tor/src/lib/tls/ciphers.inc

/* This is an include file used to define the list of ciphers clients should
 * advertise.  Before including it, you should define the CIPHER and XCIPHER
 * macros.
 *
 * This file was automatically generated by get_mozilla_ciphers.py;
 * TLSv1.3 ciphers were added manually.
 */

/* Here are the TLS1.3 ciphers. Note that we don't have XCIPHER instances
 * here, since we don't want to ever fake them.
 */
#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
   CIPHER(0x1301, TLS1_3_TXT_AES_128_GCM_SHA256)
#endif
#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
   CIPHER(0x1302, TLS1_3_TXT_AES_256_GCM_SHA384)
#endif
#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
   CIPHER(0x1303, TLS1_3_TXT_CHACHA20_POLY1305_SHA256)
#endif
#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
   CIPHER(0x1304, TLS1_3_TXT_AES_128_CCM_SHA256)
#endif

/* Here's the machine-generated list. */
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#else
   XCIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    CIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
#else
   XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
#endif
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    CIPHER(0xcca9, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
#else
   XCIPHER(0xcca9, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
    CIPHER(0xcca8, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305)
#else
   XCIPHER(0xcca8, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305)
#endif
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    CIPHER(0xc02c, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
#else
   XCIPHER(0xc02c, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    CIPHER(0xc030, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
#else
   XCIPHER(0xc030, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
#endif
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
#else
   XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
#endif
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
#else
   XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
    CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
#else
   XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
    CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
#else
   XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
    CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
#else
   XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
    CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
#else
   XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
#endif
#ifdef TLS1_TXT_RSA_WITH_AES_128_SHA
    CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA)
#else
   XCIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA)
#endif
#ifdef TLS1_TXT_RSA_WITH_AES_256_SHA
    CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)
#else
   XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)
#endif
#ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA
    CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
#else
   XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
#endif
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`/* This is an include file used to define the list of ciphers clients should`
fix a few typos, and give the bootstrap phase stuff a changelog entry. svn:r15183 2008-06-13 06:26:05 +02:00			`* advertise. Before including it, you should define the CIPHER and XCIPHER`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`* macros.`
			`*`
Make Tor support TLS1.3 ciphers with OpenSSL 1.1.1 Without this patch, not only will TLS1.3 not work with Tor, but OpenSSL 1.1.1 with TLS1.3 enabled won't build any connections at all: It requires that either TLS1.3 be disabled, or some TLS1.3 ciphersuites be listed. Closes ticket 24978. 2018-01-23 15:23:21 +01:00			`* This file was automatically generated by get_mozilla_ciphers.py;`
			`* TLSv1.3 ciphers were added manually.`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`*/`
Make Tor support TLS1.3 ciphers with OpenSSL 1.1.1 Without this patch, not only will TLS1.3 not work with Tor, but OpenSSL 1.1.1 with TLS1.3 enabled won't build any connections at all: It requires that either TLS1.3 be disabled, or some TLS1.3 ciphersuites be listed. Closes ticket 24978. 2018-01-23 15:23:21 +01:00
			`/* Here are the TLS1.3 ciphers. Note that we don't have XCIPHER instances`
			`* here, since we don't want to ever fake them.`
			`*/`
			`#ifdef TLS1_3_TXT_AES_128_GCM_SHA256`
			`CIPHER(0x1301, TLS1_3_TXT_AES_128_GCM_SHA256)`
			`#endif`
			`#ifdef TLS1_3_TXT_AES_256_GCM_SHA384`
			`CIPHER(0x1302, TLS1_3_TXT_AES_256_GCM_SHA384)`
			`#endif`
			`#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256`
			`CIPHER(0x1303, TLS1_3_TXT_CHACHA20_POLY1305_SHA256)`
			`#endif`
			`#ifdef TLS1_3_TXT_AES_128_CCM_SHA256`
			`CIPHER(0x1304, TLS1_3_TXT_AES_128_CCM_SHA256)`
			`#endif`

			`/* Here's the machine-generated list. */`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
			`CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
			`CIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#endif`
Regenerate ciphers.inc 2017-01-24 21:05:35 +01:00			`#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`
			`CIPHER(0xcca9, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)`
			`#else`
			`XCIPHER(0xcca9, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)`
			`#endif`
			`#ifdef TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305`
			`CIPHER(0xcca8, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305)`
			`#else`
			`XCIPHER(0xcca8, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305)`
			`#endif`
			`#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
			`CIPHER(0xc02c, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)`
			`#else`
			`XCIPHER(0xc02c, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)`
			`#endif`
			`#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
			`CIPHER(0xc030, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384)`
			`#else`
			`XCIPHER(0xc030, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384)`
			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`
			`CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`
			`CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA`
			`CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA`
			`CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`#endif`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA`
			`CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)`
			`#else`
			`XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)`
			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA`
			`CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)`
Change our ciphersuite list to match ff8 2012-05-15 21:25:54 +02:00			`#endif`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#ifdef TLS1_TXT_RSA_WITH_AES_128_SHA`
			`CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA)`
			`#else`
			`XCIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA)`
			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef TLS1_TXT_RSA_WITH_AES_256_SHA`
			`CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#endif`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`#ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA`
			`CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#else`
Update ciphers.inc to match ff28 The major changes are to re-order some ciphers, to drop the ECDH suites (note: not ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... and to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. 2014-04-08 17:31:48 +02:00			`XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)`
r16215@tombo: nickm \| 2008-06-12 18:39:03 -0400 Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, even if we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented. svn:r15173 2008-06-13 00:39:13 +02:00			`#endif`