diff --git a/bin/Readme.md b/bin/Readme.md
index 2998804..5ec0e0e 100644
--- a/bin/Readme.md
+++ b/bin/Readme.md
@@ -1,136 +1,57 @@
-Binaries
-========
+# Binaries
-All the precompiled binaries provided here have extended support for
-everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
-export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
-features needed for testing. OTOH they also come with extended support
-for some new / advanced cipher suites and/or features which are not in the
-official branch like (old version of the) CHACHA20+POLY1305 and CAMELLIA 256 bit ciphers.
+The precompiled binaries provided in this directory have extended support for weak crypto which is normally not in OpenSSL
+or LibreSSL: 40+56 Bit, export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty features needed for
+testing if you just want to test with binaries. They also come with extended support for a few advanced cipher suites and/or
+features which are not in the official branch like (old version of the) CHACHA20+POLY1305 and CAMELLIA 256 bit ciphers.
-The (stripped) binaries this directory are all compiled from my openssl snapshot
-(https://github.com/testssl/openssl-1.0.2.bad) which adds a few bits to Peter
-Mosman's openssl fork (https://github.com/PeterMosmans/openssl). Thx a bunch, Peter!
-The few bits are IPv6 support (except IPV6 proxy) and some STARTTLS backports.
+# Security notices
-Compiled Linux and FreeBSD binaries so far come from Dirk, other
-contributors see ../CREDITS.md .
-
-The binaries here have the naming scheme ``openssl.$(uname).$(uname -m)``
-and will be picked up from testssl.sh if you run testssl.sh directly
-off the git directory. Otherwise you need ``testssl.sh`` to point to it
-via the argument (``--openssl=<here>``) or as an environment variable
-(``OPENSSL=<here> testssl.sh <yourargs>``).
-
-The Linux binaries with the trailing ``-krb5`` come with Kerberos 5 support,
-they won't be picked up automatically as you need to make sure first they
-run (see libraries below).
-
-Because I didn't want blow up the repo and waste disk spaces for others
-there are more binaries for other aerchitectures (ARM7l, Darwin.i386, ..
-here: https://testssl.sh/openssl-1.0.2k-chacha.pm.ipv6.Linux+FreeBSD.tar.gz
-and older ones here: https://testssl.sh/openssl-1.0.2i-chacha.pm.ipv6.contributed/ .
-
-As there is not darwin64-arm64-cc in the old branch there is not binary for
-that architecture either. (FYI: patch isn't big but isn't easy to backport).
+The important thing upfront: **DO NOT USE THESE BINARIES FOR PRODUCTION PURPOSES**, at least not on the server side. A lot of security restrictions have been removed because we want to test how bad the servers are.
-In general the usage of this binaries became more and more of a limited
-value: It doesn't support e.g. TLS 1.3 and newer TLS 1.2 ciphers. OTOH servers
-which only offer SSLv2 and SSLv3 became less common and we use for the
-majority of checks in testssl.sh sockets and not this binary.
+# General
+
+The (stripped) binaries this directory are all compiled from the [old OpenSSL snapshot](https://github.com/testssl/openssl-1.0.2.bad) which adds a few bits to [Peter
+Mosman's openssl fork](https://github.com/PeterMosmans/openssl). The few bits are IPv6 support (except IPV6 proxy) and some STARTTLS backports. More, see the [README.md](https://github.com/testssl/openssl-1.0.2.bad/README.md). Also, as of now, a few CVEs were fixed.
+
+Compiled Linux and FreeBSD binaries so far came from Dirk, other contributors see ../CREDITS.md . A few binaries were removed in the latest edition, which are Kerberos binaries and 32 Bit binaries. Those and binaries for more architectures can be retrieved from [contributed builds @ https://testssl.sh/](https://testssl.sh/contributed_binaries/). Those binaries are *not* stripped.
-Compiling and Usage Instructions
-================================
-
-General
--------
-
-Both 64+32 bit Linux binaries were compiled under Ubuntu 12.04 LTS(!). Likely you
-cannot use them for older distributions, younger worked in all my test environments
-(like Debian 11 and OpenSuse Tumbleweed on Q3/2022).
-
-I provide two sets of binaries:
-
-* completely statically linked binaries
-* dynamically linked binaries, additionally with MIT Kerberos support ("krb5" in the name).
- They provide also KRB5-* and EXP-KRB5-* support (in OpenSSL terminology, see krb5-ciphers.txt).
-
-For the latter you need a whopping bunch of kerberos runtime libraries which you maybe need to
-install from your distributor (libgssapi_krb5, libkrb5, libcom_err, libk5crypto, libkrb5support,
-libkeyutils). Despite the fact it's 2022 the openssl kerberos binary still works when compiled
-non-statically on a legacy VM. I didn't bother use static kerberos libs as they need to be
-compiled from source.
+## Compilation instructions
-Compilation instructions
-------------------------
-
-If you want to compile OpenSSL yourself, here are the instructions:
-
-1.)
- git git clone https://github.com/testssl/openssl-1.0.2-bad
- cd openssl
+See [https://github.com/testssl/openssl-1.0.2.bad/00-testssl-stuff/Readme.md](https://github.com/testssl/openssl-1.0.2.bad/00-testssl-stuff/Readme.md)
-2.) configure the damned thing. Options I used (see https://github.com/testssl/testssl.sh/blob/master/utils/make-openssl.sh)
-**for 64Bit including Kerberos ciphers:**
+## Conderations regarding binaries
- ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
- enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
- enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \
- --with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE
+testssl.sh has emerged a longer while back, so in general these binaries are not needed anymore as weak crypto is covered by bash sockets if the binary from the vendor can't handle weak crypto. In a future release they might be be retired, as they do not provide a overall benefit. Also static linking with glibc doesn't work as flawlessly these days anymore as it used to be,
-**for 64Bit, static binaries:**
+### Speed
- ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
- enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
- enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \
- -static experimental-jpake -DOPENSSL_USE_BUILD_DATE
+Checks using binaries instead of bash sockets run a bit faster. However when using a default run, this is within the error margin and also depends on what the server is offering for ciphers and protocols. Of course also local issues play a role because of issues like file system caching. Here is a quick comparison for defaults run started from one ok-ish/beefy Linux 8 core system to one server IP each:
-**for 32 Bit including Kerberos ciphers:**
+-----
- ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
- enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
- enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
- --with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE
+public server | remark | runtimes supplied openssl [s] | runtimes /usr/bin/openssl [s] |
+------------------|----------------------|-------------------------------| ------------------------------|
+testssl.sh | TLS 1.0 - 1.3 | 104, 77, 88, 97 | 106, 100, 95, 98
+testssl.net | no RSA ciph.,TLS>=1.2| 79, 76, 85, 80 | 73, 66, (107), 72
+heise.de | no TLS 1.0 | 102, 95, 104 | 98, 95, 99
+owasp.org | TLS >= 1.2 | 85, 96, 105 | 88, 97, 98
+vulnerable old system | SSLv3 - TLS 1.2 | 100, 104, 103 | 134, 138, 141
- **for 32 Bit, static binaries:**
+As you can see which binary you pick does not matter much. To start with: The standard deviation even for a single target can be much bigger -- only the last system is internal and not in the internet. And comparing different targets with respect to their runtime depends also what the server is offering in terms of ciphers, vulnerabilities etc. .
- ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
- enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
- enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
- -static experimental-jpake -DOPENSSL_USE_BUILD_DATE
+-----
-Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
-ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
-problems under some circumstances, so unless you desperately need those ciphers I would stay away from
-``-DTEMP_GOST_TLS``.
+### Capabilities
-If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit "--with-krb5-flavor=MIT"
-(see examples). If you have another Kerberos flavor you would need to figure out by yourself.
+For modern servers the usage of the binaries provided by our project might come also with a limited value: They don't support e.g. TLS 1.3 and lack newer TLS 1.2 ciphers. They do support SSLv2 through TLS 1.2 though but servers with deprecated or vulnerable protocols protocols became less common.
-3.) make depend
+One other thing worth to mention is that any binary can handle protocols on top of SSL/TLS better (or at all) once encrypted connection is established, like retrieving the HTTP header. OTOH as of 2024/2025 distributors/vendors however still support weaker crypto with TLS 1.0 or TLS 1.1, most of them even support SSLv3. That is possible with some tweaks which testssl.sh applies. So using older binaries like the ones in this directory are very often not needed.
-4.) make
-5.) make report (check whether it runs ok!)
-
-6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
-* 193(+4 GOST) ciphers including kerberos
-* 179(+4 GOST) ciphers without kerberos
-
-as opposed to ~162 from Ubuntu or Opensuse. Note that newer distributions provide
-newer ciphers which this old openssl-1.0.2-bad doesn't have. OTOH openssl-1.0.2-bad
-has a lot of legacy ciphers and protocols enabled which newer binaries don't have.
-
-**Never use these binaries for anything other than testing!**
-
-Enjoy, Dirk
-
-[1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29
-
-[2] http://fossies.org/linux/openssl/engines/ccgost/README.gost
diff --git a/bin/fedora-dirk-ipv6.diff b/bin/fedora-dirk-ipv6.diff
deleted file mode 100644
index 9e4ee24..0000000
--- a/bin/fedora-dirk-ipv6.diff
+++ /dev/null
@@ -1,531 +0,0 @@
---- a/apps/s_apps.h
-+++ b/apps/s_apps.h
-@@ -151,7 +151,7 @@ typedef fd_mask fd_set;
- #define PORT_STR "4433"
- #define PROTOCOL "tcp"
-
--int do_server(int port, int type, int *ret,
-+int do_server(char *port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept);
-@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SSL *s);
- int ssl_print_curves(BIO *out, SSL *s, int noshared);
- #endif
- int ssl_print_tmp_key(BIO *out, SSL *s);
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, char *port, int type);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-- short *p);
-+int extract_host_port(char *str, char **host_ptr, char **port_ptr);
-
- long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret);
-
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -678,7 +678,7 @@ int MAIN(int argc, char **argv)
- int cbuf_len, cbuf_off;
- int sbuf_len, sbuf_off;
- fd_set readfds, writefds;
-- short port = PORT;
-+ char *port_str = PORT_STR;
- char *http_proxy_str = NULL, *connect_str = NULL;
- int full_log = 1;
- char *host = SSL_HOST_NAME;
-@@ -803,9 +803,7 @@ int MAIN(int argc, char **argv)
- } else if (strcmp(*argv, "-port") == 0) {
- if (--argc < 1)
- goto bad;
-- port = atoi(*(++argv));
-- if (port == 0)
-- goto bad;
-+ port_str = *(++argv);
- } else if (strcmp(*argv, "-connect") == 0) {
- if (--argc < 1)
- goto bad;
-@@ -1156,10 +1154,10 @@ int MAIN(int argc, char **argv)
- }
-
- if (http_proxy_str) {
-- if (!extract_host_port(http_proxy_str, &host, NULL, &port))
-+ if (!extract_host_port(http_proxy_str, &host, &port_str))
- goto bad;
- } else if (connect_str) {
-- if (!extract_host_port(connect_str, &host, NULL, &port))
-+ if (!extract_host_port(connect_str, &host, &port_str))
- goto bad;
- }
-
-@@ -1456,7 +1454,7 @@ int MAIN(int argc, char **argv)
-
- re_start:
-
-- if (init_client(&s, host, port, socket_type) == 0) {
-+ if (init_client(&s, host, port_str, socket_type) == 0) {
- BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
- SHUTDOWN(s);
- goto end;
-
---- a/apps/s_server.c
-+++ b/apps/s_server.c
-@@ -1093,7 +1093,7 @@ int MAIN(int argc, char *argv[])
- {
- X509_VERIFY_PARAM *vpm = NULL;
- int badarg = 0;
-- short port = PORT;
-+ char *port_str = PORT_STR;
- char *CApath = NULL, *CAfile = NULL;
- char *chCApath = NULL, *chCAfile = NULL;
- char *vfyCApath = NULL, *vfyCAfile = NULL;
-@@ -1180,7 +1180,8 @@ int MAIN(int argc, char *argv[])
- if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
- if (--argc < 1)
- goto bad;
-- if (!extract_port(*(++argv), &port))
-+ port_str = *(++argv);
-+ if (port_str == NULL || *port_str == '\0')
- goto bad;
- } else if (strcmp(*argv, "-naccept") == 0) {
- if (--argc < 1)
-@@ -2056,13 +2057,13 @@ int MAIN(int argc, char *argv[])
- BIO_printf(bio_s_out, "ACCEPT\n");
- (void)BIO_flush(bio_s_out);
- if (rev)
-- do_server(port, socket_type, &accept_socket, rev_body, context,
-+ do_server(port_str, socket_type, &accept_socket, rev_body, context,
- naccept);
- else if (www)
-- do_server(port, socket_type, &accept_socket, www_body, context,
-+ do_server(port_str, socket_type, &accept_socket, www_body, context,
- naccept);
- else
-- do_server(port, socket_type, &accept_socket, sv_body, context,
-+ do_server(port_str, socket_type, &accept_socket, sv_body, context,
- naccept);
- print_stats(bio_s_out, ctx);
- ret = 0;
-
---- a/apps/s_socket.c
-+++ b/apps/s_socket.c
-@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(char *name);
- static void ssl_sock_cleanup(void);
- # endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port, char *ip, int type);
-+static int init_server(int *sock, char *port, int type);
- static int do_accept(int acc_sock, int *sock, char **host);
- static int host_ip(char *str, unsigned char ip[4]);
-
-@@ -231,65 +229,66 @@ static int ssl_sock_init(void)
- return (1);
- }
-
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, char *port, int type)
- {
-- unsigned char ip[4];
--
-- memset(ip, '\0', sizeof ip);
-- if (!host_ip(host, &(ip[0])))
-- return 0;
-- return init_client_ip(sock, ip, port, type);
--}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--{
-- unsigned long addr;
-- struct sockaddr_in them;
-- int s, i;
-+ struct addrinfo *res, *res0, hints;
-+ char *failed_call = NULL;
-+ int s;
-+ int e;
-
- if (!ssl_sock_init())
- return (0);
-
-- memset((char *)&them, 0, sizeof(them));
-- them.sin_family = AF_INET;
-- them.sin_port = htons((unsigned short)port);
-- addr = (unsigned long)
-- ((unsigned long)ip[0] << 24L) |
-- ((unsigned long)ip[1] << 16L) |
-- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
-- them.sin_addr.s_addr = htonl(addr);
--
-- if (type == SOCK_STREAM)
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-- else /* ( type == SOCK_DGRAM) */
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-+ memset(&hints, '\0', sizeof(hints));
-+ hints.ai_socktype = type;
-+ hints.ai_flags = AI_ADDRCONFIG;
-
-- if (s == INVALID_SOCKET) {
-- perror("socket");
-+ e = getaddrinfo(host, port, &hints, &res);
-+ if (e) {
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
-+ if (e == EAI_SYSTEM)
-+ perror("getaddrinfo");
- return (0);
- }
-+
-+ res0 = res;
-+ while (res) {
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-+ if (s == INVALID_SOCKET) {
-+ failed_call = "socket";
-+ goto nextres;
-+ }
- # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-- if (type == SOCK_STREAM) {
-- i = 0;
-- i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
-- if (i < 0) {
-- closesocket(s);
-- perror("keepalive");
-- return (0);
-+ if (type == SOCK_STREAM) {
-+ int i = 0;
-+ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
-+ (char *)&i, sizeof(i));
-+ if (i < 0) {
-+ failed_call = "keepalive";
-+ goto nextres;
-+ }
- }
-- }
- # endif
-+ if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {
-+ freeaddrinfo(res0);
-+ *sock = s;
-+ return (1);
-+ }
-
-- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-- closesocket(s);
-- perror("connect");
-- return (0);
-+ failed_call = "socket";
-+ nextres:
-+ if (s != INVALID_SOCKET)
-+ close(s);
-+ res = res->ai_next;
- }
-- *sock = s;
-- return (1);
-+ freeaddrinfo(res0);
-+ closesocket(s);
-+
-+ perror(failed_call);
-+ return (0);
- }
-
--int do_server(int port, int type, int *ret,
-+int do_server(char *port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept)
-@@ -328,69 +327,89 @@ int do_server(int port, int type, int *ret,
- }
- }
-
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server(int *sock, char *port, int type)
- {
-- int ret = 0;
-- struct sockaddr_in server;
-- int s = -1;
-+ struct addrinfo *res, *res0 = NULL, hints;
-+ char *failed_call = NULL;
-+ int s = INVALID_SOCKET;
-+ int e;
-
- if (!ssl_sock_init())
- return (0);
-
-- memset((char *)&server, 0, sizeof(server));
-- server.sin_family = AF_INET;
-- server.sin_port = htons((unsigned short)port);
-- if (ip == NULL)
-- server.sin_addr.s_addr = INADDR_ANY;
-- else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--# ifndef BIT_FIELD_LIMITS
-- memcpy(&server.sin_addr.s_addr, ip, 4);
--# else
-- memcpy(&server.sin_addr, ip, 4);
--# endif
--
-- if (type == SOCK_STREAM)
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-- else /* type == SOCK_DGRAM */
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-+ memset(&hints, '\0', sizeof(hints));
-+ hints.ai_family = AF_INET6;
-+ tryipv4:
-+ hints.ai_socktype = type;
-+ hints.ai_flags = AI_PASSIVE;
-+
-+ e = getaddrinfo(NULL, port, &hints, &res);
-+ if (e) {
-+ if (hints.ai_family == AF_INET) {
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
-+ if (e == EAI_SYSTEM)
-+ perror("getaddrinfo");
-+ return (0);
-+ } else
-+ res = NULL;
-+ }
-
-- if (s == INVALID_SOCKET)
-- goto err;
-+ res0 = res;
-+ while (res) {
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-+ if (s == INVALID_SOCKET) {
-+ failed_call = "socket";
-+ goto nextres;
-+ }
-+ if (hints.ai_family == AF_INET6) {
-+ int j = 0;
-+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j);
-+ }
- # if defined SOL_SOCKET && defined SO_REUSEADDR
-- {
-- int j = 1;
-- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
-- }
--# endif
-- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
--# ifndef OPENSSL_SYS_WINDOWS
-- perror("bind");
-+ {
-+ int j = 1;
-+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
-+ }
- # endif
-- goto err;
-+
-+ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
-+ failed_call = "bind";
-+ goto nextres;
-+ }
-+ if (type == SOCK_STREAM && listen(s, 128) == -1) {
-+ failed_call = "listen";
-+ goto nextres;
-+ }
-+
-+ *sock = s;
-+ return (1);
-+
-+ nextres:
-+ if (s != INVALID_SOCKET)
-+ close(s);
-+ res = res->ai_next;
- }
-- /* Make it 128 for linux */
-- if (type == SOCK_STREAM && listen(s, 128) == -1)
-- goto err;
-- *sock = s;
-- ret = 1;
-- err:
-- if ((ret == 0) && (s != -1)) {
-- SHUTDOWN(s);
-+ if (res0)
-+ freeaddrinfo(res0);
-+
-+ if (s == INVALID_SOCKET) {
-+ if (hints.ai_family == AF_INET6) {
-+ hints.ai_family = AF_INET;
-+ goto tryipv4;
-+ }
-+ perror("socket");
-+ return (0);
- }
-- return (ret);
--}
-
--static int init_server(int *sock, int port, int type)
--{
-- return (init_server_long(sock, port, NULL, type));
-+ perror(failed_call);
-+ return (0);
- }
-
- static int do_accept(int acc_sock, int *sock, char **host)
- {
-+ static struct sockaddr_storage from;
-+ char buffer[NI_MAXHOST];
- int ret;
-- struct hostent *h1, *h2;
-- static struct sockaddr_in from;
- int len;
- /* struct linger ling; */
-
-@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *sock, char **host)
- ling.l_onoff=1;
- ling.l_linger=0;
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
-- if (i < 0) { perror("linger"); return(0); }
-+ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
- i=0;
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-- if (i < 0) { perror("keepalive"); return(0); }
-+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
- */
-
- if (host == NULL)
- goto end;
--# ifndef BIT_FIELD_LIMITS
-- /* I should use WSAAsyncGetHostByName() under windows */
-- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
-- sizeof(from.sin_addr.s_addr), AF_INET);
--# else
-- h1 = gethostbyaddr((char *)&from.sin_addr,
-- sizeof(struct in_addr), AF_INET);
--# endif
-- if (h1 == NULL) {
-- BIO_printf(bio_err, "bad gethostbyaddr\n");
-+
-+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
-+ buffer, sizeof(buffer), NULL, 0, 0)) {
-+ BIO_printf(bio_err, "getnameinfo failed\n");
- *host = NULL;
- /* return(0); */
- } else {
-- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
-+ if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) {
- perror("OPENSSL_malloc");
- closesocket(ret);
- return (0);
- }
-- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
--
-- h2 = GetHostByName(*host);
-- if (h2 == NULL) {
-- BIO_printf(bio_err, "gethostbyname failure\n");
-- closesocket(ret);
-- return (0);
-- }
-- if (h2->h_addrtype != AF_INET) {
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-- closesocket(ret);
-- return (0);
-- }
-+ strcpy(*host, buffer);
- }
- end:
- *sock = ret;
- return (1);
- }
-
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-- short *port_ptr)
-+int extract_host_port(char *str, char **host_ptr, char **port_ptr)
- {
-- char *h, *p;
--
-- h = str;
-- p = strchr(str, ':');
-+ char *h, *p, *x;
-+
-+ x = h = str;
-+ if (*h == '[') {
-+ h++;
-+ p = strchr(h, ']');
-+ if (p == NULL) {
-+ BIO_printf(bio_err, "no ending bracket for IPv6 address\n");
-+ return (0);
-+ }
-+ *(p++) = '\0';
-+ x = p;
-+ }
-+ p = strchr(x, ':');
- if (p == NULL) {
- BIO_printf(bio_err, "no port defined\n");
- return (0);
- }
- *(p++) = '\0';
-
-- if ((ip != NULL) && !host_ip(str, ip))
-- goto err;
- if (host_ptr != NULL)
- *host_ptr = h;
-+ if (port_ptr != NULL)
-+ *port_ptr = p;
-
-- if (!extract_port(p, port_ptr))
-- goto err;
-- return (1);
-- err:
-- return (0);
--}
--
--static int host_ip(char *str, unsigned char ip[4])
--{
-- unsigned int in[4];
-- int i;
--
-- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
-- 4) {
-- for (i = 0; i < 4; i++)
-- if (in[i] > 255) {
-- BIO_printf(bio_err, "invalid IP address\n");
-- goto err;
-- }
-- ip[0] = in[0];
-- ip[1] = in[1];
-- ip[2] = in[2];
-- ip[3] = in[3];
-- } else { /* do a gethostbyname */
-- struct hostent *he;
--
-- if (!ssl_sock_init())
-- return (0);
--
-- he = GetHostByName(str);
-- if (he == NULL) {
-- BIO_printf(bio_err, "gethostbyname failure\n");
-- goto err;
-- }
-- /* cast to short because of win16 winsock definition */
-- if ((short)he->h_addrtype != AF_INET) {
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-- return (0);
-- }
-- ip[0] = he->h_addr_list[0][0];
-- ip[1] = he->h_addr_list[0][1];
-- ip[2] = he->h_addr_list[0][2];
-- ip[3] = he->h_addr_list[0][3];
-- }
-- return (1);
-- err:
-- return (0);
--}
--
--int extract_port(char *str, short *port_ptr)
--{
-- int i;
-- struct servent *s;
--
-- i = atoi(str);
-- if (i != 0)
-- *port_ptr = (unsigned short)i;
-- else {
-- s = getservbyname(str, "tcp");
-- if (s == NULL) {
-- BIO_printf(bio_err, "getservbyname failure for %s\n", str);
-- return (0);
-- }
-- *port_ptr = ntohs((unsigned short)s->s_port);
-- }
- return (1);
- }
-
diff --git a/bin/krb5-ciphers.diff b/bin/krb5-ciphers.diff
new file mode 100644
index 0000000..09e1366
--- /dev/null
+++ b/bin/krb5-ciphers.diff
@@ -0,0 +1,54 @@
+--- 1 2016-07-26 20:48:55.833389290 +0200
++++ 2 2016-07-26 20:48:48.531410884 +0200
+@@ -114,6 +114,8 @@
+ 0x03,0x00,0x80 - RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
+ 0x00,0x94 - RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
+ 0x00,0x8C - PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
++ 0x00,0x21 - KRB5-IDEA-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1
++ 0x00,0x25 - KRB5-IDEA-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5
+ 0xC0,0x11 - ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
+ 0xC0,0x07 - ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
+ 0x00,0x66 - DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
+@@ -126,6 +128,8 @@
+ 0x01,0x00,0x80 - RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
+ 0x00,0x92 - RSA-PSK-RC4-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=RC4(128) Mac=SHA1
+ 0x00,0x8A - PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
++ 0x00,0x20 - KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
++ 0x00,0x24 - KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
+ 0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
+ 0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
+ 0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
+@@ -143,6 +147,8 @@
+ 0x07,0x00,0xC0 - DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
+ 0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=3DES(168) Mac=SHA1
+ 0x00,0x8B - PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
++ 0x00,0x1F - KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
++ 0x00,0x23 - KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
+ 0x08,0x00,0x80 - RC4-64-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5
+ 0x00,0x63 - EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export
+ 0x00,0x15 - EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
+@@ -154,6 +160,8 @@
+ 0x00,0x09 - DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
+ 0x00,0x61 - EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export
+ 0x06,0x00,0x40 - DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
++ 0x00,0x1E - KRB5-DES-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=SHA1
++ 0x00,0x22 - KRB5-DES-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=MD5
+ 0x00,0x65 - EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
+ 0x00,0x64 - EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
+ 0x00,0x60 - EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export
+@@ -165,9 +173,15 @@
+ 0x00,0x08 - EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
+ 0x00,0x06 - EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
+ 0x04,0x00,0x80 - EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
++ 0x00,0x27 - EXP-KRB5-RC2-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=SHA1 export
++ 0x00,0x26 - EXP-KRB5-DES-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=SHA1 export
++ 0x00,0x2A - EXP-KRB5-RC2-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=MD5 export
++ 0x00,0x29 - EXP-KRB5-DES-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=MD5 export
+ 0x00,0x17 - EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
+ 0x00,0x03 - EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+ 0x02,0x00,0x80 - EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
++ 0x00,0x28 - EXP-KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=SHA1 export
++ 0x00,0x2B - EXP-KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=MD5 export
+ 0xC0,0x10 - ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
+ 0xC0,0x06 - ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
+ 0xC0,0x15 - AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
diff --git a/bin/new-ciphers.diffed2vanilla.txt b/bin/new-ciphers.diffed2vanilla.txt
deleted file mode 100644
index e3984ad..0000000
--- a/bin/new-ciphers.diffed2vanilla.txt
+++ /dev/null
@@ -1,102 +0,0 @@
---- ../openssl-1.0.2-vanilla/openssl-Vall.krb.txt 2015-02-10 12:09:00.514718127 +0100
-+++ openssl-Vall.krb.txt 2015-02-05 09:10:28.019920543 +0100
-@@ -1,9 +1,11 @@
-
-+ 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD
-+ 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD
-+ 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD
- 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
-@@ -22,6 +26,12 @@
- 0x00,0x38 - DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
- 0x00,0x37 - DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1
- 0x00,0x36 - DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1
-+ 0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
-+ 0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
-+ 0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
-+ 0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
-+ 0x00,0xC2 - DH-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA256
-+ 0x00,0xC1 - DH-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA256
- 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
- 0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
- 0x00,0x86 - DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1
-@@ -30,6 +40,7 @@
- 0x00,0xA7 - ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
- 0x00,0x6D - ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
- 0x00,0x3A - ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
-+ 0x00,0xC5 - ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
- 0x00,0x89 - ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
- 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
-@@ -37,10 +48,14 @@
- 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
- 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
- 0xC0,0x05 - ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
-+ 0xC0,0x79 - ECDH-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(256) Mac=SHA384
-+ 0xC0,0x75 - ECDH-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(256) Mac=SHA384
- 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
- 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
-+ 0x00,0xC0 - CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
- 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
-+ 0x00,0x95 - RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
- 0x00,0x8D - PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
- 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
-@@ -63,6 +78,12 @@
- 0x00,0x32 - DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
- 0x00,0x31 - DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1
- 0x00,0x30 - DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1
-+ 0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
-+ 0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBC - DH-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBB - DH-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA256
- 0x00,0x9A - DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
- 0x00,0x99 - DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
- 0x00,0x98 - DH-RSA-SEED-SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1
-@@ -75,6 +96,7 @@
- 0x00,0xA6 - ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
- 0x00,0x6C - ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
- 0x00,0x34 - ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
-+ 0x00,0xBF - ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
- 0x00,0x9B - ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
- 0x00,0x46 - ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
- 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
-@@ -83,14 +105,18 @@
- 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
- 0xC0,0x0E - ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
- 0xC0,0x04 - ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
-+ 0xC0,0x78 - ECDH-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(128) Mac=SHA256
-+ 0xC0,0x74 - ECDH-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(128) Mac=SHA256
- 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
- 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
-+ 0x00,0xBA - CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
- 0x00,0x96 - SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
- 0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
- 0x00,0x07 - IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
- 0x05,0x00,0x80 - IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
- 0x03,0x00,0x80 - RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
-+ 0x00,0x94 - RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
- 0x00,0x8C - PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
- 0x00,0x21 - KRB5-IDEA-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1
- 0x00,0x25 - KRB5-IDEA-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5
-@@ -104,6 +130,7 @@
- 0x00,0x05 - RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
- 0x00,0x04 - RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- 0x01,0x00,0x80 - RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
-+ 0x00,0x92 - RSA-PSK-RC4-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=RC4(128) Mac=SHA1
- 0x00,0x8A - PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
- 0x00,0x20 - KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
- 0x00,0x24 - KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
-@@ -122,6 +149,7 @@
- 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
- 0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
- 0x07,0x00,0xC0 - DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
-+ 0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=3DES(168) Mac=SHA1
- 0x00,0x8B - PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
- 0x00,0x1F - KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
- 0x00,0x23 - KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
diff --git a/bin/new-ciphers.std_distro.txt b/bin/new-ciphers.std_distro.txt
deleted file mode 100644
index dc1c4d3..0000000
--- a/bin/new-ciphers.std_distro.txt
+++ /dev/null
@@ -1,188 +0,0 @@
---- /tmp/opensuse-13.1.ciphers.txt 2015-02-05 09:11:54.027069707 +0100
-+++ /tmp/openssl-Vall.krb.txt 2015-02-05 09:12:54.837467962 +0100
-@@ -1,3 +1,6 @@
-+ 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD
-+ 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD
-+ 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD
- 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
-@@ -7,18 +10,33 @@
- 0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
- 0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
- 0xC0,0x20 - SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
-+ 0x00,0xA5 - DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD
- 0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
-+ 0x00,0xA1 - DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD
- 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
- 0x00,0x6A - DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
-+ 0x00,0x69 - DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256
-+ 0x00,0x68 - DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256
- 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
- 0x00,0x38 - DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
-+ 0x00,0x37 - DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1
-+ 0x00,0x36 - DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1
-+ 0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
-+ 0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
-+ 0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
-+ 0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
-+ 0x00,0xC2 - DH-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA256
-+ 0x00,0xC1 - DH-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA256
- 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
- 0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
-+ 0x00,0x86 - DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1
-+ 0x00,0x85 - DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1
- 0xC0,0x19 - AECDH-AES256-SHA SSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
- 0x00,0xA7 - ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
- 0x00,0x6D - ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
- 0x00,0x3A - ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
-+ 0x00,0xC5 - ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
- 0x00,0x89 - ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
- 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
-@@ -26,10 +44,14 @@
- 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
- 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
- 0xC0,0x05 - ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
-+ 0xC0,0x79 - ECDH-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(256) Mac=SHA384
-+ 0xC0,0x75 - ECDH-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(256) Mac=SHA384
- 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
- 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
-+ 0x00,0xC0 - CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
- 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
-+ 0x00,0x95 - RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
- 0x00,0x8D - PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
- 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
-@@ -40,20 +62,37 @@
- 0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
- 0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
- 0xC0,0x1D - SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
-+ 0x00,0xA4 - DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD
- 0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
-+ 0x00,0xA0 - DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD
- 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
- 0x00,0x40 - DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
-+ 0x00,0x3F - DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256
-+ 0x00,0x3E - DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256
- 0x00,0x33 - DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
- 0x00,0x32 - DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
-+ 0x00,0x31 - DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1
-+ 0x00,0x30 - DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1
-+ 0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
-+ 0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBC - DH-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA256
-+ 0x00,0xBB - DH-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA256
- 0x00,0x9A - DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
- 0x00,0x99 - DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
-+ 0x00,0x98 - DH-RSA-SEED-SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1
-+ 0x00,0x97 - DH-DSS-SEED-SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1
- 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
- 0x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
-+ 0x00,0x43 - DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1
-+ 0x00,0x42 - DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1
- 0xC0,0x18 - AECDH-AES128-SHA SSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
- 0x00,0xA6 - ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
- 0x00,0x6C - ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
- 0x00,0x34 - ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
-+ 0x00,0xBF - ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
- 0x00,0x9B - ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
- 0x00,0x46 - ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
- 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
-@@ -62,15 +101,24 @@
- 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
- 0xC0,0x0E - ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
- 0xC0,0x04 - ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
-+ 0xC0,0x78 - ECDH-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(128) Mac=SHA256
-+ 0xC0,0x74 - ECDH-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(128) Mac=SHA256
- 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
- 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
-+ 0x00,0xBA - CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
- 0x00,0x96 - SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
- 0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
-+ 0x00,0x07 - IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
-+ 0x05,0x00,0x80 - IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
- 0x03,0x00,0x80 - RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
-+ 0x00,0x94 - RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
- 0x00,0x8C - PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
-+ 0x00,0x21 - KRB5-IDEA-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1
-+ 0x00,0x25 - KRB5-IDEA-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5
- 0xC0,0x11 - ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
- 0xC0,0x07 - ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
-+ 0x00,0x66 - DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
- 0xC0,0x16 - AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1
- 0x00,0x18 - ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5
- 0xC0,0x0C - ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1
-@@ -78,7 +126,10 @@
- 0x00,0x05 - RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
- 0x00,0x04 - RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- 0x01,0x00,0x80 - RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
-+ 0x00,0x92 - RSA-PSK-RC4-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=RC4(128) Mac=SHA1
- 0x00,0x8A - PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
-+ 0x00,0x20 - KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
-+ 0x00,0x24 - KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
- 0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
- 0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
- 0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
-@@ -86,24 +137,55 @@
- 0xC0,0x1A - SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
- 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
- 0x00,0x13 - EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
-+ 0x00,0x10 - DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1
-+ 0x00,0x0D - DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1
- 0xC0,0x17 - AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1
- 0x00,0x1B - ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
- 0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
- 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
- 0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
- 0x07,0x00,0xC0 - DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
-+ 0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=3DES(168) Mac=SHA1
- 0x00,0x8B - PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
-+ 0x00,0x1F - KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
-+ 0x00,0x23 - KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
-+ 0x08,0x00,0x80 - RC4-64-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5
-+ 0x00,0x63 - EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export
- 0x00,0x15 - EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
- 0x00,0x12 - EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
-+ 0x00,0x0F - DH-RSA-DES-CBC-SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(56) Mac=SHA1
-+ 0x00,0x0C - DH-DSS-DES-CBC-SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(56) Mac=SHA1
- 0x00,0x1A - ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1
-+ 0x00,0x62 - EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
- 0x00,0x09 - DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
- 0x06,0x00,0x40 - DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
-+ 0x00,0x1E - KRB5-DES-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=SHA1
-+ 0x00,0x22 - KRB5-DES-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(56) Mac=MD5
-+ 0x00,0x65 - EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
-+ 0x00,0x64 - EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
- 0x00,0x14 - EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
- 0x00,0x11 - EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
-+ 0x00,0x0E - EXP-DH-RSA-DES-CBC-SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(40) Mac=SHA1 export
-+ 0x00,0x0B - EXP-DH-DSS-DES-CBC-SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(40) Mac=SHA1 export
- 0x00,0x19 - EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
- 0x00,0x08 - EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
- 0x00,0x06 - EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
- 0x04,0x00,0x80 - EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
-+ 0x00,0x27 - EXP-KRB5-RC2-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=SHA1 export
-+ 0x00,0x26 - EXP-KRB5-DES-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=SHA1 export
-+ 0x00,0x2A - EXP-KRB5-RC2-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=MD5 export
-+ 0x00,0x29 - EXP-KRB5-DES-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=MD5 export
- 0x00,0x17 - EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
- 0x00,0x03 - EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
- 0x02,0x00,0x80 - EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
-+ 0x00,0x28 - EXP-KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=SHA1 export
-+ 0x00,0x2B - EXP-KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=MD5 export
-+ 0xC0,0x10 - ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
-+ 0xC0,0x06 - ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
-+ 0xC0,0x15 - AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
-+ 0xC0,0x0B - ECDH-RSA-NULL-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=None Mac=SHA1
-+ 0xC0,0x01 - ECDH-ECDSA-NULL-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=None Mac=SHA1
-+ 0x00,0x3B - NULL-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256
-+ 0x00,0x02 - NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
-+ 0x00,0x01 - NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
-+ 0x00,0x00,0x00 - NULL-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=None Mac=MD5 export
diff --git a/bin/openssl-Vall.krb.txt b/bin/openssl-Vall.krb.txt
deleted file mode 100644
index 72d24f6..0000000
--- a/bin/openssl-Vall.krb.txt
+++ /dev/null
@@ -1,144 +0,0 @@
-rks@laptop:~/git.testssl.sh/bin|0% ./openssl.Linux.x86_64.krb5 ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
-193
-dirks@laptop:~/git.testssl.sh/bin|0% ./openssl.Linux.x86_64.krb5 ciphers -V
- 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305-OLD TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD
- 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305-OLD TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD
- 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305-OLD TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD
- 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
- 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
- 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
- 0xC0,0x0A - ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
- 0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
- 0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
- 0xC0,0x20 - SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
- 0x00,0xA5 - DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD
- 0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
- 0x00,0xA1 - DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD
- 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
- 0x00,0x6A - DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
- 0x00,0x69 - DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256
- 0x00,0x68 - DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256
- 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
- 0x00,0x38 - DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
- 0x00,0x37 - DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1
- 0x00,0x36 - DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1
- 0xC0,0x77 - ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
- 0xC0,0x73 - ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
- 0x00,0xC4 - DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
- 0x00,0xC3 - DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
- 0x00,0xC2 - DH-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA256
- 0x00,0xC1 - DH-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA256
- 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
- 0x00,0x87 - DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
- 0x00,0x86 - DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1
- 0x00,0x85 - DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1
- 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
- 0xC0,0x2A - ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
- 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
- 0xC0,0x0F - ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
- 0xC0,0x05 - ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
- 0xC0,0x79 - ECDH-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(256) Mac=SHA384
- 0xC0,0x75 - ECDH-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(256) Mac=SHA384
- 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
- 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
- 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
- 0x00,0xC0 - CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
- 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
- 0x00,0x95 - RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
- 0x00,0x8D - PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
- 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
- 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
- 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
- 0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
- 0xC0,0x09 - ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
- 0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
- 0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
- 0xC0,0x1D - SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
- 0x00,0xA4 - DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD
- 0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
- 0x00,0xA0 - DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD
- 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
- 0x00,0x40 - DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
- 0x00,0x3F - DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256
- 0x00,0x3E - DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256
- 0x00,0x33 - DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
- 0x00,0x32 - DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
- 0x00,0x31 - DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1
- 0x00,0x30 - DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1
- 0xC0,0x76 - ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
- 0xC0,0x72 - ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
- 0x00,0xBE - DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
- 0x00,0xBD - DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
- 0x00,0xBC - DH-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA256
- 0x00,0xBB - DH-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA256
- 0x00,0x9A - DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
- 0x00,0x99 - DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
- 0x00,0x98 - DH-RSA-SEED-SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1
- 0x00,0x97 - DH-DSS-SEED-SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1
- 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
- 0x00,0x44 - DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
- 0x00,0x43 - DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1
- 0x00,0x42 - DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1
- 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
- 0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
- 0xC0,0x29 - ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
- 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
- 0xC0,0x0E - ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
- 0xC0,0x04 - ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
- 0xC0,0x78 - ECDH-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=Camellia(128) Mac=SHA256
- 0xC0,0x74 - ECDH-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=Camellia(128) Mac=SHA256
- 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
- 0x00,0x3C - AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
- 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
- 0x00,0xBA - CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
- 0x00,0x96 - SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
- 0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
- 0x00,0x07 - IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
- 0x00,0x94 - RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
- 0x00,0x8C - PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
- 0x00,0x21 - KRB5-IDEA-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1
- 0x00,0x25 - KRB5-IDEA-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5
- 0xC0,0x11 - ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
- 0xC0,0x07 - ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
- 0x00,0x66 - DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
- 0xC0,0x0C - ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1
- 0xC0,0x02 - ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1
- 0x00,0x05 - RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
- 0x00,0x04 - RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- 0x00,0x92 - RSA-PSK-RC4-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=RC4(128) Mac=SHA1
- 0x00,0x8A - PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
- 0x00,0x20 - KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
- 0x00,0x24 - KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
- 0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
- 0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
- 0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
- 0xC0,0x1B - SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1
- 0xC0,0x1A - SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
- 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
- 0x00,0x13 - EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
- 0x00,0x10 - DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1
- 0x00,0x0D - DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1
- 0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
- 0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
- 0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
- 0x00,0x93 - RSA-PSK-3DES-EDE-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=3DES(168) Mac=SHA1
- 0x00,0x8B - PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
- 0x00,0x1F - KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
- 0x00,0x23 - KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
-dirks@laptop:~/git.testssl.sh/bin|0% ./openssl.Linux.x86_64.krb5 version -a
-OpenSSL 1.0.2-chacha (1.0.2i-dev)
-built on: Wed Jun 22 19:36:39 2016
-platform: linux-x86_64
-options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
-compiler: gcc -I. -I.. -I../include -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DOPENSSL_USE_BUILD_DATE -DOPENSSL_USE_IPV6 -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
-OPENSSLDIR: "/etc/ssl"
-dirks@laptop:~/git.testssl.sh/bin|0% file ./openssl.Linux.x86_64.krb5
-./openssl.Linux.x86_64.krb5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=ce0bf02cb481d9c5a855571b057f1d4b07039995, stripped
-dirks@laptop:~/git.testssl.sh/bin|0%
-
diff --git a/bin/openssl.FreeBSD.amd64 b/bin/openssl.FreeBSD.amd64
index be1a255..4d4cb80 100755
Binary files a/bin/openssl.FreeBSD.amd64 and b/bin/openssl.FreeBSD.amd64 differ
diff --git a/bin/openssl.Linux.i686 b/bin/openssl.Linux.i686
deleted file mode 100755
index 42e282a..0000000
Binary files a/bin/openssl.Linux.i686 and /dev/null differ
diff --git a/bin/openssl.Linux.x86_64 b/bin/openssl.Linux.x86_64
index 2bc45e6..9b69af8 100755
Binary files a/bin/openssl.Linux.x86_64 and b/bin/openssl.Linux.x86_64 differ
diff --git a/bin/openssl.Linux.x86_64.krb b/bin/openssl.Linux.x86_64.krb
deleted file mode 100755
index 4b436d6..0000000
Binary files a/bin/openssl.Linux.x86_64.krb and /dev/null differ