From: Hubert Kario <hkario@redhat.com>
Date: Fri, 17 May 2019 17:15:24 +0000 (+0000)
Subject: nss: allow to specify TLS 1.3 ciphers if supported by NSS
X-Git-Tag: curl-7_65_1~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=319ae9075efba769c9d5e98e827bb325ad0fcb6f;p=curl

nss: allow to specify TLS 1.3 ciphers if supported by NSS

Closes #3916
---

diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 0b7ccebf9..5c0fffea9 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -269,6 +269,12 @@ When specifying multiple cipher names, separate them with colon (`:`).
 `ecdhe_ecdsa_chacha20_poly1305_sha_256`
 `dhe_rsa_chacha20_poly1305_sha_256`
 
+### TLS 1.3 cipher suites
+
+`aes_128_gcm_sha_256`
+`aes_256_gcm_sha_384`
+`chacha20_poly1305_sha_256`
+
 ## GSKit
 
 Ciphers are internally defined as
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 491def106..3125f0b70 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -216,6 +216,11 @@ static const cipher_s cipherlist[] = {
  {"dhe_rsa_chacha20_poly1305_sha_256",
      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
 #endif
+#ifdef TLS_AES_256_GCM_SHA384
+ {"aes_128_gcm_sha_256",              TLS_AES_128_GCM_SHA256},
+ {"aes_256_gcm_sha_384",              TLS_AES_256_GCM_SHA384},
+ {"chacha20_poly1305_sha_256",        TLS_CHACHA20_POLY1305_SHA256},
+#endif
 };
 
 #ifdef WIN32