From: Stefan Bühler Date: Sun, 18 Aug 2013 19:47:16 +0000 (+0200) Subject: add some RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges X-Git-Tag: gnutls_3_2_4~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16433446ccdc7b7f70d541639a95abfd5cc0fa99;p=thirdparty%2Fgnutls.git add some RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges --- diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index d0a6597754..99edc49e87 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -178,18 +178,21 @@ typedef struct #define GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1 { 0xC0, 0x17 } #define GNUTLS_ECDH_ANON_AES_128_CBC_SHA1 { 0xC0, 0x18 } #define GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 { 0xC0, 0x19 } +#define GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1 { 0xC0, 0x16 } /* ECC-RSA */ #define GNUTLS_ECDHE_RSA_NULL_SHA1 { 0xC0, 0x10 } #define GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x12 } #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 { 0xC0, 0x13 } #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 { 0xC0, 0x14 } +#define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 } /* ECC-ECDSA */ #define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 } #define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 } #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 } #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A } +#define GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1 { 0xC0, 0x07 } /* ECC with SHA2 */ #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 {0xC0,0x23} @@ -211,6 +214,7 @@ typedef struct #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1 { 0xC0, 0x36 } #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256 { 0xC0, 0x37 } #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 { 0xC0, 0x38 } +#define GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1 { 0xC0, 0x33 } #define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A } #define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B } @@ -411,6 +415,10 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), + ENTRY (GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), /* ECDHE-ECDSA */ ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, @@ -428,6 +436,10 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), + ENTRY (GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), /* More ECC */ ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, @@ -516,6 +528,10 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), + ENTRY (GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, @@ -687,6 +703,10 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), + ENTRY (GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), #endif #ifdef ENABLE_SRP /* SRP */ diff --git a/tests/priorities.c b/tests/priorities.c index cdf69baf40..1b3068b2df 100644 --- a/tests/priorities.c +++ b/tests/priorities.c @@ -94,7 +94,7 @@ for (i=0;i