aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_cipher.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-05-21 13:07:38 +0000
committerErlang/OTP <[email protected]>2010-05-21 13:07:38 +0000
commitdffa53a832ff1e9b2c536d3a04b594fb8e759466 (patch)
tree13ab63a3a2456edbc8a917b970d3b9e26c1274c2 /lib/ssl/src/ssl_cipher.erl
parent559566975a0362900d06ac715dd36333cb7cea6b (diff)
downloadotp-dffa53a832ff1e9b2c536d3a04b594fb8e759466.tar.gz
otp-dffa53a832ff1e9b2c536d3a04b594fb8e759466.tar.bz2
otp-dffa53a832ff1e9b2c536d3a04b594fb8e759466.zip
Decision not to support DH and export cipher suites.
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
-rw-r--r--lib/ssl/src/ssl_cipher.erl360
1 files changed, 72 insertions, 288 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index ef4b450d68..1818247e59 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -48,7 +48,7 @@
%% cipher values has been updated according to <CipherSuite>
%%-------------------------------------------------------------------
security_parameters(CipherSuite, SecParams) ->
- { _, Cipher, Hash, Exportable} = suite_definition(CipherSuite),
+ { _, Cipher, Hash} = suite_definition(CipherSuite),
SecParams#security_parameters{
cipher_suite = CipherSuite,
bulk_cipher_algorithm = bulk_cipher_algorithm(Cipher),
@@ -58,8 +58,7 @@ security_parameters(CipherSuite, SecParams) ->
key_material_length = key_material(Cipher),
iv_size = iv_size(Cipher),
mac_algorithm = mac_algorithm(Hash),
- hash_size = hash_size(Hash),
- exportable = Exportable}.
+ hash_size = hash_size(Hash)}.
%%--------------------------------------------------------------------
%% Function: cipher(Method, CipherState, Mac, Data) ->
@@ -109,10 +108,6 @@ cipher(?AES, CipherState, Mac, Fragment) ->
%% block_cipher(fun(Key, IV, T) ->
%% crypto:idea_cbc_encrypt(Key, IV, T)
%% end, block_size(idea_cbc), CipherState, Mac, Fragment);
-%% cipher(?RC2, CipherState, Mac, Fragment) ->
-%% block_cipher(fun(Key, IV, T) ->
-%% crypto:rc2_40_cbc_encrypt(Key, IV, T)
-%% end, block_size(rc2_cbc_40), CipherState, Mac, Fragment).
block_cipher(Fun, BlockSz, #cipher_state{key=Key, iv=IV} = CS0,
Mac, Fragment) ->
@@ -175,10 +170,6 @@ decipher(?AES, HashSz, CipherState, Fragment) ->
%% block_decipher(fun(Key, IV, T) ->
%% crypto:idea_cbc_decrypt(Key, IV, T)
%% end, CipherState, HashSz, Fragment);
-%% decipher(?RC2, HashSz, CipherState, Fragment) ->
-%% block_decipher(fun(Key, IV, T) ->
-%% crypto:rc2_40_cbc_decrypt(Key, IV, T)
-%% end, CipherState, HashSz, Fragment).
block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0,
HashSz, Fragment) ->
@@ -209,289 +200,147 @@ suites({3, N}) when N == 1; N == 2 ->
%%--------------------------------------------------------------------
%% Function: suite_definition(CipherSuite) ->
-%% {KeyExchange, Cipher, Hash, Exportable}
+%% {KeyExchange, Cipher, Hash}
%%
%%
%% CipherSuite - as defined in ssl_cipher.hrl
-%% KeyExchange - rsa | dh_dss | dh_rsa | dh_anon | dhe_dss | dhe_rsa
-%% krb5 | *_export (old ssl)
+%% KeyExchange - rsa | dh_anon | dhe_dss | dhe_rsa | kerb5
+%%
%% Cipher - null | rc4_128 | idea_cbc | des_cbc | '3des_ede_cbc'
-%% des40_cbc | dh_dss | aes_128_cbc | aes_256_cbc |
-%% rc2_cbc_40 | rc4_40
+%% des40_cbc | aes_128_cbc | aes_256_cbc
%% Hash - null | md5 | sha
-%% Exportable - export | no_export | ignore(?)
%%
-%% Description: Returns a security parameters record where the
+%% Description: Returns a security parameters tuple where the
%% cipher values has been updated according to <CipherSuite>
%% Note: Currently not supported suites are commented away.
%% They should be supported or removed in the future.
%%-------------------------------------------------------------------
%% TLS v1.1 suites
suite_definition(?TLS_NULL_WITH_NULL_NULL) ->
- {null, null, null, ignore};
+ {null, null, null};
%% suite_definition(?TLS_RSA_WITH_NULL_MD5) ->
-%% {rsa, null, md5, ignore};
+%% {rsa, null, md5};
%% suite_definition(?TLS_RSA_WITH_NULL_SHA) ->
-%% {rsa, null, sha, ignore};
+%% {rsa, null, sha};
suite_definition(?TLS_RSA_WITH_RC4_128_MD5) ->
- {rsa, rc4_128, md5, no_export};
+ {rsa, rc4_128, md5};
suite_definition(?TLS_RSA_WITH_RC4_128_SHA) ->
- {rsa, rc4_128, sha, no_export};
+ {rsa, rc4_128, sha};
%% suite_definition(?TLS_RSA_WITH_IDEA_CBC_SHA) ->
-%% {rsa, idea_cbc, sha, no_export};
+%% {rsa, idea_cbc, sha};
suite_definition(?TLS_RSA_WITH_DES_CBC_SHA) ->
- {rsa, des_cbc, sha, no_export};
+ {rsa, des_cbc, sha};
suite_definition(?TLS_RSA_WITH_3DES_EDE_CBC_SHA) ->
- {rsa, '3des_ede_cbc', sha, no_export};
-%% suite_definition(?TLS_DH_DSS_WITH_DES_CBC_SHA) ->
-%% {dh_dss, des_cbc, sha, no_export};
-%% suite_definition(?TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) ->
-%% {dh_dss, '3des_ede_cbc', sha, no_export};
-%% suite_definition(?TLS_DH_RSA_WITH_DES_CBC_SHA) ->
-%% {dh_rsa, des_cbc, sha, no_export};
-%% suite_definition(?TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA) ->
-%% {dh_rsa, '3des_ede_cbc', sha, no_export};
+ {rsa, '3des_ede_cbc', sha};
suite_definition(?TLS_DHE_DSS_WITH_DES_CBC_SHA) ->
- {dhe_dss, des_cbc, sha, no_export};
+ {dhe_dss, des_cbc, sha};
suite_definition(?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) ->
- {dhe_dss, '3des_ede_cbc', sha, no_export};
+ {dhe_dss, '3des_ede_cbc'};
suite_definition(?TLS_DHE_RSA_WITH_DES_CBC_SHA) ->
- {dhe_rsa, des_cbc, sha, no_export};
+ {dhe_rsa, des_cbc, sha};
suite_definition(?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) ->
- {dhe_rsa, '3des_ede_cbc', sha, no_export};
-%% suite_definition(?TLS_DH_anon_WITH_RC4_128_MD5) ->
-%% {dh_anon, rc4_128, md5, no_export};
-%% suite_definition(?TLS_DH_anon_WITH_DES_CBC_SHA) ->
-%% {dh_anon, des40_cbc, sha, no_export};
-%% suite_definition(?TLS_DH_anon_WITH_3DES_EDE_CBC_SHA) ->
-%% {dh_anon, '3des_ede_cbc', sha, no_export};
+ {dhe_rsa, '3des_ede_cbc', sha};
%%% TSL V1.1 AES suites
suite_definition(?TLS_RSA_WITH_AES_128_CBC_SHA) ->
- {rsa, aes_128_cbc, sha, ignore};
-%% suite_definition(?TLS_DH_DSS_WITH_AES_128_CBC_SHA) ->
-%% {dh_dss, aes_128_cbc, sha, ignore};
-%% suite_definition(?TLS_DH_RSA_WITH_AES_128_CBC_SHA) ->
-%% {dh_rsa, aes_128_cbc, sha, ignore};
+ {rsa, aes_128_cbc, sha};
suite_definition(?TLS_DHE_DSS_WITH_AES_128_CBC_SHA) ->
- {dhe_dss, aes_128_cbc, sha, ignore};
+ {dhe_dss, aes_128_cbc, sha};
suite_definition(?TLS_DHE_RSA_WITH_AES_128_CBC_SHA) ->
- {dhe_rsa, aes_128_cbc, sha, ignore};
-%% suite_definition(?TLS_DH_anon_WITH_AES_128_CBC_SHA) ->
-%% {dh_anon, aes_128_cbc, sha, ignore};
+ {dhe_rsa, aes_128_cbc, sha};
suite_definition(?TLS_RSA_WITH_AES_256_CBC_SHA) ->
- {rsa, aes_256_cbc, sha, ignore};
-%% suite_definition(?TLS_DH_DSS_WITH_AES_256_CBC_SHA) ->
-%% {dh_dss, aes_256_cbc, sha, ignore};
-%% suite_definition(?TLS_DH_RSA_WITH_AES_256_CBC_SHA) ->
-%% {dh_rsa, aes_256_cbc, sha, ignore};
+ {rsa, aes_256_cbc, sha};
suite_definition(?TLS_DHE_DSS_WITH_AES_256_CBC_SHA) ->
- {dhe_dss, aes_256_cbc, sha, ignore};
+ {dhe_dss, aes_256_cbc, sha};
suite_definition(?TLS_DHE_RSA_WITH_AES_256_CBC_SHA) ->
- {dhe_rsa, aes_256_cbc, sha, ignore}.
-%% suite_definition(?TLS_DH_anon_WITH_AES_256_CBC_SHA) ->
-%% {dh_anon, aes_256_cbc, sha, ignore};
+ {dhe_rsa, aes_256_cbc, sha}.
-%% TSL V1.1 KRB SUITES
+%% TODO: support kerbos key exchange?
+%% TSL V1.1 KRB SUITES
%% suite_definition(?TLS_KRB5_WITH_DES_CBC_SHA) ->
-%% {krb5, des_cbc, sha, ignore};
+%% {krb5, des_cbc, sha};
%% suite_definition(?TLS_KRB5_WITH_3DES_EDE_CBC_SHA) ->
-%% {krb5, '3des_ede_cbc', sha, ignore};
+%% {krb5, '3des_ede_cbc', sha};
%% suite_definition(?TLS_KRB5_WITH_RC4_128_SHA) ->
-%% {krb5, rc4_128, sha, ignore};
+%% {krb5, rc4_128, sha};
%% suite_definition(?TLS_KRB5_WITH_IDEA_CBC_SHA) ->
-%% {krb5, idea_cbc, sha, ignore};
+%% {krb5, idea_cbc, sha};
%% suite_definition(?TLS_KRB5_WITH_DES_CBC_MD5) ->
-%% {krb5, des_cbc, md5, ignore};
+%% {krb5, des_cbc, md5};
%% suite_definition(?TLS_KRB5_WITH_3DES_EDE_CBC_MD5) ->
-%% {krb5, '3des_ede_cbc', md5, ignore};
+%% {krb5, '3des_ede_cbc', md5};
%% suite_definition(?TLS_KRB5_WITH_RC4_128_MD5) ->
-%% {krb5, rc4_128, md5, ignore};
+%% {krb5, rc4_128, md5};
%% suite_definition(?TLS_KRB5_WITH_IDEA_CBC_MD5) ->
-%% {krb5, idea_cbc, md5, ignore};
-
-%% suite_definition(?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5) ->
-%% {rsa, rc4_56, md5, export};
-%% suite_definition(?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5) ->
-%% {rsa, rc2_cbc_56, md5, export};
-%% suite_definition(?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA) ->
-%% {rsa, des_cbc, sha, export};
-%% suite_definition(?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA) ->
-%% {dhe_dss, des_cbc, sha, export};
-%% suite_definition(?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA) ->
-%% {rsa, rc4_56, sha, export};
-%% suite_definition(?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA) ->
-%% {dhe_dss, rc4_56, sha, export};
-%% suite_definition(?TLS_DHE_DSS_WITH_RC4_128_SHA) ->
-%% {dhe_dss, rc4_128, sha, export};
-
-%% Export suites TLS 1.0 OR SSLv3-only servers.
-%% suite_definition(?TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA) ->
-%% {krb5_export, des40_cbc, sha, export};
-%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA) ->
-%% {krb5_export, rc2_cbc_40, sha, export};
-%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC4_40_SHA) ->
-%% {krb5_export, des40_cbc, sha, export};
-%% suite_definition(?TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5) ->
-%% {krb5_export, des40_cbc, md5, export};
-%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5) ->
-%% {krb5_export, rc2_cbc_40, md5, export};
-%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC4_40_MD5) ->
-%% {krb5_export, rc2_cbc_40, md5, export};
-%% suite_definition(?TLS_RSA_EXPORT_WITH_RC4_40_MD5) ->
-%% {rsa, rc4_40, md5, export};
-%% suite_definition(?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) ->
-%% {rsa, rc2_cbc_40, md5, export};
-%% suite_definition(?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) ->
-%% {rsa, des40_cbc, sha, export};
-%% suite_definition(?TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA) ->
-%% {dh_dss, des40_cbc, sha, export};
-%% suite_definition(?TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA) ->
-%% {dh_rsa, des40_cbc, sha, export};
-%% suite_definition(?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA) ->
-%% {dhe_dss, des40_cbc, sha, export};
-%% suite_definition(?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA) ->
-%% {dhe_rsa, des40_cbc, sha, export};
-%% suite_definition(?TLS_DH_anon_EXPORT_WITH_RC4_40_MD5) ->
-%% {dh_anon, rc4_40, md5, export};
-%% suite_definition(?TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA) ->
-%% {dh_anon, des40_cbc, sha, export}.
+%% {krb5, idea_cbc, md5};
%% TLS v1.1 suites
-suite({rsa, null, md5, ignore}) ->
+suite({rsa, null, md5}) ->
?TLS_RSA_WITH_NULL_MD5;
-suite({rsa, null, sha, ignore}) ->
+suite({rsa, null, sha}) ->
?TLS_RSA_WITH_NULL_SHA;
-suite({rsa, rc4_128, md5, no_export}) ->
+suite({rsa, rc4_128, md5}) ->
?TLS_RSA_WITH_RC4_128_MD5;
-suite({rsa, rc4_128, sha, no_export}) ->
+suite({rsa, rc4_128, sha}) ->
?TLS_RSA_WITH_RC4_128_SHA;
-%% suite({rsa, idea_cbc, sha, no_export}) ->
+%% suite({rsa, idea_cbc, sha}) ->
%% ?TLS_RSA_WITH_IDEA_CBC_SHA;
-suite({rsa, des_cbc, sha, no_export}) ->
+suite({rsa, des_cbc, sha}) ->
?TLS_RSA_WITH_DES_CBC_SHA;
-suite({rsa, '3des_ede_cbc', sha, no_export}) ->
+suite({rsa, '3des_ede_cbc', sha}) ->
?TLS_RSA_WITH_3DES_EDE_CBC_SHA;
-%% suite({dh_dss, des_cbc, sha, no_export}) ->
-%% ?TLS_DH_DSS_WITH_DES_CBC_SHA;
-%% suite({dh_dss, '3des_ede_cbc', sha, no_export}) ->
-%% ?TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA;
-%% suite({dh_rsa, des_cbc, sha, no_export}) ->
-%% ?TLS_DH_RSA_WITH_DES_CBC_SHA;
-%% suite({dh_rsa, '3des_ede_cbc', sha, no_export}) ->
-%% ?TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA;
-suite({dhe_dss, des_cbc, sha, no_export}) ->
+suite({dhe_dss, des_cbc, sha}) ->
?TLS_DHE_DSS_WITH_DES_CBC_SHA;
-suite({dhe_dss, '3des_ede_cbc', sha, no_export}) ->
+suite({dhe_dss, '3des_ede_cbc', sha}) ->
?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA;
-suite({dhe_rsa, des_cbc, sha, no_export}) ->
+suite({dhe_rsa, des_cbc, sha}) ->
?TLS_DHE_RSA_WITH_DES_CBC_SHA;
-suite({dhe_rsa, '3des_ede_cbc', sha, no_export}) ->
+suite({dhe_rsa, '3des_ede_cbc', sha}) ->
?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
-%% suite({dh_anon, rc4_128, md5, no_export}) ->
+%% suite({dh_anon, rc4_128, md5}) ->
%% ?TLS_DH_anon_WITH_RC4_128_MD5;
-%% suite({dh_anon, des40_cbc, sha, no_export}) ->
+%% suite({dh_anon, des40_cbc, sha}) ->
%% ?TLS_DH_anon_WITH_DES_CBC_SHA;
-%% suite({dh_anon, '3des_ede_cbc', sha, no_export}) ->
+%% suite({dh_anon, '3des_ede_cbc', sha}) ->
%% ?TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
%%% TSL V1.1 AES suites
-suite({rsa, aes_128_cbc, sha, ignore}) ->
+suite({rsa, aes_128_cbc, sha}) ->
?TLS_RSA_WITH_AES_128_CBC_SHA;
-%% suite({dh_dss, aes_128_cbc, sha, ignore}) ->
-%% ?TLS_DH_DSS_WITH_AES_128_CBC_SHA;
-%% suite({dh_rsa, aes_128_cbc, sha, ignore}) ->
-%% ?TLS_DH_RSA_WITH_AES_128_CBC_SHA;
-%% suite({dhe_dss, aes_128_cbc, sha, ignore}) ->
+%% suite({dhe_dss, aes_128_cbc, sha}) ->
%% ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA;
-suite({dhe_rsa, aes_128_cbc, sha, ignore}) ->
+suite({dhe_rsa, aes_128_cbc, sha}) ->
?TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
-%% suite({dh_anon, aes_128_cbc, sha, ignore}) ->
+%% suite({dh_anon, aes_128_cbc, sha}) ->
%% ?TLS_DH_anon_WITH_AES_128_CBC_SHA;
-suite({rsa, aes_256_cbc, sha, ignore}) ->
+suite({rsa, aes_256_cbc, sha}) ->
?TLS_RSA_WITH_AES_256_CBC_SHA;
-%% suite({dh_dss, aes_256_cbc, sha, ignore}) ->
-%% ?TLS_DH_DSS_WITH_AES_256_CBC_SHA;
-%% suite({dh_rsa, aes_256_cbc, sha, ignore}) ->
-%% ?TLS_DH_RSA_WITH_AES_256_CBC_SHA;
-suite({dhe_dss, aes_256_cbc, sha, ignore}) ->
+suite({dhe_dss, aes_256_cbc, sha}) ->
?TLS_DHE_DSS_WITH_AES_256_CBC_SHA;
-suite({dhe_rsa, aes_256_cbc, sha, ignore}) ->
+suite({dhe_rsa, aes_256_cbc, sha}) ->
?TLS_DHE_RSA_WITH_AES_256_CBC_SHA.
-%% suite({dh_anon, aes_256_cbc, sha, ignore}) ->
+%% suite({dh_anon, aes_256_cbc, sha}) ->
%% ?TLS_DH_anon_WITH_AES_256_CBC_SHA.
+%% TODO: support kerbos key exchange?
%% TSL V1.1 KRB SUITES
-%% suite({krb5, des_cbc, sha, ignore}) ->
+%% suite({krb5, des_cbc, sha}) ->
%% ?TLS_KRB5_WITH_DES_CBC_SHA;
-%% suite({krb5_cbc, '3des_ede_cbc', sha, ignore}) ->
+%% suite({krb5_cbc, '3des_ede_cbc', sha}) ->
%% ?TLS_KRB5_WITH_3DES_EDE_CBC_SHA;
-%% suite({krb5, rc4_128, sha, ignore}) ->
+%% suite({krb5, rc4_128, sha}) ->
%% ?TLS_KRB5_WITH_RC4_128_SHA;
-%% suite({krb5_cbc, idea_cbc, sha, ignore}) ->
+%% suite({krb5_cbc, idea_cbc, sha}) ->
%% ?TLS_KRB5_WITH_IDEA_CBC_SHA;
-%% suite({krb5_cbc, md5, ignore}) ->
+%% suite({krb5_cbc, md5}) ->
%% ?TLS_KRB5_WITH_DES_CBC_MD5;
-%% suite({krb5_ede_cbc, des_cbc, md5, ignore}) ->
+%% suite({krb5_ede_cbc, des_cbc, md5}) ->
%% ?TLS_KRB5_WITH_3DES_EDE_CBC_MD5;
-%% suite({krb5_128, rc4_128, md5, ignore}) ->
+%% suite({krb5_128, rc4_128, md5}) ->
%% ?TLS_KRB5_WITH_RC4_128_MD5;
-%% suite({krb5, idea_cbc, md5, ignore}) ->
+%% suite({krb5, idea_cbc, md5}) ->
%% ?TLS_KRB5_WITH_IDEA_CBC_MD5;
-%% Export suites TLS 1.0 OR SSLv3-only servers.
-%% suite({rsa, rc4_40, md5, export}) ->
-%% ?TLS_RSA_EXPORT_WITH_RC4_40_MD5;
-%% suite({rsa, rc2_cbc_40, md5, export}) ->
-%% ?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5;
-%% suite({rsa, des40_cbc, sha, export}) ->
-%% ?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA;
-%% suite({rsa, rc4_56, md5, export}) ->
-%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5;
-%% suite({rsa, rc2_cbc_56, md5, export}) ->
-%% ?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5;
-%% suite({rsa, des_cbc, sha, export}) ->
-%% ?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA;
-%% suite({dhe_dss, des_cbc, sha, export}) ->
-%% ?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA;
-%% suite({rsa, rc4_56, sha, export}) ->
-%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA;
-%% suite({dhe_dss, rc4_56, sha, export}) ->
-%% ?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA;
-%% suite({dhe_dss, rc4_128, sha, export}) ->
-%% ?TLS_DHE_DSS_WITH_RC4_128_SHA;
-%% suite({krb5_export, des40_cbc, sha, export}) ->
-%% ?TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA;
-%% suite({krb5_export, rc2_cbc_40, sha, export}) ->
-%% ?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA;
-%% suite({krb5_export, rc4_cbc_40, sha, export}) ->
-%% ?TLS_KRB5_EXPORT_WITH_RC4_40_SHA;
-%% suite({krb5_export, des40_cbc, md5, export}) ->
-%% ?TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5;
-%% suite({krb5_export, rc2_cbc_40, md5, export}) ->
-%% ?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5;
-%% suite({krb5_export, rc4_cbc_40, md5, export}) ->
-%% ?TLS_KRB5_EXPORT_WITH_RC4_40_MD5;
-%% suite({rsa_export, rc4_cbc_40, md5, export}) ->
-%% ?TLS_RSA_EXPORT_WITH_RC4_40_MD5;
-%% suite({rsa_export, rc2_cbc_40, md5, export}) ->
-%% ?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5;
-%% suite({rsa_export, des40_cbc, sha, export}) ->
-%% ?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA;
-%% suite({dh_dss_export, des40_cbc, sha, export}) ->
-%% ?TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA;
-%% suite({dh_rsa_export, des40_cbc, sha, export}) ->
-%% ?TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA;
-%% suite({dhe_dss_export, des40_cbc, sha, export}) ->
-%% ?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA;
-%% suite({dhe_rsa_export, des40_cbc, sha, export}) ->
-%% ?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA;
-%% suite({dh_anon_export, rc4_40, md5, export}) ->
-%% ?TLS_DH_anon_EXPORT_WITH_RC4_40_MD5;
-%% suite({dh_anon_export, des40_cbc, sha, export}) ->
-%% ?TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA.
-
-
%% translate constants <-> openssl-strings
%% TODO: Is there a pattern in the nameing
%% that is useable to make a nicer function defention?
@@ -523,36 +372,12 @@ openssl_suite("RC4-SHA") ->
?TLS_RSA_WITH_RC4_128_SHA;
openssl_suite("RC4-MD5") ->
?TLS_RSA_WITH_RC4_128_MD5;
-%% TODO: Do we want to support this?
-%% openssl_suite("EXP1024-RC4-MD5") ->
-%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5;
-%% openssl_suite("EXP1024-RC2-CBC-MD5") ->
-%% ?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5;
-%% openssl_suite("EXP1024-DES-CBC-SHA") ->
-%% ?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA;
-%% openssl_suite("EXP1024-DHE-DSS-DES-CBC-SHA") ->
-%% ?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA;
-%% openssl_suite("EXP1024-RC4-SHA") ->
-%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA;
-%% openssl_suite("EXP1024-DHE-DSS-RC4-SHA") ->
-%% ?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA;
%% openssl_suite("DHE-DSS-RC4-SHA") ->
%% ?TLS_DHE_DSS_WITH_RC4_128_SHA;
-
openssl_suite("EDH-RSA-DES-CBC-SHA") ->
?TLS_DHE_RSA_WITH_DES_CBC_SHA;
openssl_suite("DES-CBC-SHA") ->
?TLS_RSA_WITH_DES_CBC_SHA.
-%% openssl_suite("EXP-EDH-RSA-DES-CBC-SHA") ->
-%% ?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA;
-%% openssl_suite("EXP-EDH-DSS-DES-CBC-SHA") ->
-%% ?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA;
-%% openssl_suite("EXP-DES-CBC-SHA") ->
-%% ?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA;
-%% openssl_suite("EXP-RC2-CBC-MD5") ->
-%% ?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5;
-%% openssl_suite("EXP-RC4-MD5") ->
-%% ?TLS_RSA_EXPORT_WITH_RC4_40_MD5.
openssl_suite_name(?TLS_DHE_RSA_WITH_AES_256_CBC_SHA) ->
"DHE-RSA-AES256-SHA";
@@ -582,29 +407,7 @@ openssl_suite_name(?TLS_DHE_RSA_WITH_DES_CBC_SHA) ->
"EDH-RSA-DES-CBC-SHA";
openssl_suite_name(?TLS_RSA_WITH_DES_CBC_SHA) ->
"DES-CBC-SHA";
-%% openssl_suite_name(?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA) ->
-%% "EXP-EDH-RSA-DES-CBC-SHA";
-%% openssl_suite_name(?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA) ->
-%% "EXP-EDH-DSS-DES-CBC-SHA";
-%% openssl_suite_name(?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) ->
-%% "EXP-DES-CBC-SHA";
-%% openssl_suite_name(?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) ->
-%% "EXP-RC2-CBC-MD5";
-%% openssl_suite_name(?TLS_RSA_EXPORT_WITH_RC4_40_MD5) ->
-%% "EXP-RC4-MD5";
-
-%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5) ->
-%% "EXP1024-RC4-MD5";
-%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5) ->
-%% "EXP1024-RC2-CBC-MD5";
-%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA) ->
-%% "EXP1024-DES-CBC-SHA";
-%% openssl_suite_name(?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA) ->
-%% "EXP1024-DHE-DSS-DES-CBC-SHA";
-%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA) ->
-%% "EXP1024-RC4-SHA";
-%% openssl_suite_name(?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA) ->
-%% "EXP1024-DHE-DSS-RC4-SHA";
+
%% openssl_suite_name(?TLS_DHE_DSS_WITH_RC4_128_SHA) ->
%% "DHE-DSS-RC4-SHA";
@@ -621,11 +424,7 @@ bulk_cipher_algorithm(null) ->
%% Not supported yet
%% bulk_cipher_algorithm(idea_cbc) ->
%% ?IDEA;
-%% bulk_cipher_algorithm(Cipher) when Cipher == rc2_cbc_40;
-%% Cipher == rc2_cbc_56 ->
-%% ?RC2;
-bulk_cipher_algorithm(Cipher) when Cipher == rc4_40;
- Cipher == rc4_56;
+bulk_cipher_algorithm(Cipher) when Cipher == rc4_56;
Cipher == rc4_128 ->
?RC4;
%% bulk_cipher_algorithm(des40_cbc) ->
@@ -639,14 +438,11 @@ bulk_cipher_algorithm(Cipher) when Cipher == aes_128_cbc;
?AES.
type(Cipher) when Cipher == null;
- Cipher == rc4_40;
Cipher == rc4_56;
Cipher == rc4_128 ->
?STREAM;
type(Cipher) when Cipher == idea_cbc;
- Cipher == rc2_cbc_40;
- Cipher == rc2_cbc_56;
Cipher == des40_cbc;
Cipher == des_cbc;
Cipher == '3des_ede_cbc';
@@ -659,12 +455,9 @@ key_material(null) ->
key_material(Cipher) when Cipher == idea_cbc;
Cipher == rc4_128 ->
16;
-key_material(Cipher) when Cipher == rc2_cbc_56;
- Cipher == rc4_56 ->
+key_material(rc4_56) ->
7;
-key_material(Cipher) when Cipher == rc2_cbc_40;
- Cipher == rc4_40;
- Cipher == des40_cbc ->
+key_material(des40_cbc) ->
5;
key_material(des_cbc) ->
8;
@@ -678,9 +471,6 @@ key_material(aes_256_cbc) ->
expanded_key_material(null) ->
0;
expanded_key_material(Cipher) when Cipher == idea_cbc;
- Cipher == rc2_cbc_40;
- Cipher == rc2_cbc_56;
- Cipher == rc4_40;
Cipher == rc4_56;
Cipher == rc4_128 ->
16;
@@ -696,12 +486,9 @@ expanded_key_material(Cipher) when Cipher == aes_128_cbc;
effective_key_bits(null) ->
0;
-effective_key_bits(Cipher) when Cipher == rc2_cbc_40;
- Cipher == rc4_40;
- Cipher == des40_cbc ->
+effective_key_bits(des40_cbc) ->
40;
-effective_key_bits(Cipher) when Cipher == rc2_cbc_56;
- Cipher == rc4_56;
+effective_key_bits(Cipher) when Cipher == rc4_56;
Cipher == des_cbc ->
56;
effective_key_bits(Cipher) when Cipher == idea_cbc;
@@ -714,7 +501,6 @@ effective_key_bits(aes_256_cbc) ->
256.
iv_size(Cipher) when Cipher == null;
- Cipher == rc4_40;
Cipher == rc4_56;
Cipher == rc4_128 ->
0;
@@ -722,8 +508,6 @@ iv_size(Cipher) ->
block_size(Cipher).
block_size(Cipher) when Cipher == idea_cbc;
- Cipher == rc2_cbc_40;
- Cipher == rc2_cbc_56;
Cipher == des40_cbc;
Cipher == des_cbc;
Cipher == '3des_ede_cbc' ->