diff options
author | Adam Langley <agl@google.com> | 2015-06-15 13:52:15 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2015-06-15 22:47:39 +0000 |
commit | 0e6bb1c72014c26289d09f4deea9c25706be5824 (patch) | |
tree | 628396a74d34d7b719b81d76410e7801111b6d40 /src/ssl/ssl_cipher.c | |
parent | a4be71cee108bfed76ddb37552b7e48945d91b49 (diff) | |
download | external_boringssl-0e6bb1c72014c26289d09f4deea9c25706be5824.zip external_boringssl-0e6bb1c72014c26289d09f4deea9c25706be5824.tar.gz external_boringssl-0e6bb1c72014c26289d09f4deea9c25706be5824.tar.bz2 |
Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
If we're going to have PSK and use standard cipher suites, this might be
the best that we can do for the moment.
(This is a cherry-pick of BoringSSL's 85bc5601.)
Bug: 21522548
Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
Diffstat (limited to 'src/ssl/ssl_cipher.c')
-rw-r--r-- | src/ssl/ssl_cipher.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c index 2f1548a..8d03c9e 100644 --- a/src/ssl/ssl_cipher.c +++ b/src/ssl/ssl_cipher.c @@ -240,6 +240,8 @@ const SSL_CIPHER kCiphers[] = { SSL_HANDSHAKE_MAC_SHA256, 256, 256, }, + /* PSK cipher suites. */ + /* Cipher 8A */ { TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, @@ -261,7 +263,6 @@ const SSL_CIPHER kCiphers[] = { SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, }, - /* GCM ciphersuites from RFC5288 */ /* Cipher 9C */ @@ -429,6 +430,26 @@ const SSL_CIPHER kCiphers[] = { 256, 256, }, + /* ECDHE-PSK cipher suites. */ + + /* Cipher C035 */ + { + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher C036 */ + { + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, + }, + + /* ChaCha20-Poly1305 cipher suites. */ + #if !defined(ANDROID) { TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, |