Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ssl_policies.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
34 #ifndef __SSL_POLICIES_H__
35 #define __SSL_POLICIES_H__
36 
37 #define SSL_MOD_POLICIES_KEY "ssl_module_policies"
38 
39 #ifndef OPENSSL_NO_SSL3
40 #define SSL_PROTOCOL_CONSTANTS_SSLV3 SSL_PROTOCOL_SSLV3
41 #else
42 #define SSL_PROTOCOL_CONSTANTS_SSLV3 0
43 #endif
44 
45 #ifdef HAVE_TLSV1_X
46 #define SSL_POLICY_LEGACY_PROTOCOLS \
47  (SSL_PROTOCOL_CONSTANTS_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1)
48 #endif
49 
50 /* Settings for all policies */
51 #define SSL_POLICY_HONOR_ORDER 1
52 #define SSL_POLICY_COMPRESSION 0
53 #define SSL_POLICY_SESSION_TICKETS 0
54 
64 #define SSL_POLICY_MOZILLA_VERSION 4.0
65 
66 #ifdef HAVE_TLSV1_X
67 #define SSL_POLICY_MODERN 1
68 #define SSL_POLICY_MODERN_SSL_CIPHERS "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
69 #define SSL_POLICY_MODERN_TLS13_CIPHERS NULL
70 #define SSL_POLICY_MODERN_PROTOCOLS (SSL_PROTOCOL_TLSV1_2|SSL_PROTOCOL_TLSV1_3)
71 #else /* ifdef HAVE_TLSV1_X */
72 #define SSL_POLICY_MODERN 0
73 #endif /* ifdef HAVE_TLSV1_X, else part */
74 
75 #define SSL_POLICY_INTERMEDIATE 1
76 #define SSL_POLICY_INTERMEDIATE_SSL_CIPHERS "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
77 #define SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS NULL
78 #define SSL_POLICY_INTERMEDIATE_PROTOCOLS (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3|SSL_PROTOCOL_CONSTANTS_SSLV3))
79 
80 #define SSL_POLICY_OLD 1
81 #define SSL_POLICY_OLD_SSL_CIPHERS "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP"
82 #define SSL_POLICY_OLD_TLS13_CIPHERS NULL
83 #define SSL_POLICY_OLD_PROTOCOLS (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3))
84 
85 
86 #endif /* __SSL_POLICIES_H__ */
87