cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH 2/3] nss: allow to enable/disable new HMAC-SHA256 cipher-suites

From: Fabian Frank <fabian.frank.de_at_gmail.com>
Date: Fri, 14 Mar 2014 16:42:23 -0700

+1

On Mon, Mar 10, 2014 at 5:44 AM, Kamil Dudka <kdudka_at_redhat.com> wrote:

> ... if built against a new enough version of NSS
> ---
> lib/vtls/nss.c | 10 ++++++++++
> 1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
> index e22b098..119a910 100644
> --- a/lib/vtls/nss.c
> +++ b/lib/vtls/nss.c
> @@ -155,6 +155,16 @@ static const cipher_s cipherlist[] = {
> {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
> {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
> {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
> +#ifdef TLS_RSA_WITH_NULL_SHA256
> + /* new HMAC-SHA256 cipher suites specified in RFC */
> + {"rsa_null_sha_256", TLS_RSA_WITH_NULL_SHA256},
> + {"rsa_aes_128_cbc_sha_256", TLS_RSA_WITH_AES_128_CBC_SHA256},
> + {"rsa_aes_256_cbc_sha_256", TLS_RSA_WITH_AES_256_CBC_SHA256},
> + {"dhe_rsa_aes_128_cbc_sha_256",
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
> + {"dhe_rsa_aes_256_cbc_sha_256",
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
> + {"ecdhe_ecdsa_aes_128_cbc_sha_256",
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
> + {"ecdhe_rsa_aes_128_cbc_sha_256",
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
> +#endif
> };
>
> static const char* pem_library = "libnsspem.so";
> --
> 1.7.1
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-03-15