diff options
author | Michael Brown <mcb30@ipxe.org> | 2024-01-30 17:42:16 +0000 |
---|---|---|
committer | Michael Brown <mcb30@ipxe.org> | 2024-01-31 12:34:20 +0000 |
commit | 963ec1c4f379a49cf37d01472a770fff8e47470c (patch) | |
tree | 0b0db3e42be95a49deac9d4361a94fdb671d6527 /src/config | |
parent | 8f6a9399b3dc5af227cbd6185eff077b6e9d0e37 (diff) | |
download | ipxe-963ec1c4f379a49cf37d01472a770fff8e47470c.zip ipxe-963ec1c4f379a49cf37d01472a770fff8e47470c.tar.gz ipxe-963ec1c4f379a49cf37d01472a770fff8e47470c.tar.bz2 |
[tls] Add ECDHE cipher suites
Add ECDHE variants of the existing cipher suites, and lower the
priority of the non-ECDHE variants.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/config_crypto.c | 30 | ||||
-rw-r--r-- | src/config/crypto.h | 3 |
2 files changed, 33 insertions, 0 deletions
diff --git a/src/config/config_crypto.c b/src/config/config_crypto.c index efcd5af..5211224 100644 --- a/src/config/config_crypto.c +++ b/src/config/config_crypto.c @@ -165,3 +165,33 @@ REQUIRE_OBJECT ( dhe_rsa_aes_gcm_sha256 ); defined ( CRYPTO_CIPHER_AES_GCM ) && defined ( CRYPTO_DIGEST_SHA384 ) REQUIRE_OBJECT ( dhe_rsa_aes_gcm_sha384 ); #endif + +/* ECDHE, RSA, AES-CBC, and SHA-1 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_RSA ) && \ + defined ( CRYPTO_CIPHER_AES_CBC ) && defined ( CRYPTO_DIGEST_SHA1 ) +REQUIRE_OBJECT ( ecdhe_rsa_aes_cbc_sha1 ); +#endif + +/* ECDHE, RSA, AES-CBC, and SHA-256 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_RSA ) && \ + defined ( CRYPTO_CIPHER_AES_CBC ) && defined ( CRYPTO_DIGEST_SHA256 ) +REQUIRE_OBJECT ( ecdhe_rsa_aes_cbc_sha256 ); +#endif + +/* ECDHE, RSA, AES-CBC, and SHA-384 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_RSA ) && \ + defined ( CRYPTO_CIPHER_AES_CBC ) && defined ( CRYPTO_DIGEST_SHA384 ) +REQUIRE_OBJECT ( ecdhe_rsa_aes_cbc_sha384 ); +#endif + +/* ECDHE, RSA, AES-GCM, and SHA-256 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_RSA ) && \ + defined ( CRYPTO_CIPHER_AES_GCM ) && defined ( CRYPTO_DIGEST_SHA256 ) +REQUIRE_OBJECT ( ecdhe_rsa_aes_gcm_sha256 ); +#endif + +/* ECDHE, RSA, AES-GCM, and SHA-384 */ +#if defined ( CRYPTO_EXCHANGE_ECDHE ) && defined ( CRYPTO_PUBKEY_RSA ) && \ + defined ( CRYPTO_CIPHER_AES_GCM ) && defined ( CRYPTO_DIGEST_SHA384 ) +REQUIRE_OBJECT ( ecdhe_rsa_aes_gcm_sha384 ); +#endif diff --git a/src/config/crypto.h b/src/config/crypto.h index ccf22df..589c4f0 100644 --- a/src/config/crypto.h +++ b/src/config/crypto.h @@ -18,6 +18,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** DHE key exchange algorithm */ #define CRYPTO_EXCHANGE_DHE +/** ECDHE key exchange algorithm */ +#define CRYPTO_EXCHANGE_ECDHE + /** RSA public-key algorithm */ #define CRYPTO_PUBKEY_RSA |