#include "ext/session_ticket.h"
/**
- * gnutls_transport_set_ktls:
+ * gnutls_transport_is_ktls_enabled:
* @session: is a #gnutls_session_t type.
- * @sockin: is a socket descriptor.
- * @sockout: is a socket descriptor.
*
- * Enables Kernel TLS for the @session
- * Requieres `tls` kernel module and
- * gnutls configuration with `--enable-ktls`
+ * Checks if KTLS is now enabled and was properly inicialized.
*
- * Returns: 0 on success error otherwise
+ * Returns: 1 for enabled, 0 otherwise
*
* Since: 3.7.2
**/
-int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout)
+int gnutls_transport_is_ktls_enabled(gnutls_session_t session){
+ if (unlikely(!session->internals.initial_negotiation_completed))
+ return gnutls_assert_val(GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE);
+
+ return session->internals.ktls_enabled;
+}
+
+int _gnutls_ktls_enable(gnutls_session_t session)
{
- if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ int sockin, sockout;
+ session->internals.ktls_enabled = 0;
+ gnutls_transport_get_int2(session, &sockin, &sockout);
- session->internals.recv_fd = sockin;
- session->internals.send_fd = sockin;
+ if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0)
+ session->internals.ktls_enabled |= KTLS_RECV;
- if (sockin != sockout){
- if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- session->internals.send_fd = sockout;
- }
+ if (sockin != sockout) {
+ if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0)
+ session->internals.ktls_enabled |= KTLS_SEND;
+ } else
+ session->internals.ktls_enabled |= KTLS_SEND;
- session->internals.ktls_enabled = 1;
return 0;
}
gnutls_datum_t iv;
gnutls_datum_t cipher_key;
unsigned char seq_number[8];
+ int sockin, sockout;
int ret;
- session->internals.ktls_enabled = 0;
+ gnutls_transport_get_int2(session, &sockin, &sockout);
/* check whether or not cipher suite supports ktls
*/
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
- version = (version == GNUTLS_TLS1_2) ? TLS_1_2_VERSION : TLS_1_3_VERSION;
-
ret = gnutls_record_get_state(session, 1, &mac_key, &iv, &cipher_key,
seq_number);
if (ret < 0) {
return ret;
}
- switch (cipher) {
- case GNUTLS_CIPHER_AES_128_GCM:
- {
- struct tls12_crypto_info_aes_gcm_128 crypto_info;
-
- crypto_info.info.version = version;
- crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
-
- assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE);
-
- /* for TLS 1.2 IV is generated in kernel */
- if (version == TLS_1_2_VERSION) {
- assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE);
- } else {
- assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE
- + TLS_CIPHER_AES_GCM_128_IV_SIZE);
-
- memcpy(crypto_info.iv, iv.data +
- TLS_CIPHER_AES_GCM_128_SALT_SIZE,
- TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ if(session->internals.ktls_enabled & KTLS_RECV){
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_128 crypto_info;
+ memset(&crypto_info, 0, sizeof(crypto_info));
+
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
+ assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == GNUTLS_TLS1_2) {
+ crypto_info.info.version = TLS_1_2_VERSION;
+ memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ } else {
+ crypto_info.info.version = TLS_1_3_VERSION;
+ assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE
+ + TLS_CIPHER_AES_GCM_128_IV_SIZE);
+
+ memcpy(crypto_info.iv, iv.data +
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ }
+
+ memcpy(crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE);
+ memcpy(crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+ memcpy(crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ if (setsockopt (sockin, SOL_TLS, TLS_RX,
+ &crypto_info, sizeof (crypto_info))) {
+ session->internals.ktls_enabled ^= KTLS_RECV;
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
-
- memcpy(crypto_info.salt, iv.data,
- TLS_CIPHER_AES_GCM_128_SALT_SIZE);
- memcpy(crypto_info.rec_seq, seq_number,
- TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
- memcpy(crypto_info.key, cipher_key.data,
- TLS_CIPHER_AES_GCM_128_KEY_SIZE);
-
- if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX,
- &crypto_info, sizeof (crypto_info))) {
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
- }
- break;
- case GNUTLS_CIPHER_AES_256_GCM:
- {
- struct tls12_crypto_info_aes_gcm_256 crypto_info;
-
- crypto_info.info.version = version;
- crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256;
-
- assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE);
-
- /* for TLS 1.2 IV is generated in kernel */
- if (version == TLS_1_2_VERSION) {
- assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE);
- } else {
- assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE
- + TLS_CIPHER_AES_GCM_256_IV_SIZE);
-
- memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
- TLS_CIPHER_AES_GCM_256_IV_SIZE);
- }
-
- memcpy(crypto_info.salt, iv.data,
- TLS_CIPHER_AES_GCM_256_SALT_SIZE);
- memcpy(crypto_info.rec_seq, seq_number,
- TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
- memcpy(crypto_info.key, cipher_key.data,
- TLS_CIPHER_AES_GCM_256_KEY_SIZE);
-
- if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX,
- &crypto_info, sizeof(crypto_info))) {
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ break;
+ case GNUTLS_CIPHER_AES_256_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_256 crypto_info;
+ memset(&crypto_info, 0, sizeof(crypto_info));
+
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256;
+ assert (cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == GNUTLS_TLS1_2) {
+ crypto_info.info.version = TLS_1_2_VERSION;
+ memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ } else {
+ crypto_info.info.version = TLS_1_3_VERSION;
+ assert (iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE
+ + TLS_CIPHER_AES_GCM_256_IV_SIZE);
+
+ memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ }
+
+ memcpy (crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_256_SALT_SIZE);
+ memcpy (crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+ memcpy (crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ if (setsockopt (sockin, SOL_TLS, TLS_RX,
+ &crypto_info, sizeof (crypto_info))) {
+ session->internals.ktls_enabled ^= KTLS_RECV;
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
+ break;
+ default:
+ assert(0);
}
- break;
- default:
- assert(0);
}
- ret = gnutls_record_get_state(session, 0, &mac_key, &iv, &cipher_key,
+ ret = gnutls_record_get_state (session, 0, &mac_key, &iv, &cipher_key,
seq_number);
if (ret < 0) {
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
}
- switch (cipher) {
- case GNUTLS_CIPHER_AES_128_GCM:
- {
- struct tls12_crypto_info_aes_gcm_128 crypto_info;
+ if(session->internals.ktls_enabled & KTLS_SEND){
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_128 crypto_info;
+ memset(&crypto_info, 0, sizeof(crypto_info));
- crypto_info.info.version = version;
- crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
- assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+ assert (cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE);
- /* for TLS 1.2 IV is generated in kernel */
- if (version == TLS_1_2_VERSION) {
- assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE);
- } else {
- assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE
- + TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == GNUTLS_TLS1_2) {
+ crypto_info.info.version = TLS_1_2_VERSION;
+ memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ } else {
+ crypto_info.info.version = TLS_1_3_VERSION;
+ assert (iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE
+ + TLS_CIPHER_AES_GCM_128_IV_SIZE);
- memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
- TLS_CIPHER_AES_GCM_128_IV_SIZE);
- }
-
- memcpy(crypto_info.salt, iv.data,
- TLS_CIPHER_AES_GCM_128_SALT_SIZE);
- memcpy(crypto_info.rec_seq, seq_number,
- TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
- memcpy(crypto_info.key, cipher_key.data,
- TLS_CIPHER_AES_GCM_128_KEY_SIZE);
-
- if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX,
- &crypto_info, sizeof(crypto_info))) {
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
- }
- break;
- case GNUTLS_CIPHER_AES_256_GCM:
- {
- struct tls12_crypto_info_aes_gcm_256 crypto_info;
-
- crypto_info.info.version = version;
- crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256;
- assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE);
-
- /* for TLS 1.2 IV is generated in kernel */
- if (version == TLS_1_2_VERSION) {
- assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE);
- } else {
- assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE +
- TLS_CIPHER_AES_GCM_256_IV_SIZE);
-
- memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
- TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ memcpy (crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ }
+
+ memcpy (crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE);
+ memcpy (crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+ memcpy (crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ if (setsockopt (sockout, SOL_TLS, TLS_TX,
+ &crypto_info, sizeof (crypto_info))) {
+ session->internals.ktls_enabled ^= KTLS_SEND;
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
-
- memcpy(crypto_info.salt, iv.data,
- TLS_CIPHER_AES_GCM_256_SALT_SIZE);
- memcpy(crypto_info.rec_seq, seq_number,
- TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
- memcpy(crypto_info.key, cipher_key.data,
- TLS_CIPHER_AES_GCM_256_KEY_SIZE);
-
- if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX,
- &crypto_info, sizeof(crypto_info))) {
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ break;
+ case GNUTLS_CIPHER_AES_256_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_256 crypto_info;
+ memset(&crypto_info, 0, sizeof(crypto_info));
+
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256;
+ assert (cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == GNUTLS_TLS1_2) {
+ crypto_info.info.version = TLS_1_2_VERSION;
+ memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ } else {
+ crypto_info.info.version = TLS_1_3_VERSION;
+ assert (iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE +
+ TLS_CIPHER_AES_GCM_256_IV_SIZE);
+
+ memcpy (crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ }
+
+ memcpy (crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_256_SALT_SIZE);
+ memcpy (crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+ memcpy (crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ if (setsockopt (sockout, SOL_TLS, TLS_TX,
+ &crypto_info, sizeof (crypto_info))) {
+ session->internals.ktls_enabled ^= KTLS_SEND;
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
+ break;
+ default:
+ assert(0);
}
- break;
- default:
- assert(0);
-
}
- session->internals.ktls_enabled = 1;
return 0;
}
{
const char *buf = data;
ssize_t ret;
+ int sockin, sockout;
- assert(session != NULL);
+ assert (session != NULL);
+
+ gnutls_transport_get_int2(session, &sockin, &sockout);
while (data_size > 0) {
char cmsg[CMSG_SPACE(sizeof (unsigned char))];
msg.msg_iov = &msg_iov;
msg.msg_iovlen = 1;
- ret = sendmsg(session->internals.send_fd, &msg, MSG_DONTWAIT);
+ ret = sendmsg(sockout, &msg, MSG_DONTWAIT);
if (ret == -1) {
switch (errno) {
}
int _gnutls_ktls_recv_control_msg(gnutls_session_t session,
- unsigned char *record_type, void *data, size_t data_size)
+ unsigned char *record_type, void *data, size_t data_size)
{
char *buf = data;
ssize_t ret;
+ int sockin, sockout;
char cmsg[CMSG_SPACE(sizeof (unsigned char))];
struct msghdr msg = { 0 };
struct iovec msg_iov;
struct cmsghdr *hdr;
- assert(session != NULL);
+ assert (session != NULL);
+
+ gnutls_transport_get_int2(session, &sockin, &sockout);
if (session->internals.read_eof != 0) {
return 0;
msg.msg_iov = &msg_iov;
msg.msg_iovlen = 1;
- ret = recvmsg(session->internals.recv_fd, &msg, MSG_DONTWAIT);
+ ret = recvmsg(sockin, &msg, MSG_DONTWAIT);
if (ret == -1){
switch(errno){
}
#else //ENABLE_KTLS
+int gnutls_transport_is_ktls_enabled(gnutls_session_t session){
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
-int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout){
+int _gnutls_ktls_enable(gnutls_session_t session){
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
}
#define MAX_BUF 1024
-#define MSG "Hello world!"
+#define MSG "Hello world!\0"
static void client(int fd, const char *prio)
gnutls_certificate_allocate_credentials(&x509_cred);
gnutls_init(&session, GNUTLS_CLIENT);
- gnutls_handshake_set_timeout(session, get_timeout());
+ gnutls_handshake_set_timeout(session, 0);
+
assert(gnutls_priority_set_direct(session, prio, NULL) >= 0);
+
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
gnutls_transport_set_int(session, fd);
- if (ret < 0)
- fail("client: error in enabling KTLS: %s\n", gnutls_strerror(ret));
do {
ret = gnutls_handshake(session);
if (ret < 0) {
fail("client: Handshake failed\n");
- close(fd);
- gnutls_deinit(session);
- exit(1);
+ goto end;
}
if (debug)
success("client: Handshake was completed\n");
+ ret = gnutls_transport_is_ktls_enabled(session);
+ if (ret != 3){
+ fail("client: KTLS was not properly inicialized\n");
+ goto end;
+ }
+
/* server send message via gnutls_record_send */
- int i = 0;
do{
- memset(buffer, 0, MAX_BUF + 1);
- do{
- ret = gnutls_record_recv(session, buffer, sizeof(buffer));
- }
- while(ret == GNUTLS_E_AGAIN);
-
- if(strncmp(buffer, MSG+i*MAX_BUF, MAX_BUF))
- fail("client: Message doesn't match\n");
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (debug)
- success ("client: messages received\n");
+ ret = gnutls_record_recv(session, buffer, sizeof(buffer));
+ }
+ while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
if (ret == 0) {
success
goto end;
} else if (ret < 0) {
fail("client: Error: %s\n", gnutls_strerror(ret));
- exit(1);
+ goto end;
+ }
+
+ if(strncmp(buffer, MSG, ret)){
+ fail("client: Message doesn't match\n");
+ goto end;
}
+ if (debug)
+ success ("client: messages received\n");
+
+
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
if (ret < 0) {
fail("client: error in closing session: %s\n", gnutls_strerror(ret));
}
+
+ ret = 0;
end:
close(fd);
gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
+
+ if (ret != 0)
+ exit(1);
}
pid_t child;
static void terminate(void)
{
+ assert(child);
kill(child, SIGTERM);
exit(1);
}
exit(1);
gnutls_init(&session, GNUTLS_SERVER);
- gnutls_handshake_set_timeout(session, get_timeout());
+ gnutls_handshake_set_timeout(session, 0);
assert(gnutls_priority_set_direct(session, prio, NULL)>=0);
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
- close(fd);
- gnutls_deinit(session);
fail("server: Handshake has failed (%s)\n\n",
gnutls_strerror(ret));
- terminate();
+ goto end;
}
if (debug)
success("server: Handshake was completed\n");
+ ret = gnutls_transport_is_ktls_enabled(session);
+ if (ret != 3){
+ fail("server: KTLS was not properly inicialized\n");
+ goto end;
+ }
do {
- ret = gnutls_record_send(session, MSG, strlen(MSG));
+ ret = gnutls_record_send(session, MSG, strlen(MSG)+1);
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0) {
- close(fd);
- gnutls_deinit(session);
- gnutls_certificate_free_credentials(x509_cred);
- gnutls_global_deinit();
fail("server: data sending has failed (%s)\n\n",
gnutls_strerror(ret));
- terminate();
+ goto end;
}
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
if (ret < 0) {
fail("server: error in closing session: %s\n", gnutls_strerror(ret));
+ ret = 0;
+end:
close(fd);
gnutls_deinit(session);
gnutls_global_deinit();
+ if (ret){
+ terminate();
+ }
+
if (debug)
success("server: finished\n");
}
}
+static void ch_handler(int sig)
+{
+ return;
+}
+
static void run(const char *prio)
{
int ret;
success("running ktls test with %s\n", prio);
- signal(SIGCHLD, SIG_IGN);
+ signal(SIGCHLD, ch_handler);
signal(SIGPIPE, SIG_IGN);
listener = socket(AF_INET, SOCK_STREAM, 0);
}
if (child) {
+ int status;
/* parent */
ret = listen(listener, 1);
if (ret == -1) {
fail("error in accept(): %s\n", strerror(errno));
}
server(fd, prio);
- kill(child, SIGTERM);
+
+ wait(&status);
+ check_wait_status(status);
} else {
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1){
void doit(void)
{
- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:+AES-128-GCM");
- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:+AES-256-GCM");
- run("NORMAL:-VERS-ALL:+VERS-TLS1.3:+AES-128-GCM");
- run("NORMAL:-VERS-ALL:+VERS-TLS1.3:+AES-256-GCM");
+ run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
+ run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
+ run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
+ run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
}
#endif /* _WIN32 */
projects / thirdparty / gnutls.git / commitdiff
