libsec: add TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suits
This commit is contained in:
parent
be3ba38c45
commit
9733434e6e
|
@ -253,8 +253,7 @@ enum {
|
||||||
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0X0019,
|
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0X0019,
|
||||||
TLS_DH_anon_WITH_DES_CBC_SHA = 0X001A,
|
TLS_DH_anon_WITH_DES_CBC_SHA = 0X001A,
|
||||||
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0X001B,
|
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0X001B,
|
||||||
|
TLS_RSA_WITH_AES_128_CBC_SHA = 0X002F, // aes, aka rijndael with 128 bit blocks
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA = 0X002f, // aes, aka rijndael with 128 bit blocks
|
|
||||||
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0X0030,
|
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0X0030,
|
||||||
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0X0031,
|
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0X0031,
|
||||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0X0032,
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0X0032,
|
||||||
|
@ -266,15 +265,14 @@ enum {
|
||||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0X0038,
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0X0038,
|
||||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0X0039,
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0X0039,
|
||||||
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0X003A,
|
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0X003A,
|
||||||
|
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0X003C,
|
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0X003C,
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0X003D,
|
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0X003D,
|
||||||
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0XC009,
|
||||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0XC00A,
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0XC013,
|
||||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0XC014,
|
||||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0XC023,
|
||||||
CipherMax
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
|
||||||
};
|
};
|
||||||
|
|
||||||
// compression methods
|
// compression methods
|
||||||
|
@ -284,8 +282,10 @@ enum {
|
||||||
};
|
};
|
||||||
|
|
||||||
static Algs cipherAlgs[] = {
|
static Algs cipherAlgs[] = {
|
||||||
|
{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
|
||||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
|
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
|
||||||
|
{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
||||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
|
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
|
||||||
|
@ -802,8 +802,10 @@ static int
|
||||||
isECDHE(int tlsid)
|
isECDHE(int tlsid)
|
||||||
{
|
{
|
||||||
switch(tlsid){
|
switch(tlsid){
|
||||||
|
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
|
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
|
||||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
|
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
|
||||||
|
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
|
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
|
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -2026,36 +2028,36 @@ tlsConnectionFree(TlsConnection *c)
|
||||||
|
|
||||||
//================= cipher choices ========================
|
//================= cipher choices ========================
|
||||||
|
|
||||||
static int weakCipher[CipherMax] =
|
static int weakCipher[] =
|
||||||
{
|
{
|
||||||
1, /* TLS_NULL_WITH_NULL_NULL */
|
[TLS_NULL_WITH_NULL_NULL] 1,
|
||||||
1, /* TLS_RSA_WITH_NULL_MD5 */
|
[TLS_RSA_WITH_NULL_MD5] 1,
|
||||||
1, /* TLS_RSA_WITH_NULL_SHA */
|
[TLS_RSA_WITH_NULL_SHA] 1,
|
||||||
1, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
|
[TLS_RSA_EXPORT_WITH_RC4_40_MD5] 1,
|
||||||
0, /* TLS_RSA_WITH_RC4_128_MD5 */
|
[TLS_RSA_WITH_RC4_128_MD5] 0,
|
||||||
0, /* TLS_RSA_WITH_RC4_128_SHA */
|
[TLS_RSA_WITH_RC4_128_SHA] 0,
|
||||||
1, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
|
[TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] 1,
|
||||||
0, /* TLS_RSA_WITH_IDEA_CBC_SHA */
|
[TLS_RSA_WITH_IDEA_CBC_SHA] 0,
|
||||||
1, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
|
[TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||||
0, /* TLS_RSA_WITH_DES_CBC_SHA */
|
[TLS_RSA_WITH_DES_CBC_SHA] 0,
|
||||||
0, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
|
[TLS_RSA_WITH_3DES_EDE_CBC_SHA] 0,
|
||||||
1, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
|
[TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||||
0, /* TLS_DH_DSS_WITH_DES_CBC_SHA */
|
[TLS_DH_DSS_WITH_DES_CBC_SHA] 0,
|
||||||
0, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
|
[TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] 0,
|
||||||
1, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
|
[TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||||
0, /* TLS_DH_RSA_WITH_DES_CBC_SHA */
|
[TLS_DH_RSA_WITH_DES_CBC_SHA] 0,
|
||||||
0, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
|
[TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] 0,
|
||||||
1, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
|
[TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||||
0, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
|
[TLS_DHE_DSS_WITH_DES_CBC_SHA] 0,
|
||||||
0, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
|
[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] 0,
|
||||||
1, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
|
[TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||||
0, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
|
[TLS_DHE_RSA_WITH_DES_CBC_SHA] 0,
|
||||||
0, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
|
[TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] 0,
|
||||||
1, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
|
[TLS_DH_anon_EXPORT_WITH_RC4_40_MD5] 1,
|
||||||
1, /* TLS_DH_anon_WITH_RC4_128_MD5 */
|
[TLS_DH_anon_WITH_RC4_128_MD5] 1,
|
||||||
1, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
|
[TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||||
1, /* TLS_DH_anon_WITH_DES_CBC_SHA */
|
[TLS_DH_anon_WITH_DES_CBC_SHA] 1,
|
||||||
1, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
|
[TLS_DH_anon_WITH_3DES_EDE_CBC_SHA] 1,
|
||||||
};
|
};
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -2085,7 +2087,7 @@ okCipher(Ints *cv)
|
||||||
weak = 1;
|
weak = 1;
|
||||||
for(i = 0; i < cv->len; i++) {
|
for(i = 0; i < cv->len; i++) {
|
||||||
c = cv->data[i];
|
c = cv->data[i];
|
||||||
if(c >= CipherMax)
|
if(c >= nelem(weakCipher))
|
||||||
weak = 0;
|
weak = 0;
|
||||||
else
|
else
|
||||||
weak &= weakCipher[c];
|
weak &= weakCipher[c];
|
||||||
|
|
Loading…
Reference in a new issue