diff --git a/src/internal.c b/src/internal.c index f9ba832af..d3543883e 100755 --- a/src/internal.c +++ b/src/internal.c @@ -1300,6 +1300,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 if (tls1_2 && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -4731,6 +4738,15 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_DHE) return 1; break; + + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; #endif #ifdef HAVE_ANON case TLS_DH_anon_WITH_AES_128_CBC_SHA : @@ -10667,6 +10683,10 @@ static const char* const cipher_names[] = #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 "DHE-PSK-CHACHA20-POLY1305", #endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + "EDH-RSA-DES-CBC3-SHA", +#endif }; @@ -11105,6 +11125,10 @@ static int cipher_name_idx[] = #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, #endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +#endif }; diff --git a/src/keys.c b/src/keys.c index 4fe8ef68d..849636ee1 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1551,6 +1551,23 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; diff --git a/tests/test.conf b/tests/test.conf index 1bd560de9..40beed1cc 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1126,6 +1126,22 @@ -v 2 -l DHE-RSA-AES256-SHA256 +# server TLSv1.1 DHE 3DES +-v 2 +-l EDH-RSA-DES-CBC3-SHA + +# client TLSv1.1 DHE 3DES +-v 2 +-l EDH-RSA-DES-CBC3-SHA + +# server TLSv1.2 DHE 3DES +-v 3 +-l EDH-RSA-DES-CBC3-SHA + +# client TLSv1.2 DHE 3DES +-v 3 +-l EDH-RSA-DES-CBC3-SHA + # server TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 20791338b..1de9c874f 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -398,6 +398,9 @@ typedef byte word24[3]; #if !defined(NO_SHA) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + #if !defined(NO_DES3) + #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + #endif #endif #if !defined(NO_SHA256) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 @@ -703,6 +706,7 @@ typedef byte word24[3]; /* actual cipher values, 2nd byte */ enum { + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,