Google Git
Sign in
apache / httpd / refs/tags/2.4.55 / . / modules / tls / tls_proto.c
blob: 95a903b7151148f81f45317a84eb845cc4e5f003 [file] [log] [blame]
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <assert.h>
#include <apr_lib.h>
#include <apr_strings.h>
#include <httpd.h>
#include <http_connection.h>
#include <http_core.h>
#include <http_log.h>
#include <rustls.h>
#include "tls_proto.h"
#include "tls_conf.h"
#include "tls_util.h"
extern module AP_MODULE_DECLARE_DATA tls_module;
APLOG_USE_MODULE(tls);
/**
* Known cipher as registered in
* <https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4>
*/
static tls_cipher_t KNOWN_CIPHERS[] = {
{ 0x0000, "TLS_NULL_WITH_NULL_NULL", NULL },
{ 0x0001, "TLS_RSA_WITH_NULL_MD5", NULL },
{ 0x0002, "TLS_RSA_WITH_NULL_SHA", NULL },
{ 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", NULL },
{ 0x0004, "TLS_RSA_WITH_RC4_128_MD5", NULL },
{ 0x0005, "TLS_RSA_WITH_RC4_128_SHA", NULL },
{ 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", NULL },
{ 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA", NULL },
{ 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", NULL },
{ 0x0009, "TLS_RSA_WITH_DES_CBC_SHA", NULL },
{ 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", NULL },
{ 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA", NULL },
{ 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", NULL },
{ 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA", NULL },
{ 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", NULL },
{ 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA", NULL },
{ 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", NULL },
{ 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA", NULL },
{ 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", NULL },
{ 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5", NULL },
{ 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", NULL },
{ 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA", NULL },
{ 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA", NULL },
{ 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", NULL },
{ 0x001e, "TLS_KRB5_WITH_DES_CBC_SHA_or_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA", NULL },
{ 0x001f, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x0020, "TLS_KRB5_WITH_RC4_128_SHA", NULL },
{ 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA", NULL },
{ 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5", NULL },
{ 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", NULL },
{ 0x0024, "TLS_KRB5_WITH_RC4_128_MD5", NULL },
{ 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5", NULL },
{ 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", NULL },
{ 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", NULL },
{ 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", NULL },
{ 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", NULL },
{ 0x002a, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", NULL },
{ 0x002b, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", NULL },
{ 0x002c, "TLS_PSK_WITH_NULL_SHA", NULL },
{ 0x002d, "TLS_DHE_PSK_WITH_NULL_SHA", NULL },
{ 0x002e, "TLS_RSA_PSK_WITH_NULL_SHA", NULL },
{ 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA", NULL },
{ 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA", NULL },
{ 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA", NULL },
{ 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", NULL },
{ 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", NULL },
{ 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA", NULL },
{ 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA", NULL },
{ 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA", NULL },
{ 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA", NULL },
{ 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", NULL },
{ 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", NULL },
{ 0x003a, "TLS_DH_anon_WITH_AES_256_CBC_SHA", NULL },
{ 0x003b, "TLS_RSA_WITH_NULL_SHA256", "NULL-SHA256" },
{ 0x003c, "TLS_RSA_WITH_AES_128_CBC_SHA256", "AES128-SHA256" },
{ 0x003d, "TLS_RSA_WITH_AES_256_CBC_SHA256", "AES256-SHA256" },
{ 0x003e, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", "DH-DSS-AES128-SHA256" },
{ 0x003f, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", "DH-RSA-AES128-SHA256" },
{ 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256" },
{ 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", NULL },
{ 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", NULL },
{ 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", NULL },
{ 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", NULL },
{ 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", NULL },
{ 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", NULL },
{ 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA_draft", NULL },
{ 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA_draft", NULL },
{ 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA_draft", NULL },
{ 0x004a, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA_draft", NULL },
{ 0x004b, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA_draft", NULL },
{ 0x004c, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA_draft", NULL },
{ 0x004d, "TLS_ECDH_ECNRA_WITH_DES_CBC_SHA_draft", NULL },
{ 0x004e, "TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA_draft", NULL },
{ 0x004f, "TLS_ECMQV_ECDSA_NULL_SHA_draft", NULL },
{ 0x0050, "TLS_ECMQV_ECDSA_WITH_RC4_128_SHA_draft", NULL },
{ 0x0051, "TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA_draft", NULL },
{ 0x0052, "TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA_draft", NULL },
{ 0x0053, "TLS_ECMQV_ECNRA_NULL_SHA_draft", NULL },
{ 0x0054, "TLS_ECMQV_ECNRA_WITH_RC4_128_SHA_draft", NULL },
{ 0x0055, "TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA_draft", NULL },
{ 0x0056, "TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA_draft", NULL },
{ 0x0057, "TLS_ECDH_anon_NULL_WITH_SHA_draft", NULL },
{ 0x0058, "TLS_ECDH_anon_WITH_RC4_128_SHA_draft", NULL },
{ 0x0059, "TLS_ECDH_anon_WITH_DES_CBC_SHA_draft", NULL },
{ 0x005a, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA_draft", NULL },
{ 0x005b, "TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA_draft", NULL },
{ 0x005c, "TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA_draft", NULL },
{ 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", NULL },
{ 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", NULL },
{ 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", NULL },
{ 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", NULL },
{ 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", NULL },
{ 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", NULL },
{ 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA", NULL },
{ 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256" },
{ 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", "DH-DSS-AES256-SHA256" },
{ 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", "DH-RSA-AES256-SHA256" },
{ 0x006a, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256" },
{ 0x006b, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256" },
{ 0x006c, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "ADH-AES128-SHA256" },
{ 0x006d, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "ADH-AES256-SHA256" },
{ 0x0072, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD", NULL },
{ 0x0073, "TLS_DHE_DSS_WITH_AES_128_CBC_RMD", NULL },
{ 0x0074, "TLS_DHE_DSS_WITH_AES_256_CBC_RMD", NULL },
{ 0x0077, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD", NULL },
{ 0x0078, "TLS_DHE_RSA_WITH_AES_128_CBC_RMD", NULL },
{ 0x0079, "TLS_DHE_RSA_WITH_AES_256_CBC_RMD", NULL },
{ 0x007c, "TLS_RSA_WITH_3DES_EDE_CBC_RMD", NULL },
{ 0x007d, "TLS_RSA_WITH_AES_128_CBC_RMD", NULL },
{ 0x007e, "TLS_RSA_WITH_AES_256_CBC_RMD", NULL },
{ 0x0080, "TLS_GOSTR341094_WITH_28147_CNT_IMIT", NULL },
{ 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT", NULL },
{ 0x0082, "TLS_GOSTR341094_WITH_NULL_GOSTR3411", NULL },
{ 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411", NULL },
{ 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", NULL },
{ 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", NULL },
{ 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", NULL },
{ 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", NULL },
{ 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", NULL },
{ 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", NULL },
{ 0x008a, "TLS_PSK_WITH_RC4_128_SHA", "PSK-RC4-SHA" },
{ 0x008b, "TLS_PSK_WITH_3DES_EDE_CBC_SHA", "PSK-3DES-EDE-CBC-SHA" },
{ 0x008c, "TLS_PSK_WITH_AES_128_CBC_SHA", NULL },
{ 0x008d, "TLS_PSK_WITH_AES_256_CBC_SHA", NULL },
{ 0x008e, "TLS_DHE_PSK_WITH_RC4_128_SHA", NULL },
{ 0x008f, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", NULL },
{ 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", NULL },
{ 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA", NULL },
{ 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", NULL },
{ 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", NULL },
{ 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA", NULL },
{ 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA", NULL },
{ 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA", NULL },
{ 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA", NULL },
{ 0x009a, "TLS_DHE_RSA_WITH_SEED_CBC_SHA", NULL },
{ 0x009b, "TLS_DH_anon_WITH_SEED_CBC_SHA", NULL },
{ 0x009c, "TLS_RSA_WITH_AES_128_GCM_SHA256", "AES128-GCM-SHA256" },
{ 0x009d, "TLS_RSA_WITH_AES_256_GCM_SHA384", "AES256-GCM-SHA384" },
{ 0x009e, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "DHE-RSA-AES128-GCM-SHA256" },
{ 0x009f, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "DHE-RSA-AES256-GCM-SHA384" },
{ 0x00a0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", "DH-RSA-AES128-GCM-SHA256" },
{ 0x00a1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", "DH-RSA-AES256-GCM-SHA384" },
{ 0x00a2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "DHE-DSS-AES128-GCM-SHA256" },
{ 0x00a3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "DHE-DSS-AES256-GCM-SHA384" },
{ 0x00a4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", "DH-DSS-AES128-GCM-SHA256" },
{ 0x00a5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", "DH-DSS-AES256-GCM-SHA384" },
{ 0x00a6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "ADH-AES128-GCM-SHA256" },
{ 0x00a7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "ADH-AES256-GCM-SHA384" },
{ 0x00a8, "TLS_PSK_WITH_AES_128_GCM_SHA256", NULL },
{ 0x00a9, "TLS_PSK_WITH_AES_256_GCM_SHA384", NULL },
{ 0x00aa, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", NULL },
{ 0x00ab, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", NULL },
{ 0x00ac, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", NULL },
{ 0x00ad, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", NULL },
{ 0x00ae, "TLS_PSK_WITH_AES_128_CBC_SHA256", "PSK-AES128-CBC-SHA" },
{ 0x00af, "TLS_PSK_WITH_AES_256_CBC_SHA384", "PSK-AES256-CBC-SHA" },
{ 0x00b0, "TLS_PSK_WITH_NULL_SHA256", NULL },
{ 0x00b1, "TLS_PSK_WITH_NULL_SHA384", NULL },
{ 0x00b2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", NULL },
{ 0x00b3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", NULL },
{ 0x00b4, "TLS_DHE_PSK_WITH_NULL_SHA256", NULL },
{ 0x00b5, "TLS_DHE_PSK_WITH_NULL_SHA384", NULL },
{ 0x00b6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", NULL },
{ 0x00b7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", NULL },
{ 0x00b8, "TLS_RSA_PSK_WITH_NULL_SHA256", NULL },
{ 0x00b9, "TLS_RSA_PSK_WITH_NULL_SHA384", NULL },
{ 0x00ba, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0x00bb, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0x00bc, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0x00bd, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0x00be, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0x00bf, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0x00c0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", NULL },
{ 0x00c1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", NULL },
{ 0x00c2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", NULL },
{ 0x00c3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", NULL },
{ 0x00c4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", NULL },
{ 0x00c5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", NULL },
{ 0x00ff, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", NULL },
{ 0x1301, "TLS_AES_128_GCM_SHA256", "TLS13_AES_128_GCM_SHA256" },
{ 0x1302, "TLS_AES_256_GCM_SHA384", "TLS13_AES_256_GCM_SHA384" },
{ 0x1303, "TLS_CHACHA20_POLY1305_SHA256", "TLS13_CHACHA20_POLY1305_SHA256" },
{ 0x1304, "TLS_AES_128_CCM_SHA256", "TLS13_AES_128_CCM_SHA256" },
{ 0x1305, "TLS_AES_128_CCM_8_SHA256", "TLS13_AES_128_CCM_8_SHA256" },
{ 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA", NULL },
{ 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", NULL },
{ 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", NULL },
{ 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", NULL },
{ 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", NULL },
{ 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", NULL },
{ 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", NULL },
{ 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", NULL },
{ 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA", NULL },
{ 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA", NULL },
{ 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", NULL },
{ 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", NULL },
{ 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA", NULL },
{ 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", NULL },
{ 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", NULL },
{ 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", NULL },
{ 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA", NULL },
{ 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA", NULL },
{ 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", NULL },
{ 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", NULL },
{ 0xc01a, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc01b, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc01c, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc01d, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", NULL },
{ 0xc01e, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", NULL },
{ 0xc01f, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", NULL },
{ 0xc020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", NULL },
{ 0xc021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", NULL },
{ 0xc022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", NULL },
{ 0xc023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256" },
{ 0xc024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "ECDHE-ECDSA-AES256-SHA384" },
{ 0xc025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "ECDH-ECDSA-AES128-SHA256" },
{ 0xc026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "ECDH-ECDSA-AES256-SHA384" },
{ 0xc027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "ECDHE-RSA-AES128-SHA256" },
{ 0xc028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "ECDHE-RSA-AES256-SHA384" },
{ 0xc029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "ECDH-RSA-AES128-SHA256" },
{ 0xc02a, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "ECDH-RSA-AES256-SHA384" },
{ 0xc02b, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256" },
{ 0xc02c, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "ECDHE-ECDSA-AES256-GCM-SHA384" },
{ 0xc02d, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "ECDH-ECDSA-AES128-GCM-SHA256" },
{ 0xc02e, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "ECDH-ECDSA-AES256-GCM-SHA384" },
{ 0xc02f, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "ECDHE-RSA-AES128-GCM-SHA256" },
{ 0xc030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "ECDHE-RSA-AES256-GCM-SHA384" },
{ 0xc031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "ECDH-RSA-AES128-GCM-SHA256" },
{ 0xc032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "ECDH-RSA-AES256-GCM-SHA384" },
{ 0xc033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA", NULL },
{ 0xc034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", NULL },
{ 0xc035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", NULL },
{ 0xc036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", NULL },
{ 0xc037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", NULL },
{ 0xc038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", NULL },
{ 0xc039, "TLS_ECDHE_PSK_WITH_NULL_SHA", NULL },
{ 0xc03a, "TLS_ECDHE_PSK_WITH_NULL_SHA256", NULL },
{ 0xc03b, "TLS_ECDHE_PSK_WITH_NULL_SHA384", NULL },
{ 0xc03c, "TLS_RSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc03d, "TLS_RSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc03e, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc03f, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc04a, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc04b, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc04c, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc04d, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc04e, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc04f, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc05a, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc05b, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc05c, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc05d, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc05e, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc05f, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc06a, "TLS_PSK_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc06b, "TLS_PSK_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc06c, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc06d, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc06e, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", NULL },
{ 0xc06f, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", NULL },
{ 0xc070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", NULL },
{ 0xc071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", NULL },
{ 0xc072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc07a, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc07b, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc07c, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc07d, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc07e, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc07f, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc08a, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc08b, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc08c, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc08d, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc08e, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc08f, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", NULL },
{ 0xc093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", NULL },
{ 0xc094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc09a, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL },
{ 0xc09b, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL },
{ 0xc09c, "TLS_RSA_WITH_AES_128_CCM", NULL },
{ 0xc09d, "TLS_RSA_WITH_AES_256_CCM", NULL },
{ 0xc09e, "TLS_DHE_RSA_WITH_AES_128_CCM", NULL },
{ 0xc09f, "TLS_DHE_RSA_WITH_AES_256_CCM", NULL },
{ 0xc0a0, "TLS_RSA_WITH_AES_128_CCM_8", NULL },
{ 0xc0a1, "TLS_RSA_WITH_AES_256_CCM_8", NULL },
{ 0xc0a2, "TLS_DHE_RSA_WITH_AES_128_CCM_8", NULL },
{ 0xc0a3, "TLS_DHE_RSA_WITH_AES_256_CCM_8", NULL },
{ 0xc0a4, "TLS_PSK_WITH_AES_128_CCM", NULL },
{ 0xc0a5, "TLS_PSK_WITH_AES_256_CCM", NULL },
{ 0xc0a6, "TLS_DHE_PSK_WITH_AES_128_CCM", NULL },
{ 0xc0a7, "TLS_DHE_PSK_WITH_AES_256_CCM", NULL },
{ 0xc0a8, "TLS_PSK_WITH_AES_128_CCM_8", NULL },
{ 0xc0a9, "TLS_PSK_WITH_AES_256_CCM_8", NULL },
{ 0xc0aa, "TLS_PSK_DHE_WITH_AES_128_CCM_8", NULL },
{ 0xc0ab, "TLS_PSK_DHE_WITH_AES_256_CCM_8", NULL },
{ 0xcca8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-RSA-CHACHA20-POLY1305" },
{ 0xcca9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305" },
{ 0xccaa, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "DHE-RSA-CHACHA20-POLY1305" },
{ 0xccab, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256", "PSK-CHACHA20-POLY1305" },
{ 0xccac, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-PSK-CHACHA20-POLY1305" },
{ 0xccad, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "DHE-PSK-CHACHA20-POLY1305" },
{ 0xccae, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", "RSA-PSK-CHACHA20-POLY1305" },
{ 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA", NULL },
{ 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", NULL },
};
typedef struct {
apr_uint16_t id;
const rustls_supported_ciphersuite *rustls_suite;
} rustls_cipher_t;
tls_proto_conf_t *tls_proto_init(apr_pool_t *pool, server_rec *s)
{
tls_proto_conf_t *conf;
tls_cipher_t *cipher;
const rustls_supported_ciphersuite *rustls_suite;
rustls_cipher_t *rcipher;
apr_uint16_t id;
apr_size_t i;
(void)s;
conf = apr_pcalloc(pool, sizeof(*conf));
conf->supported_versions = apr_array_make(pool, 3, sizeof(apr_uint16_t));
/* Until we can look that up at crustls, we assume what we currently know */
APR_ARRAY_PUSH(conf->supported_versions, apr_uint16_t) = TLS_VERSION_1_2;
APR_ARRAY_PUSH(conf->supported_versions, apr_uint16_t) = TLS_VERSION_1_3;
conf->known_ciphers_by_name = apr_hash_make(pool);
conf->known_ciphers_by_id = apr_hash_make(pool);
for (i = 0; i < TLS_DIM(KNOWN_CIPHERS); ++i) {
cipher = &KNOWN_CIPHERS[i];
apr_hash_set(conf->known_ciphers_by_id, &cipher->id, sizeof(apr_uint16_t), cipher);
apr_hash_set(conf->known_ciphers_by_name, cipher->name, APR_HASH_KEY_STRING, cipher);
if (cipher->alias) {
apr_hash_set(conf->known_ciphers_by_name, cipher->alias, APR_HASH_KEY_STRING, cipher);
}
}
conf->supported_cipher_ids = apr_array_make(pool, 10, sizeof(apr_uint16_t));
conf->rustls_ciphers_by_id = apr_hash_make(pool);
i = 0;
while ((rustls_suite = rustls_all_ciphersuites_get_entry(i++))) {
id = rustls_supported_ciphersuite_get_suite(rustls_suite);
rcipher = apr_pcalloc(pool, sizeof(*rcipher));
rcipher->id = id;
rcipher->rustls_suite = rustls_suite;
APR_ARRAY_PUSH(conf->supported_cipher_ids, apr_uint16_t) = id;
apr_hash_set(conf->rustls_ciphers_by_id, &rcipher->id, sizeof(apr_uint16_t), rcipher);
}
return conf;
}
const char *tls_proto_get_cipher_names(
tls_proto_conf_t *conf, const apr_array_header_t *ciphers, apr_pool_t *pool)
{
apr_array_header_t *names;
int n;
names = apr_array_make(pool, ciphers->nelts, sizeof(const char*));
for (n = 0; n < ciphers->nelts; ++n) {
apr_uint16_t id = APR_ARRAY_IDX(ciphers, n, apr_uint16_t);
APR_ARRAY_PUSH(names, const char *) = tls_proto_get_cipher_name(conf, id, pool);
}
return apr_array_pstrcat(pool, names, ':');
}
apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp)
{
(void)pool;
(void)ptemp;
return APR_SUCCESS;
}
apr_status_t tls_proto_post_config(apr_pool_t *pool, apr_pool_t *ptemp, server_rec *s)
{
tls_conf_server_t *sc = tls_conf_server_get(s);
tls_proto_conf_t *conf = sc->global->proto;
(void)pool;
if (APLOGdebug(s)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10314)
"tls ciphers supported: %s",
tls_proto_get_cipher_names(conf, conf->supported_cipher_ids, ptemp));
}
return APR_SUCCESS;
}
static apr_status_t get_uint16_from(const char *name, const char *prefix, apr_uint16_t *pint)
{
apr_size_t plen = strlen(prefix);
if (strlen(name) == plen+4 && !strncmp(name, prefix, plen)) {
/* may be a hex notation cipher id */
char *end = NULL;
apr_int64_t code = apr_strtoi64(name + plen, &end, 16);
if ((!end || !*end) && code && code <= APR_UINT16_MAX) {
*pint = (apr_uint16_t)code;
return APR_SUCCESS;
}
}
return APR_ENOENT;
}
apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name)
{
apr_uint16_t version;
(void)conf;
if (!apr_strnatcasecmp(name, "TLSv1.2")) {
return TLS_VERSION_1_2;
}
else if (!apr_strnatcasecmp(name, "TLSv1.3")) {
return TLS_VERSION_1_3;
}
if (APR_SUCCESS == get_uint16_from(name, "TLSv0x", &version)) {
return version;
}
return 0;
}
const char *tls_proto_get_version_name(
tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool)
{
(void)conf;
switch (id) {
case TLS_VERSION_1_2:
return "TLSv1.2";
case TLS_VERSION_1_3:
return "TLSv1.3";
default:
return apr_psprintf(pool, "TLSv0x%04x", id);
}
}
apr_array_header_t *tls_proto_create_versions_plus(
tls_proto_conf_t *conf, apr_uint16_t min_version, apr_pool_t *pool)
{
apr_array_header_t *versions = apr_array_make(pool, 3, sizeof(apr_uint16_t));
apr_uint16_t version;
int i;
for (i = 0; i < conf->supported_versions->nelts; ++i) {
version = APR_ARRAY_IDX(conf->supported_versions, i, apr_uint16_t);
if (version >= min_version) {
APR_ARRAY_PUSH(versions, apr_uint16_t) = version;
}
}
return versions;
}
int tls_proto_is_cipher_supported(tls_proto_conf_t *conf, apr_uint16_t cipher)
{
return tls_util_array_uint16_contains(conf->supported_cipher_ids, cipher);
}
apr_status_t tls_proto_get_cipher_by_name(
tls_proto_conf_t *conf, const char *name, apr_uint16_t *pcipher)
{
tls_cipher_t *cipher = apr_hash_get(conf->known_ciphers_by_name, name, APR_HASH_KEY_STRING);
if (cipher) {
*pcipher = cipher->id;
return APR_SUCCESS;
}
return get_uint16_from(name, "TLS_CIPHER_0x", pcipher);
}
const char *tls_proto_get_cipher_name(
tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool)
{
tls_cipher_t *cipher = apr_hash_get(conf->known_ciphers_by_id, &id, sizeof(apr_uint16_t));
if (cipher) {
return cipher->name;
}
return apr_psprintf(pool, "TLS_CIPHER_0x%04x", id);
}
apr_array_header_t *tls_proto_get_rustls_suites(
tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool)
{
apr_array_header_t *suites;
rustls_cipher_t *rcipher;
apr_uint16_t id;
int i;
suites = apr_array_make(pool, ids->nelts, sizeof(const rustls_supported_ciphersuite*));
for (i = 0; i < ids->nelts; ++i) {
id = APR_ARRAY_IDX(ids, i, apr_uint16_t);
rcipher = apr_hash_get(conf->rustls_ciphers_by_id, &id, sizeof(apr_uint16_t));
if (rcipher) {
APR_ARRAY_PUSH(suites, const rustls_supported_ciphersuite *) = rcipher->rustls_suite;
}
}
return suites;
}