yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-30 23:40:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch CCM and GCM in default suite order

Browse source 
The upcoming BCP document recommends GCM as the default.
This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-19 16:18:26 +02:00 committed by Paul Bakker
parent d249b7ab9a
commit 42b5374523
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
library/ssl_ciphersuites.c
View file

@ -51,18 +51,18 @@
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK * Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
* 2. By key length and cipher: * 2. By key length and cipher:
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
* 3. By cipher mode when relevant CCM > GCM > CBC > CCM_8 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
* 4. By hash function used when relevant * 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC * 5. By key exchange/auth again: EC > non-EC
*/ */
static const int ciphersuite_preference[] = static const int ciphersuite_preference[] =
{ {
/* All AES-256 ephemeral suites */ /* All AES-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
@ -82,11 +82,11 @@ static const int ciphersuite_preference[] =
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All AES-128 ephemeral suites */ /* All AES-128 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
@ -111,8 +111,8 @@ static const int ciphersuite_preference[] =
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* The PSK ephemeral suites */ /* The PSK ephemeral suites */
TLS_DHE_PSK_WITH_AES_256_CCM,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS_DHE_PSK_WITH_AES_256_CCM,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
@ -122,8 +122,8 @@ static const int ciphersuite_preference[] =
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CCM_8, TLS_DHE_PSK_WITH_AES_256_CCM_8,
TLS_DHE_PSK_WITH_AES_128_CCM,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS_DHE_PSK_WITH_AES_128_CCM,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
@ -137,8 +137,8 @@ static const int ciphersuite_preference[] =
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
/* All AES-256 suites */ /* All AES-256 suites */
TLS_RSA_WITH_AES_256_CCM,
TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CCM,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
@ -159,8 +159,8 @@ static const int ciphersuite_preference[] =
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
/* All AES-128 suites */ /* All AES-128 suites */
TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
@ -201,16 +201,16 @@ static const int ciphersuite_preference[] =
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
/* The PSK suites */ /* The PSK suites */
TLS_PSK_WITH_AES_256_CCM,
TLS_PSK_WITH_AES_256_GCM_SHA384, TLS_PSK_WITH_AES_256_GCM_SHA384,
TLS_PSK_WITH_AES_256_CCM,
TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CCM_8, TLS_PSK_WITH_AES_256_CCM_8,
TLS_PSK_WITH_AES_128_CCM,
TLS_PSK_WITH_AES_128_GCM_SHA256, TLS_PSK_WITH_AES_128_GCM_SHA256,
TLS_PSK_WITH_AES_128_CCM,
TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_CBC_SHA256,
TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,