|
|
a2d4e1 |
From 301f5142f8eac474ff3f92d83450cdd3b023c92b Mon Sep 17 00:00:00 2001
|
|
|
a2d4e1 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
a2d4e1 |
Date: Mon, 19 Sep 2016 16:37:05 +0200
|
|
|
a2d4e1 |
Subject: [PATCH 1/3] nss: fix typo in ecdhe_rsa_null cipher suite string
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
As it seems to be a rarely used cipher suite (for securely established
|
|
|
a2d4e1 |
but _unencrypted_ connections), I believe it is fine not to provide an
|
|
|
a2d4e1 |
alias for the misspelled variant.
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
Upstream-commit: 75912202709e0f74a5bab91ef57254d7038f5f42
|
|
|
a2d4e1 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
a2d4e1 |
---
|
|
|
a2d4e1 |
lib/nss.c | 2 +-
|
|
|
a2d4e1 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
a2d4e1 |
index 7b4fe57..d0db3cd 100644
|
|
|
a2d4e1 |
--- a/lib/nss.c
|
|
|
a2d4e1 |
+++ b/lib/nss.c
|
|
|
a2d4e1 |
@@ -144,7 +144,7 @@ static const cipher_s cipherlist[] = {
|
|
|
a2d4e1 |
{"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
|
|
|
a2d4e1 |
{"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
|
|
|
a2d4e1 |
{"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
|
|
|
a2d4e1 |
- {"echde_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
|
|
|
a2d4e1 |
+ {"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
|
|
|
a2d4e1 |
{"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
|
|
|
a2d4e1 |
{"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
|
|
|
a2d4e1 |
{"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
|
|
a2d4e1 |
--
|
|
|
a2d4e1 |
2.7.4
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
From 3b11781032d9c04ba8a9500899339a4758da4ad7 Mon Sep 17 00:00:00 2001
|
|
|
a2d4e1 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
a2d4e1 |
Date: Mon, 19 Sep 2016 17:38:23 +0200
|
|
|
a2d4e1 |
Subject: [PATCH 2/3] nss: add cipher suites using SHA384 if supported by NSS
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
Upstream-commit: 049aa9254687f6738642bd73da9bf96d8af2a833
|
|
|
a2d4e1 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
a2d4e1 |
---
|
|
|
a2d4e1 |
lib/nss.c | 10 ++++++++++
|
|
|
a2d4e1 |
1 file changed, 10 insertions(+)
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
a2d4e1 |
index d0db3cd..16b0218 100644
|
|
|
a2d4e1 |
--- a/lib/nss.c
|
|
|
a2d4e1 |
+++ b/lib/nss.c
|
|
|
a2d4e1 |
@@ -174,6 +174,16 @@ static const cipher_s cipherlist[] = {
|
|
|
a2d4e1 |
{"ecdhe_rsa_aes_128_gcm_sha_256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
|
|
a2d4e1 |
{"ecdh_rsa_aes_128_gcm_sha_256", TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
|
|
|
a2d4e1 |
#endif
|
|
|
a2d4e1 |
+#ifdef TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
|
a2d4e1 |
+ /* cipher suites using SHA384 */
|
|
|
a2d4e1 |
+ {"rsa_aes_256_gcm_sha_384", TLS_RSA_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
+ {"dhe_rsa_aes_256_gcm_sha_384", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
+ {"dhe_dss_aes_256_gcm_sha_384", TLS_DHE_DSS_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
+ {"ecdhe_ecdsa_aes_256_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
|
|
|
a2d4e1 |
+ {"ecdhe_rsa_aes_256_sha_384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
|
|
|
a2d4e1 |
+ {"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
+ {"ecdhe_rsa_aes_256_gcm_sha_384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
+#endif
|
|
|
a2d4e1 |
};
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
static const char* pem_library = "libnsspem.so";
|
|
|
a2d4e1 |
--
|
|
|
a2d4e1 |
2.7.4
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
From e796e68d2f1ef647a91afa10deb0986e082a14be Mon Sep 17 00:00:00 2001
|
|
|
a2d4e1 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
a2d4e1 |
Date: Mon, 19 Sep 2016 17:45:53 +0200
|
|
|
a2d4e1 |
Subject: [PATCH 3/3] nss: add chacha20-poly1305 cipher suites if supported by
|
|
|
a2d4e1 |
NSS
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
Upstream-commit: d1f1c857ad559eafef9373621d30174c046261ef
|
|
|
a2d4e1 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
a2d4e1 |
---
|
|
|
a2d4e1 |
lib/nss.c | 9 +++++++++
|
|
|
a2d4e1 |
1 file changed, 9 insertions(+)
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
a2d4e1 |
index 16b0218..36c100d 100644
|
|
|
a2d4e1 |
--- a/lib/nss.c
|
|
|
a2d4e1 |
+++ b/lib/nss.c
|
|
|
a2d4e1 |
@@ -184,6 +184,15 @@ static const cipher_s cipherlist[] = {
|
|
|
a2d4e1 |
{"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
{"ecdhe_rsa_aes_256_gcm_sha_384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
|
|
|
a2d4e1 |
#endif
|
|
|
a2d4e1 |
+#ifdef TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
|
|
a2d4e1 |
+ /* chacha20-poly1305 cipher suites */
|
|
|
a2d4e1 |
+ {"ecdhe_rsa_chacha20_poly1305_sha_256",
|
|
|
a2d4e1 |
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
|
|
|
a2d4e1 |
+ {"ecdhe_ecdsa_chacha20_poly1305_sha_256",
|
|
|
a2d4e1 |
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
|
|
|
a2d4e1 |
+ {"dhe_rsa_chacha20_poly1305_sha_256",
|
|
|
a2d4e1 |
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
|
|
|
a2d4e1 |
+#endif
|
|
|
a2d4e1 |
};
|
|
|
a2d4e1 |
|
|
|
a2d4e1 |
static const char* pem_library = "libnsspem.so";
|
|
|
a2d4e1 |
--
|
|
|
a2d4e1 |
2.7.4
|
|
|
a2d4e1 |
|