tls: add a comment on expanding list of supported ciphers
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
a6192f347f
commit
330d7f53f7
@ -50,17 +50,39 @@
|
|||||||
// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-GCM-SHA256
|
// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-GCM-SHA256
|
||||||
// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA
|
// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA
|
||||||
// (TLS_RSA_WITH_AES_128_CBC_SHA - in TLS 1.2 it's mandated to be always supported)
|
// (TLS_RSA_WITH_AES_128_CBC_SHA - in TLS 1.2 it's mandated to be always supported)
|
||||||
#define CIPHER_ID1 TLS_RSA_WITH_AES_256_CBC_SHA256 // no SERVER_KEY_EXCHANGE from peer
|
#define CIPHER_ID1 TLS_RSA_WITH_AES_256_CBC_SHA256 //0x003D
|
||||||
// Works with "wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.5.tar.xz"
|
// Works with "wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.5.tar.xz"
|
||||||
#define CIPHER_ID2 TLS_RSA_WITH_AES_128_CBC_SHA
|
#define CIPHER_ID2 TLS_RSA_WITH_AES_128_CBC_SHA //0x003C
|
||||||
|
|
||||||
// bug #11456:
|
// bug #11456:
|
||||||
// ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305
|
// ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305
|
||||||
#define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
#define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 //0xC02F
|
||||||
// host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009)
|
// host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009)
|
||||||
#define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
#define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA //0xC009
|
||||||
|
|
||||||
#define NUM_CIPHERS 4
|
#define NUM_CIPHERS 4
|
||||||
|
//TODO: we can support all these:
|
||||||
|
// TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
|
||||||
|
// TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
|
||||||
|
// TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
|
||||||
|
// TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
|
||||||
|
// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
|
||||||
|
// TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
|
||||||
|
// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
|
||||||
|
// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
|
||||||
|
// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
|
||||||
|
////TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 - can't do SHA384 yet
|
||||||
|
// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
|
||||||
|
////TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 - can't do SHA384 yet
|
||||||
|
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
|
||||||
|
// TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
|
||||||
|
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
||||||
|
// TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
|
||||||
|
//possibly these too:
|
||||||
|
// TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
|
||||||
|
// TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
|
||||||
|
// TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
|
||||||
|
////TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 - can't do SHA384 yet
|
||||||
|
|
||||||
|
|
||||||
#define TLS_DEBUG 0
|
#define TLS_DEBUG 0
|
||||||
@ -142,6 +164,10 @@
|
|||||||
#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x0090 /* 144 */
|
#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x0090 /* 144 */
|
||||||
#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x0091 /* 145 */
|
#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x0091 /* 145 */
|
||||||
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 /* 150 */
|
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 /* 150 */
|
||||||
|
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD */
|
||||||
|
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD */
|
||||||
|
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E /*TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD */
|
||||||
|
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F /*TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD */
|
||||||
#define TLS_PSK_WITH_AES_128_CBC_SHA256 0x00AE /* 174 */
|
#define TLS_PSK_WITH_AES_128_CBC_SHA256 0x00AE /* 174 */
|
||||||
#define TLS_PSK_WITH_AES_256_CBC_SHA384 0x00AF /* 175 */
|
#define TLS_PSK_WITH_AES_256_CBC_SHA384 0x00AF /* 175 */
|
||||||
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /* 49156 */
|
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /* 49156 */
|
||||||
@ -161,10 +187,7 @@
|
|||||||
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /*TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 */
|
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /*TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 */
|
||||||
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /* 49193 */
|
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /* 49193 */
|
||||||
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /* 49194 */
|
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /* 49194 */
|
||||||
|
|
||||||
/* RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites for TLS" */
|
/* RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites for TLS" */
|
||||||
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD */
|
|
||||||
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD */
|
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD */
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD */
|
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD */
|
||||||
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /* 49197 */
|
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /* 49197 */
|
||||||
|
Loading…
Reference in New Issue
Block a user