1 /**
2  * \file ssl_ciphersuites.c
3  *
4  * \brief SSL ciphersuites for Mbed TLS
5  *
6  *  Copyright The Mbed TLS Contributors
7  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8  */
9 
10 #include "common.h"
11 
12 #if defined(MBEDTLS_SSL_TLS_C)
13 
14 #include "mbedtls/platform.h"
15 
16 #include "mbedtls/ssl_ciphersuites.h"
17 #include "mbedtls/ssl.h"
18 #include "ssl_misc.h"
19 #if defined(MBEDTLS_USE_PSA_CRYPTO)
20 #include "mbedtls/psa_util.h"
21 #endif
22 
23 #include <string.h>
24 
25 /*
26  * Ordered from most preferred to least preferred in terms of security.
27  *
28  * Current rule (except weak and null which come last):
29  * 1. By key exchange:
30  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
31  * 2. By key length and cipher:
32  *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
33  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
34  * 4. By hash function used when relevant
35  * 5. By key exchange/auth again: EC > non-EC
36  */
37 static const int ciphersuite_preference[] =
38 {
39 #if defined(MBEDTLS_SSL_CIPHERSUITES)
40     MBEDTLS_SSL_CIPHERSUITES,
41 #else
42 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
43     /* TLS 1.3 ciphersuites */
44     MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
45     MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
46     MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
47     MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
48     MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
49 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
50 
51     /* Chacha-Poly ephemeral suites */
52     MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
54     MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
55 
56     /* All AES-256 ephemeral suites */
57     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
60     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
61     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
62     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
64     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
65     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
67     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
68     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
69     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
70 
71     /* All CAMELLIA-256 ephemeral suites */
72     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
73     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
74     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
75     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
76     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
77     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
78     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
79 
80     /* All ARIA-256 ephemeral suites */
81     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
82     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
83     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
84     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
85     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
86     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
87 
88     /* All AES-128 ephemeral suites */
89     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
90     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
91     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
92     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
93     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
94     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
95     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
96     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
97     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
98     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
100     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
101     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
102 
103     /* All CAMELLIA-128 ephemeral suites */
104     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
105     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
106     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
107     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
108     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
109     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
110     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
111 
112     /* All ARIA-128 ephemeral suites */
113     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
114     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
115     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
116     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
117     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
118     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
119 
120     /* The PSK ephemeral suites */
121     MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
122     MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
123     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
124     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
125     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
126     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
127     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
128     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
129     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
130     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
131     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
132     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
133     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
134     MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
135     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
136 
137     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
138     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
139     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
140     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
141     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
142     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
143     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
144     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
145     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
146     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
147     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
148     MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
149     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
150 
151     /* The ECJPAKE suite */
152     MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
153 
154     /* All AES-256 suites */
155     MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
156     MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
157     MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
158     MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
159     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
160     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
161     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
162     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
163     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
164     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
165     MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
166 
167     /* All CAMELLIA-256 suites */
168     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
169     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
170     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
171     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
172     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
173     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
174     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
175 
176     /* All ARIA-256 suites */
177     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
178     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
179     MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
180     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
181     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
182     MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
183 
184     /* All AES-128 suites */
185     MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
186     MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
187     MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
188     MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
189     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
190     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
191     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
192     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
193     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
194     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
195     MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
196 
197     /* All CAMELLIA-128 suites */
198     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
199     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
200     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
201     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
202     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
203     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
204     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
205 
206     /* All ARIA-128 suites */
207     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
208     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
209     MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
210     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
211     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
212     MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
213 
214     /* The RSA PSK suites */
215     MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
216     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
217     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
218     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
219     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
220     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
221     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
222     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
223 
224     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
225     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
226     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
227     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
228     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
229     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
230     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
231 
232     /* The PSK suites */
233     MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
234     MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
235     MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
236     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
237     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
238     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
239     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
240     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
241     MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
242     MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
243 
244     MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
245     MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
246     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
247     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
248     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
249     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
250     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
251     MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
252     MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
253 
254     /* NULL suites */
255     MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
256     MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
257     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
258     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
259     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
260     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
261     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
262     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
263 
264     MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
265     MBEDTLS_TLS_RSA_WITH_NULL_SHA,
266     MBEDTLS_TLS_RSA_WITH_NULL_MD5,
267     MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
268     MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
269     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
270     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
271     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
272     MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
273     MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
274     MBEDTLS_TLS_PSK_WITH_NULL_SHA,
275 
276 #endif /* MBEDTLS_SSL_CIPHERSUITES */
277     0
278 };
279 
280 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
281 {
282 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
283 #if defined(MBEDTLS_SSL_HAVE_AES)
284 #if defined(MBEDTLS_SSL_HAVE_GCM)
285 #if defined(MBEDTLS_MD_CAN_SHA384)
286     { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
287       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
288       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
289       0,
290       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
291 #endif /* MBEDTLS_MD_CAN_SHA384 */
292 #if defined(MBEDTLS_MD_CAN_SHA256)
293     { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
294       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
295       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
296       0,
297       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
298 #endif /* MBEDTLS_MD_CAN_SHA256 */
299 #endif /* MBEDTLS_SSL_HAVE_GCM */
300 #if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
301     { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
302       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
303       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
304       0,
305       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
306     { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
307       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
308       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
309       MBEDTLS_CIPHERSUITE_SHORT_TAG,
310       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
311 #endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
312 #endif /* MBEDTLS_SSL_HAVE_AES */
313 #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
314     { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
315       "TLS1-3-CHACHA20-POLY1305-SHA256",
316       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
317       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
318       0,
319       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
320 #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
321 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
322 
323 #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
324     defined(MBEDTLS_MD_CAN_SHA256) && \
325     defined(MBEDTLS_SSL_PROTO_TLS1_2)
326 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
327     { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
328       "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
329       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
330       MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
331       0,
332       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
333 #endif
334 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
335     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
336       "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
337       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
338       MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
339       0,
340       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
341 #endif
342 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
343     { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
344       "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
345       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
346       MBEDTLS_KEY_EXCHANGE_DHE_RSA,
347       0,
348       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
349 #endif
350 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
351     { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
352       "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
353       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
354       MBEDTLS_KEY_EXCHANGE_PSK,
355       0,
356       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
357 #endif
358 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
359     { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
360       "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
361       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
362       MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
363       0,
364       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
365 #endif
366 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
367     { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
368       "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
369       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
370       MBEDTLS_KEY_EXCHANGE_DHE_PSK,
371       0,
372       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
373 #endif
374 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
375     { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
376       "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
377       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
378       MBEDTLS_KEY_EXCHANGE_RSA_PSK,
379       0,
380       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
381 #endif
382 #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
383           MBEDTLS_MD_CAN_SHA256 &&
384           MBEDTLS_SSL_PROTO_TLS1_2 */
385 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
386 #if defined(MBEDTLS_SSL_HAVE_AES)
387 #if defined(MBEDTLS_MD_CAN_SHA1)
388 #if defined(MBEDTLS_SSL_HAVE_CBC)
389     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
390       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
391       0,
392       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
393     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
394       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
395       0,
396       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
397 #endif /* MBEDTLS_SSL_HAVE_CBC */
398 #endif /* MBEDTLS_MD_CAN_SHA1 */
399 #if defined(MBEDTLS_MD_CAN_SHA256)
400 #if defined(MBEDTLS_SSL_HAVE_CBC)
401     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
402       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
403       0,
404       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
405 #endif /* MBEDTLS_SSL_HAVE_CBC */
406 #if defined(MBEDTLS_SSL_HAVE_GCM)
407     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
408       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
409       0,
410       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
411 #endif /* MBEDTLS_SSL_HAVE_GCM */
412 #endif /* MBEDTLS_MD_CAN_SHA256 */
413 #if defined(MBEDTLS_MD_CAN_SHA384)
414 #if defined(MBEDTLS_SSL_HAVE_CBC)
415     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
416       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
417       0,
418       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
419 #endif /* MBEDTLS_SSL_HAVE_CBC */
420 #if defined(MBEDTLS_SSL_HAVE_GCM)
421     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
422       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
423       0,
424       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
425 #endif /* MBEDTLS_SSL_HAVE_GCM */
426 #endif /* MBEDTLS_MD_CAN_SHA384 */
427 #if defined(MBEDTLS_SSL_HAVE_CCM)
428     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
429       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
430       0,
431       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
432     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
433       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
434       MBEDTLS_CIPHERSUITE_SHORT_TAG,
435       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
436     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
437       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
438       0,
439       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
440     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
441       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
442       MBEDTLS_CIPHERSUITE_SHORT_TAG,
443       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
444 #endif /* MBEDTLS_SSL_HAVE_CCM */
445 #endif /* MBEDTLS_SSL_HAVE_AES */
446 
447 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
448 #if defined(MBEDTLS_SSL_HAVE_CBC)
449 #if defined(MBEDTLS_MD_CAN_SHA256)
450     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
451       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
452       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
453       0,
454       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
455 #endif /* MBEDTLS_MD_CAN_SHA256 */
456 #if defined(MBEDTLS_MD_CAN_SHA384)
457     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
458       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
459       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
460       0,
461       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
462 #endif /* MBEDTLS_MD_CAN_SHA384 */
463 #endif /* MBEDTLS_SSL_HAVE_CBC */
464 
465 #if defined(MBEDTLS_SSL_HAVE_GCM)
466 #if defined(MBEDTLS_MD_CAN_SHA256)
467     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
468       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
469       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
470       0,
471       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
472 #endif /* MBEDTLS_MD_CAN_SHA256 */
473 #if defined(MBEDTLS_MD_CAN_SHA384)
474     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
475       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
476       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
477       0,
478       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
479 #endif /* MBEDTLS_MD_CAN_SHA384 */
480 #endif /* MBEDTLS_SSL_HAVE_GCM */
481 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
482 
483 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
484 #if defined(MBEDTLS_MD_CAN_SHA1)
485     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
486       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
487       MBEDTLS_CIPHERSUITE_WEAK,
488       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
489 #endif /* MBEDTLS_MD_CAN_SHA1 */
490 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
491 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
492 
493 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
494 #if defined(MBEDTLS_SSL_HAVE_AES)
495 #if defined(MBEDTLS_MD_CAN_SHA1)
496 #if defined(MBEDTLS_SSL_HAVE_CBC)
497     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
498       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
499       0,
500       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
501     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
502       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
503       0,
504       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
505 #endif /* MBEDTLS_SSL_HAVE_CBC */
506 #endif /* MBEDTLS_MD_CAN_SHA1 */
507 #if defined(MBEDTLS_MD_CAN_SHA256)
508 #if defined(MBEDTLS_SSL_HAVE_CBC)
509     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
510       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
511       0,
512       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
513 #endif /* MBEDTLS_SSL_HAVE_CBC */
514 #if defined(MBEDTLS_SSL_HAVE_GCM)
515     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
516       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
517       0,
518       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
519 #endif /* MBEDTLS_SSL_HAVE_GCM */
520 #endif /* MBEDTLS_MD_CAN_SHA256 */
521 #if defined(MBEDTLS_MD_CAN_SHA384)
522 #if defined(MBEDTLS_SSL_HAVE_CBC)
523     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
524       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
525       0,
526       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
527 #endif /* MBEDTLS_SSL_HAVE_CBC */
528 #if defined(MBEDTLS_SSL_HAVE_GCM)
529     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
530       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
531       0,
532       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
533 #endif /* MBEDTLS_SSL_HAVE_GCM */
534 #endif /* MBEDTLS_MD_CAN_SHA384 */
535 #endif /* MBEDTLS_SSL_HAVE_AES */
536 
537 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
538 #if defined(MBEDTLS_SSL_HAVE_CBC)
539 #if defined(MBEDTLS_MD_CAN_SHA256)
540     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
541       "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
542       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
543       0,
544       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
545 #endif /* MBEDTLS_MD_CAN_SHA256 */
546 #if defined(MBEDTLS_MD_CAN_SHA384)
547     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
548       "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
549       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
550       0,
551       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
552 #endif /* MBEDTLS_MD_CAN_SHA384 */
553 #endif /* MBEDTLS_SSL_HAVE_CBC */
554 
555 #if defined(MBEDTLS_SSL_HAVE_GCM)
556 #if defined(MBEDTLS_MD_CAN_SHA256)
557     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
558       "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
559       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
560       0,
561       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
562 #endif /* MBEDTLS_MD_CAN_SHA256 */
563 #if defined(MBEDTLS_MD_CAN_SHA384)
564     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
565       "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
566       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
567       0,
568       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
569 #endif /* MBEDTLS_MD_CAN_SHA384 */
570 #endif /* MBEDTLS_SSL_HAVE_GCM */
571 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
572 
573 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
574 #if defined(MBEDTLS_MD_CAN_SHA1)
575     { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
576       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
577       MBEDTLS_CIPHERSUITE_WEAK,
578       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
579 #endif /* MBEDTLS_MD_CAN_SHA1 */
580 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
581 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
582 
583 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
584 #if defined(MBEDTLS_SSL_HAVE_AES)
585 #if defined(MBEDTLS_MD_CAN_SHA384) && \
586     defined(MBEDTLS_SSL_HAVE_GCM)
587     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
588       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
589       0,
590       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
591 #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
592 
593 #if defined(MBEDTLS_MD_CAN_SHA256)
594 #if defined(MBEDTLS_SSL_HAVE_GCM)
595     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
596       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
597       0,
598       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
599 #endif /* MBEDTLS_SSL_HAVE_GCM */
600 
601 #if defined(MBEDTLS_SSL_HAVE_CBC)
602     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
603       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
604       0,
605       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
606 
607     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
608       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
609       0,
610       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
611 #endif /* MBEDTLS_SSL_HAVE_CBC */
612 #endif /* MBEDTLS_MD_CAN_SHA256 */
613 
614 #if defined(MBEDTLS_SSL_HAVE_CBC)
615 #if defined(MBEDTLS_MD_CAN_SHA1)
616     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
617       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
618       0,
619       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
620 
621     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
622       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
623       0,
624       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
625 #endif /* MBEDTLS_MD_CAN_SHA1 */
626 #endif /* MBEDTLS_SSL_HAVE_CBC */
627 #if defined(MBEDTLS_SSL_HAVE_CCM)
628     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
629       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
630       0,
631       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
632     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
633       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
634       MBEDTLS_CIPHERSUITE_SHORT_TAG,
635       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
636     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
637       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
638       0,
639       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
640     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
641       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
642       MBEDTLS_CIPHERSUITE_SHORT_TAG,
643       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
644 #endif /* MBEDTLS_SSL_HAVE_CCM */
645 #endif /* MBEDTLS_SSL_HAVE_AES */
646 
647 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
648 #if defined(MBEDTLS_SSL_HAVE_CBC)
649 #if defined(MBEDTLS_MD_CAN_SHA256)
650     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
651       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
652       0,
653       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
654 
655     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
656       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
657       0,
658       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
659 #endif /* MBEDTLS_MD_CAN_SHA256 */
660 
661 #if defined(MBEDTLS_MD_CAN_SHA1)
662     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
663       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
664       0,
665       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
666 
667     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
668       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
669       0,
670       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
671 #endif /* MBEDTLS_MD_CAN_SHA1 */
672 #endif /* MBEDTLS_SSL_HAVE_CBC */
673 #if defined(MBEDTLS_SSL_HAVE_GCM)
674 #if defined(MBEDTLS_MD_CAN_SHA256)
675     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
676       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
677       0,
678       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
679 #endif /* MBEDTLS_MD_CAN_SHA256 */
680 
681 #if defined(MBEDTLS_MD_CAN_SHA384)
682     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
683       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
684       0,
685       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
686 #endif /* MBEDTLS_MD_CAN_SHA384 */
687 #endif /* MBEDTLS_SSL_HAVE_GCM */
688 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
689 
690 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
691 
692 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
693 #if defined(MBEDTLS_SSL_HAVE_AES)
694 #if defined(MBEDTLS_MD_CAN_SHA384) && \
695     defined(MBEDTLS_SSL_HAVE_GCM)
696     { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
697       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
698       0,
699       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
700 #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
701 
702 #if defined(MBEDTLS_MD_CAN_SHA256)
703 #if defined(MBEDTLS_SSL_HAVE_GCM)
704     { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
705       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
706       0,
707       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
708 #endif /* MBEDTLS_SSL_HAVE_GCM */
709 
710 #if defined(MBEDTLS_SSL_HAVE_CBC)
711     { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
712       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
713       0,
714       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
715 
716     { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
717       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
718       0,
719       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
720 #endif /* MBEDTLS_SSL_HAVE_CBC */
721 #endif /* MBEDTLS_MD_CAN_SHA256 */
722 
723 #if defined(MBEDTLS_MD_CAN_SHA1)
724 #if defined(MBEDTLS_SSL_HAVE_CBC)
725     { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
726       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
727       0,
728       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
729 
730     { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
731       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
732       0,
733       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
734 #endif /* MBEDTLS_SSL_HAVE_CBC */
735 #endif /* MBEDTLS_MD_CAN_SHA1 */
736 #if defined(MBEDTLS_SSL_HAVE_CCM)
737     { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
738       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
739       0,
740       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
741     { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
742       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
743       MBEDTLS_CIPHERSUITE_SHORT_TAG,
744       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
745     { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
746       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
747       0,
748       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
749     { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
750       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
751       MBEDTLS_CIPHERSUITE_SHORT_TAG,
752       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
753 #endif /* MBEDTLS_SSL_HAVE_CCM */
754 #endif /* MBEDTLS_SSL_HAVE_AES */
755 
756 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
757 #if defined(MBEDTLS_SSL_HAVE_CBC)
758 #if defined(MBEDTLS_MD_CAN_SHA256)
759     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
760       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
761       0,
762       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
763 
764     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
765       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
766       0,
767       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
768 #endif /* MBEDTLS_MD_CAN_SHA256 */
769 
770 #if defined(MBEDTLS_MD_CAN_SHA1)
771     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
772       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
773       0,
774       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
775 
776     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
777       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
778       0,
779       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
780 #endif /* MBEDTLS_MD_CAN_SHA1 */
781 #endif /* MBEDTLS_SSL_HAVE_CBC */
782 
783 #if defined(MBEDTLS_SSL_HAVE_GCM)
784 #if defined(MBEDTLS_MD_CAN_SHA256)
785     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
786       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
787       0,
788       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
789 #endif /* MBEDTLS_MD_CAN_SHA256 */
790 
791 #if defined(MBEDTLS_MD_CAN_SHA384)
792     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
793       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
794       0,
795       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
796 #endif /* MBEDTLS_MD_CAN_SHA384 */
797 #endif /* MBEDTLS_SSL_HAVE_GCM */
798 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
799 
800 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
801 
802 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
803 #if defined(MBEDTLS_SSL_HAVE_AES)
804 #if defined(MBEDTLS_MD_CAN_SHA1)
805 #if defined(MBEDTLS_SSL_HAVE_CBC)
806     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
807       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
808       0,
809       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
810     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
811       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
812       0,
813       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
814 #endif /* MBEDTLS_SSL_HAVE_CBC */
815 #endif /* MBEDTLS_MD_CAN_SHA1 */
816 #if defined(MBEDTLS_MD_CAN_SHA256)
817 #if defined(MBEDTLS_SSL_HAVE_CBC)
818     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
819       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
820       0,
821       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
822 #endif /* MBEDTLS_SSL_HAVE_CBC */
823 #if defined(MBEDTLS_SSL_HAVE_GCM)
824     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
825       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
826       0,
827       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
828 #endif /* MBEDTLS_SSL_HAVE_GCM */
829 #endif /* MBEDTLS_MD_CAN_SHA256 */
830 #if defined(MBEDTLS_MD_CAN_SHA384)
831 #if defined(MBEDTLS_SSL_HAVE_CBC)
832     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
833       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
834       0,
835       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
836 #endif /* MBEDTLS_SSL_HAVE_CBC */
837 #if defined(MBEDTLS_SSL_HAVE_GCM)
838     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
839       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
840       0,
841       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
842 #endif /* MBEDTLS_SSL_HAVE_GCM */
843 #endif /* MBEDTLS_MD_CAN_SHA384 */
844 #endif /* MBEDTLS_SSL_HAVE_AES */
845 
846 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
847 #if defined(MBEDTLS_SSL_HAVE_CBC)
848 #if defined(MBEDTLS_MD_CAN_SHA256)
849     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
850       "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
851       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
852       0,
853       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
854 #endif /* MBEDTLS_MD_CAN_SHA256 */
855 #if defined(MBEDTLS_MD_CAN_SHA384)
856     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
857       "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
858       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
859       0,
860       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
861 #endif /* MBEDTLS_MD_CAN_SHA384 */
862 #endif /* MBEDTLS_SSL_HAVE_CBC */
863 
864 #if defined(MBEDTLS_SSL_HAVE_GCM)
865 #if defined(MBEDTLS_MD_CAN_SHA256)
866     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
867       "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
868       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
869       0,
870       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
871 #endif /* MBEDTLS_MD_CAN_SHA256 */
872 #if defined(MBEDTLS_MD_CAN_SHA384)
873     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
874       "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
875       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
876       0,
877       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
878 #endif /* MBEDTLS_MD_CAN_SHA384 */
879 #endif /* MBEDTLS_SSL_HAVE_GCM */
880 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
881 
882 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
883 #if defined(MBEDTLS_MD_CAN_SHA1)
884     { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
885       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
886       MBEDTLS_CIPHERSUITE_WEAK,
887       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
888 #endif /* MBEDTLS_MD_CAN_SHA1 */
889 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
890 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
891 
892 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
893 #if defined(MBEDTLS_SSL_HAVE_AES)
894 #if defined(MBEDTLS_MD_CAN_SHA1)
895 #if defined(MBEDTLS_SSL_HAVE_CBC)
896     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
897       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
898       0,
899       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
900     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
901       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
902       0,
903       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
904 #endif /* MBEDTLS_SSL_HAVE_CBC */
905 #endif /* MBEDTLS_MD_CAN_SHA1 */
906 #if defined(MBEDTLS_MD_CAN_SHA256)
907 #if defined(MBEDTLS_SSL_HAVE_CBC)
908     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
909       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
910       0,
911       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
912 #endif /* MBEDTLS_SSL_HAVE_CBC */
913 #if defined(MBEDTLS_SSL_HAVE_GCM)
914     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
915       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
916       0,
917       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
918 #endif /* MBEDTLS_SSL_HAVE_GCM */
919 #endif /* MBEDTLS_MD_CAN_SHA256 */
920 #if defined(MBEDTLS_MD_CAN_SHA384)
921 #if defined(MBEDTLS_SSL_HAVE_CBC)
922     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
923       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
924       0,
925       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
926 #endif /* MBEDTLS_SSL_HAVE_CBC */
927 #if defined(MBEDTLS_SSL_HAVE_GCM)
928     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
929       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
930       0,
931       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
932 #endif /* MBEDTLS_SSL_HAVE_GCM */
933 #endif /* MBEDTLS_MD_CAN_SHA384 */
934 #endif /* MBEDTLS_SSL_HAVE_AES */
935 
936 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
937 #if defined(MBEDTLS_SSL_HAVE_CBC)
938 #if defined(MBEDTLS_MD_CAN_SHA256)
939     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
940       "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
941       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
942       0,
943       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
944 #endif /* MBEDTLS_MD_CAN_SHA256 */
945 #if defined(MBEDTLS_MD_CAN_SHA384)
946     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
947       "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
948       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
949       0,
950       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
951 #endif /* MBEDTLS_MD_CAN_SHA384 */
952 #endif /* MBEDTLS_SSL_HAVE_CBC */
953 
954 #if defined(MBEDTLS_SSL_HAVE_GCM)
955 #if defined(MBEDTLS_MD_CAN_SHA256)
956     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
957       "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
958       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
959       0,
960       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
961 #endif /* MBEDTLS_MD_CAN_SHA256 */
962 #if defined(MBEDTLS_MD_CAN_SHA384)
963     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
964       "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
965       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
966       0,
967       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
968 #endif /* MBEDTLS_MD_CAN_SHA384 */
969 #endif /* MBEDTLS_SSL_HAVE_GCM */
970 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
971 
972 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
973 #if defined(MBEDTLS_MD_CAN_SHA1)
974     { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
975       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
976       MBEDTLS_CIPHERSUITE_WEAK,
977       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
978 #endif /* MBEDTLS_MD_CAN_SHA1 */
979 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
980 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
981 
982 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
983 #if defined(MBEDTLS_SSL_HAVE_AES)
984 #if defined(MBEDTLS_SSL_HAVE_GCM)
985 #if defined(MBEDTLS_MD_CAN_SHA256)
986     { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
987       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
988       0,
989       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
990 #endif /* MBEDTLS_MD_CAN_SHA256 */
991 
992 #if defined(MBEDTLS_MD_CAN_SHA384)
993     { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
994       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
995       0,
996       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
997 #endif /* MBEDTLS_MD_CAN_SHA384 */
998 #endif /* MBEDTLS_SSL_HAVE_GCM */
999 
1000 #if defined(MBEDTLS_SSL_HAVE_CBC)
1001 #if defined(MBEDTLS_MD_CAN_SHA256)
1002     { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1003       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1004       0,
1005       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1006 #endif /* MBEDTLS_MD_CAN_SHA256 */
1007 
1008 #if defined(MBEDTLS_MD_CAN_SHA384)
1009     { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1010       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1011       0,
1012       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1013 #endif /* MBEDTLS_MD_CAN_SHA384 */
1014 
1015 #if defined(MBEDTLS_MD_CAN_SHA1)
1016     { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1017       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1018       0,
1019       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1020 
1021     { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1022       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1023       0,
1024       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1025 #endif /* MBEDTLS_MD_CAN_SHA1 */
1026 #endif /* MBEDTLS_SSL_HAVE_CBC */
1027 #if defined(MBEDTLS_SSL_HAVE_CCM)
1028     { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1029       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1030       0,
1031       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1032     { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1033       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1034       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1035       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1036     { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1037       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1038       0,
1039       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1040     { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1041       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1042       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1043       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1044 #endif /* MBEDTLS_SSL_HAVE_CCM */
1045 #endif /* MBEDTLS_SSL_HAVE_AES */
1046 
1047 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1048 #if defined(MBEDTLS_SSL_HAVE_CBC)
1049 #if defined(MBEDTLS_MD_CAN_SHA256)
1050     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1051       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1052       0,
1053       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1054 #endif /* MBEDTLS_MD_CAN_SHA256 */
1055 
1056 #if defined(MBEDTLS_MD_CAN_SHA384)
1057     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1058       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1059       0,
1060       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1061 #endif /* MBEDTLS_MD_CAN_SHA384 */
1062 #endif /* MBEDTLS_SSL_HAVE_CBC */
1063 
1064 #if defined(MBEDTLS_SSL_HAVE_GCM)
1065 #if defined(MBEDTLS_MD_CAN_SHA256)
1066     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1067       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1068       0,
1069       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1070 #endif /* MBEDTLS_MD_CAN_SHA256 */
1071 
1072 #if defined(MBEDTLS_MD_CAN_SHA384)
1073     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1074       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1075       0,
1076       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1077 #endif /* MBEDTLS_MD_CAN_SHA384 */
1078 #endif /* MBEDTLS_SSL_HAVE_GCM */
1079 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1080 
1081 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1082 
1083 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1084 #if defined(MBEDTLS_SSL_HAVE_AES)
1085 #if defined(MBEDTLS_SSL_HAVE_GCM)
1086 #if defined(MBEDTLS_MD_CAN_SHA256)
1087     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1088       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1089       0,
1090       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1091 #endif /* MBEDTLS_MD_CAN_SHA256 */
1092 
1093 #if defined(MBEDTLS_MD_CAN_SHA384)
1094     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1095       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1096       0,
1097       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1098 #endif /* MBEDTLS_MD_CAN_SHA384 */
1099 #endif /* MBEDTLS_SSL_HAVE_GCM */
1100 
1101 #if defined(MBEDTLS_SSL_HAVE_CBC)
1102 #if defined(MBEDTLS_MD_CAN_SHA256)
1103     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1104       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1105       0,
1106       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1107 #endif /* MBEDTLS_MD_CAN_SHA256 */
1108 
1109 #if defined(MBEDTLS_MD_CAN_SHA384)
1110     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1111       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1112       0,
1113       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1114 #endif /* MBEDTLS_MD_CAN_SHA384 */
1115 
1116 #if defined(MBEDTLS_MD_CAN_SHA1)
1117     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1118       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1119       0,
1120       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1121 
1122     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1123       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1124       0,
1125       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1126 #endif /* MBEDTLS_MD_CAN_SHA1 */
1127 #endif /* MBEDTLS_SSL_HAVE_CBC */
1128 #if defined(MBEDTLS_SSL_HAVE_CCM)
1129     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1130       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1131       0,
1132       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1133     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1134       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1135       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1136       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1137     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1138       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1139       0,
1140       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1141     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1142       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1143       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1144       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1145 #endif /* MBEDTLS_SSL_HAVE_CCM */
1146 #endif /* MBEDTLS_SSL_HAVE_AES */
1147 
1148 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1149 #if defined(MBEDTLS_SSL_HAVE_CBC)
1150 #if defined(MBEDTLS_MD_CAN_SHA256)
1151     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1152       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1153       0,
1154       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1155 #endif /* MBEDTLS_MD_CAN_SHA256 */
1156 
1157 #if defined(MBEDTLS_MD_CAN_SHA384)
1158     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1159       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1160       0,
1161       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1162 #endif /* MBEDTLS_MD_CAN_SHA384 */
1163 #endif /* MBEDTLS_SSL_HAVE_CBC */
1164 
1165 #if defined(MBEDTLS_SSL_HAVE_GCM)
1166 #if defined(MBEDTLS_MD_CAN_SHA256)
1167     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1168       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1169       0,
1170       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1171 #endif /* MBEDTLS_MD_CAN_SHA256 */
1172 
1173 #if defined(MBEDTLS_MD_CAN_SHA384)
1174     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1175       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1176       0,
1177       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1178 #endif /* MBEDTLS_MD_CAN_SHA384 */
1179 #endif /* MBEDTLS_SSL_HAVE_GCM */
1180 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1181 
1182 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1183 
1184 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1185 #if defined(MBEDTLS_SSL_HAVE_AES)
1186 
1187 #if defined(MBEDTLS_SSL_HAVE_CBC)
1188 #if defined(MBEDTLS_MD_CAN_SHA256)
1189     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1190       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1191       0,
1192       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1193 #endif /* MBEDTLS_MD_CAN_SHA256 */
1194 
1195 #if defined(MBEDTLS_MD_CAN_SHA384)
1196     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1197       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1198       0,
1199       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1200 #endif /* MBEDTLS_MD_CAN_SHA384 */
1201 
1202 #if defined(MBEDTLS_MD_CAN_SHA1)
1203     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1204       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1205       0,
1206       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1207 
1208     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1209       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1210       0,
1211       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1212 #endif /* MBEDTLS_MD_CAN_SHA1 */
1213 #endif /* MBEDTLS_SSL_HAVE_CBC */
1214 #endif /* MBEDTLS_SSL_HAVE_AES */
1215 
1216 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1217 #if defined(MBEDTLS_SSL_HAVE_CBC)
1218 #if defined(MBEDTLS_MD_CAN_SHA256)
1219     { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1220       "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1221       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1222       0,
1223       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1224 #endif /* MBEDTLS_MD_CAN_SHA256 */
1225 
1226 #if defined(MBEDTLS_MD_CAN_SHA384)
1227     { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1228       "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1229       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1230       0,
1231       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1232 #endif /* MBEDTLS_MD_CAN_SHA384 */
1233 #endif /* MBEDTLS_SSL_HAVE_CBC */
1234 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1235 
1236 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1237 
1238 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1239 #if defined(MBEDTLS_SSL_HAVE_AES)
1240 #if defined(MBEDTLS_SSL_HAVE_GCM)
1241 #if defined(MBEDTLS_MD_CAN_SHA256)
1242     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1243       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1244       0,
1245       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1246 #endif /* MBEDTLS_MD_CAN_SHA256 */
1247 
1248 #if defined(MBEDTLS_MD_CAN_SHA384)
1249     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1250       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1251       0,
1252       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1253 #endif /* MBEDTLS_MD_CAN_SHA384 */
1254 #endif /* MBEDTLS_SSL_HAVE_GCM */
1255 
1256 #if defined(MBEDTLS_SSL_HAVE_CBC)
1257 #if defined(MBEDTLS_MD_CAN_SHA256)
1258     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1259       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1260       0,
1261       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1262 #endif /* MBEDTLS_MD_CAN_SHA256 */
1263 
1264 #if defined(MBEDTLS_MD_CAN_SHA384)
1265     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1266       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1267       0,
1268       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1269 #endif /* MBEDTLS_MD_CAN_SHA384 */
1270 
1271 #if defined(MBEDTLS_MD_CAN_SHA1)
1272     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1273       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1274       0,
1275       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1276 
1277     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1278       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1279       0,
1280       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1281 #endif /* MBEDTLS_MD_CAN_SHA1 */
1282 #endif /* MBEDTLS_SSL_HAVE_CBC */
1283 #endif /* MBEDTLS_SSL_HAVE_AES */
1284 
1285 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1286 #if defined(MBEDTLS_SSL_HAVE_CBC)
1287 #if defined(MBEDTLS_MD_CAN_SHA256)
1288     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1289       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1290       0,
1291       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1292 #endif /* MBEDTLS_MD_CAN_SHA256 */
1293 
1294 #if defined(MBEDTLS_MD_CAN_SHA384)
1295     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1296       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1297       0,
1298       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1299 #endif /* MBEDTLS_MD_CAN_SHA384 */
1300 #endif /* MBEDTLS_SSL_HAVE_CBC */
1301 
1302 #if defined(MBEDTLS_SSL_HAVE_GCM)
1303 #if defined(MBEDTLS_MD_CAN_SHA256)
1304     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1305       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1306       0,
1307       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1308 #endif /* MBEDTLS_MD_CAN_SHA256 */
1309 
1310 #if defined(MBEDTLS_MD_CAN_SHA384)
1311     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1312       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1313       0,
1314       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1315 #endif /* MBEDTLS_MD_CAN_SHA384 */
1316 #endif /* MBEDTLS_SSL_HAVE_GCM */
1317 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1318 
1319 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1320 
1321 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1322 #if defined(MBEDTLS_SSL_HAVE_AES)
1323 #if defined(MBEDTLS_SSL_HAVE_CCM)
1324     { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1325       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1326       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1327       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1328 #endif /* MBEDTLS_SSL_HAVE_CCM */
1329 #endif /* MBEDTLS_SSL_HAVE_AES */
1330 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1331 
1332 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1333 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1334 #if defined(MBEDTLS_MD_CAN_MD5)
1335     { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1336       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1337       MBEDTLS_CIPHERSUITE_WEAK,
1338       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1339 #endif
1340 
1341 #if defined(MBEDTLS_MD_CAN_SHA1)
1342     { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1343       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1344       MBEDTLS_CIPHERSUITE_WEAK,
1345       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1346 #endif
1347 
1348 #if defined(MBEDTLS_MD_CAN_SHA256)
1349     { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1350       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1351       MBEDTLS_CIPHERSUITE_WEAK,
1352       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1353 #endif
1354 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1355 
1356 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1357 #if defined(MBEDTLS_MD_CAN_SHA1)
1358     { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1359       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1360       MBEDTLS_CIPHERSUITE_WEAK,
1361       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1362 #endif /* MBEDTLS_MD_CAN_SHA1 */
1363 
1364 #if defined(MBEDTLS_MD_CAN_SHA256)
1365     { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1366       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1367       MBEDTLS_CIPHERSUITE_WEAK,
1368       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1369 #endif
1370 
1371 #if defined(MBEDTLS_MD_CAN_SHA384)
1372     { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1373       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1374       MBEDTLS_CIPHERSUITE_WEAK,
1375       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1376 #endif /* MBEDTLS_MD_CAN_SHA384 */
1377 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1378 
1379 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1380 #if defined(MBEDTLS_MD_CAN_SHA1)
1381     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1382       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1383       MBEDTLS_CIPHERSUITE_WEAK,
1384       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1385 #endif /* MBEDTLS_MD_CAN_SHA1 */
1386 
1387 #if defined(MBEDTLS_MD_CAN_SHA256)
1388     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1389       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1390       MBEDTLS_CIPHERSUITE_WEAK,
1391       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1392 #endif
1393 
1394 #if defined(MBEDTLS_MD_CAN_SHA384)
1395     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1396       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1397       MBEDTLS_CIPHERSUITE_WEAK,
1398       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1399 #endif /* MBEDTLS_MD_CAN_SHA384 */
1400 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1401 
1402 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1403 #if defined(MBEDTLS_MD_CAN_SHA1)
1404     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1405       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1406       MBEDTLS_CIPHERSUITE_WEAK,
1407       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1408 #endif /* MBEDTLS_MD_CAN_SHA1 */
1409 
1410 #if defined(MBEDTLS_MD_CAN_SHA256)
1411     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1412       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1413       MBEDTLS_CIPHERSUITE_WEAK,
1414       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1415 #endif
1416 
1417 #if defined(MBEDTLS_MD_CAN_SHA384)
1418     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1419       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1420       MBEDTLS_CIPHERSUITE_WEAK,
1421       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1422 #endif /* MBEDTLS_MD_CAN_SHA384 */
1423 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1424 
1425 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1426 #if defined(MBEDTLS_MD_CAN_SHA1)
1427     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1428       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1429       MBEDTLS_CIPHERSUITE_WEAK,
1430       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1431 #endif /* MBEDTLS_MD_CAN_SHA1 */
1432 
1433 #if defined(MBEDTLS_MD_CAN_SHA256)
1434     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1435       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1436       MBEDTLS_CIPHERSUITE_WEAK,
1437       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1438 #endif
1439 
1440 #if defined(MBEDTLS_MD_CAN_SHA384)
1441     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1442       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1443       MBEDTLS_CIPHERSUITE_WEAK,
1444       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1445 #endif /* MBEDTLS_MD_CAN_SHA384 */
1446 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1447 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1448 
1449 #if defined(MBEDTLS_SSL_HAVE_ARIA)
1450 
1451 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1452 
1453 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1454     { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
1455       "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
1456       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1457       0,
1458       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1459 #endif
1460 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1461     defined(MBEDTLS_MD_CAN_SHA384))
1462     { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
1463       "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
1464       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1465       0,
1466       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1467 #endif
1468 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1469     { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
1470       "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
1471       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1472       0,
1473       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1474 #endif
1475 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1476     defined(MBEDTLS_MD_CAN_SHA256))
1477     { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
1478       "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
1479       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1480       0,
1481       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1482 #endif
1483 
1484 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1485 
1486 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1487 
1488 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1489     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
1490       "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
1491       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1492       0,
1493       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1494 #endif
1495 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1496     defined(MBEDTLS_MD_CAN_SHA384))
1497     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
1498       "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
1499       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1500       0,
1501       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1502 #endif
1503 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1504     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
1505       "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
1506       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1507       0,
1508       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1509 #endif
1510 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1511     defined(MBEDTLS_MD_CAN_SHA256))
1512     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
1513       "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
1514       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1515       0,
1516       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1517 #endif
1518 
1519 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1520 
1521 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1522 
1523 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1524     { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
1525       "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1526       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1527       0,
1528       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1529 #endif
1530 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1531     defined(MBEDTLS_MD_CAN_SHA384))
1532     { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
1533       "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
1534       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1535       0,
1536       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1537 #endif
1538 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1539     { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
1540       "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
1541       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1542       0,
1543       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1544 #endif
1545 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1546     defined(MBEDTLS_MD_CAN_SHA256))
1547     { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
1548       "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
1549       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1550       0,
1551       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1552 #endif
1553 
1554 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1555 
1556 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1557 
1558 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1559     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
1560       "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
1561       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1562       0,
1563       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1564 #endif
1565 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1566     defined(MBEDTLS_MD_CAN_SHA384))
1567     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
1568       "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
1569       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1570       0,
1571       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1572 #endif
1573 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1574     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
1575       "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
1576       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1577       0,
1578       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1579 #endif
1580 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1581     defined(MBEDTLS_MD_CAN_SHA256))
1582     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
1583       "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
1584       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1585       0,
1586       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1587 #endif
1588 
1589 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1590 
1591 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1592 
1593 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1594     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
1595       "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
1596       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1597       0,
1598       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1599 #endif
1600 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1601     defined(MBEDTLS_MD_CAN_SHA384))
1602     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
1603       "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
1604       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1605       0,
1606       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1607 #endif
1608 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1609     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
1610       "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
1611       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1612       0,
1613       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1614 #endif
1615 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1616     defined(MBEDTLS_MD_CAN_SHA256))
1617     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
1618       "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
1619       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1620       0,
1621       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1622 #endif
1623 
1624 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1625 
1626 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1627 
1628 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1629     defined(MBEDTLS_MD_CAN_SHA384))
1630     { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
1631       "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
1632       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1633       0,
1634       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1635 #endif
1636 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1637     defined(MBEDTLS_MD_CAN_SHA256))
1638     { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
1639       "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
1640       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1641       0,
1642       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1643 #endif
1644 
1645 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1646 
1647 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1648 
1649 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1650     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
1651       "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
1652       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1653       0,
1654       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1655 #endif
1656 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1657     defined(MBEDTLS_MD_CAN_SHA384))
1658     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
1659       "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
1660       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1661       0,
1662       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1663 #endif
1664 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1665     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
1666       "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
1667       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1668       0,
1669       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1670 #endif
1671 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1672     defined(MBEDTLS_MD_CAN_SHA256))
1673     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
1674       "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
1675       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1676       0,
1677       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1678 #endif
1679 
1680 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1681 
1682 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1683 
1684 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1685     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
1686       "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
1687       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1688       0,
1689       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1690 #endif
1691 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1692     defined(MBEDTLS_MD_CAN_SHA384))
1693     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
1694       "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
1695       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1696       0,
1697       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1698 #endif
1699 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1700     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
1701       "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
1702       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1703       0,
1704       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1705 #endif
1706 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1707     defined(MBEDTLS_MD_CAN_SHA256))
1708     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
1709       "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
1710       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1711       0,
1712       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1713 #endif
1714 
1715 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1716 
1717 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1718 
1719 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1720     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
1721       "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
1722       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1723       0,
1724       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1725 #endif
1726 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1727     defined(MBEDTLS_MD_CAN_SHA384))
1728     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
1729       "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
1730       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1731       0,
1732       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1733 #endif
1734 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1735     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
1736       "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
1737       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1738       0,
1739       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1740 #endif
1741 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1742     defined(MBEDTLS_MD_CAN_SHA256))
1743     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
1744       "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
1745       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1746       0,
1747       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1748 #endif
1749 
1750 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1751 
1752 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1753 
1754 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1755     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
1756       "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
1757       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1758       0,
1759       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1760 #endif
1761 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1762     defined(MBEDTLS_MD_CAN_SHA384))
1763     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
1764       "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
1765       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1766       0,
1767       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1768 #endif
1769 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1770     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
1771       "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
1772       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1773       0,
1774       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1775 #endif
1776 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1777     defined(MBEDTLS_MD_CAN_SHA256))
1778     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
1779       "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
1780       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1781       0,
1782       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1783 #endif
1784 
1785 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1786 
1787 #endif /* MBEDTLS_SSL_HAVE_ARIA */
1788 
1789 
1790     { 0, "",
1791       MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1792       0, 0, 0 }
1793 };
1794 
1795 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)1796 const int *mbedtls_ssl_list_ciphersuites(void)
1797 {
1798     return ciphersuite_preference;
1799 }
1800 #else
1801 #define MAX_CIPHERSUITES    sizeof(ciphersuite_definitions) /         \
1802     sizeof(ciphersuite_definitions[0])
1803 static int supported_ciphersuites[MAX_CIPHERSUITES];
1804 static int supported_init = 0;
1805 
1806 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)1807 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
1808 {
1809     (void) cs_info;
1810 
1811     return 0;
1812 }
1813 
mbedtls_ssl_list_ciphersuites(void)1814 const int *mbedtls_ssl_list_ciphersuites(void)
1815 {
1816     /*
1817      * On initial call filter out all ciphersuites not supported by current
1818      * build based on presence in the ciphersuite_definitions.
1819      */
1820     if (supported_init == 0) {
1821         const int *p;
1822         int *q;
1823 
1824         for (p = ciphersuite_preference, q = supported_ciphersuites;
1825              *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1826              p++) {
1827             const mbedtls_ssl_ciphersuite_t *cs_info;
1828             if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1829                 !ciphersuite_is_removed(cs_info)) {
1830                 *(q++) = *p;
1831             }
1832         }
1833         *q = 0;
1834 
1835         supported_init = 1;
1836     }
1837 
1838     return supported_ciphersuites;
1839 }
1840 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1841 
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)1842 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1843     const char *ciphersuite_name)
1844 {
1845     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1846 
1847     if (NULL == ciphersuite_name) {
1848         return NULL;
1849     }
1850 
1851     while (cur->id != 0) {
1852         if (0 == strcmp(cur->name, ciphersuite_name)) {
1853             return cur;
1854         }
1855 
1856         cur++;
1857     }
1858 
1859     return NULL;
1860 }
1861 
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)1862 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
1863 {
1864     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1865 
1866     while (cur->id != 0) {
1867         if (cur->id == ciphersuite) {
1868             return cur;
1869         }
1870 
1871         cur++;
1872     }
1873 
1874     return NULL;
1875 }
1876 
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)1877 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
1878 {
1879     const mbedtls_ssl_ciphersuite_t *cur;
1880 
1881     cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
1882 
1883     if (cur == NULL) {
1884         return "unknown";
1885     }
1886 
1887     return cur->name;
1888 }
1889 
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)1890 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
1891 {
1892     const mbedtls_ssl_ciphersuite_t *cur;
1893 
1894     cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
1895 
1896     if (cur == NULL) {
1897         return 0;
1898     }
1899 
1900     return cur->id;
1901 }
1902 
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t * info)1903 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
1904 {
1905 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1906     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1907     psa_key_type_t key_type;
1908     psa_algorithm_t alg;
1909     size_t key_bits;
1910 
1911     status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
1912                                        info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1913                                        &alg, &key_type, &key_bits);
1914 
1915     if (status != PSA_SUCCESS) {
1916         return 0;
1917     }
1918 
1919     return key_bits;
1920 #else
1921     const mbedtls_cipher_info_t * const cipher_info =
1922         mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
1923 
1924     return mbedtls_cipher_info_get_key_bitlen(cipher_info);
1925 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1926 }
1927 
1928 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)1929 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
1930 {
1931     switch (info->key_exchange) {
1932         case MBEDTLS_KEY_EXCHANGE_RSA:
1933         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1934         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1935         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1936             return MBEDTLS_PK_RSA;
1937 
1938         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1939             return MBEDTLS_PK_ECDSA;
1940 
1941         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1942         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1943             return MBEDTLS_PK_ECKEY;
1944 
1945         default:
1946             return MBEDTLS_PK_NONE;
1947     }
1948 }
1949 
1950 #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t * info)1951 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
1952 {
1953     switch (info->key_exchange) {
1954         case MBEDTLS_KEY_EXCHANGE_RSA:
1955         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1956             return PSA_ALG_RSA_PKCS1V15_CRYPT;
1957         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1958         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1959             return PSA_ALG_RSA_PKCS1V15_SIGN(
1960                 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
1961 
1962         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1963             return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
1964 
1965         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1966         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1967             return PSA_ALG_ECDH;
1968 
1969         default:
1970             return PSA_ALG_NONE;
1971     }
1972 }
1973 
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t * info)1974 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
1975 {
1976     switch (info->key_exchange) {
1977         case MBEDTLS_KEY_EXCHANGE_RSA:
1978         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1979             return PSA_KEY_USAGE_DECRYPT;
1980         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1981         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1982         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1983             return PSA_KEY_USAGE_SIGN_HASH;
1984 
1985         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1986         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1987             return PSA_KEY_USAGE_DERIVE;
1988 
1989         default:
1990             return 0;
1991     }
1992 }
1993 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1994 
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)1995 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
1996 {
1997     switch (info->key_exchange) {
1998         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1999         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2000             return MBEDTLS_PK_RSA;
2001 
2002         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2003             return MBEDTLS_PK_ECDSA;
2004 
2005         default:
2006             return MBEDTLS_PK_NONE;
2007     }
2008 }
2009 
2010 #endif /* MBEDTLS_PK_C */
2011 
2012 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
2013     defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
2014     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)2015 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
2016 {
2017     switch (info->key_exchange) {
2018         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2019         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2020         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2021         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2022         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
2023         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
2024             return 1;
2025 
2026         default:
2027             return 0;
2028     }
2029 }
2030 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
2031         * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
2032         * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
2033 
2034 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)2035 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
2036 {
2037     switch (info->key_exchange) {
2038         case MBEDTLS_KEY_EXCHANGE_PSK:
2039         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2040         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2041         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2042             return 1;
2043 
2044         default:
2045             return 0;
2046     }
2047 }
2048 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2049 
2050 #endif /* MBEDTLS_SSL_TLS_C */
2051