| From cf389e16d8dc49e97c0b13ea3a1c373c6f6f94bd Mon Sep 17 00:00:00 2001 |
| From: Adam Langley <agl@chromium.org> |
| Date: Wed, 4 Jun 2014 10:59:32 -0700 |
| Subject: ECDHE-PSK_AES-CBC-SHA_cipher_suites |
| |
| Add ECDHE-PSK AES-CBC-SHA cipher suites from RFC 5489. |
| Remove ECDHE-PSK AES-CBC-SHA2 cipher suites from RFC 5489 because |
| they cannot be used with SSLv3 and there's no way to express that in |
| OpenSSL's configuration. |
| --- |
| ssl/s3_lib.c | 25 ++++++++++++------------- |
| ssl/tls1.h | 14 ++++++++------ |
| 2 files changed, 20 insertions(+), 19 deletions(-) |
| |
| diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c |
| index f84da7f..e016fc8 100644 |
| --- a/ssl/s3_lib.c |
| +++ b/ssl/s3_lib.c |
| @@ -2828,35 +2828,34 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| |
| #ifndef OPENSSL_NO_PSK |
| /* ECDH PSK ciphersuites from RFC 5489 */ |
| - |
| - /* Cipher C037 */ |
| + /* Cipher C035 */ |
| { |
| 1, |
| - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, |
| - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, |
| + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, |
| + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, |
| SSL_kEECDH, |
| SSL_aPSK, |
| SSL_AES128, |
| - SSL_SHA256, |
| + SSL_SHA1, |
| SSL_TLSV1, |
| - SSL_NOT_EXP|SSL_HIGH, |
| - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256, |
| + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 128, |
| 128, |
| }, |
| |
| - /* Cipher C038 */ |
| + /* Cipher C036 */ |
| { |
| 1, |
| - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, |
| - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, |
| + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, |
| + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, |
| SSL_kEECDH, |
| SSL_aPSK, |
| SSL_AES256, |
| - SSL_SHA384, |
| + SSL_SHA1, |
| SSL_TLSV1, |
| - SSL_NOT_EXP|SSL_HIGH, |
| - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384, |
| + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, |
| + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, |
| 256, |
| 256, |
| }, |
| diff --git a/ssl/tls1.h b/ssl/tls1.h |
| index ec8948d..51d073d 100644 |
| --- a/ssl/tls1.h |
| +++ b/ssl/tls1.h |
| @@ -531,9 +531,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) |
| #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 |
| #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 |
| |
| -/* ECDHE PSK ciphersuites from RFC 5489 */ |
| -#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 |
| -#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 |
| +/* ECDHE PSK ciphersuites from RFC5489 |
| + * SHA-2 cipher suites are omitted because they cannot be used safely with |
| + * SSLv3. */ |
| +#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 |
| +#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 |
| |
| /* XXX |
| * Inconsistency alert: |
| @@ -686,9 +688,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) |
| #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" |
| #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" |
| |
| -/* ECDHE PSK ciphersuites from RFC 5489 */ |
| -#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-WITH-AES-128-CBC-SHA256" |
| -#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-WITH-AES-256-CBC-SHA384" |
| +/* ECDHE PSK ciphersuites from RFC5489 */ |
| +#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" |
| +#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" |
| |
| #define TLS_CT_RSA_SIGN 1 |
| #define TLS_CT_DSS_SIGN 2 |
| -- |
| 2.0.0.526.g5318336 |