diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index 5e1e28dff..9bd29c97a 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -78,6 +78,11 @@ extern "C" { #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 +#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 +#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 +#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 + typedef enum { POLARSSL_KEY_EXCHANGE_NONE = 0, POLARSSL_KEY_EXCHANGE_RSA, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index b9b041a61..a65d3ad3d 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -39,13 +39,17 @@ */ static const int ciphersuite_preference[] = { + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, @@ -94,7 +98,35 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, -#endif +#if defined(POLARSSL_SHA2_C) + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#if defined(POLARSSL_GCM_C) + { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_GCM_C */ +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_SHA4_C) + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#if defined(POLARSSL_GCM_C) + { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_GCM_C */ +#endif /* POLARSSL_SHA4_C */ +#endif /* POLARSSL_AES_C */ #if defined(POLARSSL_DES_C) { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, diff --git a/tests/compat.sh b/tests/compat.sh index 6a3c70a55..63ea65dde 100644 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -78,6 +78,8 @@ then TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-256-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ " O_CIPHERS="$O_CIPHERS \ @@ -86,6 +88,8 @@ then DHE-RSA-AES128-SHA256 \ AES256-SHA256 \ DHE-RSA-AES256-SHA256 \ + ECDHE-RSA-AES128-SHA256 \ + ECDHE-RSA-AES256-SHA384 \ " P_CIPHERS="$P_CIPHERS \ @@ -93,6 +97,8 @@ then TLS-RSA-WITH-AES-256-GCM-SHA384 \ TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ " O_CIPHERS="$O_CIPHERS \ @@ -100,6 +106,8 @@ then DHE-RSA-AES128-GCM-SHA256 \ AES256-GCM-SHA384 \ DHE-RSA-AES256-GCM-SHA384 \ + ECDHE-RSA-AES128-GCM-SHA256 \ + ECDHE-RSA-AES256-GCM-SHA384 \ " fi