diff options
| author | tb <> | 2022-02-05 18:18:18 +0000 |
|---|---|---|
| committer | tb <> | 2022-02-05 18:18:18 +0000 |
| commit | e5500000382c402276da7446a43a82d0153d2f1d (patch) | |
| tree | 26b86cb618fa624cd2a6c747425dd6207aa32c42 /src/lib/libssl/ssl_ciphers.c | |
| parent | 47e61a82f45737b7e9b4494d8a64d4a2f108e9de (diff) | |
| download | openbsd-e5500000382c402276da7446a43a82d0153d2f1d.tar.gz openbsd-e5500000382c402276da7446a43a82d0153d2f1d.tar.bz2 openbsd-e5500000382c402276da7446a43a82d0153d2f1d.zip | |
Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
exposed in several APIs and some language bindings test for these
non-standard names instead of cipher values, which is ... unfortunate
(others would say "plain crazy").
We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
openssl-ruby-tests - which means that Ruby will pick this up at some point)
to work around this difference and that's just not worth the effort.
The old AEAD- names will become aliases and continue to work, but in
openssl ciphers and netcat output the TLS_* names will now be displayed.
"I would be very happy if this gets committed" bluhm
ok beck inoguchi, begrudgingly ok jsing
Diffstat (limited to 'src/lib/libssl/ssl_ciphers.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciphers.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c index 7ac40126ed..3174ae9c26 100644 --- a/src/lib/libssl/ssl_ciphers.c +++ b/src/lib/libssl/ssl_ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciphers.c,v 1.12 2022/02/05 14:54:10 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciphers.c,v 1.13 2022/02/05 18:18:18 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> | 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> |
| 4 | * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> |
| @@ -168,28 +168,28 @@ struct ssl_tls13_ciphersuite { | |||
| 168 | 168 | ||
| 169 | static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = { | 169 | static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = { |
| 170 | { | 170 | { |
| 171 | .name = TLS1_3_TXT_AES_128_GCM_SHA256, | 171 | .name = TLS1_3_RFC_AES_128_GCM_SHA256, |
| 172 | .alias = "TLS_AES_128_GCM_SHA256", | 172 | .alias = TLS1_3_TXT_AES_128_GCM_SHA256, |
| 173 | .cid = TLS1_3_CK_AES_128_GCM_SHA256, | 173 | .cid = TLS1_3_CK_AES_128_GCM_SHA256, |
| 174 | }, | 174 | }, |
| 175 | { | 175 | { |
| 176 | .name = TLS1_3_TXT_AES_256_GCM_SHA384, | 176 | .name = TLS1_3_RFC_AES_256_GCM_SHA384, |
| 177 | .alias = "TLS_AES_256_GCM_SHA384", | 177 | .alias = TLS1_3_TXT_AES_256_GCM_SHA384, |
| 178 | .cid = TLS1_3_CK_AES_256_GCM_SHA384, | 178 | .cid = TLS1_3_CK_AES_256_GCM_SHA384, |
| 179 | }, | 179 | }, |
| 180 | { | 180 | { |
| 181 | .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, | 181 | .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, |
| 182 | .alias = "TLS_CHACHA20_POLY1305_SHA256", | 182 | .alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, |
| 183 | .cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256, | 183 | .cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256, |
| 184 | }, | 184 | }, |
| 185 | { | 185 | { |
| 186 | .name = TLS1_3_TXT_AES_128_CCM_SHA256, | 186 | .name = TLS1_3_RFC_AES_128_CCM_SHA256, |
| 187 | .alias = "TLS_AES_128_CCM_SHA256", | 187 | .alias = TLS1_3_TXT_AES_128_CCM_SHA256, |
| 188 | .cid = TLS1_3_CK_AES_128_CCM_SHA256, | 188 | .cid = TLS1_3_CK_AES_128_CCM_SHA256, |
| 189 | }, | 189 | }, |
| 190 | { | 190 | { |
| 191 | .name = TLS1_3_TXT_AES_128_CCM_8_SHA256, | 191 | .name = TLS1_3_RFC_AES_128_CCM_8_SHA256, |
| 192 | .alias = "TLS_AES_128_CCM_8_SHA256", | 192 | .alias = TLS1_3_TXT_AES_128_CCM_8_SHA256, |
| 193 | .cid = TLS1_3_CK_AES_128_CCM_8_SHA256, | 193 | .cid = TLS1_3_CK_AES_128_CCM_8_SHA256, |
| 194 | }, | 194 | }, |
| 195 | { | 195 | { |