From 25383a4fc8bd2a6f82ac01e86a5de2b530535da9 Mon Sep 17 00:00:00 2001
From: Honfika <honfika@gmail.com>
Date: Tue, 14 Jan 2020 08:18:25 +0100
Subject: [PATCH 1/2] fix

---
 .../Network/DefaultCertificateDiskCache.cs    | 22 ++++++-------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/src/Titanium.Web.Proxy/Network/DefaultCertificateDiskCache.cs b/src/Titanium.Web.Proxy/Network/DefaultCertificateDiskCache.cs
index 070e71689..910df634e 100644
--- a/src/Titanium.Web.Proxy/Network/DefaultCertificateDiskCache.cs
+++ b/src/Titanium.Web.Proxy/Network/DefaultCertificateDiskCache.cs
@@ -6,13 +6,12 @@
 
 namespace Titanium.Web.Proxy.Network
 {
-    internal sealed class DefaultCertificateDiskCache : ICertificateCache
+    public sealed class DefaultCertificateDiskCache : ICertificateCache
     {
         private const string defaultCertificateDirectoryName = "crts";
         private const string defaultCertificateFileExtension = ".pfx";
         private const string defaultRootCertificateFileName = "rootCert" + defaultCertificateFileExtension;
         private string? rootCertificatePath;
-        private string? certificatePath;
 
         public X509Certificate2? LoadRootCertificate(string pathOrName, string password, X509KeyStorageFlags storageFlags)
         {
@@ -56,8 +55,6 @@ public void Clear()
             {
                 // do nothing
             }
-
-            certificatePath = null;
         }
 
         private X509Certificate2? loadCertificate(string path, string password, X509KeyStorageFlags storageFlags)
@@ -95,20 +92,15 @@ private string getRootCertificatePath(string pathOrName)
 
         private string getCertificatePath(bool create)
         {
-            if (certificatePath == null)
-            {
-                string path = getRootCertificateDirectory();
-
-                string certPath = Path.Combine(path, defaultCertificateDirectoryName);
-                if (create && !Directory.Exists(certPath))
-                {
-                    Directory.CreateDirectory(certPath);
-                }
+            string path = getRootCertificateDirectory();
 
-                certificatePath = certPath;
+            string certPath = Path.Combine(path, defaultCertificateDirectoryName);
+            if (create && !Directory.Exists(certPath))
+            {
+                Directory.CreateDirectory(certPath);
             }
 
-            return certificatePath;
+            return certPath;
         }
 
         private string getRootCertificateDirectory()

From 33d86a59b9c797bbaddf3979502bd1795394872a Mon Sep 17 00:00:00 2001
From: Honfika <honfika@gmail.com>
Date: Wed, 22 Jan 2020 08:20:52 +0100
Subject: [PATCH 2/2] ciphers list updated, null check in proxy settings

---
 src/Titanium.Web.Proxy/Helpers/SystemProxy.cs |  4 ++--
 .../StreamExtended/Models/SslCiphers.cs       | 20 +++++++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/Titanium.Web.Proxy/Helpers/SystemProxy.cs b/src/Titanium.Web.Proxy/Helpers/SystemProxy.cs
index c9c3f32b3..f750b4b36 100644
--- a/src/Titanium.Web.Proxy/Helpers/SystemProxy.cs
+++ b/src/Titanium.Web.Proxy/Helpers/SystemProxy.cs
@@ -345,9 +345,9 @@ private static void refresh()
         /// <summary>
         ///     Opens the registry key with the internet settings
         /// </summary>
-        private static RegistryKey openInternetSettingsKey()
+        private static RegistryKey? openInternetSettingsKey()
         {
-            return Registry.CurrentUser.OpenSubKey(regKeyInternetSettings, true);
+            return Registry.CurrentUser?.OpenSubKey(regKeyInternetSettings, true);
         }
     }
 }
diff --git a/src/Titanium.Web.Proxy/StreamExtended/Models/SslCiphers.cs b/src/Titanium.Web.Proxy/StreamExtended/Models/SslCiphers.cs
index 8f66b7b27..9e0a166ad 100644
--- a/src/Titanium.Web.Proxy/StreamExtended/Models/SslCiphers.cs
+++ b/src/Titanium.Web.Proxy/StreamExtended/Models/SslCiphers.cs
@@ -173,6 +173,12 @@ internal static class SslCiphers
             { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
             { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" },
             { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" },
+            // RFC 8446
+            { 0x1301, "TLS_AES_128_GCM_SHA256" },
+            { 0x1302, "TLS_AES_256_GCM_SHA384" },
+            { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" },
+            { 0x1304, "TLS_AES_128_CCM_SHA256" },
+            { 0x1305, "TLS_AES_128_CCM_8_SHA256" },
             { 0x5600, "TLS_FALLBACK_SCSV" },
             // RFC 4492
             { 0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
@@ -353,6 +359,15 @@ internal static class SslCiphers
             { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" },
             { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" },
             { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" },
+            { 0xC0B0, "TLS_ECCPWD_WITH_AES_128_GCM_SHA256" },
+            { 0xC0B1, "TLS_ECCPWD_WITH_AES_256_GCM_SHA384" },
+            { 0xC0B2, "TLS_ECCPWD_WITH_AES_128_CCM_SHA256" },
+            { 0xC0B3, "TLS_ECCPWD_WITH_AES_256_CCM_SHA384" },
+            { 0xC0B4, "TLS_SHA256_SHA256" },
+            { 0xC0B5, "TLS_SHA384_SHA384" },
+            { 0xC100, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" },
+            { 0xC101, "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" },
+            { 0xC102, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" },
             // old numbers used in the beginning http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305
             { 0xCC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
             { 0xCC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
@@ -365,6 +380,11 @@ internal static class SslCiphers
             { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" },
             { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" },
             { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" },
+            // RFC 8442
+            { 0xD001, "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" },
+            { 0xD002, "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384" },
+            { 0xD003, "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256" },
+            { 0xD005, "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256" },
             // http://tools.ietf.org/html/draft-josefsson-salsa20-tls
             { 0xE410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" },
             { 0xE411, "TLS_RSA_WITH_SALSA20_SHA1" },