From a070e0505bdc6059effdb77dba24c64f75957604 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 13 May 2015 13:49:45 -0700 Subject: external/boringssl: disable ChaCha20-Poly1305 cipher suites. These cipher suites aren't IETF defined (and the IETF will define them slightly differently when it finally does assign real code points to them.) Since an Android system release endures for many years, this change removes support for them so that we don't have to worry about this temporary design for years to come. Bug: 20950559 Change-Id: I97bc7f72b44cf908e8ce74d4b1ab0b3c2970ec3c --- src/ssl/s3_lib.c | 2 ++ src/ssl/ssl_cipher.c | 2 ++ 2 files changed, 4 insertions(+) (limited to 'src') diff --git a/src/ssl/s3_lib.c b/src/ssl/s3_lib.c index 674277f..13a4a19 100644 --- a/src/ssl/s3_lib.c +++ b/src/ssl/s3_lib.c @@ -452,6 +452,7 @@ const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#if !defined(ANDROID) { TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, @@ -475,6 +476,7 @@ const SSL_CIPHER ssl3_ciphers[] = { SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, 256, 0, }, +#endif }; const SSL3_ENC_METHOD SSLv3_enc_data = { diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c index 2cafeb9..a9c8536 100644 --- a/src/ssl/ssl_cipher.c +++ b/src/ssl/ssl_cipher.c @@ -278,10 +278,12 @@ int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, *out_fixed_iv_len = 4; return 1; +#if !defined(ANDROID) case SSL_CHACHA20POLY1305: *out_aead = EVP_aead_chacha20_poly1305(); *out_fixed_iv_len = 0; return 1; +#endif case SSL_RC4: switch (cipher->algorithm_mac) { -- cgit v1.1