projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
tls/ccm8: reduce the cipher strength for CCM8 ciphers to 64 bits
[openssl.git]
/
ssl
/
s3_lib.c
diff --git
a/ssl/s3_lib.c
b/ssl/s3_lib.c
index 9a53e6af202b1447f10cf780208632d4e75f110a..88565a700063e8f8be6f2b82eeb564973627c1b5 100644
(file)
--- a/
ssl/s3_lib.c
+++ b/
ssl/s3_lib.c
@@
-110,7
+110,7
@@
static SSL_CIPHER tls13_ciphers[] = {
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
128,
}
};
128,
}
};
@@
-701,7
+701,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
128,
},
{
@@
-717,7
+717,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
256,
},
{
@@
-733,7
+733,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
128,
},
{
@@
-749,7
+749,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
256,
},
{
@@
-829,7
+829,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
128,
},
{
@@
-845,7
+845,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
256,
},
{
@@
-861,7
+861,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
128,
},
{
@@
-877,7
+877,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
256,
},
{
@@
-925,7
+925,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
128,
},
{
@@
-941,7
+941,7
@@
static SSL_CIPHER ssl3_ciphers[] = {
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-
80
, /* CCM8 uses a short tag, so we have a low security strength */
+
64
, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
256,
},
{