@@ -45,37 +45,64 @@
     EXP-RC2-CBC-MD5
     EXP-RC4-MD5
 }
 
 set ::EXPECTEDCIPHERS(openssl) {
-    AES128-SHA
-    AES256-SHA
-    DES-CBC-SHA
-    DES-CBC3-SHA
-    DHE-DSS-AES128-SHA
-    DHE-DSS-AES256-SHA
-    DHE-DSS-RC4-SHA
-    DHE-RSA-AES128-SHA
+    ECDHE-RSA-AES256-SHA
+    DHE-PSK-AES256-CCM
+    DHE-PSK-AES128-GCM-SHA256
+    ECDHE-RSA-AES128-SHA256
+    DHE-PSK-AES256-GCM-SHA384
+    AES256-SHA256
+    ECDHE-PSK-CHACHA20-POLY1305
+    ECDHE-ECDSA-AES128-SHA256
+    AES256-CCM
+    ECDHE-RSA-AES128-GCM-SHA256
     DHE-RSA-AES256-SHA
-    EDH-DSS-DES-CBC-SHA
-    EDH-DSS-DES-CBC3-SHA
-    EDH-RSA-DES-CBC-SHA
-    EDH-RSA-DES-CBC3-SHA
-    EXP-DES-CBC-SHA
-    EXP-EDH-DSS-DES-CBC-SHA
-    EXP-EDH-RSA-DES-CBC-SHA
-    EXP-RC2-CBC-MD5
-    EXP-RC4-MD5
-    EXP1024-DES-CBC-SHA
-    EXP1024-DHE-DSS-DES-CBC-SHA
-    EXP1024-DHE-DSS-RC4-SHA
-    EXP1024-RC2-CBC-MD5
-    EXP1024-RC4-MD5
-    EXP1024-RC4-SHA
-    IDEA-CBC-SHA
-    RC4-MD5
-    RC4-SHA
+    ECDHE-ECDSA-AES128-GCM-SHA256
+    PSK-AES128-GCM-SHA256
+    ECDHE-ECDSA-AES256-SHA
+    ECDHE-RSA-AES256-GCM-SHA384
+    ECDHE-PSK-AES256-CBC-SHA
+    ECDHE-ECDSA-AES256-GCM-SHA384
+    AES128-SHA
+    PSK-AES256-GCM-SHA384
+    PSK-AES128-CBC-SHA
+    ECDHE-RSA-AES128-SHA
+    AES128-GCM-SHA256
+    ECDHE-PSK-AES128-CBC-SHA256
+    AES256-GCM-SHA384
+    TLS_AES_128_GCM_SHA256
+    DHE-RSA-AES128-SHA256
+    DHE-PSK-CHACHA20-POLY1305
+    DHE-PSK-AES128-CCM
+    TLS_AES_256_GCM_SHA384
+    DHE-RSA-AES256-CCM
+    DHE-RSA-AES128-GCM-SHA256
+    ECDHE-ECDSA-AES256-CCM
+    PSK-AES256-CCM
+    DHE-RSA-AES256-GCM-SHA384
+    AES128-CCM
+    ECDHE-RSA-CHACHA20-POLY1305
+    DHE-PSK-AES256-CBC-SHA
+    DHE-RSA-AES128-SHA
+    ECDHE-ECDSA-CHACHA20-POLY1305
+    PSK-CHACHA20-POLY1305
+    DHE-PSK-AES128-CBC-SHA256
+    ECDHE-ECDSA-AES128-SHA
+    ECDHE-PSK-AES128-CBC-SHA
+    AES128-SHA256
+    PSK-AES128-CBC-SHA256
+    DHE-RSA-CHACHA20-POLY1305
+    DHE-RSA-AES128-CCM
+    DHE-RSA-AES256-SHA256
+    ECDHE-ECDSA-AES128-CCM
+    PSK-AES128-CCM
+    TLS_CHACHA20_POLY1305_SHA256
+    DHE-PSK-AES128-CBC-SHA
+    AES256-SHA
+    PSK-AES256-CBC-SHA
 }
 
 set ::EXPECTEDCIPHERS(openssl0.9.8) {
     DHE-RSA-AES256-SHA
     DHE-DSS-AES256-SHA
@@ -132,16 +159,13 @@
     # This will fail if you compiled against OpenSSL.
     # Change the constraint setting above.
     listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
 } {}
 
-test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
-    # This will fail if you compiled against RSA bsafe or with a
-    # different set of defines than the default.
-    # Change the constraint setting above.
-    listcompare $::EXPECTEDCIPHERS(openssl$version) [tls::ciphers ssl3]
-} {}
+test ciphers-1.3 {Tls::ciphers for ssl3} -constraints openssl -body {
+    tls::ciphers ssl3
+} -returnCodes 1 -result {protocol not supported}
 
 # This version of the test is correct for OpenSSL only.
 # An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
 
 test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {