From eed40eb690d68573a09d249fca3c32cc16cc2fc9 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 15 Dec 2015 11:54:03 -0800
Subject: [PATCH 1/2] add aes256 key derivation to ssl3

---
 src/keys.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/keys.c b/src/keys.c
index 3c1ccea5c..124f70ade 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1802,7 +1802,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
 enum KeyStuff {
     MASTER_ROUNDS = 3,
     PREFIX        = 3,     /* up to three letters for master prefix */
-    KEY_PREFIX    = 7      /* up to 7 prefix letters for key rounds */
+    KEY_PREFIX    = 9      /* up to 9 prefix letters for key rounds */
 
 
 };
@@ -1833,6 +1833,12 @@ static int SetPrefix(byte* sha_input, int idx)
     case 6:
         XMEMCPY(sha_input, "GGGGGGG", 7);
         break;
+    case 7:
+        XMEMCPY(sha_input, "HHHHHHHH", 8);
+        break;
+    case 8:
+        XMEMCPY(sha_input, "IIIIIIIII", 9);
+        break;
     default:
         WOLFSSL_MSG("Set Prefix error, bad input");
         return 0; 

From e503b89ca1a5d3644f073b5b0fe6b4c1ea165284 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 17 Dec 2015 12:10:22 -0800
Subject: [PATCH 2/2] allow sniffer build with -v 0 examples to work

---
 examples/client/client.c | 2 +-
 examples/server/server.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 0dda6a076..f1be58e94 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -890,7 +890,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #if defined(WOLFSSL_SNIFFER)
     if (cipherList == NULL) {
         /* don't use EDH, can't sniff tmp keys */
-        if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
+        if (wolfSSL_CTX_set_cipher_list(ctx, "AES128-SHA") != SSL_SUCCESS) {
             err_sys("client can't set cipher list 3");
         }
     }
diff --git a/examples/server/server.c b/examples/server/server.c
index a488c8901..f96b04b7c 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -675,7 +675,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #if defined(CYASSL_SNIFFER)
     /* don't use EDH, can't sniff tmp keys */
     if (cipherList == NULL) {
-        if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)
+        if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != SSL_SUCCESS)
             err_sys("server can't set cipher list 3");
     }
 #endif