diff options
author | Adam Langley <agl@google.com> | 2015-06-15 13:52:15 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2015-06-15 15:50:04 -0700 |
commit | dfb3ba68fd0011cba7d8e4c1a46295099fef85bf (patch) | |
tree | 179de31d373d518d1e129eca1d63a2974c999fe7 /src/include | |
parent | 4bae3aba0494da7c4e3c1b28ff978eb38e6323e6 (diff) | |
download | external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.zip external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.tar.gz external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.tar.bz2 |
Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
If we're going to have PSK and use standard cipher suites, this might be
the best that we can do for the moment.
(This is a cherry-pick of BoringSSL's 85bc5601.)
(cherry picked from commit 0e6bb1c72014c26289d09f4deea9c25706be5824)
Bug: 21522548
Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/openssl/tls1.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 999a5ca..f2bee27 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -361,6 +361,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +/* PSK ciphersuites from RFC 5489 */ +#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + /* Additional TLS ciphersuites from expired Internet Draft * draft-ietf-tls-56-bit-ciphersuites-01.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see @@ -580,6 +584,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" +/* PSK ciphersuites from RFC 5489 */ +#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + /* SRP ciphersuite from RFC 5054 */ #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" |