aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--networking/tls.c37
1 files changed, 30 insertions, 7 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 9833a0adb..e64e84fcd 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -50,17 +50,39 @@
50// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-GCM-SHA256 50// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-GCM-SHA256
51// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA 51// ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA
52// (TLS_RSA_WITH_AES_128_CBC_SHA - in TLS 1.2 it's mandated to be always supported) 52// (TLS_RSA_WITH_AES_128_CBC_SHA - in TLS 1.2 it's mandated to be always supported)
53#define CIPHER_ID1 TLS_RSA_WITH_AES_256_CBC_SHA256 // no SERVER_KEY_EXCHANGE from peer 53#define CIPHER_ID1 TLS_RSA_WITH_AES_256_CBC_SHA256 //0x003D
54// Works with "wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.5.tar.xz" 54// Works with "wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.5.tar.xz"
55#define CIPHER_ID2 TLS_RSA_WITH_AES_128_CBC_SHA 55#define CIPHER_ID2 TLS_RSA_WITH_AES_128_CBC_SHA //0x003C
56 56
57// bug #11456: 57// bug #11456:
58// ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305 58// ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305
59#define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 59#define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 //0xC02F
60// host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009) 60// host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009)
61#define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 61#define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA //0xC009
62 62
63#define NUM_CIPHERS 4 63#define NUM_CIPHERS 4
64//TODO: we can support all these:
65// TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
66// TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
67// TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
68// TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
69// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
70// TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
71// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
72// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
73// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
74////TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 - can't do SHA384 yet
75// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
76////TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 - can't do SHA384 yet
77// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
78// TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
79// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
80// TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
81//possibly these too:
82// TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
83// TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
84// TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
85////TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 - can't do SHA384 yet
64 86
65 87
66#define TLS_DEBUG 0 88#define TLS_DEBUG 0
@@ -142,6 +164,10 @@
142#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x0090 /* 144 */ 164#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x0090 /* 144 */
143#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x0091 /* 145 */ 165#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x0091 /* 145 */
144#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 /* 150 */ 166#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 /* 150 */
167#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD */
168#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD */
169#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E /*TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD */
170#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F /*TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD */
145#define TLS_PSK_WITH_AES_128_CBC_SHA256 0x00AE /* 174 */ 171#define TLS_PSK_WITH_AES_128_CBC_SHA256 0x00AE /* 174 */
146#define TLS_PSK_WITH_AES_256_CBC_SHA384 0x00AF /* 175 */ 172#define TLS_PSK_WITH_AES_256_CBC_SHA384 0x00AF /* 175 */
147#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /* 49156 */ 173#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /* 49156 */
@@ -161,10 +187,7 @@
161#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /*TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 */ 187#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /*TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 */
162#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /* 49193 */ 188#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /* 49193 */
163#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /* 49194 */ 189#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /* 49194 */
164
165/* RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites for TLS" */ 190/* RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites for TLS" */
166#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD */
167#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D /*TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD */
168#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD */ 191#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD */
169#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD */ 192#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD */
170#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /* 49197 */ 193#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /* 49197 */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-22 10:12:15 +0000