From 853bb6e844ee6365e958fc2e64686a6fdd24459c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 5 Feb 2022 18:18:18 +0000
Subject: Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_

OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
exposed in several APIs and some language bindings test for these
non-standard names instead of cipher values, which is ... unfortunate
(others would say "plain crazy").

We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
openssl-ruby-tests - which means that Ruby will pick this up at some point)
to work around this difference and that's just not worth the effort.

The old AEAD- names will become aliases and continue to work, but in
openssl ciphers and netcat output the TLS_* names will now be displayed.

"I would be very happy if this gets committed" bluhm
ok beck inoguchi, begrudgingly ok jsing
---
 src/lib/libssl/s3_lib.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/s3_lib.c')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 916ed4935c..683a550ad8 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.227 2022/02/05 18:18:18 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -882,7 +882,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 	/* Cipher 1301 */
 	{
 		.valid = 1,
-		.name = TLS1_3_TXT_AES_128_GCM_SHA256,
+		.name = TLS1_3_RFC_AES_128_GCM_SHA256,
 		.id = TLS1_3_CK_AES_128_GCM_SHA256,
 		.algorithm_mkey = SSL_kTLS1_3,
 		.algorithm_auth = SSL_aTLS1_3,
@@ -898,7 +898,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 	/* Cipher 1302 */
 	{
 		.valid = 1,
-		.name = TLS1_3_TXT_AES_256_GCM_SHA384,
+		.name = TLS1_3_RFC_AES_256_GCM_SHA384,
 		.id = TLS1_3_CK_AES_256_GCM_SHA384,
 		.algorithm_mkey = SSL_kTLS1_3,
 		.algorithm_auth = SSL_aTLS1_3,
@@ -914,7 +914,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 	/* Cipher 1303 */
 	{
 		.valid = 1,
-		.name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+		.name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
 		.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
 		.algorithm_mkey = SSL_kTLS1_3,
 		.algorithm_auth = SSL_aTLS1_3,
-- 
cgit v1.2.3-55-g6feb