git.ipfire.org Git - thirdparty/tor.git/commit

author	ValdikSS <iam@valdikss.org.ru>
	Thu, 26 Jun 2025 14:24:28 +0000 (10:24 -0400)
committer	David Goulet <dgoulet@torproject.org>
	Thu, 26 Jun 2025 16:13:01 +0000 (12:13 -0400)
commit	e6890ae73ceb1e8f38a60a774636d131a18bc00e
tree	fe78eb943b9a16acc866a60c83ceb5c866fe0f3b	tree
parent	a7f035f7f85b1314b63fbe05a4165b4d517c75f2	commit \| diff

tls: Set TLSv1.3 ciphers to preserve ciphersuites order

This commit fixes two issues:

1. ciphers.inc has TLSv1.3 ciphers prefixed with "TXT", while current version
   has "RFC". TLS1_3_RFC_AES_128_GCM_SHA256 should be instead of
   TLS1_3_TXT_AES_128_GCM_SHA256, in both define and CIPHER() macro.

2. Tor calls only SSL_set_cipher_list() in tlstls_openssl.c, this sets only
   TLSv1.2 ciphers, while TLSv1.3 ciphers stay in default state. TLSv1.3
   ciphersuites are set with SSL_set_ciphersuites(), but the list require to
   contain only TLSv1.3 suites (no v1.2).

Contrary to SSL_set_cipher_list(), TLSv1.3 SSL_set_ciphersuites() does NOT
accept finalizing :, so it should be stripped out.

Signed-off-by: David Goulet <dgoulet@torproject.org>

changes/tls13-cipher	[new file with mode: 0644]	blob
configure.ac		diff \| blob \| blame \| history
src/lib/tls/ciphers_v13.inc	[new file with mode: 0644]	blob
src/lib/tls/include.am		diff \| blob \| blame \| history
src/lib/tls/tortls_openssl.c		diff \| blob \| blame \| history