diff options
-rw-r--r-- | ustream-mbedtls.c | 24 | ||||
-rw-r--r-- | ustream-openssl.c | 42 |
2 files changed, 44 insertions, 22 deletions
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index b7d7629..85bbb1c 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -86,18 +86,25 @@ static int _urandom(void *ctx, unsigned char *out, size_t len) return 0; } -#define AES_CIPHERS(v) \ +#define AES_GCM_CIPHERS(v) \ MBEDTLS_TLS_##v##_WITH_AES_128_GCM_SHA256, \ - MBEDTLS_TLS_##v##_WITH_AES_256_GCM_SHA384, \ + MBEDTLS_TLS_##v##_WITH_AES_256_GCM_SHA384 + +#define AES_CBC_CIPHERS(v) \ MBEDTLS_TLS_##v##_WITH_AES_128_CBC_SHA, \ MBEDTLS_TLS_##v##_WITH_AES_256_CBC_SHA +#define AES_CIPHERS(v) \ + AES_GCM_CIPHERS(v), \ + AES_CBC_CIPHERS(v) + static const int default_ciphersuites_server[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - AES_CIPHERS(ECDHE_ECDSA), + AES_GCM_CIPHERS(ECDHE_ECDSA), MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - AES_CIPHERS(ECDHE_RSA), + AES_GCM_CIPHERS(ECDHE_RSA), + AES_CBC_CIPHERS(ECDHE_RSA), AES_CIPHERS(RSA), 0 }; @@ -105,11 +112,14 @@ static const int default_ciphersuites_server[] = static const int default_ciphersuites_client[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - AES_CIPHERS(ECDHE_ECDSA), + AES_GCM_CIPHERS(ECDHE_ECDSA), MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - AES_CIPHERS(ECDHE_RSA), + AES_GCM_CIPHERS(ECDHE_RSA), MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - AES_CIPHERS(DHE_RSA), + AES_GCM_CIPHERS(DHE_RSA), + AES_CBC_CIPHERS(ECDHE_ECDSA), + AES_CBC_CIPHERS(ECDHE_RSA), + AES_CBC_CIPHERS(DHE_RSA), MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, AES_CIPHERS(RSA), MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, diff --git a/ustream-openssl.c b/ustream-openssl.c index 3810d6a..b2df362 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -22,14 +22,16 @@ #include "ustream-ssl.h" #include "ustream-internal.h" - /* Ciphersuite preference: - * - key exchange: prefer ECDHE, then DHE(client only), then RSA - * - prefer AEAD ciphers: + * - for server, no weak ciphers are used if you use an ECDSA key. + * - forward-secret (pfs), authenticated (AEAD) ciphers are at the top: * chacha20-poly1305, the fastest in software, 256-bits * aes128-gcm, 128-bits * aes256-gcm, 256-bits - * - CBC ciphers + * - key exchange: prefer ECDHE, then DHE (client only) + * - forward-secret ECDSA CBC ciphers (client-only) + * - forward-secret RSA CBC ciphers + * - non-pfs ciphers * aes128, aes256, 3DES(client only) */ @@ -38,32 +40,38 @@ "TLS13-CHACHA20-POLY1305-SHA256:" \ "TLS13-AES128-GCM-SHA256:" \ "TLS13-AES256-GCM-SHA384:" \ - ecdhe_ciphers + ecdhe_aead_ciphers #else # define tls13_ciphersuites "TLS_CHACHA20_POLY1305_SHA256:" \ "TLS_AES_128_GCM_SHA256:" \ "TLS_AES_256_GCM_SHA384" # define top_ciphers \ - ecdhe_ciphers + ecdhe_aead_ciphers #endif -#define ecdhe_ciphers \ +#define ecdhe_aead_ciphers \ "ECDHE-ECDSA-CHACHA20-POLY1305:" \ "ECDHE-ECDSA-AES128-GCM-SHA256:" \ "ECDHE-ECDSA-AES256-GCM-SHA384:" \ - "ECDHE-ECDSA-AES128-SHA:" \ - "ECDHE-ECDSA-AES256-SHA:" \ "ECDHE-RSA-CHACHA20-POLY1305:" \ "ECDHE-RSA-AES128-GCM-SHA256:" \ - "ECDHE-RSA-AES256-GCM-SHA384:" \ - "ECDHE-RSA-AES128-SHA:" \ - "ECDHE-RSA-AES256-SHA" + "ECDHE-RSA-AES256-GCM-SHA384" -#define dhe_ciphers \ +#define dhe_aead_ciphers \ "DHE-RSA-CHACHA20-POLY1305:" \ "DHE-RSA-AES128-GCM-SHA256:" \ - "DHE-RSA-AES256-GCM-SHA384:" \ + "DHE-RSA-AES256-GCM-SHA384" + +#define ecdhe_ecdsa_cbc_ciphers \ + "ECDHE-ECDSA-AES128-SHA:" \ + "ECDHE-ECDSA-AES256-SHA" + +#define ecdhe_rsa_cbc_ciphers \ + "ECDHE-RSA-AES128-SHA:" \ + "ECDHE-RSA-AES256-SHA" + +#define dhe_cbc_ciphers \ "DHE-RSA-AES128-SHA:" \ "DHE-RSA-AES256-SHA:" \ "DHE-DES-CBC3-SHA" @@ -76,11 +84,15 @@ #define server_cipher_list \ top_ciphers ":" \ + ecdhe_rsa_cbc_ciphers ":" \ non_pfs_aes #define client_cipher_list \ top_ciphers ":" \ - dhe_ciphers ":" \ + dhe_aead_ciphers ":" \ + ecdhe_ecdsa_cbc_ciphers ":" \ + ecdhe_rsa_cbc_ciphers ":" \ + dhe_cbc_ciphers ":" \ non_pfs_aes ":" \ "DES-CBC3-SHA" |