1 /* $OpenBSD: tls1.h,v 1.49 2021/09/10 14:57:31 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as core.stdc.config.c_long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 module libressl_d.openssl.tls1; 151 152 153 private static import core.stdc.config; 154 private static import libressl_d.openssl.opensslfeatures; 155 private static import libressl_d.openssl.ossl_typ; 156 private static import libressl_d.openssl.ssl; 157 public import libressl_d.openssl.buffer; 158 public import libressl_d.openssl.opensslconf; 159 160 extern (C): 161 nothrow @nogc: 162 163 enum TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES = 0; 164 165 static if ((libressl_d.openssl.opensslfeatures.LIBRESSL_HAS_TLS1_3) || (libressl_d.openssl.opensslfeatures.LIBRESSL_INTERNAL)) { 166 enum TLS1_3_VERSION = 0x0304; 167 } 168 169 enum TLS1_2_VERSION = 0x0303; 170 enum TLS1_2_VERSION_MAJOR = 0x03; 171 enum TLS1_2_VERSION_MINOR = 0x03; 172 173 enum TLS1_1_VERSION = 0x0302; 174 enum TLS1_1_VERSION_MAJOR = 0x03; 175 enum TLS1_1_VERSION_MINOR = 0x02; 176 177 enum TLS1_VERSION = 0x0301; 178 enum TLS1_VERSION_MAJOR = 0x03; 179 enum TLS1_VERSION_MINOR = 0x01; 180 181 version (LIBRESSL_INTERNAL) { 182 } else { 183 enum TLS1_AD_DECRYPTION_FAILED = 21; 184 enum TLS1_AD_RECORD_OVERFLOW = 22; 185 186 /** 187 * fatal 188 */ 189 enum TLS1_AD_UNKNOWN_CA = 48; 190 191 ///Ditto 192 enum TLS1_AD_ACCESS_DENIED = 49; 193 194 ///Ditto 195 enum TLS1_AD_DECODE_ERROR = 50; 196 197 enum TLS1_AD_DECRYPT_ERROR = 51; 198 199 /** 200 * fatal 201 */ 202 enum TLS1_AD_EXPORT_RESTRICTION = 60; 203 204 ///Ditto 205 enum TLS1_AD_PROTOCOL_VERSION = 70; 206 207 ///Ditto 208 enum TLS1_AD_INSUFFICIENT_SECURITY = 71; 209 210 ///Ditto 211 enum TLS1_AD_INTERNAL_ERROR = 80; 212 213 /* Code 86 from RFC 7507. */ 214 215 /** 216 * fatal 217 */ 218 enum TLS1_AD_INAPPROPRIATE_FALLBACK = 86; 219 220 enum TLS1_AD_USER_CANCELLED = 90; 221 enum TLS1_AD_NO_RENEGOTIATION = 100; 222 /* Codes 110-114 from RFC 3546. */ 223 enum TLS1_AD_UNSUPPORTED_EXTENSION = 110; 224 enum TLS1_AD_CERTIFICATE_UNOBTAINABLE = 111; 225 enum TLS1_AD_UNRECOGNIZED_NAME = 112; 226 enum TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE = 113; 227 enum TLS1_AD_BAD_CERTIFICATE_HASH_VALUE = 114; 228 /* Code 115 from RFC 4279. */ 229 230 /** 231 * fatal 232 */ 233 enum TLS1_AD_UNKNOWN_PSK_IDENTITY = 115; 234 } 235 236 /* 237 * TLS ExtensionType values. 238 * 239 * https://www.iana.org/assignments/tls-extensiontype-values/ 240 */ 241 242 /* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ 243 enum TLSEXT_TYPE_server_name = 0; 244 enum TLSEXT_TYPE_max_fragment_length = 1; 245 enum TLSEXT_TYPE_client_certificate_url = 2; 246 enum TLSEXT_TYPE_trusted_ca_keys = 3; 247 enum TLSEXT_TYPE_truncated_hmac = 4; 248 enum TLSEXT_TYPE_status_request = 5; 249 250 /** 251 * ExtensionType values from RFC 4681. 252 */ 253 enum TLSEXT_TYPE_user_mapping = 6; 254 255 /* ExtensionType values from RFC 5878. */ 256 enum TLSEXT_TYPE_client_authz = 7; 257 enum TLSEXT_TYPE_server_authz = 8; 258 259 /** 260 * ExtensionType values from RFC 6091. 261 */ 262 enum TLSEXT_TYPE_cert_type = 9; 263 264 /** 265 * ExtensionType values from RFC 7919. 266 */ 267 enum TLSEXT_TYPE_supported_groups = 10; 268 269 /* ExtensionType values from RFC 4492. */ 270 version (LIBRESSL_INTERNAL) { 271 } else { 272 alias TLSEXT_TYPE_elliptic_curves = .TLSEXT_TYPE_supported_groups; 273 } 274 275 enum TLSEXT_TYPE_ec_point_formats = 11; 276 277 /** 278 * ExtensionType value from RFC 5054. 279 */ 280 enum TLSEXT_TYPE_srp = 12; 281 282 /** 283 * ExtensionType value from RFC 5246/RFC 8446. 284 */ 285 enum TLSEXT_TYPE_signature_algorithms = 13; 286 287 /** 288 * ExtensionType value from RFC 5764. 289 */ 290 enum TLSEXT_TYPE_use_srtp = 14; 291 292 /** 293 * ExtensionType value from RFC 5620. 294 */ 295 enum TLSEXT_TYPE_heartbeat = 15; 296 297 /** 298 * ExtensionType value from RFC 7301. 299 */ 300 enum TLSEXT_TYPE_application_layer_protocol_negotiation = 16; 301 302 /** 303 * ExtensionType value from RFC 7685. 304 */ 305 enum TLSEXT_TYPE_padding = 21; 306 307 /** 308 * ExtensionType value from RFC 4507. 309 */ 310 enum TLSEXT_TYPE_session_ticket = 35; 311 312 /* ExtensionType values from RFC 8446 section 4.2 */ 313 static if ((libressl_d.openssl.opensslfeatures.LIBRESSL_HAS_TLS1_3) || (libressl_d.openssl.opensslfeatures.LIBRESSL_INTERNAL)) { 314 enum TLSEXT_TYPE_pre_shared_key = 41; 315 enum TLSEXT_TYPE_early_data = 42; 316 enum TLSEXT_TYPE_supported_versions = 43; 317 enum TLSEXT_TYPE_cookie = 44; 318 enum TLSEXT_TYPE_psk_key_exchange_modes = 45; 319 enum TLSEXT_TYPE_certificate_authorities = 47; 320 enum TLSEXT_TYPE_oid_filters = 48; 321 enum TLSEXT_TYPE_post_handshake_auth = 49; 322 enum TLSEXT_TYPE_signature_algorithms_cert = 50; 323 enum TLSEXT_TYPE_key_share = 51; 324 } 325 326 /* 327 * TLS 1.3 extension names from OpenSSL, where they decided to use a different 328 * name from that given in RFC 8446. 329 */ 330 version (LIBRESSL_HAS_TLS1_3) { 331 enum TLSEXT_TYPE_psk = .TLSEXT_TYPE_pre_shared_key; 332 enum TLSEXT_TYPE_psk_kex_modes = .TLSEXT_TYPE_psk_key_exchange_modes; 333 } 334 335 /** 336 * Temporary extension type 337 */ 338 enum TLSEXT_TYPE_renegotiate = 0xFF01; 339 340 /** 341 * NameType value from RFC 3546. 342 */ 343 enum TLSEXT_NAMETYPE_host_name = 0; 344 345 /** 346 * status request value from RFC 3546 347 */ 348 enum TLSEXT_STATUSTYPE_ocsp = 1; 349 350 /* ECPointFormat values from RFC 4492. */ 351 enum TLSEXT_ECPOINTFORMAT_first = 0; 352 enum TLSEXT_ECPOINTFORMAT_uncompressed = 0; 353 enum TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime = 1; 354 enum TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 = 2; 355 enum TLSEXT_ECPOINTFORMAT_last = 2; 356 357 enum TLSEXT_MAXLEN_host_name = 255; 358 359 const (char)* SSL_get_servername(const (libressl_d.openssl.ossl_typ.SSL)* s, const int type); 360 int SSL_get_servername_type(const (libressl_d.openssl.ossl_typ.SSL)* s); 361 362 /** 363 * SSL_export_keying_material exports a value derived from the master secret, 364 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and 365 * optional context. (Since a zero length context is allowed, the |use_context| 366 * flag controls whether a context is included.) 367 * 368 * It returns 1 on success and zero otherwise. 369 */ 370 int SSL_export_keying_material(libressl_d.openssl.ossl_typ.SSL* s, ubyte* out_, size_t olen, const (char)* label, size_t llen, const (ubyte)* p, size_t plen, int use_context); 371 372 pragma(inline, true) 373 core.stdc.config.c_long SSL_set_tlsext_host_name(libressl_d.openssl.ossl_typ.SSL* s, char* name) 374 375 do 376 { 377 return libressl_d.openssl.ssl.SSL_ctrl(s, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_HOSTNAME, .TLSEXT_NAMETYPE_host_name, name); 378 } 379 380 pragma(inline, true) 381 core.stdc.config.c_long SSL_set_tlsext_debug_callback(libressl_d.openssl.ossl_typ.SSL* ssl, void function() cb) 382 383 do 384 { 385 return libressl_d.openssl.ssl.SSL_callback_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_DEBUG_CB, cb); 386 } 387 388 pragma(inline, true) 389 core.stdc.config.c_long SSL_set_tlsext_debug_arg(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 390 391 do 392 { 393 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_DEBUG_ARG, 0, arg); 394 } 395 396 pragma(inline, true) 397 core.stdc.config.c_long SSL_get_tlsext_status_type(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 398 399 do 400 { 401 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, null); 402 } 403 404 pragma(inline, true) 405 core.stdc.config.c_long SSL_set_tlsext_status_type(libressl_d.openssl.ossl_typ.SSL* ssl, core.stdc.config.c_long type) 406 407 do 408 { 409 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, null); 410 } 411 412 pragma(inline, true) 413 core.stdc.config.c_long SSL_get_tlsext_status_exts(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 414 415 do 416 { 417 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS, 0, arg); 418 } 419 420 pragma(inline, true) 421 core.stdc.config.c_long SSL_set_tlsext_status_exts(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 422 423 do 424 { 425 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS, 0, arg); 426 } 427 428 pragma(inline, true) 429 core.stdc.config.c_long SSL_get_tlsext_status_ids(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 430 431 do 432 { 433 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS, 0, arg); 434 } 435 436 pragma(inline, true) 437 core.stdc.config.c_long SSL_set_tlsext_status_ids(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 438 439 do 440 { 441 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS, 0, arg); 442 } 443 444 pragma(inline, true) 445 core.stdc.config.c_long SSL_get_tlsext_status_ocsp_resp(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg) 446 447 do 448 { 449 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP, 0, arg); 450 } 451 452 pragma(inline, true) 453 core.stdc.config.c_long SSL_set_tlsext_status_ocsp_resp(libressl_d.openssl.ossl_typ.SSL* ssl, void* arg, core.stdc.config.c_long arglen) 454 455 do 456 { 457 return libressl_d.openssl.ssl.SSL_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP, arglen, arg); 458 } 459 460 pragma(inline, true) 461 core.stdc.config.c_long SSL_CTX_set_tlsext_servername_callback(libressl_d.openssl.ossl_typ.SSL_CTX* ctx, void function() cb) 462 463 do 464 { 465 return libressl_d.openssl.ssl.SSL_CTX_callback_ctrl(ctx, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, cb); 466 } 467 468 enum SSL_TLSEXT_ERR_OK = 0; 469 enum SSL_TLSEXT_ERR_ALERT_WARNING = 1; 470 enum SSL_TLSEXT_ERR_ALERT_FATAL = 2; 471 enum SSL_TLSEXT_ERR_NOACK = 3; 472 473 pragma(inline, true) 474 core.stdc.config.c_long SSL_CTX_set_tlsext_servername_arg(libressl_d.openssl.ossl_typ.SSL_CTX* ctx, void* arg) 475 476 do 477 { 478 return libressl_d.openssl.ssl.SSL_CTX_ctrl(ctx, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg); 479 } 480 481 pragma(inline, true) 482 core.stdc.config.c_long SSL_CTX_get_tlsext_ticket_keys(libressl_d.openssl.ossl_typ.SSL_CTX* ctx, void* keys, core.stdc.config.c_long keylen) 483 484 do 485 { 486 return libressl_d.openssl.ssl.SSL_CTX_ctrl(ctx, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_TICKET_KEYS, keylen, keys); 487 } 488 489 pragma(inline, true) 490 core.stdc.config.c_long SSL_CTX_set_tlsext_ticket_keys(libressl_d.openssl.ossl_typ.SSL_CTX* ctx, void* keys, core.stdc.config.c_long keylen) 491 492 do 493 { 494 return libressl_d.openssl.ssl.SSL_CTX_ctrl(ctx, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_TICKET_KEYS, keylen, keys); 495 } 496 497 pragma(inline, true) 498 core.stdc.config.c_long SSL_CTX_get_tlsext_status_cb(libressl_d.openssl.ossl_typ.SSL_CTX* ssl, void function() cb) 499 500 do 501 { 502 return libressl_d.openssl.ssl.SSL_CTX_callback_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, cb); 503 } 504 505 pragma(inline, true) 506 core.stdc.config.c_long SSL_CTX_set_tlsext_status_cb(libressl_d.openssl.ossl_typ.SSL_CTX* ssl, void function() cb) 507 508 do 509 { 510 return libressl_d.openssl.ssl.SSL_CTX_callback_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, cb); 511 } 512 513 pragma(inline, true) 514 core.stdc.config.c_long SSL_CTX_get_tlsext_status_arg(libressl_d.openssl.ossl_typ.SSL_CTX* ssl, void* arg) 515 516 do 517 { 518 return libressl_d.openssl.ssl.SSL_CTX_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg); 519 } 520 521 pragma(inline, true) 522 core.stdc.config.c_long SSL_CTX_set_tlsext_status_arg(libressl_d.openssl.ossl_typ.SSL_CTX* ssl, void* arg) 523 524 do 525 { 526 return libressl_d.openssl.ssl.SSL_CTX_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg); 527 } 528 529 pragma(inline, true) 530 core.stdc.config.c_long SSL_CTX_set_tlsext_ticket_key_cb(libressl_d.openssl.ossl_typ.SSL_CTX* ssl, void function() cb) 531 532 do 533 { 534 return libressl_d.openssl.ssl.SSL_CTX_callback_ctrl(ssl, libressl_d.openssl.ssl.SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, cb); 535 } 536 537 /* PSK ciphersuites from RFC 4279. */ 538 enum TLS1_CK_PSK_WITH_RC4_128_SHA = 0x0300008A; 539 enum TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA = 0x0300008B; 540 enum TLS1_CK_PSK_WITH_AES_128_CBC_SHA = 0x0300008C; 541 enum TLS1_CK_PSK_WITH_AES_256_CBC_SHA = 0x0300008D; 542 543 /* 544 * Additional TLS ciphersuites from expired Internet Draft 545 * draft-ietf-tls-56-bit-ciphersuites-01.txt 546 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see 547 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably 548 * shouldn't. Note that the first two are actually not in the IDs. 549 */ 550 551 /** 552 * not in ID 553 */ 554 enum TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x03000060; 555 556 ///Ditto 557 enum TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x03000061; 558 559 enum TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x03000062; 560 enum TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x03000063; 561 enum TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x03000064; 562 enum TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x03000065; 563 enum TLS1_CK_DHE_DSS_WITH_RC4_128_SHA = 0x03000066; 564 565 /* AES ciphersuites from RFC 3268. */ 566 567 enum TLS1_CK_RSA_WITH_AES_128_SHA = 0x0300002F; 568 enum TLS1_CK_DH_DSS_WITH_AES_128_SHA = 0x03000030; 569 enum TLS1_CK_DH_RSA_WITH_AES_128_SHA = 0x03000031; 570 enum TLS1_CK_DHE_DSS_WITH_AES_128_SHA = 0x03000032; 571 enum TLS1_CK_DHE_RSA_WITH_AES_128_SHA = 0x03000033; 572 enum TLS1_CK_ADH_WITH_AES_128_SHA = 0x03000034; 573 574 enum TLS1_CK_RSA_WITH_AES_256_SHA = 0x03000035; 575 enum TLS1_CK_DH_DSS_WITH_AES_256_SHA = 0x03000036; 576 enum TLS1_CK_DH_RSA_WITH_AES_256_SHA = 0x03000037; 577 enum TLS1_CK_DHE_DSS_WITH_AES_256_SHA = 0x03000038; 578 enum TLS1_CK_DHE_RSA_WITH_AES_256_SHA = 0x03000039; 579 enum TLS1_CK_ADH_WITH_AES_256_SHA = 0x0300003A; 580 581 /* TLS v1.2 ciphersuites */ 582 enum TLS1_CK_RSA_WITH_NULL_SHA256 = 0x0300003B; 583 enum TLS1_CK_RSA_WITH_AES_128_SHA256 = 0x0300003C; 584 enum TLS1_CK_RSA_WITH_AES_256_SHA256 = 0x0300003D; 585 enum TLS1_CK_DH_DSS_WITH_AES_128_SHA256 = 0x0300003E; 586 enum TLS1_CK_DH_RSA_WITH_AES_128_SHA256 = 0x0300003F; 587 enum TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 = 0x03000040; 588 589 /* Camellia ciphersuites from RFC 4132. */ 590 enum TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x03000041; 591 enum TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x03000042; 592 enum TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x03000043; 593 enum TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x03000044; 594 enum TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x03000045; 595 enum TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA = 0x03000046; 596 597 /* TLS v1.2 ciphersuites */ 598 enum TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 = 0x03000067; 599 enum TLS1_CK_DH_DSS_WITH_AES_256_SHA256 = 0x03000068; 600 enum TLS1_CK_DH_RSA_WITH_AES_256_SHA256 = 0x03000069; 601 enum TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 = 0x0300006A; 602 enum TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 = 0x0300006B; 603 enum TLS1_CK_ADH_WITH_AES_128_SHA256 = 0x0300006C; 604 enum TLS1_CK_ADH_WITH_AES_256_SHA256 = 0x0300006D; 605 606 /* Camellia ciphersuites from RFC 4132. */ 607 enum TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x03000084; 608 enum TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x03000085; 609 enum TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x03000086; 610 enum TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x03000087; 611 enum TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x03000088; 612 enum TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA = 0x03000089; 613 614 /* SEED ciphersuites from RFC 4162. */ 615 enum TLS1_CK_RSA_WITH_SEED_SHA = 0x03000096; 616 enum TLS1_CK_DH_DSS_WITH_SEED_SHA = 0x03000097; 617 enum TLS1_CK_DH_RSA_WITH_SEED_SHA = 0x03000098; 618 enum TLS1_CK_DHE_DSS_WITH_SEED_SHA = 0x03000099; 619 enum TLS1_CK_DHE_RSA_WITH_SEED_SHA = 0x0300009A; 620 enum TLS1_CK_ADH_WITH_SEED_SHA = 0x0300009B; 621 622 /* TLS v1.2 GCM ciphersuites from RFC 5288. */ 623 enum TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 = 0x0300009C; 624 enum TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 = 0x0300009D; 625 enum TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x0300009E; 626 enum TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x0300009F; 627 enum TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x030000A0; 628 enum TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x030000A1; 629 enum TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x030000A2; 630 enum TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x030000A3; 631 enum TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x030000A4; 632 enum TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x030000A5; 633 enum TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 = 0x030000A6; 634 enum TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 = 0x030000A7; 635 636 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 637 enum TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x030000BA; 638 enum TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x030000BB; 639 enum TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x030000BC; 640 enum TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x030000BD; 641 enum TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x030000BE; 642 enum TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 = 0x030000BF; 643 644 enum TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x030000C0; 645 enum TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x030000C1; 646 enum TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x030000C2; 647 enum TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x030000C3; 648 enum TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x030000C4; 649 enum TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 = 0x030000C5; 650 651 /* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ 652 static if ((libressl_d.openssl.opensslfeatures.LIBRESSL_HAS_TLS1_3) || (libressl_d.openssl.opensslfeatures.LIBRESSL_INTERNAL)) { 653 enum TLS1_3_CK_AES_128_GCM_SHA256 = 0x03001301; 654 enum TLS1_3_CK_AES_256_GCM_SHA384 = 0x03001302; 655 enum TLS1_3_CK_CHACHA20_POLY1305_SHA256 = 0x03001303; 656 enum TLS1_3_CK_AES_128_CCM_SHA256 = 0x03001304; 657 enum TLS1_3_CK_AES_128_CCM_8_SHA256 = 0x03001305; 658 } 659 660 /* ECC ciphersuites from RFC 4492. */ 661 enum TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA = 0x0300C001; 662 enum TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA = 0x0300C002; 663 enum TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA = 0x0300C003; 664 enum TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x0300C004; 665 enum TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x0300C005; 666 667 enum TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA = 0x0300C006; 668 enum TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x0300C007; 669 enum TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA = 0x0300C008; 670 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x0300C009; 671 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0300C00A; 672 673 enum TLS1_CK_ECDH_RSA_WITH_NULL_SHA = 0x0300C00B; 674 enum TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA = 0x0300C00C; 675 enum TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA = 0x0300C00D; 676 enum TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0300C00E; 677 enum TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0300C00F; 678 679 enum TLS1_CK_ECDHE_RSA_WITH_NULL_SHA = 0x0300C010; 680 enum TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA = 0x0300C011; 681 enum TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA = 0x0300C012; 682 enum TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x0300C013; 683 enum TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x0300C014; 684 685 enum TLS1_CK_ECDH_anon_WITH_NULL_SHA = 0x0300C015; 686 enum TLS1_CK_ECDH_anon_WITH_RC4_128_SHA = 0x0300C016; 687 enum TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA = 0x0300C017; 688 enum TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA = 0x0300C018; 689 enum TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA = 0x0300C019; 690 691 /* SRP ciphersuites from RFC 5054. */ 692 enum TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0300C01A; 693 enum TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0300C01B; 694 enum TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0x0300C01C; 695 enum TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0300C01D; 696 enum TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0300C01E; 697 enum TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0x0300C01F; 698 enum TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0300C020; 699 enum TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0300C021; 700 enum TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0x0300C022; 701 702 /* ECDH HMAC based ciphersuites from RFC 5289. */ 703 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 = 0x0300C023; 704 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 = 0x0300C024; 705 enum TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 = 0x0300C025; 706 enum TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 = 0x0300C026; 707 enum TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 = 0x0300C027; 708 enum TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 = 0x0300C028; 709 enum TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 = 0x0300C029; 710 enum TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 = 0x0300C02A; 711 712 /* ECDH GCM based ciphersuites from RFC 5289. */ 713 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x0300C02B; 714 enum TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x0300C02C; 715 enum TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x0300C02D; 716 enum TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x0300C02E; 717 enum TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x0300C02F; 718 enum TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x0300C030; 719 enum TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x0300C031; 720 enum TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x0300C032; 721 722 /* ChaCha20-Poly1305 based ciphersuites. */ 723 enum TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 = 0x0300CCA8; 724 enum TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 = 0x0300CCA9; 725 enum TLS1_CK_DHE_RSA_CHACHA20_POLY1305 = 0x0300CCAA; 726 727 enum TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 = "EXP1024-RC4-MD5"; 728 enum TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = "EXP1024-RC2-CBC-MD5"; 729 enum TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA = "EXP1024-DES-CBC-SHA"; 730 enum TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = "EXP1024-DHE-DSS-DES-CBC-SHA"; 731 enum TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA = "EXP1024-RC4-SHA"; 732 enum TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = "EXP1024-DHE-DSS-RC4-SHA"; 733 enum TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA = "DHE-DSS-RC4-SHA"; 734 735 /* AES ciphersuites from RFC 3268. */ 736 enum TLS1_TXT_RSA_WITH_AES_128_SHA = "AES128-SHA"; 737 enum TLS1_TXT_DH_DSS_WITH_AES_128_SHA = "DH-DSS-AES128-SHA"; 738 enum TLS1_TXT_DH_RSA_WITH_AES_128_SHA = "DH-RSA-AES128-SHA"; 739 enum TLS1_TXT_DHE_DSS_WITH_AES_128_SHA = "DHE-DSS-AES128-SHA"; 740 enum TLS1_TXT_DHE_RSA_WITH_AES_128_SHA = "DHE-RSA-AES128-SHA"; 741 enum TLS1_TXT_ADH_WITH_AES_128_SHA = "ADH-AES128-SHA"; 742 743 enum TLS1_TXT_RSA_WITH_AES_256_SHA = "AES256-SHA"; 744 enum TLS1_TXT_DH_DSS_WITH_AES_256_SHA = "DH-DSS-AES256-SHA"; 745 enum TLS1_TXT_DH_RSA_WITH_AES_256_SHA = "DH-RSA-AES256-SHA"; 746 enum TLS1_TXT_DHE_DSS_WITH_AES_256_SHA = "DHE-DSS-AES256-SHA"; 747 enum TLS1_TXT_DHE_RSA_WITH_AES_256_SHA = "DHE-RSA-AES256-SHA"; 748 enum TLS1_TXT_ADH_WITH_AES_256_SHA = "ADH-AES256-SHA"; 749 750 /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ 751 enum TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA = "ECDH-ECDSA-null-SHA"; 752 enum TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA = "ECDH-ECDSA-RC4-SHA"; 753 enum TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA = "ECDH-ECDSA-DES-CBC3-SHA"; 754 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA = "ECDH-ECDSA-AES128-SHA"; 755 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA = "ECDH-ECDSA-AES256-SHA"; 756 757 enum TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA = "ECDHE-ECDSA-null-SHA"; 758 enum TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA = "ECDHE-ECDSA-RC4-SHA"; 759 enum TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA = "ECDHE-ECDSA-DES-CBC3-SHA"; 760 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = "ECDHE-ECDSA-AES128-SHA"; 761 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = "ECDHE-ECDSA-AES256-SHA"; 762 763 enum TLS1_TXT_ECDH_RSA_WITH_NULL_SHA = "ECDH-RSA-null-SHA"; 764 enum TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA = "ECDH-RSA-RC4-SHA"; 765 enum TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA = "ECDH-RSA-DES-CBC3-SHA"; 766 enum TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA = "ECDH-RSA-AES128-SHA"; 767 enum TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA = "ECDH-RSA-AES256-SHA"; 768 769 enum TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA = "ECDHE-RSA-null-SHA"; 770 enum TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA = "ECDHE-RSA-RC4-SHA"; 771 enum TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA = "ECDHE-RSA-DES-CBC3-SHA"; 772 enum TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA = "ECDHE-RSA-AES128-SHA"; 773 enum TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA = "ECDHE-RSA-AES256-SHA"; 774 775 enum TLS1_TXT_ECDH_anon_WITH_NULL_SHA = "AECDH-null-SHA"; 776 enum TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA = "AECDH-RC4-SHA"; 777 enum TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA = "AECDH-DES-CBC3-SHA"; 778 enum TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA = "AECDH-AES128-SHA"; 779 enum TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA = "AECDH-AES256-SHA"; 780 781 /* PSK ciphersuites from RFC 4279. */ 782 enum TLS1_TXT_PSK_WITH_RC4_128_SHA = "PSK-RC4-SHA"; 783 enum TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA = "PSK-3DES-EDE-CBC-SHA"; 784 enum TLS1_TXT_PSK_WITH_AES_128_CBC_SHA = "PSK-AES128-CBC-SHA"; 785 enum TLS1_TXT_PSK_WITH_AES_256_CBC_SHA = "PSK-AES256-CBC-SHA"; 786 787 /* SRP ciphersuite from RFC 5054. */ 788 enum TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA = "SRP-3DES-EDE-CBC-SHA"; 789 enum TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = "SRP-RSA-3DES-EDE-CBC-SHA"; 790 enum TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = "SRP-DSS-3DES-EDE-CBC-SHA"; 791 enum TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA = "SRP-AES-128-CBC-SHA"; 792 enum TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = "SRP-RSA-AES-128-CBC-SHA"; 793 enum TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = "SRP-DSS-AES-128-CBC-SHA"; 794 enum TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA = "SRP-AES-256-CBC-SHA"; 795 enum TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = "SRP-RSA-AES-256-CBC-SHA"; 796 enum TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = "SRP-DSS-AES-256-CBC-SHA"; 797 798 /* Camellia ciphersuites from RFC 4132. */ 799 enum TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA = "CAMELLIA128-SHA"; 800 enum TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = "DH-DSS-CAMELLIA128-SHA"; 801 enum TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = "DH-RSA-CAMELLIA128-SHA"; 802 enum TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = "DHE-DSS-CAMELLIA128-SHA"; 803 enum TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = "DHE-RSA-CAMELLIA128-SHA"; 804 enum TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA = "ADH-CAMELLIA128-SHA"; 805 806 enum TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA = "CAMELLIA256-SHA"; 807 enum TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = "DH-DSS-CAMELLIA256-SHA"; 808 enum TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = "DH-RSA-CAMELLIA256-SHA"; 809 enum TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = "DHE-DSS-CAMELLIA256-SHA"; 810 enum TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = "DHE-RSA-CAMELLIA256-SHA"; 811 enum TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA = "ADH-CAMELLIA256-SHA"; 812 813 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 814 enum TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 = "CAMELLIA128-SHA256"; 815 enum TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = "DH-DSS-CAMELLIA128-SHA256"; 816 enum TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = "DH-RSA-CAMELLIA128-SHA256"; 817 enum TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = "DHE-DSS-CAMELLIA128-SHA256"; 818 enum TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = "DHE-RSA-CAMELLIA128-SHA256"; 819 enum TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 = "ADH-CAMELLIA128-SHA256"; 820 821 enum TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 = "CAMELLIA256-SHA256"; 822 enum TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = "DH-DSS-CAMELLIA256-SHA256"; 823 enum TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = "DH-RSA-CAMELLIA256-SHA256"; 824 enum TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = "DHE-DSS-CAMELLIA256-SHA256"; 825 enum TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = "DHE-RSA-CAMELLIA256-SHA256"; 826 enum TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 = "ADH-CAMELLIA256-SHA256"; 827 828 /* SEED ciphersuites from RFC 4162. */ 829 enum TLS1_TXT_RSA_WITH_SEED_SHA = "SEED-SHA"; 830 enum TLS1_TXT_DH_DSS_WITH_SEED_SHA = "DH-DSS-SEED-SHA"; 831 enum TLS1_TXT_DH_RSA_WITH_SEED_SHA = "DH-RSA-SEED-SHA"; 832 enum TLS1_TXT_DHE_DSS_WITH_SEED_SHA = "DHE-DSS-SEED-SHA"; 833 enum TLS1_TXT_DHE_RSA_WITH_SEED_SHA = "DHE-RSA-SEED-SHA"; 834 enum TLS1_TXT_ADH_WITH_SEED_SHA = "ADH-SEED-SHA"; 835 836 /* TLS v1.2 ciphersuites. */ 837 enum TLS1_TXT_RSA_WITH_NULL_SHA256 = "null-SHA256"; 838 enum TLS1_TXT_RSA_WITH_AES_128_SHA256 = "AES128-SHA256"; 839 enum TLS1_TXT_RSA_WITH_AES_256_SHA256 = "AES256-SHA256"; 840 enum TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 = "DH-DSS-AES128-SHA256"; 841 enum TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 = "DH-RSA-AES128-SHA256"; 842 enum TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 = "DHE-DSS-AES128-SHA256"; 843 enum TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 = "DHE-RSA-AES128-SHA256"; 844 enum TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 = "DH-DSS-AES256-SHA256"; 845 enum TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 = "DH-RSA-AES256-SHA256"; 846 enum TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 = "DHE-DSS-AES256-SHA256"; 847 enum TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 = "DHE-RSA-AES256-SHA256"; 848 enum TLS1_TXT_ADH_WITH_AES_128_SHA256 = "ADH-AES128-SHA256"; 849 enum TLS1_TXT_ADH_WITH_AES_256_SHA256 = "ADH-AES256-SHA256"; 850 851 /* TLS v1.2 GCM ciphersuites from RFC 5288. */ 852 enum TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 = "AES128-GCM-SHA256"; 853 enum TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 = "AES256-GCM-SHA384"; 854 enum TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 = "DHE-RSA-AES128-GCM-SHA256"; 855 enum TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 = "DHE-RSA-AES256-GCM-SHA384"; 856 enum TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 = "DH-RSA-AES128-GCM-SHA256"; 857 enum TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 = "DH-RSA-AES256-GCM-SHA384"; 858 enum TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 = "DHE-DSS-AES128-GCM-SHA256"; 859 enum TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 = "DHE-DSS-AES256-GCM-SHA384"; 860 enum TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 = "DH-DSS-AES128-GCM-SHA256"; 861 enum TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 = "DH-DSS-AES256-GCM-SHA384"; 862 enum TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 = "ADH-AES128-GCM-SHA256"; 863 enum TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 = "ADH-AES256-GCM-SHA384"; 864 865 /* ECDH HMAC based ciphersuites from RFC 5289. */ 866 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 = "ECDHE-ECDSA-AES128-SHA256"; 867 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 = "ECDHE-ECDSA-AES256-SHA384"; 868 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 = "ECDH-ECDSA-AES128-SHA256"; 869 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 = "ECDH-ECDSA-AES256-SHA384"; 870 enum TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 = "ECDHE-RSA-AES128-SHA256"; 871 enum TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 = "ECDHE-RSA-AES256-SHA384"; 872 enum TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 = "ECDH-RSA-AES128-SHA256"; 873 enum TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 = "ECDH-RSA-AES256-SHA384"; 874 875 /* ECDH GCM based ciphersuites from RFC 5289. */ 876 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "ECDHE-ECDSA-AES128-GCM-SHA256"; 877 enum TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "ECDHE-ECDSA-AES256-GCM-SHA384"; 878 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = "ECDH-ECDSA-AES128-GCM-SHA256"; 879 enum TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = "ECDH-ECDSA-AES256-GCM-SHA384"; 880 enum TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "ECDHE-RSA-AES128-GCM-SHA256"; 881 enum TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "ECDHE-RSA-AES256-GCM-SHA384"; 882 enum TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 = "ECDH-RSA-AES128-GCM-SHA256"; 883 enum TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 = "ECDH-RSA-AES256-GCM-SHA384"; 884 885 /* ChaCha20-Poly1305 based ciphersuites. */ 886 enum TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 = "ECDHE-RSA-CHACHA20-POLY1305"; 887 enum TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = "ECDHE-ECDSA-CHACHA20-POLY1305"; 888 enum TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 = "DHE-RSA-CHACHA20-POLY1305"; 889 890 /* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ 891 static if ((libressl_d.openssl.opensslfeatures.LIBRESSL_HAS_TLS1_3) || (libressl_d.openssl.opensslfeatures.LIBRESSL_INTERNAL)) { 892 enum TLS1_3_TXT_AES_128_GCM_SHA256 = "AEAD-AES128-GCM-SHA256"; 893 enum TLS1_3_TXT_AES_256_GCM_SHA384 = "AEAD-AES256-GCM-SHA384"; 894 enum TLS1_3_TXT_CHACHA20_POLY1305_SHA256 = "AEAD-CHACHA20-POLY1305-SHA256"; 895 enum TLS1_3_TXT_AES_128_CCM_SHA256 = "AEAD-AES128-CCM-SHA256"; 896 enum TLS1_3_TXT_AES_128_CCM_8_SHA256 = "AEAD-AES128-CCM-8-SHA256"; 897 } 898 899 enum TLS_CT_RSA_SIGN = 1; 900 enum TLS_CT_DSS_SIGN = 2; 901 enum TLS_CT_RSA_FIXED_DH = 3; 902 enum TLS_CT_DSS_FIXED_DH = 4; 903 enum TLS_CT_GOST94_SIGN = 21; 904 enum TLS_CT_GOST01_SIGN = 22; 905 enum TLS_CT_ECDSA_SIGN = 64; 906 enum TLS_CT_RSA_FIXED_ECDH = 65; 907 enum TLS_CT_ECDSA_FIXED_ECDH = 66; 908 enum TLS_CT_GOST12_256_SIGN = 67; 909 enum TLS_CT_GOST12_512_SIGN = 68; 910 911 /** 912 * pre-IANA, for compat 913 */ 914 enum TLS_CT_GOST12_256_SIGN_COMPAT = 238; 915 916 ///Ditto 917 enum TLS_CT_GOST12_512_SIGN_COMPAT = 239; 918 919 /** 920 * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see 921 * comment there) 922 */ 923 enum TLS_CT_NUMBER = 13; 924 925 enum TLS1_FINISH_MAC_LENGTH = 12; 926 927 enum TLS_MD_MAX_CONST_SIZE = 20; 928 enum TLS_MD_CLIENT_FINISH_CONST = "client finished"; 929 enum TLS_MD_CLIENT_FINISH_CONST_SIZE = 15; 930 enum TLS_MD_SERVER_FINISH_CONST = "server finished"; 931 enum TLS_MD_SERVER_FINISH_CONST_SIZE = 15; 932 enum TLS_MD_SERVER_WRITE_KEY_CONST = "server write key"; 933 enum TLS_MD_SERVER_WRITE_KEY_CONST_SIZE = 16; 934 enum TLS_MD_KEY_EXPANSION_CONST = "key expansion"; 935 enum TLS_MD_KEY_EXPANSION_CONST_SIZE = 13; 936 enum TLS_MD_CLIENT_WRITE_KEY_CONST = "client write key"; 937 enum TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE = 16; 938 939 version (none) { 940 enum TLS_MD_SERVER_WRITE_KEY_CONST = "server write key"; 941 enum TLS_MD_SERVER_WRITE_KEY_CONST_SIZE = 16; 942 } 943 944 enum TLS_MD_IV_BLOCK_CONST = "IV block"; 945 enum TLS_MD_IV_BLOCK_CONST_SIZE = 8; 946 enum TLS_MD_MASTER_SECRET_CONST = "master secret"; 947 enum TLS_MD_MASTER_SECRET_CONST_SIZE = 13; 948 949 version (LIBRESSL_INTERNAL) { 950 /** 951 * TLS Session Ticket extension struct. 952 */ 953 struct tls_session_ticket_ext_st 954 { 955 ushort length_; 956 void* data; 957 } 958 }