mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
Merge branch 'maint-0.3.1' into maint-0.3.2
This commit is contained in:
commit
4de20d1754
7
changes/bug24978
Normal file
7
changes/bug24978
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
o Minor features (compatibility, OpenSSL):
|
||||||
|
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||||
|
Previous versions of Tor would not have worked with OpenSSL
|
||||||
|
1.1.1, since they neither disabled TLS 1.3 nor enabled any of the
|
||||||
|
ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
|
||||||
|
Closes ticket 24978.
|
||||||
|
|
@ -2,8 +2,27 @@
|
|||||||
* advertise. Before including it, you should define the CIPHER and XCIPHER
|
* advertise. Before including it, you should define the CIPHER and XCIPHER
|
||||||
* macros.
|
* macros.
|
||||||
*
|
*
|
||||||
* This file was automatically generated by get_mozilla_ciphers.py.
|
* This file was automatically generated by get_mozilla_ciphers.py;
|
||||||
|
* TLSv1.3 ciphers were added manually.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* Here are the TLS1.3 ciphers. Note that we don't have XCIPHER instances
|
||||||
|
* here, since we don't want to ever fake them.
|
||||||
|
*/
|
||||||
|
#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
|
||||||
|
CIPHER(0x1301, TLS1_3_TXT_AES_128_GCM_SHA256)
|
||||||
|
#endif
|
||||||
|
#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
|
||||||
|
CIPHER(0x1302, TLS1_3_TXT_AES_256_GCM_SHA384)
|
||||||
|
#endif
|
||||||
|
#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
|
||||||
|
CIPHER(0x1303, TLS1_3_TXT_CHACHA20_POLY1305_SHA256)
|
||||||
|
#endif
|
||||||
|
#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
|
||||||
|
CIPHER(0x1304, TLS1_3_TXT_AES_128_CCM_SHA256)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Here's the machine-generated list. */
|
||||||
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
|
CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
|
||||||
#else
|
#else
|
||||||
|
@ -570,13 +570,35 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
|
|||||||
|
|
||||||
/** List of ciphers that servers should select from when the client might be
|
/** List of ciphers that servers should select from when the client might be
|
||||||
* claiming extra unsupported ciphers in order to avoid fingerprinting. */
|
* claiming extra unsupported ciphers in order to avoid fingerprinting. */
|
||||||
#define SERVER_CIPHER_LIST \
|
static const char SERVER_CIPHER_LIST[] =
|
||||||
(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \
|
#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
|
||||||
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
|
/* This one can never actually get selected, since if the client lists it,
|
||||||
|
* we will assume that the client is honest, and not use this list.
|
||||||
|
* Nonetheless we list it if it's available, so that the server doesn't
|
||||||
|
* conclude that it has no valid ciphers if it's running with TLS1.3.
|
||||||
|
*/
|
||||||
|
TLS1_3_TXT_AES_128_GCM_SHA256 ":"
|
||||||
|
#endif
|
||||||
|
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
|
||||||
|
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA;
|
||||||
|
|
||||||
/** List of ciphers that servers should select from when we actually have
|
/** List of ciphers that servers should select from when we actually have
|
||||||
* our choice of what cipher to use. */
|
* our choice of what cipher to use. */
|
||||||
static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
|
static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
|
||||||
|
/* Here are the TLS 1.3 ciphers we like, in the order we prefer. */
|
||||||
|
#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
|
||||||
|
TLS1_3_TXT_AES_256_GCM_SHA384 ":"
|
||||||
|
#endif
|
||||||
|
#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
|
||||||
|
TLS1_3_TXT_CHACHA20_POLY1305_SHA256 ":"
|
||||||
|
#endif
|
||||||
|
#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
|
||||||
|
TLS1_3_TXT_AES_128_GCM_SHA256 ":"
|
||||||
|
#endif
|
||||||
|
#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
|
||||||
|
TLS1_3_TXT_AES_128_CCM_SHA256 ":"
|
||||||
|
#endif
|
||||||
|
|
||||||
/* This list is autogenerated with the gen_server_ciphers.py script;
|
/* This list is autogenerated with the gen_server_ciphers.py script;
|
||||||
* don't hand-edit it. */
|
* don't hand-edit it. */
|
||||||
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
Loading…
Reference in New Issue
Block a user