From ea4f109c99955c5119258c90c9ecd78623cf180e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 4 Jul 2002 08:51:09 +0000
Subject: AES cipher suites are now official (RFC3268)

---
 ssl/ssl.h      |  2 +-
 ssl/ssl_ciph.c | 13 ++++++-------
 ssl/tls1.h     | 31 ++++++++++++++++---------------
 3 files changed, 23 insertions(+), 23 deletions(-)

(limited to 'ssl')

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 474e5a76ef..bb2eda0b5c 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -253,7 +253,7 @@ extern "C" {
 #define SSL_TXT_RC4		"RC4"
 #define SSL_TXT_RC2		"RC2"
 #define SSL_TXT_IDEA		"IDEA"
-#define SSL_TXT_AES		"AESdraft" /* AES ciphersuites are not yet official (thus excluded from 'ALL') */
+#define SSL_TXT_AES		"AES"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index cdd8dde128..a1cef72082 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -100,9 +100,8 @@ typedef struct cipher_order_st
 	} CIPHER_ORDER;
 
 static const SSL_CIPHER cipher_aliases[]={
-	/* Don't include eNULL unless specifically enabled.
-	 * Similarly, don't include AES in ALL because these ciphers are not yet official. */
-	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+	/* Don't include eNULL unless specifically enabled. */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
         {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
@@ -999,10 +998,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_AES:
 		switch(cipher->strength_bits)
 			{
-		case 128: enc="AESdraft(128)"; break;
-		case 192: enc="AESdraft(192)"; break;
-		case 256: enc="AESdraft(256)"; break;
-		default: enc="AESdraft(?""?""?)"; break;
+		case 128: enc="AES(128)"; break;
+		case 192: enc="AES(192)"; break;
+		case 256: enc="AES(256)"; break;
+		default: enc="AES(?""?""?)"; break;
 			}
 		break;
 	default:
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 1da2c9c9ae..38838ea9a5 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -96,7 +96,7 @@ extern "C" {
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
 
-  /* AES ciphersuites from draft-ietf-tls-ciphersuite-06.txt */
+/* AES ciphersuites from RFC3268 */
 
 #define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F
 #define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030
@@ -126,20 +126,21 @@ extern "C" {
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
-  /* AES ciphersuites from draft ietf-tls-ciphersuite-03.txt */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AESdraft128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AESdraft128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AESdraft128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AESdraft128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AESdraft128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AESdraft128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AESdraft256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AESdraft256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AESdraft256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AESdraft256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AESdraft256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AESdraft256-SHA"
+
+/* AES ciphersuites from RFC3268 */
+#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
+
+#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
 
 
 #define TLS_CT_RSA_SIGN			1
-- 
cgit v1.2.3