From 853bb6e844ee6365e958fc2e64686a6fdd24459c Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 5 Feb 2022 18:18:18 +0000 Subject: Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_ OpenSSL chose to break the previous naming convention for ciphers and to adopt TLS_* "RFC" names instead. Unfortunately, these names are exposed in several APIs and some language bindings test for these non-standard names instead of cipher values, which is ... unfortunate (others would say "plain crazy"). We currently have to maintain patches in regress and ports (p5-Net-SSLeay, openssl-ruby-tests - which means that Ruby will pick this up at some point) to work around this difference and that's just not worth the effort. The old AEAD- names will become aliases and continue to work, but in openssl ciphers and netcat output the TLS_* names will now be displayed. "I would be very happy if this gets committed" bluhm ok beck inoguchi, begrudgingly ok jsing --- src/lib/libssl/ssl_ciphers.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'src/lib/libssl/ssl_ciphers.c') diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c index 7ac40126ed..3174ae9c26 100644 --- a/src/lib/libssl/ssl_ciphers.c +++ b/src/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.12 2022/02/05 14:54:10 jsing Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.13 2022/02/05 18:18:18 tb Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan * Copyright (c) 2015-2018, 2020 Joel Sing @@ -168,28 +168,28 @@ struct ssl_tls13_ciphersuite { static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = { { - .name = TLS1_3_TXT_AES_128_GCM_SHA256, - .alias = "TLS_AES_128_GCM_SHA256", + .name = TLS1_3_RFC_AES_128_GCM_SHA256, + .alias = TLS1_3_TXT_AES_128_GCM_SHA256, .cid = TLS1_3_CK_AES_128_GCM_SHA256, }, { - .name = TLS1_3_TXT_AES_256_GCM_SHA384, - .alias = "TLS_AES_256_GCM_SHA384", + .name = TLS1_3_RFC_AES_256_GCM_SHA384, + .alias = TLS1_3_TXT_AES_256_GCM_SHA384, .cid = TLS1_3_CK_AES_256_GCM_SHA384, }, { - .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, - .alias = "TLS_CHACHA20_POLY1305_SHA256", + .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + .alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, .cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256, }, { - .name = TLS1_3_TXT_AES_128_CCM_SHA256, - .alias = "TLS_AES_128_CCM_SHA256", + .name = TLS1_3_RFC_AES_128_CCM_SHA256, + .alias = TLS1_3_TXT_AES_128_CCM_SHA256, .cid = TLS1_3_CK_AES_128_CCM_SHA256, }, { - .name = TLS1_3_TXT_AES_128_CCM_8_SHA256, - .alias = "TLS_AES_128_CCM_8_SHA256", + .name = TLS1_3_RFC_AES_128_CCM_8_SHA256, + .alias = TLS1_3_TXT_AES_128_CCM_8_SHA256, .cid = TLS1_3_CK_AES_128_CCM_8_SHA256, }, { -- cgit v1.2.3-55-g6feb