summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Wu <lekensteyn@gmail.com>2013-10-02 00:44:42 +0200
committerPeter Wu <lekensteyn@gmail.com>2013-10-02 00:44:42 +0200
commitbdba74960ad6f24641b7f49b5c501c2b5c3e71db (patch)
tree682b723ce0a2af77432a9c2b04663188859fcc1b
parent64df66b0f09d0f9d3a40d31bb2b4936f889c3caf (diff)
downloadwireshark-notes-bdba74960ad6f24641b7f49b5c501c2b5c3e71db.tar.gz
Add cleanup patches in development
I previously mentioned that nobody seems to support AES CCM for PSK, but then I noticed that bug 8567 uses this for a DTLS capture. I might need to add some of these missing cases to the ssl_get_keyex_alg function. [1]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8567
-rw-r--r--patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch50
-rw-r--r--patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch107
-rw-r--r--patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch349
-rw-r--r--patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch136
-rw-r--r--patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch287
5 files changed, 929 insertions, 0 deletions
diff --git a/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch b/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch
new file mode 100644
index 0000000..ba51078
--- /dev/null
+++ b/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch
@@ -0,0 +1,50 @@
+From 540afe9e6a9b38033b9f5dfc7379fc436456bb89 Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 17:57:00 +0200
+Subject: [PATCH 1/6] ssl: Support PSK larger than 16 octets
+
+PSK allows up to 2^16-1 octets as key according to RFC 4279 (PSK for
+TLS). Therefore remove the restriction of 16 octets. While at it, skip
+testing for negative size as this is unnecessary.
+
+Reported at:
+http://ask.wireshark.org/questions/25157/can-not-decrypt-ssl-psk-traffic
+---
+ epan/dissectors/packet-ssl.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index e4e2ec4..31dbada 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -2154,14 +2154,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+
+ size = (int)strlen(ssl_psk);
+
+- /* psk must be 0 to 16 bytes*/
+- if (size < 0 || size > 32 || size % 2 != 0)
++ /* The length of PSK ranges from 0..2^16-1 octets (times two for hex string) */
++ if (size < 0 || size % 2 != 0 || size >= (2 << 16))
+ {
++ ssl_debug_printf("dissect_ssl3_handshake: length of ssl.psk must be multiple of two");
+ break;
+ }
+
+ /* convert hex string into char*/
+- out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size > 0 ? size / 2 : 0);
++ out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size / 2);
+
+ for (i = 0; i < size; i+=2)
+ {
+@@ -2172,7 +2173,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+
+ ssl->psk = (guchar*) out;
+
+- psk_len = size > 0 ? size / 2 : 0;
++ psk_len = size / 2;
+ pre_master_len = psk_len * 2 + 4;
+
+ pre_master_secret.data = (guchar *)wmem_alloc(wmem_file_scope(), pre_master_len);
+--
+1.8.4
+
diff --git a/patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch b/patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch
new file mode 100644
index 0000000..8085a6a
--- /dev/null
+++ b/patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch
@@ -0,0 +1,107 @@
+From dbd243dcf789eca4ccd0a7ec1d69236c069b34ab Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 19:06:40 +0200
+Subject: [PATCH 2/6] Use correct key exchange type for ECDHE ciphers
+
+The kex field is currently not used, but once ssl_get_keyex_alg is
+replaced to use this, the mistakes became apparent.
+---
+ epan/dissectors/packet-ssl-utils.c | 82 +++++++++++++++++++-------------------
+ 1 file changed, 41 insertions(+), 41 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index c8fefe2..cebf230 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1867,47 +1867,47 @@ static SslCipherSuite cipher_suites[]={
+ {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+ {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+ {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
+- {49153,KEX_DH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+- {49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+- {49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
+- {49156,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
+- {49157,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
+- {49158,KEX_DH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+- {49159,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
+- {49160,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
+- {49161,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
+- {49162,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
+- {49163,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */
+- {49164,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+- {49165,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
+- {49166,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
+- {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
+- {49168,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+- {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+- {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
+- {49171,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
+- {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+- {49173,KEX_DH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */
+- {49174,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+- {49175,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+- {49176,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+- {49177,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+- {49187,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
+- {49188,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
+- {49189,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
+- {49190,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
+- {49191,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
+- {49192,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
+- {49193,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
+- {49194,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
+- {49195,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
+- {49196,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
+- {49197,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
+- {49198,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
+- {49199,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+- {49200,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+- {49201,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+- {49202,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
++ {49153,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
++ {49154,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
++ {49155,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
++ {49156,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
++ {49157,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
++ {49158,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
++ {49159,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
++ {49160,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
++ {49161,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
++ {49162,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
++ {49163,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */
++ {49164,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
++ {49165,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
++ {49166,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
++ {49167,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
++ {49168,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */
++ {49169,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
++ {49170,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
++ {49171,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
++ {49172,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
++ {49173,KEX_ECDH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */
++ {49174,KEX_ECDH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */
++ {49175,KEX_ECDH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
++ {49176,KEX_ECDH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
++ {49177,KEX_ECDH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
++ {49187,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
++ {49188,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
++ {49189,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
++ {49190,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
++ {49191,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
++ {49192,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
++ {49193,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
++ {49194,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
++ {49195,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
++ {49196,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
++ {49197,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
++ {49198,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
++ {49199,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
++ {49200,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
++ {49201,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
++ {49202,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
+ {-1, 0,0,0,0,0,0,0, 0}
+ };
+
+--
+1.8.4
+
diff --git a/patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch b/patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch
new file mode 100644
index 0000000..7fd131a
--- /dev/null
+++ b/patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch
@@ -0,0 +1,349 @@
+From 3ae3c5039f134b484bdb3e0d898d15ef11d7b1d5 Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 23:13:04 +0200
+Subject: [PATCH 3/6] ssl: drop unused SIG_ field and constants
+
+These "signature" (server authentication) fields are not used by
+Wireshark and complicates the cipher suites list unnecessary. Some are
+even incorrect, like cipher 139 (TLS_PSK_WITH_3DES_EDE_CBC_SHA) which
+does not use SIG_RSA, but it unauthenticated using a PSK only.
+
+Since this field is not used, decrease maintenance burden by removing
+it. If someone feels a need to re-add this field, you can update
+generate-wireshark-cs[1] and regenerate the code.
+
+ [1]: https://git.lekensteyn.nl/peter/wireshark-notes/tree/
+---
+ epan/dissectors/packet-ssl-utils.c | 292 ++++++++++++++++++-------------------
+ epan/dissectors/packet-ssl-utils.h | 5 -
+ 2 files changed, 146 insertions(+), 151 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index cebf230..e478057 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1763,152 +1763,152 @@ static const gchar *ciphers[]={
+ };
+
+ static SslCipherSuite cipher_suites[]={
+- {1,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */
+- {2,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */
+- {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
+- {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */
+- {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */
+- {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_MD5, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
+- {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_IDEA_CBC_SHA */
+- {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
+- {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_DES_CBC_SHA */
+- {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
+- {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
+- {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_DES_CBC_SHA */
+- {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
+- {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
+- {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_DES_CBC_SHA */
+- {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
+- {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
+- {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
+- {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
+- {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
+- {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
+- {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
+- {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
+- {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */
+- {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+- {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_DES_CBC_SHA */
+- {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
+- {47,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA */
+- {48,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
+- {49,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
+- {50,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
+- {51,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
+- {52,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
+- {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_256_CBC_SHA */
+- {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
+- {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
+- {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
+- {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
+- {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
+- {59,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */
+- {60,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
+- {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
+- {62,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
+- {63,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
+- {64,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
+- {65,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
+- {66,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
+- {67,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
+- {68,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
+- {69,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
+- {70,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
+- {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
+- {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
+- {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
+- {99,KEX_DH,SIG_DSS,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
+- {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
+- {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
+- {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},
+- {103,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
+- {104,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
+- {105,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
+- {106,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
+- {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
+- {108,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
+- {109,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
+- {132,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
+- {133,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
+- {134,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
+- {135,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
+- {136,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
+- {137,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
+- {139,KEX_PSK,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
+- {140,KEX_PSK,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
+- {141,KEX_PSK,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
+- {150,KEX_RSA,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_SEED_CBC_SHA */
+- {151,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
+- {152,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
+- {153,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
+- {154,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
+- {155,KEX_DH,SIG_NONE,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_SEED_CBC_SHA */
+- {156,KEX_RSA,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
+- {157,KEX_RSA,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
+- {158,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
+- {159,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
+- {160,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
+- {161,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
+- {162,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
+- {163,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
+- {164,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
+- {165,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
+- {166,KEX_DH,SIG_NONE,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+- {167,KEX_DH,SIG_NONE,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
+- {186,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+- {187,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+- {188,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+- {189,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+- {190,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+- {191,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
+- {192,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+- {193,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+- {194,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+- {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+- {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+- {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
+- {49153,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+- {49154,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+- {49155,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
+- {49156,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
+- {49157,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
+- {49158,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+- {49159,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
+- {49160,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
+- {49161,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
+- {49162,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
+- {49163,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */
+- {49164,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+- {49165,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
+- {49166,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
+- {49167,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
+- {49168,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+- {49169,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+- {49170,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
+- {49171,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
+- {49172,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+- {49173,KEX_ECDH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */
+- {49174,KEX_ECDH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+- {49175,KEX_ECDH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+- {49176,KEX_ECDH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+- {49177,KEX_ECDH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+- {49187,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
+- {49188,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
+- {49189,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
+- {49190,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
+- {49191,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
+- {49192,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
+- {49193,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
+- {49194,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
+- {49195,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
+- {49196,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
+- {49197,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
+- {49198,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
+- {49199,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+- {49200,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+- {49201,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+- {49202,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
+- {-1, 0,0,0,0,0,0,0, 0}
++ {1,KEX_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */
++ {2,KEX_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */
++ {3,KEX_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
++ {4,KEX_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */
++ {5,KEX_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */
++ {6,KEX_RSA,ENC_RC2,8,128,40,DIG_MD5, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
++ {7,KEX_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_IDEA_CBC_SHA */
++ {8,KEX_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
++ {9,KEX_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_DES_CBC_SHA */
++ {10,KEX_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
++ {11,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
++ {12,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_DES_CBC_SHA */
++ {13,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
++ {14,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
++ {15,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_DES_CBC_SHA */
++ {16,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
++ {17,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
++ {18,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
++ {19,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
++ {20,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
++ {21,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
++ {22,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
++ {23,KEX_DH,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
++ {24,KEX_DH,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */
++ {25,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
++ {26,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_DES_CBC_SHA */
++ {27,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
++ {47,KEX_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA */
++ {48,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
++ {49,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
++ {50,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
++ {51,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
++ {52,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
++ {53,KEX_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_256_CBC_SHA */
++ {54,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
++ {55,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
++ {56,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
++ {57,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
++ {58,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
++ {59,KEX_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */
++ {60,KEX_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
++ {61,KEX_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
++ {62,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
++ {63,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
++ {64,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
++ {65,KEX_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
++ {66,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
++ {67,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
++ {68,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
++ {69,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
++ {70,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
++ {96,KEX_RSA,ENC_RC4,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
++ {97,KEX_RSA,ENC_RC2,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
++ {98,KEX_RSA,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
++ {99,KEX_DH,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
++ {100,KEX_RSA,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
++ {101,KEX_DH,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
++ {102,KEX_DH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},
++ {103,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
++ {104,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
++ {105,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
++ {106,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
++ {107,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
++ {108,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
++ {109,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
++ {132,KEX_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
++ {133,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
++ {134,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
++ {135,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
++ {136,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
++ {137,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
++ {139,KEX_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
++ {140,KEX_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
++ {141,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
++ {150,KEX_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_SEED_CBC_SHA */
++ {151,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
++ {152,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
++ {153,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
++ {154,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
++ {155,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_SEED_CBC_SHA */
++ {156,KEX_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
++ {157,KEX_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
++ {158,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
++ {159,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
++ {160,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
++ {161,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
++ {162,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
++ {163,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
++ {164,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
++ {165,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
++ {166,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
++ {167,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
++ {186,KEX_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {187,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
++ {188,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {189,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
++ {190,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {191,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
++ {192,KEX_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
++ {193,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
++ {194,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
++ {195,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
++ {196,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
++ {197,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
++ {49153,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
++ {49154,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
++ {49155,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
++ {49156,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
++ {49157,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
++ {49158,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
++ {49159,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
++ {49160,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
++ {49161,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
++ {49162,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
++ {49163,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */
++ {49164,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
++ {49165,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
++ {49166,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
++ {49167,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
++ {49168,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */
++ {49169,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
++ {49170,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
++ {49171,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
++ {49172,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
++ {49173,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */
++ {49174,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */
++ {49175,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
++ {49176,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
++ {49177,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
++ {49187,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
++ {49188,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
++ {49189,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
++ {49190,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
++ {49191,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
++ {49192,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
++ {49193,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
++ {49194,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
++ {49195,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
++ {49196,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
++ {49197,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
++ {49198,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
++ {49199,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
++ {49200,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
++ {49201,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
++ {49202,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
++ {-1, 0,0,0,0,0,0, 0}
+ };
+
+ #define MAX_BLOCK_SIZE 16
+diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
+index 4c9dd84..30f78ae 100644
+--- a/epan/dissectors/packet-ssl-utils.h
++++ b/epan/dissectors/packet-ssl-utils.h
+@@ -234,7 +234,6 @@ typedef struct _StringInfo {
+ typedef struct _SslCipherSuite {
+ gint number;
+ gint kex;
+- gint sig;
+ gint enc;
+ gint block; /* IV block size */
+ gint bits;
+@@ -270,10 +269,6 @@ typedef struct _SslDecoder {
+ #define KEX_ECDH 0x13
+ #define KEX_RSA_PSK 0x14
+
+-#define SIG_RSA 0x20
+-#define SIG_DSS 0x21
+-#define SIG_NONE 0x22
+-
+ #define ENC_DES 0x30
+ #define ENC_3DES 0x31
+ #define ENC_RC4 0x32
+--
+1.8.4
+
diff --git a/patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch b/patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch
new file mode 100644
index 0000000..c18072c
--- /dev/null
+++ b/patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch
@@ -0,0 +1,136 @@
+From f1b5f73a27817373d056af925fbe123d218697bb Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 23:52:10 +0200
+Subject: [PATCH 4/6] Add more PSK and Camellia ciphers
+
+Notably, TLS_PSK_WITH_RC4_128_SHA was missing. This cipher suite is
+supported by OpenSSL. The others are taken from the IANA page,
+processed through generate-wireshark-cs[1].
+
+ [1]: https://git.lekensteyn.nl/peter/wireshark-notes/tree/generate-wireshark-cs
+---
+ epan/dissectors/packet-ssl-utils.c | 87 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 84 insertions(+), 3 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index e478057..863e431 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1790,6 +1790,9 @@ static SslCipherSuite cipher_suites[]={
+ {25,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+ {26,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_DES_CBC_SHA */
+ {27,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
++ {44,KEX_PSK,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA */
++ {45,KEX_DH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA */
++ {46,KEX_RSA_PSK,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA */
+ {47,KEX_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_AES_128_CBC_SHA */
+ {48,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
+ {49,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
+@@ -1834,9 +1837,18 @@ static SslCipherSuite cipher_suites[]={
+ {135,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
+ {136,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
+ {137,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
+- {139,KEX_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
+- {140,KEX_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
+- {141,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
++ {138,KEX_PSK,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_PSK_WITH_RC4_128_SHA */
++ {139,KEX_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */
++ {140,KEX_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_AES_128_CBC_SHA */
++ {141,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_AES_256_CBC_SHA */
++ {142,KEX_DH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_DHE_PSK_WITH_RC4_128_SHA */
++ {143,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */
++ {144,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */
++ {145,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */
++ {146,KEX_RSA_PSK,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_PSK_WITH_RC4_128_SHA */
++ {147,KEX_RSA_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */
++ {148,KEX_RSA_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */
++ {149,KEX_RSA_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */
+ {150,KEX_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_SEED_CBC_SHA */
+ {151,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
+ {152,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
+@@ -1855,6 +1867,24 @@ static SslCipherSuite cipher_suites[]={
+ {165,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
+ {166,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+ {167,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
++ {168,KEX_PSK,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */
++ {169,KEX_PSK,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */
++ {170,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */
++ {171,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */
++ {172,KEX_RSA_PSK,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */
++ {173,KEX_RSA_PSK,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */
++ {174,KEX_PSK,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */
++ {175,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */
++ {176,KEX_PSK,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA256 */
++ {177,KEX_PSK,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA384 */
++ {178,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */
++ {179,KEX_DH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */
++ {180,KEX_DH,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA256 */
++ {181,KEX_DH,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA384 */
++ {182,KEX_RSA_PSK,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */
++ {183,KEX_RSA_PSK,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */
++ {184,KEX_RSA_PSK,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA256 */
++ {185,KEX_RSA_PSK,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA384 */
+ {186,KEX_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {187,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+ {188,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+@@ -1908,6 +1938,57 @@ static SslCipherSuite cipher_suites[]={
+ {49200,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+ {49201,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+ {49202,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
++ {49203,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */
++ {49204,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */
++ {49205,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */
++ {49206,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */
++ {49207,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */
++ {49208,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */
++ {49209,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA */
++ {49210,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */
++ {49211,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */
++ {49266,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49267,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49268,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49269,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49270,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49271,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49272,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49273,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49274,KEX_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49275,KEX_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49276,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49277,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49278,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49279,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49280,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49281,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49282,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49283,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49284,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49285,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49286,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49287,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49288,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49289,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49290,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49291,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49292,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49293,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49294,KEX_PSK,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49295,KEX_PSK,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49296,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49297,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49298,KEX_RSA_PSK,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
++ {49299,KEX_RSA_PSK,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM}, /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
++ {49300,KEX_PSK,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49301,KEX_PSK,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49302,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49303,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49304,KEX_RSA_PSK,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49305,KEX_RSA_PSK,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
++ {49306,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++ {49307,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC}, /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
+ {-1, 0,0,0,0,0,0, 0}
+ };
+
+--
+1.8.4
+
diff --git a/patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch b/patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch
new file mode 100644
index 0000000..f5d7be7
--- /dev/null
+++ b/patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch
@@ -0,0 +1,287 @@
+From e959b19462c28a74092b445f17fd20f7507c9cca Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Wed, 2 Oct 2013 00:11:45 +0200
+Subject: [PATCH 5/6] Simplify determining key exchange algorithm, more PSK
+ support
+
+The list of key exchange algorithms in ssl_get_keyex_alg is a
+list of magic numbers that is also available in the cipher_suites
+variable (compiled when GnuTLS support is enabled). Use this fact
+to avoid having the same numbers in two places.
+
+Note that this places a dependency on GnuTLS. Without GnuTLS,
+ssl_find_cipher always returns -1. This is not a big issue as
+ssl_get_keyex_alg() is only used for decoding the ClientKeyExchange and
+ServerKeyExchange messages. Support for these has only been added very
+recently and users of this feature will very likely also have GnuTLS
+support enabled to allow decryption of TLS packets.
+
+Comparing the cipher_suites list to the magic numbers list shows
+that 32 new Camellia cipher suites have been added. Some cipher suites
+are gone: all 8 ARIA cipher suites (not implemented by major TLS
+libraries), 6 AES-CCM suites for PSK and the cipher suites 0xFE,0xFF;
+0xFE,0xFF; 0xFF,0xE0; 0xFF,0xE1 (marked as reserved by IANA).
+
+After this change, PSK client params are decoded for more PSK cipher
+suites by not relying on magic numbers, but checking the keyex type.
+---
+ epan/dissectors/packet-ssl-utils.c | 222 +------------------------------------
+ epan/dissectors/packet-ssl.c | 6 +-
+ 2 files changed, 5 insertions(+), 223 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index 863e431..d38b3bd 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1093,224 +1093,10 @@ struct _SslDecompress {
+ 0 indicates unknown */
+ gint ssl_get_keyex_alg(gint cipher)
+ {
+- switch(cipher) {
+- case 0x0001:
+- case 0x0002:
+- case 0x0003:
+- case 0x0004:
+- case 0x0005:
+- case 0x0006:
+- case 0x0007:
+- case 0x0008:
+- case 0x0009:
+- case 0x000a:
+- case 0x002f:
+- case 0x0035:
+- case 0x003b:
+- case 0x003c:
+- case 0x003d:
+- case 0x0041:
+- case 0x0060:
+- case 0x0061:
+- case 0x0062:
+- case 0x0064:
+- case 0x0084:
+- case 0x0096:
+- case 0x009c:
+- case 0x009d:
+- case 0x00ba:
+- case 0x00c0:
+- case 0xfefe:
+- case 0xfeff:
+- case 0xffe0:
+- case 0xffe1:
+- return KEX_RSA;
+- case 0x000b:
+- case 0x000c:
+- case 0x000d:
+- case 0x000e:
+- case 0x000f:
+- case 0x0010:
+- case 0x0011:
+- case 0x0012:
+- case 0x0013:
+- case 0x0014:
+- case 0x0015:
+- case 0x0016:
+- case 0x0017:
+- case 0x0018:
+- case 0x0019:
+- case 0x001a:
+- case 0x001b:
+- case 0x002d:
+- case 0x0030:
+- case 0x0031:
+- case 0x0032:
+- case 0x0033:
+- case 0x0034:
+- case 0x0036:
+- case 0x0037:
+- case 0x0038:
+- case 0x0039:
+- case 0x003a:
+- case 0x003e:
+- case 0x003f:
+- case 0x0040:
+- case 0x0042:
+- case 0x0043:
+- case 0x0044:
+- case 0x0045:
+- case 0x0046:
+- case 0x0063:
+- case 0x0065:
+- case 0x0066:
+- case 0x0067:
+- case 0x0068:
+- case 0x0069:
+- case 0x006a:
+- case 0x006b:
+- case 0x006c:
+- case 0x006d:
+- case 0x0085:
+- case 0x0086:
+- case 0x0087:
+- case 0x0088:
+- case 0x0089:
+- case 0x008e:
+- case 0x008f:
+- case 0x0090:
+- case 0x0091:
+- case 0x0097:
+- case 0x0098:
+- case 0x0099:
+- case 0x009a:
+- case 0x009b:
+- case 0x009e:
+- case 0x009f:
+- case 0x00a0:
+- case 0x00a1:
+- case 0x00a2:
+- case 0x00a3:
+- case 0x00a4:
+- case 0x00a5:
+- case 0x00a6:
+- case 0x00a7:
+- case 0x00aa:
+- case 0x00ab:
+- case 0x00b2:
+- case 0x00b3:
+- case 0x00b4:
+- case 0x00b5:
+- case 0x00bb:
+- case 0x00bc:
+- case 0x00bd:
+- case 0x00be:
+- case 0x00bf:
+- case 0x00c1:
+- case 0x00c2:
+- case 0x00c3:
+- case 0x00c4:
+- case 0x00c5:
+- return KEX_DH;
+- case 0xc001:
+- case 0xc002:
+- case 0xc003:
+- case 0xc004:
+- case 0xc005:
+- case 0xc006:
+- case 0xc007:
+- case 0xc008:
+- case 0xc009:
+- case 0xc00a:
+- case 0xc00b:
+- case 0xc00c:
+- case 0xc00d:
+- case 0xc00e:
+- case 0xc00f:
+- case 0xc010:
+- case 0xc011:
+- case 0xc012:
+- case 0xc013:
+- case 0xc014:
+- case 0xc015:
+- case 0xc016:
+- case 0xc017:
+- case 0xc018:
+- case 0xc019:
+- case 0xc023:
+- case 0xc024:
+- case 0xc025:
+- case 0xc026:
+- case 0xc027:
+- case 0xc028:
+- case 0xc029:
+- case 0xc02a:
+- case 0xc02b:
+- case 0xc02c:
+- case 0xc02d:
+- case 0xc02e:
+- case 0xc02f:
+- case 0xc030:
+- case 0xc031:
+- case 0xc032:
+- case 0xc033:
+- case 0xc034:
+- case 0xc035:
+- case 0xc036:
+- case 0xc037:
+- case 0xc038:
+- case 0xc039:
+- case 0xc03a:
+- case 0xc03b:
+- return KEX_ECDH;
+- case 0x002C:
+- case 0x008A:
+- case 0x008B:
+- case 0x008C:
+- case 0x008D:
+- case 0x00A8:
+- case 0x00A9:
+- case 0x00AE:
+- case 0x00AF:
+- case 0x00B0:
+- case 0x00B1:
+- case 0xC064:
+- case 0xC065:
+- case 0xC06A:
+- case 0xC06B:
+- case 0xC08E:
+- case 0xC08F:
+- case 0xC094:
+- case 0xC095:
+- case 0xC0A4:
+- case 0xC0A5:
+- case 0xC0A8:
+- case 0xC0A9:
+- case 0xC0AA:
+- case 0xC0AB:
+- return KEX_PSK;
+- case 0x002E:
+- case 0x0092:
+- case 0x0093:
+- case 0x0094:
+- case 0x0095:
+- case 0x00AC:
+- case 0x00AD:
+- case 0x00B6:
+- case 0x00B7:
+- case 0x00B8:
+- case 0x00B9:
+- case 0xC068:
+- case 0xC069:
+- case 0xC06E:
+- case 0xC06F:
+- case 0xC092:
+- case 0xC093:
+- case 0xC098:
+- case 0xC099:
+- return KEX_RSA_PSK;
+- default:
+- break;
++ SslCipherSuite cs;
++ if (ssl_find_cipher(cipher, &cs) == 0) {
++ /* NOTE: this requires GnuTLS, otherwise stuff is not compiled-in. */
++ return cs.kex;
+ }
+
+ return 0;
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index 31dbada..bdd6727 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -2129,14 +2129,10 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ {
+ /* PAOLO: here we can have all the data to build session key*/
+
+- gint cipher_num;
+-
+ if (!ssl)
+ break;
+
+- cipher_num = ssl->cipher;
+-
+- if (cipher_num == 0x8a || cipher_num == 0x8b || cipher_num == 0x8c || cipher_num == 0x8d)
++ if (ssl->cipher_suite.kex == KEX_PSK)
+ {
+ /* calculate pre master secret*/
+ StringInfo pre_master_secret;
+--
+1.8.4
+