
|
|
+ switch(proto) {
|
|
|
+ case kSSLProtocol2: return "SSLv2";
|
|
|
+ case kSSLProtocol3: return "SSLv3";
|
|
|
+ case kTLSProtocol1: return "TLSv1";
|
|
|
+ case kTLSProtocol11: return "TLSv1.1";
|
|
|
+ case kTLSProtocol12: return "TLSv1.2";
|
|
|
+ case kTLSProtocol13: return "TLSv1.3";
|
|
|
+ default: return "Unknown";
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+struct st_cipher {
|
|
|
+ const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */
|
|
|
+ const char *alias_name; /* Alias name is the same as OpenSSL cipher name */
|
|
|
+ SSLCipherSuite num; /* Cipher suite code/number defined in IANA registry */
|
|
|
+ bool weak; /* Flag to mark cipher as weak based on previous implementation
|
|
|
+ of Secure Transport back-end by CURL */
|
|
|
+};
|
|
|
+
|
|
|
+/* Macro to initialize st_cipher data structure: stringify id to name, cipher
|
|
|
+ number/id, 'weak' suite flag
|
|
|
+ */
|
|
|
+#define CIPHER_DEF(num, alias, weak) \
|
|
|
+ { #num, alias, num, weak }
|
|
|
+
|
|
|
+/*
|
|
|
+ Macro to initialize st_cipher data structure with name, code (IANA cipher
|
|
|
+ number/id value), and 'weak' suite flag. The first 28 cipher suite numbers
|
|
|
+ have the same IANA code for both SSL and TLS standards: numbers 0x0000 to
|
|
|
+ 0x001B. They have different names though. The first 4 letters of the cipher
|
|
|
+ suite name are the protocol name: "SSL_" or "TLS_", rest of the IANA name is
|
|
|
+ the same for both SSL and TLS cipher suite name.
|
|
|
+ The second part of the problem is that macOS/iOS SDKs don't define all TLS
|
|
|
+ codes but only 12 of them. The SDK defines all SSL codes though, i.e. SSL_NUM
|
|
|
+ constant is always defined for those 28 ciphers while TLS_NUM is defined only
|
|
|
+ for 12 of the first 28 ciphers. Those 12 TLS cipher codes match to
|
|
|
+ corresponding SSL enum value and represent the same cipher suite. Therefore
|
|
|
+ we'll use the SSL enum value for those cipher suites because it is defined
|
|
|
+ for all 28 of them.
|
|
|
+ We make internal data consistent and based on TLS names, i.e. all st_cipher
|
|
|
+ item names start with the "TLS_" prefix.
|
|
|
+ Summarizing all the above, those 28 first ciphers are presented in our table
|
|
|
+ with both TLS and SSL names. Their cipher numbers are assigned based on the
|
|
|
+ SDK enum value for the SSL cipher, which matches to IANA TLS number.
|
|
|
+ */
|
|
|
+#define CIPHER_DEF_SSLTLS(num_wo_prefix, alias, weak) \
|
|
|
+ { "TLS_" #num_wo_prefix, alias, SSL_##num_wo_prefix, weak }
|
|
|
+
|
|
|
+/*
|
|
|
+ Cipher suites were marked as weak based on the following:
|
|
|
+ RC4 encryption - rfc7465, the document contains a list of deprecated ciphers.
|
|
|
+ Marked in the code below as weak.
|
|
|
+ RC2 encryption - many mentions, was found vulnerable to a relatively easy
|
|
|
+ attack https://link.springer.com/chapter/10.1007%2F3-540-69710-1_14
|
|
|
+ Marked in the code below as weak.
|
|
|
+ DES and IDEA encryption - rfc5469, has a list of deprecated ciphers.
|
|
|
+ Marked in the code below as weak.
|
|
|
+ Anonymous Diffie-Hellman authentication and anonymous elliptic curve
|
|
|
+ Diffie-Hellman - vulnerable to a man-in-the-middle attack. Deprecated by
|
|
|
+ RFC 4346 aka TLS 1.1 (section A.5, page 60)
|
|
|
+ Null bulk encryption suites - not encrypted communication
|
|
|
+ Export ciphers, i.e. ciphers with restrictions to be used outside the US for
|
|
|
+ software exported to some countries, they were excluded from TLS 1.1
|
|
|
+ version. More precisely, they were noted as ciphers which MUST NOT be
|
|
|
+ negotiated in RFC 4346 aka TLS 1.1 (section A.5, pages 60 and 61).
|
|
|
+ All of those filters were considered weak because they contain a weak
|
|
|
+ algorithm like DES, RC2 or RC4, and already considered weak by other
|
|
|
+ criteria.
|
|
|
+ 3DES - NIST deprecated it and is going to retire it by 2023
|
|
|
+ https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
|
|
|
+ OpenSSL https://www.openssl.org/blog/blog/2016/08/24/sweet32/ also
|
|
|
+ deprecated those ciphers. Some other libraries also consider it
|
|
|
+ vulnerable or at least not strong enough.
|
|
|
+ CBC ciphers are vulnerable with SSL3.0 and TLS1.0:
|
|
|
+ https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance
|
|
|
+ /118518-technote-esa-00.html
|
|
|
+ We don't take care of this issue because it is resolved by later TLS
|
|
|
+ versions and for us, it requires more complicated checks, we need to
|
|
|
+ check a protocol version also. Vulnerability doesn't look very critical
|
|
|
+ and we do not filter out those cipher suites.
|
|
|
+ */
|
|
|
+
|
|
|
+#define CIPHER_WEAK_NOT_ENCRYPTED TRUE
|
|
|
+#define CIPHER_WEAK_RC_ENCRYPTION TRUE
|
|
|
+#define CIPHER_WEAK_DES_ENCRYPTION TRUE
|
|
|
+#define CIPHER_WEAK_IDEA_ENCRYPTION TRUE
|
|
|
+#define CIPHER_WEAK_ANON_AUTH TRUE
|
|
|
+#define CIPHER_WEAK_3DES_ENCRYPTION TRUE
|
|
|
+#define CIPHER_STRONG_ENOUGH FALSE
|
|
|
+
|
|
|
+/* Please do not change the order of the first ciphers available for SSL.
|
|
|
+ Do not insert and do not delete any of them. Code below
|
|
|
+ depends on their order and continuity.
|
|
|
+ If you add a new cipher, please maintain order by number, i.e.
|
|
|
+ insert in between existing items to appropriate place based on
|
|
|
+ cipher suite IANA number
|
|
|
+*/
|
|
|
+const static struct st_cipher ciphertable[] = {
|
|
|
+ /* SSL version 3.0 and initial TLS 1.0 cipher suites.
|
|
|
+ Defined since SDK 10.2.8 */
|
|
|
+ CIPHER_DEF_SSLTLS(NULL_WITH_NULL_NULL, /* 0x0000 */
|
|
|
+ NULL,
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_NULL_MD5, /* 0x0001 */
|
|
|
+ "NULL-MD5",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_NULL_SHA, /* 0x0002 */
|
|
|
+ "NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_RC4_40_MD5, /* 0x0003 */
|
|
|
+ "EXP-RC4-MD5",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_RC4_128_MD5, /* 0x0004 */
|
|
|
+ "RC4-MD5",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_RC4_128_SHA, /* 0x0005 */
|
|
|
+ "RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* 0x0006 */
|
|
|
+ "EXP-RC2-CBC-MD5",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_IDEA_CBC_SHA, /* 0x0007 */
|
|
|
+ "IDEA-CBC-SHA",
|
|
|
+ CIPHER_WEAK_IDEA_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x0008 */
|
|
|
+ "EXP-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_DES_CBC_SHA, /* 0x0009 */
|
|
|
+ "DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */
|
|
|
+ "DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 0x000B */
|
|
|
+ "EXP-DH-DSS-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_DSS_WITH_DES_CBC_SHA, /* 0x000C */
|
|
|
+ "DH-DSS-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_DSS_WITH_3DES_EDE_CBC_SHA, /* 0x000D */
|
|
|
+ "DH-DSS-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x000E */
|
|
|
+ "EXP-DH-RSA-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_RSA_WITH_DES_CBC_SHA, /* 0x000F */
|
|
|
+ "DH-RSA-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x0010 */
|
|
|
+ "DH-RSA-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 0x0011 */
|
|
|
+ "EXP-EDH-DSS-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DHE_DSS_WITH_DES_CBC_SHA, /* 0x0012 */
|
|
|
+ "EDH-DSS-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* 0x0013 */
|
|
|
+ "DHE-DSS-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x0014 */
|
|
|
+ "EXP-EDH-RSA-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DHE_RSA_WITH_DES_CBC_SHA, /* 0x0015 */
|
|
|
+ "EDH-RSA-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x0016 */
|
|
|
+ "DHE-RSA-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_anon_EXPORT_WITH_RC4_40_MD5, /* 0x0017 */
|
|
|
+ "EXP-ADH-RC4-MD5",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_anon_WITH_RC4_128_MD5, /* 0x0018 */
|
|
|
+ "ADH-RC4-MD5",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_anon_EXPORT_WITH_DES40_CBC_SHA, /* 0x0019 */
|
|
|
+ "EXP-ADH-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_anon_WITH_DES_CBC_SHA, /* 0x001A */
|
|
|
+ "ADH-DES-CBC-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF_SSLTLS(DH_anon_WITH_3DES_EDE_CBC_SHA, /* 0x001B */
|
|
|
+ "ADH-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* 0x001C */
|
|
|
+ NULL,
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* 0x001D */
|
|
|
+ NULL,
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
|
|
|
+ /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_NULL_SHA, /* 0x002C */
|
|
|
+ "PSK-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA, /* 0x002D */
|
|
|
+ "DHE-PSK-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA, /* 0x002E */
|
|
|
+ "RSA-PSK-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
|
|
|
+
|
|
|
+ /* TLS addenda using AES, per RFC 3268. Defined since SDK 10.4u */
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */
|
|
|
+ "AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_CBC_SHA, /* 0x0030 */
|
|
|
+ "DH-DSS-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_CBC_SHA, /* 0x0031 */
|
|
|
+ "DH-RSA-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* 0x0032 */
|
|
|
+ "DHE-DSS-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* 0x0033 */
|
|
|
+ "DHE-RSA-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_anon_WITH_AES_128_CBC_SHA, /* 0x0034 */
|
|
|
+ "ADH-AES128-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */
|
|
|
+ "AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_CBC_SHA, /* 0x0036 */
|
|
|
+ "DH-DSS-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_CBC_SHA, /* 0x0037 */
|
|
|
+ "DH-RSA-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* 0x0038 */
|
|
|
+ "DHE-DSS-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* 0x0039 */
|
|
|
+ "DHE-RSA-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_anon_WITH_AES_256_CBC_SHA, /* 0x003A */
|
|
|
+ "ADH-AES256-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
|
|
|
+ /* TLS 1.2 addenda, RFC 5246 */
|
|
|
+ /* Server provided RSA certificate for key exchange. */
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_NULL_SHA256, /* 0x003B */
|
|
|
+ "NULL-SHA256",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */
|
|
|
+ "AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */
|
|
|
+ "AES256-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ /* Server-authenticated (and optionally client-authenticated)
|
|
|
+ Diffie-Hellman. */
|
|
|
+ CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_CBC_SHA256, /* 0x003E */
|
|
|
+ "DH-DSS-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_CBC_SHA256, /* 0x003F */
|
|
|
+ "DH-RSA-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, /* 0x0040 */
|
|
|
+ "DHE-DSS-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+
|
|
|
+ /* TLS 1.2 addenda, RFC 5246 */
|
|
|
+ CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, /* 0x0067 */
|
|
|
+ "DHE-RSA-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_CBC_SHA256, /* 0x0068 */
|
|
|
+ "DH-DSS-AES256-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_CBC_SHA256, /* 0x0069 */
|
|
|
+ "DH-RSA-AES256-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, /* 0x006A */
|
|
|
+ "DHE-DSS-AES256-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, /* 0x006B */
|
|
|
+ "DHE-RSA-AES256-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_anon_WITH_AES_128_CBC_SHA256, /* 0x006C */
|
|
|
+ "ADH-AES128-SHA256",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF(TLS_DH_anon_WITH_AES_256_CBC_SHA256, /* 0x006D */
|
|
|
+ "ADH-AES256-SHA256",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
|
|
|
+ /* Addendum from RFC 4279, TLS PSK */
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_RC4_128_SHA, /* 0x008A */
|
|
|
+ "PSK-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x008B */
|
|
|
+ "PSK-3DES-EDE-CBC-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_AES_128_CBC_SHA, /* 0x008C */
|
|
|
+ "PSK-AES128-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_AES_256_CBC_SHA, /* 0x008D */
|
|
|
+ "PSK-AES256-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_RC4_128_SHA, /* 0x008E */
|
|
|
+ "DHE-PSK-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x008F */
|
|
|
+ "DHE-PSK-3DES-EDE-CBC-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_CBC_SHA, /* 0x0090 */
|
|
|
+ "DHE-PSK-AES128-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_CBC_SHA, /* 0x0091 */
|
|
|
+ "DHE-PSK-AES256-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_RC4_128_SHA, /* 0x0092 */
|
|
|
+ "RSA-PSK-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x0093 */
|
|
|
+ "RSA-PSK-3DES-EDE-CBC-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_CBC_SHA, /* 0x0094 */
|
|
|
+ "RSA-PSK-AES128-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_CBC_SHA, /* 0x0095 */
|
|
|
+ "RSA-PSK-AES256-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
|
|
|
+ /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
|
|
|
+ for TLS. */
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */
|
|
|
+ "AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */
|
|
|
+ "AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, /* 0x009E */
|
|
|
+ "DHE-RSA-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, /* 0x009F */
|
|
|
+ "DHE-RSA-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, /* 0x00A0 */
|
|
|
+ "DH-RSA-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_GCM_SHA384, /* 0x00A1 */
|
|
|
+ "DH-RSA-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, /* 0x00A2 */
|
|
|
+ "DHE-DSS-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, /* 0x00A3 */
|
|
|
+ "DHE-DSS-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_GCM_SHA256, /* 0x00A4 */
|
|
|
+ "DH-DSS-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_GCM_SHA384, /* 0x00A5 */
|
|
|
+ "DH-DSS-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DH_anon_WITH_AES_128_GCM_SHA256, /* 0x00A6 */
|
|
|
+ "ADH-AES128-GCM-SHA256",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF(TLS_DH_anon_WITH_AES_256_GCM_SHA384, /* 0x00A7 */
|
|
|
+ "ADH-AES256-GCM-SHA384",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
|
|
|
+ /* RFC 5487 - PSK with SHA-256/384 and AES GCM */
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_AES_128_GCM_SHA256, /* 0x00A8 */
|
|
|
+ "PSK-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_AES_256_GCM_SHA384, /* 0x00A9 */
|
|
|
+ "PSK-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, /* 0x00AA */
|
|
|
+ "DHE-PSK-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, /* 0x00AB */
|
|
|
+ "DHE-PSK-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, /* 0x00AC */
|
|
|
+ "RSA-PSK-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, /* 0x00AD */
|
|
|
+ "RSA-PSK-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_AES_128_CBC_SHA256, /* 0x00AE */
|
|
|
+ "PSK-AES128-CBC-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_AES_256_CBC_SHA384, /* 0x00AF */
|
|
|
+ "PSK-AES256-CBC-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_NULL_SHA256, /* 0x00B0 */
|
|
|
+ "PSK-NULL-SHA256",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_NULL_SHA384, /* 0x00B1 */
|
|
|
+ "PSK-NULL-SHA384",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, /* 0x00B2 */
|
|
|
+ "DHE-PSK-AES128-CBC-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, /* 0x00B3 */
|
|
|
+ "DHE-PSK-AES256-CBC-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA256, /* 0x00B4 */
|
|
|
+ "DHE-PSK-NULL-SHA256",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA384, /* 0x00B5 */
|
|
|
+ "DHE-PSK-NULL-SHA384",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, /* 0x00B6 */
|
|
|
+ "RSA-PSK-AES128-CBC-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, /* 0x00B7 */
|
|
|
+ "RSA-PSK-AES256-CBC-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA256, /* 0x00B8 */
|
|
|
+ "RSA-PSK-NULL-SHA256",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA384, /* 0x00B9 */
|
|
|
+ "RSA-PSK-NULL-SHA384",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
|
|
|
+
|
|
|
+ /* RFC 5746 - Secure Renegotiation. This is not a real suite,
|
|
|
+ it is a response to initiate negotiation again */
|
|
|
+ CIPHER_DEF(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, /* 0x00FF */
|
|
|
+ NULL,
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
|
|
|
+ /* TLS 1.3 standard cipher suites for ChaCha20+Poly1305.
|
|
|
+ Note: TLS 1.3 ciphersuites do not specify the key exchange
|
|
|
+ algorithm -- they only specify the symmetric ciphers.
|
|
|
+ Cipher alias name matches to OpenSSL cipher name, and for
|
|
|
+ TLS 1.3 ciphers */
|
|
|
+ CIPHER_DEF(TLS_AES_128_GCM_SHA256, /* 0x1301 */
|
|
|
+ NULL, /* The OpenSSL cipher name matches to the IANA name */
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_AES_256_GCM_SHA384, /* 0x1302 */
|
|
|
+ NULL, /* The OpenSSL cipher name matches to the IANA name */
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_CHACHA20_POLY1305_SHA256, /* 0x1303 */
|
|
|
+ NULL, /* The OpenSSL cipher name matches to the IANA name */
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_AES_128_CCM_SHA256, /* 0x1304 */
|
|
|
+ NULL, /* The OpenSSL cipher name matches to the IANA name */
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_AES_128_CCM_8_SHA256, /* 0x1305 */
|
|
|
+ NULL, /* The OpenSSL cipher name matches to the IANA name */
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
|
|
|
+ /* ECDSA addenda, RFC 4492 */
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_NULL_SHA, /* 0xC001 */
|
|
|
+ "ECDH-ECDSA-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* 0xC002 */
|
|
|
+ "ECDH-ECDSA-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */
|
|
|
+ "ECDH-ECDSA-DES-CBC3-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */
|
|
|
+ "ECDH-ECDSA-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */
|
|
|
+ "ECDH-ECDSA-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_NULL_SHA, /* 0xC006 */
|
|
|
+ "ECDHE-ECDSA-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, /* 0xC007 */
|
|
|
+ "ECDHE-ECDSA-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */
|
|
|
+ "ECDHE-ECDSA-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */
|
|
|
+ "ECDHE-ECDSA-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */
|
|
|
+ "ECDHE-ECDSA-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_NULL_SHA, /* 0xC00B */
|
|
|
+ "ECDH-RSA-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_RC4_128_SHA, /* 0xC00C */
|
|
|
+ "ECDH-RSA-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */
|
|
|
+ "ECDH-RSA-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */
|
|
|
+ "ECDH-RSA-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */
|
|
|
+ "ECDH-RSA-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_NULL_SHA, /* 0xC010 */
|
|
|
+ "ECDHE-RSA-NULL-SHA",
|
|
|
+ CIPHER_WEAK_NOT_ENCRYPTED),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_RC4_128_SHA, /* 0xC011 */
|
|
|
+ "ECDHE-RSA-RC4-SHA",
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */
|
|
|
+ "ECDHE-RSA-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */
|
|
|
+ "ECDHE-RSA-AES128-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */
|
|
|
+ "ECDHE-RSA-AES256-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_anon_WITH_NULL_SHA, /* 0xC015 */
|
|
|
+ "AECDH-NULL-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_anon_WITH_RC4_128_SHA, /* 0xC016 */
|
|
|
+ "AECDH-RC4-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, /* 0xC017 */
|
|
|
+ "AECDH-DES-CBC3-SHA",
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(TLS_ECDH_anon_WITH_AES_128_CBC_SHA, /* 0xC018 */
|
|
|
+ "AECDH-AES128-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_anon_WITH_AES_256_CBC_SHA, /* 0xC019 */
|
|
|
+ "AECDH-AES256-SHA",
|
|
|
+ CIPHER_WEAK_ANON_AUTH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
|
|
|
+ /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
|
|
|
+ HMAC SHA-256/384. */
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */
|
|
|
+ "ECDHE-ECDSA-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */
|
|
|
+ "ECDHE-ECDSA-AES256-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */
|
|
|
+ "ECDH-ECDSA-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */
|
|
|
+ "ECDH-ECDSA-AES256-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */
|
|
|
+ "ECDHE-RSA-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */
|
|
|
+ "ECDHE-RSA-AES256-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */
|
|
|
+ "ECDH-RSA-AES128-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */
|
|
|
+ "ECDH-RSA-AES256-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
|
|
|
+ SHA-256/384 and AES Galois Counter Mode (GCM) */
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */
|
|
|
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */
|
|
|
+ "ECDHE-ECDSA-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */
|
|
|
+ "ECDH-ECDSA-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */
|
|
|
+ "ECDH-ECDSA-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */
|
|
|
+ "ECDHE-RSA-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */
|
|
|
+ "ECDHE-RSA-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */
|
|
|
+ "ECDH-RSA-AES128-GCM-SHA256",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */
|
|
|
+ "ECDH-RSA-AES256-GCM-SHA384",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13
|
|
|
+ /* ECDHE_PSK Cipher Suites for Transport Layer Security (TLS), RFC 5489 */
|
|
|
+ CIPHER_DEF(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, /* 0xC035 */
|
|
|
+ "ECDHE-PSK-AES128-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, /* 0xC036 */
|
|
|
+ "ECDHE-PSK-AES256-CBC-SHA",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
|
|
|
+ /* Addenda from rfc 7905 ChaCha20-Poly1305 Cipher Suites for
|
|
|
+ Transport Layer Security (TLS). */
|
|
|
+ CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
|
|
|
+ "ECDHE-RSA-CHACHA20-POLY1305",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+ CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
|
|
|
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
|
|
|
+
|
|
|
+#if CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13
|
|
|
+ /* ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS),
|
|
|
+ RFC 7905 */
|
|
|
+ CIPHER_DEF(TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCAB */
|
|
|
+ "PSK-CHACHA20-POLY1305",
|
|
|
+ CIPHER_STRONG_ENOUGH),
|
|
|
+#endif /* CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 */
|
|
|
+
|
|
|
+ /* Tags for SSL 2 cipher kinds which are not specified for SSL 3.
|
|
|
+ Defined since SDK 10.2.8 */
|
|
|
+ CIPHER_DEF(SSL_RSA_WITH_RC2_CBC_MD5, /* 0xFF80 */
|
|
|
+ NULL,
|
|
|
+ CIPHER_WEAK_RC_ENCRYPTION),
|
|
|
+ CIPHER_DEF(SSL_RSA_WITH_IDEA_CBC_MD5, /* 0xFF81 */
|
|
|
+ NULL,
|
|
|
+ CIPHER_WEAK_IDEA_ENCRYPTION),
|
|
|
+ CIPHER_DEF(SSL_RSA_WITH_DES_CBC_MD5, /* 0xFF82 */
|
|
|
+ NULL,
|
|
|
+ CIPHER_WEAK_DES_ENCRYPTION),
|
|
|
+ CIPHER_DEF(SSL_RSA_WITH_3DES_EDE_CBC_MD5, /* 0xFF83 */
|
|
|
+ NULL,
|
|
|
+ CIPHER_WEAK_3DES_ENCRYPTION),
|
|
|
+};
|
|
|
+
|
|
|
+#define NUM_OF_CIPHERS sizeof(ciphertable)/sizeof(ciphertable[0])
|
|
|
+
|
|
|
+static const char* SSLCipherSuiteToString(SSLCipherSuite cipher)
|
|
|
+{
|
|
|
+ /* The first ciphers in the ciphertable are continuos. Here we do small
|
|
|
+ optimization and instead of loop directly get SSL name by cipher number.
|
|
|
+ */
|
|
|
+ if(cipher <= SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) {
|
|
|
+ return ciphertable[cipher].name;
|
|
|
+ }
|
|
|
+ /* Iterate through the rest of the ciphers */
|
|
|
+ for(size_t i = SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA + 1;
|
|
|
+ i < NUM_OF_CIPHERS;
|
|
|
+ ++i) {
|
|
|
+ if(ciphertable[i].num == cipher) {
|
|
|
+ return ciphertable[i].name;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return ciphertable[SSL_NULL_WITH_NULL_NULL].name;
|
|
|
+}
|
|
|
+
|
|
|
+static bool is_cipher_suite_strong(SSLCipherSuite suite_num)
|
|
|
+{
|
|
|
+ for(size_t i = 0; i < NUM_OF_CIPHERS; ++i) {
|
|
|
+ if(ciphertable[i].num == suite_num) {
|
|
|
+ return !ciphertable[i].weak;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* If the cipher is not in our list, assume it is a new one
|
|
|
+ and therefore strong. Previous implementation was the same,
|
|
|
+ if cipher suite is not in the list, it was considered strong enough */
|
|
|
+ return true;
|
|
|
+}
|
|
|
|
|
|
const char* hssl_backend() {
|
|
|
return "appletls";
|
|
|
@@ -56,9 +807,29 @@ static OSStatus SocketRead(SSLConnectionRef conn, void* data, size_t* len) {
|
|
|
uint8_t* buffer = (uint8_t*)data;
|
|
|
size_t remain = *len;
|
|
|
*len = 0;
|
|
|
+ int fd = appletls->fd;
|
|
|
+ // int timeout = 1000;
|
|
|
+ // struct timeval tv = { timeout / 1000, (timeout % 1000) * 1000 };
|
|
|
+ // fd_set readfds;
|
|
|
while (remain) {
|
|
|
+ /*
|
|
|
+ FD_ZERO(&readfds);
|
|
|
+ FD_SET(fd, &readfds);
|
|
|
+ int nselect = select(fd + 1, &readfds, 0, 0, &tv);
|
|
|
+ printf("nselect=%d\n", nselect);
|
|
|
+ if (nselect < 0) {
|
|
|
+ return errSSLClosedAbort;
|
|
|
+ }
|
|
|
+ if (nselect == 0) {
|
|
|
+ return errSSLWouldBlock;
|
|
|
+ }
|
|
|
+ */
|
|
|
// printf("read(%d)\n", (int)remain);
|
|
|
- ssize_t nread = read(appletls->fd, buffer, remain);
|
|
|
+ // NOTE: avoid blocking
|
|
|
+ if (remain < 16) {
|
|
|
+ so_rcvtimeo(fd, 1000);
|
|
|
+ }
|
|
|
+ ssize_t nread = read(fd, buffer, remain);
|
|
|
// printf("nread=%d errno=%d\n", (int)nread, (int)errno);
|
|
|
if (nread == 0) return errSSLClosedGraceful;
|
|
|
if (nread < 0) {
|
|
|
@@ -69,9 +840,9 @@ static OSStatus SocketRead(SSLConnectionRef conn, void* data, size_t* len) {
|
|
|
default: return errSSLClosedAbort;
|
|
|
}
|
|
|
}
|
|
|
+ *len += nread;
|
|
|
remain -= nread;
|
|
|
buffer += nread;
|
|
|
- *len += nread;
|
|
|
}
|
|
|
return noErr;
|
|
|
}
|
|
|
@@ -82,9 +853,13 @@ static OSStatus SocketWrite(SSLConnectionRef conn, const void* data, size_t* len
|
|
|
uint8_t* buffer = (uint8_t*)data;
|
|
|
size_t remain = *len;
|
|
|
*len = 0;
|
|
|
+ int fd = appletls->fd;
|
|
|
while (remain) {
|
|
|
+ if (remain < 16) {
|
|
|
+ so_sndtimeo(fd, 1000);
|
|
|
+ }
|
|
|
// printf("write(%d)\n", (int)remain);
|
|
|
- ssize_t nwrite = write(appletls->fd, buffer, remain);
|
|
|
+ ssize_t nwrite = write(fd, buffer, remain);
|
|
|
// printf("nwrite=%d errno=%d\n", (int)nwrite, (int)errno);
|
|
|
if (nwrite <= 0) {
|
|
|
switch (errno) {
|
|
|
@@ -168,74 +943,8 @@ static int hssl_init(hssl_t ssl, int endpoint) {
|
|
|
goto error;
|
|
|
}
|
|
|
for (size_t i = 0; i < all_ciphers_count; ++i) {
|
|
|
- /* Disclaimer: excerpted from curl */
|
|
|
- switch(all_ciphers[i]) {
|
|
|
- /* Disable NULL ciphersuites: */
|
|
|
- case SSL_NULL_WITH_NULL_NULL:
|
|
|
- case SSL_RSA_WITH_NULL_MD5:
|
|
|
- case SSL_RSA_WITH_NULL_SHA:
|
|
|
- case 0x003B: /* TLS_RSA_WITH_NULL_SHA256 */
|
|
|
- case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
|
|
|
- case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
|
|
|
- case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
|
|
|
- case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */
|
|
|
- case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */
|
|
|
- case 0x002C: /* TLS_PSK_WITH_NULL_SHA */
|
|
|
- case 0x002D: /* TLS_DHE_PSK_WITH_NULL_SHA */
|
|
|
- case 0x002E: /* TLS_RSA_PSK_WITH_NULL_SHA */
|
|
|
- case 0x00B0: /* TLS_PSK_WITH_NULL_SHA256 */
|
|
|
- case 0x00B1: /* TLS_PSK_WITH_NULL_SHA384 */
|
|
|
- case 0x00B4: /* TLS_DHE_PSK_WITH_NULL_SHA256 */
|
|
|
- case 0x00B5: /* TLS_DHE_PSK_WITH_NULL_SHA384 */
|
|
|
- case 0x00B8: /* TLS_RSA_PSK_WITH_NULL_SHA256 */
|
|
|
- case 0x00B9: /* TLS_RSA_PSK_WITH_NULL_SHA384 */
|
|
|
- /* Disable anonymous ciphersuites: */
|
|
|
- case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
|
|
|
- case SSL_DH_anon_WITH_RC4_128_MD5:
|
|
|
- case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
|
|
|
- case SSL_DH_anon_WITH_DES_CBC_SHA:
|
|
|
- case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
|
|
|
- case TLS_DH_anon_WITH_AES_128_CBC_SHA:
|
|
|
- case TLS_DH_anon_WITH_AES_256_CBC_SHA:
|
|
|
- case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */
|
|
|
- case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */
|
|
|
- case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
|
|
|
- case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
|
|
|
- case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
|
|
|
- case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
|
|
|
- case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
|
|
|
- case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
|
|
|
- case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
|
|
|
- /* Disable weak key ciphersuites: */
|
|
|
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
|
|
|
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
|
|
|
- case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
|
|
|
- case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
|
|
|
- case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
|
|
|
- case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
|
|
|
- case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
|
|
|
- case SSL_RSA_WITH_DES_CBC_SHA:
|
|
|
- case SSL_DH_DSS_WITH_DES_CBC_SHA:
|
|
|
- case SSL_DH_RSA_WITH_DES_CBC_SHA:
|
|
|
- case SSL_DHE_DSS_WITH_DES_CBC_SHA:
|
|
|
- case SSL_DHE_RSA_WITH_DES_CBC_SHA:
|
|
|
- /* Disable IDEA: */
|
|
|
- case SSL_RSA_WITH_IDEA_CBC_SHA:
|
|
|
- case SSL_RSA_WITH_IDEA_CBC_MD5:
|
|
|
- /* Disable RC4: */
|
|
|
- case SSL_RSA_WITH_RC4_128_MD5:
|
|
|
- case SSL_RSA_WITH_RC4_128_SHA:
|
|
|
- case 0xC002: /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
|
|
|
- case 0xC007: /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA*/
|
|
|
- case 0xC00C: /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
|
|
|
- case 0xC011: /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
|
|
|
- case 0x008A: /* TLS_PSK_WITH_RC4_128_SHA */
|
|
|
- case 0x008E: /* TLS_DHE_PSK_WITH_RC4_128_SHA */
|
|
|
- case 0x0092: /* TLS_RSA_PSK_WITH_RC4_128_SHA */
|
|
|
- break;
|
|
|
- default: /* enable everything else */
|
|
|
+ if (is_cipher_suite_strong(all_ciphers[i])) {
|
|
|
allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
|
|
|
- break;
|
|
|
}
|
|
|
}
|
|
|
ret = SSLSetEnabledCiphers(appletls->session, allowed_ciphers, allowed_ciphers_count);
|
|
|
@@ -315,6 +1024,15 @@ static int hssl_handshake(hssl_t ssl) {
|
|
|
default:
|
|
|
return HSSL_ERROR;
|
|
|
}
|
|
|
+
|
|
|
+ /*
|
|
|
+ SSLProtocol protocol = kSSLProtocolUnknown;
|
|
|
+ SSLGetNegotiatedProtocolVersion(appletls->session, &protocol);
|
|
|
+ SSLCipherSuite cipher = SSL_NO_SUCH_CIPHERSUITE;
|
|
|
+ SSLGetNegotiatedCipher(appletls->session, &cipher);
|
|
|
+ printf("* %s connection using %s\n", SSLProtocolToString(protocol), SSLCipherSuiteToString(cipher));
|
|
|
+ */
|
|
|
+
|
|
|
return HSSL_OK;
|
|
|
}
|
|
|
|
hewei.it