Skip to content

Commit

Permalink
Merge pull request drwetter#2592 from dcooper16/integrity_only_cipher…
Browse files Browse the repository at this point in the history
…suites

Support RFC 9150 cipher suites
  • Loading branch information
drwetter authored Oct 28, 2024
2 parents 192505d + e17b1c1 commit 245ad2a
Show file tree
Hide file tree
Showing 5 changed files with 158 additions and 56 deletions.
2 changes: 2 additions & 0 deletions etc/cipher-mapping.txt
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,8 @@
0x02,0x00,0x80 - EXP-RC4-MD5 SSL_CK_RC4_128_EXPORT40_WITH_MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
0x00,0x28 - EXP-KRB5-RC4-SHA TLS_KRB5_EXPORT_WITH_RC4_40_SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=SHA1 export
0x00,0x2B - EXP-KRB5-RC4-MD5 TLS_KRB5_EXPORT_WITH_RC4_40_MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=MD5 export
0xC0,0xB4 - TLS_SHA256_SHA256 TLS_SHA256_SHA256 TLSv1.3 Kx=any Au=any Enc=None Mac=SHA256
0xC0,0xB5 - TLS_SHA384_SHA384 TLS_SHA384_SHA384 TLSv1.3 Kx=any Au=any Enc=None Mac=SHA384
0xC0,0x10 - ECDHE-RSA-NULL-SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
0xC0,0x06 - ECDHE-ECDSA-NULL-SHA TLS_ECDHE_ECDSA_WITH_NULL_SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
0xC0,0x15 - AECDH-NULL-SHA TLS_ECDH_anon_WITH_NULL_SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
Expand Down
4 changes: 2 additions & 2 deletions etc/tls_data.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
# see #807 and #806 (especially
# https://github.com/drwetter/testssl.sh/issues/806#issuecomment-318686374)

# All 5 ciphers defined for TLS 1.3
# 7 ciphers defined for TLS 1.3 in RFCs 8446 and 9150
readonly TLS13_CIPHER="
13,01, 13,02, 13,03, 13,04, 13,05"
13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5"

# 123 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN
declare TLS12_CIPHER="
Expand Down
4 changes: 4 additions & 0 deletions openssl-iana.mapping.html
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,10 @@
<tr><td> [0xc0ae]</td><td> ECDHE-ECDSA-AES128-CCM8 </td><td> ECDH </td><td> AESCCM </td><td> 128 </td><td> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 </td></tr>
<tr><td> [0xc0af]</td><td> ECDHE-ECDSA-AES256-CCM8 </td><td> ECDH </td><td> AESCCM </td><td> 256 </td><td> TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 </td></tr>

<!-- RFC 9150 -->
<tr><td> [0xc0b4]</td><td> TLS_SHA256_SHA256 </td><td> ECDH </td><td> Null </td><td> 0 </td><td> TLS_SHA256_SHA256</td></tr>
<tr><td> [0xc0b5]</td><td> TLS_SHA384_SHA384 </td><td> ECDH </td><td> Null </td><td> 0 </td><td> TLS_SHA384_SHA384</td></tr>

<!-- OLD CHACHA POLY CIPHERS, per agreement with Peter Mosmans we use the names like SSLlabs -->
<tr><td> [0xcc13]</td><td> ECDHE-RSA-CHACHA20-POLY1305-OLD </td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD</td></tr>
<tr><td> [0xcc14]</td><td> ECDHE-ECDSA-CHACHA20-POLY1305-OLD</td><td> ECDH </td><td> ChaCha20-Poly1305</td><td> </td><td> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD</td></tr>
Expand Down
Loading

0 comments on commit 245ad2a

Please sign in to comment.