/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include "tls_proto.h" #include "tls_conf.h" #include "tls_util.h" extern module AP_MODULE_DECLARE_DATA tls_module; APLOG_USE_MODULE(tls); /** * Known cipher as registered in * */ static tls_cipher_t KNOWN_CIPHERS[] = { { 0x0000, "TLS_NULL_WITH_NULL_NULL", NULL }, { 0x0001, "TLS_RSA_WITH_NULL_MD5", NULL }, { 0x0002, "TLS_RSA_WITH_NULL_SHA", NULL }, { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", NULL }, { 0x0004, "TLS_RSA_WITH_RC4_128_MD5", NULL }, { 0x0005, "TLS_RSA_WITH_RC4_128_SHA", NULL }, { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", NULL }, { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA", NULL }, { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", NULL }, { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA", NULL }, { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", NULL }, { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA", NULL }, { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", NULL }, { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA", NULL }, { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", NULL }, { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA", NULL }, { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", NULL }, { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA", NULL }, { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", NULL }, { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5", NULL }, { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", NULL }, { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA", NULL }, { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA", NULL }, { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", NULL }, { 0x001e, "TLS_KRB5_WITH_DES_CBC_SHA_or_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA", NULL }, { 0x001f, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA", NULL }, { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA", NULL }, { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5", NULL }, { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", NULL }, { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5", NULL }, { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5", NULL }, { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", NULL }, { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", NULL }, { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", NULL }, { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", NULL }, { 0x002a, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", NULL }, { 0x002b, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", NULL }, { 0x002c, "TLS_PSK_WITH_NULL_SHA", NULL }, { 0x002d, "TLS_DHE_PSK_WITH_NULL_SHA", NULL }, { 0x002e, "TLS_RSA_PSK_WITH_NULL_SHA", NULL }, { 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA", NULL }, { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA", NULL }, { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA", NULL }, { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", NULL }, { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", NULL }, { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA", NULL }, { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA", NULL }, { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA", NULL }, { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA", NULL }, { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", NULL }, { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", NULL }, { 0x003a, "TLS_DH_anon_WITH_AES_256_CBC_SHA", NULL }, { 0x003b, "TLS_RSA_WITH_NULL_SHA256", "NULL-SHA256" }, { 0x003c, "TLS_RSA_WITH_AES_128_CBC_SHA256", "AES128-SHA256" }, { 0x003d, "TLS_RSA_WITH_AES_256_CBC_SHA256", "AES256-SHA256" }, { 0x003e, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", "DH-DSS-AES128-SHA256" }, { 0x003f, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", "DH-RSA-AES128-SHA256" }, { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256" }, { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", NULL }, { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", NULL }, { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", NULL }, { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", NULL }, { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", NULL }, { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", NULL }, { 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA_draft", NULL }, { 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA_draft", NULL }, { 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA_draft", NULL }, { 0x004a, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA_draft", NULL }, { 0x004b, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA_draft", NULL }, { 0x004c, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA_draft", NULL }, { 0x004d, "TLS_ECDH_ECNRA_WITH_DES_CBC_SHA_draft", NULL }, { 0x004e, "TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA_draft", NULL }, { 0x004f, "TLS_ECMQV_ECDSA_NULL_SHA_draft", NULL }, { 0x0050, "TLS_ECMQV_ECDSA_WITH_RC4_128_SHA_draft", NULL }, { 0x0051, "TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA_draft", NULL }, { 0x0052, "TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA_draft", NULL }, { 0x0053, "TLS_ECMQV_ECNRA_NULL_SHA_draft", NULL }, { 0x0054, "TLS_ECMQV_ECNRA_WITH_RC4_128_SHA_draft", NULL }, { 0x0055, "TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA_draft", NULL }, { 0x0056, "TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA_draft", NULL }, { 0x0057, "TLS_ECDH_anon_NULL_WITH_SHA_draft", NULL }, { 0x0058, "TLS_ECDH_anon_WITH_RC4_128_SHA_draft", NULL }, { 0x0059, "TLS_ECDH_anon_WITH_DES_CBC_SHA_draft", NULL }, { 0x005a, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA_draft", NULL }, { 0x005b, "TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA_draft", NULL }, { 0x005c, "TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA_draft", NULL }, { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", NULL }, { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", NULL }, { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", NULL }, { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", NULL }, { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", NULL }, { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", NULL }, { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA", NULL }, { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256" }, { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", "DH-DSS-AES256-SHA256" }, { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", "DH-RSA-AES256-SHA256" }, { 0x006a, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256" }, { 0x006b, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256" }, { 0x006c, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "ADH-AES128-SHA256" }, { 0x006d, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "ADH-AES256-SHA256" }, { 0x0072, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD", NULL }, { 0x0073, "TLS_DHE_DSS_WITH_AES_128_CBC_RMD", NULL }, { 0x0074, "TLS_DHE_DSS_WITH_AES_256_CBC_RMD", NULL }, { 0x0077, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD", NULL }, { 0x0078, "TLS_DHE_RSA_WITH_AES_128_CBC_RMD", NULL }, { 0x0079, "TLS_DHE_RSA_WITH_AES_256_CBC_RMD", NULL }, { 0x007c, "TLS_RSA_WITH_3DES_EDE_CBC_RMD", NULL }, { 0x007d, "TLS_RSA_WITH_AES_128_CBC_RMD", NULL }, { 0x007e, "TLS_RSA_WITH_AES_256_CBC_RMD", NULL }, { 0x0080, "TLS_GOSTR341094_WITH_28147_CNT_IMIT", NULL }, { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT", NULL }, { 0x0082, "TLS_GOSTR341094_WITH_NULL_GOSTR3411", NULL }, { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411", NULL }, { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", NULL }, { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", NULL }, { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", NULL }, { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", NULL }, { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", NULL }, { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", NULL }, { 0x008a, "TLS_PSK_WITH_RC4_128_SHA", "PSK-RC4-SHA" }, { 0x008b, "TLS_PSK_WITH_3DES_EDE_CBC_SHA", "PSK-3DES-EDE-CBC-SHA" }, { 0x008c, "TLS_PSK_WITH_AES_128_CBC_SHA", NULL }, { 0x008d, "TLS_PSK_WITH_AES_256_CBC_SHA", NULL }, { 0x008e, "TLS_DHE_PSK_WITH_RC4_128_SHA", NULL }, { 0x008f, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", NULL }, { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", NULL }, { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA", NULL }, { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", NULL }, { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", NULL }, { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", NULL }, { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA", NULL }, { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA", NULL }, { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA", NULL }, { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA", NULL }, { 0x009a, "TLS_DHE_RSA_WITH_SEED_CBC_SHA", NULL }, { 0x009b, "TLS_DH_anon_WITH_SEED_CBC_SHA", NULL }, { 0x009c, "TLS_RSA_WITH_AES_128_GCM_SHA256", "AES128-GCM-SHA256" }, { 0x009d, "TLS_RSA_WITH_AES_256_GCM_SHA384", "AES256-GCM-SHA384" }, { 0x009e, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "DHE-RSA-AES128-GCM-SHA256" }, { 0x009f, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "DHE-RSA-AES256-GCM-SHA384" }, { 0x00a0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", "DH-RSA-AES128-GCM-SHA256" }, { 0x00a1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", "DH-RSA-AES256-GCM-SHA384" }, { 0x00a2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "DHE-DSS-AES128-GCM-SHA256" }, { 0x00a3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "DHE-DSS-AES256-GCM-SHA384" }, { 0x00a4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", "DH-DSS-AES128-GCM-SHA256" }, { 0x00a5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", "DH-DSS-AES256-GCM-SHA384" }, { 0x00a6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "ADH-AES128-GCM-SHA256" }, { 0x00a7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "ADH-AES256-GCM-SHA384" }, { 0x00a8, "TLS_PSK_WITH_AES_128_GCM_SHA256", NULL }, { 0x00a9, "TLS_PSK_WITH_AES_256_GCM_SHA384", NULL }, { 0x00aa, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", NULL }, { 0x00ab, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", NULL }, { 0x00ac, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", NULL }, { 0x00ad, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", NULL }, { 0x00ae, "TLS_PSK_WITH_AES_128_CBC_SHA256", "PSK-AES128-CBC-SHA" }, { 0x00af, "TLS_PSK_WITH_AES_256_CBC_SHA384", "PSK-AES256-CBC-SHA" }, { 0x00b0, "TLS_PSK_WITH_NULL_SHA256", NULL }, { 0x00b1, "TLS_PSK_WITH_NULL_SHA384", NULL }, { 0x00b2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", NULL }, { 0x00b3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", NULL }, { 0x00b4, "TLS_DHE_PSK_WITH_NULL_SHA256", NULL }, { 0x00b5, "TLS_DHE_PSK_WITH_NULL_SHA384", NULL }, { 0x00b6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", NULL }, { 0x00b7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", NULL }, { 0x00b8, "TLS_RSA_PSK_WITH_NULL_SHA256", NULL }, { 0x00b9, "TLS_RSA_PSK_WITH_NULL_SHA384", NULL }, { 0x00ba, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0x00bb, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0x00bc, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0x00bd, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0x00be, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0x00bf, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0x00c0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", NULL }, { 0x00c1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", NULL }, { 0x00c2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", NULL }, { 0x00c3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", NULL }, { 0x00c4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", NULL }, { 0x00c5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", NULL }, { 0x00ff, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", NULL }, { 0x1301, "TLS_AES_128_GCM_SHA256", "TLS13_AES_128_GCM_SHA256" }, { 0x1302, "TLS_AES_256_GCM_SHA384", "TLS13_AES_256_GCM_SHA384" }, { 0x1303, "TLS_CHACHA20_POLY1305_SHA256", "TLS13_CHACHA20_POLY1305_SHA256" }, { 0x1304, "TLS_AES_128_CCM_SHA256", "TLS13_AES_128_CCM_SHA256" }, { 0x1305, "TLS_AES_128_CCM_8_SHA256", "TLS13_AES_128_CCM_8_SHA256" }, { 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA", NULL }, { 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", NULL }, { 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", NULL }, { 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", NULL }, { 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", NULL }, { 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", NULL }, { 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", NULL }, { 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", NULL }, { 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA", NULL }, { 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA", NULL }, { 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", NULL }, { 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", NULL }, { 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA", NULL }, { 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", NULL }, { 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", NULL }, { 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", NULL }, { 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA", NULL }, { 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA", NULL }, { 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", NULL }, { 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", NULL }, { 0xc01a, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc01b, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc01c, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc01d, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", NULL }, { 0xc01e, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", NULL }, { 0xc01f, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", NULL }, { 0xc020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", NULL }, { 0xc021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", NULL }, { 0xc022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", NULL }, { 0xc023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256" }, { 0xc024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "ECDHE-ECDSA-AES256-SHA384" }, { 0xc025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "ECDH-ECDSA-AES128-SHA256" }, { 0xc026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "ECDH-ECDSA-AES256-SHA384" }, { 0xc027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "ECDHE-RSA-AES128-SHA256" }, { 0xc028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "ECDHE-RSA-AES256-SHA384" }, { 0xc029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "ECDH-RSA-AES128-SHA256" }, { 0xc02a, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "ECDH-RSA-AES256-SHA384" }, { 0xc02b, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256" }, { 0xc02c, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "ECDHE-ECDSA-AES256-GCM-SHA384" }, { 0xc02d, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "ECDH-ECDSA-AES128-GCM-SHA256" }, { 0xc02e, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "ECDH-ECDSA-AES256-GCM-SHA384" }, { 0xc02f, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "ECDHE-RSA-AES128-GCM-SHA256" }, { 0xc030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "ECDHE-RSA-AES256-GCM-SHA384" }, { 0xc031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "ECDH-RSA-AES128-GCM-SHA256" }, { 0xc032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "ECDH-RSA-AES256-GCM-SHA384" }, { 0xc033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA", NULL }, { 0xc034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", NULL }, { 0xc035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", NULL }, { 0xc036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", NULL }, { 0xc037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", NULL }, { 0xc038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", NULL }, { 0xc039, "TLS_ECDHE_PSK_WITH_NULL_SHA", NULL }, { 0xc03a, "TLS_ECDHE_PSK_WITH_NULL_SHA256", NULL }, { 0xc03b, "TLS_ECDHE_PSK_WITH_NULL_SHA384", NULL }, { 0xc03c, "TLS_RSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc03d, "TLS_RSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc03e, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc03f, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc04a, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc04b, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc04c, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc04d, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc04e, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc04f, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc05a, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc05b, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc05c, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc05d, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc05e, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc05f, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc06a, "TLS_PSK_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc06b, "TLS_PSK_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc06c, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc06d, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc06e, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", NULL }, { 0xc06f, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", NULL }, { 0xc070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", NULL }, { 0xc071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", NULL }, { 0xc072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc07a, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc07b, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc07c, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc07d, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc07e, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc07f, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc08a, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc08b, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc08c, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc08d, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc08e, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc08f, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", NULL }, { 0xc093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", NULL }, { 0xc094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc09a, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", NULL }, { 0xc09b, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", NULL }, { 0xc09c, "TLS_RSA_WITH_AES_128_CCM", NULL }, { 0xc09d, "TLS_RSA_WITH_AES_256_CCM", NULL }, { 0xc09e, "TLS_DHE_RSA_WITH_AES_128_CCM", NULL }, { 0xc09f, "TLS_DHE_RSA_WITH_AES_256_CCM", NULL }, { 0xc0a0, "TLS_RSA_WITH_AES_128_CCM_8", NULL }, { 0xc0a1, "TLS_RSA_WITH_AES_256_CCM_8", NULL }, { 0xc0a2, "TLS_DHE_RSA_WITH_AES_128_CCM_8", NULL }, { 0xc0a3, "TLS_DHE_RSA_WITH_AES_256_CCM_8", NULL }, { 0xc0a4, "TLS_PSK_WITH_AES_128_CCM", NULL }, { 0xc0a5, "TLS_PSK_WITH_AES_256_CCM", NULL }, { 0xc0a6, "TLS_DHE_PSK_WITH_AES_128_CCM", NULL }, { 0xc0a7, "TLS_DHE_PSK_WITH_AES_256_CCM", NULL }, { 0xc0a8, "TLS_PSK_WITH_AES_128_CCM_8", NULL }, { 0xc0a9, "TLS_PSK_WITH_AES_256_CCM_8", NULL }, { 0xc0aa, "TLS_PSK_DHE_WITH_AES_128_CCM_8", NULL }, { 0xc0ab, "TLS_PSK_DHE_WITH_AES_256_CCM_8", NULL }, { 0xcca8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-RSA-CHACHA20-POLY1305" }, { 0xcca9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305" }, { 0xccaa, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "DHE-RSA-CHACHA20-POLY1305" }, { 0xccab, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256", "PSK-CHACHA20-POLY1305" }, { 0xccac, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-PSK-CHACHA20-POLY1305" }, { 0xccad, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "DHE-PSK-CHACHA20-POLY1305" }, { 0xccae, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", "RSA-PSK-CHACHA20-POLY1305" }, { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA", NULL }, { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", NULL }, }; typedef struct { apr_uint16_t id; const rustls_supported_ciphersuite *rustls_suite; } rustls_cipher_t; tls_proto_conf_t *tls_proto_init(apr_pool_t *pool, server_rec *s) { tls_proto_conf_t *conf; tls_cipher_t *cipher; const rustls_supported_ciphersuite *rustls_suite; rustls_cipher_t *rcipher; apr_uint16_t id; apr_size_t i; (void)s; conf = apr_pcalloc(pool, sizeof(*conf)); conf->supported_versions = apr_array_make(pool, 3, sizeof(apr_uint16_t)); /* Until we can look that up at crustls, we assume what we currently know */ APR_ARRAY_PUSH(conf->supported_versions, apr_uint16_t) = TLS_VERSION_1_2; APR_ARRAY_PUSH(conf->supported_versions, apr_uint16_t) = TLS_VERSION_1_3; conf->known_ciphers_by_name = apr_hash_make(pool); conf->known_ciphers_by_id = apr_hash_make(pool); for (i = 0; i < TLS_DIM(KNOWN_CIPHERS); ++i) { cipher = &KNOWN_CIPHERS[i]; apr_hash_set(conf->known_ciphers_by_id, &cipher->id, sizeof(apr_uint16_t), cipher); apr_hash_set(conf->known_ciphers_by_name, cipher->name, APR_HASH_KEY_STRING, cipher); if (cipher->alias) { apr_hash_set(conf->known_ciphers_by_name, cipher->alias, APR_HASH_KEY_STRING, cipher); } } conf->supported_cipher_ids = apr_array_make(pool, 10, sizeof(apr_uint16_t)); conf->rustls_ciphers_by_id = apr_hash_make(pool); i = 0; while ((rustls_suite = rustls_all_ciphersuites_get_entry(i++))) { id = rustls_supported_ciphersuite_get_suite(rustls_suite); rcipher = apr_pcalloc(pool, sizeof(*rcipher)); rcipher->id = id; rcipher->rustls_suite = rustls_suite; APR_ARRAY_PUSH(conf->supported_cipher_ids, apr_uint16_t) = id; apr_hash_set(conf->rustls_ciphers_by_id, &rcipher->id, sizeof(apr_uint16_t), rcipher); } return conf; } const char *tls_proto_get_cipher_names( tls_proto_conf_t *conf, const apr_array_header_t *ciphers, apr_pool_t *pool) { apr_array_header_t *names; int n; names = apr_array_make(pool, ciphers->nelts, sizeof(const char*)); for (n = 0; n < ciphers->nelts; ++n) { apr_uint16_t id = APR_ARRAY_IDX(ciphers, n, apr_uint16_t); APR_ARRAY_PUSH(names, const char *) = tls_proto_get_cipher_name(conf, id, pool); } return apr_array_pstrcat(pool, names, ':'); } apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp) { (void)pool; (void)ptemp; return APR_SUCCESS; } apr_status_t tls_proto_post_config(apr_pool_t *pool, apr_pool_t *ptemp, server_rec *s) { tls_conf_server_t *sc = tls_conf_server_get(s); tls_proto_conf_t *conf = sc->global->proto; (void)pool; if (APLOGdebug(s)) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10314) "tls ciphers supported: %s", tls_proto_get_cipher_names(conf, conf->supported_cipher_ids, ptemp)); } return APR_SUCCESS; } static apr_status_t get_uint16_from(const char *name, const char *prefix, apr_uint16_t *pint) { apr_size_t plen = strlen(prefix); if (strlen(name) == plen+4 && !strncmp(name, prefix, plen)) { /* may be a hex notation cipher id */ char *end = NULL; apr_int64_t code = apr_strtoi64(name + plen, &end, 16); if ((!end || !*end) && code && code <= APR_UINT16_MAX) { *pint = (apr_uint16_t)code; return APR_SUCCESS; } } return APR_ENOENT; } apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name) { apr_uint16_t version; (void)conf; if (!apr_strnatcasecmp(name, "TLSv1.2")) { return TLS_VERSION_1_2; } else if (!apr_strnatcasecmp(name, "TLSv1.3")) { return TLS_VERSION_1_3; } if (APR_SUCCESS == get_uint16_from(name, "TLSv0x", &version)) { return version; } return 0; } const char *tls_proto_get_version_name( tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool) { (void)conf; switch (id) { case TLS_VERSION_1_2: return "TLSv1.2"; case TLS_VERSION_1_3: return "TLSv1.3"; default: return apr_psprintf(pool, "TLSv0x%04x", id); } } apr_array_header_t *tls_proto_create_versions_plus( tls_proto_conf_t *conf, apr_uint16_t min_version, apr_pool_t *pool) { apr_array_header_t *versions = apr_array_make(pool, 3, sizeof(apr_uint16_t)); apr_uint16_t version; int i; for (i = 0; i < conf->supported_versions->nelts; ++i) { version = APR_ARRAY_IDX(conf->supported_versions, i, apr_uint16_t); if (version >= min_version) { APR_ARRAY_PUSH(versions, apr_uint16_t) = version; } } return versions; } int tls_proto_is_cipher_supported(tls_proto_conf_t *conf, apr_uint16_t cipher) { return tls_util_array_uint16_contains(conf->supported_cipher_ids, cipher); } apr_status_t tls_proto_get_cipher_by_name( tls_proto_conf_t *conf, const char *name, apr_uint16_t *pcipher) { tls_cipher_t *cipher = apr_hash_get(conf->known_ciphers_by_name, name, APR_HASH_KEY_STRING); if (cipher) { *pcipher = cipher->id; return APR_SUCCESS; } return get_uint16_from(name, "TLS_CIPHER_0x", pcipher); } const char *tls_proto_get_cipher_name( tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool) { tls_cipher_t *cipher = apr_hash_get(conf->known_ciphers_by_id, &id, sizeof(apr_uint16_t)); if (cipher) { return cipher->name; } return apr_psprintf(pool, "TLS_CIPHER_0x%04x", id); } apr_array_header_t *tls_proto_get_rustls_suites( tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool) { apr_array_header_t *suites; rustls_cipher_t *rcipher; apr_uint16_t id; int i; suites = apr_array_make(pool, ids->nelts, sizeof(const rustls_supported_ciphersuite*)); for (i = 0; i < ids->nelts; ++i) { id = APR_ARRAY_IDX(ids, i, apr_uint16_t); rcipher = apr_hash_get(conf->rustls_ciphers_by_id, &id, sizeof(apr_uint16_t)); if (rcipher) { APR_ARRAY_PUSH(suites, const rustls_supported_ciphersuite *) = rcipher->rustls_suite; } } return suites; }