- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 356e6c2..ac02aeb 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -101,7 +101,7 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- ssl_set_ciphers( &ssl, ssl_default_ciphers );
+ ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
/*
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 97f3196..c27aeb8 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -248,7 +248,7 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- ssl_set_ciphers( &ssl, ssl_default_ciphers );
+ ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
@@ -271,8 +271,8 @@
}
}
- printf( " ok\n [ Cipher is %s ]\n",
- ssl_get_cipher( &ssl ) );
+ printf( " ok\n [ Ciphersuite is %s ]\n",
+ ssl_get_ciphersuite( &ssl ) );
/*
* 5. Verify the server certificate
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index f01cb3c..c64a835 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -66,7 +66,7 @@
/*
* Sorted by order of preference
*/
-int my_ciphers[] =
+int my_ciphersuites[] =
{
SSL_EDH_RSA_AES_256_SHA,
SSL_EDH_RSA_CAMELLIA_256_SHA,
@@ -119,7 +119,7 @@
if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
continue;
- if( ssl->session->cipher != prv->cipher ||
+ if( ssl->session->ciphersuite != prv->ciphersuite ||
ssl->session->length != prv->length )
continue;
@@ -287,7 +287,7 @@
ssl_set_scb( &ssl, my_get_session,
my_set_session );
- ssl_set_ciphers( &ssl, my_ciphers );
+ ssl_set_ciphersuites( &ssl, my_ciphersuites );
ssl_set_session( &ssl, 1, 0, &ssn );
memset( &ssn, 0, sizeof( ssl_session ) );
@@ -360,7 +360,7 @@
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
- ssl_get_cipher( &ssl ) );
+ ssl_get_ciphersuite( &ssl ) );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
{
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 15c221e..61aeb9a 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -91,7 +91,7 @@
int max_connections; /* max. number of reconnections */
int session_reuse; /* flag to reuse the keying material */
int session_lifetime; /* if reached, session data is expired */
- int force_cipher[2]; /* protocol/cipher to use, or all */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
};
/*
@@ -242,9 +242,9 @@
ssl_set_session( &ssl, opt->session_reuse,
opt->session_lifetime, &ssn );
- if( opt->force_cipher[0] == DFL_FORCE_CIPHER )
- ssl_set_ciphers( &ssl, ssl_default_ciphers );
- else ssl_set_ciphers( &ssl, opt->force_cipher );
+ if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
+ ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
+ else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );
if( opt->iomode == IOMODE_NONBLOCK )
net_set_nonblock( client_fd );
@@ -389,17 +389,13 @@
" max_connections=%%d default: 0 (no limit)\n" \
" session_reuse=on/off default: on (enabled)\n" \
" session_lifetime=%%d (s) default: 86400\n" \
- " force_cipher=<name> default: all enabled\n" \
- " acceptable cipher names:\n" \
- " SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
- " SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
- " SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
- " SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
- " SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n"
+ " force_ciphersuite=<name> default: all enabled\n" \
+ " acceptable ciphersuite names:\n"
int main( int argc, char *argv[] )
{
int i, j, n;
+ const int *list;
int ret = 1;
int nb_conn;
char *p, *q;
@@ -409,6 +405,14 @@
{
usage:
printf( USAGE );
+
+ list = ssl_list_ciphersuites();
+ while( *list )
+ {
+ printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
+ list++;
+ }
+ printf("\n");
goto exit;
}
@@ -424,7 +428,7 @@
opt.max_connections = DFL_MAX_CONNECTIONS;
opt.session_reuse = DFL_SESSION_REUSE;
opt.session_lifetime = DFL_SESSION_LIFETIME;
- opt.force_cipher[0] = DFL_FORCE_CIPHER;
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
for( i = 1; i < argc; i++ )
{
@@ -520,44 +524,16 @@
if( strcmp( p, "session_lifetime" ) == 0 )
opt.session_lifetime = atoi( q );
- if( strcmp( p, "force_cipher" ) == 0 )
+ if( strcmp( p, "force_ciphersuite" ) == 0 )
{
- opt.force_cipher[0] = -1;
+ opt.force_ciphersuite[0] = -1;
- if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_RC4_128_MD5;
+ opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
- if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_RC4_128_SHA;
-
- if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_DES_168_SHA;
-
- if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 )
- opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA;
-
- if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_AES_128_SHA;
-
- if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_AES_256_SHA;
-
- if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
- opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
-
- if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
-
- if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
- opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
-
- if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
- opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
-
- if( opt.force_cipher[0] < 0 )
+ if( opt.force_ciphersuite[0] <= 0 )
goto usage;
- opt.force_cipher[1] = 0;
+ opt.force_ciphersuite[1] = 0;
}
}
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 31f1dfc..a1db884 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -224,7 +224,7 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- ssl_set_ciphers( &ssl, ssl_default_ciphers );
+ ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_own_cert( &ssl, &clicert, &rsa );