summaryrefslogtreecommitdiffstats
path: root/src/include
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-15 13:52:15 -0700
committerKenny Root <kroot@google.com>2015-06-15 15:50:04 -0700
commitdfb3ba68fd0011cba7d8e4c1a46295099fef85bf (patch)
tree179de31d373d518d1e129eca1d63a2974c999fe7 /src/include
parent4bae3aba0494da7c4e3c1b28ff978eb38e6323e6 (diff)
downloadexternal_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.zip
external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.tar.gz
external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.tar.bz2
Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
If we're going to have PSK and use standard cipher suites, this might be the best that we can do for the moment. (This is a cherry-pick of BoringSSL's 85bc5601.) (cherry picked from commit 0e6bb1c72014c26289d09f4deea9c25706be5824) Bug: 21522548 Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
Diffstat (limited to 'src/include')
-rw-r--r--src/include/openssl/tls1.h8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h
index 999a5ca..f2bee27 100644
--- a/src/include/openssl/tls1.h
+++ b/src/include/openssl/tls1.h
@@ -361,6 +361,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
+/* PSK ciphersuites from RFC 5489 */
+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
+
/* Additional TLS ciphersuites from expired Internet Draft
* draft-ietf-tls-56-bit-ciphersuites-01.txt
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -580,6 +584,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
+/* PSK ciphersuites from RFC 5489 */
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
+
/* SRP ciphersuite from RFC 5054 */
#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"