From 853bb6e844ee6365e958fc2e64686a6fdd24459c Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 5 Feb 2022 18:18:18 +0000 Subject: Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_ OpenSSL chose to break the previous naming convention for ciphers and to adopt TLS_* "RFC" names instead. Unfortunately, these names are exposed in several APIs and some language bindings test for these non-standard names instead of cipher values, which is ... unfortunate (others would say "plain crazy"). We currently have to maintain patches in regress and ports (p5-Net-SSLeay, openssl-ruby-tests - which means that Ruby will pick this up at some point) to work around this difference and that's just not worth the effort. The old AEAD- names will become aliases and continue to work, but in openssl ciphers and netcat output the TLS_* names will now be displayed. "I would be very happy if this gets committed" bluhm ok beck inoguchi, begrudgingly ok jsing --- src/lib/libssl/tls1.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls1.h') diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 90523dd0f9..547fb86e5d 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.50 2021/10/15 16:48:47 jsing Exp $ */ +/* $OpenBSD: tls1.h,v 1.51 2022/02/05 18:18:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -722,6 +722,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" #define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" #define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" + +#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" #endif #define TLS_CT_RSA_SIGN 1 -- cgit v1.2.3-55-g6feb