diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-09-24 15:10:12 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-10-02 16:51:56 -0400 |
| commit | 76ef17a7dc33ef94a18741d3ff6021bccf2bc360 (patch) | |
| tree | 1da49d7d70c507c7e4ec5d4063da96778d64b89c /nss_engine_cipher.c | |
| parent | 2341ceb7936b9e46d1fe00722ccbd4af44091907 (diff) | |
| download | mod_nss-76ef17a7dc33ef94a18741d3ff6021bccf2bc360.tar.gz mod_nss-76ef17a7dc33ef94a18741d3ff6021bccf2bc360.tar.xz mod_nss-76ef17a7dc33ef94a18741d3ff6021bccf2bc360.zip | |
NSS added support for some SHA384 ciphers, add them
I don't want to assume these ciphers are available in
every distro so I'm bending over backwards a bit to
check for availablility and get the defines right
for the python cipher tests.
Diffstat (limited to 'nss_engine_cipher.c')
| -rw-r--r-- | nss_engine_cipher.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c index bede228..1bd9941 100644 --- a/nss_engine_cipher.c +++ b/nss_engine_cipher.c @@ -42,6 +42,9 @@ cipher_properties ciphers_def[ciphernum] = {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, "EXP1024-RC4-SHA", SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1, TLSV1, SSL_EXPORT56, 56, 128}, {"camelia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "CAMELLIA256-SHA", SSL_kRSA|SSL_aRSA|SSL_CAMELLIA256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256}, {"rsa_aes_128_gcm_sha_256", TLS_RSA_WITH_AES_128_GCM_SHA256, "AES128-GCM-SHA256", SSL_kRSA|SSL_aRSA|SSL_AES128GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 128, 128}, +#ifdef ENABLE_SHA384 + {"rsa_aes_256_gcm_sha_384", TLS_RSA_WITH_AES_256_GCM_SHA384, "AES256-GCM-SHA384", SSL_kRSA|SSL_aRSA|SSL_AES256GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 256, 256}, +#endif {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "FIPS-DES-CBC3-SHA", SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSLV3, SSL_HIGH, 112, 168}, {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, "FIPS-DES-CBC-SHA", SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSLV3, SSL_LOW, 56, 56}, #ifdef NSS_ENABLE_ECC @@ -73,6 +76,12 @@ cipher_properties ciphers_def[ciphernum] = {"ecdhe_ecdsa_aes_128_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "ECDHE-ECDSA-AES128-SHA256", SSL_kEECDH|SSL_aECDSA|SSL_AES128|SSL_SHA256, TLSV1_2, SSL_HIGH, 128, 128}, {"ecdhe_rsa_aes_128_sha_256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "ECDHE-RSA-AES128-SHA256", SSL_kEECDH|SSL_aRSA|SSL_AES128|SSL_SHA256, TLSV1_2, SSL_HIGH, 128, 128}, {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES128-GCM-SHA256", SSL_kEECDH|SSL_aECDSA|SSL_AES128GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 128, 128}, +#ifdef ENABLE_SHA384 + {"ecdhe_ecdsa_aes_256_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "ECDHE-ECDSA-AES256-SHA384", SSL_kEECDH|SSL_aECDSA|SSL_AES256|SSL_SHA384, TLSV1_2, SSL_HIGH, 256, 256}, + {"ecdhe_rsa_aes_256_sha_384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "ECDHE-RSA-AES256-SHA384", SSL_kEECDH|SSL_aRSA|SSL_AES256|SSL_SHA384, TLSV1_2, SSL_HIGH, 256, 256}, + {"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "ECDHE-ECDSA-AES256-GCM-SHA384", SSL_kEECDH|SSL_aECDSA|SSL_AES256GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 256, 256}, + {"ecdhe_rsa_aes_256_gcm_sha_384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDHE-RSA-AES256-GCM-SHA384", SSL_kEECDH|SSL_aRSA|SSL_AES256GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 256, 256}, +#endif {"ecdhe_rsa_aes_128_gcm_sha_256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "ECDHE-RSA-AES128-GCM-SHA256", SSL_kEECDH|SSL_aRSA|SSL_AES128GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 128, 128}, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 is not implemented */ /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 is not implemented */ @@ -334,6 +343,8 @@ static int parse_openssl_ciphers(server_rec *s, char *ciphers, PRBool cipher_lis mask |= SSL_SHA1; } else if (!strcmp(cipher, "SHA256")) { mask |= SSL_SHA256; + } else if (!strcmp(cipher, "SHA384")) { + mask |= SSL_SHA384; } else if (!strcmp(cipher, "SSLv2")) { /* no-op */ } else if (!strcmp(cipher, "SSLv3")) { |