New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Cipher Suite 0xC102 Support #11403
Conversation
I am wondering whether there would be a desire for a knob to provide "strictly compliant" behavior (i.e., only recognize 0xc102 and not 0xff85), and what such a knob would look like. |
This change will cause backwards compat problems. Because we rename the old cipher to One possibility is to arrange things so that if clients have |
How i can fo this arrangement?
|
Or i can leave the old one, and add a new one IANA-GOST2012-GOST8912-GOST8912 or something like this |
This sounds plausible - but perhaps do it as an alias. See cipher_aliases in ssl_ciph.c |
@NMorozxov, do you have plans to implement Matt's suggestion? |
@beldmit I have pushed yesterday. Two chippers and alias. What suggestions did i miss ? |
Sorry, I missed the commit. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, but probably there also needs to be some updates in doc/man1/ciphers.pod
For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier, but new identifier 0xc102 was assigned. Because of old software we will support both numbers. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/
@mattcaswell @beldmit fix submited |
Approve if Travis is happy |
24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually. |
For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier, but new identifier 0xc102 was assigned. Because of old software we will support both numbers. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/ Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from #11403)
Merged. Many thanks! |
For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier,
but new identifier 0xc102 was assigned.
Because of old software we will support both numbers.
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2
https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/
Checklist