diff options
Diffstat (limited to 'include/openssl/tls1.h')
-rw-r--r-- | include/openssl/tls1.h | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index e0f13997..d195940b 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -196,8 +196,10 @@ extern "C" { /* ExtensionType values from RFC6091 */ #define TLSEXT_TYPE_cert_type 9 +/* ExtensionType values from draft-ietf-tls-tls13-latest */ +#define TLSEXT_TYPE_supported_groups 10 + /* ExtensionType values from RFC4492 */ -#define TLSEXT_TYPE_elliptic_curves 10 #define TLSEXT_TYPE_ec_point_formats 11 /* ExtensionType value from RFC5054 */ @@ -434,11 +436,21 @@ extern "C" { #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9 #define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC +/* PSK ciphersuites from mattsson-tls-ecdhe-psk-aead */ +#define TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256 0x0300D001 +#define TLS1_CK_ECDHE_PSK_WITH_AES_256_GCM_SHA384 0x0300D002 + /* TODO(davidben): Remove this. Historically, the CK names for CHACHA20_POLY1305 * were missing 'WITH' and 'SHA256'. */ #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 \ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +/* CECPQ1 ciphersuites. These are specific to BoringSSL and not standard. */ +#define TLS1_CK_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 0x030016B7 +#define TLS1_CK_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x030016B8 +#define TLS1_CK_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 0x030016B9 +#define TLS1_CK_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 0x030016BA + /* XXX * Inconsistency alert: * The OpenSSL names of ciphers with ephemeral DH here include the string @@ -619,6 +631,21 @@ extern "C" { #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 \ TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +/* PSK ciphersuites from mattsson-tls-ecdhe-psk-aead */ +#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256 "ECDHE-PSK-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_GCM_SHA384 "ECDHE-PSK-AES256-GCM-SHA384" + +/* CECPQ1 ciphersuites. These are specific to BoringSSL and not standard. */ +#define TLS1_TXT_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 \ + "CECPQ1-RSA-CHACHA20-POLY1305-SHA256" +#define TLS1_TXT_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ + "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256" +#define TLS1_TXT_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 \ + "CECPQ1-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 \ + "CECPQ1-ECDSA-AES256-GCM-SHA384" + + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 |