Bug 938369: Use official IANA cipher suite names, r=emaldona NSS_3_16_BETA5
authorBrian Smith <brian@briansmith.org>
Sun, 09 Mar 2014 19:29:14 -0700
changeset 11077 ab3a00d03c39b4c284a1ca71c99ae399f20ea266
parent 11076 d687ce0acfe13940c60f1f76726686ceb11f6cb9
child 11078 6cfb24e39dea38da8f9b9dd12f7a8b7188bd2f04
push id328
push userbrian@briansmith.org
push dateMon, 10 Mar 2014 02:44:18 +0000
reviewersemaldona
bugs938369
Bug 938369: Use official IANA cipher suite names, r=emaldona
cmd/selfserv/selfserv.c
cmd/ssltap/ssltap.c
cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c
cmd/vfyserv/vfyserv.c
cmd/vfyserv/vfyutil.c
coreconf/config.mk
lib/ssl/derive.c
lib/ssl/dtlscon.c
lib/ssl/ssl3con.c
lib/ssl/sslenum.c
lib/ssl/sslinfo.c
lib/ssl/sslproto.h
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -102,40 +102,40 @@ const int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,			/* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,		/* F */
     0
 };
 
 const int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, 	 * o */
-    -1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
-    -1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
-    -1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
-    -1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
+    -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
+    -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
+    -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
+    -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
     -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA,	 * t */
     -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA,	 * u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA,	 * w */
     -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA,	 * x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 /* data and structures for shutdown */
 static int	stopping;
 
 static PRBool  noDelay;
 static int     requestCert;
@@ -1927,19 +1927,19 @@ server_main(
             errExit("SSL_OptionSet SSL_NO_CACHE");
         }
     }
 
     /* This cipher is not on by default. The Acceptance test
      * would like it to be. Turn this cipher on.
      */
 
-    secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+    secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE);
     if ( secStatus != SECSuccess ) {
-	errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
+	errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
     }
 
     if (expectedHostNameVal) {
         SSL_HandshakeCallback(model_sock, handshakeCallback,
                               (void*)expectedHostNameVal);
     }
 
     if (requestCert) {
--- a/cmd/ssltap/ssltap.c
+++ b/cmd/ssltap/ssltap.c
@@ -488,23 +488,23 @@ const char * helloExtensionNameString(in
   default: sprintf(buf, "%d", ex_num);  ex_name = (const char *)buf; break;
   }
 
   return ex_name;
 }
 
 static int isNULLmac(int cs_int)
 {
-    return (cs_int == SSL_NULL_WITH_NULL_NULL); 
+    return (cs_int == TLS_NULL_WITH_NULL_NULL);
 }
 
 static int isNULLcipher(int cs_int)
 {
- return ((cs_int == SSL_RSA_WITH_NULL_MD5) ||
-         (cs_int == SSL_RSA_WITH_NULL_SHA) ||
+ return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
+         (cs_int == TLS_RSA_WITH_NULL_SHA) ||
          (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDH_RSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDHE_RSA_WITH_NULL_SHA));
 } 
 
 void partial_packet(int thispacket, int size, int needed)
--- a/cmd/strsclnt/strsclnt.c
+++ b/cmd/strsclnt/strsclnt.c
@@ -54,40 +54,40 @@ int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,                 /* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,           /* F */
     0
 };
 
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
-    SSL_RSA_WITH_RC4_128_MD5,                   /* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
-    SSL_RSA_WITH_DES_CBC_SHA,                   /* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
+    TLS_RSA_WITH_RC4_128_MD5,                   /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,                   /* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
-    SSL_RSA_WITH_NULL_MD5,                      /* i */
+    TLS_RSA_WITH_NULL_MD5,                      /* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,         /* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,              /* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,		/* m */
-    SSL_RSA_WITH_RC4_128_SHA,                   /* n */
+    TLS_RSA_WITH_RC4_128_SHA,                   /* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 #define NO_FULLHS_PERCENTAGE -1
 
 /* This global string is so that client main can see 
  * which ciphers to use. 
  */
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -63,40 +63,40 @@ int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,			/* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,		/* F */
     0
 };
 
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 unsigned long __cmp_umuls;
 PRBool verbose;
 int renegotiationsToDo = 0;
 int renegotiationsDone = 0;
 
--- a/cmd/vfyserv/vfyserv.c
+++ b/cmd/vfyserv/vfyserv.c
@@ -492,17 +492,17 @@ main(int argc, char **argv)
                     goto cleanup;
                 }
             }
 	}
 
 	/* All cipher suites except RSA_NULL_MD5 are enabled by 
 	 * Domestic Policy. */
 	NSS_SetDomesticPolicy();
-	SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
 
 	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
 	if (cipherString) {
 	    int ndx;
 
 	    /* disable all the ciphers, then enable the ones we want. */
 	    disableAllSSLCiphers();
 
--- a/cmd/vfyserv/vfyutil.c
+++ b/cmd/vfyserv/vfyutil.c
@@ -22,40 +22,40 @@ int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
     0
 };
 
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 /**************************************************************************
 ** 
 ** SSL callback routines.
 **
 **************************************************************************/
--- a/coreconf/config.mk
+++ b/coreconf/config.mk
@@ -180,8 +180,11 @@ endif
 # This allows all library and tools code to use the util function
 # implementations directly from libnssutil3, rather than the wrappers
 # in libnss3 which are present for binary compatibility only
 DEFINES += -DUSE_UTIL_DIRECTLY
 USE_UTIL_DIRECTLY = 1
 
 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
 DEFINES += -DNO_NSPR_10_SUPPORT
+
+# Hide old, deprecated, TLS cipher suite names when building NSS
+DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
--- a/lib/ssl/derive.c
+++ b/lib/ssl/derive.c
@@ -629,31 +629,31 @@ SSL_CanBypass(CERTCertificate *cert, SEC
     srvPubkey = CERT_ExtractPublicKey(cert);
     if (!srvPubkey)
         return SECFailure;
 	
     *pcanbypass = PR_TRUE;
     rv = SECFailure;
     
     /* determine which KEAs to test */
-    /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
+    /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
      * SSL3 and TLS specs forbid negotiating that cipher suite number.
      */
     for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
 	/* skip SSL2 cipher suites and ones NSS doesn't support */
 	if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess
 	    || SSL_IS_SSL2_CIPHER(suite) )
 	    continue;
 	switch (csdef.keaType) {
 	case ssl_kea_rsa:
 	    switch (csdef.cipherSuite) {
 	    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
 	    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
-	    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-	    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
 		testrsa_export = PR_TRUE;
 	    }
 	    if (!testrsa_export)
 		testrsa = PR_TRUE;
 	    break;
 	case ssl_kea_ecdh:
 	    if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
 		testecdhe = PR_TRUE;
--- a/lib/ssl/dtlscon.c
+++ b/lib/ssl/dtlscon.c
@@ -34,20 +34,20 @@ static const ssl3CipherSuite nonDTLSSuit
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 #endif /* NSS_DISABLE_ECC */
     TLS_DHE_DSS_WITH_RC4_128_SHA,
 #ifndef NSS_DISABLE_ECC
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
 #endif /* NSS_DISABLE_ECC */
-    SSL_RSA_WITH_RC4_128_MD5,
-    SSL_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_RC4_128_SHA,
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
     0 /* End of list marker */
 };
 
 /* Map back and forth between TLS and DTLS versions in wire format.
  * Mapping table is:
  *
  * TLS             DTLS
  * 1.1 (0302)      1.0 (feff)
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -113,18 +113,18 @@ static ssl3CipherSuiteCfg cipherSuites[s
  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
 #ifndef NSS_DISABLE_ECC
  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -138,44 +138,44 @@ static ssl3CipherSuiteCfg cipherSuites[s
  { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 
  /* 56-bit DES "domestic" cipher suites */
- { SSL_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_DES_CBC_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 1024-bit public key exchange keys */
  { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 512-bit public key exchange keys */
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* ciphersuites with no encryption */
 #ifndef NSS_DISABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_NULL_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
 #endif /* NSS_DISABLE_ECC */
- { SSL_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
 };
 
 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
  */
 #ifdef DEBUG
 void ssl3_CheckCipherSuiteOrderConsistency()
 {
     unsigned int i;
@@ -308,59 +308,59 @@ static const ssl3KEADef kea_defs[] =
 #endif /* NSS_DISABLE_ECC */
 };
 
 /* must use ssl_LookupCipherSuiteDef to access */
 static const ssl3CipherSuiteDef cipher_suite_defs[] = 
 {
 /*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg */
 
-    {SSL_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
-    {SSL_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
-    {SSL_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
+    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
+    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
+    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
     {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
-    {SSL_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
-    {SSL_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
+    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
+    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
                                     cipher_rc2_40, mac_md5, kea_rsa_export},
 #if 0 /* not implemented */
-    {SSL_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_rsa_export},
 #endif
-    {SSL_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
-    {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
-    {SSL_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
-    {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
+    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
+    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
+    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_dss},
     {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss},
 #if 0 /* not implemented */
-    {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
-    {SSL_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
-    {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
+    {TLS_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
+    {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
-    {SSL_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
-    {SSL_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
-    {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
+    {TLS_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
+    {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
 #endif
-    {SSL_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
-    {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
+    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_rsa},
 #if 0
     {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
-    {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_anon_export},
-    {SSL_DH_ANON_DES_CBC_SHA,       cipher_des,    mac_sha, kea_dh_anon},
-    {SSL_DH_ANON_3DES_CBC_SHA,      cipher_3des,   mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des,   mac_sha, kea_dh_anon},
 #endif
 
 
 /* New TLS cipher suites */
     {TLS_RSA_WITH_AES_128_CBC_SHA,     	cipher_aes_128, mac_sha, kea_rsa},
     {TLS_RSA_WITH_AES_128_CBC_SHA256,	cipher_aes_128, hmac_sha256, kea_rsa},
     {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dhe_dss},
     {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dhe_rsa},
@@ -368,20 +368,20 @@ static const ssl3CipherSuiteDef cipher_s
     {TLS_RSA_WITH_AES_256_CBC_SHA,     	cipher_aes_256, mac_sha, kea_rsa},
     {TLS_RSA_WITH_AES_256_CBC_SHA256,	cipher_aes_256, hmac_sha256, kea_rsa},
     {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dhe_dss},
     {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dhe_rsa},
     {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa},
 #if 0
     {TLS_DH_DSS_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
     {TLS_DH_DSS_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
 #endif
 
     {TLS_RSA_WITH_SEED_CBC_SHA,	    cipher_seed,   mac_sha, kea_rsa},
 
     {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
     {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
      cipher_camellia_128, mac_sha, kea_dhe_dss},
     {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
@@ -617,25 +617,25 @@ ssl3_CipherSuiteAllowedForVersionRange(
     ssl3CipherSuite cipherSuite,
     const SSLVersionRange *vrange)
 {
     switch (cipherSuite) {
     /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or
      * later. This set of cipher suites is similar to, but different from, the
      * set of cipher suites considered exportable by SSL_IsExportCipherSuite.
      */
-    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-    /*   SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
-     *   SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5:     never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+    /*   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
+     *   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:     never implemented
+     *   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:  never implemented
      */
 	return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
     case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
     case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
     case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
--- a/lib/ssl/sslenum.c
+++ b/lib/ssl/sslenum.c
@@ -71,18 +71,18 @@ const PRUint16 SSL_ImplementedCiphers[] 
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_DSS_WITH_RC4_128_SHA,
 
 #ifndef NSS_DISABLE_ECC
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
@@ -95,44 +95,44 @@ const PRUint16 SSL_ImplementedCiphers[] 
     TLS_RSA_WITH_AES_128_CBC_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_SEED_CBC_SHA,
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_RC4_128_SHA,
-    SSL_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
 
     /* 56-bit DES "domestic" cipher suites */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-    SSL_RSA_WITH_DES_CBC_SHA,
+    TLS_RSA_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 1024-bit public key exchange keys */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 512-bit public key exchange keys */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
 
     /* ciphersuites with no encryption */
 #ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS_ECDHE_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_ECDSA_WITH_NULL_SHA,
 #endif /* NSS_DISABLE_ECC */
-    SSL_RSA_WITH_NULL_SHA,
+    TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_WITH_NULL_SHA256,
-    SSL_RSA_WITH_NULL_MD5,
+    TLS_RSA_WITH_NULL_MD5,
 
     /* SSL2 cipher suites. */
     SSL_EN_RC4_128_WITH_MD5,
     SSL_EN_RC2_128_CBC_WITH_MD5,
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,  /* actually 112, not 192 */
     SSL_EN_DES_64_CBC_WITH_MD5,
     SSL_EN_RC4_128_EXPORT40_WITH_MD5,
     SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
--- a/lib/ssl/sslinfo.c
+++ b/lib/ssl/sslinfo.c
@@ -143,38 +143,38 @@ static const SSLCipherSuiteInfo suiteInf
 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA),          S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256),   S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256),   S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),      S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),      S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA),             S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA),          S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA),    S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
-{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA),         S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
-{0,CS(SSL_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
 
 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA),    S_RSA, K_RSA, C_RC4, B_56,  M_SHA, 0, 1, 0, },
 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA),   S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
 {0,CS(TLS_RSA_WITH_NULL_SHA256),              S_RSA, K_RSA, C_NULL,B_0,   M_SHA256, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
 
 #ifndef NSS_DISABLE_ECC
 /* ECC cipher suites */
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 
 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA),          S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA),       S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, },
--- a/lib/ssl/sslproto.h
+++ b/lib/ssl/sslproto.h
@@ -76,94 +76,128 @@
 #define SSL_EN_RC4_128_WITH_MD5			0xFF01
 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
 #define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
 #define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
 #define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
 
-/* SSL v3 Cipher Suites */
-#define SSL_NULL_WITH_NULL_NULL			0x0000
+/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
+#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+#define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL
+#define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5
+#define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA
+#define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5
+#define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5
+#define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA
+#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+#define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA
+#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA
+#define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA
+#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA
+#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA
+#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5
+#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA
+#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+#define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+#endif
 
-#define SSL_RSA_WITH_NULL_MD5			0x0001
-#define SSL_RSA_WITH_NULL_SHA			0x0002
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
-#define SSL_RSA_WITH_RC4_128_MD5		0x0004
-#define SSL_RSA_WITH_RC4_128_SHA		0x0005
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
-#define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
-#define SSL_RSA_WITH_DES_CBC_SHA		0x0009
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
-						       
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
-#define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
-#define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
-						       
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
-						       
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
-#define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
-#define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
+#define TLS_NULL_WITH_NULL_NULL			0x0000
+
+#define TLS_RSA_WITH_NULL_MD5			0x0001
+#define TLS_RSA_WITH_NULL_SHA			0x0002
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
+#define TLS_RSA_WITH_RC4_128_MD5		0x0004
+#define TLS_RSA_WITH_RC4_128_SHA		0x0005
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
+#define TLS_RSA_WITH_IDEA_CBC_SHA		0x0007
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
+#define TLS_RSA_WITH_DES_CBC_SHA		0x0009
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
+
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
+#define TLS_DH_DSS_WITH_DES_CBC_SHA		0x000c
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
+#define TLS_DH_RSA_WITH_DES_CBC_SHA		0x000f
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
+
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA		0x0012
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA		0x0015
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
+
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017
+#define TLS_DH_anon_WITH_RC4_128_MD5		0x0018
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019
+#define TLS_DH_anon_WITH_DES_CBC_SHA		0x001a
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001b
 
 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
 
-/* New TLS cipher suites */
 #define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
-#define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA  	0x0034
 
 #define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
-#define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA  	0x003A
 #define TLS_RSA_WITH_NULL_SHA256		0x003B
 #define TLS_RSA_WITH_AES_128_CBC_SHA256  	0x003C
 #define TLS_RSA_WITH_AES_256_CBC_SHA256  	0x003D
 
 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
-#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
+#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  	0x0046
 
 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
 
 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
 
 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
-#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
+#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  	0x0089
 
 #define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
 
 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
 
 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.