- Moved ciphersuite naming scheme to IANA reserved names

2025-11-03 20:22:59 -05:00 · 2012-10-31 12:32:41 +00:00 · 2012-10-31 12:32:41 +00:00 · 645ce3a2b4
commit 645ce3a2b4
parent bb0139c924
13 changed files with 524 additions and 534 deletions
--- a/1
+++ b/1
@ -46,6 +46,7 @@ Changes
     in SSL/TLS
   * Revamped x509_verify() and the SSL f_vrfy callback implementations
   * Moved from unsigned long to fixed width uint32_t types throughout code
   * Renamed ciphersuites naming scheme to IANA reserved names
 Bugfix
   * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -137,9 +137,9 @@
 *
 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
 * the following ciphersuites:
- *      SSL_RSA_NULL_MD5
+ *      TLS_RSA_WITH_NULL_MD5
- *      SSL_RSA_NULL_SHA
+ *      TLS_RSA_WITH_NULL_SHA
- *      SSL_RSA_NULL_SHA256
+ *      TLS_RSA_WITH_NULL_SHA256
 *
 * Uncomment this macro to enable the NULL cipher and ciphersuites
 #define POLARSSL_CIPHER_NULL_CIPHER
@ -148,13 +148,13 @@
 /**
 * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
 *
- * Enable weak ciphersuites in SSL / TLS (like RC4_40)
+ * Enable weak ciphersuites in SSL / TLS
 * Warning: Only do so when you know what you are doing. This allows for
 * channels without virtually no security at all!
 *
 * This enables the following ciphersuites:
- *      SSL_RSA_DES_SHA
+ *      TLS_RSA_WITH_DES_CBC_SHA
- *      SSL_EDH_RSA_DES_SHA
+ *      TLS_DHE_RSA_WITH_DES_CBC_SHA
 *
 * Uncomment this macro to enable weak ciphersuites
 #define POLARSSL_ENABLE_WEAK_CIPHERSUITES
@ -282,10 +282,18 @@
 *          library/pem.c
 *          library/ctr_drbg.c
 *
- * This module enables the following ciphersuites:
+ * This module enables the following ciphersuites (if other requisites are
- *      SSL_RSA_AES_128_SHA
+ * enabled as well):
- *      SSL_RSA_AES_256_SHA
+ *      TLS_RSA_WITH_AES_128_CBC_SHA
- *      SSL_EDH_RSA_AES_256_SHA
+ *      TLS_RSA_WITH_AES_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 *      TLS_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_WITH_AES_256_GCM_SHA384
 */
 #define POLARSSL_AES_C
@ -298,8 +306,8 @@
 * Caller:  library/ssl_tls.c
 *
 * This module enables the following ciphersuites:
- *      SSL_RSA_RC4_128_MD5
+ *      TLS_RSA_WITH_RC4_128_MD5
- *      SSL_RSA_RC4_128_SHA
+ *      TLS_RSA_WITH_RC4_128_SHA
 */
 #define POLARSSL_ARC4_C
@ -366,10 +374,16 @@
 * Module:  library/camellia.c
 * Caller:  library/ssl_tls.c
 *
- * This module enabled the following cipher suites:
+ * This module enables the following ciphersuites (if other requisites are
- *      SSL_RSA_CAMELLIA_128_SHA
+ * enabled as well):
- *      SSL_RSA_CAMELLIA_256_SHA
+ *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      SSL_EDH_RSA_CAMELLIA_256_SHA
+ *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
 */
 #define POLARSSL_CAMELLIA_C
@ -433,9 +447,10 @@
 * Module:  library/des.c
 * Caller:  library/ssl_tls.c
 *
- * This module enables the following ciphersuites:
+ * This module enables the following ciphersuites (if other requisites are
- *      SSL_RSA_DES_168_SHA
+ * enabled as well):
- *      SSL_EDH_RSA_DES_168_SHA
+ *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 */
 #define POLARSSL_DES_C
@ -448,10 +463,20 @@
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *
- * This module enables the following ciphersuites:
+ * This module enables the following ciphersuites (if other requisites are
- *      SSL_EDH_RSA_DES_168_SHA
+ * enabled as well):
- *      SSL_EDH_RSA_AES_256_SHA
+ *      TLS_DHE_RSA_WITH_DES_CBC_SHA
- *      SSL_EDH_RSA_CAMELLIA_256_SHA
+ *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 */
 #define POLARSSL_DHM_C
@ -489,6 +514,11 @@
 * Module:  library/gcm.c
 *
 * Requires: POLARSSL_AES_C
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_WITH_AES_256_GCM_SHA384
 */
 #define POLARSSL_GCM_C
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -140,42 +140,42 @@
 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
 /*
- * Supported ciphersuites
+ * Supported ciphersuites (Official IANA names)
 */
-#define SSL_RSA_NULL_MD5             0x01   /**< Weak! */
+#define TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
-#define SSL_RSA_NULL_SHA             0x02   /**< Weak! */
+#define TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
-#define SSL_RSA_NULL_SHA256          0x3B   /**< Weak! */
+#define TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
-#define SSL_RSA_DES_SHA              0x09   /**< Weak! Not in TLS 1.2 */
+#define TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
-#define SSL_EDH_RSA_DES_SHA          0x15   /**< Weak! Not in TLS 1.2 */
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
-#define SSL_RSA_RC4_128_MD5          0x04
+#define TLS_RSA_WITH_RC4_128_MD5                 0x04
-#define SSL_RSA_RC4_128_SHA          0x05
+#define TLS_RSA_WITH_RC4_128_SHA                 0x05
-#define SSL_RSA_DES_168_SHA          0x0A
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
-#define SSL_EDH_RSA_DES_168_SHA      0x16
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
-#define SSL_RSA_AES_128_SHA          0x2F
+#define TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
-#define SSL_EDH_RSA_AES_128_SHA      0x33
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
-#define SSL_RSA_AES_256_SHA          0x35
+#define TLS_RSA_WITH_AES_256_CBC_SHA             0x35
-#define SSL_EDH_RSA_AES_256_SHA      0x39
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
-#define SSL_RSA_AES_128_SHA256       0x3C   /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
-#define SSL_RSA_AES_256_SHA256       0x3D   /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
-#define SSL_EDH_RSA_AES_128_SHA256   0x67   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
-#define SSL_EDH_RSA_AES_256_SHA256   0x6B   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
-#define SSL_RSA_CAMELLIA_128_SHA        0x41
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
-#define SSL_EDH_RSA_CAMELLIA_128_SHA    0x45
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
-#define SSL_RSA_CAMELLIA_256_SHA        0x84
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
-#define SSL_EDH_RSA_CAMELLIA_256_SHA    0x88
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
-#define SSL_RSA_CAMELLIA_128_SHA256     0xBA   /**< TLS 1.2 */
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
-#define SSL_EDH_RSA_CAMELLIA_128_SHA256 0xBE   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
-#define SSL_RSA_CAMELLIA_256_SHA256     0xC0   /**< TLS 1.2 */
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
-#define SSL_EDH_RSA_CAMELLIA_256_SHA256 0xC4   /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
-#define SSL_RSA_AES_128_GCM_SHA256      0x9C
+#define TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C
-#define SSL_RSA_AES_256_GCM_SHA384      0x9D
+#define TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D
-#define SSL_EDH_RSA_AES_128_GCM_SHA256  0x9E
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E
-#define SSL_EDH_RSA_AES_256_GCM_SHA384  0x9F
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F
 #define SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */ 
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -636,18 +636,18 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
    SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
-    if( ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_SHA &&
+    if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 )
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
    {
        SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
        ssl->state++;
@ -973,18 +973,18 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
    SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
-    if( ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_SHA ||
+    if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
    {
 #if !defined(POLARSSL_DHM_C)
        SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
@ -1108,8 +1108,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
        // Certificate Request according to RFC 5246. But OpenSSL only allows
        // SHA256 and SHA384. Find out why OpenSSL does this.
        //
-        if( ssl->session_negotiate->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+        if( ssl->session_negotiate->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-            ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+            ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
        {
            hash_id = SIG_RSA_SHA384;
            hashlen = 48;
@ -1141,8 +1141,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
        // Certificate Request according to RFC 5246. But OpenSSL only allows
        // SHA256 and SHA384. Find out why OpenSSL does this.
        //
-        if( ssl->session_negotiate->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+        if( ssl->session_negotiate->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-            ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+            ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
        {
            ssl->out_msg[4] = SSL_HASH_SHA384;
            ssl->out_msg[5] = SSL_SIG_RSA;
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -764,18 +764,18 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
    SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
-    if( ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_SHA &&
+    if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 &&
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 &&
-        ssl->session_negotiate->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 )
+        ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
    {
        SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
        ssl->state++;
@ -1041,18 +1041,18 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
    }
-    if( ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_SHA ||
+    if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
-        ssl->session_negotiate->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+        ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
    {
 #if !defined(POLARSSL_DHM_C)
        SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -315,8 +315,8 @@ int ssl_derive_keys( ssl_context *ssl )
        handshake->calc_verify = ssl_calc_verify_tls;
        handshake->calc_finished = ssl_calc_finished_tls;
    }
-    else if( session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+    else if( session->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-             session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+             session->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
    {
        handshake->tls_prf = tls_prf_sha384;
        handshake->calc_verify = ssl_calc_verify_tls_sha384;
@ -390,61 +390,61 @@ int ssl_derive_keys( ssl_context *ssl )
    switch( session->ciphersuite )
    {
 #if defined(POLARSSL_ARC4_C)
-        case SSL_RSA_RC4_128_MD5:
+        case TLS_RSA_WITH_RC4_128_MD5:
            transform->keylen = 16; transform->minlen = 16;
            transform->ivlen  =  0; transform->maclen = 16;
            break;
-        case SSL_RSA_RC4_128_SHA:
+        case TLS_RSA_WITH_RC4_128_SHA:
            transform->keylen = 16; transform->minlen = 20;
            transform->ivlen  =  0; transform->maclen = 20;
            break;
 #endif
 #if defined(POLARSSL_DES_C)
-        case SSL_RSA_DES_168_SHA:
+        case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-        case SSL_EDH_RSA_DES_168_SHA:
+        case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
            transform->keylen = 24; transform->minlen = 24;
            transform->ivlen  =  8; transform->maclen = 20;
            break;
 #endif
 #if defined(POLARSSL_AES_C)
-        case SSL_RSA_AES_128_SHA:
+        case TLS_RSA_WITH_AES_128_CBC_SHA:
-        case SSL_EDH_RSA_AES_128_SHA:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
            transform->keylen = 16; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 20;
            break;
-        case SSL_RSA_AES_256_SHA:
+        case TLS_RSA_WITH_AES_256_CBC_SHA:
-        case SSL_EDH_RSA_AES_256_SHA:
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
            transform->keylen = 32; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 20;
            break;
 #if defined(POLARSSL_SHA2_C)
-        case SSL_RSA_AES_128_SHA256:
+        case TLS_RSA_WITH_AES_128_CBC_SHA256:
-        case SSL_EDH_RSA_AES_128_SHA256:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
            transform->keylen = 16; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 32;
            break;
-        case SSL_RSA_AES_256_SHA256:
+        case TLS_RSA_WITH_AES_256_CBC_SHA256:
-        case SSL_EDH_RSA_AES_256_SHA256:
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
            transform->keylen = 32; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 32;
            break;
 #endif
 #if defined(POLARSSL_GCM_C)
-        case SSL_RSA_AES_128_GCM_SHA256:
+        case TLS_RSA_WITH_AES_128_GCM_SHA256:
-        case SSL_EDH_RSA_AES_128_GCM_SHA256:
+        case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
            transform->keylen = 16; transform->minlen = 1;
            transform->ivlen  = 12; transform->maclen = 0;
            transform->fixed_ivlen = 4;
            break;
-        case SSL_RSA_AES_256_GCM_SHA384:
+        case TLS_RSA_WITH_AES_256_GCM_SHA384:
-        case SSL_EDH_RSA_AES_256_GCM_SHA384:
+        case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
            transform->keylen = 32; transform->minlen = 1;
            transform->ivlen  = 12; transform->maclen = 0;
            transform->fixed_ivlen = 4;
@ -453,27 +453,27 @@ int ssl_derive_keys( ssl_context *ssl )
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
-        case SSL_RSA_CAMELLIA_128_SHA:
+        case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
-        case SSL_EDH_RSA_CAMELLIA_128_SHA:
+        case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
            transform->keylen = 16; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 20;
            break;
-        case SSL_RSA_CAMELLIA_256_SHA:
+        case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
-        case SSL_EDH_RSA_CAMELLIA_256_SHA:
+        case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
            transform->keylen = 32; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 20;
            break;
 #if defined(POLARSSL_SHA2_C)
-        case SSL_RSA_CAMELLIA_128_SHA256:
+        case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
-        case SSL_EDH_RSA_CAMELLIA_128_SHA256:
+        case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
            transform->keylen = 16; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 32;
            break;
-        case SSL_RSA_CAMELLIA_256_SHA256:
+        case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
-        case SSL_EDH_RSA_CAMELLIA_256_SHA256:
+        case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
            transform->keylen = 32; transform->minlen = 32;
            transform->ivlen  = 16; transform->maclen = 32;
            break;
@ -482,25 +482,25 @@ int ssl_derive_keys( ssl_context *ssl )
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
-        case SSL_RSA_NULL_MD5:
+        case TLS_RSA_WITH_NULL_MD5:
            transform->keylen = 0; transform->minlen = 0;
            transform->ivlen  = 0; transform->maclen = 16;
            break;
-        case SSL_RSA_NULL_SHA:
+        case TLS_RSA_WITH_NULL_SHA:
            transform->keylen = 0; transform->minlen = 0;
            transform->ivlen  = 0; transform->maclen = 20;
            break;
-        case SSL_RSA_NULL_SHA256:
+        case TLS_RSA_WITH_NULL_SHA256:
            transform->keylen = 0; transform->minlen = 0;
            transform->ivlen  = 0; transform->maclen = 32;
            break;
 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
 #if defined(POLARSSL_DES_C)
-        case SSL_RSA_DES_SHA:
+        case TLS_RSA_WITH_DES_CBC_SHA:
-        case SSL_EDH_RSA_DES_SHA:
+        case TLS_DHE_RSA_WITH_DES_CBC_SHA:
            transform->keylen =  8; transform->minlen = 8;
            transform->ivlen  =  8; transform->maclen = 20;
            break;
@ -577,8 +577,8 @@ int ssl_derive_keys( ssl_context *ssl )
    switch( session->ciphersuite )
    {
 #if defined(POLARSSL_ARC4_C)
-        case SSL_RSA_RC4_128_MD5:
+        case TLS_RSA_WITH_RC4_128_MD5:
-        case SSL_RSA_RC4_128_SHA:
+        case TLS_RSA_WITH_RC4_128_SHA:
            arc4_setup( (arc4_context *) transform->ctx_enc, key1,
                        transform->keylen );
            arc4_setup( (arc4_context *) transform->ctx_dec, key2,
@ -587,39 +587,39 @@ int ssl_derive_keys( ssl_context *ssl )
 #endif
 #if defined(POLARSSL_DES_C)
-        case SSL_RSA_DES_168_SHA:
+        case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-        case SSL_EDH_RSA_DES_168_SHA:
+        case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
            des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 );
            des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 );
            break;
 #endif
 #if defined(POLARSSL_AES_C)
-        case SSL_RSA_AES_128_SHA:
+        case TLS_RSA_WITH_AES_128_CBC_SHA:
-        case SSL_EDH_RSA_AES_128_SHA:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
-        case SSL_RSA_AES_128_SHA256:
+        case TLS_RSA_WITH_AES_128_CBC_SHA256:
-        case SSL_EDH_RSA_AES_128_SHA256:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
            aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 );
            aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 );
            break;
-        case SSL_RSA_AES_256_SHA:
+        case TLS_RSA_WITH_AES_256_CBC_SHA:
-        case SSL_EDH_RSA_AES_256_SHA:
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-        case SSL_RSA_AES_256_SHA256:
+        case TLS_RSA_WITH_AES_256_CBC_SHA256:
-        case SSL_EDH_RSA_AES_256_SHA256:
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
            aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 );
            aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 );
            break;
 #if defined(POLARSSL_GCM_C)
-        case SSL_RSA_AES_128_GCM_SHA256:
+        case TLS_RSA_WITH_AES_128_GCM_SHA256:
-        case SSL_EDH_RSA_AES_128_GCM_SHA256:
+        case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
            gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 );
            gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 );
            break;
-        case SSL_RSA_AES_256_GCM_SHA384:
+        case TLS_RSA_WITH_AES_256_GCM_SHA384:
-        case SSL_EDH_RSA_AES_256_GCM_SHA384:
+        case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
            gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 );
            gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 );
            break;
@ -627,18 +627,18 @@ int ssl_derive_keys( ssl_context *ssl )
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
-        case SSL_RSA_CAMELLIA_128_SHA:
+        case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
-        case SSL_EDH_RSA_CAMELLIA_128_SHA:
+        case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
-        case SSL_RSA_CAMELLIA_128_SHA256:
+        case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
-        case SSL_EDH_RSA_CAMELLIA_128_SHA256:
+        case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
            camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 );
            camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 );
            break;
-        case SSL_RSA_CAMELLIA_256_SHA:
+        case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
-        case SSL_EDH_RSA_CAMELLIA_256_SHA:
+        case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
-        case SSL_RSA_CAMELLIA_256_SHA256:
+        case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
-        case SSL_EDH_RSA_CAMELLIA_256_SHA256:
+        case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
            camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 );
            camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 );
            break;
@ -646,15 +646,15 @@ int ssl_derive_keys( ssl_context *ssl )
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
-        case SSL_RSA_NULL_MD5:
+        case TLS_RSA_WITH_NULL_MD5:
-        case SSL_RSA_NULL_SHA:
+        case TLS_RSA_WITH_NULL_SHA:
-        case SSL_RSA_NULL_SHA256:
+        case TLS_RSA_WITH_NULL_SHA256:
            break;
 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
 #if defined(POLARSSL_DES_C)
-        case SSL_RSA_DES_SHA:
+        case TLS_RSA_WITH_DES_CBC_SHA:
-        case SSL_EDH_RSA_DES_SHA:
+        case TLS_DHE_RSA_WITH_DES_CBC_SHA:
            des_setkey_enc( (des_context *) transform->ctx_enc, key1 );
            des_setkey_dec( (des_context *) transform->ctx_dec, key2 );
            break;
@ -958,8 +958,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
                       ssl->out_msg, ssl->out_msglen );
 #if defined(POLARSSL_ARC4_C)
-        if( ssl->session_out->ciphersuite == SSL_RSA_RC4_128_MD5 ||
+        if( ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 ||
-            ssl->session_out->ciphersuite == SSL_RSA_RC4_128_SHA )
+            ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_SHA )
        {
            arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc,
                        ssl->out_msglen, ssl->out_msg,
@ -967,9 +967,9 @@ static int ssl_encrypt_buf( ssl_context *ssl )
        } else
 #endif
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
-        if( ssl->session_out->ciphersuite == SSL_RSA_NULL_MD5 ||
+        if( ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_MD5 ||
-            ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA ||
+            ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA ||
-            ssl->session_out->ciphersuite == SSL_RSA_NULL_SHA256 )
+            ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA256 )
        {
        } else
 #endif
@ -997,10 +997,10 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
-        if( ssl->session_out->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
+        if( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 ||
-            ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+            ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-            ssl->session_out->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+            ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
-            ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+            ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
        {
            /*
             * Generate IV
@ -1116,8 +1116,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 #if defined(POLARSSL_DES_C)
            case  8:
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
-                if( ssl->session_out->ciphersuite == SSL_RSA_DES_SHA ||
+                if( ssl->session_out->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA ||
-                    ssl->session_out->ciphersuite == SSL_EDH_RSA_DES_SHA )
+                    ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA )
                {
                    des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc,
                                   DES_ENCRYPT, enc_msglen,
@ -1133,14 +1133,14 @@ static int ssl_encrypt_buf( ssl_context *ssl )
            case 16:
 #if defined(POLARSSL_AES_C)
-        if ( ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA ||
+        if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA ||
+             ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_RSA_AES_128_SHA256 ||
+             ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+             ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 ||
-             ssl->session_out->ciphersuite == SSL_RSA_AES_256_SHA256 ||
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 )
        {
                    aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc,
                        AES_ENCRYPT, enc_msglen,
@ -1150,14 +1150,14 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
-        if ( ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+        if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+             ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
-             ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
-             ssl->session_out->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
+             ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
-             ssl->session_out->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
+             ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 )
        {
                    camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc,
                        CAMELLIA_ENCRYPT, enc_msglen,
@ -1203,8 +1203,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
    {
 #if defined(POLARSSL_ARC4_C)
        padlen = 0;
-        if( ssl->session_in->ciphersuite == SSL_RSA_RC4_128_MD5 ||
+        if( ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 ||
-            ssl->session_in->ciphersuite == SSL_RSA_RC4_128_SHA )
+            ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_SHA )
        {
            arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec,
                    ssl->in_msglen, ssl->in_msg,
@ -1212,9 +1212,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        } else
 #endif
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
-        if( ssl->session_in->ciphersuite == SSL_RSA_NULL_MD5 ||
+        if( ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_MD5 ||
-            ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA ||
+            ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA ||
-            ssl->session_in->ciphersuite == SSL_RSA_NULL_SHA256 )
+            ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA256 )
        {
        } else
 #endif
@ -1231,10 +1231,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        padlen = 0;
 #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
-        if( ssl->session_in->ciphersuite == SSL_RSA_AES_128_GCM_SHA256 ||
+        if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 ||
-            ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+            ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-            ssl->session_in->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+            ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
-            ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+            ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
        {
            dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
                                            ssl->transform_in->fixed_ivlen );
@ -1323,8 +1323,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
 #if defined(POLARSSL_DES_C)
            case  8:
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
-                if( ssl->session_in->ciphersuite == SSL_RSA_DES_SHA ||
+                if( ssl->session_in->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA ||
-                    ssl->session_in->ciphersuite == SSL_EDH_RSA_DES_SHA )
+                    ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA )
                {
                    des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec,
                                   DES_DECRYPT, dec_msglen,
@ -1340,14 +1340,14 @@ static int ssl_decrypt_buf( ssl_context *ssl )
            case 16:
 #if defined(POLARSSL_AES_C)
-        if ( ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA ||
+        if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA ||
+             ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_RSA_AES_128_SHA256 ||
+             ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+             ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 ||
-             ssl->session_in->ciphersuite == SSL_RSA_AES_256_SHA256 ||
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 )
        {
                    aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec,
                       AES_DECRYPT, dec_msglen,
@ -1357,14 +1357,14 @@ static int ssl_decrypt_buf( ssl_context *ssl )
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
-        if ( ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+        if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+             ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ||
-             ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ||
-             ssl->session_in->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
+             ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ||
-             ssl->session_in->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
+             ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 )
        {
                    camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec,
                       CAMELLIA_DECRYPT, dec_msglen,
@ -2392,8 +2392,8 @@ void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite )
 {
    if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
        ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
-    else if ( ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+    else if ( ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-              ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+              ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
    {
        ssl->handshake->update_checksum = ssl_update_checksum_sha384;
    }
@ -2859,6 +2859,8 @@ int ssl_init( ssl_context *ssl )
    ssl->min_major_ver = SSL_MAJOR_VERSION_3;
    ssl->min_minor_ver = SSL_MINOR_VERSION_0;
    ssl->ciphersuites = ssl_default_ciphersuites;
 #if defined(POLARSSL_DHM_C)
    if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
                                 POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 ||
@ -3171,108 +3173,108 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
    switch( ciphersuite_id )
    {
 #if defined(POLARSSL_ARC4_C)
-        case SSL_RSA_RC4_128_MD5:
+        case TLS_RSA_WITH_RC4_128_MD5:
-            return( "SSL-RSA-RC4-128-MD5" );
+            return( "TLS-RSA-WITH-RC4-128-MD5" );
-        case SSL_RSA_RC4_128_SHA:
+        case TLS_RSA_WITH_RC4_128_SHA:
-            return( "SSL-RSA-RC4-128-SHA" );
+            return( "TLS-RSA-WITH-RC4-128-SHA" );
 #endif
 #if defined(POLARSSL_DES_C)
-        case SSL_RSA_DES_168_SHA:
+        case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-            return( "SSL-RSA-DES-168-SHA" );
+            return( "TLS-RSA-WITH-3DES-EDE-CBC-SHA" );
-        case SSL_EDH_RSA_DES_168_SHA:
+        case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
-            return( "SSL-EDH-RSA-DES-168-SHA" );
+            return( "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" );
 #endif
 #if defined(POLARSSL_AES_C)
-        case SSL_RSA_AES_128_SHA:
+        case TLS_RSA_WITH_AES_128_CBC_SHA:
-            return( "SSL-RSA-AES-128-SHA" );
+            return( "TLS-RSA-WITH-AES-128-CBC-SHA" );
-        case SSL_EDH_RSA_AES_128_SHA:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
-            return( "SSL-EDH-RSA-AES-128-SHA" );
+            return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" );
-        case SSL_RSA_AES_256_SHA:
+        case TLS_RSA_WITH_AES_256_CBC_SHA:
-            return( "SSL-RSA-AES-256-SHA" );
+            return( "TLS-RSA-WITH-AES-256-CBC-SHA" );
-        case SSL_EDH_RSA_AES_256_SHA:
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-            return( "SSL-EDH-RSA-AES-256-SHA" );
+            return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" );
 #if defined(POLARSSL_SHA2_C)
-        case SSL_RSA_AES_128_SHA256:
+        case TLS_RSA_WITH_AES_128_CBC_SHA256:
-            return( "SSL-RSA-AES-128-SHA256" );
+            return( "TLS-RSA-WITH-AES-128-CBC-SHA256" );
-        case SSL_EDH_RSA_AES_128_SHA256:
+        case TLS_RSA_WITH_AES_256_CBC_SHA256:
-            return( "SSL-EDH-RSA-AES-128-SHA256" );
+            return( "TLS-RSA-WITH-AES-256-CBC-SHA256" );
-        case SSL_RSA_AES_256_SHA256:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
-            return( "SSL-RSA-AES-256-SHA256" );
+            return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" );
-        case SSL_EDH_RSA_AES_256_SHA256:
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
-            return( "SSL-EDH-RSA-AES-256-SHA256" );
+            return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" );
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-        case SSL_RSA_AES_128_GCM_SHA256:
+        case TLS_RSA_WITH_AES_128_GCM_SHA256:
-            return( "SSL-RSA-AES-128-GCM-SHA256" );
+            return( "TLS-RSA-WITH-AES-128-GCM-SHA256" );
-        case SSL_EDH_RSA_AES_128_GCM_SHA256:
+        case TLS_RSA_WITH_AES_256_GCM_SHA384:
-            return( "SSL-EDH-RSA-AES-128-GCM-SHA256" );
+            return( "TLS-RSA-WITH-AES-256-GCM-SHA384" );
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
-        case SSL_RSA_AES_256_GCM_SHA384:
+        case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
-            return( "SSL-RSA-AES-256-GCM-SHA384" );
+            return( "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" );
-        case SSL_EDH_RSA_AES_256_GCM_SHA384:
+        case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
-            return( "SSL-EDH-RSA-AES-256-GCM-SHA384" );
+            return( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" );
 #endif
 #endif /* POLARSSL_AES_C */
 #if defined(POLARSSL_CAMELLIA_C)
-        case SSL_RSA_CAMELLIA_128_SHA:
+        case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
-            return( "SSL-RSA-CAMELLIA-128-SHA" );
+            return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" );
-        case SSL_EDH_RSA_CAMELLIA_128_SHA:
+        case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
-            return( "SSL-EDH-RSA-CAMELLIA-128-SHA" );
+            return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" );
-        case SSL_RSA_CAMELLIA_256_SHA:
+        case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
-            return( "SSL-RSA-CAMELLIA-256-SHA" );
+            return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" );
-        case SSL_EDH_RSA_CAMELLIA_256_SHA:
+        case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
-            return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
+            return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" );
 #if defined(POLARSSL_SHA2_C)
-        case SSL_RSA_CAMELLIA_128_SHA256:
+        case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
-            return( "SSL-RSA-CAMELLIA-128-SHA256" );
+            return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
-        case SSL_EDH_RSA_CAMELLIA_128_SHA256:
+        case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
-            return( "SSL-EDH-RSA-CAMELLIA-128-SHA256" );
+            return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" );
-        case SSL_RSA_CAMELLIA_256_SHA256:
+        case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
-            return( "SSL-RSA-CAMELLIA-256-SHA256" );
+            return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
-        case SSL_EDH_RSA_CAMELLIA_256_SHA256:
+        case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
-            return( "SSL-EDH-RSA-CAMELLIA-256-SHA256" );
+            return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" );
 #endif
 #endif
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
-        case SSL_RSA_NULL_MD5:
+        case TLS_RSA_WITH_NULL_MD5:
-            return( "SSL-RSA-NULL-MD5" );
+            return( "TLS-RSA-WITH-NULL-MD5" );
-        case SSL_RSA_NULL_SHA:
+        case TLS_RSA_WITH_NULL_SHA:
-            return( "SSL-RSA-NULL-SHA" );
+            return( "TLS-RSA-WITH-NULL-SHA" );
-        case SSL_RSA_NULL_SHA256:
+        case TLS_RSA_WITH_NULL_SHA256:
-            return( "SSL-RSA-NULL-SHA256" );
+            return( "TLS-RSA-WITH-NULL-SHA256" );
 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
 #if defined(POLARSSL_DES_C)
-        case SSL_RSA_DES_SHA:
+        case TLS_RSA_WITH_DES_CBC_SHA:
-            return( "SSL-RSA-DES-SHA" );
+            return( "TLS-RSA-WITH-DES-CBC-SHA" );
-        case SSL_EDH_RSA_DES_SHA:
+        case TLS_DHE_RSA_WITH_DES_CBC_SHA:
-            return( "SSL-EDH-RSA-DES-SHA" );
+            return( "TLS-DHE-RSA-WITH-DES-CBC-SHA" );
 #endif
 #endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
@ -3286,92 +3288,92 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
 int ssl_get_ciphersuite_id( const char *ciphersuite_name )
 {
 #if defined(POLARSSL_ARC4_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-MD5"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-MD5"))
-        return( SSL_RSA_RC4_128_MD5 );
+        return( TLS_RSA_WITH_RC4_128_MD5 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-RC4-128-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-SHA"))
-        return( SSL_RSA_RC4_128_SHA );
+        return( TLS_RSA_WITH_RC4_128_SHA );
 #endif
 #if defined(POLARSSL_DES_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-168-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-3DES-EDE-CBC-SHA"))
-        return( SSL_RSA_DES_168_SHA );
+        return( TLS_RSA_WITH_3DES_EDE_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-168-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"))
-        return( SSL_EDH_RSA_DES_168_SHA );
+        return( TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA );
 #endif
 #if defined(POLARSSL_AES_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA"))
-        return( SSL_RSA_AES_128_SHA );
+        return( TLS_RSA_WITH_AES_128_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"))
-        return( SSL_EDH_RSA_AES_128_SHA );
+        return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA"))
-        return( SSL_RSA_AES_256_SHA );
+        return( TLS_RSA_WITH_AES_256_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA"))
-        return( SSL_EDH_RSA_AES_256_SHA );
+        return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA );
 #if defined(POLARSSL_SHA2_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA256"))
-        return( SSL_RSA_AES_128_SHA256 );
+        return( TLS_RSA_WITH_AES_128_CBC_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA256"))
-        return( SSL_EDH_RSA_AES_128_SHA256 );
+        return( TLS_RSA_WITH_AES_256_CBC_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"))
-        return( SSL_RSA_AES_256_SHA256 );
+        return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"))
-        return( SSL_EDH_RSA_AES_256_SHA256 );
+        return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 );
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-GCM-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-GCM-SHA256"))
-        return( SSL_RSA_AES_128_GCM_SHA256 );
+        return( TLS_RSA_WITH_AES_128_GCM_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-GCM-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-GCM-SHA384"))
-        return( SSL_EDH_RSA_AES_128_GCM_SHA256 );
+        return( TLS_RSA_WITH_AES_256_GCM_SHA384 );
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-GCM-SHA384"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"))
-        return( SSL_RSA_AES_256_GCM_SHA384 );
+        return( TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-GCM-SHA384"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"))
-        return( SSL_EDH_RSA_AES_256_GCM_SHA384 );
+        return( TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 );
 #endif
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"))
-        return( SSL_RSA_CAMELLIA_128_SHA );
+        return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"))
-        return( SSL_EDH_RSA_CAMELLIA_128_SHA );
+        return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"))
-        return( SSL_RSA_CAMELLIA_256_SHA );
+        return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"))
-        return( SSL_EDH_RSA_CAMELLIA_256_SHA );
+        return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA );
 #if defined(POLARSSL_SHA2_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
-        return( SSL_RSA_CAMELLIA_128_SHA256 );
+        return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"))
-        return( SSL_EDH_RSA_CAMELLIA_128_SHA256 );
+        return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
-        return( SSL_RSA_CAMELLIA_256_SHA256 );
+        return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"))
-        return( SSL_EDH_RSA_CAMELLIA_256_SHA256 );
+        return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 );
 #endif
 #endif
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-MD5"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-MD5"))
-        return( SSL_RSA_NULL_MD5 );
+        return( TLS_RSA_WITH_NULL_MD5 );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA"))
-        return( SSL_RSA_NULL_SHA );
+        return( TLS_RSA_WITH_NULL_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA256"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA256"))
-        return( SSL_RSA_NULL_SHA256 );
+        return( TLS_RSA_WITH_NULL_SHA256 );
 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
 #if defined(POLARSSL_DES_C)
-    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-DES-CBC-SHA"))
-        return( SSL_RSA_DES_SHA );
+        return( TLS_RSA_WITH_DES_CBC_SHA );
-    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-SHA"))
+    if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-DES-CBC-SHA"))
-        return( SSL_EDH_RSA_DES_SHA );
+        return( TLS_DHE_RSA_WITH_DES_CBC_SHA );
 #endif
 #endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
@ -3418,71 +3420,71 @@ const int ssl_default_ciphersuites[] =
 #if defined(POLARSSL_DHM_C)
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_AES_256_SHA256,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
-    SSL_EDH_RSA_AES_256_GCM_SHA384,
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
 #endif
-    SSL_EDH_RSA_AES_256_SHA,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 #if defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_AES_128_SHA256,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_AES_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
 #endif
-    SSL_EDH_RSA_AES_128_SHA,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_CAMELLIA_256_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
-    SSL_EDH_RSA_CAMELLIA_256_SHA,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
 #if defined(POLARSSL_SHA2_C)
-    SSL_EDH_RSA_CAMELLIA_128_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
-    SSL_EDH_RSA_CAMELLIA_128_SHA,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
-    SSL_EDH_RSA_DES_168_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 #endif
 #endif
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
-    SSL_RSA_AES_256_SHA256,
+    TLS_RSA_WITH_AES_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
-    SSL_RSA_AES_256_GCM_SHA384,
+    TLS_RSA_WITH_AES_256_GCM_SHA384,
 #endif /* POLARSSL_SHA2_C */
-    SSL_RSA_AES_256_SHA,
+    TLS_RSA_WITH_AES_256_CBC_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
-    SSL_RSA_CAMELLIA_256_SHA256,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
-    SSL_RSA_CAMELLIA_256_SHA,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
 #endif
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
-    SSL_RSA_AES_128_SHA256,
+    TLS_RSA_WITH_AES_128_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
-    SSL_RSA_AES_128_GCM_SHA256,
+    TLS_RSA_WITH_AES_128_GCM_SHA256,
 #endif /* POLARSSL_SHA2_C */
-    SSL_RSA_AES_128_SHA,
+    TLS_RSA_WITH_AES_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
-    SSL_RSA_CAMELLIA_128_SHA256,
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
-    SSL_RSA_CAMELLIA_128_SHA,
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
-    SSL_RSA_DES_168_SHA,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
 #endif
 #if defined(POLARSSL_ARC4_C)
-    SSL_RSA_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
-    SSL_RSA_RC4_128_MD5,
+    TLS_RSA_WITH_RC4_128_MD5,
 #endif
    0
 };
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@ -138,8 +138,6 @@ int main( int argc, char *argv[] )
    ssl_set_bio( &ssl, net_recv, &server_fd,
                       net_send, &server_fd );
    ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
    /*
     * 3. Write the GET request
     */
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -475,9 +475,7 @@ int main( int argc, char *argv[] )
    ssl_set_bio( &ssl, net_recv, &server_fd,
                       net_send, &server_fd );
-    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
+    if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
    else
        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
    ssl_set_renegotiation( &ssl, opt.renegotiation );
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@ -78,42 +78,6 @@ int main( int argc, char *argv[] )
    return( 0 );
 }
 #else
 /*
 * Computing a "safe" DH-1024 prime can take a very
 * long time, so a precomputed value is provided below.
 * You may run dh_genprime to generate a new value.
 */
 char *my_dhm_P = 
    "E4004C1F94182000103D883A448B3F80" \
    "2CE4B44A83301270002C20D0321CFD00" \
    "11CCEF784C26A400F43DFB901BCA7538" \
    "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
    "F6AC8E1DA6BCC3B4E1F96B0564965300" \
    "FFA1D0B601EB2800F489AA512C4B248C" \
    "01F76949A60BB7F00A40B1EAB64BDD48" \
    "E8A700D60B7F1200FA8E77B0A979DABF";
 char *my_dhm_G = "4";
 /*
 * Sorted by order of preference
 */
 int my_ciphersuites[] =
 {
    SSL_EDH_RSA_AES_256_SHA,
    SSL_EDH_RSA_CAMELLIA_256_SHA,
    SSL_EDH_RSA_AES_128_SHA,
    SSL_EDH_RSA_CAMELLIA_128_SHA,
    SSL_EDH_RSA_DES_168_SHA,
    SSL_RSA_AES_256_SHA,
    SSL_RSA_CAMELLIA_256_SHA,
    SSL_RSA_AES_128_SHA,
    SSL_RSA_CAMELLIA_128_SHA,
    SSL_RSA_DES_168_SHA,
    SSL_RSA_RC4_128_SHA,
    SSL_RSA_RC4_128_MD5,
    0
 };
 #define DEBUG_LEVEL 0
@ -295,13 +259,8 @@ int main( int argc, char *argv[] )
        ssl_set_bio( &ssl, net_recv, &client_fd,
                           net_send, &client_fd );
        ssl_set_ciphersuites( &ssl, my_ciphersuites );
        ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
        ssl_set_own_cert( &ssl, &srvcert, &rsa );
 #if defined(POLARSSL_DHM_C)
        ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
 #endif
        /*
         * 5. Handshake
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@ -172,7 +172,7 @@ int do_handshake( ssl_context *ssl, struct options *opt )
    printf( "  . Peer certificate information    ...\n" );
    x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ",
-                         ssl_get_peer_cert( &ssl ) );
+                         ssl_get_peer_cert( ssl ) );
    printf( "%s\n", buf );
    return( 0 );
@ -588,9 +588,7 @@ int main( int argc, char *argv[] )
    ssl_set_bio( &ssl, net_recv, &server_fd,
            net_send, &server_fd );
-    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
+    if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
    else
        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
    ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@ -54,90 +54,6 @@
    "<h2>PolarSSL Test Server</h2>\r\n" \
    "<p>Successful connection using: %s</p>\r\n"
 /*
 * Sorted by order of preference
 */
 int my_ciphersuites[] =
 {
 #if defined(POLARSSL_DHM_C)
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
    SSL_EDH_RSA_AES_256_SHA256,
    SSL_EDH_RSA_AES_128_SHA256,
 #endif /* POLARSSL_SHA2_C */
    SSL_EDH_RSA_AES_256_SHA,
    SSL_EDH_RSA_AES_128_SHA,
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
    SSL_EDH_RSA_AES_256_GCM_SHA384,
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
    SSL_EDH_RSA_AES_128_GCM_SHA256,
 #endif
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
    SSL_EDH_RSA_CAMELLIA_256_SHA256,
    SSL_EDH_RSA_CAMELLIA_128_SHA256,
 #endif /* POLARSSL_SHA2_C */
    SSL_EDH_RSA_CAMELLIA_256_SHA,
    SSL_EDH_RSA_CAMELLIA_128_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
    SSL_EDH_RSA_DES_168_SHA,
 #endif
 #endif
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
    SSL_RSA_AES_256_SHA256,
 #endif /* POLARSSL_SHA2_C */
    SSL_RSA_AES_256_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
    SSL_RSA_CAMELLIA_256_SHA256,
 #endif /* POLARSSL_SHA2_C */
    SSL_RSA_CAMELLIA_256_SHA,
 #endif
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
    SSL_RSA_AES_128_SHA256,
 #endif /* POLARSSL_SHA2_C */
    SSL_RSA_AES_128_SHA,
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
    SSL_RSA_AES_256_GCM_SHA384,
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
    SSL_RSA_AES_128_GCM_SHA256,
 #endif
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
    SSL_RSA_CAMELLIA_128_SHA256,
 #endif /* POLARSSL_SHA2_C */
    SSL_RSA_CAMELLIA_128_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
    SSL_RSA_DES_168_SHA,
 #endif
 #if defined(POLARSSL_ARC4_C)
    SSL_RSA_RC4_128_SHA,
    SSL_RSA_RC4_128_MD5,
 #endif
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
 #if defined(POLARSSL_DES_C)
    SSL_EDH_RSA_DES_SHA,
    SSL_RSA_DES_SHA,
 #endif
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
    SSL_RSA_NULL_MD5,
    SSL_RSA_NULL_SHA,
    SSL_RSA_NULL_SHA256,
 #endif
 #endif
    0
 };
 #define DEBUG_LEVEL 0
 void my_debug( void *ctx, int level, const char *str )
@ -282,8 +198,6 @@ int main( int argc, char *argv[] )
                                 ssl_cache_set, &cache );
 #endif
    ssl_set_ciphersuites( &ssl, my_ciphersuites );
    ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
    ssl_set_own_cert( &ssl, &srvcert, &rsa );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -92,6 +92,96 @@ void my_debug( void *ctx, int level, const char *str )
    }
 }
 /*
 * Sorted by order of preference
 */
 int my_ciphersuites[] =
 {
 #if defined(POLARSSL_DHM_C)
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
 #endif
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 #if defined(POLARSSL_SHA2_C)
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
 #endif
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
 #endif
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
 #if defined(POLARSSL_SHA2_C)
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 #endif
 #endif
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
    TLS_RSA_WITH_AES_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
    TLS_RSA_WITH_AES_256_GCM_SHA384,
 #endif /* POLARSSL_SHA2_C */
    TLS_RSA_WITH_AES_256_CBC_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
 #endif
 #if defined(POLARSSL_AES_C)
 #if defined(POLARSSL_SHA2_C)
    TLS_RSA_WITH_AES_128_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
 #if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
    TLS_RSA_WITH_AES_128_GCM_SHA256,
 #endif /* POLARSSL_SHA2_C */
    TLS_RSA_WITH_AES_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
 #if defined(POLARSSL_SHA2_C)
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
 #endif /* POLARSSL_SHA2_C */
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
 #endif
 #if defined(POLARSSL_ARC4_C)
    TLS_RSA_WITH_RC4_128_SHA,
    TLS_RSA_WITH_RC4_128_MD5,
 #endif
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
 #if defined(POLARSSL_DES_C)
    TLS_DHE_RSA_WITH_DES_CBC_SHA,
    TLS_RSA_WITH_DES_CBC_SHA,
 #endif
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
    TLS_RSA_WITH_NULL_MD5,
    TLS_RSA_WITH_NULL_SHA,
    TLS_RSA_WITH_NULL_SHA256,
 #endif
 #endif
    0
 };
 #if defined(POLARSSL_FS_IO)
 #define USAGE_IO \
    "    ca_file=%%s          default: \"\" (pre-loaded)\n" \
@ -395,7 +485,7 @@ int main( int argc, char *argv[] )
 #endif
    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
-        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
+        ssl_set_ciphersuites( &ssl, my_ciphersuites );
    else
        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -1,4 +1,4 @@
-killall -q openssl ssl_server
+killall -q openssl ssl_server ssl_server2
 MODES="ssl3 tls1 tls1_1 tls1_2"
 #VERIFY="YES"
@ -16,23 +16,23 @@ do
 echo "Running for $MODE"
 echo "-----------"
-P_CIPHERS="                             \
+P_CIPHERS="                                 \
-    SSL-EDH-RSA-AES-128-SHA             \
+    TLS-DHE-RSA-WITH-AES-128-CBC-SHA        \
-    SSL-EDH-RSA-AES-256-SHA             \
+    TLS-DHE-RSA-WITH-AES-256-CBC-SHA        \
-    SSL-EDH-RSA-CAMELLIA-128-SHA        \
+    TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA   \
-    SSL-EDH-RSA-CAMELLIA-256-SHA        \
+    TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA   \
-    SSL-EDH-RSA-DES-168-SHA             \
+    TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA       \
-    SSL-RSA-AES-256-SHA                 \
+    TLS-RSA-WITH-AES-256-CBC-SHA            \
-    SSL-RSA-CAMELLIA-256-SHA            \
+    TLS-RSA-WITH-CAMELLIA-256-CBC-SHA       \
-    SSL-RSA-AES-128-SHA                 \
+    TLS-RSA-WITH-AES-128-CBC-SHA            \
-    SSL-RSA-CAMELLIA-128-SHA            \
+    TLS-RSA-WITH-CAMELLIA-128-CBC-SHA       \
-    SSL-RSA-DES-168-SHA                 \
+    TLS-RSA-WITH-3DES-EDE-CBC-SHA           \
-    SSL-RSA-RC4-128-SHA                 \
+    TLS-RSA-WITH-RC4-128-SHA                \
-    SSL-RSA-RC4-128-MD5                 \
+    TLS-RSA-WITH-RC4-128-MD5                \
-    SSL-RSA-NULL-MD5                    \
+    TLS-RSA-WITH-NULL-MD5                   \
-    SSL-RSA-NULL-SHA                    \
+    TLS-RSA-WITH-NULL-SHA                   \
-    SSL-RSA-DES-SHA                     \
+    TLS-RSA-WITH-DES-CBC-SHA                \
-    SSL-EDH-RSA-DES-SHA                 \
+    TLS-DHE-RSA-WITH-DES-CBC-SHA            \
    "
 O_CIPHERS="                         \
@ -56,12 +56,12 @@ O_CIPHERS="                         \
 # Also add SHA256 ciphersuites
 #
-P_CIPHERS="$P_CIPHERS               \
+P_CIPHERS="$P_CIPHERS                       \
-    SSL-RSA-NULL-SHA256             \
+    TLS-RSA-WITH-NULL-SHA256                \
-    SSL-RSA-AES-128-SHA256          \
+    TLS-RSA-WITH-AES-128-CBC-SHA256         \
-    SSL-EDH-RSA-AES-128-SHA256      \
+    TLS-DHE-RSA-WITH-AES-128-CBC-SHA256     \
-    SSL-RSA-AES-256-SHA256          \
+    TLS-RSA-WITH-AES-256-CBC-SHA256         \
-    SSL-EDH-RSA-AES-256-SHA256      \
+    TLS-DHE-RSA-WITH-AES-256-CBC-SHA256     \
    "
 O_CIPHERS="$O_CIPHERS           \
@ -74,11 +74,11 @@ O_CIPHERS="$O_CIPHERS           \
 if [ "$MODE" = "tls1_2" ];
 then
-    P_CIPHERS="$P_CIPHERS               \
+    P_CIPHERS="$P_CIPHERS                   \
-        SSL-RSA-AES-128-GCM-SHA256      \
+        TLS-RSA-WITH-AES-128-GCM-SHA256     \
-        SSL-EDH-RSA-AES-128-GCM-SHA256  \
+        TLS-RSA-WITH-AES-256-GCM-SHA384     \
-        SSL-RSA-AES-256-GCM-SHA384      \
+        TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
-        SSL-EDH-RSA-AES-256-GCM-SHA384  \
+        TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
        "
    O_CIPHERS="$O_CIPHERS           \
@ -112,7 +112,7 @@ do
 done
 kill $PROCESS_ID
-../programs/ssl/ssl_server > /dev/null &
+../programs/ssl/ssl_server2 > /dev/null &
 PROCESS_ID=$!
 sleep 1
@ -140,7 +140,7 @@ done
 kill $PROCESS_ID
-../programs/ssl/ssl_server > /dev/null &
+../programs/ssl/ssl_server2 > /dev/null &
 PROCESS_ID=$!
 sleep 1
@ -150,11 +150,11 @@ sleep 1
 #
 if [ "$MODE" = "tls1_2" ];
 then
-    P_CIPHERS="$P_CIPHERS               \
+    P_CIPHERS="$P_CIPHERS                        \
-        SSL-RSA-CAMELLIA-128-SHA256     \
+        TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256     \
-        SSL-EDH-RSA-CAMELLIA-128-SHA256 \
+        TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
-        SSL-RSA-CAMELLIA-256-SHA256     \
+        TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256     \
-        SSL-EDH-RSA-CAMELLIA-256-SHA256 \
+        TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
        "
 fi