mbedtls: add TLS 1.3 ciphers

author Felix Fietkau <nbd@nbd.name>

Sun, 7 Apr 2024 14:43:47 +0000 (16:43 +0200)

committer Felix Fietkau <nbd@nbd.name>

Sun, 7 Apr 2024 16:46:10 +0000 (18:46 +0200)
author Felix Fietkau <nbd@nbd.name>
Sun, 7 Apr 2024 14:43:47 +0000 (16:43 +0200)
committer Felix Fietkau <nbd@nbd.name>
Sun, 7 Apr 2024 16:46:10 +0000 (18:46 +0200)
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c

index b733ea1d79613adb07e86555d5e1e2cc4ef44e75..c2eb2d4a8bc09f4a345d0476246a4b692f1a8504 100644 (file)
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -121,6 +121,14 @@ static int _random(void *ctx, unsigned char *out, size_t len)
  
  static const int default_ciphersuites_server[] =
  {
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+       MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+       MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+       MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif
+
         MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
         AES_GCM_CIPHERS(ECDHE_ECDSA),
         MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -132,6 +140,14 @@ static const int default_ciphersuites_server[] =
  
  static const int default_ciphersuites_client[] =
  {
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+       MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+       MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+       MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+       MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif
+
         MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
         AES_GCM_CIPHERS(ECDHE_ECDSA),
         MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
author	Felix Fietkau <nbd@nbd.name>
	Sun, 7 Apr 2024 14:43:47 +0000 (16:43 +0200)
committer	Felix Fietkau <nbd@nbd.name>
	Sun, 7 Apr 2024 16:46:10 +0000 (18:46 +0200)