diff options
| author | tb <> | 2022-02-05 18:18:18 +0000 |
|---|---|---|
| committer | tb <> | 2022-02-05 18:18:18 +0000 |
| commit | 853bb6e844ee6365e958fc2e64686a6fdd24459c (patch) | |
| tree | 26b86cb618fa624cd2a6c747425dd6207aa32c42 /src/lib/libssl/tls1.h | |
| parent | c7cd75e51d33708442e984b9b2e0ef9c09472ae7 (diff) | |
| download | openbsd-853bb6e844ee6365e958fc2e64686a6fdd24459c.tar.gz openbsd-853bb6e844ee6365e958fc2e64686a6fdd24459c.tar.bz2 openbsd-853bb6e844ee6365e958fc2e64686a6fdd24459c.zip | |
Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
exposed in several APIs and some language bindings test for these
non-standard names instead of cipher values, which is ... unfortunate
(others would say "plain crazy").
We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
openssl-ruby-tests - which means that Ruby will pick this up at some point)
to work around this difference and that's just not worth the effort.
The old AEAD- names will become aliases and continue to work, but in
openssl ciphers and netcat output the TLS_* names will now be displayed.
"I would be very happy if this gets committed" bluhm
ok beck inoguchi, begrudgingly ok jsing
Diffstat (limited to 'src/lib/libssl/tls1.h')
| -rw-r--r-- | src/lib/libssl/tls1.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 90523dd0f9..547fb86e5d 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.50 2021/10/15 16:48:47 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.51 2022/02/05 18:18:18 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -722,6 +722,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 722 | #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" | 722 | #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" |
| 723 | #define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" | 723 | #define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" |
| 724 | #define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" | 724 | #define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" |
| 725 | |||
| 726 | #define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" | ||
| 727 | #define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" | ||
| 728 | #define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" | ||
| 729 | #define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" | ||
| 730 | #define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" | ||
| 725 | #endif | 731 | #endif |
| 726 | 732 | ||
| 727 | #define TLS_CT_RSA_SIGN 1 | 733 | #define TLS_CT_RSA_SIGN 1 |