mbedtls: add TLS 1.3 ciphers
authorFelix Fietkau <nbd@nbd.name>
Sun, 7 Apr 2024 14:43:47 +0000 (16:43 +0200)
committerFelix Fietkau <nbd@nbd.name>
Sun, 7 Apr 2024 16:46:10 +0000 (18:46 +0200)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ustream-mbedtls.c

index b733ea1d79613adb07e86555d5e1e2cc4ef44e75..c2eb2d4a8bc09f4a345d0476246a4b692f1a8504 100644 (file)
@@ -121,6 +121,14 @@ static int _random(void *ctx, unsigned char *out, size_t len)
 
 static const int default_ciphersuites_server[] =
 {
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+       MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+       MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+       MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif
+
        MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
        AES_GCM_CIPHERS(ECDHE_ECDSA),
        MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -132,6 +140,14 @@ static const int default_ciphersuites_server[] =
 
 static const int default_ciphersuites_client[] =
 {
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+       MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+       MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+       MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif
+
        MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
        AES_GCM_CIPHERS(ECDHE_ECDSA),
        MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,