aboutsummaryrefslogtreecommitdiffstats
path: root/src/scripts
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-16 12:05:34 -0500
committerJack Lloyd <[email protected]>2016-11-17 13:56:25 -0500
commit74cf1686b727d9b41781df66f3f74d63b9c5cfe2 (patch)
treec5127473f7676763202cf79837bd4328c903a21d /src/scripts
parent97df0c27b878d77799353ccc9eda9705b1ec1fa4 (diff)
Add CECPQ1 TLS ciphersuites
Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
Diffstat (limited to 'src/scripts')
-rwxr-xr-xsrc/scripts/tls_suite_info.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py
index 1d059b3f9..955859d9f 100755
--- a/src/scripts/tls_suite_info.py
+++ b/src/scripts/tls_suite_info.py
@@ -87,6 +87,7 @@ def to_ciphersuite_info(code, name):
'DHE_PSK': 'DHE_PSK',
'PSK_DHE': 'DHE_PSK',
'ECDHE_PSK': 'ECDHE_PSK',
+ 'CECPQ1': 'CECPQ1',
}
mac_keylen = {
@@ -236,6 +237,12 @@ def main(args = None):
define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14')
define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15')
+ # CECPQ1
+ define_custom_ciphersuite('CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256', '16B7')
+ define_custom_ciphersuite('CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256', '16B8')
+ define_custom_ciphersuite('CECPQ1_RSA_WITH_AES_256_GCM_SHA384', '16B9')
+ define_custom_ciphersuite('CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384', '16BA')
+
# Expermental things
if options.with_ocb:
define_custom_ciphersuite('DHE_RSA_WITH_AES_128_OCB_SHA256', 'FFC0')