nss: allow to specify TLS 1.3 ciphers if supported by NSS

author Hubert Kario <hkario@redhat.com>

Fri, 17 May 2019 17:15:24 +0000 (17:15 +0000)

committer Kamil Dudka <kdudka@redhat.com>

Mon, 27 May 2019 07:04:09 +0000 (09:04 +0200)
author Hubert Kario <hkario@redhat.com>
Fri, 17 May 2019 17:15:24 +0000 (17:15 +0000)
committer Kamil Dudka <kdudka@redhat.com>
Mon, 27 May 2019 07:04:09 +0000 (09:04 +0200)
diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md

index 0b7ccebf98610bdf9bcae3406f50e1e5482ea6d2..5c0fffea9d4fbe993b2521bd820ed62c15281114 100644 (file)
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -269,6 +269,12 @@ When specifying multiple cipher names, separate them with colon (`:`).
  `ecdhe_ecdsa_chacha20_poly1305_sha_256`
  `dhe_rsa_chacha20_poly1305_sha_256`
  
+### TLS 1.3 cipher suites
+
+`aes_128_gcm_sha_256`
+`aes_256_gcm_sha_384`
+`chacha20_poly1305_sha_256`
+
  ## GSKit
  
  Ciphers are internally defined as
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c

index 491def106d13debda34a8cc090dd555187e62cd3..3125f0b7098e553ec1d5741761c0c4f3e19f4abe 100644 (file)
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -216,6 +216,11 @@ static const cipher_s cipherlist[] = {
   {"dhe_rsa_chacha20_poly1305_sha_256",
       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
  #endif
+#ifdef TLS_AES_256_GCM_SHA384
+ {"aes_128_gcm_sha_256",              TLS_AES_128_GCM_SHA256},
+ {"aes_256_gcm_sha_384",              TLS_AES_256_GCM_SHA384},
+ {"chacha20_poly1305_sha_256",        TLS_CHACHA20_POLY1305_SHA256},
+#endif
  };
  
  #ifdef WIN32
author	Hubert Kario <hkario@redhat.com>
	Fri, 17 May 2019 17:15:24 +0000 (17:15 +0000)
committer	Kamil Dudka <kdudka@redhat.com>
	Mon, 27 May 2019 07:04:09 +0000 (09:04 +0200)
docs/CIPHERS.md		patch \| blob \| history
lib/vtls/nss.c		patch \| blob \| history