Skip to content

TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 #9255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgarske merged 1 commit into from
Oct 7, 2025
Merged

TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 #9255

dgarske merged 1 commit into from
Oct 7, 2025

Conversation

@SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Sep 30, 2025
edited
Loading

Description

Order of preference, based on algorithms compiled in, to use with HMAC for TLS 1.3 cookie:

  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in. Certificates used for testing require SHA-256 so handshake testing fails.

Fixes zd#20505

Testing

How did you test?

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@SparkiDev SparkiDev self-assigned this Sep 30, 2025
@SparkiDev SparkiDev force-pushed the tls13_cookie_hash branch 2 times, most recently from 39782ef to b048acb Compare September 30, 2025 03:12
@SparkiDev
Copy link
Contributor Author

SparkiDev commented Sep 30, 2025

retest this please

Unable to create live FilePath for wolf-linux-cloud-node-j9hb60; wolf-linux-cloud-node-j9hb60 was marked offline: Connection was broken

@SparkiDev
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
e14cc3a 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
@SparkiDev
Copy link
Contributor Author

SparkiDev commented Oct 3, 2025

retest this please

hudson.remoting.Channel$CallSiteStackTrace: Remote call to boz-amd

@SparkiDev SparkiDev assigned wolfSSL-Bot and unassigned SparkiDev Oct 6, 2025
@SparkiDev SparkiDev requested a review from wolfSSL-Bot October 6, 2025 23:13
dgarske
dgarske approved these changes Oct 7, 2025
View reviewed changes
@dgarske dgarske merged commit b3031d2 into wolfSSL:master Oct 7, 2025
338 of 340 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SparkiDev @dgarske @wolfSSL-Bot