Put the default set of TLSv1.3 ciphersuites in a header file
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
This commit is contained in:
Matt Caswell
parent
7482690137
commit
fa25763b55
2 changed files with 6 additions and 4 deletions
|
|
@ -169,8 +169,13 @@ extern "C" {
|
||||||
/*
|
/*
|
||||||
* The following cipher list is used by default. It also is substituted when
|
* The following cipher list is used by default. It also is substituted when
|
||||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||||
|
* This applies to ciphersuites for TLSv1.2 and below.
|
||||||
*/
|
*/
|
||||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
||||||
|
/* This is the default set of TLSv1.3 ciphersuites */
|
||||||
|
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
|
||||||
|
"TLS_CHACHA20_POLY1305_SHA256:" \
|
||||||
|
"TLS_AES_128_GCM_SHA256"
|
||||||
/*
|
/*
|
||||||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
||||||
* starts with a reasonable order, and all we have to do for DEFAULT is
|
* starts with a reasonable order, and all we have to do for DEFAULT is
|
||||||
|
|
|
||||||
|
|
@ -3019,10 +3019,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
||||||
goto err;
|
goto err;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!SSL_CTX_set_ciphersuites(ret,
|
if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
|
||||||
"TLS_AES_256_GCM_SHA384:"
|
|
||||||
"TLS_CHACHA20_POLY1305_SHA256:"
|
|
||||||
"TLS_AES_128_GCM_SHA256"))
|
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (!ssl_create_cipher_list(ret->method,
|
if (!ssl_create_cipher_list(ret->method,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue