Update ciphersuite lists in config.h
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 080ab8f..934e1fa 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -191,26 +191,27 @@
*
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites:
- * TLS_RSA_WITH_NULL_MD5
- * TLS_RSA_WITH_NULL_SHA
- * TLS_RSA_WITH_NULL_SHA256
+ * TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_NULL_SHA
- * TLS_PSK_WITH_NULL_SHA
- * TLS_PSK_WITH_NULL_SHA256
- * TLS_PSK_WITH_NULL_SHA384
- * TLS_DHE_PSK_WITH_NULL_SHA
- * TLS_DHE_PSK_WITH_NULL_SHA256
- * TLS_DHE_PSK_WITH_NULL_SHA384
- * TLS_RSA_PSK_WITH_NULL_SHA
- * TLS_RSA_PSK_WITH_NULL_SHA256
- * TLS_RSA_PSK_WITH_NULL_SHA384
- * TLS_ECDHE_PSK_WITH_NULL_SHA
- * TLS_ECDHE_PSK_WITH_NULL_SHA256
* TLS_ECDHE_PSK_WITH_NULL_SHA384
+ * TLS_ECDHE_PSK_WITH_NULL_SHA256
+ * TLS_ECDHE_PSK_WITH_NULL_SHA
+ * TLS_DHE_PSK_WITH_NULL_SHA384
+ * TLS_DHE_PSK_WITH_NULL_SHA256
+ * TLS_DHE_PSK_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_SHA256
+ * TLS_RSA_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_MD5
+ * TLS_RSA_PSK_WITH_NULL_SHA384
+ * TLS_RSA_PSK_WITH_NULL_SHA256
+ * TLS_RSA_PSK_WITH_NULL_SHA
+ * TLS_PSK_WITH_NULL_SHA384
+ * TLS_PSK_WITH_NULL_SHA256
+ * TLS_PSK_WITH_NULL_SHA
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
+#define POLARSSL_CIPHER_NULL_CIPHER
*/
-//#define POLARSSL_CIPHER_NULL_CIPHER
/**
* \def POLARSSL_CIPHER_PADDING_XXX
@@ -239,14 +240,14 @@
* TLS_DHE_RSA_WITH_DES_CBC_SHA
*
* Uncomment this macro to enable weak ciphersuites
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/
-//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
/**
* \def POLARSSL_ECP_XXXX_ENABLED
*
* Enables specific curves within the Elliptic Curve module.
- * By default all supported curves are enables.
+ * By default all supported curves are enabled.
*
* Comment macros to disable the curve and functions for it
*/
@@ -266,14 +267,18 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_PSK_WITH_RC4_128_SHA
- * TLS_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_PSK_WITH_AES_128_CBC_SHA
- * TLS_PSK_WITH_AES_256_CBC_SHA
- * TLS_PSK_WITH_AES_128_CBC_SHA256
- * TLS_PSK_WITH_AES_256_CBC_SHA384
- * TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_RC4_128_SHA
*/
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
@@ -286,14 +291,18 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_DHE_PSK_WITH_RC4_128_SHA
- * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_PSK_WITH_RC4_128_SHA
*/
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -306,14 +315,14 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_ECDHE_PSK_WITH_RC4_128_SHA
- * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -327,14 +336,18 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_RSA_PSK_WITH_RC4_128_SHA
- * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_PSK_WITH_RC4_128_SHA
*/
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -348,19 +361,21 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_RSA_WITH_AES_128_CBC_SHA
- * TLS_RSA_WITH_AES_256_CBC_SHA
- * TLS_RSA_WITH_AES_128_CBC_SHA256
- * TLS_RSA_WITH_AES_256_CBC_SHA256
- * TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
- * TLS_RSA_WITH_RC4_128_MD5
- * TLS_RSA_WITH_RC4_128_SHA
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
*/
#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
@@ -374,14 +389,18 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
@@ -396,16 +415,18 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_ECDHE_RSA_WITH_RC4_128_SHA
- * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -418,16 +439,18 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
- * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
- * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
- * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
- * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -787,20 +810,52 @@
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_RSA_WITH_AES_128_CBC_SHA
- * TLS_RSA_WITH_AES_256_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_RSA_WITH_AES_128_CBC_SHA256
- * TLS_RSA_WITH_AES_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * TLS_RSA_WITH_AES_128_GCM_SHA256
- * TLS_RSA_WITH_AES_256_GCM_SHA384
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_AES_256_GCM_SHA384
+ * TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_AES_128_GCM_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA256
+ * TLS_PSK_WITH_AES_128_CBC_SHA
*
* PEM_PARSE uses AES for decrypting encrypted keys.
*/
@@ -816,9 +871,13 @@
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_RSA_WITH_RC4_128_MD5
- * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ * TLS_DHE_PSK_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
+ * TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_RC4_128_SHA
*/
#define POLARSSL_ARC4_C
@@ -897,14 +956,40 @@
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
#define POLARSSL_CAMELLIA_C
@@ -971,9 +1056,13 @@
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
- * TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
@@ -983,26 +1072,14 @@
/**
* \def POLARSSL_DHM_C
*
- * Enable the Diffie-Hellman-Merkle key exchange.
+ * Enable the Diffie-Hellman-Merkle module.
*
* Module: library/dhm.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_DHE_RSA_WITH_DES_CBC_SHA
- * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ * This module is used by the following key exchanges:
+ * DHE-RSA, DHE-PSK
*/
#define POLARSSL_DHM_C
@@ -1015,13 +1092,8 @@
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_ECDHE_RSA_WITH_NULL_SHA
- * TLS_ECDHE_RSA_WITH_RC4_128_SHA
- * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
*
* Requires: POLARSSL_ECP_C
*/
@@ -1035,6 +1107,9 @@
* Module: library/ecdsa.c
* Caller:
*
+ * This module is used by the following key exchanges:
+ * ECDHE-ECDSA
+ *
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
*/
#define POLARSSL_ECDSA_C
@@ -1087,10 +1162,8 @@
*
* Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
*
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * TLS_RSA_WITH_AES_128_GCM_SHA256
- * TLS_RSA_WITH_AES_256_GCM_SHA384
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
*/
#define POLARSSL_GCM_C
@@ -1391,9 +1464,10 @@
* library/ssl_tls.c
* library/x509.c
*
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
+ * This module is used by the following key exchanges:
+ * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
*
- * This module is required for SSL/TLS and MD5-signed certificates.
+ * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
*/
#define POLARSSL_RSA_C
