Google Git
Sign in
boringssl/boringssl.git/e95b5f0ef5ea7a67446d836632513e4fcabb9281^!/.
commit
e95b5f0ef5ea7a67446d836632513e4fcabb9281
[log] [tgz]
author
David Benjamin <davidben@google.com>
Mon Oct 06 14:04:02 2025 -0400
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Tue Oct 07 07:56:21 2025 -0700
tree
7185746465c374c3f3058924c1154e4a8de2f596
parent
11b43a7af7c381818bd56dd0fae74c306078cf06 [diff]
Order TLS1_TXT_* and TLS1_CK_* in the same order

Not that this order means much. I think I ended up doing TLS1_CK_*
numerically.

Change-Id: Ie07ede318f73e5674b5275fb6c93bfa35373ce31
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82628
Commit-Queue: Lily Chen <chlily@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Lily Chen <chlily@google.com>

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 1fe6788..6d07d1c 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h

@@ -205,47 +205,34 @@
 #define TLS1_CK_AES_256_GCM_SHA384 TLS1_3_CK_AES_256_GCM_SHA384
 #define TLS1_CK_CHACHA20_POLY1305_SHA256 TLS1_3_CK_CHACHA20_POLY1305_SHA256
 
-// AES ciphersuites from RFC 3268
-#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA256 "ECDHE-RSA-AES128-SHA256"
-
-// PSK ciphersuites from RFC 4279
+// The following constants are the OpenSSL names (see |SSL_CIPHER_get_name|) for
+// various TLS ciphers. Prefer the standard name, returned from
+// |SSL_CIPHER_standard_name| and supported by |SSL_CTX_set_cipher_list|.
 #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
 #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
-
-// PSK ciphersuites from RFC 5489
 #define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
 #define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
-
-// TLS v1.2 GCM ciphersuites from RFC 5288
+#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
+#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
 #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
 #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
-
-// ECDH GCM based ciphersuites from RFC 5289
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA256 "ECDHE-RSA-AES128-SHA256"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
   "ECDHE-ECDSA-AES128-GCM-SHA256"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
   "ECDHE-ECDSA-AES256-GCM-SHA384"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
-
 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
   "ECDHE-RSA-CHACHA20-POLY1305"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
   "ECDHE-ECDSA-CHACHA20-POLY1305"
 #define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
   "ECDHE-PSK-CHACHA20-POLY1305"
-
-// TLS 1.3 ciphersuites from RFC 8446.
 #define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
 #define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
 #define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"