From 81121941e0d2dbe0967095637d007d4fd9d7f412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Wed, 24 Apr 2019 16:48:06 +0200 Subject: ssl: Enable additional ciphers for TLS 1.3 Enable TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_128_CCM_SHA256. Change-Id: I04e32bcbf0683bb517f235a3e352facffc674692 --- lib/ssl/src/ssl_cipher.hrl | 4 ++-- lib/ssl/src/ssl_cipher_format.erl | 24 ++++++++++++------------ lib/ssl/src/tls_v1.erl | 8 ++++---- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/ssl/src/ssl_cipher.hrl b/lib/ssl/src/ssl_cipher.hrl index 9c5e2f80a9..0fa5f66c49 100644 --- a/lib/ssl/src/ssl_cipher.hrl +++ b/lib/ssl/src/ssl_cipher.hrl @@ -690,9 +690,9 @@ -define(TLS_CHACHA20_POLY1305_SHA256, <>). %% %% TLS_AES_128_CCM_SHA256 = {0x13,0x04} -%% -define(TLS_AES_128_CCM_SHA256, <>). +-define(TLS_AES_128_CCM_SHA256, <>). %% %% TLS_AES_128_CCM_8_SHA256 = {0x13,0x05} -%% -define(TLS_AES_128_CCM_8_SHA256, <>). +-define(TLS_AES_128_CCM_8_SHA256, <>). -endif. % -ifdef(ssl_cipher). diff --git a/lib/ssl/src/ssl_cipher_format.erl b/lib/ssl/src/ssl_cipher_format.erl index 887eb6c653..577156a4b5 100644 --- a/lib/ssl/src/ssl_cipher_format.erl +++ b/lib/ssl/src/ssl_cipher_format.erl @@ -955,12 +955,12 @@ suite_bin_to_map(?TLS_CHACHA20_POLY1305_SHA256) -> #{key_exchange => any, cipher => chacha20_poly1305, mac => aead, - prf => sha256}. -%% suite_bin_to_map(?TLS_AES_128_CCM_SHA256) -> -%% #{key_exchange => any, -%% cipher => aes_128_ccm, -%% mac => aead -%% prf => sha256}; + prf => sha256}; +suite_bin_to_map(?TLS_AES_128_CCM_SHA256) -> + #{key_exchange => any, + cipher => aes_128_ccm, + mac => aead, + prf => sha256}. %% suite_bin_to_map(?TLS_AES_128_CCM_8_SHA256) -> %% #{key_exchange => any, %% cipher => aes_128_ccm_8, @@ -1690,12 +1690,12 @@ suite_map_to_bin(#{key_exchange := any, cipher := chacha20_poly1305, mac := aead, prf := sha256}) -> - ?TLS_CHACHA20_POLY1305_SHA256. -%% suite_map_to_bin(#{key_exchange := any, -%% cipher := aes_128_ccm, -%% mac := aead, -%% prf := sha256}) -> -%% ?TLS_AES_128_CCM_SHA256; + ?TLS_CHACHA20_POLY1305_SHA256; +suite_map_to_bin(#{key_exchange := any, + cipher := aes_128_ccm, + mac := aead, + prf := sha256}) -> + ?TLS_AES_128_CCM_SHA256. %% suite_map_to_bin(#{key_exchange := any, %% cipher := aes_128_ccm_8, %% mac := aead, diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index f103f3218b..27cd5765e5 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -501,18 +501,18 @@ suites(3) -> suites(4) -> [?TLS_AES_256_GCM_SHA384, ?TLS_AES_128_GCM_SHA256, - ?TLS_CHACHA20_POLY1305_SHA256 + ?TLS_CHACHA20_POLY1305_SHA256, + ?TLS_AES_128_CCM_SHA256 %% Not supported - %% ?TLS_AES_128_CCM_SHA256, %% ?TLS_AES_128_CCM_8_SHA256 ] ++ suites(3); suites('TLS_v1.3') -> [?TLS_AES_256_GCM_SHA384, ?TLS_AES_128_GCM_SHA256, - ?TLS_CHACHA20_POLY1305_SHA256 + ?TLS_CHACHA20_POLY1305_SHA256, + ?TLS_AES_128_CCM_SHA256 %% Not supported - %% ?TLS_AES_128_CCM_SHA256, %% ?TLS_AES_128_CCM_8_SHA256 ]. -- cgit v1.2.3 From 4b9b216b0947e7b0b809cad6a1e486bd0a9f37ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Thu, 25 Apr 2019 10:16:08 +0200 Subject: ssl: Update standards compliance Change-Id: I6193b25af2496118bf4d281e6a0fc65831b37bf9 --- lib/ssl/doc/src/standards_compliance.xml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/ssl/doc/src/standards_compliance.xml b/lib/ssl/doc/src/standards_compliance.xml index 25840d0fc6..ca98385f85 100644 --- a/lib/ssl/doc/src/standards_compliance.xml +++ b/lib/ssl/doc/src/standards_compliance.xml @@ -133,7 +133,8 @@ Key Exchange: ECDHE Groups: all standard groups supported for the Diffie-Hellman key exchange - Ciphers: TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 + Ciphers: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, + TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_128_CCM_SHA256 Signature Algorithms: RSA and RSA PSS Certificates: currently only certificates with RSA keys are supported @@ -1967,8 +1968,8 @@ SHOULD implement the TLS_CHACHA20_POLY1305_SHA256 - NC - + C + 22 @@ -2203,14 +2204,14 @@ TLS_CHACHA20_POLY1305_SHA256 - NC - + C + 22 TLS_AES_128_CCM_SHA256 - NC - + C + 22 -- cgit v1.2.3