From bdba74960ad6f24641b7f49b5c501c2b5c3e71db Mon Sep 17 00:00:00 2001
From: Peter Wu <lekensteyn@gmail.com>
Date: Wed, 2 Oct 2013 00:44:42 +0200
Subject: Add cleanup patches in development

I previously mentioned that nobody seems to support AES CCM for PSK, but
then I noticed that bug 8567 uses this for a DTLS capture. I might need
to add some of these missing cases to the ssl_get_keyex_alg function.

 [1]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8567
---
 ...001-ssl-Support-PSK-larger-than-16-octets.patch |  50 +++
 ...rrect-key-exchange-type-for-ECDHE-ciphers.patch | 107 +++++++
 ...-ssl-drop-unused-SIG_-field-and-constants.patch | 349 +++++++++++++++++++++
 .../0004-Add-more-PSK-and-Camellia-ciphers.patch   | 136 ++++++++
 ...termining-key-exchange-algorithm-more-PSK.patch | 287 +++++++++++++++++
 5 files changed, 929 insertions(+)
 create mode 100644 patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch
 create mode 100644 patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch
 create mode 100644 patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch
 create mode 100644 patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch
 create mode 100644 patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch

diff --git a/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch b/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch
new file mode 100644
index 0000000..ba51078
--- /dev/null
+++ b/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch
@@ -0,0 +1,50 @@
+From 540afe9e6a9b38033b9f5dfc7379fc436456bb89 Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 17:57:00 +0200
+Subject: [PATCH 1/6] ssl: Support PSK larger than 16 octets
+
+PSK allows up to 2^16-1 octets as key according to RFC 4279 (PSK for
+TLS). Therefore remove the restriction of 16 octets. While at it, skip
+testing for negative size as this is unnecessary.
+
+Reported at:
+http://ask.wireshark.org/questions/25157/can-not-decrypt-ssl-psk-traffic
+---
+ epan/dissectors/packet-ssl.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index e4e2ec4..31dbada 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -2154,14 +2154,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ 
+                         size = (int)strlen(ssl_psk);
+ 
+-                        /* psk must be 0 to 16 bytes*/
+-                        if (size < 0 || size > 32 || size % 2 != 0)
++                        /* The length of PSK ranges from 0..2^16-1 octets (times two for hex string) */
++                        if (size < 0 || size % 2 != 0 || size >= (2 << 16))
+                         {
++                            ssl_debug_printf("dissect_ssl3_handshake: length of ssl.psk must be multiple of two");
+                             break;
+                         }
+ 
+                         /* convert hex string into char*/
+-                        out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size > 0 ? size / 2 : 0);
++                        out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size / 2);
+ 
+                         for (i = 0; i < size; i+=2)
+                         {
+@@ -2172,7 +2173,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ 
+                         ssl->psk = (guchar*) out;
+ 
+-                        psk_len = size > 0 ? size / 2 : 0;
++                        psk_len = size / 2;
+                         pre_master_len = psk_len * 2 + 4;
+ 
+                         pre_master_secret.data = (guchar *)wmem_alloc(wmem_file_scope(), pre_master_len);
+-- 
+1.8.4
+
diff --git a/patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch b/patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch
new file mode 100644
index 0000000..8085a6a
--- /dev/null
+++ b/patches-psk-cleanup/0002-Use-correct-key-exchange-type-for-ECDHE-ciphers.patch
@@ -0,0 +1,107 @@
+From dbd243dcf789eca4ccd0a7ec1d69236c069b34ab Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 19:06:40 +0200
+Subject: [PATCH 2/6] Use correct key exchange type for ECDHE ciphers
+
+The kex field is currently not used, but once ssl_get_keyex_alg is
+replaced to use this, the mistakes became apparent.
+---
+ epan/dissectors/packet-ssl-utils.c | 82 +++++++++++++++++++-------------------
+ 1 file changed, 41 insertions(+), 41 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index c8fefe2..cebf230 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1867,47 +1867,47 @@ static SslCipherSuite cipher_suites[]={
+     {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+     {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+     {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {49153,KEX_DH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+-    {49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+-    {49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
+-    {49156,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
+-    {49157,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
+-    {49158,KEX_DH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+-    {49159,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
+-    {49160,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
+-    {49161,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
+-    {49162,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
+-    {49163,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_NULL_SHA */
+-    {49164,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+-    {49165,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {49166,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
+-    {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
+-    {49168,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+-    {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+-    {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {49171,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
+-    {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+-    {49173,KEX_DH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_NULL_SHA */
+-    {49174,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+-    {49175,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+-    {49176,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+-    {49177,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+-    {49187,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
+-    {49188,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
+-    {49189,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
+-    {49190,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
+-    {49191,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
+-    {49192,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
+-    {49193,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
+-    {49194,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
+-    {49195,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
+-    {49196,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
+-    {49197,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
+-    {49198,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
+-    {49199,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+-    {49200,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+-    {49201,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+-    {49202,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
++    {49153,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
++    {49154,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
++    {49155,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
++    {49156,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
++    {49157,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
++    {49158,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
++    {49159,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
++    {49160,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
++    {49161,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
++    {49162,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
++    {49163,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_NULL_SHA */
++    {49164,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
++    {49165,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
++    {49166,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
++    {49167,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
++    {49168,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
++    {49169,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
++    {49170,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
++    {49171,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
++    {49172,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
++    {49173,KEX_ECDH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_NULL_SHA */
++    {49174,KEX_ECDH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_RC4_128_SHA */
++    {49175,KEX_ECDH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
++    {49176,KEX_ECDH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
++    {49177,KEX_ECDH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
++    {49187,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
++    {49188,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
++    {49189,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
++    {49190,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
++    {49191,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
++    {49192,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
++    {49193,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
++    {49194,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
++    {49195,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
++    {49196,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
++    {49197,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
++    {49198,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
++    {49199,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
++    {49200,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
++    {49201,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
++    {49202,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
+     {-1, 0,0,0,0,0,0,0, 0}
+ };
+ 
+-- 
+1.8.4
+
diff --git a/patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch b/patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch
new file mode 100644
index 0000000..7fd131a
--- /dev/null
+++ b/patches-psk-cleanup/0003-ssl-drop-unused-SIG_-field-and-constants.patch
@@ -0,0 +1,349 @@
+From 3ae3c5039f134b484bdb3e0d898d15ef11d7b1d5 Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 23:13:04 +0200
+Subject: [PATCH 3/6] ssl: drop unused SIG_ field and constants
+
+These "signature" (server authentication) fields are not used by
+Wireshark and complicates the cipher suites list unnecessary. Some are
+even incorrect, like cipher 139 (TLS_PSK_WITH_3DES_EDE_CBC_SHA) which
+does not use SIG_RSA, but it unauthenticated using a PSK only.
+
+Since this field is not used, decrease maintenance burden by removing
+it. If someone feels a need to re-add this field, you can update
+generate-wireshark-cs[1] and regenerate the code.
+
+ [1]: https://git.lekensteyn.nl/peter/wireshark-notes/tree/
+---
+ epan/dissectors/packet-ssl-utils.c | 292 ++++++++++++++++++-------------------
+ epan/dissectors/packet-ssl-utils.h |   5 -
+ 2 files changed, 146 insertions(+), 151 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index cebf230..e478057 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1763,152 +1763,152 @@ static const gchar *ciphers[]={
+ };
+ 
+ static SslCipherSuite cipher_suites[]={
+-    {1,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_MD5 */
+-    {2,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA */
+-    {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
+-    {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_MD5 */
+-    {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_SHA */
+-    {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_MD5, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
+-    {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_IDEA_CBC_SHA */
+-    {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
+-    {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_DES_CBC_SHA */
+-    {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
+-    {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_DES_CBC_SHA */
+-    {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
+-    {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
+-    {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_DES_CBC_SHA */
+-    {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
+-    {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
+-    {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
+-    {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
+-    {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
+-    {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
+-    {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_DH_anon_WITH_RC4_128_MD5 */
+-    {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+-    {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_DES_CBC_SHA */
+-    {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
+-    {47,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA */
+-    {48,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
+-    {49,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
+-    {50,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
+-    {51,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
+-    {52,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
+-    {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_CBC_SHA */
+-    {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
+-    {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
+-    {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
+-    {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
+-    {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
+-    {59,KEX_RSA,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA256 */
+-    {60,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
+-    {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
+-    {62,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
+-    {63,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
+-    {64,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
+-    {65,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
+-    {66,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
+-    {67,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
+-    {68,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
+-    {69,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
+-    {70,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
+-    {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
+-    {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
+-    {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
+-    {99,KEX_DH,SIG_DSS,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
+-    {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
+-    {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
+-    {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},
+-    {103,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
+-    {104,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
+-    {105,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
+-    {106,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
+-    {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
+-    {108,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
+-    {109,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
+-    {132,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
+-    {133,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
+-    {134,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
+-    {135,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
+-    {136,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
+-    {137,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
+-    {139,KEX_PSK,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
+-    {140,KEX_PSK,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
+-    {141,KEX_PSK,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
+-    {150,KEX_RSA,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_SEED_CBC_SHA */
+-    {151,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
+-    {152,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
+-    {153,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
+-    {154,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
+-    {155,KEX_DH,SIG_NONE,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_SEED_CBC_SHA */
+-    {156,KEX_RSA,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
+-    {157,KEX_RSA,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
+-    {158,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
+-    {159,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
+-    {160,KEX_DH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
+-    {161,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
+-    {162,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
+-    {163,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
+-    {164,KEX_DH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
+-    {165,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
+-    {166,KEX_DH,SIG_NONE,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+-    {167,KEX_DH,SIG_NONE,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
+-    {186,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+-    {187,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+-    {188,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+-    {189,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+-    {190,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+-    {191,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
+-    {192,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {193,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {194,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
+-    {49153,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+-    {49154,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+-    {49155,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
+-    {49156,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
+-    {49157,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
+-    {49158,KEX_ECDH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+-    {49159,KEX_ECDH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
+-    {49160,KEX_ECDH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
+-    {49161,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
+-    {49162,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
+-    {49163,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_NULL_SHA */
+-    {49164,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+-    {49165,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {49166,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
+-    {49167,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
+-    {49168,KEX_ECDH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+-    {49169,KEX_ECDH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+-    {49170,KEX_ECDH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
+-    {49171,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
+-    {49172,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+-    {49173,KEX_ECDH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_NULL_SHA */
+-    {49174,KEX_ECDH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+-    {49175,KEX_ECDH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+-    {49176,KEX_ECDH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+-    {49177,KEX_ECDH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+-    {49187,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
+-    {49188,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
+-    {49189,KEX_ECDH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
+-    {49190,KEX_ECDH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
+-    {49191,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
+-    {49192,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
+-    {49193,KEX_ECDH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
+-    {49194,KEX_ECDH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
+-    {49195,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
+-    {49196,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
+-    {49197,KEX_ECDH,SIG_DSS,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
+-    {49198,KEX_ECDH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
+-    {49199,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+-    {49200,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+-    {49201,KEX_ECDH,SIG_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+-    {49202,KEX_ECDH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
+-    {-1, 0,0,0,0,0,0,0, 0}
++    {1,KEX_RSA,ENC_NULL,1,0,0,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_MD5 */
++    {2,KEX_RSA,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA */
++    {3,KEX_RSA,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
++    {4,KEX_RSA,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_MD5 */
++    {5,KEX_RSA,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_SHA */
++    {6,KEX_RSA,ENC_RC2,8,128,40,DIG_MD5, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
++    {7,KEX_RSA,ENC_IDEA,8,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_IDEA_CBC_SHA */
++    {8,KEX_RSA,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
++    {9,KEX_RSA,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_DES_CBC_SHA */
++    {10,KEX_RSA,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
++    {11,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
++    {12,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_DES_CBC_SHA */
++    {13,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
++    {14,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
++    {15,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_DES_CBC_SHA */
++    {16,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
++    {17,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
++    {18,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
++    {19,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
++    {20,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
++    {21,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
++    {22,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
++    {23,KEX_DH,ENC_RC4,1,128,40,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
++    {24,KEX_DH,ENC_RC4,1,128,128,DIG_MD5, SSL_CIPHER_MODE_STREAM},   /* TLS_DH_anon_WITH_RC4_128_MD5 */
++    {25,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
++    {26,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_DES_CBC_SHA */
++    {27,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
++    {47,KEX_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA */
++    {48,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
++    {49,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
++    {50,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
++    {51,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
++    {52,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
++    {53,KEX_RSA,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_CBC_SHA */
++    {54,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
++    {55,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
++    {56,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
++    {57,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
++    {58,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
++    {59,KEX_RSA,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA256 */
++    {60,KEX_RSA,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
++    {61,KEX_RSA,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
++    {62,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
++    {63,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
++    {64,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
++    {65,KEX_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
++    {66,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
++    {67,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
++    {68,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
++    {69,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
++    {70,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
++    {96,KEX_RSA,ENC_RC4,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
++    {97,KEX_RSA,ENC_RC2,1,128,56,DIG_MD5, SSL_CIPHER_MODE_STREAM},
++    {98,KEX_RSA,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
++    {99,KEX_DH,ENC_DES,8,64,56,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
++    {100,KEX_RSA,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
++    {101,KEX_DH,ENC_RC4,1,128,56,DIG_SHA, SSL_CIPHER_MODE_STREAM},
++    {102,KEX_DH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},
++    {103,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
++    {104,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
++    {105,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
++    {106,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
++    {107,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
++    {108,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
++    {109,KEX_DH,ENC_AES256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
++    {132,KEX_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
++    {133,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
++    {134,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
++    {135,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
++    {136,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
++    {137,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
++    {139,KEX_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
++    {140,KEX_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
++    {141,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
++    {150,KEX_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_SEED_CBC_SHA */
++    {151,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
++    {152,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
++    {153,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
++    {154,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
++    {155,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_SEED_CBC_SHA */
++    {156,KEX_RSA,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
++    {157,KEX_RSA,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
++    {158,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
++    {159,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
++    {160,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
++    {161,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
++    {162,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
++    {163,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
++    {164,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
++    {165,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
++    {166,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
++    {167,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
++    {186,KEX_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {187,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
++    {188,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {189,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
++    {190,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {191,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
++    {192,KEX_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
++    {193,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
++    {194,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
++    {195,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
++    {196,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
++    {197,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
++    {49153,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
++    {49154,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
++    {49155,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
++    {49156,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
++    {49157,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
++    {49158,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
++    {49159,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
++    {49160,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
++    {49161,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
++    {49162,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
++    {49163,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_NULL_SHA */
++    {49164,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
++    {49165,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
++    {49166,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
++    {49167,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
++    {49168,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
++    {49169,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
++    {49170,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
++    {49171,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
++    {49172,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
++    {49173,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_NULL_SHA */
++    {49174,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_RC4_128_SHA */
++    {49175,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
++    {49176,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
++    {49177,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
++    {49187,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
++    {49188,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
++    {49189,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
++    {49190,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
++    {49191,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
++    {49192,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
++    {49193,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
++    {49194,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
++    {49195,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
++    {49196,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
++    {49197,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
++    {49198,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
++    {49199,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
++    {49200,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
++    {49201,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
++    {49202,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
++    {-1, 0,0,0,0,0,0, 0}
+ };
+ 
+ #define MAX_BLOCK_SIZE 16
+diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
+index 4c9dd84..30f78ae 100644
+--- a/epan/dissectors/packet-ssl-utils.h
++++ b/epan/dissectors/packet-ssl-utils.h
+@@ -234,7 +234,6 @@ typedef struct _StringInfo {
+ typedef struct _SslCipherSuite {
+     gint number;
+     gint kex;
+-    gint sig;
+     gint enc;
+     gint block; /* IV block size */
+     gint bits;
+@@ -270,10 +269,6 @@ typedef struct _SslDecoder {
+ #define KEX_ECDH        0x13
+ #define KEX_RSA_PSK     0x14
+ 
+-#define SIG_RSA         0x20
+-#define SIG_DSS         0x21
+-#define SIG_NONE        0x22
+-
+ #define ENC_DES         0x30
+ #define ENC_3DES        0x31
+ #define ENC_RC4         0x32
+-- 
+1.8.4
+
diff --git a/patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch b/patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch
new file mode 100644
index 0000000..c18072c
--- /dev/null
+++ b/patches-psk-cleanup/0004-Add-more-PSK-and-Camellia-ciphers.patch
@@ -0,0 +1,136 @@
+From f1b5f73a27817373d056af925fbe123d218697bb Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Tue, 1 Oct 2013 23:52:10 +0200
+Subject: [PATCH 4/6] Add more PSK and Camellia ciphers
+
+Notably, TLS_PSK_WITH_RC4_128_SHA was missing. This cipher suite is
+supported by OpenSSL. The others are taken from the IANA page,
+processed through generate-wireshark-cs[1].
+
+ [1]: https://git.lekensteyn.nl/peter/wireshark-notes/tree/generate-wireshark-cs
+---
+ epan/dissectors/packet-ssl-utils.c | 87 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 84 insertions(+), 3 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index e478057..863e431 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1790,6 +1790,9 @@ static SslCipherSuite cipher_suites[]={
+     {25,KEX_DH,ENC_DES,8,64,40,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+     {26,KEX_DH,ENC_DES,8,64,64,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_DES_CBC_SHA */
+     {27,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
++    {44,KEX_PSK,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_PSK_WITH_NULL_SHA */
++    {45,KEX_DH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_DHE_PSK_WITH_NULL_SHA */
++    {46,KEX_RSA_PSK,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_PSK_WITH_NULL_SHA */
+     {47,KEX_RSA,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_CBC_SHA */
+     {48,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
+     {49,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
+@@ -1834,9 +1837,18 @@ static SslCipherSuite cipher_suites[]={
+     {135,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
+     {136,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
+     {137,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
+-    {139,KEX_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},
+-    {140,KEX_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},
+-    {141,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},
++    {138,KEX_PSK,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_PSK_WITH_RC4_128_SHA */
++    {139,KEX_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */
++    {140,KEX_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_AES_128_CBC_SHA */
++    {141,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_AES_256_CBC_SHA */
++    {142,KEX_DH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_DHE_PSK_WITH_RC4_128_SHA */
++    {143,KEX_DH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */
++    {144,KEX_DH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */
++    {145,KEX_DH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */
++    {146,KEX_RSA_PSK,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_PSK_WITH_RC4_128_SHA */
++    {147,KEX_RSA_PSK,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */
++    {148,KEX_RSA_PSK,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */
++    {149,KEX_RSA_PSK,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */
+     {150,KEX_RSA,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_SEED_CBC_SHA */
+     {151,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
+     {152,KEX_DH,ENC_SEED,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
+@@ -1855,6 +1867,24 @@ static SslCipherSuite cipher_suites[]={
+     {165,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
+     {166,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+     {167,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
++    {168,KEX_PSK,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_PSK_WITH_AES_128_GCM_SHA256 */
++    {169,KEX_PSK,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_PSK_WITH_AES_256_GCM_SHA384 */
++    {170,KEX_DH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */
++    {171,KEX_DH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */
++    {172,KEX_RSA_PSK,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */
++    {173,KEX_RSA_PSK,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */
++    {174,KEX_PSK,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_AES_128_CBC_SHA256 */
++    {175,KEX_PSK,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_AES_256_CBC_SHA384 */
++    {176,KEX_PSK,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_PSK_WITH_NULL_SHA256 */
++    {177,KEX_PSK,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM},   /* TLS_PSK_WITH_NULL_SHA384 */
++    {178,KEX_DH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */
++    {179,KEX_DH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */
++    {180,KEX_DH,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_DHE_PSK_WITH_NULL_SHA256 */
++    {181,KEX_DH,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM},   /* TLS_DHE_PSK_WITH_NULL_SHA384 */
++    {182,KEX_RSA_PSK,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */
++    {183,KEX_RSA_PSK,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */
++    {184,KEX_RSA_PSK,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_PSK_WITH_NULL_SHA256 */
++    {185,KEX_RSA_PSK,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM},   /* TLS_RSA_PSK_WITH_NULL_SHA384 */
+     {186,KEX_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+     {187,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+     {188,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+@@ -1908,6 +1938,57 @@ static SslCipherSuite cipher_suites[]={
+     {49200,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+     {49201,KEX_ECDH,ENC_AES,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+     {49202,KEX_ECDH,ENC_AES256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
++    {49203,KEX_ECDH,ENC_RC4,1,128,128,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */
++    {49204,KEX_ECDH,ENC_3DES,8,192,192,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */
++    {49205,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */
++    {49206,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */
++    {49207,KEX_ECDH,ENC_AES,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */
++    {49208,KEX_ECDH,ENC_AES256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */
++    {49209,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_NULL_SHA */
++    {49210,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA256, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */
++    {49211,KEX_ECDH,ENC_NULL,1,0,0,DIG_SHA384, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */
++    {49266,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49267,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49268,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49269,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49270,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49271,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49272,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49273,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49274,KEX_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49275,KEX_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49276,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49277,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49278,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49279,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49280,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49281,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49282,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49283,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49284,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49285,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49286,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49287,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49288,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49289,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49290,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49291,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49292,KEX_ECDH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49293,KEX_ECDH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49294,KEX_PSK,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49295,KEX_PSK,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49296,KEX_DH,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49297,KEX_DH,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49298,KEX_RSA_PSK,ENC_CAMELLIA128,4,128,128,DIG_SHA256, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
++    {49299,KEX_RSA_PSK,ENC_CAMELLIA256,4,256,256,DIG_SHA384, SSL_CIPHER_MODE_GCM},   /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
++    {49300,KEX_PSK,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49301,KEX_PSK,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49302,KEX_DH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49303,KEX_DH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49304,KEX_RSA_PSK,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49305,KEX_RSA_PSK,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
++    {49306,KEX_ECDH,ENC_CAMELLIA128,16,128,128,DIG_SHA256, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
++    {49307,KEX_ECDH,ENC_CAMELLIA256,16,256,256,DIG_SHA384, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
+     {-1, 0,0,0,0,0,0, 0}
+ };
+ 
+-- 
+1.8.4
+
diff --git a/patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch b/patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch
new file mode 100644
index 0000000..f5d7be7
--- /dev/null
+++ b/patches-psk-cleanup/0005-Simplify-determining-key-exchange-algorithm-more-PSK.patch
@@ -0,0 +1,287 @@
+From e959b19462c28a74092b445f17fd20f7507c9cca Mon Sep 17 00:00:00 2001
+From: Peter Wu <lekensteyn@gmail.com>
+Date: Wed, 2 Oct 2013 00:11:45 +0200
+Subject: [PATCH 5/6] Simplify determining key exchange algorithm, more PSK
+ support
+
+The list of key exchange algorithms in ssl_get_keyex_alg is a
+list of magic numbers that is also available in the cipher_suites
+variable (compiled when GnuTLS support is enabled). Use this fact
+to avoid having the same numbers in two places.
+
+Note that this places a dependency on GnuTLS. Without GnuTLS,
+ssl_find_cipher always returns -1. This is not a big issue as
+ssl_get_keyex_alg() is only used for decoding the ClientKeyExchange and
+ServerKeyExchange messages. Support for these has only been added very
+recently and users of this feature will very likely also have GnuTLS
+support enabled to allow decryption of TLS packets.
+
+Comparing the cipher_suites list to the magic numbers list shows
+that 32 new Camellia cipher suites have been added. Some cipher suites
+are gone: all 8 ARIA cipher suites (not implemented by major TLS
+libraries), 6 AES-CCM suites for PSK and the cipher suites 0xFE,0xFF;
+0xFE,0xFF; 0xFF,0xE0; 0xFF,0xE1 (marked as reserved by IANA).
+
+After this change, PSK client params are decoded for more PSK cipher
+suites by not relying on magic numbers, but checking the keyex type.
+---
+ epan/dissectors/packet-ssl-utils.c | 222 +------------------------------------
+ epan/dissectors/packet-ssl.c       |   6 +-
+ 2 files changed, 5 insertions(+), 223 deletions(-)
+
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index 863e431..d38b3bd 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1093,224 +1093,10 @@ struct _SslDecompress {
+    0 indicates unknown */
+ gint ssl_get_keyex_alg(gint cipher)
+ {
+-    switch(cipher) {
+-    case 0x0001:
+-    case 0x0002:
+-    case 0x0003:
+-    case 0x0004:
+-    case 0x0005:
+-    case 0x0006:
+-    case 0x0007:
+-    case 0x0008:
+-    case 0x0009:
+-    case 0x000a:
+-    case 0x002f:
+-    case 0x0035:
+-    case 0x003b:
+-    case 0x003c:
+-    case 0x003d:
+-    case 0x0041:
+-    case 0x0060:
+-    case 0x0061:
+-    case 0x0062:
+-    case 0x0064:
+-    case 0x0084:
+-    case 0x0096:
+-    case 0x009c:
+-    case 0x009d:
+-    case 0x00ba:
+-    case 0x00c0:
+-    case 0xfefe:
+-    case 0xfeff:
+-    case 0xffe0:
+-    case 0xffe1:
+-        return KEX_RSA;
+-    case 0x000b:
+-    case 0x000c:
+-    case 0x000d:
+-    case 0x000e:
+-    case 0x000f:
+-    case 0x0010:
+-    case 0x0011:
+-    case 0x0012:
+-    case 0x0013:
+-    case 0x0014:
+-    case 0x0015:
+-    case 0x0016:
+-    case 0x0017:
+-    case 0x0018:
+-    case 0x0019:
+-    case 0x001a:
+-    case 0x001b:
+-    case 0x002d:
+-    case 0x0030:
+-    case 0x0031:
+-    case 0x0032:
+-    case 0x0033:
+-    case 0x0034:
+-    case 0x0036:
+-    case 0x0037:
+-    case 0x0038:
+-    case 0x0039:
+-    case 0x003a:
+-    case 0x003e:
+-    case 0x003f:
+-    case 0x0040:
+-    case 0x0042:
+-    case 0x0043:
+-    case 0x0044:
+-    case 0x0045:
+-    case 0x0046:
+-    case 0x0063:
+-    case 0x0065:
+-    case 0x0066:
+-    case 0x0067:
+-    case 0x0068:
+-    case 0x0069:
+-    case 0x006a:
+-    case 0x006b:
+-    case 0x006c:
+-    case 0x006d:
+-    case 0x0085:
+-    case 0x0086:
+-    case 0x0087:
+-    case 0x0088:
+-    case 0x0089:
+-    case 0x008e:
+-    case 0x008f:
+-    case 0x0090:
+-    case 0x0091:
+-    case 0x0097:
+-    case 0x0098:
+-    case 0x0099:
+-    case 0x009a:
+-    case 0x009b:
+-    case 0x009e:
+-    case 0x009f:
+-    case 0x00a0:
+-    case 0x00a1:
+-    case 0x00a2:
+-    case 0x00a3:
+-    case 0x00a4:
+-    case 0x00a5:
+-    case 0x00a6:
+-    case 0x00a7:
+-    case 0x00aa:
+-    case 0x00ab:
+-    case 0x00b2:
+-    case 0x00b3:
+-    case 0x00b4:
+-    case 0x00b5:
+-    case 0x00bb:
+-    case 0x00bc:
+-    case 0x00bd:
+-    case 0x00be:
+-    case 0x00bf:
+-    case 0x00c1:
+-    case 0x00c2:
+-    case 0x00c3:
+-    case 0x00c4:
+-    case 0x00c5:
+-        return KEX_DH;
+-    case 0xc001:
+-    case 0xc002:
+-    case 0xc003:
+-    case 0xc004:
+-    case 0xc005:
+-    case 0xc006:
+-    case 0xc007:
+-    case 0xc008:
+-    case 0xc009:
+-    case 0xc00a:
+-    case 0xc00b:
+-    case 0xc00c:
+-    case 0xc00d:
+-    case 0xc00e:
+-    case 0xc00f:
+-    case 0xc010:
+-    case 0xc011:
+-    case 0xc012:
+-    case 0xc013:
+-    case 0xc014:
+-    case 0xc015:
+-    case 0xc016:
+-    case 0xc017:
+-    case 0xc018:
+-    case 0xc019:
+-    case 0xc023:
+-    case 0xc024:
+-    case 0xc025:
+-    case 0xc026:
+-    case 0xc027:
+-    case 0xc028:
+-    case 0xc029:
+-    case 0xc02a:
+-    case 0xc02b:
+-    case 0xc02c:
+-    case 0xc02d:
+-    case 0xc02e:
+-    case 0xc02f:
+-    case 0xc030:
+-    case 0xc031:
+-    case 0xc032:
+-    case 0xc033:
+-    case 0xc034:
+-    case 0xc035:
+-    case 0xc036:
+-    case 0xc037:
+-    case 0xc038:
+-    case 0xc039:
+-    case 0xc03a:
+-    case 0xc03b:
+-        return KEX_ECDH;
+-    case 0x002C:
+-    case 0x008A:
+-    case 0x008B:
+-    case 0x008C:
+-    case 0x008D:
+-    case 0x00A8:
+-    case 0x00A9:
+-    case 0x00AE:
+-    case 0x00AF:
+-    case 0x00B0:
+-    case 0x00B1:
+-    case 0xC064:
+-    case 0xC065:
+-    case 0xC06A:
+-    case 0xC06B:
+-    case 0xC08E:
+-    case 0xC08F:
+-    case 0xC094:
+-    case 0xC095:
+-    case 0xC0A4:
+-    case 0xC0A5:
+-    case 0xC0A8:
+-    case 0xC0A9:
+-    case 0xC0AA:
+-    case 0xC0AB:
+-        return KEX_PSK;
+-    case 0x002E:
+-    case 0x0092:
+-    case 0x0093:
+-    case 0x0094:
+-    case 0x0095:
+-    case 0x00AC:
+-    case 0x00AD:
+-    case 0x00B6:
+-    case 0x00B7:
+-    case 0x00B8:
+-    case 0x00B9:
+-    case 0xC068:
+-    case 0xC069:
+-    case 0xC06E:
+-    case 0xC06F:
+-    case 0xC092:
+-    case 0xC093:
+-    case 0xC098:
+-    case 0xC099:
+-        return KEX_RSA_PSK;
+-    default:
+-        break;
++    SslCipherSuite cs;
++    if (ssl_find_cipher(cipher, &cs) == 0) {
++        /* NOTE: this requires GnuTLS, otherwise stuff is not compiled-in. */
++        return cs.kex;
+     }
+ 
+     return 0;
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index 31dbada..bdd6727 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -2129,14 +2129,10 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+                 {
+                     /* PAOLO: here we can have all the data to build session key*/
+ 
+-                    gint cipher_num;
+-
+                     if (!ssl)
+                         break;
+ 
+-                    cipher_num = ssl->cipher;
+-
+-                    if (cipher_num == 0x8a || cipher_num == 0x8b || cipher_num == 0x8c || cipher_num == 0x8d)
++                    if (ssl->cipher_suite.kex == KEX_PSK)
+                     {
+                         /* calculate pre master secret*/
+                         StringInfo pre_master_secret;
+-- 
+1.8.4
+
-- 
cgit v1.2.1