Add AES-128/CCM and AES-256/CCM ciphersuites to BSI TLS policy

BSI TR-02102-1 version 2019-01 added CCM ciphersuites as recommended, so we add them to the BSI TLS policy.
author: René Korthaus <[email protected]> 2019-11-14 09:45:57 +0100
committer: René Korthaus <[email protected]> 2019-11-14 10:17:33 +0100
commit: 9b01decb7f30a474cd6329811edcad54c2983a09 (patch)
tree: 73f802965d2f820879a675cbe1b68f24e970eb1c /src
parent: ba77c332de3d2b8e6a0fa11b5d725a8db5514e55 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index de3153496..3d9d02913 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -420,7 +420,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy
    public:
       std::vector<std::string> allowed_ciphers() const override
          {
-         return std::vector<std::string>({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128" });
+         return std::vector<std::string>({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128", "AES-256/CCM", "AES-128/CCM"});
          }
 
       std::vector<std::string> allowed_signature_hashes() const override
diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
index f69e03376..af7b37d94 100644
--- a/src/tests/data/tls-policy/bsi.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -4,7 +4,7 @@ allow_tls12 = true
 allow_dtls10 = false
 allow_dtls12 = false
 
-ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128
+ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM
 signature_hashes = SHA-384 SHA-256
 macs = AEAD SHA-384 SHA-256
 key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK
author	René Korthaus <[email protected]>	2019-11-14 09:45:57 +0100
committer	René Korthaus <[email protected]>	2019-11-14 10:17:33 +0100
commit	9b01decb7f30a474cd6329811edcad54c2983a09 (patch)
tree	73f802965d2f820879a675cbe1b68f24e970eb1c /src
parent	ba77c332de3d2b8e6a0fa11b5d725a8db5514e55 (diff)