+/*!
+ * @enum tls_protocol_version_t enumeration
+ * @abstract Enumerations for the set of supported TLS and DTLS protocol versions.
+ *
+ * @constant tls_protocol_version_TLSv10 TLS 1.0 [https://tools.ietf.org/html/rfc4346]
+ * @constant tls_protocol_version_TLSv11 TLS 1.1 [https://tools.ietf.org/html/rfc2246]
+ * @constant tls_protocol_version_TLSv12 TLS 1.2 [https://tools.ietf.org/html/rfc5246]
+ * @constant tls_protocol_version_TLSv13 TLS 1.3 [https://tools.ietf.org/html/rfc8446]
+ * @constant tls_protocol_version_DTLSv10 DTLS 1.0 [https://tools.ietf.org/html/rfc4347]
+ * @constant tls_protocol_version_DTLSv12 DTLS 1.2 [https://tools.ietf.org/html/rfc6347]
+ */
+typedef CF_ENUM(uint16_t, tls_protocol_version_t) {
+ tls_protocol_version_TLSv10 CF_SWIFT_NAME(TLSv10) = 0x0301,
+ tls_protocol_version_TLSv11 CF_SWIFT_NAME(TLSv11) = 0x0302,
+ tls_protocol_version_TLSv12 CF_SWIFT_NAME(TLSv12) = 0x0303,
+ tls_protocol_version_TLSv13 CF_SWIFT_NAME(TLSv13) = 0x0304,
+ tls_protocol_version_DTLSv10 CF_SWIFT_NAME(DTLSv10) = 0xfeff,
+ tls_protocol_version_DTLSv12 CF_SWIFT_NAME(DTLSv12) = 0xfefd,
+};
+
+/*!
+ * @enum tls_ciphersuite_t enumeration
+ * @abstract Enumerations for the set of supported TLS and DTLS ciphersuites.
+ *
+ * See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+ * for ciphersuite codepoint allocations and reference RFCs.
+ *
+ * @constant tls_ciphersuite_RSA_WITH_3DES_EDE_CBC_SHA
+ * @constant tls_ciphersuite_RSA_WITH_AES_128_CBC_SHA
+ * @constant tls_ciphersuite_RSA_WITH_AES_256_CBC_SHA
+ * @constant tls_ciphersuite_RSA_WITH_AES_128_GCM_SHA256
+ * @constant tls_ciphersuite_RSA_WITH_AES_256_GCM_SHA384
+ * @constant tls_ciphersuite_RSA_WITH_AES_128_CBC_SHA256
+ * @constant tls_ciphersuite_RSA_WITH_AES_256_CBC_SHA256
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ * @constant tls_ciphersuite_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ * @constant tls_ciphersuite_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+ * @constant tls_ciphersuite_AES_128_GCM_SHA256
+ * @constant tls_ciphersuite_AES_256_GCM_SHA384
+ * @constant tls_ciphersuite_CHACHA20_POLY1305_SHA256
+ */
+typedef CF_ENUM(uint16_t, tls_ciphersuite_t) {
+ tls_ciphersuite_RSA_WITH_3DES_EDE_CBC_SHA CF_SWIFT_NAME(RSA_WITH_3DES_EDE_CBC_SHA) = 0x000A,
+ tls_ciphersuite_RSA_WITH_AES_128_CBC_SHA CF_SWIFT_NAME(RSA_WITH_AES_128_CBC_SHA) = 0x002F,
+ tls_ciphersuite_RSA_WITH_AES_256_CBC_SHA CF_SWIFT_NAME(RSA_WITH_AES_256_CBC_SHA) = 0x0035,
+ tls_ciphersuite_RSA_WITH_AES_128_GCM_SHA256 CF_SWIFT_NAME(RSA_WITH_AES_128_GCM_SHA256) = 0x009C,
+ tls_ciphersuite_RSA_WITH_AES_256_GCM_SHA384 CF_SWIFT_NAME(RSA_WITH_AES_256_GCM_SHA384) = 0x009D,
+ tls_ciphersuite_RSA_WITH_AES_128_CBC_SHA256 CF_SWIFT_NAME(RSA_WITH_AES_128_CBC_SHA256) = 0x003C,
+ tls_ciphersuite_RSA_WITH_AES_256_CBC_SHA256 CF_SWIFT_NAME(RSA_WITH_AES_256_CBC_SHA256) = 0x003D,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA CF_SWIFT_NAME(ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA) = 0xC008,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_AES_128_CBC_SHA CF_SWIFT_NAME(ECDHE_ECDSA_WITH_AES_128_CBC_SHA) = 0xC009,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CF_SWIFT_NAME(ECDHE_ECDSA_WITH_AES_256_CBC_SHA) = 0xC00A,
+ tls_ciphersuite_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA CF_SWIFT_NAME(ECDHE_RSA_WITH_3DES_EDE_CBC_SHA) = 0xC012,
+ tls_ciphersuite_ECDHE_RSA_WITH_AES_128_CBC_SHA CF_SWIFT_NAME(ECDHE_RSA_WITH_AES_128_CBC_SHA) = 0xC013,
+ tls_ciphersuite_ECDHE_RSA_WITH_AES_256_CBC_SHA CF_SWIFT_NAME(ECDHE_RSA_WITH_AES_256_CBC_SHA) = 0xC014,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 CF_SWIFT_NAME(ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) = 0xC023,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 CF_SWIFT_NAME(ECDHE_ECDSA_WITH_AES_256_CBC_SHA384) = 0xC024,
+ tls_ciphersuite_ECDHE_RSA_WITH_AES_128_CBC_SHA256 CF_SWIFT_NAME(ECDHE_RSA_WITH_AES_128_CBC_SHA256) = 0xC027,
+ tls_ciphersuite_ECDHE_RSA_WITH_AES_256_CBC_SHA384 CF_SWIFT_NAME(ECDHE_RSA_WITH_AES_256_CBC_SHA384) = 0xC028,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CF_SWIFT_NAME(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) = 0xC02B,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 CF_SWIFT_NAME(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) = 0xC02C,
+ tls_ciphersuite_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CF_SWIFT_NAME(ECDHE_RSA_WITH_AES_128_GCM_SHA256) = 0xC02F,
+ tls_ciphersuite_ECDHE_RSA_WITH_AES_256_GCM_SHA384 CF_SWIFT_NAME(ECDHE_RSA_WITH_AES_256_GCM_SHA384) = 0xC030,
+ tls_ciphersuite_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 CF_SWIFT_NAME(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) = 0xCCA8,
+ tls_ciphersuite_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 CF_SWIFT_NAME(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) = 0xCCA9,
+ tls_ciphersuite_AES_128_GCM_SHA256 CF_SWIFT_NAME(AES_128_GCM_SHA256) = 0x1301,
+ tls_ciphersuite_AES_256_GCM_SHA384 CF_SWIFT_NAME(AES_256_GCM_SHA384) = 0x1302,
+ tls_ciphersuite_CHACHA20_POLY1305_SHA256 CF_SWIFT_NAME(CHACHA20_POLY1305_SHA256) = 0x1303,
+};
+
+/*!
+ * @enum tls_ciphersuite_group_t enumeration
+ * @abstract Convenience ciphersuite groups that collate ciphersuites of comparable security
+ * properties into a single alias.
+ *
+ * @constant tls_ciphersuite_group_default
+ * @constant tls_ciphersuite_group_compatibility
+ * @constant tls_ciphersuite_group_legacy
+ * @constant tls_ciphersuite_group_ats
+ * @constant tls_ciphersuite_group_ats_compatibility
+ */
+typedef CF_ENUM(uint16_t, tls_ciphersuite_group_t) {
+ tls_ciphersuite_group_default,
+ tls_ciphersuite_group_compatibility,
+ tls_ciphersuite_group_legacy,
+ tls_ciphersuite_group_ats,
+ tls_ciphersuite_group_ats_compatibility,
+};
+
+/*!
+ * @enum SSLProtocol enumeration
+ * @abstract Enumerations for the set of supported TLS and DTLS protocol versions.
+ *
+ * @note This enumeration is deprecated. Use `tls_protocol_version_t` instead.
+ */
+typedef CF_ENUM(int, SSLProtocol) {
+ kSSLProtocolUnknown CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 0,
+ kTLSProtocol1 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 4,
+ kTLSProtocol11 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 7,
+ kTLSProtocol12 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 8,
+ kDTLSProtocol1 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 9,
+ kTLSProtocol13 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 10,
+ kDTLSProtocol12 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 11,
+ kTLSProtocolMaxSupported CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 999,
+ kSSLProtocol2 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 1,
+ kSSLProtocol3 CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 2,
+ kSSLProtocol3Only CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 3,
+ kTLSProtocol1Only CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 5,
+ kSSLProtocolAll CF_ENUM_DEPRECATED(10_2, 10_15, 5_0, 13_0) = 6,
+};
+
+__BEGIN_DECLS
+