3 files changed, 40 insertions, 5 deletions
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 26b52f749..01c35a55a 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -45,6 +45,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
       case TLS_RSA_WITH_RC4_128_MD5:
          return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16);
 
+      case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+         return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16);
+
+      case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+         return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32);
+
       case TLS_RSA_WITH_SEED_CBC_SHA:
          return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16);
 
@@ -73,6 +79,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
       case TLS_DHE_DSS_WITH_RC4_128_SHA:
          return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
 
+      case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+         return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16);
+
+      case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+         return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32);
+
       case TLS_DHE_DSS_WITH_SEED_CBC_SHA:
          return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
 
@@ -93,6 +105,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
       case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
          return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24);
 
+      case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+         return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16);
+
+      case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+         return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32);
+
       case TLS_DHE_RSA_WITH_SEED_CBC_SHA:
          return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
 
@@ -275,6 +293,8 @@ std::string Ciphersuite::to_string() const
       {
       if(cipher_algo() == "3DES")
          out << "3DES_EDE";
+      if(cipher_algo() == "Camellia")
+         out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen());
       else
          out << replace_char(cipher_algo(), '-', '_');
 
@@ -294,10 +314,10 @@ std::string Ciphersuite::to_string() const
    }
 
 Ciphersuite::Ciphersuite(const std::string& sig_algo,
-                                 const std::string& kex_algo,
-                                 const std::string& mac_algo,
-                                 const std::string& cipher_algo,
-                                 size_t cipher_algo_keylen) :
+                         const std::string& kex_algo,
+                         const std::string& mac_algo,
+                         const std::string& cipher_algo,
+                         size_t cipher_algo_keylen) :
    m_sig_algo(sig_algo),
    m_kex_algo(kex_algo),
    m_mac_algo(mac_algo),
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index dced09964..72a430bf2 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -64,6 +64,8 @@ enum Ciphersuite_Code {
    TLS_RSA_WITH_AES_256_CBC_SHA             = 0x0035,
    TLS_RSA_WITH_AES_128_CBC_SHA256          = 0x003C,
    TLS_RSA_WITH_AES_256_CBC_SHA256          = 0x003D,
+   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        = 0x0041,
+   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        = 0x0084,
    TLS_RSA_WITH_SEED_CBC_SHA                = 0x0096,
    TLS_RSA_WITH_IDEA_CBC_SHA                = 0x0007,
 
@@ -72,6 +74,8 @@ enum Ciphersuite_Code {
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA         = 0x0038,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256      = 0x0040,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256      = 0x006A,
+   TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA    = 0x0044,
+   TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA    = 0x0087,
    TLS_DHE_DSS_WITH_SEED_CBC_SHA            = 0x0099,
    TLS_DHE_DSS_WITH_RC4_128_SHA             = 0x0066,
 
@@ -80,6 +84,8 @@ enum Ciphersuite_Code {
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA         = 0x0039,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      = 0x0067,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      = 0x006B,
+   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    = 0x0045,
+   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    = 0x0088,
    TLS_DHE_RSA_WITH_SEED_CBC_SHA            = 0x009A,
 
    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         = 0xC007,
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index f0ad89a6a..805e0ca38 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -23,7 +23,8 @@ std::vector<std::string> Policy::allowed_ciphers() const
    allowed.push_back("AES-128");
    allowed.push_back("3DES");
    allowed.push_back("ARC4");
-   // Note that SEED and IDEA are not included by default
+
+   // Note that Camellia, SEED and IDEA are not included by default
 
    return allowed;
    }
@@ -121,6 +122,14 @@ class Ciphersuite_Preference_Ordering
                }
             }
 
+         if(a.cipher_keylen() != b.cipher_keylen())
+            {
+            if(a.cipher_keylen() < b.cipher_keylen())
+               return false;
+            if(a.cipher_keylen() > b.cipher_keylen())
+               return true;
+            }
+
          if(a.sig_algo() != b.sig_algo())
             {
             for(size_t i = 0; i != m_sigs.size(); ++i)