-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New ciphers for TLS 1.2 and TLS 1.3 #287
New ciphers for TLS 1.2 and TLS 1.3 #287
Conversation
Ciphers are always taken from the client/server local configuration.
@@ -163,17 +162,18 @@ handshakeClient' cparams ctx groups mcrand = do | |||
return $ Just $ toExtensionRaw $ KeyShareClientHello [ent] | |||
| otherwise = return Nothing | |||
|
|||
sessionHash sdata = case cipherIDtoCipher13 (sessionCipher sdata) of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for removing cipherIDtoCipher13
. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent. I will merge this.
I have confirmed that |
Thanks for your tests. I think it will be possible to merge TLS13 record modules with the ones used for previous versions. In the end, there are very few differences:
That's all I see. The compression step can be put back since it is a no-op. |
Adds the following:
The nonce construction of TLS 1.3 is applied to TLS 1.2 when
bulkExplicitIV
is 0 instead of 8, which I believe is the correct condition.I also remove
cipherIDtoCipher13
so that custom ciphers can be used with TLS 1.3 too.