Add the code for DHE/DSS with RC4, not 'official' but the codepoint

was included in a now-expired ID (draft-ietf-tls-56-bit-ciphersuites-01)
and mentioned in Rescorla's SSL book.

Not implemented by OpenSSL but does appear to be included in GnuTLS.

2 files changed, 7 insertions, 0 deletions

diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index 00898738e..4dd9b2bb4 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -113,6 +113,7 @@ enum Ciphersuite_Code {
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256      = 0x0040,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256      = 0x006A,
    TLS_DHE_DSS_WITH_SEED_CBC_SHA            = 0x0099,
+   TLS_DHE_DSS_WITH_RC4_128_SHA             = 0x0066,
 
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        = 0x0016,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA         = 0x0033,
diff --git a/src/tls/tls_suites.cpp b/src/tls/tls_suites.cpp
index 07cbec608..4bce127eb 100644
--- a/src/tls/tls_suites.cpp
+++ b/src/tls/tls_suites.cpp
@@ -81,6 +81,12 @@ TLS_Ciphersuite_Algos CipherSuite::lookup_ciphersuite(u16bit suite)
                                    TLS_ALGO_MAC_SHA1 |
                                    TLS_ALGO_CIPHER_SEED_CBC);
 
+   if(suite == TLS_DHE_DSS_WITH_RC4_SHA)
+      return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
+                                   TLS_ALGO_KEYEXCH_DH |
+                                   TLS_ALGO_MAC_SHA1 |
+                                   TLS_ALGO_CIPHER_RC4_128);
+
    if(suite == TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
       return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
                                    TLS_ALGO_KEYEXCH_DH |