Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nss: allow to specify TLS 1.3 ciphers if supported by NSS #3916

Closed
wants to merge 1 commit into from

Conversation

kdudka
Copy link
Collaborator

@kdudka kdudka commented May 21, 2019

No description provided.

@bagder bagder added the TLS label May 21, 2019
@@ -216,6 +216,11 @@ static const cipher_s cipherlist[] = {
{"dhe_rsa_chacha20_poly1305_sha_256",
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
#endif
#ifdef TLS_AES_256_GCM_SHA384
Copy link
Member

@jay jay May 22, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you come up with this as opposed to TLS_CHACHA20_POLY1305_SHA256? In other words if TLS_AES_256_GCM_SHA384 is defined then TLS_CHACHA20_POLY1305_SHA256 is definitely defined?

Copy link
Collaborator Author

@kdudka kdudka May 22, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you come up with this as opposed to TLS_CHACHA20_POLY1305_SHA256?

I did not, @tomato42 did.

In other words if TLS_AES_256_GCM_SHA384 is defined then TLS_CHACHA20_POLY1305_SHA256 is definitely defined?

I think so. All the defines were introduced in a single commit:

nss-dev/nss@e272467e#diff-61a352311f838d5a89d178abc1f4bb6aR207

Copy link
Member

@jay jay May 23, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Please add them to the NSS section of CIPHERS.md. Are they set using CURLOPT_TLS13_CIPHERS? OpenSSL CIPHERS has a separate section for TLS 1.3 ciphers, is something similar is needed for NSS?

Copy link
Contributor

@tomato42 tomato42 May 23, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenSSL uses separate API for setting TLS 1.3 ciphers, NSS doesn't

bagder
bagder approved these changes May 24, 2019
@kdudka
Copy link
Collaborator Author

@kdudka kdudka commented May 27, 2019

Thanks for review! Merging...

@kdudka kdudka closed this in 319ae90 May 27, 2019
@kdudka kdudka deleted the nss-ciphers branch May 27, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Aug 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants