diff --git a/tests/compat.sh b/tests/compat.sh index c8a883da5f..6cbc0e327f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -245,24 +245,17 @@ add_common_ciphersuites() case $TYPE in "ECDSA") - if [ `minor_ver "$MODE"` -gt 0 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-ECDSA-WITH-NULL-SHA \ - TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ - " - fi - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ - " - fi + CIPHERS="$CIPHERS \ + TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ + + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ + " ;; "RSA") @@ -279,34 +272,27 @@ add_common_ciphersuites() TLS-RSA-WITH-3DES-EDE-CBC-SHA \ TLS-RSA-WITH-NULL-MD5 \ TLS-RSA-WITH-NULL-SHA \ + + TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ + TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-RSA-WITH-NULL-SHA \ + + TLS-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ + TLS-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ + + TLS-RSA-WITH-NULL-SHA256 \ " - if [ `minor_ver "$MODE"` -gt 0 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-RSA-WITH-NULL-SHA \ - " - fi - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-RSA-WITH-AES-256-CBC-SHA256 \ - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ - TLS-RSA-WITH-AES-128-GCM-SHA256 \ - TLS-RSA-WITH-AES-256-GCM-SHA384 \ - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ - TLS-RSA-WITH-NULL-SHA256 \ - " - fi ;; "PSK") @@ -347,62 +333,48 @@ add_openssl_ciphersuites() case $TYPE in "ECDSA") - if [ `minor_ver "$MODE"` -gt 0 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDH-ECDSA-WITH-NULL-SHA \ - TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ - TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ - " - fi - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ - TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ - TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ - TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ - " - fi + CIPHERS="$CIPHERS \ + TLS-ECDH-ECDSA-WITH-NULL-SHA \ + TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ + + TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ + " ;; "RSA") CIPHERS="$CIPHERS \ - TLS-RSA-WITH-DES-CBC-SHA \ + TLS-RSA-WITH-DES-CBC-SHA \ TLS-DHE-RSA-WITH-DES-CBC-SHA \ + + TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ + TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ " - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ - TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ - TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ - TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ - TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ - TLS-RSA-WITH-ARIA-128-GCM-SHA256 \ - TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ - TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ - " - fi ;; "PSK") - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ - TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ - TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ - TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ - TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \ - TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ - TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ - " - fi + CIPHERS="$CIPHERS \ + TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ + TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ + TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \ + TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ + TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ + " ;; esac @@ -424,115 +396,101 @@ add_gnutls_ciphersuites() case $TYPE in "ECDSA") - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ - TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ - TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ - " - fi + CIPHERS="$CIPHERS \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ + TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ + TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ + " ;; "RSA") - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-RSA-WITH-AES-128-CCM \ - TLS-RSA-WITH-AES-256-CCM \ - TLS-DHE-RSA-WITH-AES-128-CCM \ - TLS-DHE-RSA-WITH-AES-256-CCM \ - TLS-RSA-WITH-AES-128-CCM-8 \ - TLS-RSA-WITH-AES-256-CCM-8 \ - TLS-DHE-RSA-WITH-AES-128-CCM-8 \ - TLS-DHE-RSA-WITH-AES-256-CCM-8 \ - " - fi + CIPHERS="$CIPHERS \ + TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-RSA-WITH-AES-128-CCM \ + TLS-RSA-WITH-AES-256-CCM \ + TLS-DHE-RSA-WITH-AES-128-CCM \ + TLS-DHE-RSA-WITH-AES-256-CCM \ + TLS-RSA-WITH-AES-128-CCM-8 \ + TLS-RSA-WITH-AES-256-CCM-8 \ + TLS-DHE-RSA-WITH-AES-128-CCM-8 \ + TLS-DHE-RSA-WITH-AES-256-CCM-8 \ + " ;; "PSK") - CIPHERS="$CIPHERS \ - TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ + CIPHERS="$CIPHERS \ + TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ + + TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ + TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ + TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ + + TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-PSK-WITH-NULL-SHA384 \ + TLS-ECDHE-PSK-WITH-NULL-SHA256 \ + TLS-PSK-WITH-AES-128-CBC-SHA256 \ + TLS-PSK-WITH-AES-256-CBC-SHA384 \ + TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ + TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + TLS-PSK-WITH-NULL-SHA256 \ + TLS-PSK-WITH-NULL-SHA384 \ + TLS-DHE-PSK-WITH-NULL-SHA256 \ + TLS-DHE-PSK-WITH-NULL-SHA384 \ + TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ + TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ + TLS-RSA-PSK-WITH-NULL-SHA256 \ + TLS-RSA-PSK-WITH-NULL-SHA384 \ + TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-PSK-WITH-AES-128-GCM-SHA256 \ + TLS-PSK-WITH-AES-256-GCM-SHA384 \ + TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ + TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ + TLS-PSK-WITH-AES-128-CCM \ + TLS-PSK-WITH-AES-256-CCM \ + TLS-DHE-PSK-WITH-AES-128-CCM \ + TLS-DHE-PSK-WITH-AES-256-CCM \ + TLS-PSK-WITH-AES-128-CCM-8 \ + TLS-PSK-WITH-AES-256-CCM-8 \ + TLS-DHE-PSK-WITH-AES-128-CCM-8 \ + TLS-DHE-PSK-WITH-AES-256-CCM-8 \ + TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ + TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ " - if [ `minor_ver "$MODE"` -gt 0 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ - TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ - TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - " - fi - if [ `minor_ver "$MODE"` -ge 3 ] - then - CIPHERS="$CIPHERS \ - TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-PSK-WITH-NULL-SHA384 \ - TLS-ECDHE-PSK-WITH-NULL-SHA256 \ - TLS-PSK-WITH-AES-128-CBC-SHA256 \ - TLS-PSK-WITH-AES-256-CBC-SHA384 \ - TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ - TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - TLS-PSK-WITH-NULL-SHA256 \ - TLS-PSK-WITH-NULL-SHA384 \ - TLS-DHE-PSK-WITH-NULL-SHA256 \ - TLS-DHE-PSK-WITH-NULL-SHA384 \ - TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - TLS-RSA-PSK-WITH-NULL-SHA256 \ - TLS-RSA-PSK-WITH-NULL-SHA384 \ - TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-PSK-WITH-AES-128-GCM-SHA256 \ - TLS-PSK-WITH-AES-256-GCM-SHA384 \ - TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ - TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ - TLS-PSK-WITH-AES-128-CCM \ - TLS-PSK-WITH-AES-256-CCM \ - TLS-DHE-PSK-WITH-AES-128-CCM \ - TLS-DHE-PSK-WITH-AES-256-CCM \ - TLS-PSK-WITH-AES-128-CCM-8 \ - TLS-PSK-WITH-AES-256-CCM-8 \ - TLS-DHE-PSK-WITH-AES-128-CCM-8 \ - TLS-DHE-PSK-WITH-AES-256-CCM-8 \ - TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ - TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ - " - fi ;; esac @@ -551,71 +509,53 @@ add_mbedtls_ciphersuites() case $TYPE in "ECDSA") - if [ `minor_ver "$MODE"` -gt 0 ] - then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ - " - fi - if [ `minor_ver "$MODE"` -ge 3 ] - then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ - TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ - TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \ - TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \ - TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \ - TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \ - " - fi + M_CIPHERS="$M_CIPHERS \ + TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ + + TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ + TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \ + TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \ + " ;; "RSA") - if [ `minor_ver "$MODE"` -ge 3 ] - then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \ - TLS-RSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-RSA-WITH-ARIA-128-CBC-SHA256 \ - " - fi + M_CIPHERS="$M_CIPHERS \ + TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \ + TLS-RSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-RSA-WITH-ARIA-128-CBC-SHA256 \ + " ;; "PSK") # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 - M_CIPHERS="$M_CIPHERS \ - TLS-PSK-WITH-NULL-SHA \ - TLS-DHE-PSK-WITH-NULL-SHA \ + M_CIPHERS="$M_CIPHERS \ + TLS-PSK-WITH-NULL-SHA \ + TLS-DHE-PSK-WITH-NULL-SHA \ + + TLS-ECDHE-PSK-WITH-NULL-SHA \ + TLS-RSA-PSK-WITH-NULL-SHA \ + + TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \ " - if [ `minor_ver "$MODE"` -gt 0 ] - then - M_CIPHERS="$M_CIPHERS \ - TLS-ECDHE-PSK-WITH-NULL-SHA \ - TLS-RSA-PSK-WITH-NULL-SHA \ - " - fi - if [ `minor_ver "$MODE"` -ge 3 ] - then - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \ - TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \ - TLS-PSK-WITH-ARIA-256-CBC-SHA384 \ - TLS-PSK-WITH-ARIA-128-CBC-SHA256 \ - TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ - TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ - TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \ - TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \ - TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \ - TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \ - TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \ - " - fi ;; esac }