Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nss: allow to specify TLS 1.3 ciphers if supported by NSS #3916

Closed
wants to merge 1 commit into from
Closed

nss: allow to specify TLS 1.3 ciphers if supported by NSS #3916

wants to merge 1 commit into from

Conversation

kdudka
Copy link
Contributor

@kdudka kdudka commented May 21, 2019

No description provided.

@bagder bagder added the TLS label May 21, 2019
jay
jay reviewed May 22, 2019
View reviewed changes
lib/vtls/nss.c
@@ -216,6 +216,11 @@ static const cipher_s cipherlist[] = {
{"dhe_rsa_chacha20_poly1305_sha_256",
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
#endif
#ifdef TLS_AES_256_GCM_SHA384
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you come up with this as opposed to TLS_CHACHA20_POLY1305_SHA256? In other words if TLS_AES_256_GCM_SHA384 is defined then TLS_CHACHA20_POLY1305_SHA256 is definitely defined?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you come up with this as opposed to TLS_CHACHA20_POLY1305_SHA256?

I did not, @tomato42 did.

In other words if TLS_AES_256_GCM_SHA384 is defined then TLS_CHACHA20_POLY1305_SHA256 is definitely defined?

I think so. All the defines were introduced in a single commit:

nss-dev/nss@e272467e#diff-61a352311f838d5a89d178abc1f4bb6aR207

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Please add them to the NSS section of CIPHERS.md. Are they set using CURLOPT_TLS13_CIPHERS? OpenSSL CIPHERS has a separate section for TLS 1.3 ciphers, is something similar is needed for NSS?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenSSL uses separate API for setting TLS 1.3 ciphers, NSS doesn't

@jay jay mentioned this pull request May 24, 2019
Closed
@kdudka
Copy link
Contributor Author

kdudka commented May 27, 2019

Thanks for review! Merging...

@kdudka kdudka closed this in 319ae90 May 27, 2019
@kdudka kdudka deleted the nss-ciphers branch May 27, 2019 07:10
@lock lock bot locked as resolved and limited conversation to collaborators Aug 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tomato42 tomato42 tomato42 left review comments

@jay jay jay left review comments

@bagder bagder bagder approved these changes

Assignees
No one assigned
Labels
TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kdudka @bagder @tomato42 @jay