diff options
author | Matt Caswell <matt@openssl.org> | 2018-03-14 10:43:53 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-03-14 10:43:53 +0000 |
commit | fa25763b5528b56b448d64bfbaeac54905b0c80d (patch) | |
tree | 8bc3b3578eb1883b81a46c00b160b71d6c937861 | |
parent | 74826901379bf190a9c3b3ceaaca0493454e3536 (diff) | |
download | openssl-fa25763b5528b56b448d64bfbaeac54905b0c80d.zip openssl-fa25763b5528b56b448d64bfbaeac54905b0c80d.tar.gz openssl-fa25763b5528b56b448d64bfbaeac54905b0c80d.tar.bz2 |
Put the default set of TLSv1.3 ciphersuites in a header file
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
-rw-r--r-- | include/openssl/ssl.h | 5 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f2b5f36..0679ada 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -169,8 +169,13 @@ extern "C" { /* * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. */ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a4e7374..d5c5918 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3019,10 +3019,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) goto err; #endif - if (!SSL_CTX_set_ciphersuites(ret, - "TLS_AES_256_GCM_SHA384:" - "TLS_CHACHA20_POLY1305_SHA256:" - "TLS_AES_128_GCM_SHA256")) + if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES)) goto err; if (!ssl_create_cipher_list(ret->method, |