openldap/sme9/openldap-nss-update-cipher-list.patch

fix: some TLS ciphers cannot be enabled

The updated list includes all ciphers implemented in Mozilla NSS 3.13.15

Author: Jan Vcelak <jvcelak@redhat.com>
Upstream ITS: #7367
Resolves: #852339

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 1422ce2..5e49fc5 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -211,27 +211,34 @@ typedef struct {
        int num;            /* The cipher id */
        int attr;           /* cipher attributes: algorithms, etc */
        int version;        /* protocol version valid for this cipher */
-       int bits;           /* bits of strength */
-       int alg_bits;       /* bits of the algorithm */
        int strength;       /* LOW, MEDIUM, HIGH */
        int enabled;        /* Enabled by default? */
 } cipher_properties;
 
 /* cipher attributes  */
-#define SSL_kRSA  0x00000001L
-#define SSL_aRSA  0x00000002L
-#define SSL_aDSS  0x00000004L
-#define SSL_DSS   SSL_aDSS
-#define SSL_eNULL 0x00000008L
-#define SSL_DES   0x00000010L
-#define SSL_3DES  0x00000020L
-#define SSL_RC4   0x00000040L
-#define SSL_RC2   0x00000080L
-#define SSL_AES   0x00000100L
-#define SSL_MD5   0x00000200L
-#define SSL_SHA1  0x00000400L
-#define SSL_SHA   SSL_SHA1
-#define SSL_RSA   (SSL_kRSA|SSL_aRSA)
+#define SSL_kRSA        0x00000001L
+#define SSL_aRSA        0x00000002L
+#define SSL_RSA         (SSL_kRSA|SSL_aRSA)
+#define SSL_aDSA        0x00000004L
+#define SSL_DSA         SSL_aDSA
+#define SSL_eNULL       0x00000008L
+#define SSL_DES         0x00000010L
+#define SSL_3DES        0x00000020L
+#define SSL_RC4         0x00000040L
+#define SSL_RC2         0x00000080L
+#define SSL_AES128      0x00000100L
+#define SSL_AES256      0x00000200L
+#define SSL_AES         (SSL_AES128|SSL_AES256)
+#define SSL_MD5         0x00000400L
+#define SSL_SHA1        0x00000800L
+#define SSL_kEDH        0x00001000L
+#define SSL_CAMELLIA128 0x00002000L
+#define SSL_CAMELLIA256 0x00004000L
+#define SSL_CAMELLIA    (SSL_CAMELLIA128|SSL_CAMELLIA256)
+#define SSL_SEED        0x00008000L
+#define SSL_kECDH       0x00010000L
+#define SSL_kECDHE      0x00020000L
+#define SSL_aECDSA      0x00040000L
 
 /* cipher strength */
 #define SSL_NULL      0x00000001L
@@ -248,29 +255,70 @@ typedef struct {
 
 /* Cipher translation */
 static cipher_properties ciphers_def[] = {
-       /* SSL 2 ciphers */
-       {"DES-CBC3-MD5", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5, SSL2, 168, 168, SSL_HIGH, SSL_ALLOWED},
-       {"RC2-CBC-MD5", SSL_EN_RC2_128_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
-       {"RC4-MD5", SSL_EN_RC4_128_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
-       {"DES-CBC-MD5", SSL_EN_DES_64_CBC_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5, SSL2, 56, 56, SSL_LOW, SSL_ALLOWED},
-       {"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
-       {"EXP-RC4-MD5", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
-
-       /* SSL3 ciphers */
-       {"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
-       {"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
-       {"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSL3, 168, 168, SSL_HIGH, SSL_ALLOWED},
-       {"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSL3, 56, 56, SSL_LOW, SSL_ALLOWED},
-       {"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
-       {"EXP-RC2-CBC-MD5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5, SSL3, 0, 0, SSL_EXPORT40, SSL_ALLOWED},
-       {"NULL-MD5", SSL_RSA_WITH_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
-       {"NULL-SHA", SSL_RSA_WITH_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_SHA1, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
+
+       /*
+        * Use the same DEFAULT cipher list as OpenSSL, which is defined as: ALL:!aNULL:!eNULL:!SSLv2
+        */
+
+       /* SSLv2 ciphers */
+       {"DES-CBC-MD5",     SSL_EN_DES_64_CBC_WITH_MD5,           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5,  SSL2, SSL_LOW,      SSL_NOT_ALLOWED},
+       {"DES-CBC3-MD5",    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5, SSL2, SSL_HIGH,     SSL_NOT_ALLOWED},
+       {"RC2-CBC-MD5",     SSL_EN_RC2_128_CBC_WITH_MD5,          SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5,  SSL2, SSL_MEDIUM,   SSL_NOT_ALLOWED},
+       {"RC4-MD5",         SSL_EN_RC4_128_WITH_MD5,              SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,  SSL2, SSL_MEDIUM,   SSL_NOT_ALLOWED},
+       {"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5,  SSL2, SSL_EXPORT40, SSL_NOT_ALLOWED},
+       {"EXP-RC4-MD5",     SSL_EN_RC4_128_EXPORT40_WITH_MD5,     SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,  SSL2, SSL_EXPORT40, SSL_NOT_ALLOWED},
+
+       /* SSLv3 ciphers */
+       {"NULL-MD5",             SSL_RSA_WITH_NULL_MD5,              SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5,  SSL3, SSL_NULL,     SSL_NOT_ALLOWED},
+       {"NULL-SHA",             SSL_RSA_WITH_NULL_SHA,              SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_SHA1, SSL3, SSL_NULL,     SSL_NOT_ALLOWED},
+       {"DES-CBC-SHA",          SSL_RSA_WITH_DES_CBC_SHA,           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1,   SSL3, SSL_LOW,      SSL_ALLOWED},
+       {"DES-CBC3-SHA",         SSL_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1,  SSL3, SSL_HIGH,     SSL_ALLOWED},
+       {"RC4-MD5",              SSL_RSA_WITH_RC4_128_MD5,           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,    SSL3, SSL_MEDIUM,   SSL_ALLOWED},
+       {"RC4-SHA",              SSL_RSA_WITH_RC4_128_SHA,           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1,   SSL3, SSL_MEDIUM,   SSL_ALLOWED},
+       {"EXP-RC2-CBC-MD5",      SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5,    SSL3, SSL_EXPORT40, SSL_ALLOWED},
+       {"EXP-RC4-MD5",          SSL_RSA_EXPORT_WITH_RC4_40_MD5,     SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5,    SSL3, SSL_EXPORT40, SSL_ALLOWED},
+       {"EDH-RSA-DES-CBC-SHA",  SSL_DHE_RSA_WITH_DES_CBC_SHA,       SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1,   SSL3, SSL_LOW,      SSL_ALLOWED},
+       {"EDH-RSA-DES-CBC3-SHA", SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,  SSL_kEDH|SSL_aRSA|SSL_3DES|SSL_SHA1,  SSL3, SSL_HIGH,     SSL_ALLOWED},
+       {"EDH-DSS-DES-CBC-SHA",  SSL_DHE_DSS_WITH_DES_CBC_SHA,       SSL_kEDH|SSL_aDSA|SSL_DES|SSL_SHA1,   SSL3, SSL_LOW,      SSL_ALLOWED},
+       {"EDH-DSS-DES-CBC3-SHA", SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,  SSL_kEDH|SSL_aDSA|SSL_3DES|SSL_SHA1,  SSL3, SSL_HIGH,     SSL_ALLOWED},
 
        /* TLSv1 ciphers */
-       {"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
-       {"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
-       {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 128, 128, SSL_HIGH, SSL_ALLOWED},
-       {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 256, 256, SSL_HIGH, SSL_ALLOWED},
+       {"EXP1024-DES-CBC-SHA",      TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,   SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1,         TLS1, SSL_EXPORT56, SSL_ALLOWED},
+       {"EXP1024-RC4-SHA",          TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1,         TLS1, SSL_EXPORT56, SSL_ALLOWED},
+       {"SEED-SHA",                 TLS_RSA_WITH_SEED_CBC_SHA,             SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1,        TLS1, SSL_MEDIUM,   SSL_ALLOWED},
+       {"AES128-SHA",               TLS_RSA_WITH_AES_128_CBC_SHA,          SSL_kRSA|SSL_aRSA|SSL_AES128|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"AES256-SHA",               TLS_RSA_WITH_AES_256_CBC_SHA,          SSL_kRSA|SSL_aRSA|SSL_AES256|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"CAMELLIA256-SHA",          TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,     SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"CAMELLIA128-SHA",          TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,     SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-RSA-AES128-SHA",       TLS_DHE_RSA_WITH_AES_128_CBC_SHA,      SSL_kEDH|SSL_aRSA|SSL_AES128|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-RSA-AES256-SHA",       TLS_DHE_RSA_WITH_AES_256_CBC_SHA,      SSL_kEDH|SSL_aRSA|SSL_AES256|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-RSA-CAMELLIA128-SHA",  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_CAMELLIA128|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-RSA-CAMELLIA256-SHA",  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_CAMELLIA256|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-DSS-RC4-SHA",          TLS_DHE_DSS_WITH_RC4_128_SHA,          SSL_kEDH|SSL_aDSA|SSL_RC4|SSL_SHA1,         TLS1, SSL_MEDIUM,   SSL_ALLOWED},
+       {"DHE-DSS-AES128-SHA",       TLS_DHE_DSS_WITH_AES_128_CBC_SHA,      SSL_kEDH|SSL_aDSA|SSL_AES128|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-DSS-AES256-SHA",       TLS_DHE_DSS_WITH_AES_256_CBC_SHA,      SSL_kEDH|SSL_aDSA|SSL_AES256|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-DSS-CAMELLIA128-SHA",  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH|SSL_aDSA|SSL_CAMELLIA128|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"DHE-DSS-CAMELLIA256-SHA",  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH|SSL_aDSA|SSL_CAMELLIA256|SSL_SHA1, TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDH-RSA-NULL-SHA",        TLS_ECDH_RSA_WITH_NULL_SHA,            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA1,      TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
+       {"ECDH-RSA-RC4-SHA",         TLS_ECDH_RSA_WITH_RC4_128_SHA,         SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA1,        TLS1, SSL_MEDIUM,   SSL_ALLOWED},
+       {"ECDH-RSA-DES-CBC3-SHA",    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,    SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA1,       TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDH-RSA-AES128-SHA",      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,     SSL_kECDH|SSL_aRSA|SSL_AES128|SSL_SHA1,     TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDH-RSA-AES256-SHA",      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,     SSL_kECDH|SSL_aRSA|SSL_AES256|SSL_SHA1,     TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDH-ECDSA-NULL-SHA",      TLS_ECDH_ECDSA_WITH_NULL_SHA,          SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA1,    TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
+       {"ECDH-ECDSA-RC4-SHA",       TLS_ECDH_ECDSA_WITH_RC4_128_SHA,       SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA1,      TLS1, SSL_MEDIUM,   SSL_ALLOWED},
+       {"ECDH-ECDSA-DES-CBC3-SHA",  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,  SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA1,     TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDH-ECDSA-AES128-SHA",    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,   SSL_kECDH|SSL_aECDSA|SSL_AES128|SSL_SHA1,   TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDH-ECDSA-AES256-SHA",    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,   SSL_kECDH|SSL_aECDSA|SSL_AES256|SSL_SHA1,   TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDHE-RSA-NULL-SHA",       TLS_ECDHE_RSA_WITH_NULL_SHA,           SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA1,     TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
+       {"ECDHE-RSA-RC4-SHA",        TLS_ECDHE_RSA_WITH_RC4_128_SHA,        SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA1,       TLS1, SSL_MEDIUM,   SSL_ALLOWED},
+       {"ECDHE-RSA-DES-CBC3-SHA",   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,   SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA1,      TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDHE-RSA-AES128-SHA",     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,    SSL_kECDHE|SSL_aRSA|SSL_AES128|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDHE-RSA-AES256-SHA",     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,    SSL_kECDHE|SSL_aRSA|SSL_AES256|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDHE-ECDSA-NULL-SHA",     TLS_ECDHE_ECDSA_WITH_NULL_SHA,         SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA1,   TLS1, SSL_NULL,     SSL_NOT_ALLOWED},
+       {"ECDHE-ECDSA-RC4-SHA",      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,      SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA1,     TLS1, SSL_MEDIUM,   SSL_ALLOWED},
+       {"ECDHE-ECDSA-DES-CBC3-SHA", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA1,    TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDHE-ECDSA-AES128-SHA",   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,  SSL_kECDHE|SSL_aECDSA|SSL_AES128|SSL_SHA1,  TLS1, SSL_HIGH,     SSL_ALLOWED},
+       {"ECDHE-ECDSA-AES256-SHA",   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,  SSL_kECDHE|SSL_aECDSA|SSL_AES256|SSL_SHA1,  TLS1, SSL_HIGH,     SSL_ALLOWED},
 };
 
 #define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
@@ -577,6 +625,10 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
                                        mask |= SSL_RSA;
                                } else if ((!strcmp(cipher, "NULL")) || (!strcmp(cipher, "eNULL"))) {
                                        mask |= SSL_eNULL;
+                               } else if (!strcmp(cipher, "AES128")) {
+                                       mask |= SSL_AES128;
+                               } else if (!strcmp(cipher, "AES256")) {
+                                       mask |= SSL_AES256;
                                } else if (!strcmp(cipher, "AES")) {
                                        mask |= SSL_AES;
                                } else if (!strcmp(cipher, "3DES")) {
@@ -591,6 +643,24 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
                                        mask |= SSL_MD5;
                                } else if ((!strcmp(cipher, "SHA")) || (!strcmp(cipher, "SHA1"))) {
                                        mask |= SSL_SHA1;
+                               } else if (!strcmp(cipher, "EDH")) {
+                                       mask |= SSL_kEDH;
+                               } else if (!strcmp(cipher, "DSS")) {
+                                       mask |= SSL_aDSA;
+                               } else if (!strcmp(cipher, "CAMELLIA128")) {
+                                       mask |= SSL_CAMELLIA128;
+                               } else if (!strcmp(cipher, "CAMELLIA256")) {
+                                       mask |= SSL_CAMELLIA256;
+                               } else if (!strcmp(cipher, "CAMELLIA")) {
+                                       mask |= SSL_CAMELLIA;
+                               } else if (!strcmp(cipher, "SEED")) {
+                                       mask |= SSL_SEED;
+                               } else if (!strcmp(cipher, "ECDH")) {
+                                       mask |= SSL_kECDH;
+                               } else if (!strcmp(cipher, "ECDHE")) {
+                                       mask |= SSL_kECDHE;
+                               } else if (!strcmp(cipher, "ECDSA")) {
+                                       mask |= SSL_aECDSA;
                                } else if (!strcmp(cipher, "SSLv2")) {
                                        protocol |= SSL2;
                                } else if (!strcmp(cipher, "SSLv3")) {
-- 
1.7.11.4

1	vip-ire	1.1	fix: some TLS ciphers cannot be enabled
2
3			The updated list includes all ciphers implemented in Mozilla NSS 3.13.15
4
5			Author: Jan Vcelak <jvcelak@redhat.com>
6			Upstream ITS: #7367
7			Resolves: #852339
8
9			diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
10			index 1422ce2..5e49fc5 100644
11			--- a/libraries/libldap/tls_m.c
12			+++ b/libraries/libldap/tls_m.c
13			@@ -211,27 +211,34 @@ typedef struct {
14			int num; /* The cipher id */
15			int attr; /* cipher attributes: algorithms, etc */
16			int version; /* protocol version valid for this cipher */
17			- int bits; /* bits of strength */
18			- int alg_bits; /* bits of the algorithm */
19			int strength; /* LOW, MEDIUM, HIGH */
20			int enabled; /* Enabled by default? */
21			} cipher_properties;
22
23			/* cipher attributes */
24			-#define SSL_kRSA 0x00000001L
25			-#define SSL_aRSA 0x00000002L
26			-#define SSL_aDSS 0x00000004L
27			-#define SSL_DSS SSL_aDSS
28			-#define SSL_eNULL 0x00000008L
29			-#define SSL_DES 0x00000010L
30			-#define SSL_3DES 0x00000020L
31			-#define SSL_RC4 0x00000040L
32			-#define SSL_RC2 0x00000080L
33			-#define SSL_AES 0x00000100L
34			-#define SSL_MD5 0x00000200L
35			-#define SSL_SHA1 0x00000400L
36			-#define SSL_SHA SSL_SHA1
37			-#define SSL_RSA (SSL_kRSA\|SSL_aRSA)
38			+#define SSL_kRSA 0x00000001L
39			+#define SSL_aRSA 0x00000002L
40			+#define SSL_RSA (SSL_kRSA\|SSL_aRSA)
41			+#define SSL_aDSA 0x00000004L
42			+#define SSL_DSA SSL_aDSA
43			+#define SSL_eNULL 0x00000008L
44			+#define SSL_DES 0x00000010L
45			+#define SSL_3DES 0x00000020L
46			+#define SSL_RC4 0x00000040L
47			+#define SSL_RC2 0x00000080L
48			+#define SSL_AES128 0x00000100L
49			+#define SSL_AES256 0x00000200L
50			+#define SSL_AES (SSL_AES128\|SSL_AES256)
51			+#define SSL_MD5 0x00000400L
52			+#define SSL_SHA1 0x00000800L
53			+#define SSL_kEDH 0x00001000L
54			+#define SSL_CAMELLIA128 0x00002000L
55			+#define SSL_CAMELLIA256 0x00004000L
56			+#define SSL_CAMELLIA (SSL_CAMELLIA128\|SSL_CAMELLIA256)
57			+#define SSL_SEED 0x00008000L
58			+#define SSL_kECDH 0x00010000L
59			+#define SSL_kECDHE 0x00020000L
60			+#define SSL_aECDSA 0x00040000L
61
62			/* cipher strength */
63			#define SSL_NULL 0x00000001L
64			@@ -248,29 +255,70 @@ typedef struct {
65
66			/* Cipher translation */
67			static cipher_properties ciphers_def[] = {
68			- /* SSL 2 ciphers */
69			- {"DES-CBC3-MD5", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_3DES\|SSL_MD5, SSL2, 168, 168, SSL_HIGH, SSL_ALLOWED},
70			- {"RC2-CBC-MD5", SSL_EN_RC2_128_CBC_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
71			- {"RC4-MD5", SSL_EN_RC4_128_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL2, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
72			- {"DES-CBC-MD5", SSL_EN_DES_64_CBC_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_MD5, SSL2, 56, 56, SSL_LOW, SSL_ALLOWED},
73			- {"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
74			- {"EXP-RC4-MD5", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL2, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
75			-
76			- /* SSL3 ciphers */
77			- {"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
78			- {"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA1, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
79			- {"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_3DES\|SSL_SHA1, SSL3, 168, 168, SSL_HIGH, SSL_ALLOWED},
80			- {"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA1, SSL3, 56, 56, SSL_LOW, SSL_ALLOWED},
81			- {"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL3, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
82			- {"EXP-RC2-CBC-MD5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5, SSL3, 0, 0, SSL_EXPORT40, SSL_ALLOWED},
83			- {"NULL-MD5", SSL_RSA_WITH_NULL_MD5, SSL_kRSA\|SSL_aRSA\|SSL_eNULL\|SSL_MD5, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
84			- {"NULL-SHA", SSL_RSA_WITH_NULL_SHA, SSL_kRSA\|SSL_aRSA\|SSL_eNULL\|SSL_SHA1, SSL3, 0, 0, SSL_NULL, SSL_NOT_ALLOWED},
85			+
86			+ /*
87			+ * Use the same DEFAULT cipher list as OpenSSL, which is defined as: ALL:!aNULL:!eNULL:!SSLv2
88			+ */
89			+
90			+ /* SSLv2 ciphers */
91			+ {"DES-CBC-MD5", SSL_EN_DES_64_CBC_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_MD5, SSL2, SSL_LOW, SSL_NOT_ALLOWED},
92			+ {"DES-CBC3-MD5", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_3DES\|SSL_MD5, SSL2, SSL_HIGH, SSL_NOT_ALLOWED},
93			+ {"RC2-CBC-MD5", SSL_EN_RC2_128_CBC_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5, SSL2, SSL_MEDIUM, SSL_NOT_ALLOWED},
94			+ {"RC4-MD5", SSL_EN_RC4_128_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL2, SSL_MEDIUM, SSL_NOT_ALLOWED},
95			+ {"EXP-RC2-CBC-MD5", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5, SSL2, SSL_EXPORT40, SSL_NOT_ALLOWED},
96			+ {"EXP-RC4-MD5", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL2, SSL_EXPORT40, SSL_NOT_ALLOWED},
97			+
98			+ /* SSLv3 ciphers */
99			+ {"NULL-MD5", SSL_RSA_WITH_NULL_MD5, SSL_kRSA\|SSL_aRSA\|SSL_eNULL\|SSL_MD5, SSL3, SSL_NULL, SSL_NOT_ALLOWED},
100			+ {"NULL-SHA", SSL_RSA_WITH_NULL_SHA, SSL_kRSA\|SSL_aRSA\|SSL_eNULL\|SSL_SHA1, SSL3, SSL_NULL, SSL_NOT_ALLOWED},
101			+ {"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA1, SSL3, SSL_LOW, SSL_ALLOWED},
102			+ {"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_3DES\|SSL_SHA1, SSL3, SSL_HIGH, SSL_ALLOWED},
103			+ {"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL3, SSL_MEDIUM, SSL_ALLOWED},
104			+ {"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA1, SSL3, SSL_MEDIUM, SSL_ALLOWED},
105			+ {"EXP-RC2-CBC-MD5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5, SSL3, SSL_EXPORT40, SSL_ALLOWED},
106			+ {"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5, SSL3, SSL_EXPORT40, SSL_ALLOWED},
107			+ {"EDH-RSA-DES-CBC-SHA", SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_kEDH\|SSL_aRSA\|SSL_DES\|SSL_SHA1, SSL3, SSL_LOW, SSL_ALLOWED},
108			+ {"EDH-RSA-DES-CBC3-SHA", SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kEDH\|SSL_aRSA\|SSL_3DES\|SSL_SHA1, SSL3, SSL_HIGH, SSL_ALLOWED},
109			+ {"EDH-DSS-DES-CBC-SHA", SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_kEDH\|SSL_aDSA\|SSL_DES\|SSL_SHA1, SSL3, SSL_LOW, SSL_ALLOWED},
110			+ {"EDH-DSS-DES-CBC3-SHA", SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_kEDH\|SSL_aDSA\|SSL_3DES\|SSL_SHA1, SSL3, SSL_HIGH, SSL_ALLOWED},
111
112			/* TLSv1 ciphers */
113			- {"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
114			- {"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
115			- {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_AES\|SSL_SHA, TLS1, 128, 128, SSL_HIGH, SSL_ALLOWED},
116			- {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_AES\|SSL_SHA, TLS1, 256, 256, SSL_HIGH, SSL_ALLOWED},
117			+ {"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA1, TLS1, SSL_EXPORT56, SSL_ALLOWED},
118			+ {"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA1, TLS1, SSL_EXPORT56, SSL_ALLOWED},
119			+ {"SEED-SHA", TLS_RSA_WITH_SEED_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_SEED\|SSL_SHA1, TLS1, SSL_MEDIUM, SSL_ALLOWED},
120			+ {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
121			+ {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
122			+ {"CAMELLIA256-SHA", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_CAMELLIA\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
123			+ {"CAMELLIA128-SHA", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kRSA\|SSL_aRSA\|SSL_CAMELLIA\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
124			+ {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_kEDH\|SSL_aRSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
125			+ {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_kEDH\|SSL_aRSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
126			+ {"DHE-RSA-CAMELLIA128-SHA", TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH\|SSL_aRSA\|SSL_CAMELLIA128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
127			+ {"DHE-RSA-CAMELLIA256-SHA", TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH\|SSL_aRSA\|SSL_CAMELLIA256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
128			+ {"DHE-DSS-RC4-SHA", TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_kEDH\|SSL_aDSA\|SSL_RC4\|SSL_SHA1, TLS1, SSL_MEDIUM, SSL_ALLOWED},
129			+ {"DHE-DSS-AES128-SHA", TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_kEDH\|SSL_aDSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
130			+ {"DHE-DSS-AES256-SHA", TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_kEDH\|SSL_aDSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
131			+ {"DHE-DSS-CAMELLIA128-SHA", TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_kEDH\|SSL_aDSA\|SSL_CAMELLIA128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
132			+ {"DHE-DSS-CAMELLIA256-SHA", TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_kEDH\|SSL_aDSA\|SSL_CAMELLIA256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
133			+ {"ECDH-RSA-NULL-SHA", TLS_ECDH_RSA_WITH_NULL_SHA, SSL_kECDH\|SSL_aRSA\|SSL_eNULL\|SSL_SHA1, TLS1, SSL_NULL, SSL_NOT_ALLOWED},
134			+ {"ECDH-RSA-RC4-SHA", TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH\|SSL_aRSA\|SSL_RC4\|SSL_SHA1, TLS1, SSL_MEDIUM, SSL_ALLOWED},
135			+ {"ECDH-RSA-DES-CBC3-SHA", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kECDH\|SSL_aRSA\|SSL_3DES\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
136			+ {"ECDH-RSA-AES128-SHA", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_kECDH\|SSL_aRSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
137			+ {"ECDH-RSA-AES256-SHA", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_kECDH\|SSL_aRSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
138			+ {"ECDH-ECDSA-NULL-SHA", TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_kECDH\|SSL_aECDSA\|SSL_eNULL\|SSL_SHA1, TLS1, SSL_NULL, SSL_NOT_ALLOWED},
139			+ {"ECDH-ECDSA-RC4-SHA", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA1, TLS1, SSL_MEDIUM, SSL_ALLOWED},
140			+ {"ECDH-ECDSA-DES-CBC3-SHA", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_kECDH\|SSL_aECDSA\|SSL_3DES\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
141			+ {"ECDH-ECDSA-AES128-SHA", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDH\|SSL_aECDSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
142			+ {"ECDH-ECDSA-AES256-SHA", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDH\|SSL_aECDSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
143			+ {"ECDHE-RSA-NULL-SHA", TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_kECDHE\|SSL_aRSA\|SSL_eNULL\|SSL_SHA1, TLS1, SSL_NULL, SSL_NOT_ALLOWED},
144			+ {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_kECDHE\|SSL_aRSA\|SSL_RC4\|SSL_SHA1, TLS1, SSL_MEDIUM, SSL_ALLOWED},
145			+ {"ECDHE-RSA-DES-CBC3-SHA", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kECDHE\|SSL_aRSA\|SSL_3DES\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
146			+ {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE\|SSL_aRSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
147			+ {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE\|SSL_aRSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
148			+ {"ECDHE-ECDSA-NULL-SHA", TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_kECDHE\|SSL_aECDSA\|SSL_eNULL\|SSL_SHA1, TLS1, SSL_NULL, SSL_NOT_ALLOWED},
149			+ {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE\|SSL_aECDSA\|SSL_RC4\|SSL_SHA1, TLS1, SSL_MEDIUM, SSL_ALLOWED},
150			+ {"ECDHE-ECDSA-DES-CBC3-SHA", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_kECDHE\|SSL_aECDSA\|SSL_3DES\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
151			+ {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE\|SSL_aECDSA\|SSL_AES128\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
152			+ {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE\|SSL_aECDSA\|SSL_AES256\|SSL_SHA1, TLS1, SSL_HIGH, SSL_ALLOWED},
153			};
154
155			#define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
156			@@ -577,6 +625,10 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
157			mask \|= SSL_RSA;
158			} else if ((!strcmp(cipher, "NULL")) \|\| (!strcmp(cipher, "eNULL"))) {
159			mask \|= SSL_eNULL;
160			+ } else if (!strcmp(cipher, "AES128")) {
161			+ mask \|= SSL_AES128;
162			+ } else if (!strcmp(cipher, "AES256")) {
163			+ mask \|= SSL_AES256;
164			} else if (!strcmp(cipher, "AES")) {
165			mask \|= SSL_AES;
166			} else if (!strcmp(cipher, "3DES")) {
167			@@ -591,6 +643,24 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
168			mask \|= SSL_MD5;
169			} else if ((!strcmp(cipher, "SHA")) \|\| (!strcmp(cipher, "SHA1"))) {
170			mask \|= SSL_SHA1;
171			+ } else if (!strcmp(cipher, "EDH")) {
172			+ mask \|= SSL_kEDH;
173			+ } else if (!strcmp(cipher, "DSS")) {
174			+ mask \|= SSL_aDSA;
175			+ } else if (!strcmp(cipher, "CAMELLIA128")) {
176			+ mask \|= SSL_CAMELLIA128;
177			+ } else if (!strcmp(cipher, "CAMELLIA256")) {
178			+ mask \|= SSL_CAMELLIA256;
179			+ } else if (!strcmp(cipher, "CAMELLIA")) {
180			+ mask \|= SSL_CAMELLIA;
181			+ } else if (!strcmp(cipher, "SEED")) {
182			+ mask \|= SSL_SEED;
183			+ } else if (!strcmp(cipher, "ECDH")) {
184			+ mask \|= SSL_kECDH;
185			+ } else if (!strcmp(cipher, "ECDHE")) {
186			+ mask \|= SSL_kECDHE;
187			+ } else if (!strcmp(cipher, "ECDSA")) {
188			+ mask \|= SSL_aECDSA;
189			} else if (!strcmp(cipher, "SSLv2")) {
190			protocol \|= SSL2;
191			} else if (!strcmp(cipher, "SSLv3")) {
192			--
193			1.7.11.4
194